Retrospring/app/controllers/user_controller.rb

class UserController < ApplicationController
  before_action :authenticate_user!, only: %w(edit update edit_privacy update_privacy data export begin_export edit_security update_2fa destroy_2fa reset_user_recovery_codes edit_mute)

  def show
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!
    @answers = @user.cursored_answers(last_id: params[:last_id])
    @answers_last_id = @answers.map(&:id).min
    @more_data_available = !@user.cursored_answers(last_id: @answers_last_id, size: 1).count.zero?

    if user_signed_in?
      notif = Notification.where(target_type: "Relationship", target_id: @user.active_follow_relationships.where(target_id: current_user.id).pluck(:id), recipient_id: current_user.id, new: true).first
      unless notif.nil?
        notif.new = false
        notif.save
      end
    end

    respond_to do |format|
      format.html
      format.js { render layout: false }
    end
  end

  # region Account settings
  def edit
  end

  def update
    user_attributes = params.require(:user).permit(:show_foreign_themes, :profile_picture_x, :profile_picture_y, :profile_picture_w, :profile_picture_h,
                                                   :profile_header_x, :profile_header_y, :profile_header_w, :profile_header_h, :profile_picture, :profile_header)
    if current_user.update(user_attributes)
      text = t(".success")
      text += t(".notice.profile_picture") if user_attributes[:profile_picture]
      text += t(".notice.profile_header") if user_attributes[:profile_header]
      flash[:success] = text
    else
      flash[:error] = t(".error")
    end
    redirect_to edit_user_profile_path
  end

  def update_profile
    profile_attributes = params.require(:profile).permit(:display_name, :motivation_header, :website, :location, :description, :anon_display_name)

    if current_user.profile.update(profile_attributes)
      flash[:success] = t(".success")
    else
      flash[:error] = t(".error")
    end
    redirect_to edit_user_profile_path
  end
  # endregion

  # region Privacy settings
  def edit_privacy
  end

  def update_privacy
    user_attributes = params.require(:user).permit(:privacy_allow_anonymous_questions,
                                                   :privacy_allow_public_timeline,
                                                   :privacy_allow_stranger_answers,
                                                   :privacy_show_in_search)
    if current_user.update(user_attributes)
      flash[:success] = t(".success")
    else
      flash[:error] = t(".error")
    end
    redirect_to edit_user_privacy_path
  end
  # endregion

  def followers
    @title = 'Followers'
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!
    @relationships = @user.cursored_follower_relationships(last_id: params[:last_id])
    @relationships_last_id = @relationships.map(&:id).min
    @more_data_available = !@user.cursored_follower_relationships(last_id: @relationships_last_id, size: 1).count.zero?
    @users = @relationships.map(&:source)
    @type = :friend

    respond_to do |format|
      format.html { render "show_follow" }
      format.js { render "show_follow", layout: false }
    end
  end

  # rubocop:disable Metrics/AbcSize
  def followings
    @title = 'Following'
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!
    @relationships = @user.cursored_following_relationships(last_id: params[:last_id])
    @relationships_last_id = @relationships.map(&:id).min
    @more_data_available = !@user.cursored_following_relationships(last_id: @relationships_last_id, size: 1).count.zero?
    @users = @relationships.map(&:target)
    @type = :friend

    respond_to do |format|
      format.html { render "show_follow" }
      format.js { render "show_follow", layout: false }
    end
  end
  # rubocop:enable Metrics/AbcSize

  def questions
    @title = 'Questions'
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!
    @questions = @user.cursored_questions(author_is_anonymous: false, last_id: params[:last_id])
    @questions_last_id = @questions.map(&:id).min
    @more_data_available = !@user.cursored_questions(author_is_anonymous: false, last_id: @questions_last_id, size: 1).count.zero?

    respond_to do |format|
      format.html
      format.js { render layout: false }
    end
  end

  def data
  end

  def export
    if current_user.export_processing
      flash[:info] = t(".info")
    end
  end

  def begin_export
    if current_user.can_export?
      ExportWorker.perform_async(current_user.id)
      flash[:success] = t(".success")
    else
      flash[:error] = t(".error")
    end

    redirect_to user_export_path
  end

  def edit_security
    if current_user.otp_module_disabled?
      current_user.otp_secret_key = User.otp_random_secret(25)
      current_user.save

      qr_code = RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring"))

      @qr_svg = qr_code.as_svg({ offset: 4, module_size: 4, color: "000;fill:var(--primary)" }).html_safe
    else
      @recovery_code_count = current_user.totp_recovery_codes.count
    end
  end

  def update_2fa
    req_params = params.require(:user).permit(:otp_validation)
    current_user.otp_module = :enabled

    if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
      @recovery_keys = TotpRecoveryCode.generate_for(current_user)
      current_user.save!

      render "settings/security/recovery_keys"
    else
      flash[:error] = t(".error")
      redirect_to edit_user_security_path
    end
  end

  def destroy_2fa
    current_user.otp_module = :disabled
    current_user.save!
    current_user.totp_recovery_codes.delete_all
    flash[:success] = t(".success")
    redirect_to edit_user_security_path
  end

  def reset_user_recovery_codes
    current_user.totp_recovery_codes.delete_all
    @recovery_keys = TotpRecoveryCode.generate_for(current_user)
    render 'settings/security/recovery_keys'
  end

  # region Muting
  def edit_mute
    @rules = MuteRule.where(user: current_user)
  end
  # endregion

  def edit_blocks
    @blocks = Relationships::Block.where(source: current_user)
    @anonymous_blocks = AnonymousBlock.where(user: current_user)
  end
end
new users controller 2014-11-02 08:57:37 -08:00			`class UserController < ApplicationController`
Move theme actions from `UserController` to `Settings::ThemeController` 2022-06-25 17:58:22 -07:00			`before_action :authenticate_user!, only: %w(edit update edit_privacy update_privacy data export begin_export edit_security update_2fa destroy_2fa reset_user_recovery_codes edit_mute)`
uploading profile pictures works now 2014-12-29 02:21:43 -08:00
new users controller 2014-11-02 08:57:37 -08:00			`def show`
Eager load relationships for questions, answers and users 2021-12-30 13:15:59 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!`
Use cursored pagination, remove WillPaginate 2020-04-20 14:03:57 -07:00			`@answers = @user.cursored_answers(last_id: params[:last_id])`
			`@answers_last_id = @answers.map(&:id).min`
			`@more_data_available = !@user.cursored_answers(last_id: @answers_last_id, size: 1).count.zero?`
automatically mark notifications as read 2015-02-09 21:53:50 -08:00
			`if user_signed_in?`
Make relationships polymorphic 2021-12-31 13:19:21 -08:00			`notif = Notification.where(target_type: "Relationship", target_id: @user.active_follow_relationships.where(target_id: current_user.id).pluck(:id), recipient_id: current_user.id, new: true).first`
automatically mark notifications as read 2015-02-09 21:53:50 -08:00			`unless notif.nil?`
			`notif.new = false`
			`notif.save`
			`end`
			`end`

added pagination to User#show 2014-12-08 06:23:04 -08:00			`respond_to do \|format\|`
			`format.html`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00			`format.js { render layout: false }`
added pagination to User#show 2014-12-08 06:23:04 -08:00			`end`
new users controller 2014-11-02 08:57:37 -08:00			`end`

users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# region Account settings`
new users controller 2014-11-02 08:57:37 -08:00			`def edit`
hhh 2014-11-03 04:21:41 -08:00			`end`

			`def update`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00			`user_attributes = params.require(:user).permit(:show_foreign_themes, :profile_picture_x, :profile_picture_y, :profile_picture_w, :profile_picture_h,`
Implement cropping; make uploaders DRY 2020-05-02 09:45:11 -07:00			`:profile_header_x, :profile_header_y, :profile_header_w, :profile_header_h, :profile_picture, :profile_header)`
Upgrade to Rails 6.0 2022-01-11 17:24:38 -08:00			`if current_user.update(user_attributes)`
Add translations for `UserController#update(_profile)` 2022-01-29 16:15:34 -08:00			`text = t(".success")`
			`text += t(".notice.profile_picture") if user_attributes[:profile_picture]`
			`text += t(".notice.profile_header") if user_attributes[:profile_header]`
changed flash thing 2014-12-29 05:54:32 -08:00			`flash[:success] = text`
			`else`
Add translations for `UserController#update(_profile)` 2022-01-29 16:15:34 -08:00			`flash[:error] = t(".error")`
finally, setting the display_name works. 2014-11-11 11:20:00 -08:00			`end`
hhh 2014-11-03 04:21:41 -08:00			`redirect_to edit_user_profile_path`
new users controller 2014-11-02 08:57:37 -08:00			`end`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00
			`def update_profile`
Add profile setting for anon display name 2022-06-21 05:51:22 -07:00			`profile_attributes = params.require(:profile).permit(:display_name, :motivation_header, :website, :location, :description, :anon_display_name)`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00
Upgrade to Rails 6.0 2022-01-11 17:24:38 -08:00			`if current_user.profile.update(profile_attributes)`
Add translations for `UserController#update(_profile)` 2022-01-29 16:15:34 -08:00			`flash[:success] = t(".success")`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00			`else`
Add translations for `UserController#update(_profile)` 2022-01-29 16:15:34 -08:00			`flash[:error] = t(".error")`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00			`end`
			`redirect_to edit_user_profile_path`
			`end`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# endregion`
added follower/following pages 2014-12-08 08:03:06 -08:00
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# region Privacy settings`
			`def edit_privacy`
			`end`
added privacy setting routes this took me longer than it should have taken 2015-01-02 12:34:56 -08:00
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`def update_privacy`
			`user_attributes = params.require(:user).permit(:privacy_allow_anonymous_questions,`
			`:privacy_allow_public_timeline,`
			`:privacy_allow_stranger_answers,`
			`:privacy_show_in_search)`
Upgrade to Rails 6.0 2022-01-11 17:24:38 -08:00			`if current_user.update(user_attributes)`
Add translations for privacy settings flashes 2022-02-19 08:45:34 -08:00			`flash[:success] = t(".success")`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`else`
Add translations for privacy settings flashes 2022-02-19 08:45:34 -08:00			`flash[:error] = t(".error")`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`end`
			`redirect_to edit_user_privacy_path`
added privacy setting routes this took me longer than it should have taken 2015-01-02 12:34:56 -08:00			`end`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# endregion`
added privacy setting routes this took me longer than it should have taken 2015-01-02 12:34:56 -08:00
added follower/following pages 2014-12-08 08:03:06 -08:00			`def followers`
			`@title = 'Followers'`
Move includes into `cursored_friends`/`cursored_followers` 2021-12-31 06:35:02 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!`
Sort relationship lists by relationship IDs rather than user IDs 2022-06-18 08:29:23 -07:00			`@relationships = @user.cursored_follower_relationships(last_id: params[:last_id])`
			`@relationships_last_id = @relationships.map(&:id).min`
			`@more_data_available = !@user.cursored_follower_relationships(last_id: @relationships_last_id, size: 1).count.zero?`
			`@users = @relationships.map(&:source)`
the count is now incremented/decremented correctly on the view followers/friends pages 2014-12-08 10:48:12 -08:00			`@type = :friend`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00
			`respond_to do \|format\|`
			`format.html { render "show_follow" }`
			`format.js { render "show_follow", layout: false }`
			`end`
added follower/following pages 2014-12-08 08:03:06 -08:00			`end`

Fix lint errors 2022-01-16 09:51:27 -08:00			`# rubocop:disable Metrics/AbcSize`
Make relationships polymorphic 2021-12-31 13:19:21 -08:00			`def followings`
added follower/following pages 2014-12-08 08:03:06 -08:00			`@title = 'Following'`
Move includes into `cursored_friends`/`cursored_followers` 2021-12-31 06:35:02 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!`
Sort relationship lists by relationship IDs rather than user IDs 2022-06-18 08:29:23 -07:00			`@relationships = @user.cursored_following_relationships(last_id: params[:last_id])`
			`@relationships_last_id = @relationships.map(&:id).min`
			`@more_data_available = !@user.cursored_following_relationships(last_id: @relationships_last_id, size: 1).count.zero?`
			`@users = @relationships.map(&:target)`
the count is now incremented/decremented correctly on the view followers/friends pages 2014-12-08 10:48:12 -08:00			`@type = :friend`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00
			`respond_to do \|format\|`
			`format.html { render "show_follow" }`
			`format.js { render "show_follow", layout: false }`
			`end`
added follower/following pages 2014-12-08 08:03:06 -08:00			`end`
Fix lint errors 2022-01-16 09:51:27 -08:00			`# rubocop:enable Metrics/AbcSize`
question page added 2014-12-19 13:34:24 -08:00
			`def questions`
			`@title = 'Questions'`
Move includes into `cursored_friends`/`cursored_followers` 2021-12-31 06:35:02 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!`
Fix user questions page 2020-04-22 18:31:07 -07:00			`@questions = @user.cursored_questions(author_is_anonymous: false, last_id: params[:last_id])`
Use cursored pagination, remove WillPaginate 2020-04-20 14:03:57 -07:00			`@questions_last_id = @questions.map(&:id).min`
Fix user questions page 2020-04-22 18:31:07 -07:00			`@more_data_available = !@user.cursored_questions(author_is_anonymous: false, last_id: @questions_last_id, size: 1).count.zero?`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00
			`respond_to do \|format\|`
			`format.html`
			`format.js { render layout: false }`
			`end`
question page added 2014-12-19 13:34:24 -08:00			`end`
add data page 2015-06-20 11:38:07 -07:00
			`def data`
			`end`
Temp. layout for testing 2015-07-24 10:12:14 -07:00
added export view/controller/routes 2016-01-05 11:54:38 -08:00			`def export`
			`if current_user.export_processing`
Add translations for user export 2022-02-12 17:26:15 -08:00			`flash[:info] = t(".info")`
added export view/controller/routes 2016-01-05 11:54:38 -08:00			`end`
			`end`

			`def begin_export`
			`if current_user.can_export?`
			`ExportWorker.perform_async(current_user.id)`
Add translations for user export 2022-02-12 17:26:15 -08:00			`flash[:success] = t(".success")`
added export view/controller/routes 2016-01-05 11:54:38 -08:00			`else`
Add translations for user export 2022-02-12 17:26:15 -08:00			`flash[:error] = t(".error")`
added export view/controller/routes 2016-01-05 11:54:38 -08:00			`end`

			`redirect_to user_export_path`
			`end`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00
			`def edit_security`
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`if current_user.otp_module_disabled?`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`current_user.otp_secret_key = User.otp_random_secret(25)`
Implement @nilsding's review changes 2020-10-23 11:45:06 -07:00			`current_user.save`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`qr_code = RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring"))`
Use controller for setting up QR Code 2020-10-19 05:56:13 -07:00
Fix hound nits 2022-02-13 10:23:40 -08:00			`@qr_svg = qr_code.as_svg({ offset: 4, module_size: 4, color: "000;fill:var(--primary)" }).html_safe`
Display count of remaining recovery codes 2020-11-01 09:41:37 -08:00			`else`
Address @nilsding's review comments 2020-11-15 13:08:18 -08:00			`@recovery_code_count = current_user.totp_recovery_codes.count`
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`end`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`end`

			`def update_2fa`
Implement @nilsding's review changes 2020-10-23 11:45:06 -07:00			`req_params = params.require(:user).permit(:otp_validation)`
Fix detaching, improve UI for attaching 2FA 2020-10-18 10:48:12 -07:00			`current_user.otp_module = :enabled`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00
Add drift period 2020-10-23 15:24:04 -07:00			`if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`@recovery_keys = TotpRecoveryCode.generate_for(current_user)`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`current_user.save!`
Generate recovery keys on TOTP setup 2020-11-01 08:55:31 -08:00
Add translations for 2FA controllers and actions 2022-02-13 09:52:02 -08:00			`render "settings/security/recovery_keys"`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`else`
Add translations for 2FA controllers and actions 2022-02-13 09:52:02 -08:00			`flash[:error] = t(".error")`
Generate recovery keys on TOTP setup 2020-11-01 08:55:31 -08:00			`redirect_to edit_user_security_path`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`end`
			`end`

			`def destroy_2fa`
Fix detaching, improve UI for attaching 2FA 2020-10-18 10:48:12 -07:00			`current_user.otp_module = :disabled`
			`current_user.save!`
Address @nilsding's review comments 2020-11-15 13:08:18 -08:00			`current_user.totp_recovery_codes.delete_all`
Add translations for 2FA controllers and actions 2022-02-13 09:52:02 -08:00			`flash[:success] = t(".success")`
Fix detaching, improve UI for attaching 2FA 2020-10-18 10:48:12 -07:00			`redirect_to edit_user_security_path`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`end`
Provide the user a way to generate new codes. 2020-11-01 09:52:42 -08:00
			`def reset_user_recovery_codes`
Address @nilsding's review comments 2020-11-15 13:08:18 -08:00			`current_user.totp_recovery_codes.delete_all`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`@recovery_keys = TotpRecoveryCode.generate_for(current_user)`
Provide the user a way to generate new codes. 2020-11-01 09:52:42 -08:00			`render 'settings/security/recovery_keys'`
			`end`
Create views for managing muted words 2021-12-22 15:03:42 -08:00
			`# region Muting`
			`def edit_mute`
			`@rules = MuteRule.where(user: current_user)`
			`end`
			`# endregion`
WIP: Add UI to manage (anonymous) blocks 2022-06-23 11:03:11 -07:00
			`def edit_blocks`
			`@blocks = Relationships::Block.where(source: current_user)`
			`@anonymous_blocks = AnonymousBlock.where(user: current_user)`
			`end`
new users controller 2014-11-02 08:57:37 -08:00			`end`