Retrospring/app/controllers/user_controller.rb

class UserController < ApplicationController
  include ThemeHelper

  before_action :authenticate_user!, only: %w(edit update edit_privacy update_privacy edit_theme update_theme preview_theme delete_theme data export begin_export edit_security update_2fa destroy_2fa reset_user_recovery_codes)

  def show
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!
    @answers = @user.cursored_answers(last_id: params[:last_id])
    @answers_last_id = @answers.map(&:id).min
    @more_data_available = !@user.cursored_answers(last_id: @answers_last_id, size: 1).count.zero?

    if user_signed_in?
      notif = Notification.where(target_type: "Relationship", target_id: @user.active_relationships.where(target_id: current_user.id).pluck(:id), recipient_id: current_user.id, new: true).first
      unless notif.nil?
        notif.new = false
        notif.save
      end
    end

    respond_to do |format|
      format.html
      format.js { render layout: false }
    end
  end

  # region Account settings
  def edit
  end

  def update
    user_attributes = params.require(:user).permit(:show_foreign_themes, :profile_picture_x, :profile_picture_y, :profile_picture_w, :profile_picture_h,
                                                   :profile_header_x, :profile_header_y, :profile_header_w, :profile_header_h, :profile_picture, :profile_header)
    if current_user.update_attributes(user_attributes)
      text = t('flash.user.update.text')
      text += t('flash.user.update.avatar') if user_attributes[:profile_picture]
      text += t('flash.user.update.header') if user_attributes[:profile_header]
      flash[:success] = text
    else
      flash[:error] = t('flash.user.update.error')
    end
    redirect_to edit_user_profile_path
  end

  def update_profile
    profile_attributes = params.require(:profile).permit(:display_name, :motivation_header, :website, :location, :description)

    if current_user.profile.update_attributes(profile_attributes)
      flash[:success] = t('flash.user.update.text')
    else
      flash[:error] = t('flash.user.update.error')
    end
    redirect_to edit_user_profile_path
  end
  # endregion

  # region Privacy settings
  def edit_privacy
  end

  def update_privacy
    user_attributes = params.require(:user).permit(:privacy_allow_anonymous_questions,
                                                   :privacy_allow_public_timeline,
                                                   :privacy_allow_stranger_answers,
                                                   :privacy_show_in_search)
    if current_user.update_attributes(user_attributes)
      flash[:success] = t('flash.user.update_privacy.success')
    else
      flash[:error] = t('flash.user.update_privacy.error')
    end
    redirect_to edit_user_privacy_path
  end
  # endregion

  # region Lists
  def lists
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!
    @lists = if current_user == @user
                @user.lists
              else
                @user.lists.where(private: false)
              end.all
  end
  # endregion

  def followers
    @title = 'Followers'
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!
    @users = @user.cursored_followers(last_id: params[:last_id])
    @users_last_id = @users.map(&:id).min
    @more_data_available = !@user.cursored_followers(last_id: @users_last_id, size: 1).count.zero?
    @type = :friend

    respond_to do |format|
      format.html { render "show_follow" }
      format.js { render "show_follow", layout: false }
    end
  end

  def friends
    @title = 'Following'
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!
    @users = @user.cursored_friends(last_id: params[:last_id]).includes(:profile)
    @users_last_id = @users.map(&:id).min
    @more_data_available = !@user.cursored_friends(last_id: @users_last_id, size: 1).count.zero?
    @type = :friend

    respond_to do |format|
      format.html { render "show_follow" }
      format.js { render "show_follow", layout: false }
    end
  end

  def questions
    @title = 'Questions'
    @user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!
    @questions = @user.cursored_questions(author_is_anonymous: false, last_id: params[:last_id])
    @questions_last_id = @questions.map(&:id).min
    @more_data_available = !@user.cursored_questions(author_is_anonymous: false, last_id: @questions_last_id, size: 1).count.zero?

    respond_to do |format|
      format.html
      format.js { render layout: false }
    end
  end

  def data
  end

  def edit_theme
  end

  def delete_theme
    current_user.theme.destroy!
    redirect_to edit_user_theme_path
  end

  def update_theme
    update_attributes = params.require(:theme).permit([
      :primary_color, :primary_text,
      :danger_color, :danger_text,
      :success_color, :success_text,
      :warning_color, :warning_text,
      :info_color, :info_text,
      :dark_color, :dark_text,
      :light_color, :light_text,
      :raised_background, :raised_accent,
      :background_color, :body_text, 
      :muted_text, :input_color, 
      :input_text
    ])

    if current_user.theme.nil?
      current_user.theme = Theme.new update_attributes
      current_user.theme.user_id = current_user.id

      if current_user.theme.save
        flash[:success] = 'Theme saved.'
      else
        flash[:error] = 'Theme saving failed. ' + current_user.theme.errors.messages.flatten.join(' ')
      end
    elsif current_user.theme.update_attributes(update_attributes)
      flash[:success] = 'Theme saved.'
    else
      flash[:error] = 'Theme saving failed. ' + current_user.theme.errors.messages.flatten.join(' ')
    end
    redirect_to edit_user_theme_path
  end

  def export
    if current_user.export_processing
      flash[:info] = 'An export is currently in progress for this account.'
    end
  end

  def begin_export
    if current_user.can_export?
      ExportWorker.perform_async(current_user.id)
      flash[:success] = 'Your account is currently being exported.  This will take a little while.'
    else
      flash[:error] = 'Nice try, kid.'
    end

    redirect_to user_export_path
  end

  def edit_security
    if current_user.otp_module_disabled?
      current_user.otp_secret_key = User.otp_random_secret(25)
      current_user.save

      qr_code = RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring"))

      @qr_svg = qr_code.as_svg({offset: 4, module_size: 4, color: '000;fill:var(--primary)'}).html_safe
    else
      @recovery_code_count = current_user.totp_recovery_codes.count
    end
  end

  def update_2fa
    req_params = params.require(:user).permit(:otp_validation)
    current_user.otp_module = :enabled

    if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)
      @recovery_keys = TotpRecoveryCode.generate_for(current_user)
      current_user.save!

      render 'settings/security/recovery_keys'
    else
      flash[:error] = t('views.auth.2fa.errors.invalid_code')
      redirect_to edit_user_security_path
    end
  end

  def destroy_2fa
    current_user.otp_module = :disabled
    current_user.save!
    current_user.totp_recovery_codes.delete_all
    flash[:success] = 'Two factor authentication has been disabled for your account.'
    redirect_to edit_user_security_path
  end

  def reset_user_recovery_codes
    current_user.totp_recovery_codes.delete_all
    @recovery_keys = TotpRecoveryCode.generate_for(current_user)
    render 'settings/security/recovery_keys'
  end
end
new users controller 2014-11-02 08:57:37 -08:00			`class UserController < ApplicationController`
ThemeHelper.render_theme_with_context 2015-07-29 09:54:33 -07:00			`include ThemeHelper`

Put all security related actions behind authentication 2021-12-29 12:26:39 -08:00			`before_action :authenticate_user!, only: %w(edit update edit_privacy update_privacy edit_theme update_theme preview_theme delete_theme data export begin_export edit_security update_2fa destroy_2fa reset_user_recovery_codes)`
uploading profile pictures works now 2014-12-29 02:21:43 -08:00
new users controller 2014-11-02 08:57:37 -08:00			`def show`
Eager load relationships for questions, answers and users 2021-12-30 13:15:59 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).includes(:profile).first!`
Use cursored pagination, remove WillPaginate 2020-04-20 14:03:57 -07:00			`@answers = @user.cursored_answers(last_id: params[:last_id])`
			`@answers_last_id = @answers.map(&:id).min`
			`@more_data_available = !@user.cursored_answers(last_id: @answers_last_id, size: 1).count.zero?`
automatically mark notifications as read 2015-02-09 21:53:50 -08:00
			`if user_signed_in?`
			`notif = Notification.where(target_type: "Relationship", target_id: @user.active_relationships.where(target_id: current_user.id).pluck(:id), recipient_id: current_user.id, new: true).first`
			`unless notif.nil?`
			`notif.new = false`
			`notif.save`
			`end`
			`end`

added pagination to User#show 2014-12-08 06:23:04 -08:00			`respond_to do \|format\|`
			`format.html`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00			`format.js { render layout: false }`
added pagination to User#show 2014-12-08 06:23:04 -08:00			`end`
new users controller 2014-11-02 08:57:37 -08:00			`end`

users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# region Account settings`
new users controller 2014-11-02 08:57:37 -08:00			`def edit`
hhh 2014-11-03 04:21:41 -08:00			`end`

			`def update`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00			`user_attributes = params.require(:user).permit(:show_foreign_themes, :profile_picture_x, :profile_picture_y, :profile_picture_w, :profile_picture_h,`
Implement cropping; make uploaders DRY 2020-05-02 09:45:11 -07:00			`:profile_header_x, :profile_header_y, :profile_header_w, :profile_header_h, :profile_picture, :profile_header)`
changed flash thing 2014-12-29 05:54:32 -08:00			`if current_user.update_attributes(user_attributes)`
git localize flashes 2015-06-07 10:03:57 -07:00			`text = t('flash.user.update.text')`
			`text += t('flash.user.update.avatar') if user_attributes[:profile_picture]`
			`text += t('flash.user.update.header') if user_attributes[:profile_header]`
changed flash thing 2014-12-29 05:54:32 -08:00			`flash[:success] = text`
			`else`
git localize flashes 2015-06-07 10:03:57 -07:00			`flash[:error] = t('flash.user.update.error')`
finally, setting the display_name works. 2014-11-11 11:20:00 -08:00			`end`
hhh 2014-11-03 04:21:41 -08:00			`redirect_to edit_user_profile_path`
new users controller 2014-11-02 08:57:37 -08:00			`end`
Add endpoint for updating profile 2021-12-21 14:56:57 -08:00
			`def update_profile`
			`profile_attributes = params.require(:profile).permit(:display_name, :motivation_header, :website, :location, :description)`

			`if current_user.profile.update_attributes(profile_attributes)`
			`flash[:success] = t('flash.user.update.text')`
			`else`
			`flash[:error] = t('flash.user.update.error')`
			`end`
			`redirect_to edit_user_profile_path`
			`end`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# endregion`
added follower/following pages 2014-12-08 08:03:06 -08:00
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# region Privacy settings`
			`def edit_privacy`
			`end`
added privacy setting routes this took me longer than it should have taken 2015-01-02 12:34:56 -08:00
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`def update_privacy`
			`user_attributes = params.require(:user).permit(:privacy_allow_anonymous_questions,`
			`:privacy_allow_public_timeline,`
			`:privacy_allow_stranger_answers,`
			`:privacy_show_in_search)`
			`if current_user.update_attributes(user_attributes)`
git localize flashes 2015-06-07 10:03:57 -07:00			`flash[:success] = t('flash.user.update_privacy.success')`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`else`
git localize flashes 2015-06-07 10:03:57 -07:00			`flash[:error] = t('flash.user.update_privacy.error')`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`end`
			`redirect_to edit_user_privacy_path`
added privacy setting routes this took me longer than it should have taken 2015-01-02 12:34:56 -08:00			`end`
users now can enable/disable some privacy settings 2015-01-03 12:58:56 -08:00			`# endregion`
added privacy setting routes this took me longer than it should have taken 2015-01-02 12:34:56 -08:00
Rename Groups to Lists haha regexp go brrr special thanks to @seatsea for helping me out with the French locales 2020-05-25 09:04:54 -07:00			`# region Lists`
			`def lists`
added groups route thing 2015-01-11 21:57:43 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!`
Rename Groups to Lists haha regexp go brrr special thanks to @seatsea for helping me out with the French locales 2020-05-25 09:04:54 -07:00			`@lists = if current_user == @user`
			`@user.lists`
added groups route thing 2015-01-11 21:57:43 -08:00			`else`
Rename Groups to Lists haha regexp go brrr special thanks to @seatsea for helping me out with the French locales 2020-05-25 09:04:54 -07:00			`@user.lists.where(private: false)`
added a lock icon 2015-01-11 22:08:06 -08:00			`end.all`
added groups route thing 2015-01-11 21:57:43 -08:00			`end`
			`# endregion`

added follower/following pages 2014-12-08 08:03:06 -08:00			`def followers`
			`@title = 'Followers'`
the 404 page is shown again if an user was not found 2014-12-21 06:32:49 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!`
Use cursored pagination, remove WillPaginate 2020-04-20 14:03:57 -07:00			`@users = @user.cursored_followers(last_id: params[:last_id])`
			`@users_last_id = @users.map(&:id).min`
			`@more_data_available = !@user.cursored_followers(last_id: @users_last_id, size: 1).count.zero?`
the count is now incremented/decremented correctly on the view followers/friends pages 2014-12-08 10:48:12 -08:00			`@type = :friend`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00
			`respond_to do \|format\|`
			`format.html { render "show_follow" }`
			`format.js { render "show_follow", layout: false }`
			`end`
added follower/following pages 2014-12-08 08:03:06 -08:00			`end`

renamed following to friends 2014-12-08 10:51:34 -08:00			`def friends`
added follower/following pages 2014-12-08 08:03:06 -08:00			`@title = 'Following'`
the 404 page is shown again if an user was not found 2014-12-21 06:32:49 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!`
Eager load relationships for questions, answers and users 2021-12-30 13:15:59 -08:00			`@users = @user.cursored_friends(last_id: params[:last_id]).includes(:profile)`
Use cursored pagination, remove WillPaginate 2020-04-20 14:03:57 -07:00			`@users_last_id = @users.map(&:id).min`
			`@more_data_available = !@user.cursored_friends(last_id: @users_last_id, size: 1).count.zero?`
the count is now incremented/decremented correctly on the view followers/friends pages 2014-12-08 10:48:12 -08:00			`@type = :friend`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00
			`respond_to do \|format\|`
			`format.html { render "show_follow" }`
			`format.js { render "show_follow", layout: false }`
			`end`
added follower/following pages 2014-12-08 08:03:06 -08:00			`end`
question page added 2014-12-19 13:34:24 -08:00
			`def questions`
			`@title = 'Questions'`
the 404 page is shown again if an user was not found 2014-12-21 06:32:49 -08:00			`@user = User.where('LOWER(screen_name) = ?', params[:username].downcase).first!`
Fix user questions page 2020-04-22 18:31:07 -07:00			`@questions = @user.cursored_questions(author_is_anonymous: false, last_id: params[:last_id])`
Use cursored pagination, remove WillPaginate 2020-04-20 14:03:57 -07:00			`@questions_last_id = @questions.map(&:id).min`
Fix user questions page 2020-04-22 18:31:07 -07:00			`@more_data_available = !@user.cursored_questions(author_is_anonymous: false, last_id: @questions_last_id, size: 1).count.zero?`
Fix pagination for ajax views 2020-05-08 19:39:09 -07:00
			`respond_to do \|format\|`
			`format.html`
			`format.js { render layout: false }`
			`end`
question page added 2014-12-19 13:34:24 -08:00			`end`
add data page 2015-06-20 11:38:07 -07:00
			`def data`
			`end`
Temp. layout for testing 2015-07-24 10:12:14 -07:00
Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`def edit_theme`
			`end`

Several changes to theming, solving a bunch of bugs 2015-08-26 16:56:07 -07:00			`def delete_theme`
			`current_user.theme.destroy!`
Redirect user to edit_user_theme_path after deletion 2020-05-06 13:19:30 -07:00			`redirect_to edit_user_theme_path`
Several changes to theming, solving a bunch of bugs 2015-08-26 16:56:07 -07:00			`end`

Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`def update_theme`
			`update_attributes = params.require(:theme).permit([`
			`:primary_color, :primary_text,`
			`:danger_color, :danger_text,`
			`:success_color, :success_text,`
			`:warning_color, :warning_text,`
			`:info_color, :info_text,`
Add new fields for themes - In the settings view - In the model validation - In the controller parameter permissions - In the CoffeeScript/Ruby helpers 2020-05-04 17:02:16 -07:00			`:dark_color, :dark_text,`
			`:light_color, :light_text,`
			`:raised_background, :raised_accent,`
			`:background_color, :body_text,`
			`:muted_text, :input_color,`
			`:input_text`
Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`])`

			`if current_user.theme.nil?`
			`current_user.theme = Theme.new update_attributes`
			`current_user.theme.user_id = current_user.id`

			`if current_user.theme.save`
Theming is finished Previews, settings pane and presets! 2015-08-25 11:27:06 -07:00			`flash[:success] = 'Theme saved.'`
Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`else`
invalid is invalid 2015-08-25 12:50:17 -07:00			`flash[:error] = 'Theme saving failed. ' + current_user.theme.errors.messages.flatten.join(' ')`
Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`end`
Theming is finished Previews, settings pane and presets! 2015-08-25 11:27:06 -07:00			`elsif current_user.theme.update_attributes(update_attributes)`
			`flash[:success] = 'Theme saved.'`
Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`else`
invalid is invalid 2015-08-25 12:50:17 -07:00			`flash[:error] = 'Theme saving failed. ' + current_user.theme.errors.messages.flatten.join(' ')`
Model goop also made the theme selection logic for user profiles and current user, and the saving logic 2015-08-25 01:26:36 -07:00			`end`
			`redirect_to edit_user_theme_path`
Temp. layout for testing 2015-07-24 10:12:14 -07:00			`end`
added export view/controller/routes 2016-01-05 11:54:38 -08:00
			`def export`
			`if current_user.export_processing`
			`flash[:info] = 'An export is currently in progress for this account.'`
			`end`
			`end`

			`def begin_export`
			`if current_user.can_export?`
			`ExportWorker.perform_async(current_user.id)`
			`flash[:success] = 'Your account is currently being exported. This will take a little while.'`
			`else`
			`flash[:error] = 'Nice try, kid.'`
			`end`

			`redirect_to user_export_path`
			`end`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00
			`def edit_security`
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`if current_user.otp_module_disabled?`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`current_user.otp_secret_key = User.otp_random_secret(25)`
Implement @nilsding's review changes 2020-10-23 11:45:06 -07:00			`current_user.save`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`qr_code = RQRCode::QRCode.new(current_user.provisioning_uri("Retrospring:#{current_user.screen_name}", issuer: "Retrospring"))`
Use controller for setting up QR Code 2020-10-19 05:56:13 -07:00
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`@qr_svg = qr_code.as_svg({offset: 4, module_size: 4, color: '000;fill:var(--primary)'}).html_safe`
Display count of remaining recovery codes 2020-11-01 09:41:37 -08:00			`else`
Address @nilsding's review comments 2020-11-15 13:08:18 -08:00			`@recovery_code_count = current_user.totp_recovery_codes.count`
Add tests for security settings page 2020-10-21 04:44:00 -07:00			`end`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`end`

			`def update_2fa`
Implement @nilsding's review changes 2020-10-23 11:45:06 -07:00			`req_params = params.require(:user).permit(:otp_validation)`
Fix detaching, improve UI for attaching 2FA 2020-10-18 10:48:12 -07:00			`current_user.otp_module = :enabled`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00
Add drift period 2020-10-23 15:24:04 -07:00			`if current_user.authenticate_otp(req_params[:otp_validation], drift: APP_CONFIG.fetch(:otp_drift_period, 30).to_i)`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`@recovery_keys = TotpRecoveryCode.generate_for(current_user)`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`current_user.save!`
Generate recovery keys on TOTP setup 2020-11-01 08:55:31 -08:00
			`render 'settings/security/recovery_keys'`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`else`
Use the same string for 2FA failures 2020-10-23 11:58:42 -07:00			`flash[:error] = t('views.auth.2fa.errors.invalid_code')`
Generate recovery keys on TOTP setup 2020-11-01 08:55:31 -08:00			`redirect_to edit_user_security_path`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`end`
			`end`

			`def destroy_2fa`
Fix detaching, improve UI for attaching 2FA 2020-10-18 10:48:12 -07:00			`current_user.otp_module = :disabled`
			`current_user.save!`
Address @nilsding's review comments 2020-11-15 13:08:18 -08:00			`current_user.totp_recovery_codes.delete_all`
Fix detaching, improve UI for attaching 2FA 2020-10-18 10:48:12 -07:00			`flash[:success] = 'Two factor authentication has been disabled for your account.'`
			`redirect_to edit_user_security_path`
Implement Two Factor Authentication 2020-10-18 01:39:46 -07:00			`end`
Provide the user a way to generate new codes. 2020-11-01 09:52:42 -08:00
			`def reset_user_recovery_codes`
Address @nilsding's review comments 2020-11-15 13:08:18 -08:00			`current_user.totp_recovery_codes.delete_all`
Add tests for recovery codes 2020-11-15 01:21:06 -08:00			`@recovery_keys = TotpRecoveryCode.generate_for(current_user)`
Provide the user a way to generate new codes. 2020-11-01 09:52:42 -08:00			`render 'settings/security/recovery_keys'`
			`end`
new users controller 2014-11-02 08:57:37 -08:00			`end`