Fix steam registering

- Allow updating SteamID of previous profile easily via steam login - Fix bug with empty profile - Redirect on login error on steam id update - Fix styles and spacing in register form
2025-03-06 17:41:18 +00:00 · 2020-04-14 01:42:12 +03:00 · 2020-04-14 01:42:12 +03:00 · e1747cac83
commit e1747cac83
parent 3dc2de0fd6
5 changed files with 101 additions and 44 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -43,10 +43,15 @@ class UsersController < ApplicationController
  end

  def new
-    @user = User.new
+    unless session[:cached_user]&.blank?
+      @user = User.new(JSON.parse(session[:cached_user])) rescue nil
+      session.delete :cached_user
+    end
+    @user ||= User.new
    @user.profile = Profile.new
    @user.lastip = request.env['REMOTE_ADDR']
    @user.can_create? cuser
+    @user.preformat
  end

  def edit
@ -63,6 +68,7 @@ class UsersController < ApplicationController
      redirect_to action: :show, id: @user.id
      save_session @user
    else
+      @user.preformat
      render :new
    end
  end
@ -86,12 +92,28 @@ class UsersController < ApplicationController
  end

  def callback
-    @user = User.focfah(auth_hash, request.ip)
-    login_user(@user)
-    if @user.created_at > (Time.zone.now - 1.week)
-      flash[:notice] << t(:users_signup_steam)
-      render :edit
+    @user = User.find_or_build(auth_hash, request.ip)
+    unless @user and @user.is_a?(ActiveRecord::Base)
+      flash[:error] = t(:users_callback_fail)
+      redirect_to_home
+      return
+    end
+
+    # After steam validates SteamID, we know its right.
+    session[:verified_steamid] = @user.steamid
+
+    # Store user in session store
+    session[:cached_user] = @user.to_json
+
+    if @user.new_record?
+      # If user mistypes username and password, return to user creation page.
+      session[:return_to] = new_user_url(@user)
+
+      # if @user.created_at > (Time.zone.now - 1.week)
+      # flash[:notice] = t(:users_signup_steam)
+      render :new
    else
+      login_user(@user)
      return_back
    end
  end
@ -134,9 +156,16 @@ class UsersController < ApplicationController
    if user.banned? Ban::TYPE_SITE
      flash[:error] = t(:accounts_locked)
    else
-      flash[:notice] = "%s (%s)" % [t(:login_successful), user.password_hash_s]
+      flash[:notice] = "%s" % [t(:login_successful)]
      # FIXME: this doesn't work because model is saved before
      flash[:notice] << " \n%s" % I18n.t(:password_md5_scrypt) if user.password_hash_changed?
+      if !session[:verified_steamid].blank? and \
+        user.steamid != session[:verified_steamid] and \
+        user.update_attribute(:steamid, session[:verified_steamid])
+          session[:return_to] = edit_user_path(user)
+          flash[:notice] << t(:users_steamid_update) % [user.steamid]
+          session.delete :verified_steamid
+      end
      save_session user
    end
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -258,6 +258,10 @@ class User < ActiveRecord::Base
    team ? teamers.active.of_team(team).first : nil
  end

+  def preformat
+    self.email = "" if self.email.include?("@ensl.org")
+  end
+
  def banned? type = Ban::TYPE_SITE
    bans.effective.where(ban_type: type).count > 0
  end
@ -353,7 +357,7 @@ class User < ActiveRecord::Base
      generate_password
    end
    unless profile&.present?
-      self.profile = Profile.new
+      self.build_profile
    end
  end

@ -516,7 +520,7 @@ class User < ActiveRecord::Base
    params.require(:user).permit(*allowed)
  end

-  def self.focfah(auth_hash, lastip)
+  def self.find_or_build(auth_hash, lastip)
    return nil unless auth_hash&.include?(:provider)
    case auth_hash[:provider]
    when 'steam'
@ -526,11 +530,11 @@ class User < ActiveRecord::Base
      unless user
        user = User.new(username: auth_hash[:info][:nickname], lastip: lastip, fullname: auth_hash[:info][:name], steamid: steamid)
        user.fix_attributes
+        user.build_profile
        # TODO: user make valid by force
        # user.profile.country
        # get profile picture, :image
        # This really shouldn't fail.
-        user.save!
      end
      return user
    end
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@ -1,50 +1,71 @@
 <div id="registration">
  <h1>Registration</h1>

+  <% if session[:verified_steamid] %>
+    <div class="horizontal fields">
+      Your SteamID (<strong><%= session[:verified_steamid] %></strong>) does not have an existing account. You can easily finish creating Steam-linked account here.
+      Before doing so, please check you do not already have an account. If you do, click here and type username and password below. You can look
+      look for your account <%= link_to "here", users_path, target: "_blank" %>.
+    </div>
+
+    <%= form_tag(users_login_path(), { class: 'square' }) do %>
+      <div class="horizontal fields ">
+        <%= text_field "login", "username", placeholder: "Username" %>
+        <%= password_field "login", "password", placeholder: "Password" %>
+      </div>
+      <div class="buttons">
+        <%= submit_tag t('helpers.submit.user.login'), class: "button" %>
+      </div>
+    <% end %>
+  <% end %>
+
  <%= form_for @user, html: { class: "square" } do |f| %>
    <%= render 'shared/errors', messages: @user.errors.full_messages %>
-
-    <div class="fields">
-      <div class="horizontal text-field">
+    <% unless session[:verified_steamid] %>
+      <div class="horizontal fields">
      <%= link_to "Create your account via Steam", "/auth/steam", method: :POST %>
      </div>
-      <div class="horizontal text-field">
-        <%= f.label :username %>
-        <%= f.text_field :username %>
-      </div>
-      <div class="horizontal text-field">
-        Pick unique nickname for yourself.
-      </div>
-      <div class="horizontal text-field">
+    <% end %>
+    <div class="horizontal fields">
+      <%= f.label :username %>
+      <%= f.text_field :username %>
+    </div>
+    <div class="horizontal fields">
+      Pick unique nickname for yourself.
+    </div>
+    <% unless session[:verified_steamid] %>
+      <div class="horizontal fields">
        <%= f.label :raw_password, "Password" %>
        <%= f.password_field :raw_password %>
      </div>
-      <div class="horizontal text-field">
+      <div class="horizontal fields">
        Please don't use same password as any important place.
      </div>
-      <div class="horizontal text-field">
-        <%= f.label :email %>
-        <%= f.text_field :email %>
-      </div>
-      <div class="horizontal text-field">
-        The email is needed to reset password, verify identity and send account related emails. We don't send spam or sell your email. By default the email is private and only seen by admins.
-      </div>
-      <div class="horizontal text-field">
-        <%= f.label :steamid %>
-        <%= f.text_field :steamid, placeholder: "0:1:23456789" %>
-      </div>
-      <div class="horizontal text-field">
+    <% end %>
+    <div class="horizontal fields">
+      <%= f.label :email %>
+      <%= f.text_field :email %>
+    </div>
+    <div class="horizontal fields">
+      The email is needed to reset password, verify identity and send account related emails. We don't send spam or give your email to third parties. By default the email is private and only seen by admins.
+    </div>
+    <div class="horizontal fields">
+      <%= f.label :steamid %>
+      <%= f.text_field :steamid, placeholder: "0:1:23456789" %>
+    </div>
+    <% unless session[:verified_steamid] %>
+      <div class="horizontal fields">
        You can use <%= link_to "this tool", steamid_tool %> or
        <%= link_to "this web page", 'https://steamidfinder.com/' %>
        to find your SteamID. We need the steam id to identify unique players. If you use fake one, some things on website might be broken.
      </div>
-      <div class="horizontal">
-        <%= f.label :birthdate %>
-        <%= date_select :user, :birthdate, order: [:year, :month, :day], start_year: 1950, include_blank: true, default: nil %>
-      </div>
-      <div class="horizontal text-field">
-        Only needed for fun stats (age etc.). You don't need to give valid one.
-      </div>
+    <% end %>
+    <div class="horizontal fields">
+      <%= f.label :birthdate %>
+      <%= date_select :user, :birthdate, order: [:year, :month, :day], start_year: 1950, include_blank: true, default: nil %>
+    </div>
+    <div class="horizontal fields">
+      Only needed for fun stats (age etc.). Leave blank if you don't want to give one.
    </div>
    <div class="controls submit-field">
      <%= f.submit "Register" %>  
--- a/app/views/widgets/_login.html.erb
+++ b/app/views/widgets/_login.html.erb
@ -1,8 +1,10 @@
 <%= form_tag({ controller: "users", action: "login" }, { class: 'dark' }) do %>
  <div class="fields">
-    <%= link_to "/auth/steam", method: :POST do %>
-      <%= image_tag '/images/icons/steam_login.png' %>
-    <% end %>
+    <div class="steam">
+      <%= link_to "/auth/steam", method: :POST do %>
+        <%= image_tag '/images/icons/steam_login.png' %>
+      <% end %>
+    </div>
    <%= text_field "login", "username", placeholder: "Username" %>
    <%= password_field "login", "password", placeholder: "Password" %>
  </div>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -91,6 +91,7 @@ en:
  weeks_update: "Week was successfully updated."
  votes_success: "Voted successfully."
  users_signup_steam: "You have created an account via steam, please update your user details."
+  users_steamid_update: "Your SteamID has been updated to %s. You can log in via Steam now."
  error: "error"
  prohibited: "prohibited"
  news: