From e1747cac8317da9ae4b9933cc017bd52e3370c58 Mon Sep 17 00:00:00 2001 From: Ari Timonen Date: Tue, 14 Apr 2020 01:42:12 +0300 Subject: [PATCH] Fix steam registering - Allow updating SteamID of previous profile easily via steam login - Fix bug with empty profile - Redirect on login error on steam id update - Fix styles and spacing in register form --- app/controllers/users_controller.rb | 43 ++++++++++++--- app/models/user.rb | 10 ++-- app/views/users/new.html.erb | 83 ++++++++++++++++++----------- app/views/widgets/_login.html.erb | 8 +-- config/locales/en.yml | 1 + 5 files changed, 101 insertions(+), 44 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 05b907a..c477a6c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -43,10 +43,15 @@ class UsersController < ApplicationController end def new - @user = User.new + unless session[:cached_user]&.blank? + @user = User.new(JSON.parse(session[:cached_user])) rescue nil + session.delete :cached_user + end + @user ||= User.new @user.profile = Profile.new @user.lastip = request.env['REMOTE_ADDR'] @user.can_create? cuser + @user.preformat end def edit @@ -63,6 +68,7 @@ class UsersController < ApplicationController redirect_to action: :show, id: @user.id save_session @user else + @user.preformat render :new end end @@ -86,12 +92,28 @@ class UsersController < ApplicationController end def callback - @user = User.focfah(auth_hash, request.ip) - login_user(@user) - if @user.created_at > (Time.zone.now - 1.week) - flash[:notice] << t(:users_signup_steam) - render :edit + @user = User.find_or_build(auth_hash, request.ip) + unless @user and @user.is_a?(ActiveRecord::Base) + flash[:error] = t(:users_callback_fail) + redirect_to_home + return + end + + # After steam validates SteamID, we know its right. + session[:verified_steamid] = @user.steamid + + # Store user in session store + session[:cached_user] = @user.to_json + + if @user.new_record? + # If user mistypes username and password, return to user creation page. + session[:return_to] = new_user_url(@user) + + # if @user.created_at > (Time.zone.now - 1.week) + # flash[:notice] = t(:users_signup_steam) + render :new else + login_user(@user) return_back end end @@ -134,9 +156,16 @@ class UsersController < ApplicationController if user.banned? Ban::TYPE_SITE flash[:error] = t(:accounts_locked) else - flash[:notice] = "%s (%s)" % [t(:login_successful), user.password_hash_s] + flash[:notice] = "%s" % [t(:login_successful)] # FIXME: this doesn't work because model is saved before flash[:notice] << " \n%s" % I18n.t(:password_md5_scrypt) if user.password_hash_changed? + if !session[:verified_steamid].blank? and \ + user.steamid != session[:verified_steamid] and \ + user.update_attribute(:steamid, session[:verified_steamid]) + session[:return_to] = edit_user_path(user) + flash[:notice] << t(:users_steamid_update) % [user.steamid] + session.delete :verified_steamid + end save_session user end end diff --git a/app/models/user.rb b/app/models/user.rb index cfa8629..8c773a1 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -258,6 +258,10 @@ class User < ActiveRecord::Base team ? teamers.active.of_team(team).first : nil end + def preformat + self.email = "" if self.email.include?("@ensl.org") + end + def banned? type = Ban::TYPE_SITE bans.effective.where(ban_type: type).count > 0 end @@ -353,7 +357,7 @@ class User < ActiveRecord::Base generate_password end unless profile&.present? - self.profile = Profile.new + self.build_profile end end @@ -516,7 +520,7 @@ class User < ActiveRecord::Base params.require(:user).permit(*allowed) end - def self.focfah(auth_hash, lastip) + def self.find_or_build(auth_hash, lastip) return nil unless auth_hash&.include?(:provider) case auth_hash[:provider] when 'steam' @@ -526,11 +530,11 @@ class User < ActiveRecord::Base unless user user = User.new(username: auth_hash[:info][:nickname], lastip: lastip, fullname: auth_hash[:info][:name], steamid: steamid) user.fix_attributes + user.build_profile # TODO: user make valid by force # user.profile.country # get profile picture, :image # This really shouldn't fail. - user.save! end return user end diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb index 8aac041..f0150ea 100644 --- a/app/views/users/new.html.erb +++ b/app/views/users/new.html.erb @@ -1,50 +1,71 @@

Registration

+ <% if session[:verified_steamid] %> +
+ Your SteamID (<%= session[:verified_steamid] %>) does not have an existing account. You can easily finish creating Steam-linked account here. + Before doing so, please check you do not already have an account. If you do, click here and type username and password below. You can look + look for your account <%= link_to "here", users_path, target: "_blank" %>. +
+ + <%= form_tag(users_login_path(), { class: 'square' }) do %> +
+ <%= text_field "login", "username", placeholder: "Username" %> + <%= password_field "login", "password", placeholder: "Password" %> +
+
+ <%= submit_tag t('helpers.submit.user.login'), class: "button" %> +
+ <% end %> + <% end %> + <%= form_for @user, html: { class: "square" } do |f| %> <%= render 'shared/errors', messages: @user.errors.full_messages %> - -
-
+ <% unless session[:verified_steamid] %> +
<%= link_to "Create your account via Steam", "/auth/steam", method: :POST %>
-
- <%= f.label :username %> - <%= f.text_field :username %> -
-
- Pick unique nickname for yourself. -
-
+ <% end %> +
+ <%= f.label :username %> + <%= f.text_field :username %> +
+
+ Pick unique nickname for yourself. +
+ <% unless session[:verified_steamid] %> +
<%= f.label :raw_password, "Password" %> <%= f.password_field :raw_password %>
-
+
Please don't use same password as any important place.
-
- <%= f.label :email %> - <%= f.text_field :email %> -
-
- The email is needed to reset password, verify identity and send account related emails. We don't send spam or sell your email. By default the email is private and only seen by admins. -
-
- <%= f.label :steamid %> - <%= f.text_field :steamid, placeholder: "0:1:23456789" %> -
-
+ <% end %> +
+ <%= f.label :email %> + <%= f.text_field :email %> +
+
+ The email is needed to reset password, verify identity and send account related emails. We don't send spam or give your email to third parties. By default the email is private and only seen by admins. +
+
+ <%= f.label :steamid %> + <%= f.text_field :steamid, placeholder: "0:1:23456789" %> +
+ <% unless session[:verified_steamid] %> +
You can use <%= link_to "this tool", steamid_tool %> or <%= link_to "this web page", 'https://steamidfinder.com/' %> to find your SteamID. We need the steam id to identify unique players. If you use fake one, some things on website might be broken.
-
- <%= f.label :birthdate %> - <%= date_select :user, :birthdate, order: [:year, :month, :day], start_year: 1950, include_blank: true, default: nil %> -
-
- Only needed for fun stats (age etc.). You don't need to give valid one. -
+ <% end %> +
+ <%= f.label :birthdate %> + <%= date_select :user, :birthdate, order: [:year, :month, :day], start_year: 1950, include_blank: true, default: nil %> +
+
+ Only needed for fun stats (age etc.). Leave blank if you don't want to give one.
<%= f.submit "Register" %> diff --git a/app/views/widgets/_login.html.erb b/app/views/widgets/_login.html.erb index 3ed7bd5..0093d50 100644 --- a/app/views/widgets/_login.html.erb +++ b/app/views/widgets/_login.html.erb @@ -1,8 +1,10 @@ <%= form_tag({ controller: "users", action: "login" }, { class: 'dark' }) do %>
- <%= link_to "/auth/steam", method: :POST do %> - <%= image_tag '/images/icons/steam_login.png' %> - <% end %> +
+ <%= link_to "/auth/steam", method: :POST do %> + <%= image_tag '/images/icons/steam_login.png' %> + <% end %> +
<%= text_field "login", "username", placeholder: "Username" %> <%= password_field "login", "password", placeholder: "Password" %>
diff --git a/config/locales/en.yml b/config/locales/en.yml index eceeb56..d3a152a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -91,6 +91,7 @@ en: weeks_update: "Week was successfully updated." votes_success: "Voted successfully." users_signup_steam: "You have created an account via steam, please update your user details." + users_steamid_update: "Your SteamID has been updated to %s. You can log in via Steam now." error: "error" prohibited: "prohibited" news: