summaryrefslogtreecommitdiff
path: root/app/controllers/profiles_controller.rb
blob: dd1ac526b89a89cea382e3b9b39e3bc983aba10b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# frozen_string_literal: true

class ProfilesController < Profiles::ApplicationController
  include ActionView::Helpers::SanitizeHelper
  include Gitlab::Tracking

  before_action :user
  before_action :authorize_change_username!, only: :update_username
  before_action only: :update_username do
    check_rate_limit!(:profile_update_username, scope: current_user)
  end
  skip_before_action :require_email, only: [:show, :update]
  before_action do
    push_frontend_feature_flag(:webauthn)
  end

  feature_category :users, [:show, :update, :reset_incoming_email_token, :reset_feed_token,
                            :reset_static_object_token, :update_username]

  feature_category :authentication_and_authorization, [:audit_log]
  urgency :low, [:show, :update]

  def show
  end

  def update
    respond_to do |format|
      result = Users::UpdateService.new(current_user, user_params.merge(user: @user)).execute(check_password: true)

      if result[:status] == :success
        message = s_("Profiles|Profile was successfully updated")

        format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
        format.json { render json: { message: message } }
      else
        format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: result[:message] }) }
        format.json { render json: result }
      end
    end
  end

  def reset_incoming_email_token
    Users::UpdateService.new(current_user, user: @user).execute! do |user|
      user.reset_incoming_email_token!
    end

    flash[:notice] = s_("Profiles|Incoming email token was successfully reset")

    redirect_to profile_personal_access_tokens_path
  end

  def reset_feed_token
    Users::UpdateService.new(current_user, user: @user).execute! do |user|
      user.reset_feed_token!
    end

    flash[:notice] = s_('Profiles|Feed token was successfully reset')

    redirect_to profile_personal_access_tokens_path
  end

  def reset_static_object_token
    Users::UpdateService.new(current_user, user: @user).execute! do |user|
      user.reset_static_object_token!
    end

    redirect_to profile_personal_access_tokens_path,
      notice: s_('Profiles|Static object token was successfully reset')
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def audit_log
    @events = AuthenticationEvent.where(user: current_user)
      .order("created_at DESC")
      .page(params[:page])

    Gitlab::Tracking.event(self.class.name, 'search_audit_event', user: current_user)
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def update_username
    result = Users::UpdateService.new(current_user, user: @user, username: username_param).execute

    respond_to do |format|
      if result[:status] == :success
        message = s_("Profiles|Username successfully changed")

        format.html { redirect_back_or_default(default: { action: 'show' }, options: { notice: message }) }
        format.json { render json: { message: message }, status: :ok }
      else
        message = s_("Profiles|Username change failed - %{message}") % { message: result[:message] }

        format.html { redirect_back_or_default(default: { action: 'show' }, options: { alert: message }) }
        format.json { render json: { message: message }, status: :unprocessable_entity }
      end
    end
  end

  private

  def user
    @user = current_user
  end

  def authorize_change_username!
    return render_404 unless @user.can_change_username?
  end

  def username_param
    @username_param ||= user_params.require(:username)
  end

  def user_params_attributes
    [
      :avatar,
      :bio,
      :email,
      :role,
      :gitpod_enabled,
      :hide_no_password,
      :hide_no_ssh_key,
      :hide_project_limit,
      :linkedin,
      :location,
      :name,
      :public_email,
      :commit_email,
      :skype,
      :twitter,
      :username,
      :website_url,
      :organization,
      :private_profile,
      :include_private_contributions,
      :timezone,
      :job_title,
      :pronouns,
      :pronunciation,
      :validation_password,
      status: [:emoji, :message, :availability]
    ]
  end

  def user_params
    @user_params ||= params.require(:user).permit(user_params_attributes)
  end
end

ProfilesController.prepend_mod