From c72e4c2d28f2241beb33cef8d32e30e7be8120c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?= Date: Wed, 24 Jun 2015 16:04:19 +0200 Subject: [PATCH] Blocks all access if user has not validated his account. Fixes CartoDB/cartodb-central#678 --- app/controllers/application_controller.rb | 7 +++++++ app/controllers/sessions_controller.rb | 1 + 2 files changed, 8 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2b40f671628f..335d8814e861 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base before_filter :store_request_host before_filter :ensure_user_organization_valid before_filter :ensure_org_url_if_org_user + before_filter :ensure_account_has_been_activated before_filter :browser_is_html5_compliant? before_filter :allow_cross_domain_access before_filter :set_asset_debugging @@ -197,6 +198,12 @@ def ensure_org_url_if_org_user end end + def ensure_account_has_been_activated + return unless current_user + + redirect_to CartoDB.url(self, 'account_token_authentication_error') unless current_user.enable_account_token.nil? + end + def add_revision_header response.headers['X-CartoDB-Rev'] = CartoDB::CARTODB_REV unless CartoDB::CARTODB_REV.nil? end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a66fa6a34b10..1b2f98f29315 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -11,6 +11,7 @@ class SessionsController < ApplicationController before_filter :load_organization # Don't force org urls skip_before_filter :ensure_org_url_if_org_user + skip_before_filter :ensure_account_has_been_activated, :only => :account_token_authentication_error def new