class SignupController < ApplicationController def new if @token # on by default @enable_mail_crypt = true render 'create' else render 'token' end end def create (redirect_to '/signup' and return) unless @token @localpart = params[:localpart] @new_pw = params[:new] @enable_mail_crypt = true @recovery_email = params[:recovery_email] @domain = params[:domain] @keep_recovery_token = params[:keep_recovery_token] full_email = "#{@localpart}@#{@domain}" if EmailValidation::immerda_email_conform(full_email) begin res = api.valid_new_email?(full_email) full_email = res['email'] @email = full_email.split("@").first rescue ApiBackend::ApiError => e sleep 5 # do not allow brute forcing mails flash[:danger] = e.api_msg return end if params['new'] != params['confirm'] flash[:warning] = :password_change_mismatch return end unless password_policy?(params[:new]) return end if @recovery_email.present? && (!EmailValidation::check_external_email(@recovery_email) || @recovery_email == full_email) flash[:warning] = :invalid_recovery_email return end if @keep_recovery_token == 'email' && !@recovery_email.present? flash[:warning] = :missing_recovery_email return end if @enable_mail_crypt && !@keep_recovery_token flash[:warning] = :decide_recovery_token return end begin res = api.create_new_mailbox( full_email, @new_pw, @enable_mail_crypt, @token, @recovery_email, @keep_recovery_token) if @keep_recovery_token == 'show' @mail_crypt_recovery_token = res['mail_crypt_recovery_token'] begin @qr = RQRCode::QRCode.new(@mail_crypt_recovery_token, :level => :h) rescue => e puts "qr token generation failed #{e}" @qr = '' end @mail_crypt_recovery_token = @mail_crypt_recovery_token.gsub(/(.{8})/, '\1').html_safe end flash.clear render 'success' rescue ApiBackend::ApiError => e if e.api_msg && e.api_msg != :failed flash[:danger] = e.api_msg else flash[:danger] = :signup_failed end end else flash[:warning] = :invalid_alias_domain end end private def signup? true end def authorize @token = nil token_to_validate = params[:token] if token_to_validate begin res = api.check_invite(token_to_validate) @token = token_to_validate @domains = res['domains'] flash.clear rescue ApiBackend::ApiError flash[:danger] = :check_token_failed end end end end