trabajo-afectivo/app/controllers/sessions_controller.rb

235 lines
5.5 KiB
Ruby
Raw Normal View History

2014-02-03 19:24:49 +00:00
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class SessionsController < ApplicationController
# "Create" a login, aka "log the user in"
def create
2012-10-18 08:10:12 +00:00
# authenticate user
2012-04-11 06:37:54 +00:00
user = User.authenticate( params[:username], params[:password] )
2012-04-10 14:06:46 +00:00
2012-04-11 06:37:54 +00:00
# auth failed
if !user
2013-08-04 21:38:53 +00:00
render :json => { :error => 'login failed' }, :status => :unauthorized
return
2012-04-10 14:06:46 +00:00
end
2012-10-18 08:10:12 +00:00
# remember me - set session cookie to expire later
if params[:remember_me]
2013-06-18 09:24:43 +00:00
request.env['rack.session.options'][:expire_after] = 1.year
else
request.env['rack.session.options'][:expire_after] = nil
end
2013-06-25 11:54:13 +00:00
# both not needed to set :expire_after works fine
# request.env['rack.session.options'][:renew] = true
# reset_session
# set session user
current_user_set(user)
# log new session
2013-10-07 03:38:07 +00:00
user.activity_stream_log( 'session started', user.id, true )
# auto population of default collections
collections, assets = SessionHelper::default_collections(user)
2014-09-09 23:42:20 +00:00
# add session user assets
assets = user.assets(assets)
2013-06-25 11:54:13 +00:00
2014-09-09 23:42:20 +00:00
# get models
models = SessionHelper::models(user)
# check logon session
logon_session_key = nil
if params['logon_session']
logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
2014-02-03 19:24:49 +00:00
# session = ActiveRecord::SessionStore::Session.create(
# :session_id => logon_session_key,
# :data => {
# :user_id => user['id']
# }
# )
end
2012-04-11 06:37:54 +00:00
# return new session data
render :json => {
:session => user,
2014-09-09 23:42:20 +00:00
:models => models,
:collections => collections,
:assets => assets,
:logon_session => logon_session_key,
},
:status => :created
2012-04-10 14:06:46 +00:00
end
def show
user_id = nil
2012-04-11 06:37:54 +00:00
# no valid sessions
if session[:user_id]
user_id = session[:user_id]
end
# check logon session
if params['logon_session']
2013-12-08 16:01:54 +00:00
session = SessionHelper::get( params['logon_session'] )
if session
user_id = session.data[:user_id]
end
end
if !user_id
2014-09-09 23:42:20 +00:00
# get models
models = SessionHelper::models()
2012-04-11 06:37:54 +00:00
render :json => {
:error => 'no valid session',
:config => config_frontend,
2014-09-09 23:42:20 +00:00
:models => models,
2012-04-10 19:57:33 +00:00
}
2012-04-11 06:37:54 +00:00
return
end
2012-04-10 19:57:33 +00:00
2012-04-11 06:37:54 +00:00
# Save the user ID in the session so it can be used in
# subsequent requests
user = User.find( user_id )
2012-04-10 19:57:33 +00:00
2012-04-11 06:37:54 +00:00
# auto population of default collections
collections, assets = SessionHelper::default_collections(user)
2014-09-09 23:42:20 +00:00
# add session user assets
assets = user.assets(assets)
2012-04-10 19:57:33 +00:00
2014-09-09 23:42:20 +00:00
# get models
models = SessionHelper::models(user)
2012-04-11 06:37:54 +00:00
# return current session
render :json => {
:session => user,
2014-09-09 23:42:20 +00:00
:models => models,
:collections => collections,
2014-09-09 23:42:20 +00:00
:assets => assets,
:config => config_frontend,
2012-04-11 06:37:54 +00:00
}
2012-04-10 14:06:46 +00:00
end
# "Delete" a login, aka "log the user out"
def destroy
2012-04-10 14:06:46 +00:00
# Remove the user id from the session
@_current_user = session[:user_id] = nil
2012-04-11 06:37:54 +00:00
2013-06-18 09:24:43 +00:00
# reset session cookie (reset :expire_after in case remember_me is active)
request.env['rack.session.options'][:expire_after] = -1.year
request.env['rack.session.options'][:renew] = true
2012-04-11 06:37:54 +00:00
render :json => { }
2012-04-10 14:06:46 +00:00
end
2012-04-10 14:06:46 +00:00
def create_omniauth
auth = request.env['omniauth.auth']
if !auth
logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT")
2012-04-18 08:33:42 +00:00
# redirect to app
2013-02-17 18:28:32 +00:00
redirect_to '/'
2012-04-10 14:06:46 +00:00
end
2012-04-18 08:33:42 +00:00
# Create a new user or add an auth to existing user, depending on
# whether there is already a user signed in.
authorization = Authorization.find_from_hash(auth)
if !authorization
2012-04-18 08:33:42 +00:00
authorization = Authorization.create_from_hash(auth, current_user)
2012-04-10 14:06:46 +00:00
end
2012-04-18 08:33:42 +00:00
2013-09-30 01:41:45 +00:00
# set current session user
current_user_set(authorization.user)
# log new session
2013-10-07 03:38:07 +00:00
user.activity_stream_log( 'session started', authorization.user.id, true )
2013-09-30 01:41:45 +00:00
2012-10-18 08:10:12 +00:00
# remember last login date
2013-02-12 22:49:52 +00:00
authorization.user.update_last_login
2012-10-18 08:10:12 +00:00
2012-04-10 14:06:46 +00:00
# redirect to app
2013-02-17 18:28:32 +00:00
redirect_to '/'
end
def create_sso
user = User.sso(params)
# Log the authorizing user in.
if user
2013-09-30 01:41:45 +00:00
# set current session user
current_user_set(user)
# log new session
2013-10-07 03:38:07 +00:00
user.activity_stream_log( 'session started', user.id, true )
2013-09-30 01:41:45 +00:00
# remember last login date
user.update_last_login
2013-02-17 18:28:32 +00:00
end
# redirect to app
redirect_to '/#'
2012-04-10 14:06:46 +00:00
end
2012-10-18 08:10:12 +00:00
2013-10-07 03:38:07 +00:00
# "switch" to user
def switch_to_user
return if deny_if_not_role('Admin')
# check user
if !params[:id]
render(
:json => { :message => 'no user given' },
:status => :not_found
)
return false
end
user = User.lookup( :id => params[:id] )
if !user
render(
:json => {},
:status => :not_found
)
return false
end
# log new session
user.activity_stream_log( 'switch to', current_user.id, true )
# set session user
current_user_set(user)
redirect_to '/#'
end
2013-07-26 21:45:16 +00:00
def list
return if deny_if_not_role('Admin')
2013-10-01 18:31:03 +00:00
assets = {}
2013-07-26 21:45:16 +00:00
sessions_clean = []
2013-12-08 16:01:54 +00:00
SessionHelper.list.each {|session|
2013-07-26 21:45:16 +00:00
next if !session.data['user_id']
sessions_clean.push session
if session.data['user_id']
2013-10-01 21:42:06 +00:00
user = User.lookup( :id => session.data['user_id'] )
2013-10-01 18:31:03 +00:00
assets = user.assets( assets )
2013-07-26 21:45:16 +00:00
end
}
render :json => {
2013-10-01 16:58:21 +00:00
:sessions => sessions_clean,
2013-10-01 18:31:03 +00:00
:assets => assets,
2013-07-26 21:45:16 +00:00
}
end
def delete
return if deny_if_not_role('Admin')
2013-12-08 16:01:54 +00:00
SessionHelper::destroy( params[:id] )
2013-07-26 21:45:16 +00:00
render :json => {}
end
end