trabajo-afectivo/app/controllers/sessions_controller.rb

330 lines
7.2 KiB
Ruby
Raw Normal View History

2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class SessionsController < ApplicationController
prepend_before_action :authentication_check, only: [:switch_to_user, :list, :delete]
skip_before_action :verify_csrf_token, only: [:create, :show, :destroy, :create_omniauth, :create_sso]
2012-04-10 14:06:46 +00:00
# "Create" a login, aka "log the user in"
def create
# in case, remove switched_from_user_id
session[:switched_from_user_id] = nil
2012-10-18 08:10:12 +00:00
# authenticate user
user = User.authenticate(params[:username], params[:password])
2012-04-10 14:06:46 +00:00
# check maintenance mode
check_maintenance(user)
2012-04-11 06:37:54 +00:00
# auth failed
2017-03-03 05:12:02 +00:00
raise Exceptions::NotAuthorized, 'Wrong Username or Password combination.' if !user
2012-10-18 08:10:12 +00:00
# remember me - set session cookie to expire later
expire_after = nil
if params[:remember_me]
expire_after = 1.year
end
2017-09-08 08:28:34 +00:00
request.env['rack.session.options'][:expire_after] = expire_after
# set session user
current_user_set(user)
2015-08-18 22:36:58 +00:00
# log device
return if !user_device_log(user, 'session')
# log new session
user.activity_stream_log('session started', user.id, true)
2014-09-09 23:42:20 +00:00
# add session user assets
assets = {}
assets = user.assets(assets)
2013-06-25 11:54:13 +00:00
# auto population of default collections
collections, assets = SessionHelper.default_collections(user, assets)
2014-09-09 23:42:20 +00:00
# get models
models = SessionHelper.models(user)
2014-09-09 23:42:20 +00:00
# sessions created via this
# controller are persistent
session[:persistent] = true
2012-04-11 06:37:54 +00:00
# return new session data
render status: :created,
json: {
session: user,
config: config_frontend,
models: models,
collections: collections,
assets: assets,
}
2012-04-10 14:06:46 +00:00
end
def show
user_id = nil
2012-04-11 06:37:54 +00:00
# no valid sessions
if session[:user_id]
user_id = session[:user_id]
end
if !user_id
2014-09-09 23:42:20 +00:00
# get models
models = SessionHelper.models()
2014-09-09 23:42:20 +00:00
render json: {
error: 'no valid session',
config: config_frontend,
models: models,
collections: {
Locale.to_app_model => Locale.where(active: true)
},
2012-04-10 19:57:33 +00:00
}
2012-04-11 06:37:54 +00:00
return
end
2012-04-10 19:57:33 +00:00
2012-04-11 06:37:54 +00:00
# Save the user ID in the session so it can be used in
# subsequent requests
user = User.find(user_id)
2012-04-10 19:57:33 +00:00
2015-08-18 22:36:58 +00:00
# log device
return if !user_device_log(user, 'session')
2014-09-09 23:42:20 +00:00
# add session user assets
assets = {}
assets = user.assets(assets)
2012-04-10 19:57:33 +00:00
# auto population of default collections
collections, assets = SessionHelper.default_collections(user, assets)
2014-09-09 23:42:20 +00:00
# get models
models = SessionHelper.models(user)
2014-09-09 23:42:20 +00:00
2012-04-11 06:37:54 +00:00
# return current session
render json: {
session: user,
config: config_frontend,
models: models,
collections: collections,
assets: assets,
2012-04-11 06:37:54 +00:00
}
2012-04-10 14:06:46 +00:00
end
# "Delete" a login, aka "log the user out"
def destroy
2012-04-10 14:06:46 +00:00
# Remove the user id from the session
@_current_user = nil
2012-04-11 06:37:54 +00:00
# reset session
request.env['rack.session.options'][:expire_after] = nil
session.clear
render json: {}
2012-04-10 14:06:46 +00:00
end
2012-04-10 14:06:46 +00:00
def create_omniauth
# in case, remove switched_from_user_id
session[:switched_from_user_id] = nil
2012-04-10 14:06:46 +00:00
auth = request.env['omniauth.auth']
if !auth
logger.info('AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT')
2012-04-18 08:33:42 +00:00
# redirect to app
2013-02-17 18:28:32 +00:00
redirect_to '/'
2012-04-10 14:06:46 +00:00
end
2012-04-18 08:33:42 +00:00
# Create a new user or add an auth to existing user, depending on
# whether there is already a user signed in.
authorization = Authorization.find_from_hash(auth)
if !authorization
2012-04-18 08:33:42 +00:00
authorization = Authorization.create_from_hash(auth, current_user)
2012-04-10 14:06:46 +00:00
end
2012-04-18 08:33:42 +00:00
# check maintenance mode
if check_maintenance_only(authorization.user)
redirect_to '/#'
return
end
2013-09-30 01:41:45 +00:00
# set current session user
current_user_set(authorization.user)
# log new session
authorization.user.activity_stream_log('session started', authorization.user.id, true)
2013-09-30 01:41:45 +00:00
2012-10-18 08:10:12 +00:00
# remember last login date
2013-02-12 22:49:52 +00:00
authorization.user.update_last_login
2012-10-18 08:10:12 +00:00
2012-04-10 14:06:46 +00:00
# redirect to app
2013-02-17 18:28:32 +00:00
redirect_to '/'
end
def create_sso
# in case, remove switched_from_user_id
session[:switched_from_user_id] = nil
2013-02-17 18:28:32 +00:00
user = User.sso(params)
# Log the authorizing user in.
if user
2013-09-30 01:41:45 +00:00
# check maintenance mode
if check_maintenance_only(user)
redirect_to '/#'
return
end
2013-09-30 01:41:45 +00:00
# set current session user
current_user_set(user)
# log new session
user.activity_stream_log('session started', user.id, true)
2013-09-30 01:41:45 +00:00
# remember last login date
user.update_last_login
2013-02-17 18:28:32 +00:00
end
# redirect to app
redirect_to '/#'
2012-04-10 14:06:46 +00:00
end
2012-10-18 08:10:12 +00:00
2013-10-07 03:38:07 +00:00
# "switch" to user
def switch_to_user
permission_check(['admin.session', 'admin.user'])
2013-10-07 03:38:07 +00:00
# check user
if !params[:id]
render(
json: { message: 'no user given' },
status: :not_found
2013-10-07 03:38:07 +00:00
)
return false
end
user = User.find(params[:id])
2013-10-07 03:38:07 +00:00
if !user
render(
json: {},
status: :not_found
2013-10-07 03:38:07 +00:00
)
return false
end
# remember old user
session[:switched_from_user_id] = current_user.id
2013-10-07 03:38:07 +00:00
# log new session
user.activity_stream_log('switch to', current_user.id, true)
2013-10-07 03:38:07 +00:00
# set session user
current_user_set(user)
render(
json: {
success: true,
location: '',
},
)
2013-10-07 03:38:07 +00:00
end
# "switch" back to user
def switch_back_to_user
# check if it's a swich back
if !session[:switched_from_user_id]
response_access_deny
return false
end
user = User.lookup(id: session[:switched_from_user_id])
if !user
render(
json: {},
status: :not_found
)
return false
end
2014-09-21 13:19:28 +00:00
# rememeber current user
current_session_user = current_user
# remove switched_from_user_id
session[:switched_from_user_id] = nil
# set old session user again
current_user_set(user)
2014-09-21 13:19:28 +00:00
# log end session
current_session_user.activity_stream_log('ended switch to', user.id, true)
2014-09-21 13:19:28 +00:00
render(
json: {
success: true,
location: '',
},
)
end
def available
render json: {
app_version: AppVersion.get
}
end
2013-07-26 21:45:16 +00:00
def list
permission_check('admin.session')
2013-10-01 18:31:03 +00:00
assets = {}
2013-07-26 21:45:16 +00:00
sessions_clean = []
2016-06-30 20:04:48 +00:00
SessionHelper.list.each { |session|
2017-07-24 07:06:15 +00:00
next if session.data['user_id'].blank?
2013-07-26 21:45:16 +00:00
sessions_clean.push session
2017-07-24 07:06:15 +00:00
next if session.data['user_id']
user = User.lookup(id: session.data['user_id'])
next if !user
assets = user.assets(assets)
2013-07-26 21:45:16 +00:00
}
render json: {
sessions: sessions_clean,
assets: assets,
2013-07-26 21:45:16 +00:00
}
end
def delete
permission_check('admin.session')
SessionHelper.destroy(params[:id])
render json: {}
2013-07-26 21:45:16 +00:00
end
private
def config_frontend
# config
config = {}
Setting.select('name, preferences').where(frontend: true).each { |setting|
next if setting.preferences[:authentication] == true && !current_user
value = Setting.get(setting.name)
next if !current_user && (value == false || value.nil?)
config[setting.name] = value
}
# remember if we can to swich back to user
if session[:switched_from_user_id]
config['switch_back_to_possible'] = true
end
# remember session_id for websocket logon
if current_user
config['session_id'] = session.id
end
config
end
end