trabajo-afectivo/app/controllers/sessions_controller.rb

# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/

class SessionsController < ApplicationController

  # "Create" a login, aka "log the user in"
  def create

    # in case, remove switched_from_user_id
    session[:switched_from_user_id] = nil

    # authenticate user
    user = User.authenticate(params[:username], params[:password])

    # auth failed
    if !user
      render json: { error: 'login failed' }, status: :unauthorized
      return
    end

    # remember me - set session cookie to expire later
    request.env['rack.session.options'][:expire_after] = if params[:remember_me]
                                                           1.year
                                                         end
    # both not needed to set :expire_after works fine
    #  request.env['rack.session.options'][:renew] = true
    #  reset_session

    # set session user
    current_user_set(user)

    # log device
    return if !user_device_log(user, 'session')

    # log new session
    user.activity_stream_log('session started', user.id, true)

    # add session user assets
    assets = {}
    assets = user.assets(assets)

    # auto population of default collections
    collections, assets = SessionHelper.default_collections(user, assets)

    # get models
    models = SessionHelper.models(user)

    # sessions created via this
    # controller are persistent
    session[:persistent] = true

    # return new session data
    render  status: :created,
            json: {
              session: user,
              config: config_frontend,
              models: models,
              collections: collections,
              assets: assets,
            }
  end

  def show

    user_id = nil

    # no valid sessions
    if session[:user_id]
      user_id = session[:user_id]
    end

    if !user_id
      # get models
      models = SessionHelper.models()

      render json: {
        error: 'no valid session',
        config: config_frontend,
        models: models,
        collections: {
          Locale.to_app_model => Locale.where(active: true)
        },
      }
      return
    end

    # Save the user ID in the session so it can be used in
    # subsequent requests
    user = User.find(user_id)

    # log device
    return if !user_device_log(user, 'session')

    # add session user assets
    assets = {}
    assets = user.assets(assets)

    # auto population of default collections
    collections, assets = SessionHelper.default_collections(user, assets)

    # get models
    models = SessionHelper.models(user)

    # return current session
    render json: {
      session: user,
      config: config_frontend,
      models: models,
      collections: collections,
      assets: assets,
    }
  end

  # "Delete" a login, aka "log the user out"
  def destroy

    # Remove the user id from the session
    @_current_user = session[:user_id] = nil

    # reset session cookie (reset :expire_after in case remember_me is active)
    request.env['rack.session.options'][:expire_after] = -1.years
    request.env['rack.session.options'][:renew] = true

    render json: {}
  end

  def create_omniauth

    # in case, remove switched_from_user_id
    session[:switched_from_user_id] = nil

    auth = request.env['omniauth.auth']

    if !auth
      logger.info('AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT')

      # redirect to app
      redirect_to '/'
    end

    # Create a new user or add an auth to existing user, depending on
    # whether there is already a user signed in.
    authorization = Authorization.find_from_hash(auth)
    if !authorization
      authorization = Authorization.create_from_hash(auth, current_user)
    end

    # set current session user
    current_user_set(authorization.user)

    # log new session
    authorization.user.activity_stream_log('session started', authorization.user.id, true)

    # remember last login date
    authorization.user.update_last_login

    # redirect to app
    redirect_to '/'
  end

  def create_sso

    # in case, remove switched_from_user_id
    session[:switched_from_user_id] = nil

    user = User.sso(params)

    # Log the authorizing user in.
    if user

      # set current session user
      current_user_set(user)

      # log new session
      user.activity_stream_log('session started', user.id, true)

      # remember last login date
      user.update_last_login
    end

    # redirect to app
    redirect_to '/#'
  end

  # "switch" to user
  def switch_to_user
    return if deny_if_not_role(Z_ROLENAME_ADMIN)

    # check user
    if !params[:id]
      render(
        json: { message: 'no user given' },
        status: :not_found
      )
      return false
    end

    user = User.find(params[:id])
    if !user
      render(
        json: {},
        status: :not_found
      )
      return false
    end

    # remember old user
    session[:switched_from_user_id] = current_user.id

    # log new session
    user.activity_stream_log('switch to', current_user.id, true)

    # set session user
    current_user_set(user)

    render(
      json: {
        success: true,
        location: '',
      },
    )
  end

  # "switch" back to user
  def switch_back_to_user

    # check if it's a swich back
    if !session[:switched_from_user_id]
      response_access_deny
      return false
    end

    user = User.lookup(id: session[:switched_from_user_id])
    if !user
      render(
        json: {},
        status: :not_found
      )
      return false
    end

    # rememeber current user
    current_session_user = current_user

    # remove switched_from_user_id
    session[:switched_from_user_id] = nil

    # set old session user again
    current_user_set(user)

    # log end session
    current_session_user.activity_stream_log('ended switch to', user.id, true)

    render(
      json: {
        success: true,
        location: '',
      },
    )
  end

  def list
    return if deny_if_not_role(Z_ROLENAME_ADMIN)
    assets = {}
    sessions_clean = []
    SessionHelper.list.each {|session|
      next if !session.data['user_id']
      sessions_clean.push session
      if session.data['user_id']
        user = User.lookup(id: session.data['user_id'])
        assets = user.assets(assets)
      end
    }
    render json: {
      sessions: sessions_clean,
      assets: assets,
    }
  end

  def delete
    return if deny_if_not_role(Z_ROLENAME_ADMIN)
    SessionHelper.destroy(params[:id])
    render json: {}
  end

end
Updated header. 2014-02-03 19:24:49 +00:00			`# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/`
Code reformattingand code layout beautying. 2013-06-12 15:59:58 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`class SessionsController < ApplicationController`

			`# "Create" a login, aka "log the user in"`
			`def create`
Added remember_me feature to login page. 2012-04-20 12:24:37 +00:00
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00			`# in case, remove switched_from_user_id`
			`session[:switched_from_user_id] = nil`

Added last login feature. 2012-10-18 08:10:12 +00:00			`# authenticate user`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user = User.authenticate(params[:username], params[:password])`
Init version. 2012-04-10 14:06:46 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# auth failed`
			`if !user`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: { error: 'login failed' }, status: :unauthorized`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`return`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Added last login feature. 2012-10-18 08:10:12 +00:00
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00			`# remember me - set session cookie to expire later`
Updated dependencies and applied new rubocop rules. 2016-01-15 17:22:57 +00:00			`request.env['rack.session.options'][:expire_after] = if params[:remember_me]`
			`1.year`
			`end`
Removed debug infos. 2013-06-25 11:54:13 +00:00			`# both not needed to set :expire_after works fine`
			`# request.env['rack.session.options'][:renew] = true`
			`# reset_session`
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00
Needed to sets session.user_id in controller. 2013-09-30 02:14:10 +00:00			`# set session user`
			`current_user_set(user)`

Improved device logging. 2015-08-18 22:36:58 +00:00			`# log device`
			`return if !user_device_log(user, 'session')`

Needed to sets session.user_id in controller. 2013-09-30 02:14:10 +00:00			`# log new session`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user.activity_stream_log('session started', user.id, true)`
Needed to sets session.user_id in controller. 2013-09-30 02:14:10 +00:00
Init version of object manager. 2014-09-09 23:42:20 +00:00			`# add session user assets`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`assets = {}`
Moved to asset support for initial page load. 2014-08-02 21:53:10 +00:00			`assets = user.assets(assets)`
Removed debug infos. 2013-06-25 11:54:13 +00:00
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`# auto population of default collections`
			`collections, assets = SessionHelper.default_collections(user, assets)`

Init version of object manager. 2014-09-09 23:42:20 +00:00			`# get models`
Corrected with rubocop cop 'Style/ColonMethodCall'. 2015-05-05 14:25:28 +00:00			`models = SessionHelper.models(user)`
Init version of object manager. 2014-09-09 23:42:20 +00:00
- Refactored authentication_check_only. - Replaced session[:request_type] with session[:persistent]. 2015-06-24 08:48:48 +00:00			`# sessions created via this`
			`# controller are persistent`
			`session[:persistent] = true`

Code cleanup. 2012-04-11 06:37:54 +00:00			`# return new session data`
Corrected with rubocop cop 'Style/AlignHash'. 2015-05-01 12:02:27 +00:00			`render status: :created,`
			`json: {`
			`session: user,`
Removed not used logon_session feature. Added web socket authentication. Prepared browser finger print. 2015-08-18 08:50:12 +00:00			`config: config_frontend,`
Corrected with rubocop cop 'Style/AlignHash'. 2015-05-01 12:02:27 +00:00			`models: models,`
			`collections: collections,`
			`assets: assets,`
			`}`
Init version. 2012-04-10 14:06:46 +00:00			`end`

			`def show`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00
			`user_id = nil`

Code cleanup. 2012-04-11 06:37:54 +00:00			`# no valid sessions`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`if session[:user_id]`
			`user_id = session[:user_id]`
			`end`

			`if !user_id`
Init version of object manager. 2014-09-09 23:42:20 +00:00			`# get models`
Corrected with rubocop cop 'Style/ColonMethodCall'. 2015-05-05 14:25:28 +00:00			`models = SessionHelper.models()`
Init version of object manager. 2014-09-09 23:42:20 +00:00
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: {`
			`error: 'no valid session',`
			`config: config_frontend,`
			`models: models,`
Added support of locale auto detection based on browser offered language. 2015-05-03 20:04:33 +00:00			`collections: {`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`Locale.to_app_model => Locale.where(active: true)`
Removed not used logon_session feature. Added web socket authentication. Prepared browser finger print. 2015-08-18 08:50:12 +00:00			`},`
Improved session login check. 2012-04-10 19:57:33 +00:00			`}`
Code cleanup. 2012-04-11 06:37:54 +00:00			`return`
			`end`
Improved session login check. 2012-04-10 19:57:33 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# Save the user ID in the session so it can be used in`
			`# subsequent requests`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user = User.find(user_id)`
Improved session login check. 2012-04-10 19:57:33 +00:00
Improved device logging. 2015-08-18 22:36:58 +00:00			`# log device`
			`return if !user_device_log(user, 'session')`

Init version of object manager. 2014-09-09 23:42:20 +00:00			`# add session user assets`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`assets = {}`
Moved to asset support for initial page load. 2014-08-02 21:53:10 +00:00			`assets = user.assets(assets)`
Improved session login check. 2012-04-10 19:57:33 +00:00
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`# auto population of default collections`
			`collections, assets = SessionHelper.default_collections(user, assets)`

Init version of object manager. 2014-09-09 23:42:20 +00:00			`# get models`
Corrected with rubocop cop 'Style/ColonMethodCall'. 2015-05-05 14:25:28 +00:00			`models = SessionHelper.models(user)`
Init version of object manager. 2014-09-09 23:42:20 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# return current session`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: {`
			`session: user,`
Removed not used logon_session feature. Added web socket authentication. Prepared browser finger print. 2015-08-18 08:50:12 +00:00			`config: config_frontend,`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`models: models,`
			`collections: collections,`
			`assets: assets,`
Code cleanup. 2012-04-11 06:37:54 +00:00			`}`
Init version. 2012-04-10 14:06:46 +00:00			`end`

			`# "Delete" a login, aka "log the user out"`
			`def destroy`
Added remember_me feature to login page. 2012-04-20 12:24:37 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`# Remove the user id from the session`
			`@_current_user = session[:user_id] = nil`
Code cleanup. 2012-04-11 06:37:54 +00:00
Fixed internal server error on logout. 2013-06-18 09:24:43 +00:00			`# reset session cookie (reset :expire_after in case remember_me is active)`
Applied new rubocop. 2015-11-30 13:29:23 +00:00			`request.env['rack.session.options'][:expire_after] = -1.years`
Added remember_me feature to login page. 2012-04-20 12:24:37 +00:00			`request.env['rack.session.options'][:renew] = true`

Applied rubocop Style/SpaceInsideHashLiteralBraces. 2015-04-27 14:47:58 +00:00			`render json: {}`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`def create_omniauth`
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00
			`# in case, remove switched_from_user_id`
			`session[:switched_from_user_id] = nil`

Init version. 2012-04-10 14:06:46 +00:00			`auth = request.env['omniauth.auth']`

			`if !auth`
Corrected with rubocop cop 'Style/StringLiterals'. 2015-04-27 13:20:16 +00:00			`logger.info('AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT')`
Refactoring. 2012-04-18 08:33:42 +00:00
			`# redirect to app`
Added sso feature. 2013-02-17 18:28:32 +00:00			`redirect_to '/'`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Refactoring. 2012-04-18 08:33:42 +00:00
			`# Create a new user or add an auth to existing user, depending on`
			`# whether there is already a user signed in.`
Fixed user creation one external login and not user already exists. 2012-04-18 12:36:30 +00:00			`authorization = Authorization.find_from_hash(auth)`
			`if !authorization`
Refactoring. 2012-04-18 08:33:42 +00:00			`authorization = Authorization.create_from_hash(auth, current_user)`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Refactoring. 2012-04-18 08:33:42 +00:00
Improved time of setting session user. 2013-09-30 01:41:45 +00:00			`# set current session user`
			`current_user_set(authorization.user)`

			`# log new session`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`authorization.user.activity_stream_log('session started', authorization.user.id, true)`
Improved time of setting session user. 2013-09-30 01:41:45 +00:00
Added last login feature. 2012-10-18 08:10:12 +00:00			`# remember last login date`
Added login failed support. 2013-02-12 22:49:52 +00:00			`authorization.user.update_last_login`
Added last login feature. 2012-10-18 08:10:12 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`# redirect to app`
Added sso feature. 2013-02-17 18:28:32 +00:00			`redirect_to '/'`
			`end`

			`def create_sso`
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00
			`# in case, remove switched_from_user_id`
			`session[:switched_from_user_id] = nil`

Added sso feature. 2013-02-17 18:28:32 +00:00			`user = User.sso(params)`

			`# Log the authorizing user in.`
			`if user`
Improved time of setting session user. 2013-09-30 01:41:45 +00:00
			`# set current session user`
			`current_user_set(user)`

			`# log new session`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user.activity_stream_log('session started', user.id, true)`
Improved time of setting session user. 2013-09-30 01:41:45 +00:00
			`# remember last login date`
			`user.update_last_login`
Added sso feature. 2013-02-17 18:28:32 +00:00			`end`

			`# redirect to app`
			`redirect_to '/#'`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Added last login feature. 2012-10-18 08:10:12 +00:00
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`# "switch" to user`
			`def switch_to_user`
replaced literal w/ constant 2015-02-15 09:12:27 +00:00			`return if deny_if_not_role(Z_ROLENAME_ADMIN)`
Added switch to user feature. 2013-10-07 03:38:07 +00:00
			`# check user`
			`if !params[:id]`
			`render(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`json: { message: 'no user given' },`
			`status: :not_found`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`)`
			`return false`
			`end`

Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user = User.find(params[:id])`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`if !user`
			`render(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`json: {},`
			`status: :not_found`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`)`
			`return false`
			`end`

Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00			`# remember old user`
			`session[:switched_from_user_id] = current_user.id`

Added switch to user feature. 2013-10-07 03:38:07 +00:00			`# log new session`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user.activity_stream_log('switch to', current_user.id, true)`
Added switch to user feature. 2013-10-07 03:38:07 +00:00
			`# set session user`
			`current_user_set(user)`

Avoid http redirects, they will be cached on some browsers. 2016-01-26 06:00:25 +00:00			`render(`
			`json: {`
			`success: true,`
			`location: '',`
			`},`
			`)`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`end`

Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00			`# "switch" back to user`
			`def switch_back_to_user`

			`# check if it's a swich back`
			`if !session[:switched_from_user_id]`
			`response_access_deny`
			`return false`
			`end`

Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user = User.lookup(id: session[:switched_from_user_id])`
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00			`if !user`
			`render(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`json: {},`
			`status: :not_found`
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00			`)`
			`return false`
			`end`

Fixed activity log in switch back. 2014-09-21 13:19:28 +00:00			`# rememeber current user`
			`current_session_user = current_user`
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00
			`# remove switched_from_user_id`
			`session[:switched_from_user_id] = nil`

			`# set old session user again`
			`current_user_set(user)`

Fixed activity log in switch back. 2014-09-21 13:19:28 +00:00			`# log end session`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`current_session_user.activity_stream_log('ended switch to', user.id, true)`
Fixed activity log in switch back. 2014-09-21 13:19:28 +00:00
Avoid http redirects, they will be cached on some browsers. 2016-01-26 06:00:25 +00:00			`render(`
			`json: {`
			`success: true,`
			`location: '',`
			`},`
			`)`
Implemented to switch back to old user. 2014-09-15 20:55:06 +00:00			`end`

Added admin session management. 2013-07-26 21:45:16 +00:00			`def list`
replaced literal w/ constant 2015-02-15 09:12:27 +00:00			`return if deny_if_not_role(Z_ROLENAME_ADMIN)`
Moved to user assets. 2013-10-01 18:31:03 +00:00			`assets = {}`
Added admin session management. 2013-07-26 21:45:16 +00:00			`sessions_clean = []`
Moved to helper methods. 2013-12-08 16:01:54 +00:00			`SessionHelper.list.each {\|session\|`
Added admin session management. 2013-07-26 21:45:16 +00:00			`next if !session.data['user_id']`
			`sessions_clean.push session`
			`if session.data['user_id']`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`user = User.lookup(id: session.data['user_id'])`
			`assets = user.assets(assets)`
Added admin session management. 2013-07-26 21:45:16 +00:00			`end`
			`}`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: {`
			`sessions: sessions_clean,`
			`assets: assets,`
Added admin session management. 2013-07-26 21:45:16 +00:00			`}`
			`end`

			`def delete`
replaced literal w/ constant 2015-02-15 09:12:27 +00:00			`return if deny_if_not_role(Z_ROLENAME_ADMIN)`
Fixed race condition in asset generation of session "/show". 2015-11-30 10:50:02 +00:00			`SessionHelper.destroy(params[:id])`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: {}`
Added admin session management. 2013-07-26 21:45:16 +00:00			`end`
First version of showing uploaded logo. Need to be improved. 2014-11-17 10:39:35 +00:00
Applied rubocop Style/TrailingBlankLines. 2015-04-27 14:15:29 +00:00			`end`