2014-02-03 19:24:49 +00:00
|
|
|
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class SessionsController < ApplicationController
|
|
|
|
|
|
|
|
# "Create" a login, aka "log the user in"
|
|
|
|
def create
|
2012-04-20 12:24:37 +00:00
|
|
|
|
2012-10-18 08:10:12 +00:00
|
|
|
# authenticate user
|
2012-04-11 06:37:54 +00:00
|
|
|
user = User.authenticate( params[:username], params[:password] )
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# auth failed
|
|
|
|
if !user
|
2013-08-04 21:38:53 +00:00
|
|
|
render :json => { :error => 'login failed' }, :status => :unauthorized
|
2012-04-20 06:45:22 +00:00
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-10-18 08:10:12 +00:00
|
|
|
|
2013-01-08 00:43:07 +00:00
|
|
|
# remember me - set session cookie to expire later
|
|
|
|
if params[:remember_me]
|
2013-06-18 09:24:43 +00:00
|
|
|
request.env['rack.session.options'][:expire_after] = 1.year
|
2013-01-08 00:43:07 +00:00
|
|
|
else
|
|
|
|
request.env['rack.session.options'][:expire_after] = nil
|
|
|
|
end
|
2013-06-25 11:54:13 +00:00
|
|
|
# both not needed to set :expire_after works fine
|
|
|
|
# request.env['rack.session.options'][:renew] = true
|
|
|
|
# reset_session
|
2013-01-08 00:43:07 +00:00
|
|
|
|
2013-09-30 02:14:10 +00:00
|
|
|
# set session user
|
|
|
|
current_user_set(user)
|
|
|
|
|
|
|
|
# log new session
|
2013-10-07 03:38:07 +00:00
|
|
|
user.activity_stream_log( 'session started', user.id, true )
|
2013-09-30 02:14:10 +00:00
|
|
|
|
|
|
|
# auto population of default collections
|
2013-10-20 12:24:18 +00:00
|
|
|
collections = SessionHelper::default_collections(user)
|
2013-09-30 02:14:10 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# set session user_id
|
2012-11-12 09:34:22 +00:00
|
|
|
user = User.find_fulldata(user.id)
|
2013-06-25 11:54:13 +00:00
|
|
|
|
2012-04-20 06:45:22 +00:00
|
|
|
# check logon session
|
|
|
|
logon_session_key = nil
|
|
|
|
if params['logon_session']
|
|
|
|
logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
|
2014-02-03 19:24:49 +00:00
|
|
|
# session = ActiveRecord::SessionStore::Session.create(
|
|
|
|
# :session_id => logon_session_key,
|
|
|
|
# :data => {
|
|
|
|
# :user_id => user['id']
|
|
|
|
# }
|
|
|
|
# )
|
2012-04-20 06:45:22 +00:00
|
|
|
end
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# return new session data
|
2012-04-20 06:45:22 +00:00
|
|
|
render :json => {
|
2013-10-20 12:24:18 +00:00
|
|
|
:session => user,
|
|
|
|
:collections => collections,
|
|
|
|
:logon_session => logon_session_key,
|
2012-04-20 06:45:22 +00:00
|
|
|
},
|
|
|
|
:status => :created
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def show
|
2012-04-20 06:45:22 +00:00
|
|
|
|
|
|
|
user_id = nil
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# no valid sessions
|
2012-04-20 06:45:22 +00:00
|
|
|
if session[:user_id]
|
|
|
|
user_id = session[:user_id]
|
|
|
|
end
|
|
|
|
|
|
|
|
# check logon session
|
|
|
|
if params['logon_session']
|
2013-12-08 16:01:54 +00:00
|
|
|
session = SessionHelper::get( params['logon_session'] )
|
2012-04-20 06:45:22 +00:00
|
|
|
if session
|
|
|
|
user_id = session.data[:user_id]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if !user_id
|
2012-04-11 06:37:54 +00:00
|
|
|
render :json => {
|
|
|
|
:error => 'no valid session',
|
|
|
|
:config => config_frontend,
|
2012-04-10 19:57:33 +00:00
|
|
|
}
|
2012-04-11 06:37:54 +00:00
|
|
|
return
|
|
|
|
end
|
2012-04-10 19:57:33 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# Save the user ID in the session so it can be used in
|
|
|
|
# subsequent requests
|
2012-07-29 18:55:51 +00:00
|
|
|
user = User.user_data_full( user_id )
|
2012-04-10 19:57:33 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# auto population of default collections
|
2013-10-20 12:38:55 +00:00
|
|
|
collections = SessionHelper::default_collections( User.find(user_id) )
|
2012-04-10 19:57:33 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# return current session
|
|
|
|
render :json => {
|
2013-10-20 12:38:55 +00:00
|
|
|
:session => user,
|
|
|
|
:collections => collections,
|
|
|
|
:config => config_frontend,
|
2012-04-11 06:37:54 +00:00
|
|
|
}
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# "Delete" a login, aka "log the user out"
|
|
|
|
def destroy
|
2012-04-20 12:24:37 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
# Remove the user id from the session
|
|
|
|
@_current_user = session[:user_id] = nil
|
2012-04-11 06:37:54 +00:00
|
|
|
|
2013-06-18 09:24:43 +00:00
|
|
|
# reset session cookie (reset :expire_after in case remember_me is active)
|
|
|
|
request.env['rack.session.options'][:expire_after] = -1.year
|
2012-04-20 12:24:37 +00:00
|
|
|
request.env['rack.session.options'][:renew] = true
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
render :json => { }
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def create_omniauth
|
|
|
|
auth = request.env['omniauth.auth']
|
|
|
|
|
|
|
|
if !auth
|
|
|
|
logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT")
|
2012-04-18 08:33:42 +00:00
|
|
|
|
|
|
|
# redirect to app
|
2013-02-17 18:28:32 +00:00
|
|
|
redirect_to '/'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-18 08:33:42 +00:00
|
|
|
|
|
|
|
# Create a new user or add an auth to existing user, depending on
|
|
|
|
# whether there is already a user signed in.
|
2012-04-18 12:36:30 +00:00
|
|
|
authorization = Authorization.find_from_hash(auth)
|
|
|
|
if !authorization
|
2012-04-18 08:33:42 +00:00
|
|
|
authorization = Authorization.create_from_hash(auth, current_user)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-18 08:33:42 +00:00
|
|
|
|
2013-09-30 01:41:45 +00:00
|
|
|
# set current session user
|
|
|
|
current_user_set(authorization.user)
|
|
|
|
|
|
|
|
# log new session
|
2013-10-07 03:38:07 +00:00
|
|
|
user.activity_stream_log( 'session started', authorization.user.id, true )
|
2013-09-30 01:41:45 +00:00
|
|
|
|
2012-10-18 08:10:12 +00:00
|
|
|
# remember last login date
|
2013-02-12 22:49:52 +00:00
|
|
|
authorization.user.update_last_login
|
2012-10-18 08:10:12 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
# redirect to app
|
2013-02-17 18:28:32 +00:00
|
|
|
redirect_to '/'
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_sso
|
|
|
|
user = User.sso(params)
|
|
|
|
|
|
|
|
# Log the authorizing user in.
|
|
|
|
if user
|
2013-09-30 01:41:45 +00:00
|
|
|
|
|
|
|
# set current session user
|
|
|
|
current_user_set(user)
|
|
|
|
|
|
|
|
# log new session
|
2013-10-07 03:38:07 +00:00
|
|
|
user.activity_stream_log( 'session started', user.id, true )
|
2013-09-30 01:41:45 +00:00
|
|
|
|
|
|
|
# remember last login date
|
|
|
|
user.update_last_login
|
2013-02-17 18:28:32 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# redirect to app
|
|
|
|
redirect_to '/#'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-10-18 08:10:12 +00:00
|
|
|
|
2013-10-07 03:38:07 +00:00
|
|
|
# "switch" to user
|
|
|
|
def switch_to_user
|
|
|
|
return if deny_if_not_role('Admin')
|
|
|
|
|
|
|
|
# check user
|
|
|
|
if !params[:id]
|
|
|
|
render(
|
|
|
|
:json => { :message => 'no user given' },
|
|
|
|
:status => :not_found
|
|
|
|
)
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
user = User.lookup( :id => params[:id] )
|
|
|
|
if !user
|
|
|
|
render(
|
|
|
|
:json => {},
|
|
|
|
:status => :not_found
|
|
|
|
)
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
|
|
|
|
# log new session
|
|
|
|
user.activity_stream_log( 'switch to', current_user.id, true )
|
|
|
|
|
|
|
|
# set session user
|
|
|
|
current_user_set(user)
|
|
|
|
|
|
|
|
redirect_to '/#'
|
|
|
|
end
|
|
|
|
|
2013-07-26 21:45:16 +00:00
|
|
|
def list
|
|
|
|
return if deny_if_not_role('Admin')
|
2013-10-01 18:31:03 +00:00
|
|
|
assets = {}
|
2013-07-26 21:45:16 +00:00
|
|
|
sessions_clean = []
|
2013-12-08 16:01:54 +00:00
|
|
|
SessionHelper.list.each {|session|
|
2013-07-26 21:45:16 +00:00
|
|
|
next if !session.data['user_id']
|
|
|
|
sessions_clean.push session
|
|
|
|
if session.data['user_id']
|
2013-10-01 21:42:06 +00:00
|
|
|
user = User.lookup( :id => session.data['user_id'] )
|
2013-10-01 18:31:03 +00:00
|
|
|
assets = user.assets( assets )
|
2013-07-26 21:45:16 +00:00
|
|
|
end
|
|
|
|
}
|
|
|
|
render :json => {
|
2013-10-01 16:58:21 +00:00
|
|
|
:sessions => sessions_clean,
|
2013-10-01 18:31:03 +00:00
|
|
|
:assets => assets,
|
2013-07-26 21:45:16 +00:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def delete
|
|
|
|
return if deny_if_not_role('Admin')
|
2013-12-08 16:01:54 +00:00
|
|
|
SessionHelper::destroy( params[:id] )
|
2013-07-26 21:45:16 +00:00
|
|
|
render :json => {}
|
|
|
|
end
|
2013-06-12 15:59:58 +00:00
|
|
|
end
|