trabajo-afectivo/app/controllers/sessions_controller.rb

# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/

class SessionsController < ApplicationController

  # "Create" a login, aka "log the user in"
  def create

    # authenticate user
    user = User.authenticate( params[:username], params[:password] )

    # auth failed
    if !user
      render :json => { :error => 'login failed' }, :status => :unauthorized
      return
    end

    # remember me - set session cookie to expire later
    if params[:remember_me]
      request.env['rack.session.options'][:expire_after] = 1.year
    else
      request.env['rack.session.options'][:expire_after] = nil
    end
    # both not needed to set :expire_after works fine
    #  request.env['rack.session.options'][:renew] = true
    #  reset_session

    # set session user
    current_user_set(user)

    # log new session
    user.activity_stream_log( 'session started', user.id, true )

    # auto population of default collections
    collections = SessionHelper::default_collections(user)

    # set session user_id
    user = User.find_fulldata(user.id)

    # check logon session
    logon_session_key = nil
    if params['logon_session']
      logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
#      session = ActiveRecord::SessionStore::Session.create(
#        :session_id => logon_session_key,
#        :data => {
#          :user_id => user['id']
#        }
#      )
    end

    # return new session data
    render :json => {
      :session       => user,
      :collections   => collections,
      :logon_session => logon_session_key,
    },
    :status => :created
  end

  def show

    user_id = nil

    # no valid sessions
    if session[:user_id]
      user_id = session[:user_id]
    end

    # check logon session
    if params['logon_session']
      session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
      if session
        user_id = session.data[:user_id]
      end
    end

    if !user_id
      render :json => {
        :error  => 'no valid session',
        :config => config_frontend,
      }
      return
    end

    # Save the user ID in the session so it can be used in
    # subsequent requests
    user = User.user_data_full( user_id )

    # auto population of default collections
    default_collection = SessionHelper::default_collections( User.find(user_id) )

    # return current session
    render :json => {
      :session             => user,
      :default_collections => default_collection,
      :config              => config_frontend,
    }
  end

  # "Delete" a login, aka "log the user out"
  def destroy

    # Remove the user id from the session
    @_current_user = session[:user_id] = nil

    # reset session cookie (reset :expire_after in case remember_me is active)
    request.env['rack.session.options'][:expire_after] = -1.year
    request.env['rack.session.options'][:renew] = true

    render :json => { }
  end

  def create_omniauth
    auth = request.env['omniauth.auth']

    if !auth
      logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT")

      # redirect to app
      redirect_to '/'
    end

    # Create a new user or add an auth to existing user, depending on
    # whether there is already a user signed in.
    authorization = Authorization.find_from_hash(auth)
    if !authorization
      authorization = Authorization.create_from_hash(auth, current_user)
    end

    # set current session user
    current_user_set(authorization.user)

    # log new session
    user.activity_stream_log( 'session started', authorization.user.id, true )

    # remember last login date
    authorization.user.update_last_login

    # redirect to app
    redirect_to '/'
  end

  def create_sso
    user = User.sso(params)

    # Log the authorizing user in.
    if user

      # set current session user
      current_user_set(user)

      # log new session
      user.activity_stream_log( 'session started', user.id, true )

      # remember last login date
      user.update_last_login
    end

    # redirect to app
    redirect_to '/#'
  end

  # "switch" to user
  def switch_to_user
    return if deny_if_not_role('Admin')

    # check user
    if !params[:id]
      render(
        :json   => { :message => 'no user given' },
        :status => :not_found
      )
      return false
    end

    user = User.lookup( :id => params[:id] )
    if !user
      render(
        :json   => {},
        :status => :not_found
      )
      return false
    end

    # log new session
    user.activity_stream_log( 'switch to', current_user.id, true )

    # set session user
    current_user_set(user)

    redirect_to '/#'
  end

  def list
    return if deny_if_not_role('Admin')
    sessions = ActiveRecord::SessionStore::Session.order('updated_at DESC').limit(10000)
    assets = {}
    sessions_clean = []
    sessions.each {|session|
      next if !session.data['user_id']
      sessions_clean.push session
      if session.data['user_id']
        user = User.lookup( :id => session.data['user_id'] )
        assets = user.assets( assets )
      end
    }
    render :json => {
      :sessions => sessions_clean,
      :assets   => assets,
    }
  end

  def delete_old
    ActiveRecord::SessionStore::Session.where('request_type = ? AND updated_at < ?', 1, Time.now - 90.days ).delete_all
    ActiveRecord::SessionStore::Session.where('request_type = ? AND updated_at < ?', 2, Time.now - 2.days ).delete_all
    render :json => {}
  end

  def delete
    return if deny_if_not_role('Admin')
    session = ActiveRecord::SessionStore::Session.where( :id => params[:id] ).first
    if session
      session.destroy
    end
    render :json => {}
  end
end
Code reformattingand code layout beautying. 2013-06-12 15:59:58 +00:00			`# Copyright (C) 2012-2013 Zammad Foundation, http://zammad-foundation.org/`

Init version. 2012-04-10 14:06:46 +00:00			`class SessionsController < ApplicationController`

			`# "Create" a login, aka "log the user in"`
			`def create`
Added remember_me feature to login page. 2012-04-20 12:24:37 +00:00
Added last login feature. 2012-10-18 08:10:12 +00:00			`# authenticate user`
Code cleanup. 2012-04-11 06:37:54 +00:00			`user = User.authenticate( params[:username], params[:password] )`
Init version. 2012-04-10 14:06:46 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# auth failed`
			`if !user`
Fixed error code of failed login. 2013-08-04 21:38:53 +00:00			`render :json => { :error => 'login failed' }, :status => :unauthorized`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`return`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Added last login feature. 2012-10-18 08:10:12 +00:00
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00			`# remember me - set session cookie to expire later`
			`if params[:remember_me]`
Fixed internal server error on logout. 2013-06-18 09:24:43 +00:00			`request.env['rack.session.options'][:expire_after] = 1.year`
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00			`else`
			`request.env['rack.session.options'][:expire_after] = nil`
			`end`
Removed debug infos. 2013-06-25 11:54:13 +00:00			`# both not needed to set :expire_after works fine`
			`# request.env['rack.session.options'][:renew] = true`
			`# reset_session`
Use settings params to check if password reset and new user creation is enbled. 2013-01-08 00:43:07 +00:00
Needed to sets session.user_id in controller. 2013-09-30 02:14:10 +00:00			`# set session user`
			`current_user_set(user)`

			`# log new session`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`user.activity_stream_log( 'session started', user.id, true )`
Needed to sets session.user_id in controller. 2013-09-30 02:14:10 +00:00
			`# auto population of default collections`
Improved way how to load/reset collections. 2013-10-20 12:24:18 +00:00			`collections = SessionHelper::default_collections(user)`
Needed to sets session.user_id in controller. 2013-09-30 02:14:10 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# set session user_id`
Small improvements. 2012-11-12 09:34:22 +00:00			`user = User.find_fulldata(user.id)`
Removed debug infos. 2013-06-25 11:54:13 +00:00
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`# check logon session`
			`logon_session_key = nil`
			`if params['logon_session']`
			`logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )`
Temporary disable of logon_session support to verify cookie session support. 2013-06-23 09:51:30 +00:00			`# session = ActiveRecord::SessionStore::Session.create(`
			`# :session_id => logon_session_key,`
			`# :data => {`
			`# :user_id => user['id']`
			`# }`
			`# )`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`end`

Code cleanup. 2012-04-11 06:37:54 +00:00			`# return new session data`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`render :json => {`
Improved way how to load/reset collections. 2013-10-20 12:24:18 +00:00			`:session => user,`
			`:collections => collections,`
			`:logon_session => logon_session_key,`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`},`
			`:status => :created`
Init version. 2012-04-10 14:06:46 +00:00			`end`

			`def show`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00
			`user_id = nil`

Code cleanup. 2012-04-11 06:37:54 +00:00			`# no valid sessions`
Moved to logon sessions for authentication. 2012-04-20 06:45:22 +00:00			`if session[:user_id]`
			`user_id = session[:user_id]`
			`end`

			`# check logon session`
			`if params['logon_session']`
			`session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first`
			`if session`
			`user_id = session.data[:user_id]`
			`end`
			`end`

			`if !user_id`
Code cleanup. 2012-04-11 06:37:54 +00:00			`render :json => {`
			`:error => 'no valid session',`
			`:config => config_frontend,`
Improved session login check. 2012-04-10 19:57:33 +00:00			`}`
Code cleanup. 2012-04-11 06:37:54 +00:00			`return`
			`end`
Improved session login check. 2012-04-10 19:57:33 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# Save the user ID in the session so it can be used in`
			`# subsequent requests`
Improved caching. 2012-07-29 18:55:51 +00:00			`user = User.user_data_full( user_id )`
Improved session login check. 2012-04-10 19:57:33 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# auto population of default collections`
Small improvements. 2012-11-12 09:34:22 +00:00			`default_collection = SessionHelper::default_collections( User.find(user_id) )`
Improved session login check. 2012-04-10 19:57:33 +00:00
Code cleanup. 2012-04-11 06:37:54 +00:00			`# return current session`
			`render :json => {`
			`:session => user,`
			`:default_collections => default_collection,`
			`:config => config_frontend,`
			`}`
Init version. 2012-04-10 14:06:46 +00:00			`end`

			`# "Delete" a login, aka "log the user out"`
			`def destroy`
Added remember_me feature to login page. 2012-04-20 12:24:37 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`# Remove the user id from the session`
			`@_current_user = session[:user_id] = nil`
Code cleanup. 2012-04-11 06:37:54 +00:00
Fixed internal server error on logout. 2013-06-18 09:24:43 +00:00			`# reset session cookie (reset :expire_after in case remember_me is active)`
			`request.env['rack.session.options'][:expire_after] = -1.year`
Added remember_me feature to login page. 2012-04-20 12:24:37 +00:00			`request.env['rack.session.options'][:renew] = true`

Code cleanup. 2012-04-11 06:37:54 +00:00			`render :json => { }`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`def create_omniauth`
			`auth = request.env['omniauth.auth']`

			`if !auth`
			`logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT")`
Refactoring. 2012-04-18 08:33:42 +00:00
			`# redirect to app`
Added sso feature. 2013-02-17 18:28:32 +00:00			`redirect_to '/'`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Refactoring. 2012-04-18 08:33:42 +00:00
			`# Create a new user or add an auth to existing user, depending on`
			`# whether there is already a user signed in.`
Fixed user creation one external login and not user already exists. 2012-04-18 12:36:30 +00:00			`authorization = Authorization.find_from_hash(auth)`
			`if !authorization`
Refactoring. 2012-04-18 08:33:42 +00:00			`authorization = Authorization.create_from_hash(auth, current_user)`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Refactoring. 2012-04-18 08:33:42 +00:00
Improved time of setting session user. 2013-09-30 01:41:45 +00:00			`# set current session user`
			`current_user_set(authorization.user)`

			`# log new session`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`user.activity_stream_log( 'session started', authorization.user.id, true )`
Improved time of setting session user. 2013-09-30 01:41:45 +00:00
Added last login feature. 2012-10-18 08:10:12 +00:00			`# remember last login date`
Added login failed support. 2013-02-12 22:49:52 +00:00			`authorization.user.update_last_login`
Added last login feature. 2012-10-18 08:10:12 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`# redirect to app`
Added sso feature. 2013-02-17 18:28:32 +00:00			`redirect_to '/'`
			`end`

			`def create_sso`
			`user = User.sso(params)`

			`# Log the authorizing user in.`
			`if user`
Improved time of setting session user. 2013-09-30 01:41:45 +00:00
			`# set current session user`
			`current_user_set(user)`

			`# log new session`
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`user.activity_stream_log( 'session started', user.id, true )`
Improved time of setting session user. 2013-09-30 01:41:45 +00:00
			`# remember last login date`
			`user.update_last_login`
Added sso feature. 2013-02-17 18:28:32 +00:00			`end`

			`# redirect to app`
			`redirect_to '/#'`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Added last login feature. 2012-10-18 08:10:12 +00:00
Added switch to user feature. 2013-10-07 03:38:07 +00:00			`# "switch" to user`
			`def switch_to_user`
			`return if deny_if_not_role('Admin')`

			`# check user`
			`if !params[:id]`
			`render(`
			`:json => { :message => 'no user given' },`
			`:status => :not_found`
			`)`
			`return false`
			`end`

			`user = User.lookup( :id => params[:id] )`
			`if !user`
			`render(`
			`:json => {},`
			`:status => :not_found`
			`)`
			`return false`
			`end`

			`# log new session`
			`user.activity_stream_log( 'switch to', current_user.id, true )`

			`# set session user`
			`current_user_set(user)`

			`redirect_to '/#'`
			`end`

Added admin session management. 2013-07-26 21:45:16 +00:00			`def list`
			`return if deny_if_not_role('Admin')`
Small session bug fixes. 2013-07-26 22:35:58 +00:00			`sessions = ActiveRecord::SessionStore::Session.order('updated_at DESC').limit(10000)`
Moved to user assets. 2013-10-01 18:31:03 +00:00			`assets = {}`
Added admin session management. 2013-07-26 21:45:16 +00:00			`sessions_clean = []`
			`sessions.each {\|session\|`
			`next if !session.data['user_id']`
			`sessions_clean.push session`
			`if session.data['user_id']`
Fixed missing user lookup. 2013-10-01 21:42:06 +00:00			`user = User.lookup( :id => session.data['user_id'] )`
Moved to user assets. 2013-10-01 18:31:03 +00:00			`assets = user.assets( assets )`
Added admin session management. 2013-07-26 21:45:16 +00:00			`end`
			`}`
			`render :json => {`
Fixed assets load. 2013-10-01 16:58:21 +00:00			`:sessions => sessions_clean,`
Moved to user assets. 2013-10-01 18:31:03 +00:00			`:assets => assets,`
Added admin session management. 2013-07-26 21:45:16 +00:00			`}`
			`end`

Small session bug fixes. 2013-07-26 22:35:58 +00:00			`def delete_old`
Delete inactive sessions after 90 days. 2013-07-26 23:50:26 +00:00			`ActiveRecord::SessionStore::Session.where('request_type = ? AND updated_at < ?', 1, Time.now - 90.days ).delete_all`
Small session bug fixes. 2013-07-26 22:35:58 +00:00			`ActiveRecord::SessionStore::Session.where('request_type = ? AND updated_at < ?', 2, Time.now - 2.days ).delete_all`
			`render :json => {}`
			`end`

Added admin session management. 2013-07-26 21:45:16 +00:00			`def delete`
			`return if deny_if_not_role('Admin')`
Small session bug fixes. 2013-07-26 22:35:58 +00:00			`session = ActiveRecord::SessionStore::Session.where( :id => params[:id] ).first`
			`if session`
			`session.destroy`
			`end`
Added admin session management. 2013-07-26 21:45:16 +00:00			`render :json => {}`
			`end`
Code reformattingand code layout beautying. 2013-06-12 15:59:58 +00:00			`end`