2012-04-10 14:06:46 +00:00
|
|
|
class SessionsController < ApplicationController
|
|
|
|
# def create
|
|
|
|
# render :text => request.env['rack.auth'].inspect
|
|
|
|
# end
|
|
|
|
|
|
|
|
# "Create" a login, aka "log the user in"
|
|
|
|
def create
|
2012-04-20 12:24:37 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
user = User.authenticate( params[:username], params[:password] )
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# auth failed
|
|
|
|
if !user
|
|
|
|
render :json => { :error => 'login failed' }, :status => :unprocessable_entity
|
2012-04-20 06:45:22 +00:00
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-11 06:37:54 +00:00
|
|
|
|
2012-04-20 12:24:37 +00:00
|
|
|
user = User.find_fulldata(user.id)
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# auto population of default collections
|
|
|
|
default_collection = default_collections()
|
|
|
|
|
|
|
|
# set session user_id
|
2012-04-20 12:24:37 +00:00
|
|
|
session[:user_id] = user['id']
|
2012-04-20 06:45:22 +00:00
|
|
|
|
|
|
|
# check logon session
|
|
|
|
logon_session_key = nil
|
|
|
|
if params['logon_session']
|
|
|
|
logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
|
2012-04-20 12:24:37 +00:00
|
|
|
session = ActiveRecord::SessionStore::Session.create(
|
2012-04-20 06:45:22 +00:00
|
|
|
:session_id => logon_session_key,
|
|
|
|
:data => {
|
2012-04-20 12:24:37 +00:00
|
|
|
:user_id => user['id']
|
2012-04-20 06:45:22 +00:00
|
|
|
}
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2012-04-20 12:24:37 +00:00
|
|
|
# remember me - set session cookie to expire later
|
|
|
|
if params[:remember_me]
|
|
|
|
request.env['rack.session.options'][:expire_after] = 1.year.from_now
|
|
|
|
end
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# return new session data
|
2012-04-20 06:45:22 +00:00
|
|
|
render :json => {
|
|
|
|
:session => user,
|
|
|
|
:default_collections => default_collection,
|
|
|
|
:logon_session => logon_session_key,
|
|
|
|
},
|
|
|
|
:status => :created
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def show
|
2012-04-20 06:45:22 +00:00
|
|
|
|
|
|
|
user_id = nil
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# no valid sessions
|
2012-04-20 06:45:22 +00:00
|
|
|
if session[:user_id]
|
|
|
|
user_id = session[:user_id]
|
|
|
|
end
|
|
|
|
|
|
|
|
# check logon session
|
|
|
|
if params['logon_session']
|
|
|
|
session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
|
|
|
|
if session
|
|
|
|
user_id = session.data[:user_id]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if !user_id
|
2012-04-11 06:37:54 +00:00
|
|
|
render :json => {
|
|
|
|
:error => 'no valid session',
|
|
|
|
:config => config_frontend,
|
2012-04-10 19:57:33 +00:00
|
|
|
}
|
2012-04-11 06:37:54 +00:00
|
|
|
return
|
|
|
|
end
|
2012-04-10 19:57:33 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# Save the user ID in the session so it can be used in
|
|
|
|
# subsequent requests
|
2012-07-29 18:55:51 +00:00
|
|
|
user = User.user_data_full( user_id )
|
2012-04-10 19:57:33 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# auto population of default collections
|
|
|
|
default_collection = default_collections()
|
2012-04-10 19:57:33 +00:00
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
# return current session
|
|
|
|
render :json => {
|
|
|
|
:session => user,
|
|
|
|
:default_collections => default_collection,
|
|
|
|
:config => config_frontend,
|
|
|
|
}
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# "Delete" a login, aka "log the user out"
|
|
|
|
def destroy
|
2012-04-20 12:24:37 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
# Remove the user id from the session
|
|
|
|
@_current_user = session[:user_id] = nil
|
2012-04-11 06:37:54 +00:00
|
|
|
|
2012-04-20 12:24:37 +00:00
|
|
|
# reset session cookie (set :expire_after to '' in case remember_me is active)
|
2012-04-20 15:39:50 +00:00
|
|
|
request.env['rack.session.options'][:expire_after] = -1.year.from_now
|
2012-04-20 12:24:37 +00:00
|
|
|
request.env['rack.session.options'][:renew] = true
|
|
|
|
|
2012-04-11 06:37:54 +00:00
|
|
|
render :json => { }
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-18 08:33:42 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
def create_omniauth
|
|
|
|
auth = request.env['omniauth.auth']
|
|
|
|
|
|
|
|
if !auth
|
|
|
|
logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT")
|
2012-04-18 08:33:42 +00:00
|
|
|
|
|
|
|
# redirect to app
|
|
|
|
redirect_to '/app#'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-18 08:33:42 +00:00
|
|
|
|
|
|
|
# Create a new user or add an auth to existing user, depending on
|
|
|
|
# whether there is already a user signed in.
|
2012-04-18 12:36:30 +00:00
|
|
|
authorization = Authorization.find_from_hash(auth)
|
|
|
|
if !authorization
|
2012-04-18 08:33:42 +00:00
|
|
|
authorization = Authorization.create_from_hash(auth, current_user)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-18 08:33:42 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
# Log the authorizing user in.
|
2012-04-18 08:33:42 +00:00
|
|
|
session[:user_id] = authorization.user.id
|
2012-04-10 14:06:46 +00:00
|
|
|
|
|
|
|
# redirect to app
|
2012-04-18 08:33:42 +00:00
|
|
|
redirect_to '/app#'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
def default_collections
|
|
|
|
|
|
|
|
# auto population of default collections
|
|
|
|
default_collection = {}
|
2012-05-18 13:53:20 +00:00
|
|
|
default_collection['Role'] = Role.all
|
|
|
|
default_collection['Group'] = Group.all
|
|
|
|
default_collection['Organization'] = Organization.all
|
|
|
|
|
2012-05-18 15:32:06 +00:00
|
|
|
# load collections to deliver from external files
|
2012-05-18 13:53:20 +00:00
|
|
|
dir = File.expand_path('../', __FILE__)
|
|
|
|
files = Dir.glob( "#{dir}/sessions/collection_*.rb" )
|
|
|
|
for file in files
|
2012-05-18 15:32:06 +00:00
|
|
|
load file
|
2012-05-18 13:53:20 +00:00
|
|
|
ExtraCollection.add(default_collection)
|
|
|
|
end
|
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
return default_collection
|
|
|
|
end
|
|
|
|
end
|