Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Refactoring: Removed use of unnecessary exception wrapper method response_access_deny.

Browse source
This commit is contained in:
Jens Pfeifer 2019-02-26 11:37:31 +01:00 committed by Thorsten Eckel
parent 4f494b57ac
commit e48256c130
9 changed files with 27 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -84,3 +84,6 @@
# RDoc / YARD # RDoc / YARD
/doc /doc
# Backup files
*~

12
app/controllers/application_controller/authenticates.rb
View file

@ -3,10 +3,6 @@ module ApplicationController::Authenticates
private private
def response_access_deny
raise Exceptions::NotAuthorized
end
def permission_check(key) def permission_check(key)
if @_token_auth if @_token_auth
user = Token.check( user = Token.check(
@ -121,9 +117,7 @@ module ApplicationController::Authenticates
logger.debug { "oauth2 token auth check '#{token}'" } logger.debug { "oauth2 token auth check '#{token}'" }
access_token = Doorkeeper::AccessToken.by_token(token) access_token = Doorkeeper::AccessToken.by_token(token)
if !access_token raise Exceptions::NotAuthorized, 'Invalid token!' if !access_token
raise Exceptions::NotAuthorized, 'Invalid token!'
end
# check expire # check expire
if access_token.expires_in && (access_token.created_at + access_token.expires_in) < Time.zone.now if access_token.expires_in && (access_token.created_at + access_token.expires_in) < Time.zone.now
@ -146,9 +140,7 @@ module ApplicationController::Authenticates
raise Exceptions::NotAuthorized, 'Maintenance mode enabled!' raise Exceptions::NotAuthorized, 'Maintenance mode enabled!'
end end
if user.active == false raise Exceptions::NotAuthorized, 'User is inactive!' if !user.active
raise Exceptions::NotAuthorized, 'User is inactive!'
end
# check scopes / permission check # check scopes / permission check
if auth_param[:permission] && !user.permissions?(auth_param[:permission]) if auth_param[:permission] && !user.permissions?(auth_param[:permission])

2
app/controllers/concerns/checks_user_attributes_by_current_user_permission.rb
View file

@ -8,7 +8,7 @@ module ChecksUserAttributesByCurrentUserPermission
return true if current_user.permissions?('admin.user') return true if current_user.permissions?('admin.user')
# non-agents (customers) can't set anything # non-agents (customers) can't set anything
response_access_deny if !current_user.permissions?('ticket.agent') raise Exceptions::NotAuthorized if !current_user.permissions?('ticket.agent')
# regular agents are not allowed to set Groups and Roles # regular agents are not allowed to set Groups and Roles
%w[Role Group].each do |model| %w[Role Group].each do |model|

42
app/controllers/form_controller.rb
View file

@ -159,44 +159,37 @@ class FormController < ApplicationController
def token_valid?(token, fingerprint) def token_valid?(token, fingerprint)
if token.blank? if token.blank?
Rails.logger.info 'No token for form!' Rails.logger.info 'No token for form!'
response_access_deny raise Exceptions::NotAuthorized
return false
end end
begin begin
crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32]) crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32])
result = crypt.decrypt_and_verify(Base64.decode64(token)) result = crypt.decrypt_and_verify(Base64.decode64(token))
rescue rescue
Rails.logger.info 'Invalid token for form!' Rails.logger.info 'Invalid token for form!'
response_access_deny raise Exceptions::NotAuthorized
return false
end end
if result.blank? if result.blank?
Rails.logger.info 'Invalid token for form!' Rails.logger.info 'Invalid token for form!'
response_access_deny raise Exceptions::NotAuthorized
return false
end end
parts = result.split(/:/) parts = result.split(/:/)
if parts.count != 3 if parts.count != 3
Rails.logger.info "Invalid token for form (need to have 3 parts, only #{parts.count} found)!" Rails.logger.info "Invalid token for form (need to have 3 parts, only #{parts.count} found)!"
response_access_deny raise Exceptions::NotAuthorized
return false
end end
fqdn_local = Base64.decode64(parts[0]) fqdn_local = Base64.decode64(parts[0])
if fqdn_local != Setting.get('fqdn') if fqdn_local != Setting.get('fqdn')
Rails.logger.info "Invalid token for form (invalid fqdn found #{fqdn_local} != #{Setting.get('fqdn')})!" Rails.logger.info "Invalid token for form (invalid fqdn found #{fqdn_local} != #{Setting.get('fqdn')})!"
response_access_deny raise Exceptions::NotAuthorized
return false
end end
fingerprint_local = Base64.decode64(parts[2]) fingerprint_local = Base64.decode64(parts[2])
if fingerprint_local != fingerprint if fingerprint_local != fingerprint
Rails.logger.info "Invalid token for form (invalid fingerprint found #{fingerprint_local} != #{fingerprint})!" Rails.logger.info "Invalid token for form (invalid fingerprint found #{fingerprint_local} != #{fingerprint})!"
response_access_deny raise Exceptions::NotAuthorized
return false
end end
if parts[1].to_i < (Time.zone.now.to_i - 60 * 60 * 24) if parts[1].to_i < (Time.zone.now.to_i - 60 * 60 * 24)
Rails.logger.info 'Invalid token for form (token expired})!' Rails.logger.info 'Invalid token for form (token expired})!'
response_access_deny raise Exceptions::NotAuthorized
return false
end end
true true
end end
@ -206,24 +199,15 @@ class FormController < ApplicationController
form_limit_by_ip_per_hour = Setting.get('form_ticket_create_by_ip_per_hour') || 20 form_limit_by_ip_per_hour = Setting.get('form_ticket_create_by_ip_per_hour') || 20
result = SearchIndexBackend.search("preferences.form.remote_ip:'#{request.remote_ip}' AND created_at:>now-1h", 'Ticket', limit: form_limit_by_ip_per_hour) result = SearchIndexBackend.search("preferences.form.remote_ip:'#{request.remote_ip}' AND created_at:>now-1h", 'Ticket', limit: form_limit_by_ip_per_hour)
if result.count >= form_limit_by_ip_per_hour.to_i raise Exceptions::NotAuthorized if result.count >= form_limit_by_ip_per_hour.to_i
response_access_deny
return true
end
form_limit_by_ip_per_day = Setting.get('form_ticket_create_by_ip_per_day') || 240 form_limit_by_ip_per_day = Setting.get('form_ticket_create_by_ip_per_day') || 240
result = SearchIndexBackend.search("preferences.form.remote_ip:'#{request.remote_ip}' AND created_at:>now-1d", 'Ticket', limit: form_limit_by_ip_per_day) result = SearchIndexBackend.search("preferences.form.remote_ip:'#{request.remote_ip}' AND created_at:>now-1d", 'Ticket', limit: form_limit_by_ip_per_day)
if result.count >= form_limit_by_ip_per_day.to_i raise Exceptions::NotAuthorized if result.count >= form_limit_by_ip_per_day.to_i
response_access_deny
return true
end
form_limit_per_day = Setting.get('form_ticket_create_per_day') || 5000 form_limit_per_day = Setting.get('form_ticket_create_per_day') || 5000
result = SearchIndexBackend.search('preferences.form.remote_ip:* AND created_at:>now-1d', 'Ticket', limit: form_limit_per_day) result = SearchIndexBackend.search('preferences.form.remote_ip:* AND created_at:>now-1d', 'Ticket', limit: form_limit_per_day)
if result.count >= form_limit_per_day.to_i raise Exceptions::NotAuthorized if result.count >= form_limit_per_day.to_i
response_access_deny
return true
end
false false
end end
@ -232,16 +216,14 @@ class FormController < ApplicationController
return true if params[:fingerprint].present? && params[:fingerprint].length > 30 return true if params[:fingerprint].present? && params[:fingerprint].length > 30
Rails.logger.info 'No fingerprint given!' Rails.logger.info 'No fingerprint given!'
response_access_deny raise Exceptions::NotAuthorized
false
end end
def enabled? def enabled?
return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular') return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
return true if Setting.get('form_ticket_create') return true if Setting.get('form_ticket_create')
response_access_deny raise Exceptions::NotAuthorized
false
end end
end end

8
app/controllers/online_notifications_controller.rb
View file

@ -185,11 +185,9 @@ curl http://localhost/api/v1/online_notifications/mark_all_as_read -v -u #{login
def access? def access?
notification = OnlineNotification.find(params[:id]) notification = OnlineNotification.find(params[:id])
if notification.user_id != current_user.id return true if notification.user_id == current_user.id
response_access_deny
return false raise Exceptions::NotAuthorized
end
true
end end
end end

11
app/controllers/organizations_controller.rb
View file

@ -224,10 +224,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
# GET /api/v1/organizations/search # GET /api/v1/organizations/search
def search def search
raise Exceptions::NotAuthorized if !current_user.permissions?(['admin.organization', 'ticket.agent'])
if !current_user.permissions?(['admin.organization', 'ticket.agent'])
raise Exceptions::NotAuthorized
end
per_page = params[:per_page] || params[:limit] || 100 per_page = params[:per_page] || params[:limit] || 100
per_page = per_page.to_i per_page = per_page.to_i
@ -304,11 +301,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co
# GET /api/v1/organizations/history/1 # GET /api/v1/organizations/history/1
def history def history
raise Exceptions::NotAuthorized if !current_user.permissions?(['admin.organization', 'ticket.agent'])
# permission check
if !current_user.permissions?(['admin.organization', 'ticket.agent'])
raise Exceptions::NotAuthorized
end
# get organization data # get organization data
organization = Organization.find(params[:id]) organization = Organization.find(params[:id])

5
app/controllers/search_controller.rb
View file

@ -9,10 +9,7 @@ class SearchController < ApplicationController
def search_generic def search_generic
# enable search only for users with valid session # enable search only for users with valid session
if !current_user raise Exceptions::NotAuthorized if !current_user
response_access_deny
return true
end
# get params # get params
query = params[:query] query = params[:query]

5
app/controllers/sessions_controller.rb
View file

@ -242,10 +242,7 @@ class SessionsController < ApplicationController
def switch_back_to_user def switch_back_to_user
# check if it's a swich back # check if it's a swich back
if !session[:switched_from_user_id] raise Exceptions::NotAuthorized if !session[:switched_from_user_id]
response_access_deny
return false
end
user = User.lookup(id: session[:switched_from_user_id]) user = User.lookup(id: session[:switched_from_user_id])
if !user if !user

13
app/controllers/users_controller.rb
View file

@ -367,11 +367,7 @@ class UsersController < ApplicationController
# @response_message 200 [Array<User>] A list of User records matching the search term. # @response_message 200 [Array<User>] A list of User records matching the search term.
# @response_message 401 Invalid session. # @response_message 401 Invalid session.
def search def search
raise Exceptions::NotAuthorized if !current_user.permissions?(['ticket.agent', 'admin.user'])
if !current_user.permissions?(['ticket.agent', 'admin.user'])
response_access_deny
return
end
per_page = params[:per_page] || params[:limit] || 100 per_page = params[:per_page] || params[:limit] || 100
per_page = per_page.to_i per_page = per_page.to_i
@ -491,12 +487,7 @@ class UsersController < ApplicationController
# @response_message 200 [History] The History records of the requested User record. # @response_message 200 [History] The History records of the requested User record.
# @response_message 401 Invalid session. # @response_message 401 Invalid session.
def history def history
raise Exceptions::NotAuthorized if !current_user.permissions?(['admin.user', 'ticket.agent'])
# permission check
if !current_user.permissions?(['admin.user', 'ticket.agent'])
response_access_deny
return
end
# get user data # get user data
user = User.find(params[:id]) user = User.find(params[:id])