class SessionsController < Devise::SessionsController prepend_before_filter :require_no_authentication, :only => [ :new, :create ] include Devise::Controllers::InternalHelpers MiddleSiteConnection.establish NccuLdapConnection.establish # POST /resource/sign_in def create # login_password = params[:user][:password] # login_uid = params[:user][:nccu_ldap_uid] login_password = params[:user][:password] login_uid = params[:user][:nccu_ldap_uid] result = false ldap_filter = "(uid=#{login_uid})" if $nccu_ldap_connection.bind logger.info "=LDAP Binded password ok..." result =check_auth_with_ldap(login_uid,login_password) if result && login_password!='' logger.info "==LDAP password passed..." nccu_id = get_nccu_id_from_mid_site(login_uid) resource = nccu_id.nil? ? nil : (User.first(conditions:{ nccu_ldap_uid: nccu_id })) # resource = env['warden'].authenticate!(:check_nccu_ldap) # resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new") set_flash_message(:notice, :signed_in) if is_navigational_format? if (resource.nil? || nccu_id.nil?) logger.error "===LDAP passed local block... resource:#{resource.inspect}\n nccu_id:#{nccu_id} \t login_uid:#{login_uid}" flash[:notice] = t('devise.failure.ldap_pass_but_account_not_in_orbit') render :action => "new" else logger.info "===ALL passed" resource_name = resource._type.downcase sign_in(resource_name, resource) respond_with resource, :location => redirect_location(resource_name, resource) end elsif resource = User.first(conditions:{email: login_uid}) resource_name = resource._type.downcase sign_in(resource_name, resource) respond_with resource, :location => redirect_location(resource_name, resource) else logger.error "==password LDAP fail..." flash[:notice] = t('devise.failure.ldap_invalid') render :action => "new" end else logger.error "=LDAP fail..." flash[:notice] = t('devise.failure.ldap_connection_failed') render :action => "new" end logger.info "=======End Debugging======" end private def check_auth_with_ldap(login_uid,login_password) ldap_filter = "(uid=#{login_uid})" $nccu_ldap_connection.bind_as(:base => NccuLdapConnection::BASE,:filter => ldap_filter,:password=> login_password) rescue false end def get_nccu_id_from_mid_site(ldap_id) nccu_id = $mid_site_connection.query("SELECT nccu_id FROM rss_aaldap_view WHERE ldap_id='#{ldap_id}' LIMIT 1").first['nccu_id'] rescue nil # # if nccu_id.nil? # #show_error # p 'account not exist' # #should return? # end # # User.first(conditions: { }) # rss_pautlst_ut = $mid_site_connection.query("SELECT * FROM rss_pautlst_ut WHERE nccu_id='#{nccu_id}' LIMIT 1").first rescue nil # # rss_paunit = client.query("SELECT * FROM rss_paunit LIMIT 1").first rescue nil # user = User.find_or_create_by(:nccu_id => nccu_id) # p user # # p rss_paunit # end end