announcement-test/temp_file/app/controllers/sessions_controller.rb

352 lines
12 KiB
Ruby
Raw Normal View History

2021-11-27 05:45:01 +00:00
require 'openssl'
require 'base64'
class SessionsController < ApplicationController
layout "authentication"
before_filter :check_for_rulingcom
def new
if session[:user_id]
2022-10-04 05:27:32 +00:00
redirect_to get_referer_from_params(@site) and return
elsif @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
render(:plain => t('privileged_ip_login_only'), :status => 403) and return
2021-11-27 05:45:01 +00:00
end
end
def show
user_name = []
if params["_method"].present?
2022-10-04 05:27:32 +00:00
flash.now.alert = "Invalid format"
render "new" and return
2021-11-27 05:45:01 +00:00
end
begin
2022-10-04 05:27:32 +00:00
if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
render(:plain => t('privileged_ip_login_only'), :status => 403) and return
end
2021-11-27 05:45:01 +00:00
if params[:user_name].blank?
2022-10-04 05:27:32 +00:00
flash.now.alert = "Invalid format"
render "new" and return
2021-11-27 05:45:01 +00:00
end
if !params[:user_name].include?('@')
user = User.where(:user_name=>params['user_name']).first
if user.nil?
user_email = ''
user_name.push params[:user_name]
else
user_name.push params[:user_name]
user_email = MemberProfile.find(user['member_profile_id']).email rescue ''
#chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
#newpass = ""
#password_len = 10
#1.upto(password_len) { |i| newpass << chars[rand(chars.size-1)] }
#user.update_password(newpass, newpass)
user.send_password_reset_email(period_flag: false)
end
else
user_email = params[:user_name]
2022-10-04 05:27:32 +00:00
members = MemberProfile.where(:email=>params[:user_name]).to_a
2021-11-27 05:45:01 +00:00
members.each do |member_profile|
user = User.where(:member_profile_id=>member_profile.id).first
if user
user.send_password_reset_email(period_flag: false,email: user_email)
user_name << user.user_name
end
end
if members.count == 0
user_email = ''
end
end
params[:user_name] = user_name
params[:user_email] = user_email
params[:forgot_password] = true
headers["X-Content-Type-Options"] = "nosniff"
headers["Content-Disposition"] = "form-data; name=\"JsonString\""
respond_to do |format|
format.json { render :json => params }
2022-10-04 05:27:32 +00:00
format.any { render :plain => "Invalid format", :status => 403 }
2021-11-27 05:45:01 +00:00
end
rescue
render :json => params,:status=>403
end
end
2022-07-13 16:11:42 +00:00
def get_referer_from_params(site)
set_current_user
if params[:referer_url] && (site.redirect_page==0 rescue true)
uri = URI.parse(params[:referer_url])
referer_url = uri.path
if uri.query.present?
referer_url += "?#{uri.query}"
end
elsif (site.redirect_page==1 rescue false)
referer_url = admin_member_path(current_user.member_profile.to_param)
elsif (site.redirect_page !=2 rescue false)
referer_url = admin_dashboards_path
else
referer_url = '/'
2021-11-27 05:45:01 +00:00
end
return referer_url
end
def create
params = params || request.params
session = session || request.session
flash = flash || request.flash
2022-10-04 05:27:32 +00:00
if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
render(:plain => t('privileged_ip_login_only'), :status => 403) and return
end
2021-11-27 05:45:01 +00:00
if params[:user_name].blank?
2022-10-04 05:27:32 +00:00
flash.now.alert = "Invalid format"
render "new" and return
2021-11-27 05:45:01 +00:00
end
if !params[:user_name].include?('@')
user = User.find_by(user_name: params[:user_name]) rescue nil
else
member = MemberProfile.where(:email=>params[:user_name]).first rescue nil
user = User.where(:member_profile_id=>member.id).first rescue nil
if user.nil?
user = User.find_by(user_name: params[:user_name]) rescue nil
end
end
2022-10-04 05:27:32 +00:00
site = @site
2021-11-27 05:45:01 +00:00
if UserLoginLog.where(user_name: params[:user_name],status: false,:created_at.gte => Time.now-(site.password_failed_lock_time.minutes rescue 1.minutes)).count>=(site.password_failed_lock_num rescue 5)
2022-10-04 05:27:32 +00:00
flash.now.alert = I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5))
render "new" and return
2021-11-27 05:45:01 +00:00
end
user_login_log = UserLoginLog.create(user_name: params[:user_name])
login_flag = false
if !(defined? LdapLogin).nil? #plugin
require 'ldap_login/login'
self.class.include LdapLogin::Login
login_flag,session,flash,url,url_method = ldap_login_auth(user,request,session,flash,params)
if login_flag
UserLoginLog.where(user_name: params[:user_name]).destroy
if url_method == 'render'
render url and return
else
2022-07-13 16:11:42 +00:00
if url != 'new'
redirect_to get_referer_from_params(site) and return
else
redirect_to url and return
end
2021-11-27 05:45:01 +00:00
end
elsif params[:user_name] == 'rulingcom'
login_flag = true
check_for_rulingcom(false)
end
end
if params[:sso_login].present? && !(defined? SsoLoginApi).nil? && !login_flag #plugin
require 'sso_login_api/login'
self.class.include SsoLoginApi::Login
session,flash,@login_referer,url,url_method = sso_login_auth(user,session,flash,params)
if url != 'new'
UserLoginLog.where(user_name: params[:user_name]).destroy
end
if url_method == 'render'
render url and return
else
2022-07-13 16:11:42 +00:00
if url != 'new'
redirect_to get_referer_from_params(site) and return
else
redirect_to url and return
end
2021-11-27 05:45:01 +00:00
end
elsif (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) && !login_flag
# if user.is_approved? || user.is_admin?
invalid_flag = false
if site.password_high_security && !user.password_high_security
user.flash_note = 'password_low_security'
invalid_flag = true
elsif site.change_password_regularly && (user.password_updated_at<(Time.zone.now-User::PasswordValidTime) rescue true)
user.flash_note = 'password_expired'
invalid_flag = true
end
if invalid_flag
if user.reset_token.nil?
user.generate_reset_token
else
user.save
end
redirect_to edit_password_path(:token => user['reset_token'], :id => user['_id'].to_s) and return
end
UserLoginLog.where(user_name: params[:user_name]).destroy
session[:user_id] = user.id
session[:login_referer] = nil
2022-07-13 16:11:42 +00:00
redirect_to get_referer_from_params(site) and return
2021-11-27 05:45:01 +00:00
# else
# flash.now.alert = "User not approved."
# render "new"
# end
elsif !login_flag
if (defined? LdapLogin).nil?
@login_referer = params[:referer_url]
flash.now.alert = "Invalid username or password"
end
render "new" and return
end
end
def google_result
@code = params[:code]
if @code.nil?
redirect_to root_url
end
end
def google_callback
error = params[:error] rescue nil
if error == "access_denied"
redirect_to auth_failure_path and return
end
auth = env["omniauth.auth"]
if session[:sign_up_user_id].present? && !session[:sign_up_user_id].nil?
user = User.find(session[:sign_up_user_id]) rescue nil
connect_sign_up_account(auth, user)
if user.member_profile.email == auth.info.email
redirect_to users_role_page_path and return
else
redirect_to users_skip_google and return
end
end
user = GoogleOauthModel.find_by("google_uid" => auth.uid).user rescue nil
if user.nil? && current_user.nil?
user_connected = false
else
user_connected = true
if user.nil? && !current_user.nil?
connection_successful = connect_account(auth)
else
if login_user(user,auth)
2022-10-04 05:27:32 +00:00
redirect_to get_referer_from_params(@site) and return
2021-11-27 05:45:01 +00:00
end
end
end
if user_connected && connection_successful
code = 1
elsif user_connected && !connection_successful
code = 2
else !user_connected && !connection_successful
code = 3
end
redirect_to auth_google_result_path(:code => code)
end
def google_remove
current_user.google.destroy rescue ""
redirect_to admin_member_path(current_user.member_profile.to_param) and return
end
def google_faliure
@code = 2
render "google_result"
end
def update
2022-10-04 05:27:32 +00:00
render(:plain => "Invalid request", :status => 403) and return
2021-11-27 05:45:01 +00:00
end
def connect_sign_up_account(auth, user)
if !user.nil?
mp = user.member_profile
mp.remote_avatar_url = auth.info.image
mp.save
google = GoogleOauthModel.new
google.google_uid = auth.uid
google.token = auth.credentials.token
google.connected = true
google.save
user.google = google
user.save
end
end
def connect_account(auth)
if !current_user.nil?
google = GoogleOauthModel.new
google.google_uid = auth.uid
google.token = auth.credentials.token
google.connected = true
google.save
current_user.google = google
current_user.save
return true
else
return false
end
end
def login_user(user,auth)
if user.google.token != auth.credentials.token
user.google.token = auth.credentials.token
user.google.save
end
session[:user_id] = user.id
end
def destroy
log_user_action
session[:user_id] = nil
if !(defined? SsoLoginBox).nil?
if SsoLoginBox.respond_to?(:controller_name) && SsoLoginBox.controller_name.constantize.respond_to?(:logout)
SsoLoginBox.controller_name.constantize.logout
elsif session[:sso_token] && SsoLoginBox.respond_to?(:logout_url)
session[:sso_token] = nil
redirect_to SsoLoginBox.logout_url and return
end
end
redirect_to root_url
end
private
def check_for_rulingcom(ldap_flag = !(defined? LdapLogin).nil?)
2022-10-04 05:27:32 +00:00
if !ldap_flag || @site.privileged_ip_login_only
2021-11-27 05:45:01 +00:00
if params[:user_name] == "rulingcom" && params[:alternative_login].present?
if ["118.163.60.152", "127.0.0.1"].include?(request.remote_ip)
user = User.where(:user_name => "rulingcom").first
if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true))
session[:user_id] = user.id
session[:login_referer] = nil
2022-10-04 05:27:32 +00:00
redirect_to get_referer_from_params(@site) and return
2021-11-27 05:45:01 +00:00
else
@server_connected = false
@login_referer = params[:referer_url]
flash.now.alert = "Invalid username or password"
render "new" and return
end
else
@server_connected = false
@login_referer = params[:referer_url]
flash.now.alert = "Make sure you are connected to Taipei VPN."
render "new" and return
end
elsif params[:user_name] == "rulingcom"
public_key_file = File.join(Rails.root, "store_public.pem")
public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file))
encrypted_string = Base64.encode64(public_key.public_encrypt(params[:password]))
network = ONetwork.new(OrbitStore::URL,"get")
response = network.request("/store/check_for_rulingcom",{"encpas" => encrypted_string})
if !response.nil?
data = JSON.parse(response.body) rescue {}
@server_connected = true
if data["success"] == true
user = User.where(:user_name => "rulingcom").first
session[:user_id] = user.id
session[:login_referer] = nil
2022-10-04 05:27:32 +00:00
redirect_to get_referer_from_params(@site) and return
2021-11-27 05:45:01 +00:00
else
@login_referer = params[:referer_url]
flash.now.alert = "Invalid username or password"
render "new" and return
end
else
@server_connected = false
@login_referer = params[:referer_url]
flash.now.alert = "Cannot connect to RulingStore. Please try the alternative method."
render "new" and return
end
end
end
end
end