From 186dad508d83840e68fefdc039c03cbe3eb16170 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B1=E5=8D=9A=E4=BA=9E?= Date: Sat, 27 Nov 2021 13:45:01 +0800 Subject: [PATCH] fix old site upgrade problem --- announcement.gemspec | 2 +- .../app/controllers/sessions_controller.rb | 337 ++++++++++++++++++ temp_file/app/models/sessions_controller.rb | 337 ++++++++++++++++++ 3 files changed, 675 insertions(+), 1 deletion(-) create mode 100644 temp_file/app/controllers/sessions_controller.rb create mode 100644 temp_file/app/models/sessions_controller.rb diff --git a/announcement.gemspec b/announcement.gemspec index 3a40ed2..a71b434 100644 --- a/announcement.gemspec +++ b/announcement.gemspec @@ -177,7 +177,7 @@ if bundle_update_flag command4 = "" puts 'mongoid has been updated!' else - command4 = ";cp -rf #{app_path}/temp_file/app #{env_pwd};cp -rf #{app_path}/temp_file/config #{env_pwd}" + command4 = ";mv #{env_pwd}/app/controllers/sessions_controller.rb #{env_pwd}/tmp/sessions_controller_backup.rb;cp -rf #{app_path}/temp_file/app #{env_pwd};cp -rf #{app_path}/temp_file/config #{env_pwd};rm #{env_pwd}/app/models/google.rb" end log_development = File.mtime(env_pwd+'/log/development.log').strftime('%Y%m%d%H%M').to_i rescue 0 log_production = File.mtime(env_pwd+'/log/production.log').strftime('%Y%m%d%H%M').to_i rescue 0 diff --git a/temp_file/app/controllers/sessions_controller.rb b/temp_file/app/controllers/sessions_controller.rb new file mode 100644 index 0000000..bce6bf7 --- /dev/null +++ b/temp_file/app/controllers/sessions_controller.rb @@ -0,0 +1,337 @@ +require 'openssl' +require 'base64' + +class SessionsController < ApplicationController + layout "authentication" + + before_filter :check_for_rulingcom + + def new + if session[:user_id] + redirect_to admin_dashboards_path + end + end + def show + user_name = [] + if params["_method"].present? + render :text => "Invalid format", :status => 403 + end + begin + if params[:user_name].blank? + render(:text => "Invalid format", :status => 403) and return + end + if !params[:user_name].include?('@') + user = User.where(:user_name=>params['user_name']).first + if user.nil? + user_email = '' + user_name.push params[:user_name] + else + user_name.push params[:user_name] + user_email = MemberProfile.find(user['member_profile_id']).email rescue '' + #chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + #newpass = "" + #password_len = 10 + #1.upto(password_len) { |i| newpass << chars[rand(chars.size-1)] } + #user.update_password(newpass, newpass) + user.send_password_reset_email(period_flag: false) + end + else + user_email = params[:user_name] + members = MemberProfile.where(:email=>params[:user_name]).take_while{true} + members.each do |member_profile| + user = User.where(:member_profile_id=>member_profile.id).first + if user + user.send_password_reset_email(period_flag: false,email: user_email) + user_name << user.user_name + end + end + if members.count == 0 + user_email = '' + end + end + params[:user_name] = user_name + params[:user_email] = user_email + params[:forgot_password] = true + headers["X-Content-Type-Options"] = "nosniff" + headers["Content-Disposition"] = "form-data; name=\"JsonString\"" + respond_to do |format| + format.json { render :json => params } + format.any { render :text => "Invalid format", :status => 403 } + end + rescue + render :json => params,:status=>403 + end + end + def get_referer_from_params + uri = URI.parse(params[:referer_url]) + referer_url = uri.path + if uri.query.present? + referer_url += "?#{uri.query}" + end + return referer_url + end + def create + params = params || request.params + session = session || request.session + flash = flash || request.flash + if params[:user_name].blank? + render(:text => "Invalid format", :status => 403) and return + end + if !params[:user_name].include?('@') + user = User.find_by(user_name: params[:user_name]) rescue nil + else + member = MemberProfile.where(:email=>params[:user_name]).first rescue nil + user = User.where(:member_profile_id=>member.id).first rescue nil + if user.nil? + user = User.find_by(user_name: params[:user_name]) rescue nil + end + end + site = Site.first + if UserLoginLog.where(user_name: params[:user_name],status: false,:created_at.gte => Time.now-(site.password_failed_lock_time.minutes rescue 1.minutes)).count>=(site.password_failed_lock_num rescue 5) + render :text => I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5)),:status=> 403 and return + end + user_login_log = UserLoginLog.create(user_name: params[:user_name]) + login_flag = false + if !(defined? LdapLogin).nil? #plugin + require 'ldap_login/login' + self.class.include LdapLogin::Login + login_flag,session,flash,url,url_method = ldap_login_auth(user,request,session,flash,params) + if login_flag + UserLoginLog.where(user_name: params[:user_name]).destroy + if url_method == 'render' + render url and return + else + redirect_to url and return + end + elsif params[:user_name] == 'rulingcom' + login_flag = true + check_for_rulingcom(false) + end + end + if params[:sso_login].present? && !(defined? SsoLoginApi).nil? && !login_flag #plugin + require 'sso_login_api/login' + self.class.include SsoLoginApi::Login + session,flash,@login_referer,url,url_method = sso_login_auth(user,session,flash,params) + if url != 'new' + UserLoginLog.where(user_name: params[:user_name]).destroy + end + if url_method == 'render' + render url and return + else + redirect_to url and return + end + elsif (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) && !login_flag + # if user.is_approved? || user.is_admin? + invalid_flag = false + if site.password_high_security && !user.password_high_security + user.flash_note = 'password_low_security' + invalid_flag = true + elsif site.change_password_regularly && (user.password_updated_at<(Time.zone.now-User::PasswordValidTime) rescue true) + user.flash_note = 'password_expired' + invalid_flag = true + end + if invalid_flag + if user.reset_token.nil? + user.generate_reset_token + else + user.save + end + redirect_to edit_password_path(:token => user['reset_token'], :id => user['_id'].to_s) and return + end + UserLoginLog.where(user_name: params[:user_name]).destroy + session[:user_id] = user.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + # else + # flash.now.alert = "User not approved." + # render "new" + # end + elsif !login_flag + if (defined? LdapLogin).nil? + @login_referer = params[:referer_url] + flash.now.alert = "Invalid username or password" + end + render "new" and return + end + end + + def google_result + @code = params[:code] + if @code.nil? + redirect_to root_url + end + end + + def google_callback + error = params[:error] rescue nil + if error == "access_denied" + redirect_to auth_failure_path and return + end + auth = env["omniauth.auth"] + if session[:sign_up_user_id].present? && !session[:sign_up_user_id].nil? + user = User.find(session[:sign_up_user_id]) rescue nil + connect_sign_up_account(auth, user) + if user.member_profile.email == auth.info.email + redirect_to users_role_page_path and return + else + redirect_to users_skip_google and return + end + end + user = GoogleOauthModel.find_by("google_uid" => auth.uid).user rescue nil + if user.nil? && current_user.nil? + user_connected = false + else + user_connected = true + if user.nil? && !current_user.nil? + connection_successful = connect_account(auth) + else + if login_user(user,auth) + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + end + end + end + if user_connected && connection_successful + code = 1 + elsif user_connected && !connection_successful + code = 2 + else !user_connected && !connection_successful + code = 3 + end + redirect_to auth_google_result_path(:code => code) + end + + def google_remove + current_user.google.destroy rescue "" + redirect_to admin_member_path(current_user.member_profile.to_param) and return + end + + def google_faliure + @code = 2 + render "google_result" + end + + def update + render(:text => "Invalid request", :status => 403) and return + end + + def connect_sign_up_account(auth, user) + if !user.nil? + mp = user.member_profile + mp.remote_avatar_url = auth.info.image + mp.save + google = GoogleOauthModel.new + google.google_uid = auth.uid + google.token = auth.credentials.token + google.connected = true + google.save + user.google = google + user.save + end + end + + def connect_account(auth) + if !current_user.nil? + google = GoogleOauthModel.new + google.google_uid = auth.uid + google.token = auth.credentials.token + google.connected = true + google.save + current_user.google = google + current_user.save + return true + else + return false + end + end + + + def login_user(user,auth) + if user.google.token != auth.credentials.token + user.google.token = auth.credentials.token + user.google.save + end + session[:user_id] = user.id + end + + def destroy + log_user_action + session[:user_id] = nil + if !(defined? SsoLoginBox).nil? + if SsoLoginBox.respond_to?(:controller_name) && SsoLoginBox.controller_name.constantize.respond_to?(:logout) + SsoLoginBox.controller_name.constantize.logout + elsif session[:sso_token] && SsoLoginBox.respond_to?(:logout_url) + session[:sso_token] = nil + redirect_to SsoLoginBox.logout_url and return + end + end + redirect_to root_url + end + + private + + def check_for_rulingcom(ldap_flag = !(defined? LdapLogin).nil?) + if !ldap_flag + if params[:user_name] == "rulingcom" && params[:alternative_login].present? + if ["118.163.60.152", "127.0.0.1"].include?(request.remote_ip) + user = User.where(:user_name => "rulingcom").first + if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) + session[:user_id] = user.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + else + @server_connected = false + @login_referer = params[:referer_url] + flash.now.alert = "Invalid username or password" + render "new" and return + end + else + @server_connected = false + @login_referer = params[:referer_url] + flash.now.alert = "Make sure you are connected to Taipei VPN." + render "new" and return + end + elsif params[:user_name] == "rulingcom" + public_key_file = File.join(Rails.root, "store_public.pem") + public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file)) + encrypted_string = Base64.encode64(public_key.public_encrypt(params[:password])) + network = ONetwork.new(OrbitStore::URL,"get") + response = network.request("/store/check_for_rulingcom",{"encpas" => encrypted_string}) + if !response.nil? + data = JSON.parse(response.body) rescue {} + @server_connected = true + if data["success"] == true + user = User.where(:user_name => "rulingcom").first + session[:user_id] = user.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + else + @login_referer = params[:referer_url] + flash.now.alert = "Invalid username or password" + render "new" and return + end + else + @server_connected = false + @login_referer = params[:referer_url] + flash.now.alert = "Cannot connect to RulingStore. Please try the alternative method." + render "new" and return + end + end + end + end +end diff --git a/temp_file/app/models/sessions_controller.rb b/temp_file/app/models/sessions_controller.rb new file mode 100644 index 0000000..bce6bf7 --- /dev/null +++ b/temp_file/app/models/sessions_controller.rb @@ -0,0 +1,337 @@ +require 'openssl' +require 'base64' + +class SessionsController < ApplicationController + layout "authentication" + + before_filter :check_for_rulingcom + + def new + if session[:user_id] + redirect_to admin_dashboards_path + end + end + def show + user_name = [] + if params["_method"].present? + render :text => "Invalid format", :status => 403 + end + begin + if params[:user_name].blank? + render(:text => "Invalid format", :status => 403) and return + end + if !params[:user_name].include?('@') + user = User.where(:user_name=>params['user_name']).first + if user.nil? + user_email = '' + user_name.push params[:user_name] + else + user_name.push params[:user_name] + user_email = MemberProfile.find(user['member_profile_id']).email rescue '' + #chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + #newpass = "" + #password_len = 10 + #1.upto(password_len) { |i| newpass << chars[rand(chars.size-1)] } + #user.update_password(newpass, newpass) + user.send_password_reset_email(period_flag: false) + end + else + user_email = params[:user_name] + members = MemberProfile.where(:email=>params[:user_name]).take_while{true} + members.each do |member_profile| + user = User.where(:member_profile_id=>member_profile.id).first + if user + user.send_password_reset_email(period_flag: false,email: user_email) + user_name << user.user_name + end + end + if members.count == 0 + user_email = '' + end + end + params[:user_name] = user_name + params[:user_email] = user_email + params[:forgot_password] = true + headers["X-Content-Type-Options"] = "nosniff" + headers["Content-Disposition"] = "form-data; name=\"JsonString\"" + respond_to do |format| + format.json { render :json => params } + format.any { render :text => "Invalid format", :status => 403 } + end + rescue + render :json => params,:status=>403 + end + end + def get_referer_from_params + uri = URI.parse(params[:referer_url]) + referer_url = uri.path + if uri.query.present? + referer_url += "?#{uri.query}" + end + return referer_url + end + def create + params = params || request.params + session = session || request.session + flash = flash || request.flash + if params[:user_name].blank? + render(:text => "Invalid format", :status => 403) and return + end + if !params[:user_name].include?('@') + user = User.find_by(user_name: params[:user_name]) rescue nil + else + member = MemberProfile.where(:email=>params[:user_name]).first rescue nil + user = User.where(:member_profile_id=>member.id).first rescue nil + if user.nil? + user = User.find_by(user_name: params[:user_name]) rescue nil + end + end + site = Site.first + if UserLoginLog.where(user_name: params[:user_name],status: false,:created_at.gte => Time.now-(site.password_failed_lock_time.minutes rescue 1.minutes)).count>=(site.password_failed_lock_num rescue 5) + render :text => I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5)),:status=> 403 and return + end + user_login_log = UserLoginLog.create(user_name: params[:user_name]) + login_flag = false + if !(defined? LdapLogin).nil? #plugin + require 'ldap_login/login' + self.class.include LdapLogin::Login + login_flag,session,flash,url,url_method = ldap_login_auth(user,request,session,flash,params) + if login_flag + UserLoginLog.where(user_name: params[:user_name]).destroy + if url_method == 'render' + render url and return + else + redirect_to url and return + end + elsif params[:user_name] == 'rulingcom' + login_flag = true + check_for_rulingcom(false) + end + end + if params[:sso_login].present? && !(defined? SsoLoginApi).nil? && !login_flag #plugin + require 'sso_login_api/login' + self.class.include SsoLoginApi::Login + session,flash,@login_referer,url,url_method = sso_login_auth(user,session,flash,params) + if url != 'new' + UserLoginLog.where(user_name: params[:user_name]).destroy + end + if url_method == 'render' + render url and return + else + redirect_to url and return + end + elsif (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) && !login_flag + # if user.is_approved? || user.is_admin? + invalid_flag = false + if site.password_high_security && !user.password_high_security + user.flash_note = 'password_low_security' + invalid_flag = true + elsif site.change_password_regularly && (user.password_updated_at<(Time.zone.now-User::PasswordValidTime) rescue true) + user.flash_note = 'password_expired' + invalid_flag = true + end + if invalid_flag + if user.reset_token.nil? + user.generate_reset_token + else + user.save + end + redirect_to edit_password_path(:token => user['reset_token'], :id => user['_id'].to_s) and return + end + UserLoginLog.where(user_name: params[:user_name]).destroy + session[:user_id] = user.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + # else + # flash.now.alert = "User not approved." + # render "new" + # end + elsif !login_flag + if (defined? LdapLogin).nil? + @login_referer = params[:referer_url] + flash.now.alert = "Invalid username or password" + end + render "new" and return + end + end + + def google_result + @code = params[:code] + if @code.nil? + redirect_to root_url + end + end + + def google_callback + error = params[:error] rescue nil + if error == "access_denied" + redirect_to auth_failure_path and return + end + auth = env["omniauth.auth"] + if session[:sign_up_user_id].present? && !session[:sign_up_user_id].nil? + user = User.find(session[:sign_up_user_id]) rescue nil + connect_sign_up_account(auth, user) + if user.member_profile.email == auth.info.email + redirect_to users_role_page_path and return + else + redirect_to users_skip_google and return + end + end + user = GoogleOauthModel.find_by("google_uid" => auth.uid).user rescue nil + if user.nil? && current_user.nil? + user_connected = false + else + user_connected = true + if user.nil? && !current_user.nil? + connection_successful = connect_account(auth) + else + if login_user(user,auth) + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + end + end + end + if user_connected && connection_successful + code = 1 + elsif user_connected && !connection_successful + code = 2 + else !user_connected && !connection_successful + code = 3 + end + redirect_to auth_google_result_path(:code => code) + end + + def google_remove + current_user.google.destroy rescue "" + redirect_to admin_member_path(current_user.member_profile.to_param) and return + end + + def google_faliure + @code = 2 + render "google_result" + end + + def update + render(:text => "Invalid request", :status => 403) and return + end + + def connect_sign_up_account(auth, user) + if !user.nil? + mp = user.member_profile + mp.remote_avatar_url = auth.info.image + mp.save + google = GoogleOauthModel.new + google.google_uid = auth.uid + google.token = auth.credentials.token + google.connected = true + google.save + user.google = google + user.save + end + end + + def connect_account(auth) + if !current_user.nil? + google = GoogleOauthModel.new + google.google_uid = auth.uid + google.token = auth.credentials.token + google.connected = true + google.save + current_user.google = google + current_user.save + return true + else + return false + end + end + + + def login_user(user,auth) + if user.google.token != auth.credentials.token + user.google.token = auth.credentials.token + user.google.save + end + session[:user_id] = user.id + end + + def destroy + log_user_action + session[:user_id] = nil + if !(defined? SsoLoginBox).nil? + if SsoLoginBox.respond_to?(:controller_name) && SsoLoginBox.controller_name.constantize.respond_to?(:logout) + SsoLoginBox.controller_name.constantize.logout + elsif session[:sso_token] && SsoLoginBox.respond_to?(:logout_url) + session[:sso_token] = nil + redirect_to SsoLoginBox.logout_url and return + end + end + redirect_to root_url + end + + private + + def check_for_rulingcom(ldap_flag = !(defined? LdapLogin).nil?) + if !ldap_flag + if params[:user_name] == "rulingcom" && params[:alternative_login].present? + if ["118.163.60.152", "127.0.0.1"].include?(request.remote_ip) + user = User.where(:user_name => "rulingcom").first + if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) + session[:user_id] = user.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + else + @server_connected = false + @login_referer = params[:referer_url] + flash.now.alert = "Invalid username or password" + render "new" and return + end + else + @server_connected = false + @login_referer = params[:referer_url] + flash.now.alert = "Make sure you are connected to Taipei VPN." + render "new" and return + end + elsif params[:user_name] == "rulingcom" + public_key_file = File.join(Rails.root, "store_public.pem") + public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file)) + encrypted_string = Base64.encode64(public_key.public_encrypt(params[:password])) + network = ONetwork.new(OrbitStore::URL,"get") + response = network.request("/store/check_for_rulingcom",{"encpas" => encrypted_string}) + if !response.nil? + data = JSON.parse(response.body) rescue {} + @server_connected = true + if data["success"] == true + user = User.where(:user_name => "rulingcom").first + session[:user_id] = user.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to get_referer_from_params and return + else + redirect_to admin_dashboards_path and return + end + else + @login_referer = params[:referer_url] + flash.now.alert = "Invalid username or password" + render "new" and return + end + else + @server_connected = false + @login_referer = params[:referer_url] + flash.now.alert = "Cannot connect to RulingStore. Please try the alternative method." + render "new" and return + end + end + end + end +end