require 'openssl' require 'base64' class SessionsController < ApplicationController layout "authentication" before_filter :check_for_rulingcom def new if session[:user_id] redirect_to get_referer_from_params(@site) and return elsif @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user)) render(:plain => t('privileged_ip_login_only'), :status => 403) and return end end def show user_name = [] if params["_method"].present? flash.now.alert = "Invalid format" render "new" and return end begin if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user)) render(:plain => t('privileged_ip_login_only'), :status => 403) and return end if params[:user_name].blank? flash.now.alert = "Invalid format" render "new" and return end if !params[:user_name].include?('@') user = User.where(:user_name=>params['user_name']).first if user.nil? user_email = '' user_name.push params[:user_name] else user_name.push params[:user_name] user_email = MemberProfile.find(user['member_profile_id']).email rescue '' #chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a #newpass = "" #password_len = 10 #1.upto(password_len) { |i| newpass << chars[rand(chars.size-1)] } #user.update_password(newpass, newpass) user.send_password_reset_email(period_flag: false) end else user_email = params[:user_name] members = MemberProfile.where(:email=>params[:user_name]).to_a members.each do |member_profile| user = User.where(:member_profile_id=>member_profile.id).first if user user.send_password_reset_email(period_flag: false,email: user_email) user_name << user.user_name end end if members.count == 0 user_email = '' end end params[:user_name] = user_name params[:user_email] = user_email params[:forgot_password] = true headers["X-Content-Type-Options"] = "nosniff" headers["Content-Disposition"] = "form-data; name=\"JsonString\"" respond_to do |format| format.json { render :json => params } format.any { render :plain => "Invalid format", :status => 403 } end rescue render :json => params,:status=>403 end end def get_referer_from_params(site) set_current_user if params[:referer_url] && (site.redirect_page==0 rescue true) uri = URI.parse(params[:referer_url]) referer_url = uri.path if uri.query.present? referer_url += "?#{uri.query}" end elsif (site.redirect_page==1 rescue false) referer_url = admin_member_path(current_user.member_profile.to_param) elsif (site.redirect_page !=2 rescue false) referer_url = admin_dashboards_path else referer_url = '/' end return referer_url end def create params = params || request.params session = session || request.session flash = flash || request.flash if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user)) render(:plain => t('privileged_ip_login_only'), :status => 403) and return end if params[:user_name].blank? flash.now.alert = "Invalid format" render "new" and return end if !params[:user_name].include?('@') user = User.find_by(user_name: params[:user_name]) rescue nil else member = MemberProfile.where(:email=>params[:user_name]).first rescue nil user = User.where(:member_profile_id=>member.id).first rescue nil if user.nil? user = User.find_by(user_name: params[:user_name]) rescue nil end end site = @site if UserLoginLog.where(user_name: params[:user_name],status: false,:created_at.gte => Time.now-(site.password_failed_lock_time.minutes rescue 1.minutes)).count>=(site.password_failed_lock_num rescue 5) flash.now.alert = I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5)) render "new" and return end user_login_log = UserLoginLog.create(user_name: params[:user_name]) login_flag = false if !(defined? LdapLogin).nil? #plugin require 'ldap_login/login' self.class.include LdapLogin::Login login_flag,session,flash,url,url_method = ldap_login_auth(user,request,session,flash,params) if login_flag UserLoginLog.where(user_name: params[:user_name]).destroy if url_method == 'render' render url and return else if url != 'new' redirect_to get_referer_from_params(site) and return else redirect_to url and return end end elsif params[:user_name] == 'rulingcom' login_flag = true check_for_rulingcom(false) end end if params[:sso_login].present? && !(defined? SsoLoginApi).nil? && !login_flag #plugin require 'sso_login_api/login' self.class.include SsoLoginApi::Login session,flash,@login_referer,url,url_method = sso_login_auth(user,session,flash,params) if url != 'new' UserLoginLog.where(user_name: params[:user_name]).destroy end if url_method == 'render' render url and return else if url != 'new' redirect_to get_referer_from_params(site) and return else redirect_to url and return end end elsif (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) && !login_flag # if user.is_approved? || user.is_admin? invalid_flag = false if site.password_high_security && !user.password_high_security user.flash_note = 'password_low_security' invalid_flag = true elsif site.change_password_regularly && (user.password_updated_at<(Time.zone.now-User::PasswordValidTime) rescue true) user.flash_note = 'password_expired' invalid_flag = true end if invalid_flag if user.reset_token.nil? user.generate_reset_token else user.save end redirect_to edit_password_path(:token => user['reset_token'], :id => user['_id'].to_s) and return end UserLoginLog.where(user_name: params[:user_name]).destroy session[:user_id] = user.id session[:login_referer] = nil redirect_to get_referer_from_params(site) and return # else # flash.now.alert = "User not approved." # render "new" # end elsif !login_flag if (defined? LdapLogin).nil? @login_referer = params[:referer_url] flash.now.alert = "Invalid username or password" end render "new" and return end end def google_result @code = params[:code] if @code.nil? redirect_to root_url end end def google_callback error = params[:error] rescue nil if error == "access_denied" redirect_to auth_failure_path and return end auth = env["omniauth.auth"] if session[:sign_up_user_id].present? && !session[:sign_up_user_id].nil? user = User.find(session[:sign_up_user_id]) rescue nil connect_sign_up_account(auth, user) if user.member_profile.email == auth.info.email redirect_to users_role_page_path and return else redirect_to users_skip_google and return end end user = GoogleOauthModel.find_by("google_uid" => auth.uid).user rescue nil if user.nil? && current_user.nil? user_connected = false else user_connected = true if user.nil? && !current_user.nil? connection_successful = connect_account(auth) else if login_user(user,auth) redirect_to get_referer_from_params(@site) and return end end end if user_connected && connection_successful code = 1 elsif user_connected && !connection_successful code = 2 else !user_connected && !connection_successful code = 3 end redirect_to auth_google_result_path(:code => code) end def google_remove current_user.google.destroy rescue "" redirect_to admin_member_path(current_user.member_profile.to_param) and return end def google_faliure @code = 2 render "google_result" end def update render(:plain => "Invalid request", :status => 403) and return end def connect_sign_up_account(auth, user) if !user.nil? mp = user.member_profile mp.remote_avatar_url = auth.info.image mp.save google = GoogleOauthModel.new google.google_uid = auth.uid google.token = auth.credentials.token google.connected = true google.save user.google = google user.save end end def connect_account(auth) if !current_user.nil? google = GoogleOauthModel.new google.google_uid = auth.uid google.token = auth.credentials.token google.connected = true google.save current_user.google = google current_user.save return true else return false end end def login_user(user,auth) if user.google.token != auth.credentials.token user.google.token = auth.credentials.token user.google.save end session[:user_id] = user.id end def destroy log_user_action session[:user_id] = nil if !(defined? SsoLoginBox).nil? if SsoLoginBox.respond_to?(:controller_name) && SsoLoginBox.controller_name.constantize.respond_to?(:logout) SsoLoginBox.controller_name.constantize.logout elsif session[:sso_token] && SsoLoginBox.respond_to?(:logout_url) session[:sso_token] = nil redirect_to SsoLoginBox.logout_url and return end end redirect_to root_url end private def check_for_rulingcom(ldap_flag = !(defined? LdapLogin).nil?) if !ldap_flag || @site.privileged_ip_login_only if params[:user_name] == "rulingcom" && params[:alternative_login].present? if ["118.163.60.152", "127.0.0.1"].include?(request.remote_ip) user = User.where(:user_name => "rulingcom").first if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) session[:user_id] = user.id session[:login_referer] = nil redirect_to get_referer_from_params(@site) and return else @server_connected = false @login_referer = params[:referer_url] flash.now.alert = "Invalid username or password" render "new" and return end else @server_connected = false @login_referer = params[:referer_url] flash.now.alert = "Make sure you are connected to Taipei VPN." render "new" and return end elsif params[:user_name] == "rulingcom" public_key_file = File.join(Rails.root, "store_public.pem") public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file)) encrypted_string = Base64.encode64(public_key.public_encrypt(params[:password])) network = ONetwork.new(OrbitStore::URL,"get") response = network.request("/store/check_for_rulingcom",{"encpas" => encrypted_string}) if !response.nil? data = JSON.parse(response.body) rescue {} @server_connected = true if data["success"] == true user = User.where(:user_name => "rulingcom").first session[:user_id] = user.id session[:login_referer] = nil redirect_to get_referer_from_params(@site) and return else @login_referer = params[:referer_url] flash.now.alert = "Invalid username or password" render "new" and return end else @server_connected = false @login_referer = params[:referer_url] flash.now.alert = "Cannot connect to RulingStore. Please try the alternative method." render "new" and return end end end end end