352 lines
12 KiB
Ruby
352 lines
12 KiB
Ruby
require 'openssl'
|
|
require 'base64'
|
|
|
|
class SessionsController < ApplicationController
|
|
layout "authentication"
|
|
|
|
before_filter :check_for_rulingcom
|
|
|
|
def new
|
|
if session[:user_id]
|
|
redirect_to get_referer_from_params(@site) and return
|
|
elsif @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
|
|
render(:plain => t('privileged_ip_login_only'), :status => 403) and return
|
|
end
|
|
end
|
|
def show
|
|
user_name = []
|
|
if params["_method"].present?
|
|
flash.now.alert = "Invalid format"
|
|
render "new" and return
|
|
end
|
|
begin
|
|
if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
|
|
render(:plain => t('privileged_ip_login_only'), :status => 403) and return
|
|
end
|
|
if params[:user_name].blank?
|
|
flash.now.alert = "Invalid format"
|
|
render "new" and return
|
|
end
|
|
if !params[:user_name].include?('@')
|
|
user = User.where(:user_name=>params['user_name']).first
|
|
if user.nil?
|
|
user_email = ''
|
|
user_name.push params[:user_name]
|
|
else
|
|
user_name.push params[:user_name]
|
|
user_email = MemberProfile.find(user['member_profile_id']).email rescue ''
|
|
#chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
|
|
#newpass = ""
|
|
#password_len = 10
|
|
#1.upto(password_len) { |i| newpass << chars[rand(chars.size-1)] }
|
|
#user.update_password(newpass, newpass)
|
|
user.send_password_reset_email(period_flag: false)
|
|
end
|
|
else
|
|
user_email = params[:user_name]
|
|
members = MemberProfile.where(:email=>params[:user_name]).to_a
|
|
members.each do |member_profile|
|
|
user = User.where(:member_profile_id=>member_profile.id).first
|
|
if user
|
|
user.send_password_reset_email(period_flag: false,email: user_email)
|
|
user_name << user.user_name
|
|
end
|
|
end
|
|
if members.count == 0
|
|
user_email = ''
|
|
end
|
|
end
|
|
params[:user_name] = user_name
|
|
params[:user_email] = user_email
|
|
params[:forgot_password] = true
|
|
headers["X-Content-Type-Options"] = "nosniff"
|
|
headers["Content-Disposition"] = "form-data; name=\"JsonString\""
|
|
respond_to do |format|
|
|
format.json { render :json => params }
|
|
format.any { render :plain => "Invalid format", :status => 403 }
|
|
end
|
|
rescue
|
|
render :json => params,:status=>403
|
|
end
|
|
end
|
|
def get_referer_from_params(site)
|
|
set_current_user
|
|
if params[:referer_url] && (site.redirect_page==0 rescue true)
|
|
uri = URI.parse(params[:referer_url])
|
|
referer_url = uri.path
|
|
if uri.query.present?
|
|
referer_url += "?#{uri.query}"
|
|
end
|
|
elsif (site.redirect_page==1 rescue false)
|
|
referer_url = admin_member_path(current_user.member_profile.to_param)
|
|
elsif (site.redirect_page !=2 rescue false)
|
|
referer_url = admin_dashboards_path
|
|
else
|
|
referer_url = '/'
|
|
end
|
|
return referer_url
|
|
end
|
|
def create
|
|
params = params || request.params
|
|
session = session || request.session
|
|
flash = flash || request.flash
|
|
if @site.privileged_ip_login_only && !(@site.check_ip_is_privileged?(request.remote_ip, current_user))
|
|
render(:plain => t('privileged_ip_login_only'), :status => 403) and return
|
|
end
|
|
if params[:user_name].blank?
|
|
flash.now.alert = "Invalid format"
|
|
render "new" and return
|
|
end
|
|
if !params[:user_name].include?('@')
|
|
user = User.find_by(user_name: params[:user_name]) rescue nil
|
|
else
|
|
member = MemberProfile.where(:email=>params[:user_name]).first rescue nil
|
|
user = User.where(:member_profile_id=>member.id).first rescue nil
|
|
if user.nil?
|
|
user = User.find_by(user_name: params[:user_name]) rescue nil
|
|
end
|
|
end
|
|
site = @site
|
|
if UserLoginLog.where(user_name: params[:user_name],status: false,:created_at.gte => Time.now-(site.password_failed_lock_time.minutes rescue 1.minutes)).count>=(site.password_failed_lock_num rescue 5)
|
|
flash.now.alert = I18n.t('account_lock_note',time: (site.password_failed_lock_time rescue 1),num: (site.password_failed_lock_num rescue 5))
|
|
render "new" and return
|
|
end
|
|
user_login_log = UserLoginLog.create(user_name: params[:user_name])
|
|
login_flag = false
|
|
if !(defined? LdapLogin).nil? #plugin
|
|
require 'ldap_login/login'
|
|
self.class.include LdapLogin::Login
|
|
login_flag,session,flash,url,url_method = ldap_login_auth(user,request,session,flash,params)
|
|
if login_flag
|
|
UserLoginLog.where(user_name: params[:user_name]).destroy
|
|
if url_method == 'render'
|
|
render url and return
|
|
else
|
|
if url != 'new'
|
|
redirect_to get_referer_from_params(site) and return
|
|
else
|
|
redirect_to url and return
|
|
end
|
|
end
|
|
elsif params[:user_name] == 'rulingcom'
|
|
login_flag = true
|
|
check_for_rulingcom(false)
|
|
end
|
|
end
|
|
if params[:sso_login].present? && !(defined? SsoLoginApi).nil? && !login_flag #plugin
|
|
require 'sso_login_api/login'
|
|
self.class.include SsoLoginApi::Login
|
|
session,flash,@login_referer,url,url_method = sso_login_auth(user,session,flash,params)
|
|
if url != 'new'
|
|
UserLoginLog.where(user_name: params[:user_name]).destroy
|
|
end
|
|
if url_method == 'render'
|
|
render url and return
|
|
else
|
|
if url != 'new'
|
|
redirect_to get_referer_from_params(site) and return
|
|
else
|
|
redirect_to url and return
|
|
end
|
|
end
|
|
elsif (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) && !login_flag
|
|
# if user.is_approved? || user.is_admin?
|
|
invalid_flag = false
|
|
if site.password_high_security && !user.password_high_security
|
|
user.flash_note = 'password_low_security'
|
|
invalid_flag = true
|
|
elsif site.change_password_regularly && (user.password_updated_at<(Time.zone.now-User::PasswordValidTime) rescue true)
|
|
user.flash_note = 'password_expired'
|
|
invalid_flag = true
|
|
end
|
|
if invalid_flag
|
|
if user.reset_token.nil?
|
|
user.generate_reset_token
|
|
else
|
|
user.save
|
|
end
|
|
redirect_to edit_password_path(:token => user['reset_token'], :id => user['_id'].to_s) and return
|
|
end
|
|
UserLoginLog.where(user_name: params[:user_name]).destroy
|
|
session[:user_id] = user.id
|
|
session[:login_referer] = nil
|
|
|
|
redirect_to get_referer_from_params(site) and return
|
|
# else
|
|
# flash.now.alert = "User not approved."
|
|
# render "new"
|
|
# end
|
|
elsif !login_flag
|
|
if (defined? LdapLogin).nil?
|
|
@login_referer = params[:referer_url]
|
|
flash.now.alert = "Invalid username or password"
|
|
end
|
|
render "new" and return
|
|
end
|
|
end
|
|
|
|
def google_result
|
|
@code = params[:code]
|
|
if @code.nil?
|
|
redirect_to root_url
|
|
end
|
|
end
|
|
|
|
def google_callback
|
|
error = params[:error] rescue nil
|
|
if error == "access_denied"
|
|
redirect_to auth_failure_path and return
|
|
end
|
|
auth = env["omniauth.auth"]
|
|
if session[:sign_up_user_id].present? && !session[:sign_up_user_id].nil?
|
|
user = User.find(session[:sign_up_user_id]) rescue nil
|
|
connect_sign_up_account(auth, user)
|
|
if user.member_profile.email == auth.info.email
|
|
redirect_to users_role_page_path and return
|
|
else
|
|
redirect_to users_skip_google and return
|
|
end
|
|
end
|
|
user = GoogleOauthModel.find_by("google_uid" => auth.uid).user rescue nil
|
|
if user.nil? && current_user.nil?
|
|
user_connected = false
|
|
else
|
|
user_connected = true
|
|
if user.nil? && !current_user.nil?
|
|
connection_successful = connect_account(auth)
|
|
else
|
|
if login_user(user,auth)
|
|
redirect_to get_referer_from_params(@site) and return
|
|
end
|
|
end
|
|
end
|
|
if user_connected && connection_successful
|
|
code = 1
|
|
elsif user_connected && !connection_successful
|
|
code = 2
|
|
else !user_connected && !connection_successful
|
|
code = 3
|
|
end
|
|
redirect_to auth_google_result_path(:code => code)
|
|
end
|
|
|
|
def google_remove
|
|
current_user.google.destroy rescue ""
|
|
redirect_to admin_member_path(current_user.member_profile.to_param) and return
|
|
end
|
|
|
|
def google_faliure
|
|
@code = 2
|
|
render "google_result"
|
|
end
|
|
|
|
def update
|
|
render(:plain => "Invalid request", :status => 403) and return
|
|
end
|
|
|
|
def connect_sign_up_account(auth, user)
|
|
if !user.nil?
|
|
mp = user.member_profile
|
|
mp.remote_avatar_url = auth.info.image
|
|
mp.save
|
|
google = GoogleOauthModel.new
|
|
google.google_uid = auth.uid
|
|
google.token = auth.credentials.token
|
|
google.connected = true
|
|
google.save
|
|
user.google = google
|
|
user.save
|
|
end
|
|
end
|
|
|
|
def connect_account(auth)
|
|
if !current_user.nil?
|
|
google = GoogleOauthModel.new
|
|
google.google_uid = auth.uid
|
|
google.token = auth.credentials.token
|
|
google.connected = true
|
|
google.save
|
|
current_user.google = google
|
|
current_user.save
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
|
|
def login_user(user,auth)
|
|
if user.google.token != auth.credentials.token
|
|
user.google.token = auth.credentials.token
|
|
user.google.save
|
|
end
|
|
session[:user_id] = user.id
|
|
end
|
|
|
|
def destroy
|
|
log_user_action
|
|
session[:user_id] = nil
|
|
if !(defined? SsoLoginBox).nil?
|
|
if SsoLoginBox.respond_to?(:controller_name) && SsoLoginBox.controller_name.constantize.respond_to?(:logout)
|
|
SsoLoginBox.controller_name.constantize.logout
|
|
elsif session[:sso_token] && SsoLoginBox.respond_to?(:logout_url)
|
|
session[:sso_token] = nil
|
|
redirect_to SsoLoginBox.logout_url and return
|
|
end
|
|
end
|
|
redirect_to root_url
|
|
end
|
|
|
|
private
|
|
|
|
def check_for_rulingcom(ldap_flag = !(defined? LdapLogin).nil?)
|
|
if !ldap_flag || @site.privileged_ip_login_only
|
|
if params[:user_name] == "rulingcom" && params[:alternative_login].present?
|
|
if ["118.163.60.152", "127.0.0.1"].include?(request.remote_ip)
|
|
user = User.where(:user_name => "rulingcom").first
|
|
if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true))
|
|
session[:user_id] = user.id
|
|
session[:login_referer] = nil
|
|
redirect_to get_referer_from_params(@site) and return
|
|
else
|
|
@server_connected = false
|
|
@login_referer = params[:referer_url]
|
|
flash.now.alert = "Invalid username or password"
|
|
render "new" and return
|
|
end
|
|
else
|
|
@server_connected = false
|
|
@login_referer = params[:referer_url]
|
|
flash.now.alert = "Make sure you are connected to Taipei VPN."
|
|
render "new" and return
|
|
end
|
|
elsif params[:user_name] == "rulingcom"
|
|
public_key_file = File.join(Rails.root, "store_public.pem")
|
|
public_key = OpenSSL::PKey::RSA.new(File.read(public_key_file))
|
|
encrypted_string = Base64.encode64(public_key.public_encrypt(params[:password]))
|
|
network = ONetwork.new(OrbitStore::URL,"get")
|
|
response = network.request("/store/check_for_rulingcom",{"encpas" => encrypted_string})
|
|
if !response.nil?
|
|
data = JSON.parse(response.body) rescue {}
|
|
@server_connected = true
|
|
if data["success"] == true
|
|
user = User.where(:user_name => "rulingcom").first
|
|
session[:user_id] = user.id
|
|
session[:login_referer] = nil
|
|
redirect_to get_referer_from_params(@site) and return
|
|
else
|
|
@login_referer = params[:referer_url]
|
|
flash.now.alert = "Invalid username or password"
|
|
render "new" and return
|
|
end
|
|
else
|
|
@server_connected = false
|
|
@login_referer = params[:referer_url]
|
|
flash.now.alert = "Cannot connect to RulingStore. Please try the alternative method."
|
|
render "new" and return
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|