From 2bddb38c3156c0e7d5fe9798e9b69784971aa9f8 Mon Sep 17 00:00:00 2001 From: "Rulingcom.com" Date: Wed, 6 May 2015 15:16:21 +0800 Subject: [PATCH] unit branc for nccu --- Gemfile | 3 + app/controllers/admin/import_controller.rb | 34 ++-- app/controllers/sessions_controller.rb | 175 ++++++++++++++++++-- config/initializers/load_config.rb | 1 + config/initializers/nccu_ldap_connection.rb | 16 ++ config/ldap.yml | 12 ++ 6 files changed, 219 insertions(+), 22 deletions(-) create mode 100644 config/initializers/load_config.rb create mode 100644 config/initializers/nccu_ldap_connection.rb create mode 100644 config/ldap.yml diff --git a/Gemfile b/Gemfile index 6e81166..0cdb05e 100644 --- a/Gemfile +++ b/Gemfile @@ -46,6 +46,9 @@ gem 'ckeditor' gem 'unicorn' gem 'zhconv' gem 'time_difference' + +gem "net-ldap", "~> 0.3.1" + gem 'execjs' gem 'therubyracer' diff --git a/app/controllers/admin/import_controller.rb b/app/controllers/admin/import_controller.rb index 563e3a9..3f22b86 100644 --- a/app/controllers/admin/import_controller.rb +++ b/app/controllers/admin/import_controller.rb @@ -204,7 +204,7 @@ class Admin::ImportController < OrbitAdminController File.delete(file) end - bulletin.approved = true + bulletin.approved = true rescue nil bulletin.save! end @@ -559,16 +559,29 @@ class Admin::ImportController < OrbitAdminController data = JSON.parse(data) albums = data["albums"] current_locale = I18n.locale - I18n.locale = :en - category = Category.where(:title => "RSS2 Gallery").first - I18n.locale = current_locale - if category.nil? - module_app = ModuleApp.find_by_key("gallery") - category = Category.new - category.title_translations = {"en" => "RSS2 Gallery", "zh_tw" => "RSS2畫廊"} - category.save - module_app.categories << category + + categories = data["categories"] + I18n.locale = :zh_tw + module_app = ModuleApp.find_by_key("gallery") + categories.each do |category| + cat = Category.where(:title => category[1]["zh_tw"], :module_app_id => module_app.id).first + if cat.nil? + cat = Category.new + cat.title_translations = {"en" => (category[1]["en"] || category[1]["zh_tw"]), "zh_tw" => (category[1]["zh_tw"] || category[1]["en"])} + cat.save + module_app.categories << cat + end end + # I18n.locale = :en + # category = Category.where(:title => "RSS2 Gallery").first + # I18n.locale = current_locale + # if category.nil? + # module_app = ModuleApp.find_by_key("gallery") + # category = Category.new + # category.title_translations = {"en" => "RSS2 Gallery", "zh_tw" => "RSS2畫廊"} + # category.save + # module_app.categories << category + # end @data_to_send = [] albums.each do |album| if Album.where(:rss2_id => album["albumid"]).count == 0 @@ -578,6 +591,7 @@ class Admin::ImportController < OrbitAdminController "en" => (album["description"]["en"].nil? ? "" : album["description"]["en"]), "zh_tw" => (album["description"]["zh_tw"].nil? ? "" : album["description"]["zh_tw"])}, :rss2_id => album["albumid"]) + category = Category.where(:title => album["category_name"], :module_app_id => module_app).first newalbum.category_id = category.id newalbum.save else diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 2ce1493..e206492 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,16 +1,85 @@ class SessionsController < ApplicationController layout "authentication" - def new if session[:user_id] redirect_to admin_dashboards_path end end - def create - user = User.find_by(user_name: params[:user_name]) rescue nil - if (user && user.authenticate(params[:password]) && user.is_confirmed?.eql?(true)) - # if user.is_approved? || user.is_admin? + def create + login_password = params[:password] + login_uid = params[:user_name] + result = false + ldap_filter = "(uid=#{login_uid})" + + if login_uid != 'rulingcom' + + NccuLdapConnection.establish + + if ($nccu_ldap_connection.bind rescue false) + + logger.info "=LDAP Binded password ok..." + + result = check_auth_with_ldap(login_uid,login_password) + + resource = User.find_by(user_name: params[:user_name]) rescue nil + + if result && login_password!='' + + logger.info "==LDAP password passed..." + # set_flash_message(:notice, :signed_in) if is_navigational_format? + + if (resource.nil?) + logger.error "===LDAP passed local block... resource:#{resource.inspect}\n login_uid:#{login_uid}" + flash.now.alert = t('devise.failure.ldap_pass_but_account_not_in_orbit') + render "new" + else + logger.info "===ALL passed" + session[:user_id] = resource.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to URI.parse(params[:referer_url]).path + else + redirect_to admin_dashboards_path + end + end + + elsif !resource.nil? + + if (resource.authenticate(login_password) && resource.is_confirmed?.eql?(true)) + session[:user_id] = resource.id + session[:login_referer] = nil + if params[:referer_url] + redirect_to URI.parse(params[:referer_url]).path + else + redirect_to admin_dashboards_path + end + else + flash.now.alert = t('devise.failure.invalid') + render "new" + end + + else + + logger.error "==password LDAP fail..." + flash.now.alert = t('devise.failure.ldap_invalid') + render "new" + + end + + else + + logger.error "=LDAP fail..." + flash.now.alert = t('devise.failure.ldap_connection_failed') + render "new" + + end + + else #if rulingcom account + logger.info "=======Rulingcom account======" + + user = User.find_by(user_name: login_uid) rescue nil + if (user && user.authenticate(login_password) && user.is_confirmed?.eql?(true)) session[:user_id] = user.id session[:login_referer] = nil if params[:referer_url] @@ -18,14 +87,88 @@ class SessionsController < ApplicationController else redirect_to admin_dashboards_path end - # else - # flash.now.alert = "User not approved." - # render "new" - # end - else - flash.now.alert = "Invalid username or password" - render "new" + else + flash.now.alert = t('devise.failure.invalid') + render "new" + end + end + + logger.info "=======End Debugging======" + + end + + def google_result + @code = params[:code] + if @code.nil? + redirect_to root_url + end + end + + def google_callback + error = params[:error] rescue nil + if error == "access_denied" + redirect_to auth_failure_path and return + end + auth = env["omniauth.auth"] + user = Google.find_by("google_uid" => auth.uid).user rescue nil + if user.nil? && current_user.nil? + user_connected = false + else + user_connected = true + if user.nil? && !current_user.nil? + connection_successful = connect_account(auth) + else + if login_user(user,auth) + if params[:referer_url] + redirect_to URI.parse(params[:referer_url]).path and return + else + redirect_to admin_dashboards_path and return + end + end + end + end + if user_connected && connection_successful + code = 1 + elsif user_connected && !connection_successful + code = 2 + else !user_connected && !connection_successful + code = 3 + end + redirect_to auth_google_result_path(:code => code) + end + + def google_remove + current_user.google.destroy rescue "" + redirect_to admin_member_path(current_user.member_profile.to_param) and return + end + + def google_faliure + @code = 2 + render "google_result" + end + + def connect_account(auth) + if !current_user.nil? + google = Google.new + google.google_uid = auth.uid + google.token = auth.credentials.token + google.connected = true + google.save + current_user.google = google + current_user.save + return true + else + return false + end + end + + def login_user(user,auth) + if user.google.token != auth.credentials.token + user.google.token = auth.credentials.token + user.google.save + end + session[:user_id] = user.id end def google_result @@ -106,4 +249,12 @@ class SessionsController < ApplicationController session[:user_id] = nil redirect_to root_url end + + private + + def check_auth_with_ldap(login_uid,login_password) + ldap_filter = "(uid=#{login_uid})" + $nccu_ldap_connection.bind_as(:base => NccuLdapConnection::BASE,:filter => ldap_filter,:password=> login_password) rescue false + end + end diff --git a/config/initializers/load_config.rb b/config/initializers/load_config.rb new file mode 100644 index 0000000..c582b88 --- /dev/null +++ b/config/initializers/load_config.rb @@ -0,0 +1 @@ +LDAP_CONFIG = YAML.load_file("#{Rails.root}/config/ldap.yml")[Rails.env] \ No newline at end of file diff --git a/config/initializers/nccu_ldap_connection.rb b/config/initializers/nccu_ldap_connection.rb new file mode 100644 index 0000000..8d32ac1 --- /dev/null +++ b/config/initializers/nccu_ldap_connection.rb @@ -0,0 +1,16 @@ +#encoding: utf-8 +# require 'mysql2' + +$nccu_ldap_connection + +module NccuLdapConnection + BASE = 'ou=People,dc=nccu,dc=edu,dc=tw' + + def self.establish + $nccu_ldap_connection = Net::LDAP.new + $nccu_ldap_connection.port =LDAP_CONFIG["port"] + $nccu_ldap_connection.host = LDAP_CONFIG["host"] + $nccu_ldap_connection.authenticate(LDAP_CONFIG["authenticate_info"],LDAP_CONFIG["authenticate_pwd"]) + end + +end \ No newline at end of file diff --git a/config/ldap.yml b/config/ldap.yml new file mode 100644 index 0000000..85de555 --- /dev/null +++ b/config/ldap.yml @@ -0,0 +1,12 @@ +defaults: &defaults + authenticate_info: 'cn=uccn,ou=profile,dc=nccu,dc=edu,dc=tw' + authenticate_pwd: 'nccu2ucc' + +development: + <<: *defaults + host: '140.119.166.23' + port: 389 +production: + <<: *defaults + host: '140.119.166.23' + port: 389 \ No newline at end of file