orbit4-5/app/controllers/sessions_controller.rb

class SessionsController < ApplicationController
  layout "authentication"
  def new
    if session[:user_id]
      redirect_to admin_dashboards_path
    end
  end

  def create 
    login_password = params[:password]
    login_uid = params[:user_name]
    result = false
    ldap_filter = "(uid=#{login_uid})"

    if login_uid != 'rulingcom'

      NccuLdapConnection.establish

      if ($nccu_ldap_connection.bind rescue false)
          
          logger.info "=LDAP Binded password ok..."

          result = check_auth_with_ldap(login_uid,login_password) 

          resource = User.find_by(user_name: params[:user_name]) rescue nil
          
          if result && login_password!=''
            
            logger.info "==LDAP  password passed..."
            # set_flash_message(:notice, :signed_in) if is_navigational_format?

            if (resource.nil?)
              logger.error "===LDAP passed local block... resource:#{resource.inspect}\n login_uid:#{login_uid}"
              flash.now.alert = t('devise.failure.ldap_pass_but_account_not_in_orbit')
              render "new"
            else
              logger.info "===ALL passed"
              session[:user_id] = resource.id
              session[:login_referer] = nil
              if params[:referer_url]
                redirect_to URI.parse(params[:referer_url]).path
              else
                redirect_to admin_dashboards_path
              end
            end

          elsif !resource.nil?

            if (resource.authenticate(login_password) && resource.is_confirmed?.eql?(true))
                session[:user_id] = resource.id
                session[:login_referer] = nil
                if params[:referer_url]
                  redirect_to URI.parse(params[:referer_url]).path
                else
                  redirect_to admin_dashboards_path
                end
            else
              flash.now.alert = t('devise.failure.invalid')
              render "new"
            end
            
          else

            logger.error "==password LDAP fail..."
            flash.now.alert = t('devise.failure.ldap_invalid')
            render "new"

          end

      else

        logger.error "=LDAP fail..."
        flash.now.alert = t('devise.failure.ldap_connection_failed')
        render "new"

      end

    else #if rulingcom account
      logger.info "=======Rulingcom account======"

      user = User.find_by(user_name: login_uid) rescue nil
      if (user && user.authenticate(login_password) && user.is_confirmed?.eql?(true))
        session[:user_id] = user.id
        session[:login_referer] = nil
        if params[:referer_url]
          redirect_to URI.parse(params[:referer_url]).path
        else
          redirect_to admin_dashboards_path
        end
      else
        flash.now.alert = t('devise.failure.invalid')
        render "new"
      end

    end

    logger.info "=======End Debugging======"

  end

  def google_result
    @code = params[:code]
    if @code.nil?
      redirect_to root_url
    end
  end

  def google_callback
    error = params[:error] rescue nil
    if error == "access_denied"
      redirect_to auth_failure_path and return
    end
    auth = env["omniauth.auth"]
    user = Google.find_by("google_uid" => auth.uid).user rescue nil
    if user.nil? && current_user.nil?
      user_connected = false
    else
      user_connected = true
       if user.nil? && !current_user.nil?
        connection_successful = connect_account(auth)
      else
        if login_user(user,auth)
          if params[:referer_url]
            redirect_to URI.parse(params[:referer_url]).path and return
          else
            redirect_to admin_dashboards_path and return
          end
        end
      end
    end
    if user_connected && connection_successful
      code = 1
    elsif user_connected && !connection_successful
      code = 2
    else !user_connected && !connection_successful
      code = 3
    end
    redirect_to auth_google_result_path(:code => code)
  end

  def google_remove
    current_user.google.destroy rescue ""
    redirect_to admin_member_path(current_user.member_profile.to_param) and return
  end

  def google_faliure
     @code = 2
     render "google_result"
  end

  def connect_account(auth)
    if !current_user.nil?
      google = Google.new
      google.google_uid = auth.uid
      google.token = auth.credentials.token
      google.connected = true
      google.save
      current_user.google = google
      current_user.save
      return true
    else
      return false
    end
  end

  def login_user(user,auth)
    if user.google.token != auth.credentials.token
      user.google.token = auth.credentials.token
      user.google.save
    end
    session[:user_id] = user.id
  end

  def destroy
    log_user_action
    session[:user_id] = nil
    redirect_to root_url
  end

  private  

  def check_auth_with_ldap(login_uid,login_password)
    ldap_filter = "(uid=#{login_uid})"
    $nccu_ldap_connection.bind_as(:base => NccuLdapConnection::BASE,:filter => ldap_filter,:password=> login_password) rescue false
  end

end