diff options
author | hellekin <hellekin@cepheide.org> | 2020-10-05 22:10:26 +0200 |
---|---|---|
committer | hellekin <hellekin@cepheide.org> | 2020-10-05 22:10:26 +0200 |
commit | 046c210e91fc03e1c670a0a28ea4849968c77056 (patch) | |
tree | 6c6437c7d9a6f252950e3ba1edc9fe12398938df /app/controllers/welcome_controller.rb | |
parent | d0efb8c068a86436359b3c20950d427c7a6a27cd (diff) | |
download | incommon-map-046c210e91fc03e1c670a0a28ea4849968c77056.tar.gz |
Add Authentication logic
The ApplicationController provides a `current_user` method (and
helper) to access the authenticated user (if any).
The WelcomeController provides minimal logic to authenticate
against DiscourseSSO.
Current state is that one can login and logout.
Views need a lot of work.
Diffstat (limited to 'app/controllers/welcome_controller.rb')
-rw-r--r-- | app/controllers/welcome_controller.rb | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb new file mode 100644 index 0000000..ae24138 --- /dev/null +++ b/app/controllers/welcome_controller.rb @@ -0,0 +1,82 @@ +class WelcomeController < ApplicationController + # GET / + def index + end + + # GET /authenticate(/:token) + # Discourse SSO Authentication + def authenticate + # Ensure nobody tries silly things with our session + if params[:token].present? && !params[:token].match?(/[a-z0-9]{32}/) + raise(ArgumentError, "Token invalid") + end + + # Try an ongoing SSO or create a new one + @sso = SSO::FromDiscourse.new(token: params[:token], nonce: session[params[:token]]) + # Remove any current session + Rails.logger.info("Removing current session (#{session[:current_user]})") + session.destroy + @current_user = nil + + if params[:token].nil? # Send to authenticate + # Record this token and nonce in the session + session[@sso.token] = @sso.nonce + # Send to authorization + redirect_to @sso.request_uri and return + end + + # Validate authentication + begin + @sso.parse(params) + rescue ArgumentError => e + return 403, e.message + end + + case @sso.status + when :unauthorized + Rails.logger.info("Authentication failed!") + return 403 + when :ok + Rails.logger.info("Authentication succeeded!") + @current_user = User.find_by(external_id: @sso.user_info[:external_id]) || + begin + Rails.logger.info('new user...') + u = User.create( + external_id: @sso.user_info[:external_id], + avatar_url: @sso.user_info[:avatar_url], + email: @sso.user_info[:email], + name: @sso.user_info[:name], + username: @sso.user_info[:username]) + Rails.logger.info('created user %s' % u.inspect) + u + rescue Exception => e + raise + end + # Update user agents + # TODO: do it as a background job, it has nothing to do here. + @sso.user_info[:groups].split(',').each do |g| + a = Agent.find_by_name(g) + if a + # TODO: call Discourse and make :leader if group owner + # TODO: do not create the record if it exists + a.agencies.create(user: u, roles: 2) # make new user an editor + Rails.logger.info('User has Agent %s' % g) + end + end + session[:current_user] = @current_user[:external_id] + end + + redirect_to '/my/dashboard' + end + + # GET /dashboard + def dashboard + redirect_to '/authenticate' and return unless current_user.present? + end + + # GET /logout + def logout + session.destroy + render :index + end +end |