aboutsummaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorhellekin <hellekin@cepheide.org>2020-10-05 22:10:26 +0200
committerhellekin <hellekin@cepheide.org>2020-10-05 22:10:26 +0200
commit046c210e91fc03e1c670a0a28ea4849968c77056 (patch)
tree6c6437c7d9a6f252950e3ba1edc9fe12398938df /app
parentd0efb8c068a86436359b3c20950d427c7a6a27cd (diff)
downloadincommon-map-046c210e91fc03e1c670a0a28ea4849968c77056.tar.gz
Add Authentication logic
The ApplicationController provides a `current_user` method (and helper) to access the authenticated user (if any). The WelcomeController provides minimal logic to authenticate against DiscourseSSO. Current state is that one can login and logout. Views need a lot of work.
Diffstat (limited to 'app')
-rw-r--r--app/assets/stylesheets/welcome.scss3
-rw-r--r--app/controllers/application_controller.rb12
-rw-r--r--app/controllers/welcome_controller.rb82
-rw-r--r--app/helpers/welcome_helper.rb2
-rw-r--r--app/views/welcome/authenticate.html.erb15
-rw-r--r--app/views/welcome/dashboard.html.erb5
-rw-r--r--app/views/welcome/index.html.erb8
7 files changed, 127 insertions, 0 deletions
diff --git a/app/assets/stylesheets/welcome.scss b/app/assets/stylesheets/welcome.scss
new file mode 100644
index 0000000..5042f7d
--- /dev/null
+++ b/app/assets/stylesheets/welcome.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the welcome controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: https://sass-lang.com/
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09705d1..c34b9f9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,2 +1,14 @@
class ApplicationController < ActionController::Base
+ protect_from_forgery with: :null_session
+
+ require 'sso'
+
+ before_action :current_user
+
+ protected
+
+ def current_user
+ @current_user ||= User.find_by(external_id: session[:current_user]) if session[:current_user].present?
+ end
+ helper_method :current_user
end
diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
new file mode 100644
index 0000000..ae24138
--- /dev/null
+++ b/app/controllers/welcome_controller.rb
@@ -0,0 +1,82 @@
+class WelcomeController < ApplicationController
+ # GET /
+ def index
+ end
+
+ # GET /authenticate(/:token)
+ # Discourse SSO Authentication
+ def authenticate
+ # Ensure nobody tries silly things with our session
+ if params[:token].present? && !params[:token].match?(/[a-z0-9]{32}/)
+ raise(ArgumentError, "Token invalid")
+ end
+
+ # Try an ongoing SSO or create a new one
+ @sso = SSO::FromDiscourse.new(token: params[:token], nonce: session[params[:token]])
+ # Remove any current session
+ Rails.logger.info("Removing current session (#{session[:current_user]})")
+ session.destroy
+ @current_user = nil
+
+ if params[:token].nil? # Send to authenticate
+ # Record this token and nonce in the session
+ session[@sso.token] = @sso.nonce
+ # Send to authorization
+ redirect_to @sso.request_uri and return
+ end
+
+ # Validate authentication
+ begin
+ @sso.parse(params)
+ rescue ArgumentError => e
+ return 403, e.message
+ end
+
+ case @sso.status
+ when :unauthorized
+ Rails.logger.info("Authentication failed!")
+ return 403
+ when :ok
+ Rails.logger.info("Authentication succeeded!")
+ @current_user = User.find_by(external_id: @sso.user_info[:external_id]) ||
+ begin
+ Rails.logger.info('new user...')
+ u = User.create(
+ external_id: @sso.user_info[:external_id],
+ avatar_url: @sso.user_info[:avatar_url],
+ email: @sso.user_info[:email],
+ name: @sso.user_info[:name],
+ username: @sso.user_info[:username])
+ Rails.logger.info('created user %s' % u.inspect)
+ u
+ rescue Exception => e
+ raise
+ end
+ # Update user agents
+ # TODO: do it as a background job, it has nothing to do here.
+ @sso.user_info[:groups].split(',').each do |g|
+ a = Agent.find_by_name(g)
+ if a
+ # TODO: call Discourse and make :leader if group owner
+ # TODO: do not create the record if it exists
+ a.agencies.create(user: u, roles: 2) # make new user an editor
+ Rails.logger.info('User has Agent %s' % g)
+ end
+ end
+ session[:current_user] = @current_user[:external_id]
+ end
+
+ redirect_to '/my/dashboard'
+ end
+
+ # GET /dashboard
+ def dashboard
+ redirect_to '/authenticate' and return unless current_user.present?
+ end
+
+ # GET /logout
+ def logout
+ session.destroy
+ render :index
+ end
+end
diff --git a/app/helpers/welcome_helper.rb b/app/helpers/welcome_helper.rb
new file mode 100644
index 0000000..eeead45
--- /dev/null
+++ b/app/helpers/welcome_helper.rb
@@ -0,0 +1,2 @@
+module WelcomeHelper
+end
diff --git a/app/views/welcome/authenticate.html.erb b/app/views/welcome/authenticate.html.erb
new file mode 100644
index 0000000..548101b
--- /dev/null
+++ b/app/views/welcome/authenticate.html.erb
@@ -0,0 +1,15 @@
+<h1>Authentication#sso_callback</h1>
+
+<p>Welcome <%= @current_user&.name %>!</p>
+
+<p>Your Agents:
+ <ul>
+ <% @current_user&.agencies&.each do |a| %>
+ <li><%= a.name %> (<%= a.roles %>)</li>
+ <% end %>
+ </ul>
+</p>
+
+<%= p @current_user %>
+<%= p @sso.user_info %>
+<%= p session %>
diff --git a/app/views/welcome/dashboard.html.erb b/app/views/welcome/dashboard.html.erb
new file mode 100644
index 0000000..81264e2
--- /dev/null
+++ b/app/views/welcome/dashboard.html.erb
@@ -0,0 +1,5 @@
+<h1>Welcome <%= h current_user.name %>!</h1>
+
+<p>Current Agent: <%= current_user&.agencies&.first&.agent&.name %></p>
+
+<p>Cool, what can we do now?</p>
diff --git a/app/views/welcome/index.html.erb b/app/views/welcome/index.html.erb
new file mode 100644
index 0000000..a1fa276
--- /dev/null
+++ b/app/views/welcome/index.html.erb
@@ -0,0 +1,8 @@
+<h1>Bienvenue à l'atelier carto d'IN COMMON</h1>
+
+<% if current_user.present? %>
+ <p>Hi <%= h current_user.name %>, please <%= link_to 'proceed to your dashboard', url_for(action: 'dashboard') %>.</p>
+ <p>You may <%= link_to 'sign off', logout_url %>.</p>
+<% else %>
+ <p><%= link_to "S'identifier avec Talk.incommon.cc", '/authenticate' %></p>
+<% end %>