diff options
-rw-r--r-- | app/assets/stylesheets/welcome.scss | 3 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 12 | ||||
-rw-r--r-- | app/controllers/welcome_controller.rb | 82 | ||||
-rw-r--r-- | app/helpers/welcome_helper.rb | 2 | ||||
-rw-r--r-- | app/views/welcome/authenticate.html.erb | 15 | ||||
-rw-r--r-- | app/views/welcome/dashboard.html.erb | 5 | ||||
-rw-r--r-- | app/views/welcome/index.html.erb | 8 | ||||
-rw-r--r-- | config/routes.rb | 7 |
8 files changed, 133 insertions, 1 deletions
diff --git a/app/assets/stylesheets/welcome.scss b/app/assets/stylesheets/welcome.scss new file mode 100644 index 0000000..5042f7d --- /dev/null +++ b/app/assets/stylesheets/welcome.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the welcome controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: https://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 09705d1..c34b9f9 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,2 +1,14 @@ class ApplicationController < ActionController::Base + protect_from_forgery with: :null_session + + require 'sso' + + before_action :current_user + + protected + + def current_user + @current_user ||= User.find_by(external_id: session[:current_user]) if session[:current_user].present? + end + helper_method :current_user end diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb new file mode 100644 index 0000000..ae24138 --- /dev/null +++ b/app/controllers/welcome_controller.rb @@ -0,0 +1,82 @@ +class WelcomeController < ApplicationController + # GET / + def index + end + + # GET /authenticate(/:token) + # Discourse SSO Authentication + def authenticate + # Ensure nobody tries silly things with our session + if params[:token].present? && !params[:token].match?(/[a-z0-9]{32}/) + raise(ArgumentError, "Token invalid") + end + + # Try an ongoing SSO or create a new one + @sso = SSO::FromDiscourse.new(token: params[:token], nonce: session[params[:token]]) + # Remove any current session + Rails.logger.info("Removing current session (#{session[:current_user]})") + session.destroy + @current_user = nil + + if params[:token].nil? # Send to authenticate + # Record this token and nonce in the session + session[@sso.token] = @sso.nonce + # Send to authorization + redirect_to @sso.request_uri and return + end + + # Validate authentication + begin + @sso.parse(params) + rescue ArgumentError => e + return 403, e.message + end + + case @sso.status + when :unauthorized + Rails.logger.info("Authentication failed!") + return 403 + when :ok + Rails.logger.info("Authentication succeeded!") + @current_user = User.find_by(external_id: @sso.user_info[:external_id]) || + begin + Rails.logger.info('new user...') + u = User.create( + external_id: @sso.user_info[:external_id], + avatar_url: @sso.user_info[:avatar_url], + email: @sso.user_info[:email], + name: @sso.user_info[:name], + username: @sso.user_info[:username]) + Rails.logger.info('created user %s' % u.inspect) + u + rescue Exception => e + raise + end + # Update user agents + # TODO: do it as a background job, it has nothing to do here. + @sso.user_info[:groups].split(',').each do |g| + a = Agent.find_by_name(g) + if a + # TODO: call Discourse and make :leader if group owner + # TODO: do not create the record if it exists + a.agencies.create(user: u, roles: 2) # make new user an editor + Rails.logger.info('User has Agent %s' % g) + end + end + session[:current_user] = @current_user[:external_id] + end + + redirect_to '/my/dashboard' + end + + # GET /dashboard + def dashboard + redirect_to '/authenticate' and return unless current_user.present? + end + + # GET /logout + def logout + session.destroy + render :index + end +end diff --git a/app/helpers/welcome_helper.rb b/app/helpers/welcome_helper.rb new file mode 100644 index 0000000..eeead45 --- /dev/null +++ b/app/helpers/welcome_helper.rb @@ -0,0 +1,2 @@ +module WelcomeHelper +end diff --git a/app/views/welcome/authenticate.html.erb b/app/views/welcome/authenticate.html.erb new file mode 100644 index 0000000..548101b --- /dev/null +++ b/app/views/welcome/authenticate.html.erb @@ -0,0 +1,15 @@ +<h1>Authentication#sso_callback</h1> + +<p>Welcome <%= @current_user&.name %>!</p> + +<p>Your Agents: + <ul> + <% @current_user&.agencies&.each do |a| %> + <li><%= a.name %> (<%= a.roles %>)</li> + <% end %> + </ul> +</p> + +<%= p @current_user %> +<%= p @sso.user_info %> +<%= p session %> diff --git a/app/views/welcome/dashboard.html.erb b/app/views/welcome/dashboard.html.erb new file mode 100644 index 0000000..81264e2 --- /dev/null +++ b/app/views/welcome/dashboard.html.erb @@ -0,0 +1,5 @@ +<h1>Welcome <%= h current_user.name %>!</h1> + +<p>Current Agent: <%= current_user&.agencies&.first&.agent&.name %></p> + +<p>Cool, what can we do now?</p> diff --git a/app/views/welcome/index.html.erb b/app/views/welcome/index.html.erb new file mode 100644 index 0000000..a1fa276 --- /dev/null +++ b/app/views/welcome/index.html.erb @@ -0,0 +1,8 @@ +<h1>Bienvenue à l'atelier carto d'IN COMMON</h1> + +<% if current_user.present? %> + <p>Hi <%= h current_user.name %>, please <%= link_to 'proceed to your dashboard', url_for(action: 'dashboard') %>.</p> + <p>You may <%= link_to 'sign off', logout_url %>.</p> +<% else %> + <p><%= link_to "S'identifier avec Talk.incommon.cc", '/authenticate' %></p> +<% end %> diff --git a/config/routes.rb b/config/routes.rb index a2260d6..ac3e3f3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,6 +1,11 @@ Rails.application.routes.draw do # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html + root to: 'welcome#index' + + get '/my/dashboard', to: 'welcome#dashboard' + # Discourse SSO - get 'my/account/:token', to: 'authentication#login' + get 'authenticate(/:token)', to: 'welcome#authenticate' + get 'logout', to: 'welcome#logout' end |