Class: AnoubisSsoServer::MainController
- Inherits:
-
ApplicationController
- Object
- Anoubis::ApplicationController
- ApplicationController
- AnoubisSsoServer::MainController
- Defined in:
- app/controllers/anoubis_sso_server/main_controller.rb
Overview
Main controller class. Defines basic internal SSO actions.
Instance Attribute Summary
Attributes inherited from ApplicationController
#current_system, #current_user, #etc, #sso_login_url, #sso_origin, #sso_server, #sso_silent_url, #user_model
Instance Method Summary collapse
-
#auth ⇒ Object
Procedure check current login status of user and redirect to URL used for call /openid/oauth2/auth.
-
#login ⇒ Object
Login action for SSO server.
Methods inherited from ApplicationController
#access_allowed?, #after_anoubis_initialization, #after_sso_server_initialization, #authenticate?, #authentication, #check_listed_parameters, #check_origin, #get_current_system, #get_oauth_session, #get_user_by_uuid, #render_error_exit
Instance Method Details
#auth ⇒ Object
Procedure check current login status of user and redirect to URL used for call /openid/oauth2/auth.
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'app/controllers/anoubis_sso_server/main_controller.rb', line 87 def auth redirect_url = sso_silent_url redirect_url += redirect_url.index('?') ? '&' : '?' err = check_listed_parameters %w[code] if err redirect_to redirect_url + 'error=' + ERB::Util.url_encode(err), { allow_other_host: true } return end begin session = JSON.parse(redis.get("#{redis_prefix}session:#{[:oauth_session]}"), { symbolize_names: true }) rescue StandardError session = nil [:oauth_session] = nil end unless session redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.session_expired')), { allow_other_host: true } return end begin auth_code = redis.get("#{redis_prefix}auth_code:#{params[:code]}") code = JSON.parse(redis.get("#{redis_prefix}login_code:#{auth_code}"), { symbolize_names: true }) rescue StandardError code = nil end unless code redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.is_not_correct', title: 'code')), { allow_other_host: true } return end self.redis.del("#{redis_prefix}auth_code:#{params[:code]}") self.redis.del("#{redis_prefix}login_code:#{auth_code}") redirect_to code[:original_url], { allow_other_host: true } end |
#login ⇒ Object
Login action for SSO server.
API request:
GET /api/<version>/login
Parameters:
-
login (String) — user email address (required field)
-
password (String) — user password (required field)
-
locale (String) — the output language locale (optional value)
-
code (String) — login code for redirect (optional value, default: 0)
Request example:
curl --header "Content-Type: application/json" http://<server>:<port>/api/<api-version>/[email protected]&password=password&locale=en
Results:
Resulting data returns as redirect to silent URL with login result.
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'app/controllers/anoubis_sso_server/main_controller.rb', line 23 def login redirect_url = sso_silent_url redirect_url += redirect_url.index('?') ? '&' : '?' unless params[:login] redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.fields.login')), { allow_other_host: true } return end unless params[:password] redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.fields.password')), { allow_other_host: true } return end usr = user_model.where(email: params[:login]).first unless usr redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.incorrect_login')), { allow_other_host: true } return end unless usr.authenticate(params[:password]) redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.incorrect_login')), { allow_other_host: true } return end self.current_system = get_current_system unless current_system redirect_to redirect_url + 'error=' + ERB::Util.url_encode(I18n.t('anoubis.errors.system_not_defined')), { allow_other_host: true } return end code = nil if params[:code] begin code = JSON.parse(self.redis.get("#{redis_prefix}login_code:#{params[:code]}"),{ symbolize_names: true }) rescue end end session_name = SecureRandom.uuid session = { id: usr.id, uuid: usr.uuid, ttl: Time.now.utc.to_i + current_system[:ttl], timeout: current_system[:ttl] } [:oauth_session] = session_name redis.set("#{redis_prefix}session:#{session_name}", session.to_json, ex: 86400) unless code redirect_to redirect_url + "code=0", { allow_other_host: true } else auth_code = SecureRandom.uuid redis.set("#{redis_prefix}auth_code:#{auth_code}", params[:code], ex: 600) redirect_to redirect_url + "code=#{auth_code}", { allow_other_host: true } end end |