Class: EgovUtils::User

Inherits:
Principal show all
Defined in:
app/models/egov_utils/user.rb

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Principal

#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload

Class Method Details

.anonymousObject 



69
70
71
 
# File 'app/models/egov_utils/user.rb', line 69

def self.anonymous
  self.new
end

.authenticate(login, password, active_only = true) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'app/models/egov_utils/user.rb', line 40

def self.authenticate(, password, active_only=true)
   = .to_s
  password = password.to_s

  # Make sure no one can sign in with an empty login or password
  return nil if .empty? || password.empty?

  # Fail over to case-insensitive if none was found
  user = find_by(login: ) || where( arel_table[:login].lower.eq(.downcase) ).first

  if user
    # user is already in local database
    return nil unless user.password_check?(password)
    return nil if active_only && !user.active?
  else
    # user is not yet registered, try to authenticate with available sources
    attrs = EgovUtils::AuthSource.authenticate(, password)
    if attrs
      user = new(attrs.merge(active: true))
      if user.ldap_register_allowed? && user.save
        user.reload
        logger.info("User '#{user.}' created from external auth source: #{user.provider}") if logger && user.auth_source
      end
    end
  end
  user.update_column(:last_login_at, Time.now) if user && !user.new_record? && user.active?
  user
end

.currentObject 



77
78
79
 
# File 'app/models/egov_utils/user.rb', line 77

def self.current
  RequestLocals.fetch(:current_user) { User.anonymous }
end

.current=(user) ⇒ Object 



73
74
75
 
# File 'app/models/egov_utils/user.rb', line 73

def self.current=(user)
  RequestLocals.store[:current_user] = user || anonymous
end

Instance Method Details

#admin?Boolean

Returns:

  • (Boolean) 


117
118
119
 
# File 'app/models/egov_utils/user.rb', line 117

def admin?
  has_role?('admin')
end

#all_role_namesObject 



125
126
127
128
129
130
131
 
# File 'app/models/egov_utils/user.rb', line 125

def all_role_names
  @all_role_names ||= Rails.cache.fetch("#{cache_key}/all_role_names", expires_in: 1.hours) do
                        groups.collect{|g| g.roles}.reduce([], :concat) + roles
                      end
  @all_role_names << self.class.default_role if self.class.default_role && !@all_role_names.any?
  @all_role_names
end

#all_rolesObject 



133
134
135
 
# File 'app/models/egov_utils/user.rb', line 133

def all_roles
  all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end

#fullnameObject 



113
114
115
 
# File 'app/models/egov_utils/user.rb', line 113

def fullname
  "#{firstname} #{lastname}"
end

#generate_reset_password_tokenObject 



166
167
168
169
 
# File 'app/models/egov_utils/user.rb', line 166

def generate_reset_password_token
  self.confirmation_code = nil
  generate_confirmation_code
end

#groupsObject 



137
138
139
 
# File 'app/models/egov_utils/user.rb', line 137

def groups
  super.to_a.concat( Array.wrap(ldap_groups) )
end

#has_role?(role_name) ⇒ Boolean

Returns:

  • (Boolean) 


121
122
123
 
# File 'app/models/egov_utils/user.rb', line 121

def has_role?(role_name)
  all_role_names.include?(role_name)
end

#ldap_dnObject 



141
142
143
 
# File 'app/models/egov_utils/user.rb', line 141

def ldap_dn
  @ldap_dn ||= ( dn = auth_source.send(:get_user_dn, ) ) && dn[:dn]
end

#ldap_groupsObject 



145
146
147
148
149
150
151
152
153
154
155
156
 
# File 'app/models/egov_utils/user.rb', line 145

def ldap_groups
  if provider.present?
    group_ids = persisted? && Rails.cache.read("#{cache_key}/ldap_group_ids", expires_in: 30.minutes)
    if group_ids
      groups = EgovUtils::Group.where(id: group_ids).to_a
    else
      groups = EgovUtils::Group.where(provider: provider).to_a.select{|g| auth_source.member?(ldap_dn, g.external_uid) }
      Rails.cache.write("#{cache_key}/ldap_group_ids", groups.collect(&:id), expires_in: 30.minutes) if persisted?
    end
    groups
  end
end

#ldap_register_allowed?Boolean

Returns:

  • (Boolean) 


89
90
91
 
# File 'app/models/egov_utils/user.rb', line 89

def ldap_register_allowed?
  auth_source && auth_source.register_members_only? && ldap_groups.any?
end

#locked?Boolean

Returns:

  • (Boolean) 


109
110
111
 
# File 'app/models/egov_utils/user.rb', line 109

def locked?
  false
end

#logged?Boolean

Returns:

  • (Boolean) 


105
106
107
 
# File 'app/models/egov_utils/user.rb', line 105

def logged?
  persisted?
end

#must_change_password?Boolean

Returns:

  • (Boolean) 


158
159
160
 
# File 'app/models/egov_utils/user.rb', line 158

def must_change_password?
  (super || password_expired?) && !provider?
end

#password_change_possible?Boolean

Returns:

  • (Boolean) 


101
102
103
 
# File 'app/models/egov_utils/user.rb', line 101

def password_change_possible?
  !provider.present?
end

#password_check?(password) ⇒ Boolean

Returns:

  • (Boolean) 


93
94
95
96
97
98
99
 
# File 'app/models/egov_utils/user.rb', line 93

def password_check?(password)
  if provider.present?
    auth_source.authenticate(, password)
  else
    authenticate(password)
  end
end

#password_expired?Boolean

Returns:

  • (Boolean) 


162
163
164
 
# File 'app/models/egov_utils/user.rb', line 162

def password_expired?
  false
end

#rolesObject 



85
86
87
 
# File 'app/models/egov_utils/user.rb', line 85

def roles
  logged? ? super : ['anonymous']
end

#to_sObject 



81
82
83
 
# File 'app/models/egov_utils/user.rb', line 81

def to_s
  fullname
end