Class: Kadmin::AuthController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Kadmin::AuthController

Defined in:

app/controllers/kadmin/auth_controller.rb

Constant Summary

SESSION_KEY =

'kadmin.user'.freeze

SESSION_ORG_OVERWRITE_KEY =

'kadmin.org_overwrite'.freeze

Endpoints

• #change_organization ⇒ Object

  POST /change_organization.

• #failure ⇒ Object

  GET /auth/failure.

• #login ⇒ Object

  GET /auth/login.

• #logout ⇒ Object

  GET /auth/logout DELETE /auth/logout.

• #save ⇒ Object

  GET /auth/:provider/callback POST /auth/:provider/callback.

• #unauthorized ⇒ Object

Helpers

• #omniauth_provider_link ⇒ Object

Methods inherited from ApplicationController

#handle_error, #handle_unexpected_error, #not_found, #organization, #params_missing, #scoped_all, #scoped_find_by!

Methods included from Concerns::AuthorizedUser

#authorize, #authorized?, #authorized_user, #current_user, #logged_in?

Instance Method Details

#change_organization ⇒ Object

POST /change_organization

# File 'app/controllers/kadmin/auth_controller.rb', line 65

def change_organization
  if authorized_user&.admin?
    session[SESSION_ORG_OVERWRITE_KEY] = Kadmin::Organization.find(params[:organization_id]).name
  end
  redirect_to :dash
end

#failure ⇒ Object

GET /auth/failure

# File 'app/controllers/kadmin/auth_controller.rb', line 52

def failure
  flash.alert = params[:message]
  redirect_to auth_login_path(origin: request.env['omniauth.origin'])
end

#login ⇒ Object

GET /auth/login

# File 'app/controllers/kadmin/auth_controller.rb', line 11

def login
  if logged_in? && authorized?
    redirect_to dash_path
  else
    render 'kadmin/auth/login'
  end
end

#logout ⇒ Object

GET /auth/logout DELETE /auth/logout

# File 'app/controllers/kadmin/auth_controller.rb', line 21

def logout
  session.delete(SESSION_KEY)
  redirect_to auth_login_path
end

#omniauth_provider_link ⇒ Object

# File 'app/controllers/kadmin/auth_controller.rb', line 88

def omniauth_provider_link
  auth_prefix = auth_path
  provider_link = "#{auth_prefix}/#{Kadmin::Auth.omniauth_provider}"
  origin = params[:origin]

  # if the referer is a auth route, then we risk ending in an endless loop
  if origin.blank?
    referer = request.referer
    if referer.blank?
      origin = Kadmin.config.mount_path
    else
      uri = URI(referer)
      origin = referer unless uri&.path&.start_with?(auth_prefix)
    end
  end

  provider_link = "#{provider_link}?origin=#{CGI.escape(origin)}" if origin.present?
  return provider_link
end

#save ⇒ Object

GET /auth/:provider/callback POST /auth/:provider/callback

# File 'app/controllers/kadmin/auth_controller.rb', line 28

def save
  auth_hash = request.env['omniauth.auth']

  if auth_hash.blank?
    Kadmin.logger.error('No authorization hash provided')
    flash.alert = I18n.t('kadmin.auth.error')
    redirect_to auth_login_path(origin: request.env['omniauth.origin'])
    return
  end

  email = auth_hash.dig('info', 'email')
  if Kadmin::Auth.users.exists?(email)
    session[SESSION_KEY] = email
    redirect_url = request.env['omniauth.origin']
    redirect_url = Kadmin.config.mount_path unless valid_redirect_url?(redirect_url)
  else
    flash.alert = I18n.t('kadmin.auth.unauthorized_message')
    redirect_url = auth_login_path(origin: request.env['omniauth.origin'])
  end

  redirect_to redirect_url
end

#unauthorized ⇒ Object

# File 'app/controllers/kadmin/auth_controller.rb', line 57

def unauthorized
  render 'kadmin/error', format: ['html'], locals: {
    title: I18n.t('kadmin.auth.unauthorized'),
    message: I18n.t('kadmin.auth.unauthorized_message')
  }
end