Class: PandaCms::Admin::SessionsController

Inherits:
PandaCms::ApplicationController show all
Defined in:
app/controllers/panda_cms/admin/sessions_controller.rb

Instance Method Summary collapse

Methods inherited from PandaCms::ApplicationController

#add_breadcrumb, #authenticate_admin_user!, #authenticate_user!, #breadcrumbs, #current_user, #set_current_request_details, #user_signed_in?

Methods included from PandaCms::ApplicationHelper

#active_link?, #block_link_to, #component, #level_indent, #menu_indent, #nav_class, #nav_highlight_colour_classes, #panda_cms_editor, #panda_cms_form_with, #selected_nav_highlight_colour_classes, #table_indent, #title_tag

Instance Method Details

#createObject


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'app/controllers/panda_cms/admin/sessions_controller.rb', line 12

def create
   = request.env.dig("omniauth.auth", "info")
  provider = params[:provider].to_sym

  unless PandaCms.config.authentication.dig(provider, :enabled)
    Rails.logger.error "Authentication provider '#{provider}' is not enabled"
    redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
    return
  end

  user = PandaCms::User.find_by(email: ["email"])

  if !user && PandaCms.config.authentication.dig(provider, :create_account_on_first_login)
    create_as_admin = PandaCms.config.authentication.dig(provider, :create_as_admin)

    # Always create the first user as admin, regardless of what our settings look like
    # else we can't ever really login. :)
    if !create_as_admin
      create_as_admin = true if !create_as_admin && PandaCms::User.count.zero?
    end

    if ["first_name"] && ["last_name"]
      firstname = ["first_name"]
      lastname = ["last_name"]
    elsif ["name"]
      firstname, lastname = ["name"].split(" ", 2)
    end

    user = User.find_or_create_by(
      email: ["email"]
    ) do |u|
      u.firstname = firstname
      u.lastname = lastname
      u.admin = create_as_admin
      u.image_url = ["image"]
    end
  end

  if user.nil?
    # User can't be found with this email address
    Rails.logger.error "User does not exist: #{["email"]}"
    redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
    return
  end

  if !user.admin?
    # User can't be found with this email address or can't login
    Rails.logger.error "User ID #{user.id} attempted admin login, is not admin." if user && !user.admin
    redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
    return
  end

  session[:user_id] = user.id
  PandaCms::Current.user = user

  redirect_path = request.env["omniauth.origin"] || admin_dashboard_path
  redirect_to redirect_path, flash: {success: t("panda_cms.admin.sessions.create.success")}
rescue ::OmniAuth::Strategies::OAuth2::CallbackError => e
  Rails.logger.error "OAuth2 login callback error: #{e.message}"
  redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
rescue ::OAuth2::Error => e
  Rails.logger.error "OAuth2 login error: #{e.message}"
  redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
rescue => e
  Rails.logger.error "Unknown login error: #{e.message}"
  redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
end

#destroyObject


85
86
87
88
89
# File 'app/controllers/panda_cms/admin/sessions_controller.rb', line 85

def destroy
  PandaCms::Current.user = nil
  session[:user_id] = nil
  redirect_to , flash: {success: t("panda_cms.admin.sessions.destroy.success")}
end

#failureObject


80
81
82
83
# File 'app/controllers/panda_cms/admin/sessions_controller.rb', line 80

def failure
  Rails.logger.error "Login failure: #{params[:message]} from #{params[:origin]} using #{params[:strategy]}"
  redirect_to , flash: {error: t("panda_cms.admin.sessions.create.error")}
end

#newObject


8
9
10
# File 'app/controllers/panda_cms/admin/sessions_controller.rb', line 8

def new
  @providers = PandaCms.config.authentication.select { |_, v| v[:enabled] && !v[:hidden] }.keys
end