Class: RailsBase::SecondaryAuthenticationController
- Inherits:
-
RailsBaseApplicationController
- Object
- ActionController::Base
- RailsBaseApplicationController
- RailsBase::SecondaryAuthenticationController
- Defined in:
- app/controllers/rails_base/secondary_authentication_controller.rb
Constant Summary
Constants included from CaptureReferenceHelper
CaptureReferenceHelper::CAPTURE_ACTION_NAME, CaptureReferenceHelper::CAPTURE_CONTROLLER_PATH, CaptureReferenceHelper::CAPTURE_REFERRED_PATH
Constants included from AppearanceHelper
AppearanceHelper::APPEARANCE_MODE_ACTUAL_COOKIE, AppearanceHelper::APPEARANCE_MODE_COOKIE, AppearanceHelper::APPEARANCE_TEXT_CLASS, AppearanceHelper::VIEWPORT_EXTRA_LARGE, AppearanceHelper::VIEWPORT_EXTRA_SMALL, AppearanceHelper::VIEWPORT_LARGE, AppearanceHelper::VIEWPORT_MEDIUM, AppearanceHelper::VIEWPORT_MOBILE_MAX, AppearanceHelper::VIEWPORT_SIZES, AppearanceHelper::VIEWPORT_SMALL
Constants included from ApplicationHelper
ApplicationHelper::TIMEZONE_OFFSET_COOKIE, ApplicationHelper::TIMEZONE_SESSION_NAME
Instance Method Summary collapse
-
#after_email_login_session_create ⇒ Object
POST auth/login.
-
#after_email_login_session_new ⇒ Object
GET auth/login.
-
#confirm_phone_registration ⇒ Object
POST auth/phone/mfa.
-
#email_verification ⇒ Object
GET auth/email/:data.
-
#forgot_password ⇒ Object
GET auth/email/forgot/:data.
-
#forgot_password_with_mfa ⇒ Object
POST auth/email/forgot/:data.
-
#phone_registration ⇒ Object
POST auth/phone.
- #remove_me ⇒ Object
-
#remove_phone_mfa ⇒ Object
DELETE auth/phone/disable.
-
#resend_email ⇒ Object
POST auth/resend_email.
-
#reset_password ⇒ Object
POST auth/email/reset/:data.
-
#sso_login ⇒ Object
GET auth/validate/:data.
-
#static ⇒ Object
GET auth/wait.
- #testing_route ⇒ Object
Methods inherited from RailsBaseApplicationController
#admin_impersonation_session?, #admin_reset_impersonation_session!, #admin_user?, #capture_admin_action, #is_timeout_error?, #populate_admin_actions, #set_time_zone
Methods included from CaptureReferenceHelper
#authenticate_user!, #capture_and_clear_reference_redirect!, #capture_clear_reference_from_sesssion!, #capture_reference, #redirect_from_reference, #reference_redirect, #skip_capture_reference!, #skip_capture_reference?, #use_capture_reference?
Methods included from AppearanceHelper
#appearance_mode_drop_down, #appearance_text_class, #footer_mode_case, #force_sticky_mode!
Methods included from ApplicationHelper
#admin_reset_session!, #browser, #is_mobile?, #is_safari?, #mfa_fallback?
Instance Method Details
#after_email_login_session_create ⇒ Object
POST auth/login
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 63 def after_email_login_session_create return unless validate_token!(purpose: Authentication::Constants::SSOVE_PURPOSE) flash[:notice] = nil flash[:alert] = nil authenticate = Authentication::AuthenticateUser.call(email: params[:user][:email], password: params[:user][:password]) if authenticate.failure? flash[:alert] = authenticate. @user = User.new(email: params[:user][:email]) render :after_email_login_session_new return end sign_in(authenticate.user) flash[:notice] = I18n.t('authentication.after_email_login_session_create') redirect_to RailsBase.url_routes.authenticated_root_path end |
#after_email_login_session_new ⇒ Object
GET auth/login
53 54 55 56 57 58 59 60 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 53 def after_email_login_session_new return unless validate_token!(purpose: Authentication::Constants::SSOVE_PURPOSE) @user = User.new if flash[:alert].nil? && flash[:notice].nil? flash[:notice] = I18n.t('authentication.after_email_login_session_new') end end |
#confirm_phone_registration ⇒ Object
POST auth/phone/mfa
94 95 96 97 98 99 100 101 102 103 104 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 94 def confirm_phone_registration mfa_validity = Authentication::MfaValidator.call(current_user: current_user, params: params, session_mfa_user_id: @token_verifier.user_id) if mfa_validity.failure? redirect_to RailsBase.url_routes.authenticated_root_path, alert: I18n.t('authentication.confirm_phone_registration.fail', message: mfa_validity.) return end current_user.update!(mfa_enabled: true) redirect_to RailsBase.url_routes.authenticated_root_path, notice: I18n.t('authentication.confirm_phone_registration.valid') end |
#email_verification ⇒ Object
GET auth/email/:data
40 41 42 43 44 45 46 47 48 49 50 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 40 def email_verification verify = Authentication::SsoVerifyEmail.call(verification: params[:data]) if verify.failure? redirect_to(verify.redirect_url, alert: verify.) return end session[:mfa_randomized_token] = verify.encrypted_val redirect_to RailsBase.url_routes.login_after_email_path end |
#forgot_password ⇒ Object
GET auth/email/forgot/:data
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 113 def forgot_password result = Authentication::VerifyForgotPassword.call(data: params[:data]) if result.failure? redirect_to result.redirect_url, alert: result. return end session[:mfa_randomized_token] = result.encrypted_val flash[:notice] = if @mfa_flow = result.mfa_flow I18n.t('authentication.forgot_password.2fa') else I18n.t('authentication.forgot_password.base') end @user = result.user @data = params[:data] end |
#forgot_password_with_mfa ⇒ Object
POST auth/email/forgot/:data
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 132 def forgot_password_with_mfa return unless validate_token!(purpose: Authentication::Constants::VFP_PURPOSE) # datum is expired because it was used with #forgot_password method # we dont care, we just want to ensure the correct user (multiple verification ways) # -- validate user by datum # -- validate user by short lived token # -- validate user by mfa_token # -- When all match by user and within the lifetime of the short lived token... we b gucci uber super secure/over engineered expired_datum = ShortLivedData.get_by_data(data: params[:data], reason: Authentication::Constants::VFP_REASON) unless expired_datum redirect_to(RailsBase.url_routes.new_user_password_path, alert: I18n.t('authentication.forgot_password_with_mfa.expired_datum')) return end result = Authentication::MfaValidator.call(params: params, session_mfa_user_id: @token_verifier.user_id, current_user: expired_datum.user) if result.failure? redirect_to(RailsBase.url_routes.new_user_password_path, alert: result.) return end @mfa_flow = false @data = params[:data] @user = result.user flash[:notice] = I18n.t('authentication.forgot_password_with_mfa.valid_mfa') render :forgot_password end |
#phone_registration ⇒ Object
POST auth/phone
82 83 84 85 86 87 88 89 90 91 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 82 def phone_registration result = Authentication::UpdatePhoneSendVerification.call(user: current_user, phone_number: params[:phone_number]) if result.failure? render :json => { error: I18n.t('request_response.teapot.fail'), msg: result. }.to_json, :status => 418 return end session[:mfa_randomized_token] = result.mfa_randomized_token render :json => { status: :success, message: I18n.t('request_response.teapot.valid') } end |
#remove_me ⇒ Object
18 19 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 18 def remove_me end |
#remove_phone_mfa ⇒ Object
DELETE auth/phone/disable
107 108 109 110 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 107 def remove_phone_mfa current_user.update!(mfa_enabled: false, last_mfa_login: nil) redirect_to RailsBase.url_routes.authenticated_root_path, notice: I18n.t('authentication.remove_phone_mfa') end |
#resend_email ⇒ Object
POST auth/resend_email
27 28 29 30 31 32 33 34 35 36 37 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 27 def resend_email user = User.find @token_verifier.user_id email_verification = Authentication::SendVerificationEmail.call(user: user, reason: Authentication::Constants::SVE_LOGIN_REASON) params = if email_verification.failure? { alert: email_verification. } else { notice: I18n.t('authentication.resend_email', email: user.email) } end redirect_to RailsBase.url_routes.auth_static_path, params end |
#reset_password ⇒ Object
POST auth/email/reset/:data
162 163 164 165 166 167 168 169 170 171 172 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 162 def reset_password return unless validate_token!(purpose: Authentication::Constants::VFP_PURPOSE) result = Authentication::ModifyPassword.call(password: params[:user][:password], password_confirmation: params[:user][:password_confirmation], data: params[:data], user_id: @token_verifier.user_id, flow: :forgot_password) if result.failure? redirect_to RailsBase.url_routes.new_user_password_path, alert: result. return end redirect_to RailsBase.url_routes.authenticated_root_path, notice: I18n.t('authentication.reset_password') end |
#sso_login ⇒ Object
GET auth/validate/:data
175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 175 def sso_login input_params = { data: params[:data], reason: RailsBase::Authentication::Constants::SSO_LOGIN_REASON } sso_decision = RailsBase::Authentication::SingleSignOnVerify.call(input_params) if sso_decision.failure? if current_user.nil? flash[:alert] = I18n.t('authentication.sso_login.fail') + sso_decision. redirect_to RailsBase.url_routes.unauthenticated_root_path return else logger.info('User is logged in but failed the SSO login') end end sign_in(sso_decision.user) if current_user.nil? url = if RailsBase.route_exist?(sso_decision.url_redirect) sso_decision.url_redirect else logger.debug("Failed to find #{sso_decision.url_redirect}. Redirecing to root") RailsBase.url_routes.authenticated_root_path end flash[:notice] = I18n.t('authentication.sso_login.valid') redirect_to url end |
#static ⇒ Object
GET auth/wait
10 11 12 13 14 15 16 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 10 def static return unless validate_token!(purpose: Authentication::Constants::SSOVE_PURPOSE) if flash[:notice].nil? && flash[:alert].nil? flash[:notice] = Authentication::Constants::STATIC_WAIT_FLASH end end |
#testing_route ⇒ Object
21 22 23 24 |
# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 21 def testing_route Rails.logger.error("This will cause an error to be thrown") raise ArgumentError, 'Boo' end |