Class: AnoubisSsoServer::ApplicationController

Inherits:
Anoubis::ApplicationController
  • Object
show all
Defined in:
app/controllers/anoubis_sso_server/application_controller.rb

Overview

Main application class inherited from Anoubis::ApplicationController

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#current_systemObject

Selected SSO system



5
6
7
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 5

def current_system
  @current_system
end

#current_userObject

Current user



27
28
29
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 27

def current_user
  @current_user
end

#etcObject

Returns [Anoubis::Etc::Base] global system parameters



23
24
25
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 23

def etc
  @etc
end

#sso_login_urlString

Returns SSO Login URL used for redirect when user isn’t logged in. Link can be redefined in Rails.configuration.anoubis_sso_login_url configuration parameter. If this variable isn’t defined URL wil be defined as #sso_serverlogin

Returns:

  • (String)

    SSO login URL



11
12
13
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 11

def 
  @sso_login_url
end

#sso_originRegexp

Returns SSO origin. Variable should be defined in Rails.configuration.anoubis.sso_origin configuration parameter

Returns:

  • (Regexp)

    regexp for check site origin



20
21
22
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 20

def sso_origin
  @sso_origin
end

#sso_serverString

Returns main SSO server URL. Link should be defined in Rails.configuration.anoubis.sso_server configuration parameter

Returns:

  • (String)

    link to SSO server



8
9
10
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 8

def sso_server
  @sso_server
end

#sso_silent_urlString

Returns SSO silent url used for silent refresh token. Link can be redefined in Rails.configuration.anoubis_sso_silent_url configuration parameter. If this variable isn’t defined URL wil be defined as #sso_serversilent.html

Returns:

  • (String)

    SSO login URL



14
15
16
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 14

def sso_silent_url
  @sso_silent_url
end

#user_modelClass

Returns SSO User model. Can be redefined in Rails.application configuration_anoubis_sso_user_model configuration parameter. By default returns User model class

Returns:

  • (Class)

    User model class



17
18
19
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 17

def user_model
  @user_model
end

Instance Method Details

#access_allowed?Boolean

Check for site access. By default return true.

Returns:

  • (Boolean) 


64
65
66
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 64

def access_allowed?
  true
end

#after_anoubis_initializationObject

Action fires before any other actions



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 31

def after_anoubis_initialization
  if defined? params
    self.etc = Anoubis::Etc::Base.new({ params: params })
  else
    self.etc = Anoubis::Etc::Base.new
  end

  if access_allowed?
    options request.method.to_s.upcase
  else
    render_error_exit({ error: I18n.t('anoubis.errors.access_not_allowed') })
    return
  end

  if authenticate?
    if authentication
      if check_menu_access?
        return if !menu_access params[:controller]
      end
    end
  end

  after_sso_server_initialization
end

#after_sso_server_initializationObject

Procedure fires after initializes all basic parameters of AnoubisSsoServer::ApplicationController



58
59
60
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 58

def after_sso_server_initialization
  #puts etc.inspect
end

#authenticate?Boolean

Checks if needed user authentication.

Returns:

  • (Boolean)

    if true, then user must be authenticated. By default application do not need authorization.



71
72
73
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 71

def authenticate?
  false
end

#authenticationObject

Procedure authenticates user in the system



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 78

def authentication
  session = get_oauth_session

  unless session
    render_error_exit code: -2, error: I18n.t('anoubis.errors.session_expired')
    return
  end

  self.current_user = get_user_by_uuid session[:uuid]

  unless current_user
    self.redis.del("#{redis_prefix}session:#{cookies[:oauth_session]}")
    cookies[:oauth_session] = nil
    render_error_exit code: -3, error: I18n.t('anoubis.errors.incorrect_user')
    return
  end
end

#check_listed_parameters(list) ⇒ Object

Check parameters

Parameters:

  • list (Array)

    Array of parameters to check



285
286
287
288
289
290
291
292
293
294
295
296
297
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 285

def check_listed_parameters(list)
  list.each do |key|
    return I18n.t('anoubis.errors.is_not_defined', title: key) unless params.key? key.to_sym

    return I18n.t('anoubis.errors.is_not_correct', title: key) unless params[key.to_sym]

    params[key.to_sym].strip!

    return I18n.t('anoubis.errors.is_not_correct', title: key)  if params[key.to_sym] == ''
  end

  nil
end

#check_originBoolean

Check current origin of header by Regexp defined in Rails.configuration.anoubis_sso_origin configuration parameter

Returns:

  • (Boolean)

    request host origin validation



230
231
232
233
234
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 230

def check_origin
  return true unless request.origin

  request.origin.match(sso_origin)
end

#get_current_system(system_title = nil) ⇒ AnoubisSsoServer::System

Returns current SSO system data

Parameters:

  • system_title (String) (defaults to: nil)

    • System public UUID parameter. By default load from Rails.application configuration_anoubis_sso_system configuration parameter.

Returns:



216
217
218
219
220
221
222
223
224
225
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 216

def get_current_system(system_title = nil)
  begin
    system_title = Rails.configuration.anoubis_sso_system unless system_title
    system = AnoubisSsoServer::System.new(JSON.parse(redis.get("#{redis_prefix}system:#{system_title}"),{ symbolize_names: true }))
  rescue
    system = nil
  end

  system
end

#get_oauth_sessionObject

Return OAUTH session for current request. Session name gets from cookies. If session present but it’s timeout was expired, then session regenerated.



238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 238

def get_oauth_session
  if cookies.key? :oauth_session
    begin
      session = JSON.parse(self.redis.get("#{redis_prefix}session:#{cookies[:oauth_session]}"),{ symbolize_names: true })
    rescue
      cookies[:oauth_session] = nil
      session = nil
    end
  end

  if session
    if session[:ttl] < Time.now.utc.to_i
      session_name = SecureRandom.uuid
      session[:ttl] = Time.now.utc.to_i + session[:timeout]
      redis.del("#{redis_prefix}session:#{cookies[:oauth_session]}")
      cookies[:oauth_session] = session_name
      redis.set("#{redis_prefix}session:#{session_name}", session.to_json, ex: 86400)
    end
  end

  session
end

#get_user_by_uuid(uuid) ⇒ Class

Returns user by UUID from the Redis cache or from database. If User isn’t present in cache than User is loaded from database and placed to cache.

Parameters:

  • uuid (String)

    UUID of user

Returns:

  • (Class)

    Returns user class



265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 265

def get_user_by_uuid(uuid)
  begin
    user = user_model.new JSON.parse(redis.get("#{redis_prefix}user:#{uuid}"),{ symbolize_names: true })
  rescue
    user = nil
  end

  return user if user

  user = user_model.where(uuid: uuid).first
  return nil unless user

  redis.set("#{redis_prefix}user:#{uuid}", user.to_json(except: :password_digest))

  user
end

#render_error_exit(data = {}) ⇒ Object

Gracefully terminate script execution with code 422 (Unprocessable entity). And JSON data

Parameters:

  • data (Hash) (defaults to: {})

    Resulting data

Options Hash (data):

  • :code (Integer)

    resulting error code

  • :error (String)

    resulting error message



101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
# File 'app/controllers/anoubis_sso_server/application_controller.rb', line 101

def render_error_exit(data = {})
  result = {
    result: -1,
    message: I18n.t('anoubis.error')
  }

  result[:result] = data[:code] if data.has_key? :code
  result[:message] = data[:error] if data.has_key? :error


  render json: result, status: :unprocessable_entity

  begin
    exit
  rescue SystemExit => e
    puts result[:message]
  end
end