Class: EgovUtils::User

Inherits:
Principal show all
Defined in:
app/models/egov_utils/user.rb

Constant Summary collapse

DEFAULT_ROLE = 
nil

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Principal

#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload

Class Method Details

.anonymousObject 



70
71
72
 
# File 'app/models/egov_utils/user.rb', line 70

def self.anonymous
  self.new
end

.authenticate(login, password, active_only = true) ⇒ Object 



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'app/models/egov_utils/user.rb', line 41

def self.authenticate(, password, active_only=true)
   = .to_s
  password = password.to_s

  # Make sure no one can sign in with an empty login or password
  return nil if .empty? || password.empty?

  # Fail over to case-insensitive if none was found
  user = find_by(login: ) || where( arel_table[:login].lower.eq(.downcase) ).first

  if user
    # user is already in local database
    return nil unless user.password_check?(password)
    return nil if active_only && !user.active?
  else
    # user is not yet registered, try to authenticate with available sources
    attrs = EgovUtils::AuthSource.authenticate(, password)
    if attrs
      user = new(attrs.merge(active: true))
      if user.ldap_register_allowed? && user.save
        user.reload
        logger.info("User '#{user.login}' created from external auth source: #{user.provider}") if logger && user.auth_source
      end
    end
  end
  user.update_column(:last_login_at, Time.now) if user && !user.new_record? && user.active?
  user
end

.currentObject 



78
79
80
 
# File 'app/models/egov_utils/user.rb', line 78

def self.current
  RequestLocals.fetch(:current_user) { User.anonymous }
end

.current=(user) ⇒ Object 



74
75
76
 
# File 'app/models/egov_utils/user.rb', line 74

def self.current=(user)
  RequestLocals.store[:current_user] = user || anonymous
end

Instance Method Details

#admin?Boolean

Returns:

  • (Boolean) 


118
119
120
 
# File 'app/models/egov_utils/user.rb', line 118

def admin?
  has_role?('admin')
end

#all_role_namesObject 



126
127
128
129
130
131
132
 
# File 'app/models/egov_utils/user.rb', line 126

def all_role_names
  @all_role_names ||= Rails.cache.fetch("#{cache_key}/all_role_names", expires_in: 1.hours) do
                        groups.collect{|g| g.roles}.reduce([], :concat) + roles
                      end
  @all_role_names << DEFAULT_ROLE if DEFAULT_ROLE && !@all_role_names.any?
  @all_role_names
end

#all_rolesObject 



134
135
136
 
# File 'app/models/egov_utils/user.rb', line 134

def all_roles
  all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end

#fullnameObject 



114
115
116
 
# File 'app/models/egov_utils/user.rb', line 114

def fullname
  "#{firstname} #{lastname}"
end

#generate_reset_password_tokenObject 



167
168
169
170
 
# File 'app/models/egov_utils/user.rb', line 167

def generate_reset_password_token
  self.confirmation_code = nil
  generate_confirmation_code
end

#groupsObject 



138
139
140
 
# File 'app/models/egov_utils/user.rb', line 138

def groups
  super.to_a.concat( Array.wrap(ldap_groups) )
end

#has_role?(role_name) ⇒ Boolean

Returns:

  • (Boolean) 


122
123
124
 
# File 'app/models/egov_utils/user.rb', line 122

def has_role?(role_name)
  all_role_names.include?(role_name)
end

#ldap_dnObject 



142
143
144
 
# File 'app/models/egov_utils/user.rb', line 142

def ldap_dn
  @ldap_dn ||= ( dn = auth_source.send(:get_user_dn, ) ) && dn[:dn]
end

#ldap_groupsObject 



146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'app/models/egov_utils/user.rb', line 146

def ldap_groups
  if provider.present?
    group_ids = persisted? && Rails.cache.read("#{cache_key}/ldap_group_ids", expires_in: 30.minutes)
    if group_ids
      groups = EgovUtils::Group.where(id: group_ids).to_a
    else
      groups = EgovUtils::Group.where(provider: provider).to_a.select{|g| auth_source.member?(ldap_dn, g.external_uid) }
      Rails.cache.write("#{cache_key}/ldap_group_ids", groups.collect(&:id), expires_in: 30.minutes) if persisted?
    end
    groups
  end
end

#ldap_register_allowed?Boolean

Returns:

  • (Boolean) 


90
91
92
 
# File 'app/models/egov_utils/user.rb', line 90

def ldap_register_allowed?
  auth_source && auth_source.register_members_only? && ldap_groups.any?
end

#locked?Boolean

Returns:

  • (Boolean) 


110
111
112
 
# File 'app/models/egov_utils/user.rb', line 110

def locked?
  false
end

#logged?Boolean

Returns:

  • (Boolean) 


106
107
108
 
# File 'app/models/egov_utils/user.rb', line 106

def logged?
  persisted?
end

#must_change_password?Boolean

Returns:

  • (Boolean) 


159
160
161
 
# File 'app/models/egov_utils/user.rb', line 159

def must_change_password?
  (super || password_expired?) && !provider?
end

#password_change_possible?Boolean

Returns:

  • (Boolean) 


102
103
104
 
# File 'app/models/egov_utils/user.rb', line 102

def password_change_possible?
  !provider.present?
end

#password_check?(password) ⇒ Boolean

Returns:

  • (Boolean) 


94
95
96
97
98
99
100
 
# File 'app/models/egov_utils/user.rb', line 94

def password_check?(password)
  if provider.present?
    auth_source.authenticate(, password)
  else
    authenticate(password)
  end
end

#password_expired?Boolean

Returns:

  • (Boolean) 


163
164
165
 
# File 'app/models/egov_utils/user.rb', line 163

def password_expired?
  false
end

#rolesObject 



86
87
88
 
# File 'app/models/egov_utils/user.rb', line 86

def roles
  logged? ? super : ['anonymous']
end

#to_sObject 



82
83
84
 
# File 'app/models/egov_utils/user.rb', line 82

def to_s
  fullname
end