Class: EgovUtils::User

Inherits:

Principal

• Object
• ActiveRecord::Base
• ApplicationRecord
• Principal
• EgovUtils::User

Defined in:

app/models/egov_utils/user.rb

Constant Summary

DEFAULT_ROLE =

nil

Class Method Summary

• .anonymous ⇒ Object
• .authenticate(login, password, active_only = true) ⇒ Object
• .current ⇒ Object
• .current=(user) ⇒ Object

Instance Method Summary

• #admin? ⇒ Boolean
• #all_role_names ⇒ Object
• #all_roles ⇒ Object
• #fullname ⇒ Object
• #generate_reset_password_token ⇒ Object
• #has_role?(role_name) ⇒ Boolean
• #ldap_dn ⇒ Object
• #ldap_groups ⇒ Object
• #ldap_register_allowed? ⇒ Boolean
• #locked? ⇒ Boolean
• #logged? ⇒ Boolean
• #must_change_password? ⇒ Boolean
• #password_change_possible? ⇒ Boolean
• #password_check?(password) ⇒ Boolean
• #password_expired? ⇒ Boolean
• #roles ⇒ Object
• #to_s ⇒ Object

Methods inherited from Principal

#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload

Class Method Details

.anonymous ⇒ Object

# File 'app/models/egov_utils/user.rb', line 79

def self.anonymous
  self.new
end

.authenticate(login, password, active_only = true) ⇒ Object

# File 'app/models/egov_utils/user.rb', line 41

def self.authenticate(login, password, active_only=true)
  login = login.to_s
  password = password.to_s

  # Make sure no one can sign in with an empty login or password
  return nil if login.empty? || password.empty?

  # Fail over to case-insensitive if none was found
  user = find_by(login: login) || where( arel_table[:login].lower.eq(login.downcase) ).first

  if user
    # user is already in local database
    return nil unless user.password_check?(password)
    return nil if active_only && !user.active?
  else
    # user is not yet registered, try to authenticate with available sources
    attrs = EgovUtils::AuthSource.authenticate(login, password)
    if attrs
      user = new(attrs.merge(active: true))
      if user.ldap_register_allowed? && user.save
        user.reload
        logger.info("User '#{user.login}' created from external auth source: #{user.provider}") if logger && user.auth_source
      end
    end
  end

  if user && !user.new_record?
    # Check last login
    if user.days_before_inactive && (user.last_login_at || user.created_at) < (Time.now - user.days_before_inactive.days)
      user.update_column(:active, false)
    end

    user.update_column(:last_login_at, Time.now) if user.active?
  end

  user
end

.current ⇒ Object

# File 'app/models/egov_utils/user.rb', line 87

def self.current
  RequestLocals.fetch(:current_user) { User.anonymous }
end

.current=(user) ⇒ Object

# File 'app/models/egov_utils/user.rb', line 83

def self.current=(user)
  RequestLocals.store[:current_user] = user || anonymous
end

Instance Method Details

#admin? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 127

def admin?
  has_role?('admin')
end

#all_role_names ⇒ Object

# File 'app/models/egov_utils/user.rb', line 135

def all_role_names
  @all_role_names ||= groups.map(&:roles).flatten + roles
  @all_role_names << DEFAULT_ROLE if DEFAULT_ROLE && !@all_role_names.any?
  @all_role_names
end

#all_roles ⇒ Object

# File 'app/models/egov_utils/user.rb', line 141

def all_roles
  all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end

#fullname ⇒ Object

# File 'app/models/egov_utils/user.rb', line 123

def fullname
  "#{firstname} #{lastname}"
end

#generate_reset_password_token ⇒ Object

# File 'app/models/egov_utils/user.rb', line 164

def generate_reset_password_token
  self.confirmation_code = nil
  generate_confirmation_code
end

#has_role?(role_name) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 131

def has_role?(role_name)
  all_role_names.include?(role_name)
end

#ldap_dn ⇒ Object

# File 'app/models/egov_utils/user.rb', line 145

def ldap_dn
  @ldap_dn ||= begin
    dn = auth_source.send(:get_user_dn, login)
    dn[:dn] if dn
  end
end

#ldap_groups ⇒ Object

# File 'app/models/egov_utils/user.rb', line 152

def ldap_groups
  groups.where.not(ldap_uid: nil)
end

#ldap_register_allowed? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 99

def ldap_register_allowed?
  auth_source && auth_source.register_members_only? && ldap_groups.any?
end

#locked? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 119

def locked?
  false
end

#logged? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 115

def logged?
  persisted?
end

#must_change_password? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 156

def must_change_password?
  (super || password_expired?) && !provider?
end

#password_change_possible? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 111

def password_change_possible?
  !provider.present?
end

#password_check?(password) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 103

def password_check?(password)
  if provider.present?
    auth_source.authenticate(login, password)
  else
    authenticate(password)
  end
end

#password_expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/egov_utils/user.rb', line 160

def password_expired?
  false
end

#roles ⇒ Object

# File 'app/models/egov_utils/user.rb', line 95

def roles
  logged? ? super : ['anonymous']
end

#to_s ⇒ Object

# File 'app/models/egov_utils/user.rb', line 91

def to_s
  fullname
end