Class: Lato::AuthenticationController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Lato::AuthenticationController

Defined in:

app/controllers/lato/authentication_controller.rb

Instance Method Summary

• #accept_invitation ⇒ Object

  Accept invitation.

• #accept_invitation_action ⇒ Object
• #authentication_method ⇒ Object

  Authentication method choice.

• #authentication_method_action ⇒ Object
• #authenticator ⇒ Object

  Authenticator.

• #authenticator_action ⇒ Object
• #recover_password ⇒ Object

  Recover password.

• #recover_password_action ⇒ Object
• #signin ⇒ Object

  Signin.

• #signin_action ⇒ Object
• #signout ⇒ Object

  Signout.

• #signout_action ⇒ Object
• #signup ⇒ Object

  Signup.

• #signup_action ⇒ Object
• #update_password ⇒ Object

  Update password.

• #update_password_action ⇒ Object
• #verify_email ⇒ Object

  Verify email.

• #verify_email_action ⇒ Object
• #web3_signin ⇒ Object
• #web3_signin_action ⇒ Object
• #webauthn ⇒ Object

  WebAuthn.

• #webauthn_action ⇒ Object

Methods inherited from ApplicationController

#error, #index, #not_found, #offline, #switch_locale

Methods included from Componentable

#lato_index_collection

Methods included from Layoutable

#active_navbar, #active_sidebar, #hide_sidebar, #page_class, #page_classes, #page_title, #show_sidebar

Methods included from Sessionable

#authenticate_session, #limit_requests, #not_authenticate_session, #session_create, #session_destroy

Instance Method Details

#accept_invitation ⇒ Object

Accept invitation

# File 'app/controllers/lato/authentication_controller.rb', line 180

def accept_invitation
  @user = Lato::User.new(email: @invitation.email)
end

#accept_invitation_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 184

def accept_invitation_action
  @user = Lato::User.new(registration_params)

  respond_to do |format|
    if @user.accept_invitation(params.permit(:id, :accepted_code))
      session_create(@user.id)

      format.html { redirect_to lato.root_path }
      format.json { render json: @user }
    else
      format.html { render :accept_invitation, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#authentication_method ⇒ Object

Authentication method choice

# File 'app/controllers/lato/authentication_controller.rb', line 203

def authentication_method; end

#authentication_method_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 205

def authentication_method_action
  method = params[:method]
  
  respond_to do |format|
    case method
    when 'authenticator'
      session[:authentication_method] = 'authenticator'
      format.html { redirect_to lato.authentication_authenticator_path }
      format.json { render json: { redirect: lato.authentication_authenticator_path } }
    when 'webauthn'
      session[:authentication_method] = 'webauthn'
      format.html { redirect_to lato.authentication_webauthn_path }
      format.json { render json: { redirect: lato.authentication_webauthn_path } }
    else
      format.html { redirect_to lato.authentication_signin_path }
      format.json { render json: { error: 'Invalid method' }, status: :unprocessable_entity }
    end
  end
end

#authenticator ⇒ Object

Authenticator

# File 'app/controllers/lato/authentication_controller.rb', line 228

def authenticator
  @user = Lato::User.find_by_id(session[:authentication_user_id])
  return respond_to_with_not_found unless @user
end

#authenticator_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 233

def authenticator_action
  @user = Lato::User.find_by_id(session[:authentication_user_id])

  respond_to do |format|
    if @user.authenticator(params.require(:user).permit(:authenticator_code))
      clear_authentication_session
      session_create(@user.id)

      format.html { redirect_to lato.root_path }
      format.json { render json: @user }
    else
      format.html { render :authenticator, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#recover_password ⇒ Object

Recover password

# File 'app/controllers/lato/authentication_controller.rb', line 142

def recover_password
  @user = Lato::User.new
end

#recover_password_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 146

def recover_password_action
  @user = Lato::User.new

  respond_to do |format|
    if @user.request_recover_password(params.require(:user).permit(:email))
      format.html { redirect_to lato.authentication_update_password_path(id: @user.id) }
      format.json { render json: @user }
    else
      format.html { render :recover_password, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#signin ⇒ Object

Signin

# File 'app/controllers/lato/authentication_controller.rb', line 22

def signin
  @user = Lato::User.new
end

#signin_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 26

def signin_action
  @user = Lato::User.new

  respond_to do |format|
    if @user.signin(params.require(:user).permit(:email, :password).merge(
      ip_address: request.remote_ip,
      user_agent: request.user_agent
    ))
      redirect_path = determine_authentication_redirect(@user)
      if redirect_path
        format.html { redirect_to redirect_path }
        format.json { render json: @user }
      else
        session_create(@user.id)
        format.html { redirect_to lato.root_path }
        format.json { render json: @user }
      end
    else
      format.html { render :signin, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#signout ⇒ Object

Signout

# File 'app/controllers/lato/authentication_controller.rb', line 109

def signout; end

#signout_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 111

def signout_action
  session_destroy

  respond_to do |format|
    format.html { redirect_to lato.root_path }
    format.json { render json: {} }
  end
end

#signup ⇒ Object

Signup

# File 'app/controllers/lato/authentication_controller.rb', line 85

def signup
  @user = Lato::User.new
end

#signup_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 89

def signup_action
  @user = Lato::User.new(registration_params)
  return unless verify_hcaptcha(:signup)

  respond_to do |format|
    if @user.signup(ip_address: request.remote_ip, user_agent: request.user_agent)
      session_create(@user.id)

      format.html { redirect_to lato.root_path }
      format.json { render json: @user }
    else
      format.html { render :signup, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#update_password ⇒ Object

Update password

# File 'app/controllers/lato/authentication_controller.rb', line 163

def update_password; end

#update_password_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 165

def update_password_action
  respond_to do |format|
    if @user.update_password(params.require(:user).permit(:code, :password, :password_confirmation))
      format.html { redirect_to lato.authentication_signin_path, notice: I18n.t('lato.authentication_controller.update_password_action_notice') }
      format.json { render json: @user }
    else
      format.html { render :update_password, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#verify_email ⇒ Object

Verify email

# File 'app/controllers/lato/authentication_controller.rb', line 123

def verify_email
  @code = params[:code]
end

#verify_email_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 127

def verify_email_action
  respond_to do |format|
    if @user.verify_email(params.require(:user).permit(:code))
      format.html { redirect_to lato.root_path, notice: I18n.t('lato.authentication_controller.verify_email_action_notice') }
      format.json { render json: @user }
    else
      format.html { render :verify_email, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#web3_signin ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 50

def web3_signin
  @user = Lato::User.new
  session[:web3_nonce] = SecureRandom.hex(32)
end

#web3_signin_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 55

def web3_signin_action
  @user = Lato::User.new

  respond_to do |format|
    if @user.web3_signin(params.require(:user).permit(:web3_address, :web3_signed_nonce).merge(
      ip_address: request.remote_ip,
      user_agent: request.user_agent,
      web3_nonce: session[:web3_nonce]
    ))
      session[:web3_nonce] = nil
      redirect_path = determine_authentication_redirect(@user)
      if redirect_path
        format.html { redirect_to redirect_path }
        format.json { render json: @user }
      else
        session_create(@user.id)
        format.html { redirect_to lato.root_path }
        format.json { render json: @user }
      end
    else
      session[:web3_nonce] = nil
      format.html { render :web3_signin, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end

#webauthn ⇒ Object

WebAuthn

# File 'app/controllers/lato/authentication_controller.rb', line 253

def webauthn
  @options = @user.webauthn_authentication_options
  session[:webauthn_challenge] = @options.challenge
end

#webauthn_action ⇒ Object

# File 'app/controllers/lato/authentication_controller.rb', line 258

def webauthn_action
  respond_to do |format|
    if @user.webauthn_authentication(params.require(:user).permit(:webauthn_credential), session[:webauthn_challenge])
      clear_authentication_session
      session_create(@user.id)

      format.html { redirect_to lato.root_path }
      format.json { render json: @user }
    else
      @options = @user.webauthn_authentication_options
      session[:webauthn_challenge] = @options.challenge
      format.html { render :webauthn, status: :unprocessable_entity }
      format.json { render json: @user.errors, status: :unprocessable_entity }
    end
  end
end