Class: Lato::User

Inherits:
ApplicationRecord show all
Includes:
DependencyHelper, LatoUserApplication
Defined in:
app/models/lato/user.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from DependencyHelper

#depends_on

Instance Attribute Details

#actionsObject

Free for custom user indexes with actions



3
4
5
 
# File 'app/models/lato/user.rb', line 3

def actions
  @actions
end

Instance Method Details

#accept_invitation(params) ⇒ Object 



294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
 
# File 'app/models/lato/user.rb', line 294

def accept_invitation(params)
  invitation = Lato::Invitation.find_by(id: params[:id], accepted_code: params[:accepted_code])
  if !invitation || invitation.accepted? || invitation.email != email
    errors.add(:base, :invitation_invalid)
    return
  end

  ActiveRecord::Base.transaction do
    raise ActiveRecord::Rollback unless save && invitation.update(
      accepted_at: Time.now,
      lato_user_id: id
    )

    true
  end
end

#add_web3_connection(params) ⇒ Object 



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
 
# File 'app/models/lato/user.rb', line 311

def add_web3_connection(params)
  depends_on('eth')

  signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
  signature_address = Eth::Util.public_key_to_address signature_pubkey
  unless signature_address.to_s.downcase == params[:web3_address].downcase
    errors.add(:base, :web3_address_invalid)
    return
  end

  update(web3_address: params[:web3_address])
rescue StandardError => e
  errors.add(:base, :web3_connection_error)
  false
end

#authenticator(params) ⇒ Object 



427
428
429
430
431
432
433
434
435
436
437
438
 
# File 'app/models/lato/user.rb', line 427

def authenticator(params)
  return false unless authenticator_enabled?

  totp = ROTP::TOTP.new(authenticator_secret)
  result = totp.verify(params[:authenticator_code])
  unless result
    errors.add(:base, :authenticator_code_invalid)
    return
  end

  true
end

#authenticator_enabled?Boolean

Returns:

  • (Boolean) 


60
61
62
 
# File 'app/models/lato/user.rb', line 60

def authenticator_enabled?
  !authenticator_secret.blank?
end

#authenticator_qr_code_base64(size = 200) ⇒ Object 



95
96
97
 
# File 'app/models/lato/user.rb', line 95

def authenticator_qr_code_base64(size = 200)
  "data:image/png;base64,#{Base64.strict_encode64(RQRCode::QRCode.new(ROTP::TOTP.new(authenticator_secret, :issuer => Lato.config.application_title).provisioning_uri(email).to_s).as_png(size: size, border_modules: 0).to_s)}"
end

#c_email_verification_code(value = nil) ⇒ Object 



451
452
453
454
455
456
457
 
# File 'app/models/lato/user.rb', line 451

def c_email_verification_code(value = nil)
  cache_key = "Lato::User/c_email_verification_code/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 30.minutes)
  value
end

#c_email_verification_semaphore(value = nil) ⇒ Object

Cache



443
444
445
446
447
448
449
 
# File 'app/models/lato/user.rb', line 443

def c_email_verification_semaphore(value = nil)
  cache_key = "Lato::User/c_email_verification_semaphore/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 2.minutes)
  value
end

#c_password_update_code(value = nil) ⇒ Object 



459
460
461
462
463
464
465
 
# File 'app/models/lato/user.rb', line 459

def c_password_update_code(value = nil)
  cache_key = "Lato::User/c_password_update_code/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 30.minutes)
  value
end

#destroy_with_confirmation(params) ⇒ Object 



285
286
287
288
289
290
291
292
 
# File 'app/models/lato/user.rb', line 285

def destroy_with_confirmation(params)
  unless params[:email_confirmation] == email
    errors.add(:email, :not_correct)
    return
  end

  destroy
end

#email_protectedObject 



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'app/models/lato/user.rb', line 75

def email_protected
  return email unless email.include?('@')
  
  local_part, domain = email.split('@', 2)
  
  # Keep first 2 characters of local part
  chars_to_keep = [local_part.length, 2].min
  protected_local = local_part[0, chars_to_keep] + '*' * [local_part.length - chars_to_keep, 0].max
  
  # Keep domain as is or partially protect it
  chars_to_keep = [domain.length, 2].min
  protected_domain = domain[0, chars_to_keep] + '*' * [domain.length - chars_to_keep, 0].max
  
  "#{protected_local}@#{protected_domain}"
end

#full_nameObject

Helpers



71
72
73
 
# File 'app/models/lato/user.rb', line 71

def full_name
  "#{last_name} #{first_name}"
end

#generate_authenticator_secretObject 



419
420
421
 
# File 'app/models/lato/user.rb', line 419

def generate_authenticator_secret
  update(authenticator_secret: ROTP::Base32.random)
end

#gravatar_image_url(size = 200) ⇒ Object 



91
92
93
 
# File 'app/models/lato/user.rb', line 91

def gravatar_image_url(size = 200)
  @gravatar_image_url ||= "https://www.gravatar.com/avatar/#{Digest::MD5.hexdigest(email)}?s=#{size}"
end

#register_webauthn_credential(credential_payload, encoded_challenge) ⇒ Object 



349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
 
# File 'app/models/lato/user.rb', line 349

def register_webauthn_credential(credential_payload, encoded_challenge)
  if credential_payload.blank?
    errors.add(:base, :webauthn_payload_missing)
    return false
  end

  if encoded_challenge.blank?
    errors.add(:base, :webauthn_challenge_missing)
    return false
  end

  parsed_payload = JSON.parse(credential_payload)
  credential = WebAuthn::Credential.from_create(parsed_payload)
  credential.verify(Base64.strict_decode64(encoded_challenge))

  update(
    webauthn_id: Base64.strict_encode64(credential.raw_id),
    webauthn_public_key: credential.public_key
  )
rescue JSON::ParserError, WebAuthn::Error => e
  Rails.logger.error(e)
  errors.add(:base, :webauthn_registration_failed)
  false
end

#remove_authenticator_secretObject 



423
424
425
 
# File 'app/models/lato/user.rb', line 423

def remove_authenticator_secret
  update(authenticator_secret: nil)
end

#remove_web3_connectionObject 



327
328
329
330
 
# File 'app/models/lato/user.rb', line 327

def remove_web3_connection
  update(web3_address: nil)
  true
end

#remove_webauthn_credentialObject 



412
413
414
415
416
417
 
# File 'app/models/lato/user.rb', line 412

def remove_webauthn_credential
  update(
    webauthn_id: nil,
    webauthn_public_key: nil
  )
end

#request_recover_password(params) ⇒ Object 



223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
 
# File 'app/models/lato/user.rb', line 223

def request_recover_password(params)
  user = Lato::User.find_by(email: params[:email])
  unless user
    errors.add(:email, :not_registered)
    return
  end

  code = SecureRandom.hex.upcase
  delivery = Lato::UserMailer.password_update_mail(user.id, code).deliver_now
  unless delivery
    errors.add(:base, :email_sending_error)
    return
  end

  self.id = user.id
  reload

  c_password_update_code(code)

  true
end

#request_verify_emailObject 



184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
 
# File 'app/models/lato/user.rb', line 184

def request_verify_email
  if c_email_verification_semaphore
    errors.add(:base, :email_verification_limit)
    return
  end

  code = SecureRandom.hex.upcase
  delivery = Lato::UserMailer.email_verification_mail(id, code).deliver_now
  unless delivery
    errors.add(:base, :email_sending_error)
    return
  end

  c_email_verification_code(code)
  c_email_verification_semaphore(true)

  true
end

#signin(params) ⇒ Object 



117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
# File 'app/models/lato/user.rb', line 117

def (params)
  self.email = params[:email]

  user = Lato::User.find_by(email: params[:email])
  unless user
    errors.add(:email, :not_correct)
    return
  end

  unless user.authenticate(params[:password])
    errors.add(:password, :not_correct)
    return
  end

  self.id = user.id
  reload

  begin
    lato_log_user_signins.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  Lato::UserMailer.(id, params[:ip_address]).deliver_later

  true
end

#signup(params = {}) ⇒ Object

Operations



102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'app/models/lato/user.rb', line 102

def (params = {})
  return unless save

  begin
    lato_log_user_signups.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  true
end

#update_accepted_privacy_policy_version(params) ⇒ Object 



267
268
269
270
271
272
273
274
 
# File 'app/models/lato/user.rb', line 267

def update_accepted_privacy_policy_version(params)
  unless params[:confirm]
    errors.add(:base, :privacy_policy_invalid)
    return
  end

  update(accepted_privacy_policy_version: Lato.config.legal_privacy_policy_version)
end

#update_accepted_terms_and_conditions_version(params) ⇒ Object 



276
277
278
279
280
281
282
283
 
# File 'app/models/lato/user.rb', line 276

def update_accepted_terms_and_conditions_version(params)
  unless params[:confirm]
    errors.add(:base, :terms_and_conditions_invalid)
    return
  end

  update(accepted_terms_and_conditions_version: Lato.config.legal_terms_and_conditions_version)
end

#update_password(params) ⇒ Object 



245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'app/models/lato/user.rb', line 245

def update_password(params)
  password_update_code = c_password_update_code

  if password_update_code.blank?
    errors.add(:base, :password_update_code_expired)
    return
  end

  unless password_update_code == params[:code]
    errors.add(:base, :password_update_code_invalid)
    return
  end

  c_password_update_code('')

  update(params.permit(:password, :password_confirmation).merge(
    authenticator_secret: nil, # Reset authenticator secret when password is updated
    webauthn_id: nil,          # Reset webauthn credential when password is updated
    webauthn_public_key: nil   # Reset webauthn credential when password is updated
  ))
end

#valid_accepted_privacy_policy_version?Boolean

Questions

Returns:

  • (Boolean) 


52
53
54
 
# File 'app/models/lato/user.rb', line 52

def valid_accepted_privacy_policy_version?
  @valid_accepted_privacy_policy_version ||= accepted_privacy_policy_version >= Lato.config.legal_privacy_policy_version
end

#valid_accepted_terms_and_conditions_version?Boolean

Returns:

  • (Boolean) 


56
57
58
 
# File 'app/models/lato/user.rb', line 56

def valid_accepted_terms_and_conditions_version?
  @valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_terms_and_conditions_version
end

#verify_email(params) ⇒ Object 



203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
 
# File 'app/models/lato/user.rb', line 203

def verify_email(params)
  email_verification_code = c_email_verification_code

  if email_verification_code.blank?
    errors.add(:base, :email_verification_code_expired)
    return
  end

  unless email_verification_code == params[:code]
    errors.add(:base, :email_verification_code_invalid)
    return
  end

  c_email_verification_code('')
  c_email_verification_semaphore(false)

  update_column(:email_verified_at, Time.now)
  true
end

#web3_signin(params) ⇒ Object 



148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
 
# File 'app/models/lato/user.rb', line 148

def (params)
  depends_on('eth')

  self.web3_address = params[:web3_address]

  user = Lato::User.find_by(web3_address: params[:web3_address].downcase)
  unless user
    errors.add(:web3_address, :not_correct)
    return
  end

  signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
  signature_address = Eth::Util.public_key_to_address signature_pubkey
  unless signature_address.to_s.downcase == params[:web3_address].downcase
    errors.add(:web3_signed_nonce, :not_correct)
    return
  end

  self.id = user.id
  reload

  begin
    lato_log_user_signins.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  true
rescue StandardError => e
  errors.add(:base, :web3_connection_error)
  false
end

#webauthn_authentication(params, encoded_challenge) ⇒ Object 



374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
 
# File 'app/models/lato/user.rb', line 374

def webauthn_authentication(params, encoded_challenge)
  return false unless webauthn_enabled?

  if params[:webauthn_credential].blank?
    errors.add(:base, :webauthn_payload_missing)
    return false
  end

  if encoded_challenge.blank?
    errors.add(:base, :webauthn_challenge_missing)
    return false
  end

  parsed_payload = JSON.parse(params[:webauthn_credential])
  
  # Converti i campi da base64url a base64 standard per il gem webauthn
  parsed_payload['rawId'] = base64url_to_base64(parsed_payload['rawId'])
  parsed_payload['response']['clientDataJSON'] = base64url_to_base64(parsed_payload['response']['clientDataJSON'])
  parsed_payload['response']['authenticatorData'] = base64url_to_base64(parsed_payload['response']['authenticatorData'])
  parsed_payload['response']['signature'] = base64url_to_base64(parsed_payload['response']['signature'])
  parsed_payload['response']['userHandle'] = base64url_to_base64(parsed_payload['response']['userHandle']) if parsed_payload['response']['userHandle']
  
  credential = WebAuthn::Credential.from_get(parsed_payload)
  
  credential.verify(
    encoded_challenge,
    public_key: webauthn_public_key,
    sign_count: 0
  )

  true
rescue JSON::ParserError, WebAuthn::Error => e
  Rails.logger.error(e)
  Rails.logger.error(e.backtrace.join("\n"))
  errors.add(:base, :webauthn_authentication_failed)
  false
end

#webauthn_authentication_optionsObject 



343
344
345
346
347
 
# File 'app/models/lato/user.rb', line 343

def webauthn_authentication_options
  WebAuthn::Credential.options_for_get(
    allow: webauthn_allow_credentials.map { |cred| Base64.strict_encode64(cred) }
  )
end

#webauthn_enabled?Boolean

Returns:

  • (Boolean) 


64
65
66
 
# File 'app/models/lato/user.rb', line 64

def webauthn_enabled?
  webauthn_id.present? && webauthn_public_key.present?
end

#webauthn_registration_optionsObject 



332
333
334
335
336
337
338
339
340
341
 
# File 'app/models/lato/user.rb', line 332

def webauthn_registration_options
  WebAuthn::Credential.options_for_create(
    user: {
      id: Base64.strict_encode64(webauthn_user_handle),
      name: email,
      display_name: full_name
    },
    exclude: webauthn_exclude_credentials.map { |cred| Base64.strict_encode64(cred) }
  )
end