Class: RailsBase::AdminController

Inherits:
RailsBaseApplicationController show all
Includes:
AdminHelper
Defined in:
app/controllers/rails_base/admin_controller.rb

Constant Summary

Constants included from AdminHelper

RailsBase::AdminHelper::SECOND_MODAL_MAPPING, RailsBase::AdminHelper::SESSION_REASON_BASE, RailsBase::AdminHelper::SESSION_REASON_KEY

Constants included from CaptureReferenceHelper

CaptureReferenceHelper::CAPTURE_ACTION_NAME, CaptureReferenceHelper::CAPTURE_CONTROLLER_PATH, CaptureReferenceHelper::CAPTURE_REFERRED_PATH

Constants included from AppearanceHelper

RailsBase::AppearanceHelper::APPEARANCE_MODE_ACTUAL_COOKIE, RailsBase::AppearanceHelper::APPEARANCE_MODE_COOKIE, RailsBase::AppearanceHelper::APPEARANCE_TEXT_CLASS, RailsBase::AppearanceHelper::VIEWPORT_EXTRA_LARGE, RailsBase::AppearanceHelper::VIEWPORT_EXTRA_SMALL, RailsBase::AppearanceHelper::VIEWPORT_LARGE, RailsBase::AppearanceHelper::VIEWPORT_MEDIUM, RailsBase::AppearanceHelper::VIEWPORT_MOBILE_MAX, RailsBase::AppearanceHelper::VIEWPORT_SIZES, RailsBase::AppearanceHelper::VIEWPORT_SMALL

Constants included from ApplicationHelper

RailsBase::ApplicationHelper::TIMEZONE_OFFSET_COOKIE, RailsBase::ApplicationHelper::TIMEZONE_SESSION_NAME

Instance Method Summary collapse

Methods included from AdminHelper

#accurate_admin_user, #admin_user, #array_for_proc, #filtered_classes, #fullsized_paginated_count, #paginante_class_names, #paginate_admin_can_next?, #paginate_admin_can_prev?, #paginate_admin_history_range, #paginate_admin_what_page, #paginate_can_view_page?, #paginate_diff_id?, #paginate_get_admins_array, #paginate_get_users_array, #paginated_records, #parse_mfa_to_obj, #session_reason, #users_for_proc

Methods inherited from RailsBaseApplicationController

#admin_impersonation_session?, #admin_reset_impersonation_session!, #admin_user?, #capture_admin_action, #is_timeout_error?, #populate_admin_actions, #set_time_zone

Methods included from CaptureReferenceHelper

#authenticate_user!, #capture_and_clear_reference_redirect!, #capture_clear_reference_from_sesssion!, #capture_reference, #redirect_from_reference, #reference_redirect, #skip_capture_reference!, #skip_capture_reference?, #use_capture_reference?

Methods included from AppearanceHelper

#appearance_mode_drop_down, #appearance_text_class, #footer_mode_case, #force_sticky_mode!

Methods included from ApplicationHelper

#admin_reset_session!, #browser, #is_mobile?, #is_safari?, #mfa_fallback?

Instance Method Details

#ackObject

POST admin/ack



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'app/controllers/rails_base/admin_controller.rb', line 85

def ack
  success = true
  begin
    time = Time.at params[:time].to_i
    RailsBase::Admin::ActionCache.instance.delete_actions_since!(user: current_user, time: time)
    RailsBase::Admin::ActionCache.instance.update_last_viewed(user: current_user, time: time)
  rescue StandardError => e
    logger.error(e.message)
    logger.error('Failed to acknowledge users admion actions')
    success = false
  end
  if success
    render json: { success: true }
  else
    render json: { success: false }, status: 500
  end
end

#historyObject

GET admin/history



104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'app/controllers/rails_base/admin_controller.rb', line 104

def history
  unless RailsBase.config.admin.enable_history_by_user?(current_user)
    flash[:alert] = 'You do not have correct permissions to view admin history'
    redirect_to RailsBase.url_routes.authenticated_root_path
    return
  end

  @starting_admin = paginate_get_admins_array.last
  @starting_user = paginate_get_users_array.last
  session[:rails_base_paginate_start_user] = @starting_user[1]
  session[:rails_base_paginate_start_admin] = @starting_admin[1]
  @starting_page = 1
  @count_on_page = AdminAction::DEFAULT_PAGE_COUNT
end

#history_paginateObject

POST admin/history



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 
# File 'app/controllers/rails_base/admin_controller.rb', line 120

def history_paginate
  unless RailsBase.config.admin.enable_history_by_user?(current_user)
    render json: { success: false, msg: 'Incorrect permissions to view this page' }, status: 403
    return
  end

  @starting_admin = paginate_get_admins_array.find { |u| u[1] == params[:admin].to_i } || paginate_get_admins_array.last
  @starting_user = paginate_get_users_array.find { |u| u[1] == params[:user].to_i } || paginate_get_users_array.last

  @starting_page = paginate_admin_what_page
  @count_on_page = params[:pagination_count].to_i

  if paginate_diff_id?(type: :admin) || paginate_diff_id?(type: :user)
    logger.warn "Admin or User has been selected. paginating from first page"
    @starting_page = 1
  end

  session[:rails_base_paginate_start_user] = @starting_user[1]
  session[:rails_base_paginate_start_admin] = @starting_admin[1]
  begin
    html = render_to_string(partial: 'rails_base/shared/admin_history')
  rescue StandardError => e
    logger.error(e.message)
    logger.error('Failed to render html for history')
    html
  end

  if html
    render json: { success: true, html: html, per_page: @count_on_page, page: @starting_page }
  else
    render json: { success: false }, status: 500
  end
end

#indexObject

GET admin



11
12
 
# File 'app/controllers/rails_base/admin_controller.rb', line 11

def index
end

#send_2faObject

POST admin/validate_intent/send



222
223
224
225
226
227
228
229
230
231
 
# File 'app/controllers/rails_base/admin_controller.rb', line 222

def send_2fa
  reason = "#{SESSION_REASON_BASE}-#{SecureRandom.uuid}"
  result = AdminRiskyMfaSend.call(user: admin_user, reason: reason)
  if result.success?
    session[SESSION_REASON_KEY] = reason
    render json: { success: true, message: result.message }
  else
    render json: { success: false, message: result.message }, status: 404
  end
end

#show_configObject

GET admin



15
16
17
18
19
20
21
 
# File 'app/controllers/rails_base/admin_controller.rb', line 15

def show_config
  unless RailsBase.config.admin.config_page?(current_user)
    flash[:alert] = 'You do not have correct permissions to view admin config'
    redirect_to RailsBase.url_routes.authenticated_root_path
    return
  end
end

#sso_retrieveObject

GET auth/sso/:data



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'app/controllers/rails_base/admin_controller.rb', line 54

def sso_retrieve
  local_params = {
    data: params[:data],
    reason: Authentication::Constants::SSO_REASON.to_s,
  }
  local_params[:bypass] = true if current_user

  status = RailsBase::Authentication::SingleSignOnVerify.call(local_params)

  if status.failure? && current_user.nil?
    flash[:alert] = "SSO login failed. #{status.message}"
    redirect_to RailsBase.url_routes.unauthenticated_root_path
    return
  end

  if status.should_fail
    flash[:notice] = "SSO failed but you are already logged in."
    redirect_to status.url_redirect
    return
  end

  if current_user
    flash[:notice] = "SSO success. You are already logged in."
  else
    (status.user)
    flash[:notice] = "SSO success. You are now logged in."
  end
  redirect_to status.url_redirect
end

#sso_sendObject

POST admin/sso/:id



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'app/controllers/rails_base/admin_controller.rb', line 24

def sso_send
  unless RailsBase.config.admin.sso_tile_users.call(admin_user)
    flash[:alert] = 'You do not have correct permissions to Send an SSO'
    redirect_to RailsBase.url_routes.admin_base_path
    return
  end

  user = User.find params[:id]

  local_params = {
    user: user,
    token_length: Authentication::Constants::SSO_SEND_LENGTH,
    uses: Authentication::Constants::SSO_SEND_USES,
    reason: Authentication::Constants::SSO_REASON,
    expires_at: Authentication::Constants::SSO_EXPIRES.from_now,
    url_redirect: RailsBase.url_routes.
  }

  status = RailsBase::Authentication::SingleSignOnSend.call(local_params)
  if status.failure?
    @_admin_action_struct = false
    flash[:alert] = "Failed to send SSO to user via #{status.sso_destination}. #{status.message}"
  else
    @_admin_action_struct = RailsBase::AdminStruct.new(nil, nil, user)
    flash[:notice] = "Successfully sent SSO to user via #{status.sso_destination}."
  end
  redirect_to RailsBase.url_routes.admin_base_path
end

#switch_backObject

POST admin/impersonate



284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
 
# File 'app/controllers/rails_base/admin_controller.rb', line 284

def switch_back
  unless original_user_id = session[RailsBase::Authentication::Constants::ADMIN_REMEMBER_USERID_KEY]
    # something wonky happend to the session. Kick user back to homepage and relogin
    warden.logout(:user)
    flash[:alert] = 'Unknown failure. Please log in again'
    redirect_to RailsBase.url_routes.unauthenticated_root_path
    session.clear
    return
  end

  # use warden here so that we dont add to devise signin/out hooks
  warden.set_user(User.find(original_user_id), scope: :user)

  # Critical step to ensure subsequent apps dont think we are an impersonation
  session.delete(RailsBase::Authentication::Constants::ADMIN_REMEMBER_REASON)

  flash[:notice] = 'You no longer have an identity crisis. You are back to normal.'
  redirect_url = RailsBase.config.admin.admin_impersonate_return.call(request, params)
  redirect_to redirect_url
end

#update_attributeObject

POST admin/update



155
156
157
158
159
160
161
162
163
164
 
# File 'app/controllers/rails_base/admin_controller.rb', line 155

def update_attribute
  update = RailsBase::AdminUpdateAttribute.call(params: params, admin_user: admin_user)
  if update.success?
    @_admin_action_struct = RailsBase::AdminStruct.new(update.original_attribute, update.attribute, update.model)
    render json: { success: true, message: update.message, attribute: update.attribute }
  else
    @_admin_action_struct = false
    render json: { success: false, message: update.message }, status: 404
  end
end

#update_emailObject 



191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
 
# File 'app/controllers/rails_base/admin_controller.rb', line 191

def update_email
  unless RailsBase.config.admin.email_tile_users?(admin_user)
    flash[:alert] = 'You do not have correct permissions to change a users name'
    redirect_to RailsBase.url_routes.admin_base_path
    return
  end

  user = User.find(params[:id])
  result = EmailChange.call(email: params[:email], user: user)
  if result.success?
    @_admin_action_struct = RailsBase::AdminStruct.new(result.original_email, result.new_email, user)
    msg = "Successfully changed email from [#{result.original_email}] to [#{result.new_email}]"
    render json: { success: true, message: msg, email: result.new_email }
  else
    @_admin_action_struct = false
    render json: { success: false, message: result.message }, status: 404
  end
end

#update_nameObject 



166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'app/controllers/rails_base/admin_controller.rb', line 166

def update_name
  unless RailsBase.config.admin.name_tile_users?(admin_user)
    flash[:alert] = 'You do not have correct permissions to change a users name'
    redirect_to RailsBase.url_routes.admin_base_path
    return
  end
  user = User.find(params[:id])

  result = NameChange.call(
    first_name: params[:first_name],
    last_name: params[:last_name],
    current_user: user,
    admin_user_id: accurate_admin_user
  )

  if result.success?
    @_admin_action_struct = RailsBase::AdminStruct.new(result.original_name, result.name_change, user)
    msg = "Successfully changed name from [#{result.original_name}] to [#{result.name_change}]"
    render json: { success: true, message: msg, full_name: result.name_change }
  else
    @_admin_action_struct = false
    render json: { success: false, message: "Failed to change #{user.id} name" }, status: 404
  end
end

#update_phoneObject 



210
211
212
213
214
215
216
217
218
219
 
# File 'app/controllers/rails_base/admin_controller.rb', line 210

def update_phone
  begin
    params[:value] = params[:phone_number].gsub(/\D/,'')
  rescue
    params[:value] = ''
    params[:_fail_] = true
  end
  params[:attribute] = :phone_number
  update_attribute
end

#verify_2faObject

POST admin/validate_intent/verify



234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
 
# File 'app/controllers/rails_base/admin_controller.rb', line 234

def verify_2fa
  unless modify_id = params[:modify_id]
    logger.warn("Failed to find #{modify_id} in payload")
    render json: { success: false, message: 'Hmm. Something fishy happend. Failed to find text to modify' }, status: 404
    return
  end

  unless render_partial = SECOND_MODAL_MAPPING[params[:modal_mapping].to_sym] rescue nil
    logger.warn("Mapping [#{params[:modal_mapping]}] is not defined. Expected part of #{SECOND_MODAL_MAPPING.keys}")
    render json: { success: false, message: 'Hmm. Something fishy happend. Failed to find modal mapping' }, status: 404
    return
  end

  unless user = User.find(params[:id]) rescue nil
    logger.warn("Failed to find id:[#{params[:id]}] ")
    render json: { success: false, message: 'Hmm. Something fishy happend. Failed to find associated id' }, status: 404
    return
  end

  params = {
    session_mfa_user_id: admin_user.id,
    current_user: admin_user,
    input_reason: session_reason,
    params: parse_mfa_to_obj
  }
  result = RailsBase::Authentication::MfaValidator.call(params)
  encrypt = RailsBase::Authentication::MfaSetEncryptToken.call(user: admin_user, purpose: session_reason, expires_at: 1.minute.from_now)

  begin
    html = render_to_string(partial: render_partial, locals: { user: user, modify_id: modify_id })
  rescue StandardError => e
    logger.warn("#{e.message}")
    logger.warn("Failed to render html correctly")
    html = nil
  end
  if html.nil?
    logger.warn("Failed to find render html correctly")
    render json: { success: false, message: 'Apologies. Wee are struggling to render the page. Please try again later' }, status: 500
    return
  end

  if result.success?
    session[:mfa_randomized_token] = encrypt.encrypted_val
    render json: { success: true, message: result.message, html: html }
  else
    render json: { success: false, message: result.message }, status: 404
  end
end