Class: RailsBase::SecondaryAuthenticationController

Inherits:

RailsBaseApplicationController

• Object
• ActionController::Base
• RailsBaseApplicationController
• RailsBase::SecondaryAuthenticationController

Defined in:

app/controllers/rails_base/secondary_authentication_controller.rb

Constant Summary

Constants included from CaptureReferenceHelper

CaptureReferenceHelper::CAPTURE_ACTION_NAME, CaptureReferenceHelper::CAPTURE_CONTROLLER_PATH, CaptureReferenceHelper::CAPTURE_REFERRED_PATH

Constants included from AppearanceHelper

AppearanceHelper::APPEARANCE_MODE_ACTUAL_COOKIE, AppearanceHelper::APPEARANCE_MODE_COOKIE, AppearanceHelper::APPEARANCE_TEXT_CLASS, AppearanceHelper::VIEWPORT_EXTRA_LARGE, AppearanceHelper::VIEWPORT_EXTRA_SMALL, AppearanceHelper::VIEWPORT_LARGE, AppearanceHelper::VIEWPORT_MEDIUM, AppearanceHelper::VIEWPORT_MOBILE_MAX, AppearanceHelper::VIEWPORT_SIZES, AppearanceHelper::VIEWPORT_SMALL

Constants included from ApplicationHelper

ApplicationHelper::TIMEZONE_OFFSET_COOKIE, ApplicationHelper::TIMEZONE_SESSION_NAME

Instance Method Summary

• #after_email_login_session_create ⇒ Object

  POST auth/login.

• #after_email_login_session_new ⇒ Object

  GET auth/login.

• #email_verification ⇒ Object

  GET auth/email/:data.

• #forgot_password ⇒ Object

  GET auth/email/forgot/:data.

• #remove_me ⇒ Object
• #resend_email ⇒ Object

  POST auth/resend_email.

• #reset_password ⇒ Object

  POST auth/email/reset/:data.

• #reset_password_input ⇒ Object

  GET auth/password/reset/:data.

• #sso_login ⇒ Object

  GET auth/validate/:data.

• #static ⇒ Object

  GET auth/wait.

Methods inherited from RailsBaseApplicationController

#admin_impersonation_session?, #admin_reset_impersonation_session!, #admin_user?, #capture_admin_action, #is_timeout_error?, #populate_admin_actions, #set_time_zone

Methods included from CaptureReferenceHelper

#authenticate_user!, #capture_and_clear_reference_redirect!, #capture_clear_reference_from_sesssion!, #capture_reference, #redirect_from_reference, #reference_redirect, #skip_capture_reference!, #skip_capture_reference?, #use_capture_reference?

Methods included from AppearanceHelper

#appearance_mode_drop_down, #appearance_text_class, #footer_mode_case, #force_sticky_mode!

Methods included from ApplicationHelper

#admin_reset_session!, #browser, #is_mobile?, #is_safari?, #mfa_fallback?

Instance Method Details

#after_email_login_session_create ⇒ Object

POST auth/login

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 56

def after_email_login_session_create
  return unless validate_mfa_token!(purpose: Authentication::Constants::SSOVE_PURPOSE)

  flash[:notice] = nil
  flash[:alert] = nil
  authenticate = Authentication::AuthenticateUser.call(email: params[:user][:email], password: params[:user][:password])
  if authenticate.failure?
    flash[:alert] = authenticate.message
    @user = User.new(email: params[:user][:email])
    render :after_email_login_session_new
    return
  end

  sign_in(authenticate.user)
  flash[:notice] = I18n.t('authentication.after_email_login_session_create')
  redirect_to RailsBase.url_routes.authenticated_root_path
end

#after_email_login_session_new ⇒ Object

GET auth/login

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 46

def after_email_login_session_new
  return unless validate_mfa_token!(purpose: Authentication::Constants::SSOVE_PURPOSE)

  @user = User.new
  if flash[:alert].nil? && flash[:notice].nil?
    flash[:notice] = I18n.t('authentication.after_email_login_session_new')
  end
end

#email_verification ⇒ Object

GET auth/email/:data

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 33

def email_verification
  verify = Authentication::SsoVerifyEmail.call(verification: params[:data])

  if verify.failure?
    redirect_to(verify.redirect_url, alert: verify.message)
    return
  end

  session[:mfa_randomized_token] = verify.encrypted_val
  redirect_to RailsBase.url_routes.login_after_email_path
end

#forgot_password ⇒ Object

GET auth/email/forgot/:data

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 75

def forgot_password
  result = Authentication::VerifyForgotPassword.call(data: params[:data])

  if result.failure?
    redirect_to result.redirect_url, alert: result.message
    return
  end

  event = RailsBase::MfaEvent.forgot_password(user: result.user, data: params[:data])
  if result.mfa_flow
    flash[:notice] = "MFA required to reset password"
    redirect_to(RailsBase.url_routes.mfa_with_event_path(mfa_event: event.event))
  else
    # Requirements to continue were satiatet..we can let the user reset their password
    event.satiated!
    flash[:notice] = "Datum valid. Reset your password"
    redirect_to(RailsBase.url_routes.reset_password_input_path(data: params[:data]))
  end

  # Upload event to the session as a last step to ensure we capture if it was satiated or not
  add_mfa_event_to_session(event:)
end

#remove_me ⇒ Object

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 16

def remove_me
end

#resend_email ⇒ Object

POST auth/resend_email

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 20

def resend_email
  user = User.find @token_verifier.user_id
  email_verification = Authentication::SendVerificationEmail.call(user: user, reason: Authentication::Constants::SVE_LOGIN_REASON)
  params =
    if email_verification.failure?
      { alert: email_verification.message }
    else
      { notice: I18n.t('authentication.resend_email', email: user.email) }
    end
  redirect_to RailsBase.url_routes.auth_static_path, params
end

#reset_password ⇒ Object

POST auth/email/reset/:data

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 115

def reset_password
  return unless validate_mfa_with_event!(mfa_event_name: RailsBase::MfaEvent::FORGOT_PASSWORD)

  unless @__rails_base_mfa_event.satiated?
    logger.error("MFA Event was not satiated. Kicking user back to root")
    clear_mfa_event_from_session!(event_name: @__rails_base_mfa_event.event)
    session.clear
    flash[:alert] = "Unauthorized access"
    redirect_to(RailsBase.url_routes.unauthenticated_root_path)
    return
  end

  result = Authentication::ModifyPassword.call(password: params[:user][:password], password_confirmation: params[:user][:password_confirmation], data: params[:data], user_id: @__rails_base_mfa_event.user_id, flow: :forgot_password)
  if result.failure?
    redirect_to RailsBase.url_routes.new_user_password_path, alert: result.message
    return
  end

  redirect_to RailsBase.url_routes.authenticated_root_path, notice: I18n.t('authentication.reset_password')
end

#reset_password_input ⇒ Object

GET auth/password/reset/:data

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 99

def reset_password_input
  return unless validate_mfa_with_event!(mfa_event_name: RailsBase::MfaEvent::FORGOT_PASSWORD)

  if @__rails_base_mfa_event.satiated?
    @data = params[:data]
    @user = User.find(@__rails_base_mfa_event.user_id)
  else
    logger.error("MFA Event was not satiated. Kicking user back to root")
    clear_mfa_event_from_session!(event_name: @__rails_base_mfa_event.event)
    session.clear
    flash[:alert] = "Unauthorized access"
    redirect_to(RailsBase.url_routes.unauthenticated_root_path)
  end
end

#sso_login ⇒ Object

GET auth/validate/:data

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 137

def sso_login
  input_params = {
    data: params[:data],
    reason: RailsBase::Authentication::Constants::SSO_LOGIN_REASON
  }
  sso_decision = RailsBase::Authentication::SingleSignOnVerify.call(input_params)
  if sso_decision.failure?
    if current_user.nil?
      flash[:alert] = I18n.t('authentication.sso_login.fail') + sso_decision.message
      redirect_to RailsBase.url_routes.unauthenticated_root_path
      return
    else
      logger.info('User is logged in but failed the SSO login')
    end
  end


  sign_in(sso_decision.user) if current_user.nil?

  url =
    if RailsBase.route_exist?(sso_decision.url_redirect)
      sso_decision.url_redirect
    else
      logger.debug("Failed to find #{sso_decision.url_redirect}. Redirecing to root")
      RailsBase.url_routes.authenticated_root_path
    end

  flash[:notice] = I18n.t('authentication.sso_login.valid')
  redirect_to url
end

#static ⇒ Object

GET auth/wait

# File 'app/controllers/rails_base/secondary_authentication_controller.rb', line 8

def static
  return unless validate_mfa_token!(purpose: Authentication::Constants::SSOVE_PURPOSE)

  if flash[:notice].nil? && flash[:alert].nil?
    flash[:notice] = Authentication::Constants::STATIC_WAIT_FLASH
  end
end