Class: Trainmaster::SessionsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/trainmaster/sessions_controller.rb

Overview

This class is sessions controller that performs CRD on session objects. Note that a token includes its session ID. Use “current” to look up a session in the current context.

Constant Summary

Constants included from ApplicationHelper

ApplicationHelper::UNAUTHORIZED_ERROR

Instance Method Summary collapse

Methods included from ApplicationHelper

#authorize_for!, #authorized?, #authorized_for?, #get_user, #has_admin_auth?

Instance Method Details

#createObject

This action is essentially the login action. Note that get_user is not triggered for this action because we will look at username first. That would be the “normal” way to login. The alternative would be with the token based authentication. If the latter doesn’t make sense, just use the username and password approach.

A ApplicationController::UNAUTHORIZED_ERROR is thrown if user is not verified.



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'app/controllers/trainmaster/sessions_controller.rb', line 44

def create

  # See if OAuth is used first. When authenticated successfully, either
  # the existing user will be found or a new user will be created.
  # Failure will be redirected to this action but will not match this
  # branch.
  if (omniauth_hash = request.env["omniauth.auth"])
    @user = User.from_omniauth_hash(omniauth_hash)

  # Then see if the request already has authentication. Note that if the
  # user does not have access to the specified session owner, 401 will
  # be thrown.
  elsif accept_auth
    @user = @auth_user

  # Otherwise, it's a normal login process. Use username and password to
  # authenticate. The user must exist, the password must be vaild, and
  # the email must have been verified.
  else
    @user = User.find_by_username(session_params[:username])
    if (@user.nil? || !@user.authenticate(session_params[:password]) ||
        !@user.verified)
      raise ApplicationController::UNAUTHORIZED_ERROR
    end
  end

  # Finally, create session regardless of the method and store it.
  @session = Session.new(user: @user)
  if @session.save
    if omniauth_hash
      # redirect_to the app page that accepts new session token
      url = Rails.application.config.oauth_landing_page_url
      url = "#{url}?token=#{@session.token}"
      render inline: "", status: 302, location: url
    else
      render json: @session, except: [:secret], status: 201
    end
  else
    # :nocov:
    render_errors 400, @session.full_error_messages
    # :nocov:
  end
end

#destroyObject

Deletes a session.



98
99
100
101
102
103
104
105
106
 
# File 'app/controllers/trainmaster/sessions_controller.rb', line 98

def destroy
  if @session.destroy
    render body: "", status: 204
  else
    # :nocov:
    render_error 400, @session.errors.full_messages
    # :nocov:
  end
end

#indexObject

Lists all sessions that belong to the specified or authenticated user.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'app/controllers/trainmaster/sessions_controller.rb', line 19

def index
  @sessions = Session.where(user: @user)
  expired = []
  active = []
  @sessions.each do |session|
    if session.expired?
      expired << session.uuid
    else
      active << session
    end
  end
  SessionsCleanupJob.perform_later(*expired)
  render json: active, except: [:secret]
end

#showObject

Shows a session information.



91
92
93
 
# File 'app/controllers/trainmaster/sessions_controller.rb', line 91

def show
  render json: @session, except: [:secret]
end