2015-08-10 11:05:06 +02:00
|
|
|
class ApplicationController < ActionController::Base
|
2019-02-01 17:17:10 +01:00
|
|
|
include TrustedDeviceConcern
|
2019-06-27 16:26:07 +02:00
|
|
|
include Pundit
|
2020-03-18 16:05:04 +01:00
|
|
|
include Devise::StoreLocationExtension
|
2021-07-06 16:29:23 +02:00
|
|
|
include ApplicationController::LongLivedAuthenticityToken
|
2021-07-06 12:34:23 +02:00
|
|
|
include ApplicationController::ErrorHandling
|
2019-02-01 17:17:10 +01:00
|
|
|
|
2018-04-26 10:52:41 +02:00
|
|
|
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
|
|
|
|
|
2019-03-06 15:21:10 +01:00
|
|
|
before_action :set_current_roles
|
2021-01-28 14:49:22 +01:00
|
|
|
before_action :set_sentry_user
|
2019-02-01 17:17:10 +01:00
|
|
|
before_action :redirect_if_untrusted
|
2021-04-06 12:21:49 +02:00
|
|
|
before_action :reject, if: -> { ENV.fetch("MAINTENANCE_MODE", 'false') == 'true' }
|
2020-11-04 16:35:15 +01:00
|
|
|
before_action :configure_permitted_parameters, if: :devise_controller?
|
2017-07-24 12:29:09 +02:00
|
|
|
|
2018-01-16 16:31:47 +01:00
|
|
|
before_action :staging_authenticate
|
2018-04-26 14:36:27 +02:00
|
|
|
before_action :set_active_storage_host
|
2019-11-19 14:40:28 +01:00
|
|
|
before_action :setup_javascript_settings
|
2019-03-26 16:02:08 +01:00
|
|
|
before_action :setup_tracking
|
2022-01-26 18:46:43 +01:00
|
|
|
before_action :set_customizable_view_path
|
2021-05-12 16:30:35 +02:00
|
|
|
|
|
|
|
around_action :switch_locale
|
2018-01-16 16:31:47 +01:00
|
|
|
|
2021-02-09 10:24:13 +01:00
|
|
|
helper_method :multiple_devise_profile_connect?, :instructeur_signed_in?, :current_instructeur, :current_expert, :expert_signed_in?,
|
2021-08-24 11:39:15 +02:00
|
|
|
:administrateur_signed_in?, :current_administrateur, :current_account, :localization_enabled?, :set_locale
|
2019-08-08 17:33:49 +02:00
|
|
|
|
2018-01-16 16:31:47 +01:00
|
|
|
def staging_authenticate
|
|
|
|
if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
|
|
|
|
request_http_basic_authentication
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-08-08 17:44:33 +02:00
|
|
|
def multiple_devise_profile_connect?
|
|
|
|
user_signed_in? && instructeur_signed_in? ||
|
|
|
|
instructeur_signed_in? && administrateur_signed_in? ||
|
2021-02-09 10:24:13 +01:00
|
|
|
instructeur_signed_in? && expert_signed_in? ||
|
|
|
|
user_signed_in? && administrateur_signed_in? ||
|
|
|
|
user_signed_in? && expert_signed_in?
|
2019-08-08 17:44:33 +02:00
|
|
|
end
|
|
|
|
|
2019-08-08 17:33:49 +02:00
|
|
|
def current_instructeur
|
|
|
|
current_user&.instructeur
|
|
|
|
end
|
|
|
|
|
|
|
|
def instructeur_signed_in?
|
|
|
|
user_signed_in? && current_user&.instructeur.present?
|
|
|
|
end
|
|
|
|
|
2019-08-09 10:38:51 +02:00
|
|
|
def current_administrateur
|
|
|
|
current_user&.administrateur
|
|
|
|
end
|
|
|
|
|
|
|
|
def administrateur_signed_in?
|
|
|
|
current_administrateur.present?
|
|
|
|
end
|
|
|
|
|
2021-02-09 10:24:13 +01:00
|
|
|
def current_expert
|
|
|
|
current_user&.expert
|
|
|
|
end
|
|
|
|
|
|
|
|
def expert_signed_in?
|
|
|
|
current_expert.present?
|
|
|
|
end
|
|
|
|
|
2020-06-24 13:21:21 +02:00
|
|
|
def current_account
|
|
|
|
{
|
|
|
|
administrateur: current_administrateur,
|
|
|
|
instructeur: current_instructeur,
|
|
|
|
user: current_user
|
|
|
|
}.compact
|
|
|
|
end
|
|
|
|
|
|
|
|
alias_method :pundit_user, :current_account
|
|
|
|
|
2021-08-24 11:39:15 +02:00
|
|
|
def localization_enabled?
|
2021-09-01 15:52:24 +02:00
|
|
|
ENV.fetch('LOCALIZATION_ENABLED', 'false') == 'true' || cookies[:locale].present? || !browser_prefers_french?
|
|
|
|
end
|
|
|
|
|
|
|
|
def browser_prefers_french?
|
|
|
|
http_accept_language.compatible_language_from(I18n.available_locales) == 'fr'
|
2021-08-24 11:39:15 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def set_locale(locale)
|
|
|
|
if locale && locale.to_sym.in?(I18n.available_locales)
|
|
|
|
cookies[:locale] = locale
|
2021-09-01 18:50:38 +02:00
|
|
|
if user_signed_in?
|
|
|
|
current_user.update(locale: locale)
|
|
|
|
end
|
2021-08-24 11:39:15 +02:00
|
|
|
locale
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-10-13 09:23:40 +02:00
|
|
|
def ajax_redirect(path)
|
|
|
|
"window.location.href='#{path}'"
|
|
|
|
end
|
|
|
|
|
2017-01-03 11:32:21 +01:00
|
|
|
protected
|
|
|
|
|
2019-07-04 12:36:17 +02:00
|
|
|
def feature_enabled?(feature_name)
|
|
|
|
Flipper.enabled?(feature_name, current_user)
|
|
|
|
end
|
|
|
|
|
2018-09-07 15:44:00 +02:00
|
|
|
def authenticate_logged_user!
|
2019-08-06 11:02:54 +02:00
|
|
|
if instructeur_signed_in?
|
|
|
|
authenticate_instructeur!
|
2021-02-09 10:24:13 +01:00
|
|
|
elsif expert_signed_in?
|
|
|
|
authenticate_expert!
|
2018-09-07 15:44:00 +02:00
|
|
|
elsif administrateur_signed_in?
|
|
|
|
authenticate_administrateur!
|
|
|
|
else
|
|
|
|
authenticate_user!
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-08-06 11:02:54 +02:00
|
|
|
def authenticate_instructeur!
|
2019-08-08 17:33:49 +02:00
|
|
|
if !instructeur_signed_in?
|
2017-01-03 11:32:21 +01:00
|
|
|
redirect_to new_user_session_path
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-02-09 10:24:13 +01:00
|
|
|
def authenticate_expert!
|
|
|
|
if !expert_signed_in?
|
|
|
|
redirect_to new_user_session_path
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-01-03 11:32:21 +01:00
|
|
|
def authenticate_administrateur!
|
2019-08-09 10:38:51 +02:00
|
|
|
if !administrateur_signed_in?
|
2017-01-03 11:32:21 +01:00
|
|
|
redirect_to new_user_session_path
|
|
|
|
end
|
|
|
|
end
|
2017-06-28 07:08:25 +02:00
|
|
|
|
2018-05-14 18:12:07 +02:00
|
|
|
def after_sign_out_path_for(_resource_or_scope)
|
|
|
|
stored_location_for(:user) || super
|
|
|
|
end
|
|
|
|
|
2020-11-04 16:35:15 +01:00
|
|
|
def configure_permitted_parameters
|
|
|
|
devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt])
|
|
|
|
end
|
|
|
|
|
2017-06-28 07:08:25 +02:00
|
|
|
private
|
|
|
|
|
2019-03-06 15:21:10 +01:00
|
|
|
def set_current_roles
|
|
|
|
Current.administrateur = current_administrateur
|
2019-08-06 11:02:54 +02:00
|
|
|
Current.instructeur = current_instructeur
|
2019-03-06 15:21:10 +01:00
|
|
|
end
|
|
|
|
|
2018-04-26 14:36:27 +02:00
|
|
|
def set_active_storage_host
|
|
|
|
ActiveStorage::Current.host = request.base_url
|
|
|
|
end
|
|
|
|
|
2019-11-19 14:40:28 +01:00
|
|
|
def setup_javascript_settings
|
|
|
|
gon.autosave = Rails.application.config.ds_autosave
|
2020-01-14 18:46:07 +01:00
|
|
|
gon.autocomplete = Rails.application.secrets.autocomplete
|
2019-11-19 14:40:28 +01:00
|
|
|
end
|
|
|
|
|
2019-03-26 16:02:08 +01:00
|
|
|
def setup_tracking
|
|
|
|
gon.matomo = matomo_config
|
|
|
|
gon.sentry = sentry_config
|
|
|
|
|
|
|
|
if administrateur_signed_in?
|
2019-05-15 14:15:48 +02:00
|
|
|
gon.crisp = crisp_config
|
2019-03-26 16:02:08 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-09-17 11:01:20 +02:00
|
|
|
def current_user_roles
|
|
|
|
@current_user_roles ||= begin
|
|
|
|
roles = [
|
|
|
|
current_user,
|
|
|
|
current_instructeur,
|
|
|
|
current_administrateur,
|
2020-11-05 15:09:11 +01:00
|
|
|
current_super_admin
|
2019-09-17 11:01:20 +02:00
|
|
|
].compact.map { |role| role.class.name }
|
2018-08-07 16:13:40 +02:00
|
|
|
|
2019-09-17 11:01:20 +02:00
|
|
|
roles.any? ? roles.join(', ') : 'Guest'
|
|
|
|
end
|
2018-01-17 14:40:31 +01:00
|
|
|
end
|
2017-06-28 07:08:25 +02:00
|
|
|
|
2021-01-28 14:49:22 +01:00
|
|
|
def set_sentry_user
|
|
|
|
Sentry.set_user(sentry_user)
|
2017-06-28 07:08:25 +02:00
|
|
|
end
|
2018-01-17 14:40:31 +01:00
|
|
|
|
2019-11-18 23:11:38 +01:00
|
|
|
# private method called by rails fwk
|
|
|
|
# see https://github.com/roidrage/lograge
|
2018-08-12 10:31:28 +02:00
|
|
|
def append_info_to_payload(payload)
|
|
|
|
super
|
2018-08-07 16:13:40 +02:00
|
|
|
|
2018-08-12 10:31:28 +02:00
|
|
|
payload.merge!({
|
2018-01-17 14:40:31 +01:00
|
|
|
user_agent: request.user_agent,
|
2019-09-17 11:01:20 +02:00
|
|
|
user_id: current_user&.id,
|
|
|
|
user_roles: current_user_roles
|
2018-08-12 10:31:28 +02:00
|
|
|
}.compact)
|
2018-01-17 14:40:31 +01:00
|
|
|
|
|
|
|
if browser.known?
|
|
|
|
payload.merge!({
|
|
|
|
browser: browser.name,
|
|
|
|
browser_version: browser.version.to_s,
|
2018-10-01 14:06:08 +02:00
|
|
|
platform: browser.platform.name
|
2018-01-17 14:40:31 +01:00
|
|
|
})
|
|
|
|
end
|
2018-08-07 16:13:40 +02:00
|
|
|
|
|
|
|
payload
|
2018-01-17 14:40:31 +01:00
|
|
|
end
|
2018-01-30 14:43:56 +01:00
|
|
|
|
2018-04-26 10:52:41 +02:00
|
|
|
def reject
|
|
|
|
authorized_request =
|
|
|
|
request.path_info == '/' ||
|
|
|
|
request.path_info.start_with?('/manager') ||
|
2020-11-05 15:09:11 +01:00
|
|
|
request.path_info.start_with?('/super_admins')
|
2018-04-26 10:52:41 +02:00
|
|
|
|
|
|
|
api_request = request.path_info.start_with?('/api/')
|
|
|
|
|
2020-11-05 15:09:11 +01:00
|
|
|
if super_admin_signed_in? || authorized_request
|
2018-04-26 10:52:41 +02:00
|
|
|
flash.now.alert = MAINTENANCE_MESSAGE
|
|
|
|
elsif api_request
|
|
|
|
render json: { error: MAINTENANCE_MESSAGE }.to_json, status: :service_unavailable
|
|
|
|
else
|
2019-08-06 11:02:54 +02:00
|
|
|
[:user, :instructeur, :administrateur].each { |role| sign_out(role) }
|
2018-04-26 10:52:41 +02:00
|
|
|
flash[:alert] = MAINTENANCE_MESSAGE
|
|
|
|
redirect_to root_path
|
|
|
|
end
|
|
|
|
end
|
2019-02-01 17:17:10 +01:00
|
|
|
|
|
|
|
def redirect_if_untrusted
|
2019-08-06 11:02:54 +02:00
|
|
|
if instructeur_signed_in? &&
|
2019-02-01 17:17:10 +01:00
|
|
|
sensitive_path &&
|
2021-11-25 15:37:40 +01:00
|
|
|
!current_instructeur.bypass_email_login_token &&
|
2019-04-03 14:27:28 +02:00
|
|
|
!IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&
|
2019-02-01 17:17:10 +01:00
|
|
|
!trusted_device?
|
|
|
|
|
2019-02-06 20:51:04 +01:00
|
|
|
# return at this location
|
|
|
|
# after the device is trusted
|
2020-03-20 10:26:21 +01:00
|
|
|
if get_stored_location_for(:user).blank?
|
|
|
|
store_location_for(:user, request.fullpath)
|
|
|
|
end
|
2019-02-06 20:51:04 +01:00
|
|
|
|
2019-08-06 11:02:54 +02:00
|
|
|
send_login_token_or_bufferize(current_instructeur)
|
|
|
|
redirect_to link_sent_path(email: current_instructeur.email)
|
2019-02-01 17:17:10 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def sensitive_path
|
|
|
|
path = request.path_info
|
|
|
|
|
|
|
|
if path == '/' ||
|
|
|
|
path == '/users/sign_out' ||
|
2019-08-13 19:45:51 +02:00
|
|
|
path == '/contact' ||
|
|
|
|
path == '/contact-admin' ||
|
2019-02-01 17:17:10 +01:00
|
|
|
path.start_with?('/connexion-par-jeton') ||
|
|
|
|
path.start_with?('/api/') ||
|
|
|
|
path.start_with?('/lien-envoye')
|
|
|
|
|
|
|
|
false
|
|
|
|
else
|
|
|
|
true
|
|
|
|
end
|
|
|
|
end
|
2019-03-26 16:02:08 +01:00
|
|
|
|
2019-04-03 12:13:34 +02:00
|
|
|
def sentry_user
|
2019-09-17 11:01:20 +02:00
|
|
|
{ id: user_signed_in? ? "User##{current_user.id}" : 'Guest' }
|
2019-04-03 12:13:34 +02:00
|
|
|
end
|
|
|
|
|
2019-03-26 16:02:08 +01:00
|
|
|
def sentry_config
|
|
|
|
sentry = Rails.application.secrets.sentry
|
|
|
|
|
|
|
|
{
|
2021-05-12 15:00:13 +02:00
|
|
|
key: sentry[:js_client_key],
|
2019-03-26 16:02:08 +01:00
|
|
|
enabled: sentry[:enabled],
|
2019-04-03 12:13:34 +02:00
|
|
|
environment: sentry[:environment],
|
2020-03-04 16:23:54 +01:00
|
|
|
browser: { modern: BrowserSupport.supported?(browser) },
|
2019-04-03 12:13:34 +02:00
|
|
|
user: sentry_user
|
2019-03-26 16:02:08 +01:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def matomo_config
|
|
|
|
matomo = Rails.application.secrets.matomo
|
|
|
|
|
|
|
|
{
|
2022-02-15 11:55:24 +01:00
|
|
|
cookieDomain: matomo[:cookie_domain],
|
2022-01-26 13:57:49 +01:00
|
|
|
domain: matomo[:domain],
|
2022-01-18 12:47:01 +01:00
|
|
|
enabled: matomo[:enabled],
|
|
|
|
host: matomo[:host],
|
|
|
|
key: matomo[:client_key]
|
2019-03-26 16:02:08 +01:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2019-05-15 14:15:48 +02:00
|
|
|
def crisp_config
|
|
|
|
crisp = Rails.application.secrets.crisp
|
|
|
|
|
2019-09-25 17:51:28 +02:00
|
|
|
nb_demarches_by_state = if current_administrateur.present?
|
|
|
|
current_administrateur.procedures.group(:aasm_state).count
|
|
|
|
else
|
|
|
|
{}
|
|
|
|
end
|
|
|
|
|
2019-05-15 14:15:48 +02:00
|
|
|
{
|
|
|
|
key: crisp[:client_key],
|
|
|
|
enabled: crisp[:enabled],
|
|
|
|
administrateur: {
|
2019-09-17 11:01:20 +02:00
|
|
|
email: current_user&.email,
|
|
|
|
DS_SIGN_IN_COUNT: current_user&.sign_in_count,
|
2019-05-15 14:15:48 +02:00
|
|
|
DS_CREATED_AT: current_administrateur&.created_at,
|
2019-07-11 16:05:41 +02:00
|
|
|
DS_ID: current_administrateur&.id,
|
2019-09-25 17:51:28 +02:00
|
|
|
DS_NB_DEMARCHES_BROUILLONS: nb_demarches_by_state['brouillon'],
|
|
|
|
DS_NB_DEMARCHES_ACTIVES: nb_demarches_by_state['publiee'],
|
2019-11-14 09:43:45 +01:00
|
|
|
DS_NB_DEMARCHES_ARCHIVES: nb_demarches_by_state['close']
|
2019-05-15 14:15:48 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2019-03-26 16:02:08 +01:00
|
|
|
def current_email
|
2019-09-17 11:01:20 +02:00
|
|
|
current_user&.email
|
2019-03-26 16:02:08 +01:00
|
|
|
end
|
2020-08-27 11:37:03 +02:00
|
|
|
|
2021-05-12 16:30:35 +02:00
|
|
|
def switch_locale(&action)
|
2021-08-24 11:39:15 +02:00
|
|
|
locale = extract_locale_from_query_params ||
|
|
|
|
extract_locale_from_cookie ||
|
2021-09-01 18:50:38 +02:00
|
|
|
extract_locale_from_user ||
|
2021-08-24 11:39:15 +02:00
|
|
|
extract_locale_from_accept_language_header ||
|
|
|
|
I18n.default_locale
|
|
|
|
|
2021-05-12 16:30:35 +02:00
|
|
|
I18n.with_locale(locale, &action)
|
2020-08-27 11:37:03 +02:00
|
|
|
end
|
2021-08-24 11:39:15 +02:00
|
|
|
|
|
|
|
def extract_locale_from_query_params
|
|
|
|
set_locale(request.query_parameters[:locale])
|
|
|
|
end
|
|
|
|
|
2021-09-01 18:50:38 +02:00
|
|
|
def extract_locale_from_user
|
|
|
|
current_user&.locale
|
|
|
|
end
|
|
|
|
|
2021-08-24 11:39:15 +02:00
|
|
|
def extract_locale_from_cookie
|
|
|
|
cookies[:locale]
|
|
|
|
end
|
|
|
|
|
|
|
|
def extract_locale_from_accept_language_header
|
|
|
|
if localization_enabled?
|
|
|
|
http_accept_language.compatible_language_from(I18n.available_locales)
|
|
|
|
end
|
|
|
|
end
|
2022-01-26 18:46:43 +01:00
|
|
|
|
|
|
|
def set_customizable_view_path
|
|
|
|
prepend_view_path "app/custom_views"
|
|
|
|
end
|
2022-05-03 10:09:58 +02:00
|
|
|
|
|
|
|
# Extract a value from params based on the "path"
|
|
|
|
#
|
|
|
|
# params: { dossiers: { champs_attributes: { 1234 => { value: "hello" } } } }
|
|
|
|
#
|
|
|
|
# Usage: read_param_value("dossiers[champs_attributes][1234]", "value")
|
|
|
|
def read_param_value(path, name)
|
|
|
|
parts = path.split(/\[|\]\[|\]/) + [name]
|
|
|
|
parts.reduce(params) do |value, part|
|
|
|
|
if part.to_i != 0
|
|
|
|
value[part.to_i] || value[part]
|
|
|
|
else
|
|
|
|
value[part]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2015-08-10 11:05:06 +02:00
|
|
|
end
|