demarches-normaliennes/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  include TrustedDeviceConcern
  include Pundit

  MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'

  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
  before_action :set_current_roles
  before_action :load_navbar_left_pannel_partial_url
  before_action :set_raven_context
  before_action :redirect_if_untrusted
  before_action :authorize_request_for_profiler
  before_action :reject, if: -> { Flipflop.maintenance_mode? }

  before_action :staging_authenticate
  before_action :set_active_storage_host
  before_action :setup_tracking

  def staging_authenticate
    if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
      request_http_basic_authentication
    end
  end

  def authorize_request_for_profiler
    if Flipflop.mini_profiler_enabled?
      Rack::MiniProfiler.authorize_request
    end
  end

  def load_navbar_left_pannel_partial_url
    controller = request.controller_class
    method = params[:action]
    service = RenderPartialService.new(controller, method)
    @navbar_url = service.navbar
    @left_pannel_url = service.left_panel
  end

  def logged_in?
    logged_user.present?
  end

  helper_method :logged_in?

  def pundit_user
    {
      administrateur: current_administrateur,
      instructeur: current_instructeur,
      user: current_user
    }.compact
  end

  protected

  def authenticate_logged_user!
    if instructeur_signed_in?
      authenticate_instructeur!
    elsif administrateur_signed_in?
      authenticate_administrateur!
    else
      authenticate_user!
    end
  end

  def authenticate_instructeur!
    if instructeur_signed_in?
      super
    else
      redirect_to new_user_session_path
    end
  end

  def authenticate_administrateur!
    if administrateur_signed_in?
      super
    else
      redirect_to new_user_session_path
    end
  end

  def after_sign_out_path_for(_resource_or_scope)
    stored_location_for(:user) || super
  end

  private

  def set_current_roles
    Current.administrateur = current_administrateur
    Current.instructeur = current_instructeur
  end

  def set_active_storage_host
    ActiveStorage::Current.host = request.base_url
  end

  def setup_tracking
    gon.matomo = matomo_config
    gon.sentry = sentry_config

    if administrateur_signed_in?
      gon.sendinblue = sendinblue_config
      gon.crisp = crisp_config
    end
  end

  def logged_users
    @logged_users ||= [
      current_user,
      current_instructeur,
      current_administrateur,
      current_administration
    ].compact
  end

  def logged_user
    logged_users.first
  end

  def logged_user_roles
    roles = logged_users.map { |logged_user| logged_user.class.name }
    roles.any? ? roles.join(', ') : 'Guest'
  end

  def set_raven_context
    Raven.user_context(sentry_user)
  end

  def append_info_to_payload(payload)
    super
    user = logged_user

    payload.merge!({
      user_agent: request.user_agent,
      user_id: user&.id,
      user_email: user&.email,
      user_roles: logged_user_roles
    }.compact)

    if browser.known?
      payload.merge!({
        browser: browser.name,
        browser_version: browser.version.to_s,
        platform: browser.platform.name
      })
    end

    payload
  end

  def reject
    authorized_request =
      request.path_info == '/' ||
      request.path_info.start_with?('/manager') ||
      request.path_info.start_with?('/administrations')

    api_request = request.path_info.start_with?('/api/')

    if administration_signed_in? || authorized_request
      flash.now.alert = MAINTENANCE_MESSAGE
    elsif api_request
      render json: { error: MAINTENANCE_MESSAGE }.to_json, status: :service_unavailable
    else
      [:user, :instructeur, :administrateur].each { |role| sign_out(role) }
      flash[:alert] = MAINTENANCE_MESSAGE
      redirect_to root_path
    end
  end

  def redirect_if_untrusted
    if instructeur_signed_in? &&
        sensitive_path &&
        Flipflop.enable_email_login_token? &&
        !IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&
        !trusted_device?

      # return at this location
      # after the device is trusted
      store_location_for(:user, request.fullpath)

      send_login_token_or_bufferize(current_instructeur)
      redirect_to link_sent_path(email: current_instructeur.email)
    end
  end

  def sensitive_path
    path = request.path_info

    if path == '/' ||
      path == '/users/sign_out' ||
      path.start_with?('/connexion-par-jeton') ||
      path.start_with?('/api/') ||
      path.start_with?('/lien-envoye')

      false
    else
      true
    end
  end

  def sentry_user
    user = logged_user
    { id: user ? "#{user.class.name}##{user.id}" : 'Guest' }
  end

  def sentry_config
    sentry = Rails.application.secrets.sentry

    {
      key: sentry[:client_key],
      enabled: sentry[:enabled],
      environment: sentry[:environment],
      browser: { modern: browser.modern? },
      user: sentry_user
    }
  end

  def matomo_config
    matomo = Rails.application.secrets.matomo

    {
      key: matomo[:client_key],
      enabled: matomo[:enabled]
    }
  end

  def sendinblue_config
    sendinblue = Rails.application.secrets.sendinblue

    {
      key: sendinblue[:client_key],
      enabled: sendinblue[:enabled],
      administrateur: {
        email: current_administrateur&.email,
        payload: {
          DS_SIGN_IN_COUNT: current_administrateur&.sign_in_count,
          DS_CREATED_AT: current_administrateur&.created_at,
          DS_ACTIVE: current_administrateur&.active,
          DS_ID: current_administrateur&.id,
          DS_GESTIONNAIRE_ID: current_instructeur&.id,
          DS_ROLES: logged_user_roles
        }
      }
    }
  end

  def crisp_config
    crisp = Rails.application.secrets.crisp

    {
      key: crisp[:client_key],
      enabled: crisp[:enabled],
      administrateur: {
        email: current_administrateur&.email,
        DS_SIGN_IN_COUNT: current_administrateur&.sign_in_count,
        DS_CREATED_AT: current_administrateur&.created_at,
        DS_ID: current_administrateur&.id,
        DS_NB_DEMARCHES_BROUILLONS: current_administrateur&.procedures&.brouillons&.count,
        DS_NB_DEMARCHES_ACTIVES: current_administrateur&.procedures&.publiees&.count,
        DS_NB_DEMARCHES_ARCHIVES: current_administrateur&.procedures&.archivees&.count

      }
    }
  end

  def current_email
    current_user&.email ||
      current_instructeur&.email ||
      current_administrateur&.email
  end
end
First Commit 2015-08-10 11:05:06 +02:00			`class ApplicationController < ActionController::Base`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`include TrustedDeviceConcern`
Start using pundit 2019-06-27 16:26:07 +02:00			`include Pundit`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'`

First Commit 2015-08-10 11:05:06 +02:00			`# Prevent CSRF attacks by raising an exception.`
			`# For APIs, you may want to use :null_session instead.`
Disable csrf forgery protection in test environement 2018-09-07 15:43:07 +02:00			`protect_from_forgery with: :exception, if: -> { !Rails.env.test? }`
Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`before_action :set_current_roles`
Awsome struct to share layouts between controllers and there methods 2016-11-22 16:03:32 +01:00			`before_action :load_navbar_left_pannel_partial_url`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`before_action :set_raven_context`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`before_action :redirect_if_untrusted`
Enable rack mini profiler when super admin is connected 2017-07-24 12:29:09 +02:00			`before_action :authorize_request_for_profiler`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`before_action :reject, if: -> { Flipflop.maintenance_mode? }`
Enable rack mini profiler when super admin is connected 2017-07-24 12:29:09 +02:00
[Closes #1170] Put tps-dev (staging) environement behind a BasicAuth 2018-01-16 16:31:47 +01:00			`before_action :staging_authenticate`
Clone procedure notice 2018-04-26 14:36:27 +02:00			`before_action :set_active_storage_host`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`before_action :setup_tracking`
[Closes #1170] Put tps-dev (staging) environement behind a BasicAuth 2018-01-16 16:31:47 +01:00
			`def staging_authenticate`
			`if StagingAuthService.enabled? && !authenticate_with_http_basic { \|username, password\| StagingAuthService.authenticate(username, password) }`
			`request_http_basic_authentication`
			`end`
			`end`

Enable rack mini profiler when super admin is connected 2017-07-24 12:29:09 +02:00			`def authorize_request_for_profiler`
Put devtools behind feature flags 2019-05-15 15:57:57 +02:00			`if Flipflop.mini_profiler_enabled?`
Enable rack mini profiler when super admin is connected 2017-07-24 12:29:09 +02:00			`Rack::MiniProfiler.authorize_request`
			`end`
			`end`
First Commit 2015-08-10 11:05:06 +02:00
Awsome struct to share layouts between controllers and there methods 2016-11-22 16:03:32 +01:00			`def load_navbar_left_pannel_partial_url`
			`controller = request.controller_class`
			`method = params[:action]`
			`service = RenderPartialService.new(controller, method)`
			`@navbar_url = service.navbar`
			`@left_pannel_url = service.left_panel`
			`end`
Fix some tests 2017-01-03 11:32:21 +01:00
Add logged_in? helper 2018-08-29 11:43:47 +02:00			`def logged_in?`
			`logged_user.present?`
			`end`

			`helper_method :logged_in?`

Start using pundit 2019-06-27 16:26:07 +02:00			`def pundit_user`
Fix champ policy 2019-08-01 15:48:27 +02:00			`{`
			`administrateur: current_administrateur,`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`instructeur: current_instructeur,`
Fix champ policy 2019-08-01 15:48:27 +02:00			`user: current_user`
			`}.compact`
Start using pundit 2019-06-27 16:26:07 +02:00			`end`

Fix some tests 2017-01-03 11:32:21 +01:00			`protected`

Expose authenticated_logged_user! method 2018-09-07 15:44:00 +02:00			`def authenticate_logged_user!`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`if instructeur_signed_in?`
			`authenticate_instructeur!`
Expose authenticated_logged_user! method 2018-09-07 15:44:00 +02:00			`elsif administrateur_signed_in?`
			`authenticate_administrateur!`
			`else`
			`authenticate_user!`
			`end`
			`end`

Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`def authenticate_instructeur!`
			`if instructeur_signed_in?`
Fix some tests 2017-01-03 11:32:21 +01:00			`super`
			`else`
			`redirect_to new_user_session_path`
			`end`
			`end`

			`def authenticate_administrateur!`
			`if administrateur_signed_in?`
			`super`
			`else`
			`redirect_to new_user_session_path`
			`end`
			`end`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00
Connection: redirect user to its procedure 2018-05-14 18:12:07 +02:00			`def after_sign_out_path_for(_resource_or_scope)`
			`stored_location_for(:user) \|\| super`
			`end`

[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`private`

Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`def set_current_roles`
			`Current.administrateur = current_administrateur`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`Current.instructeur = current_instructeur`
Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`end`

Clone procedure notice 2018-04-26 14:36:27 +02:00			`def set_active_storage_host`
			`ActiveStorage::Current.host = request.base_url`
			`end`

Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`def setup_tracking`
			`gon.matomo = matomo_config`
			`gon.sentry = sentry_config`

			`if administrateur_signed_in?`
			`gon.sendinblue = sendinblue_config`
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00			`gon.crisp = crisp_config`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`end`
			`end`

Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`def logged_users`
			`@logged_users \|\|= [`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`current_user,`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`current_instructeur,`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`current_administrateur,`
			`current_administration`
			`].compact`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`end`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00
Fix logstasher custom fields 2018-08-07 16:13:40 +02:00			`def logged_user`
			`logged_users.first`
			`end`

Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`def logged_user_roles`
			`roles = logged_users.map { \|logged_user\| logged_user.class.name }`
			`roles.any? ? roles.join(', ') : 'Guest'`
			`end`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`def set_raven_context`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`Raven.user_context(sentry_user)`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`def append_info_to_payload(payload)`
			`super`
Fix logstasher custom fields 2018-08-07 16:13:40 +02:00			`user = logged_user`

Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`payload.merge!({`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`user_agent: request.user_agent,`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`user_id: user&.id,`
			`user_email: user&.email,`
			`user_roles: logged_user_roles`
			`}.compact)`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00
			`if browser.known?`
			`payload.merge!({`
			`browser: browser.name,`
			`browser_version: browser.version.to_s,`
Enable Style/TrailingCommaInHashLiteral 2018-10-01 14:06:08 +02:00			`platform: browser.platform.name`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`})`
			`end`
Fix logstasher custom fields 2018-08-07 16:13:40 +02:00
			`payload`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`end`
[#1374] Revert "Merge pull request #1373 from betagouv/fix_pagination" This reverts commit 5a56fe0182f8bad1cb7059a69513e514b0c25609, reversing changes made to 31aabcd6b619ef565f55c5ad8a1d5ef4c0ff948b. 2018-01-30 14:43:56 +01:00
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`def reject`
			`authorized_request =`
			`request.path_info == '/' \|\|`
			`request.path_info.start_with?('/manager') \|\|`
			`request.path_info.start_with?('/administrations')`

			`api_request = request.path_info.start_with?('/api/')`

			`if administration_signed_in? \|\| authorized_request`
			`flash.now.alert = MAINTENANCE_MESSAGE`
			`elsif api_request`
			`render json: { error: MAINTENANCE_MESSAGE }.to_json, status: :service_unavailable`
			`else`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`[:user, :instructeur, :administrateur].each { \|role\| sign_out(role) }`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`flash[:alert] = MAINTENANCE_MESSAGE`
			`redirect_to root_path`
			`end`
			`end`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
			`def redirect_if_untrusted`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`if instructeur_signed_in? &&`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`sensitive_path &&`
Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`Flipflop.enable_email_login_token? &&`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00			`!IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`!trusted_device?`

save path before redirect to link_sent_path 2019-02-06 20:51:04 +01:00			`# return at this location`
			`# after the device is trusted`
			`store_location_for(:user, request.fullpath)`

Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`send_login_token_or_bufferize(current_instructeur)`
			`redirect_to link_sent_path(email: current_instructeur.email)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`end`
			`end`

			`def sensitive_path`
			`path = request.path_info`

			`if path == '/' \|\|`
			`path == '/users/sign_out' \|\|`
			`path.start_with?('/connexion-par-jeton') \|\|`
			`path.start_with?('/api/') \|\|`
			`path.start_with?('/lien-envoye')`

			`false`
			`else`
			`true`
			`end`
			`end`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`def sentry_user`
			`user = logged_user`
Send browser support information and format user id 2019-04-04 14:21:18 +02:00			`{ id: user ? "#{user.class.name}##{user.id}" : 'Guest' }`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`end`

Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`def sentry_config`
			`sentry = Rails.application.secrets.sentry`

			`{`
			`key: sentry[:client_key],`
			`enabled: sentry[:enabled],`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`environment: sentry[:environment],`
Send browser support information and format user id 2019-04-04 14:21:18 +02:00			`browser: { modern: browser.modern? },`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`user: sentry_user`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`}`
			`end`

			`def matomo_config`
			`matomo = Rails.application.secrets.matomo`

			`{`
			`key: matomo[:client_key],`
			`enabled: matomo[:enabled]`
			`}`
			`end`

			`def sendinblue_config`
			`sendinblue = Rails.application.secrets.sendinblue`

			`{`
			`key: sendinblue[:client_key],`
			`enabled: sendinblue[:enabled],`
			`administrateur: {`
			`email: current_administrateur&.email,`
			`payload: {`
			`DS_SIGN_IN_COUNT: current_administrateur&.sign_in_count,`
			`DS_CREATED_AT: current_administrateur&.created_at,`
			`DS_ACTIVE: current_administrateur&.active,`
Add Gestionnaire ID and ROLES Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-27 16:30:03 +02:00			`DS_ID: current_administrateur&.id,`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`DS_GESTIONNAIRE_ID: current_instructeur&.id,`
Add Gestionnaire ID and ROLES Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-27 16:30:03 +02:00			`DS_ROLES: logged_user_roles`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`}`
			`}`
			`}`
			`end`

Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00			`def crisp_config`
			`crisp = Rails.application.secrets.crisp`

			`{`
			`key: crisp[:client_key],`
			`enabled: crisp[:enabled],`
			`administrateur: {`
			`email: current_administrateur&.email,`
			`DS_SIGN_IN_COUNT: current_administrateur&.sign_in_count,`
			`DS_CREATED_AT: current_administrateur&.created_at,`
Add some admin usage info for contextual help with crisp Fix #4052 Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-07-11 16:05:41 +02:00			`DS_ID: current_administrateur&.id,`
Fix tests Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-07-11 17:12:11 +02:00			`DS_NB_DEMARCHES_BROUILLONS: current_administrateur&.procedures&.brouillons&.count,`
			`DS_NB_DEMARCHES_ACTIVES: current_administrateur&.procedures&.publiees&.count,`
			`DS_NB_DEMARCHES_ARCHIVES: current_administrateur&.procedures&.archivees&.count`
Add some admin usage info for contextual help with crisp Fix #4052 Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-07-11 16:05:41 +02:00
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00			`}`
			`}`
			`end`

Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`def current_email`
			`current_user&.email \|\|`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`current_instructeur&.email \|\|`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`current_administrateur&.email`
			`end`
First Commit 2015-08-10 11:05:06 +02:00			`end`