demarches-normaliennes/app/controllers/application_controller.rb

184 lines
4.3 KiB
Ruby
Raw Normal View History

2015-08-10 11:05:06 +02:00
class ApplicationController < ActionController::Base
2019-02-01 17:17:10 +01:00
include TrustedDeviceConcern
2018-04-26 10:52:41 +02:00
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
2015-08-10 11:05:06 +02:00
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
before_action :load_navbar_left_pannel_partial_url
before_action :set_raven_context
2019-02-01 17:17:10 +01:00
before_action :redirect_if_untrusted
before_action :authorize_request_for_profiler
2018-04-26 10:52:41 +02:00
before_action :reject, if: -> { Flipflop.maintenance_mode? }
before_action :staging_authenticate
2018-04-26 14:36:27 +02:00
before_action :set_active_storage_host
def staging_authenticate
if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
request_http_basic_authentication
end
end
def authorize_request_for_profiler
if administration_signed_in?
Rack::MiniProfiler.authorize_request
end
end
2015-08-10 11:05:06 +02:00
def load_navbar_left_pannel_partial_url
controller = request.controller_class
method = params[:action]
service = RenderPartialService.new(controller, method)
@navbar_url = service.navbar
@left_pannel_url = service.left_panel
end
2017-01-03 11:32:21 +01:00
2018-08-29 11:43:47 +02:00
def logged_in?
logged_user.present?
end
2018-10-17 12:02:34 +02:00
def logged_user_ids
logged_users.map(&:id)
end
2018-08-29 11:43:47 +02:00
helper_method :logged_in?
2017-01-03 11:32:21 +01:00
protected
def authenticate_logged_user!
if gestionnaire_signed_in?
authenticate_gestionnaire!
elsif administrateur_signed_in?
authenticate_administrateur!
else
authenticate_user!
end
end
2017-01-03 11:32:21 +01:00
def authenticate_gestionnaire!
if gestionnaire_signed_in?
super
else
redirect_to new_user_session_path
end
end
def authenticate_administrateur!
if administrateur_signed_in?
super
else
redirect_to new_user_session_path
end
end
def after_sign_out_path_for(_resource_or_scope)
stored_location_for(:user) || super
end
private
2018-04-26 14:36:27 +02:00
def set_active_storage_host
ActiveStorage::Current.host = request.base_url
end
2018-01-17 14:40:31 +01:00
def logged_users
@logged_users ||= [
current_user,
current_gestionnaire,
current_administrateur,
current_administration
].compact
2018-01-17 14:40:31 +01:00
end
2018-08-07 16:13:40 +02:00
def logged_user
logged_users.first
end
2018-01-17 14:40:31 +01:00
def logged_user_roles
roles = logged_users.map { |logged_user| logged_user.class.name }
roles.any? ? roles.join(', ') : 'Guest'
end
2018-01-17 14:40:31 +01:00
def set_raven_context
2018-08-07 16:13:40 +02:00
user = logged_user
2018-01-17 14:40:31 +01:00
context = {
ip_address: request.ip,
2018-08-07 16:13:40 +02:00
id: user&.id,
email: user&.email,
2018-01-17 14:40:31 +01:00
roles: logged_user_roles
2018-08-07 16:13:40 +02:00
}.compact
Raven.user_context(context)
end
2018-01-17 14:40:31 +01:00
2018-08-12 10:31:28 +02:00
def append_info_to_payload(payload)
super
2018-08-07 16:13:40 +02:00
user = logged_user
2018-08-12 10:31:28 +02:00
payload.merge!({
2018-01-17 14:40:31 +01:00
user_agent: request.user_agent,
2018-08-12 10:31:28 +02:00
user_id: user&.id,
user_email: user&.email,
user_roles: logged_user_roles
}.compact)
2018-01-17 14:40:31 +01:00
if browser.known?
payload.merge!({
browser: browser.name,
browser_version: browser.version.to_s,
platform: browser.platform.name
2018-01-17 14:40:31 +01:00
})
end
2018-08-07 16:13:40 +02:00
payload
2018-01-17 14:40:31 +01:00
end
2018-04-26 10:52:41 +02:00
def reject
authorized_request =
request.path_info == '/' ||
request.path_info.start_with?('/manager') ||
request.path_info.start_with?('/administrations')
api_request = request.path_info.start_with?('/api/')
if administration_signed_in? || authorized_request
flash.now.alert = MAINTENANCE_MESSAGE
elsif api_request
render json: { error: MAINTENANCE_MESSAGE }.to_json, status: :service_unavailable
else
2018-10-01 14:26:45 +02:00
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
2018-04-26 10:52:41 +02:00
flash[:alert] = MAINTENANCE_MESSAGE
redirect_to root_path
end
end
2019-02-01 17:17:10 +01:00
def redirect_if_untrusted
if gestionnaire_signed_in? &&
sensitive_path &&
current_gestionnaire.feature_enabled?(:enable_email_login_token) &&
!trusted_device?
send_login_token_or_bufferize(current_gestionnaire)
redirect_to link_sent_path(email: current_gestionnaire.email)
end
end
def sensitive_path
path = request.path_info
if path == '/' ||
path == '/users/sign_out' ||
path.start_with?('/connexion-par-jeton') ||
path.start_with?('/api/') ||
path.start_with?('/lien-envoye')
false
else
true
end
end
2015-08-10 11:05:06 +02:00
end