2015-08-10 11:05:06 +02:00
|
|
|
class ApplicationController < ActionController::Base
|
2019-02-01 17:17:10 +01:00
|
|
|
include TrustedDeviceConcern
|
|
|
|
|
|
2018-04-26 10:52:41 +02:00
|
|
|
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
|
|
|
|
|
|
2015-08-10 11:05:06 +02:00
|
|
|
# Prevent CSRF attacks by raising an exception.
|
|
|
|
|
# For APIs, you may want to use :null_session instead.
|
2018-09-07 15:43:07 +02:00
|
|
|
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
|
2019-03-06 15:21:10 +01:00
|
|
|
before_action :set_current_roles
|
2016-11-22 16:03:32 +01:00
|
|
|
before_action :load_navbar_left_pannel_partial_url
|
2017-06-28 07:08:25 +02:00
|
|
|
before_action :set_raven_context
|
2019-02-01 17:17:10 +01:00
|
|
|
before_action :redirect_if_untrusted
|
2017-07-24 12:29:09 +02:00
|
|
|
before_action :authorize_request_for_profiler
|
2018-04-26 10:52:41 +02:00
|
|
|
before_action :reject, if: -> { Flipflop.maintenance_mode? }
|
2017-07-24 12:29:09 +02:00
|
|
|
|
2018-01-16 16:31:47 +01:00
|
|
|
before_action :staging_authenticate
|
2018-04-26 14:36:27 +02:00
|
|
|
before_action :set_active_storage_host
|
2019-03-26 16:02:08 +01:00
|
|
|
before_action :setup_tracking
|
2018-01-16 16:31:47 +01:00
|
|
|
|
|
|
|
|
def staging_authenticate
|
|
|
|
|
if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
|
|
|
|
|
request_http_basic_authentication
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2017-07-24 12:29:09 +02:00
|
|
|
def authorize_request_for_profiler
|
2017-09-07 14:05:02 +02:00
|
|
|
if administration_signed_in?
|
2017-07-24 12:29:09 +02:00
|
|
|
Rack::MiniProfiler.authorize_request
|
|
|
|
|
end
|
|
|
|
|
end
|
2015-08-10 11:05:06 +02:00
|
|
|
|
2016-11-22 16:03:32 +01:00
|
|
|
def load_navbar_left_pannel_partial_url
|
|
|
|
|
controller = request.controller_class
|
|
|
|
|
method = params[:action]
|
|
|
|
|
service = RenderPartialService.new(controller, method)
|
|
|
|
|
@navbar_url = service.navbar
|
|
|
|
|
@left_pannel_url = service.left_panel
|
|
|
|
|
end
|
2017-01-03 11:32:21 +01:00
|
|
|
|
2018-08-29 11:43:47 +02:00
|
|
|
def logged_in?
|
|
|
|
|
logged_user.present?
|
|
|
|
|
end
|
|
|
|
|
|
2018-10-17 12:02:34 +02:00
|
|
|
def logged_user_ids
|
|
|
|
|
logged_users.map(&:id)
|
|
|
|
|
end
|
|
|
|
|
|
2018-08-29 11:43:47 +02:00
|
|
|
helper_method :logged_in?
|
|
|
|
|
|
2017-01-03 11:32:21 +01:00
|
|
|
protected
|
|
|
|
|
|
2018-09-07 15:44:00 +02:00
|
|
|
def authenticate_logged_user!
|
|
|
|
|
if gestionnaire_signed_in?
|
|
|
|
|
authenticate_gestionnaire!
|
|
|
|
|
elsif administrateur_signed_in?
|
|
|
|
|
authenticate_administrateur!
|
|
|
|
|
else
|
|
|
|
|
authenticate_user!
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2017-01-03 11:32:21 +01:00
|
|
|
def authenticate_gestionnaire!
|
|
|
|
|
if gestionnaire_signed_in?
|
|
|
|
|
super
|
|
|
|
|
else
|
|
|
|
|
redirect_to new_user_session_path
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def authenticate_administrateur!
|
|
|
|
|
if administrateur_signed_in?
|
|
|
|
|
super
|
|
|
|
|
else
|
|
|
|
|
redirect_to new_user_session_path
|
|
|
|
|
end
|
|
|
|
|
end
|
2017-06-28 07:08:25 +02:00
|
|
|
|
2018-05-14 18:12:07 +02:00
|
|
|
def after_sign_out_path_for(_resource_or_scope)
|
|
|
|
|
stored_location_for(:user) || super
|
|
|
|
|
end
|
|
|
|
|
|
2017-06-28 07:08:25 +02:00
|
|
|
private
|
|
|
|
|
|
2019-03-06 15:21:10 +01:00
|
|
|
def set_current_roles
|
|
|
|
|
Current.administrateur = current_administrateur
|
|
|
|
|
Current.gestionnaire = current_gestionnaire
|
|
|
|
|
end
|
|
|
|
|
|
2018-04-26 14:36:27 +02:00
|
|
|
def set_active_storage_host
|
|
|
|
|
ActiveStorage::Current.host = request.base_url
|
|
|
|
|
end
|
|
|
|
|
|
2019-03-26 16:02:08 +01:00
|
|
|
def setup_tracking
|
|
|
|
|
gon.matomo = matomo_config
|
|
|
|
|
gon.sentry = sentry_config
|
|
|
|
|
|
|
|
|
|
if administrateur_signed_in?
|
|
|
|
|
gon.sendinblue = sendinblue_config
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2018-01-17 14:40:31 +01:00
|
|
|
def logged_users
|
|
|
|
|
@logged_users ||= [
|
2017-06-28 07:08:25 +02:00
|
|
|
current_user,
|
|
|
|
|
current_gestionnaire,
|
|
|
|
|
current_administrateur,
|
|
|
|
|
current_administration
|
|
|
|
|
].compact
|
2018-01-17 14:40:31 +01:00
|
|
|
end
|
2017-06-28 07:08:25 +02:00
|
|
|
|
2018-08-07 16:13:40 +02:00
|
|
|
def logged_user
|
|
|
|
|
logged_users.first
|
|
|
|
|
end
|
|
|
|
|
|
2018-01-17 14:40:31 +01:00
|
|
|
def logged_user_roles
|
|
|
|
|
roles = logged_users.map { |logged_user| logged_user.class.name }
|
|
|
|
|
roles.any? ? roles.join(', ') : 'Guest'
|
|
|
|
|
end
|
2017-06-28 07:08:25 +02:00
|
|
|
|
2018-01-17 14:40:31 +01:00
|
|
|
def set_raven_context
|
2019-04-03 12:13:34 +02:00
|
|
|
Raven.user_context(sentry_user)
|
2017-06-28 07:08:25 +02:00
|
|
|
end
|
2018-01-17 14:40:31 +01:00
|
|
|
|
2018-08-12 10:31:28 +02:00
|
|
|
def append_info_to_payload(payload)
|
|
|
|
|
super
|
2018-08-07 16:13:40 +02:00
|
|
|
user = logged_user
|
|
|
|
|
|
2018-08-12 10:31:28 +02:00
|
|
|
payload.merge!({
|
2018-01-17 14:40:31 +01:00
|
|
|
user_agent: request.user_agent,
|
2018-08-12 10:31:28 +02:00
|
|
|
user_id: user&.id,
|
|
|
|
|
user_email: user&.email,
|
|
|
|
|
user_roles: logged_user_roles
|
|
|
|
|
}.compact)
|
2018-01-17 14:40:31 +01:00
|
|
|
|
|
|
|
|
if browser.known?
|
|
|
|
|
payload.merge!({
|
|
|
|
|
browser: browser.name,
|
|
|
|
|
browser_version: browser.version.to_s,
|
2018-10-01 14:06:08 +02:00
|
|
|
platform: browser.platform.name
|
2018-01-17 14:40:31 +01:00
|
|
|
})
|
|
|
|
|
end
|
2018-08-07 16:13:40 +02:00
|
|
|
|
|
|
|
|
payload
|
2018-01-17 14:40:31 +01:00
|
|
|
end
|
2018-01-30 14:43:56 +01:00
|
|
|
|
2018-04-26 10:52:41 +02:00
|
|
|
def reject
|
|
|
|
|
authorized_request =
|
|
|
|
|
request.path_info == '/' ||
|
|
|
|
|
request.path_info.start_with?('/manager') ||
|
|
|
|
|
request.path_info.start_with?('/administrations')
|
|
|
|
|
|
|
|
|
|
api_request = request.path_info.start_with?('/api/')
|
|
|
|
|
|
|
|
|
|
if administration_signed_in? || authorized_request
|
|
|
|
|
flash.now.alert = MAINTENANCE_MESSAGE
|
|
|
|
|
elsif api_request
|
|
|
|
|
render json: { error: MAINTENANCE_MESSAGE }.to_json, status: :service_unavailable
|
|
|
|
|
else
|
2018-10-01 14:26:45 +02:00
|
|
|
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
|
2018-04-26 10:52:41 +02:00
|
|
|
flash[:alert] = MAINTENANCE_MESSAGE
|
|
|
|
|
redirect_to root_path
|
|
|
|
|
end
|
|
|
|
|
end
|
2019-02-01 17:17:10 +01:00
|
|
|
|
|
|
|
|
def redirect_if_untrusted
|
|
|
|
|
if gestionnaire_signed_in? &&
|
|
|
|
|
sensitive_path &&
|
2019-03-06 15:21:10 +01:00
|
|
|
Flipflop.enable_email_login_token? &&
|
2019-04-03 14:27:28 +02:00
|
|
|
!IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&
|
2019-02-01 17:17:10 +01:00
|
|
|
!trusted_device?
|
|
|
|
|
|
2019-02-06 20:51:04 +01:00
|
|
|
# return at this location
|
|
|
|
|
# after the device is trusted
|
|
|
|
|
store_location_for(:user, request.fullpath)
|
|
|
|
|
|
2019-02-01 17:17:10 +01:00
|
|
|
send_login_token_or_bufferize(current_gestionnaire)
|
|
|
|
|
redirect_to link_sent_path(email: current_gestionnaire.email)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def sensitive_path
|
|
|
|
|
path = request.path_info
|
|
|
|
|
|
|
|
|
|
if path == '/' ||
|
|
|
|
|
path == '/users/sign_out' ||
|
|
|
|
|
path.start_with?('/connexion-par-jeton') ||
|
|
|
|
|
path.start_with?('/api/') ||
|
|
|
|
|
path.start_with?('/lien-envoye')
|
|
|
|
|
|
|
|
|
|
false
|
|
|
|
|
else
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
end
|
2019-03-26 16:02:08 +01:00
|
|
|
|
2019-04-03 12:13:34 +02:00
|
|
|
def sentry_user
|
|
|
|
|
user = logged_user
|
|
|
|
|
{ id: user&.id, role: user&.class&.name || 'Guest' }.compact
|
|
|
|
|
end
|
|
|
|
|
|
2019-03-26 16:02:08 +01:00
|
|
|
def sentry_config
|
|
|
|
|
sentry = Rails.application.secrets.sentry
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
key: sentry[:client_key],
|
|
|
|
|
enabled: sentry[:enabled],
|
2019-04-03 12:13:34 +02:00
|
|
|
environment: sentry[:environment],
|
|
|
|
|
user: sentry_user
|
2019-03-26 16:02:08 +01:00
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def matomo_config
|
|
|
|
|
matomo = Rails.application.secrets.matomo
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
key: matomo[:client_key],
|
|
|
|
|
enabled: matomo[:enabled]
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def sendinblue_config
|
|
|
|
|
sendinblue = Rails.application.secrets.sendinblue
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
key: sendinblue[:client_key],
|
|
|
|
|
enabled: sendinblue[:enabled],
|
|
|
|
|
administrateur: {
|
|
|
|
|
email: current_administrateur&.email,
|
|
|
|
|
payload: {
|
|
|
|
|
DS_SIGN_IN_COUNT: current_administrateur&.sign_in_count,
|
|
|
|
|
DS_CREATED_AT: current_administrateur&.created_at,
|
|
|
|
|
DS_ACTIVE: current_administrateur&.active,
|
|
|
|
|
DS_ID: current_administrateur&.id
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def current_email
|
|
|
|
|
current_user&.email ||
|
|
|
|
|
current_gestionnaire&.email ||
|
|
|
|
|
current_administrateur&.email
|
|
|
|
|
end
|
2015-08-10 11:05:06 +02:00
|
|
|
end
|
