demarches-normaliennes/app/controllers/application_controller.rb

303 lines
7.7 KiB
Ruby
Raw Normal View History

2015-08-10 11:05:06 +02:00
class ApplicationController < ActionController::Base
2019-02-01 17:17:10 +01:00
include TrustedDeviceConcern
2019-06-27 16:26:07 +02:00
include Pundit
include Devise::StoreLocationExtension
2019-02-01 17:17:10 +01:00
2018-04-26 10:52:41 +02:00
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
2015-08-10 11:05:06 +02:00
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
2019-03-06 15:21:10 +01:00
before_action :set_current_roles
2021-01-28 14:49:22 +01:00
before_action :set_sentry_user
2019-02-01 17:17:10 +01:00
before_action :redirect_if_untrusted
2019-07-04 12:36:17 +02:00
before_action :reject, if: -> { feature_enabled?(:maintenance_mode) }
before_action :configure_permitted_parameters, if: :devise_controller?
before_action :staging_authenticate
2018-04-26 14:36:27 +02:00
before_action :set_active_storage_host
2019-11-19 14:40:28 +01:00
before_action :setup_javascript_settings
before_action :setup_tracking
before_action :set_locale
helper_method :multiple_devise_profile_connect?, :instructeur_signed_in?, :current_instructeur,
:administrateur_signed_in?, :current_administrateur, :current_account
def staging_authenticate
if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
request_http_basic_authentication
end
end
def multiple_devise_profile_connect?
user_signed_in? && instructeur_signed_in? ||
instructeur_signed_in? && administrateur_signed_in? ||
user_signed_in? && administrateur_signed_in?
end
def current_instructeur
current_user&.instructeur
end
def instructeur_signed_in?
user_signed_in? && current_user&.instructeur.present?
end
def current_administrateur
current_user&.administrateur
end
def administrateur_signed_in?
current_administrateur.present?
end
def current_account
{
administrateur: current_administrateur,
instructeur: current_instructeur,
user: current_user
}.compact
end
alias_method :pundit_user, :current_account
2017-01-03 11:32:21 +01:00
protected
2019-07-04 12:36:17 +02:00
def feature_enabled?(feature_name)
Flipper.enabled?(feature_name, current_user)
end
def feature_enabled_for?(feature_name, item)
Flipper.enabled?(feature_name, item)
end
def authenticate_logged_user!
if instructeur_signed_in?
authenticate_instructeur!
elsif administrateur_signed_in?
authenticate_administrateur!
else
authenticate_user!
end
end
def authenticate_instructeur!
if !instructeur_signed_in?
2017-01-03 11:32:21 +01:00
redirect_to new_user_session_path
end
end
def authenticate_administrateur!
if !administrateur_signed_in?
2017-01-03 11:32:21 +01:00
redirect_to new_user_session_path
end
end
def after_sign_out_path_for(_resource_or_scope)
stored_location_for(:user) || super
end
def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt])
end
private
2019-03-06 15:21:10 +01:00
def set_current_roles
Current.administrateur = current_administrateur
Current.instructeur = current_instructeur
2019-03-06 15:21:10 +01:00
end
2018-04-26 14:36:27 +02:00
def set_active_storage_host
ActiveStorage::Current.host = request.base_url
end
2019-11-19 14:40:28 +01:00
def setup_javascript_settings
gon.autosave = Rails.application.config.ds_autosave
gon.autocomplete = Rails.application.secrets.autocomplete
2019-11-19 14:40:28 +01:00
end
def setup_tracking
gon.matomo = matomo_config
gon.sentry = sentry_config
if administrateur_signed_in?
gon.sendinblue = sendinblue_config
gon.crisp = crisp_config
end
end
def current_user_roles
@current_user_roles ||= begin
roles = [
current_user,
current_instructeur,
current_administrateur,
current_super_admin
].compact.map { |role| role.class.name }
2018-08-07 16:13:40 +02:00
roles.any? ? roles.join(', ') : 'Guest'
end
2018-01-17 14:40:31 +01:00
end
2021-01-28 14:49:22 +01:00
def set_sentry_user
Sentry.set_user(sentry_user)
end
2018-01-17 14:40:31 +01:00
# private method called by rails fwk
# see https://github.com/roidrage/lograge
2018-08-12 10:31:28 +02:00
def append_info_to_payload(payload)
super
2018-08-07 16:13:40 +02:00
2018-08-12 10:31:28 +02:00
payload.merge!({
2018-01-17 14:40:31 +01:00
user_agent: request.user_agent,
user_id: current_user&.id,
user_email: current_user&.email,
user_roles: current_user_roles
2018-08-12 10:31:28 +02:00
}.compact)
2018-01-17 14:40:31 +01:00
if browser.known?
payload.merge!({
browser: browser.name,
browser_version: browser.version.to_s,
platform: browser.platform.name
2018-01-17 14:40:31 +01:00
})
end
2018-08-07 16:13:40 +02:00
payload
2018-01-17 14:40:31 +01:00
end
2018-04-26 10:52:41 +02:00
def reject
authorized_request =
request.path_info == '/' ||
request.path_info.start_with?('/manager') ||
request.path_info.start_with?('/super_admins')
2018-04-26 10:52:41 +02:00
api_request = request.path_info.start_with?('/api/')
if super_admin_signed_in? || authorized_request
2018-04-26 10:52:41 +02:00
flash.now.alert = MAINTENANCE_MESSAGE
elsif api_request
render json: { error: MAINTENANCE_MESSAGE }.to_json, status: :service_unavailable
else
[:user, :instructeur, :administrateur].each { |role| sign_out(role) }
2018-04-26 10:52:41 +02:00
flash[:alert] = MAINTENANCE_MESSAGE
redirect_to root_path
end
end
2019-02-01 17:17:10 +01:00
def redirect_if_untrusted
if instructeur_signed_in? &&
2019-02-01 17:17:10 +01:00
sensitive_path &&
2019-07-04 12:36:17 +02:00
!feature_enabled?(:instructeur_bypass_email_login_token) &&
!IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&
2019-02-01 17:17:10 +01:00
!trusted_device?
# return at this location
# after the device is trusted
2020-03-20 10:26:21 +01:00
if get_stored_location_for(:user).blank?
store_location_for(:user, request.fullpath)
end
send_login_token_or_bufferize(current_instructeur)
redirect_to link_sent_path(email: current_instructeur.email)
2019-02-01 17:17:10 +01:00
end
end
def sensitive_path
path = request.path_info
if path == '/' ||
path == '/users/sign_out' ||
path == '/contact' ||
path == '/contact-admin' ||
2019-02-01 17:17:10 +01:00
path.start_with?('/connexion-par-jeton') ||
path.start_with?('/api/') ||
path.start_with?('/lien-envoye')
false
else
true
end
end
def sentry_user
{ id: user_signed_in? ? "User##{current_user.id}" : 'Guest' }
end
def sentry_config
sentry = Rails.application.secrets.sentry
{
key: sentry[:client_key],
enabled: sentry[:enabled],
environment: sentry[:environment],
browser: { modern: BrowserSupport.supported?(browser) },
user: sentry_user
}
end
def matomo_config
matomo = Rails.application.secrets.matomo
{
key: matomo[:client_key],
enabled: matomo[:enabled]
}
end
def sendinblue_config
sendinblue = Rails.application.secrets.sendinblue
{
key: sendinblue[:client_key],
enabled: sendinblue[:enabled],
administrateur: {
email: current_user&.email,
payload: {
DS_SIGN_IN_COUNT: current_user&.sign_in_count,
DS_CREATED_AT: current_administrateur&.created_at,
2019-11-05 10:05:59 +01:00
DS_ACTIVE: current_user&.active?,
DS_ID: current_administrateur&.id,
DS_GESTIONNAIRE_ID: current_instructeur&.id,
DS_ROLES: current_user_roles
}
}
}
end
def crisp_config
crisp = Rails.application.secrets.crisp
2019-09-25 17:51:28 +02:00
nb_demarches_by_state = if current_administrateur.present?
current_administrateur.procedures.group(:aasm_state).count
else
{}
end
{
key: crisp[:client_key],
enabled: crisp[:enabled],
administrateur: {
email: current_user&.email,
DS_SIGN_IN_COUNT: current_user&.sign_in_count,
DS_CREATED_AT: current_administrateur&.created_at,
DS_ID: current_administrateur&.id,
2019-09-25 17:51:28 +02:00
DS_NB_DEMARCHES_BROUILLONS: nb_demarches_by_state['brouillon'],
DS_NB_DEMARCHES_ACTIVES: nb_demarches_by_state['publiee'],
DS_NB_DEMARCHES_ARCHIVES: nb_demarches_by_state['close']
}
}
end
def current_email
current_user&.email
end
def set_locale
if feature_enabled?(:localization)
I18n.locale = http_accept_language.compatible_language_from(I18n.available_locales)
end
end
2015-08-10 11:05:06 +02:00
end