GitHub Access Token became invalid

It seems like the GitHub access token used for retrieving details about this repository from GitHub became invalid. This might prevent certain types of inspections from being run (in particular, everything related to pull requests).
Please ask an admin of your repository to re-new the access token on this website.
Passed
Push — master ( 03bde3...49def8 )
by Jesus
04:57 queued 18s
created

SessionsController.check_auth_deleted()   A

Complexity

Conditions 1

Size

Total Lines 3

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
dl 0
loc 3
rs 10
c 0
b 0
f 0
1
# frozen_string_literal: true
2
3
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
4
#
5
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
6
#
7
# This program is free software; you can redistribute it and/or modify it under the
8
# terms of the GNU Lesser General Public License as published by the Free Software
9
# Foundation; either version 3.0 of the License, or (at your option) any later
10
# version.
11
#
12
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
13
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
14
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
15
#
16
# You should have received a copy of the GNU Lesser General Public License along
17
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
18
19
class SessionsController < ApplicationController
20
  include Authenticator
21
  include Registrar
22
  include Emailer
23
  include LdapAuthenticator
24
25
  skip_before_action :verify_authenticity_token, only: [:omniauth, :fail]
26
  before_action :check_user_signup_allowed, only: [:new]
27
  before_action :ensure_unauthenticated_except_twitter, only: [:new, :signin]
28
29
  # GET /signin
30
  def signin
31
    check_if_twitter_account
32
33
    if one_provider
34
      provider_path = if Rails.configuration.omniauth_ldap
35
        ldap_signin_path
36
      else
37
        "#{Rails.configuration.relative_url_root}/auth/#{providers.first}"
38
      end
39
40
      return redirect_to provider_path
41
    end
42
  end
43
44
  # GET /ldap_signin
45
  def ldap_signin
46
  end
47
48
  # GET /signup
49
  def new
50
    # Check if the user needs to be invited
51
    if invite_registration
52
      redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless params[:invite_token]
53
54
      session[:invite_token] = params[:invite_token]
55
    end
56
57
    check_if_twitter_account(true)
58
59
    @user = User.new
60
  end
61
62
  # POST /users/login
63
  def create
64
    logger.info "Support: #{session_params[:email]} is attempting to login."
65
66
    user = User.include_deleted.find_by(email: session_params[:email], provider: @user_domain)
67
68
    # Check user with that email exists
69
    return redirect_to(signin_path, alert: I18n.t("invalid_credentials")) unless user
70
    # Check correct password was entered
71
    return redirect_to(signin_path, alert: I18n.t("invalid_credentials")) unless user.try(:authenticate,
72
      session_params[:password])
73
    # Check that the user is not deleted
74
    return redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") } if user.deleted?
75
76
    unless user.has_role? :super_admin
77
      # Check that the user is a Greenlight account
78
      return redirect_to(root_path, alert: I18n.t("invalid_login_method")) unless user.greenlight_account?
79
      # Check that the user has verified their account
80
      return redirect_to(account_activation_path(email: user.email)) unless user.activated?
81
    end
82
83
    login(user)
84
  end
85
86
  # GET /users/logout
87
  def destroy
88
    logout
89
    redirect_to root_path
90
  end
91
92
  # GET/POST /auth/:provider/callback
93
  def omniauth
94
    @auth = request.env['omniauth.auth']
95
96
    begin
97
      process_signin
98
    rescue => e
99
      logger.error "Error authenticating via omniauth: #{e}"
100
      omniauth_fail
101
    end
102
  end
103
104
  # POST /auth/failure
105
  def omniauth_fail
106
    if params[:message].nil?
107
      redirect_to root_path, alert: I18n.t("omniauth_error")
108
    else
109
      redirect_to root_path, alert: I18n.t("omniauth_specific_error", error: params["message"])
110
    end
111
  end
112
113
  # GET /auth/ldap
114
  def ldap
115
    ldap_config = {}
116
    ldap_config[:host] = ENV['LDAP_SERVER']
117
    ldap_config[:port] = ENV['LDAP_PORT'].to_i != 0 ? ENV['LDAP_PORT'].to_i : 389
118
    ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
119
    ldap_config[:password] = ENV['LDAP_PASSWORD']
120
    ldap_config[:encryption] = if ENV['LDAP_METHOD'] == 'ssl'
121
                                    'simple_tls'
122
                                elsif ENV['LDAP_METHOD'] == 'tls'
123
                                    'start_tls'
124
                                end
125
    ldap_config[:base] = ENV['LDAP_BASE']
126
    ldap_config[:uid] = ENV['LDAP_UID']
127
128
    result = send_ldap_request(params[:session], ldap_config)
129
130
    return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless result
131
132
    @auth = parse_auth(result.first, ENV['LDAP_ROLE_FIELD'])
133
134
    begin
135
      process_signin
136
    rescue => e
137
      logger.error "Support: Error authenticating via omniauth: #{e}"
138
      omniauth_fail
139
    end
140
  end
141
142
  private
143
144
  # Verify that GreenLight is configured to allow user signup.
145
  def check_user_signup_allowed
146
    redirect_to root_path unless Rails.configuration.allow_user_signup
147
  end
148
149
  def session_params
150
    params.require(:session).permit(:email, :password)
151
  end
152
153
  def one_provider
154
    providers = configured_providers
155
156
    (!allow_user_signup? || !allow_greenlight_accounts?) && providers.count == 1 &&
157
      !Rails.configuration.loadbalanced_configuration
158
  end
159
160
  def check_user_exists
161
    User.exists?(social_uid: @auth['uid'], provider: current_provider)
162
  end
163
164
  def check_user_deleted(email)
165
    User.deleted.exists?(email: email, provider: @user_domain)
166
  end
167
168
  def check_auth_deleted
169
    User.deleted.exists?(social_uid: @auth['uid'], provider: current_provider)
170
  end
171
172
  def current_provider
173
    @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider']
174
  end
175
176
  # Check if the user already exists, if not then check for invitation
177
  def passes_invite_reqs
178
    return true if @user_exists
179
180
    invitation = check_user_invited("", session[:invite_token], @user_domain)
181
    invitation[:present]
182
  end
183
184
  def process_signin
185
    @user_exists = check_user_exists
186
187
    if !@user_exists && @auth['provider'] == "twitter"
188
      return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") }
189
    end
190
191
    # Check if user is deleted
192
    return redirect_to root_path, flash: { alert: I18n.t("registration.banned.fail") } if check_auth_deleted
193
194
    # If using invitation registration method, make sure user is invited
195 View Code Duplication
    return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs
0 ignored issues
show
Duplication introduced by
This code seems to be duplicated in your project.
Loading history...
196
197
    user = User.from_omniauth(@auth)
198
199
    logger.info "Support: Auth user #{user.email} is attempting to login."
200
201
    # Add pending role if approval method and is a new user
202
    if approval_registration && !@user_exists
203
      user.add_role :pending
204
205
      # Inform admins that a user signed up if emails are turned on
206
      send_approval_user_signup_email(user)
207
208
      return redirect_to root_path, flash: { success: I18n.t("registration.approval.signup") }
209
    end
210
211
    send_invite_user_signup_email(user) if invite_registration && !@user_exists
212
213
    login(user)
214
215
    if @auth['provider'] == "twitter"
216
      flash[:alert] = if allow_user_signup? && allow_greenlight_accounts?
217
        I18n.t("registration.deprecated.twitter_signin", link: signup_path(old_twitter_user_id: user.id))
218
      else
219
        I18n.t("registration.deprecated.twitter_signin", link: signin_path(old_twitter_user_id: user.id))
220
      end
221
    end
222
  end
223
end
224