Total Complexity | 47 |
Total Lines | 186 |
Duplicated Lines | 0.54 % |
Changes | 1 | ||
Bugs | 0 | Features | 0 |
Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.
Common duplication problems, and corresponding solutions are:
Complex classes like SessionsController often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
1 | # frozen_string_literal: true |
||
19 | class SessionsController < ApplicationController |
||
20 | include Authenticator |
||
21 | include Registrar |
||
22 | include Emailer |
||
23 | include LdapAuthenticator |
||
24 | |||
25 | skip_before_action :verify_authenticity_token, only: [:omniauth, :fail] |
||
26 | before_action :check_user_signup_allowed, only: [:new] |
||
27 | before_action :ensure_unauthenticated_except_twitter, only: [:new, :signin] |
||
28 | |||
29 | # GET /signin |
||
30 | def signin |
||
31 | check_if_twitter_account |
||
32 | |||
33 | if one_provider |
||
34 | provider_path = if Rails.configuration.omniauth_ldap |
||
35 | ldap_signin_path |
||
36 | else |
||
37 | "#{Rails.configuration.relative_url_root}/auth/#{providers.first}" |
||
38 | end |
||
39 | |||
40 | return redirect_to provider_path |
||
41 | end |
||
42 | end |
||
43 | |||
44 | # GET /ldap_signin |
||
45 | def ldap_signin |
||
46 | end |
||
47 | |||
48 | # GET /signup |
||
49 | def new |
||
50 | # Check if the user needs to be invited |
||
51 | if invite_registration |
||
52 | redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless params[:invite_token] |
||
53 | |||
54 | session[:invite_token] = params[:invite_token] |
||
55 | end |
||
56 | |||
57 | check_if_twitter_account(true) |
||
58 | |||
59 | @user = User.new |
||
60 | end |
||
61 | |||
62 | # POST /users/login |
||
63 | def create |
||
64 | logger.info "Support: #{session_params[:email]} is attempting to login." |
||
65 | |||
66 | admin = User.find_by(email: session_params[:email]) |
||
67 | if admin&.has_role? :super_admin |
||
68 | user = admin |
||
69 | else |
||
70 | user = User.find_by(email: session_params[:email], provider: @user_domain) |
||
71 | redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user |
||
72 | redirect_to(root_path, alert: I18n.t("invalid_login_method")) && return unless user.greenlight_account? |
||
73 | redirect_to(account_activation_path(email: user.email)) && return unless user.activated? |
||
74 | end |
||
75 | redirect_to(signin_path, alert: I18n.t("invalid_credentials")) && return unless user.try(:authenticate, |
||
76 | session_params[:password]) |
||
77 | |||
78 | login(user) |
||
79 | end |
||
80 | |||
81 | # GET /users/logout |
||
82 | def destroy |
||
83 | logout |
||
84 | redirect_to root_path |
||
85 | end |
||
86 | |||
87 | # GET/POST /auth/:provider/callback |
||
88 | def omniauth |
||
89 | @auth = request.env['omniauth.auth'] |
||
90 | |||
91 | begin |
||
92 | process_signin |
||
93 | rescue => e |
||
94 | logger.error "Error authenticating via omniauth: #{e}" |
||
95 | omniauth_fail |
||
96 | end |
||
97 | end |
||
98 | |||
99 | # POST /auth/failure |
||
100 | def omniauth_fail |
||
101 | if params[:message].nil? |
||
102 | redirect_to root_path, alert: I18n.t("omniauth_error") |
||
103 | else |
||
104 | redirect_to root_path, alert: I18n.t("omniauth_specific_error", error: params["message"]) |
||
105 | end |
||
106 | end |
||
107 | |||
108 | # GET /auth/ldap |
||
109 | def ldap |
||
110 | ldap_config = {} |
||
111 | ldap_config[:host] = ENV['LDAP_SERVER'] |
||
112 | ldap_config[:port] = ENV['LDAP_PORT'].to_i != 0 ? ENV['LDAP_PORT'].to_i : 389 |
||
113 | ldap_config[:bind_dn] = ENV['LDAP_BIND_DN'] |
||
114 | ldap_config[:password] = ENV['LDAP_PASSWORD'] |
||
115 | ldap_config[:encryption] = if ENV['LDAP_METHOD'] == 'ssl' |
||
116 | 'simple_tls' |
||
117 | elsif ENV['LDAP_METHOD'] == 'tls' |
||
118 | 'start_tls' |
||
119 | end |
||
120 | ldap_config[:base] = ENV['LDAP_BASE'] |
||
121 | ldap_config[:uid] = ENV['LDAP_UID'] |
||
122 | |||
123 | result = send_ldap_request(params[:session], ldap_config) |
||
124 | |||
125 | return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless result |
||
126 | |||
127 | @auth = parse_auth(result.first, ENV['LDAP_ROLE_FIELD']) |
||
128 | |||
129 | begin |
||
130 | process_signin |
||
131 | rescue => e |
||
132 | logger.error "Support: Error authenticating via omniauth: #{e}" |
||
133 | omniauth_fail |
||
134 | end |
||
135 | end |
||
136 | |||
137 | private |
||
138 | |||
139 | # Verify that GreenLight is configured to allow user signup. |
||
140 | def check_user_signup_allowed |
||
141 | redirect_to root_path unless Rails.configuration.allow_user_signup |
||
142 | end |
||
143 | |||
144 | def session_params |
||
145 | params.require(:session).permit(:email, :password) |
||
146 | end |
||
147 | |||
148 | def one_provider |
||
149 | providers = configured_providers |
||
150 | |||
151 | (!allow_user_signup? || !allow_greenlight_accounts?) && providers.count == 1 && |
||
152 | !Rails.configuration.loadbalanced_configuration |
||
153 | end |
||
154 | |||
155 | def check_user_exists |
||
156 | provider = @auth['provider'] == "bn_launcher" ? @auth['info']['customer'] : @auth['provider'] |
||
157 | User.exists?(social_uid: @auth['uid'], provider: provider) |
||
158 | end |
||
159 | |||
160 | # Check if the user already exists, if not then check for invitation |
||
161 | def passes_invite_reqs |
||
162 | return true if @user_exists |
||
163 | |||
164 | invitation = check_user_invited("", session[:invite_token], @user_domain) |
||
165 | invitation[:present] |
||
166 | end |
||
167 | |||
168 | def process_signin |
||
169 | @user_exists = check_user_exists |
||
170 | |||
171 | if !@user_exists && @auth['provider'] == "twitter" |
||
172 | return redirect_to root_path, flash: { alert: I18n.t("registration.deprecated.twitter_signup") } |
||
173 | end |
||
174 | |||
175 | # If using invitation registration method, make sure user is invited |
||
176 | View Code Duplication | return redirect_to root_path, flash: { alert: I18n.t("registration.invite.no_invite") } unless passes_invite_reqs |
|
|
|||
177 | |||
178 | user = User.from_omniauth(@auth) |
||
179 | |||
180 | logger.info "Support: Auth user #{user.email} is attempting to login." |
||
181 | |||
182 | # Add pending role if approval method and is a new user |
||
183 | if approval_registration && !@user_exists |
||
184 | user.add_role :pending |
||
185 | |||
186 | # Inform admins that a user signed up if emails are turned on |
||
187 | send_approval_user_signup_email(user) |
||
188 | |||
189 | return redirect_to root_path, flash: { success: I18n.t("registration.approval.signup") } |
||
190 | end |
||
191 | |||
192 | send_invite_user_signup_email(user) if invite_registration && !@user_exists |
||
193 | |||
194 | login(user) |
||
195 | |||
196 | if @auth['provider'] == "twitter" |
||
197 | flash[:alert] = if allow_user_signup? && allow_greenlight_accounts? |
||
198 | I18n.t("registration.deprecated.twitter_signin", link: signup_path(old_twitter_user_id: user.id)) |
||
199 | else |
||
200 | I18n.t("registration.deprecated.twitter_signin", link: signin_path(old_twitter_user_id: user.id)) |
||
201 | end |
||
202 | end |
||
203 | end |
||
204 | end |
||
205 |