2018-06-26 10:29:46 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-08-01 09:45:12 -04:00
|
|
|
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
|
|
|
|
#
|
|
|
|
# Copyright (c) 2018 BigBlueButton Inc. and by respective authors (see below).
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify it under the
|
|
|
|
# terms of the GNU Lesser General Public License as published by the Free Software
|
|
|
|
# Foundation; either version 3.0 of the License, or (at your option) any later
|
|
|
|
# version.
|
|
|
|
#
|
|
|
|
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
|
|
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Lesser General Public License along
|
|
|
|
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2019-08-19 11:28:48 -04:00
|
|
|
module Authenticator
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
2018-05-07 16:06:01 -04:00
|
|
|
# Logs a user into GreenLight.
|
|
|
|
def login(user)
|
2019-07-09 13:06:07 -04:00
|
|
|
migrate_twitter_user(user)
|
|
|
|
|
2018-05-07 16:06:01 -04:00
|
|
|
session[:user_id] = user.id
|
2020-12-14 18:52:08 -05:00
|
|
|
user.update(last_login: Time.zone.now)
|
2018-06-21 16:17:18 -04:00
|
|
|
|
2019-08-30 16:34:14 -04:00
|
|
|
logger.info("Support: #{user.email} has successfully logged in.")
|
|
|
|
|
2018-10-09 14:22:02 -04:00
|
|
|
# If there are not terms, or the user has accepted them, check for email verification
|
2018-06-26 10:29:46 -04:00
|
|
|
if !Rails.configuration.terms || user.accepted_terms
|
2018-10-09 14:22:02 -04:00
|
|
|
check_email_verified(user)
|
2018-06-21 16:17:18 -04:00
|
|
|
else
|
|
|
|
redirect_to terms_path
|
|
|
|
end
|
2018-05-07 16:06:01 -04:00
|
|
|
end
|
|
|
|
|
2018-10-09 14:22:02 -04:00
|
|
|
# If email verification is disabled, or the user has verified, go to their room
|
|
|
|
def check_email_verified(user)
|
2019-05-03 13:05:12 -04:00
|
|
|
# Admin users should be redirected to the admin page
|
|
|
|
if user.has_role? :super_admin
|
|
|
|
redirect_to admins_path
|
|
|
|
elsif user.activated?
|
|
|
|
# Dont redirect to any of these urls
|
2020-10-26 11:50:43 -04:00
|
|
|
dont_redirect_to = [root_url, signin_url, ldap_signin_url, ldap_callback_url, signup_url, unauthorized_url,
|
2020-01-22 16:32:26 -05:00
|
|
|
internal_error_url, not_found_url]
|
2021-02-10 17:13:54 -05:00
|
|
|
|
|
|
|
unless ENV['OAUTH2_REDIRECT'].nil?
|
|
|
|
dont_redirect_to.push(File.join(ENV['OAUTH2_REDIRECT'], "auth", "openid_connect", "callback"))
|
|
|
|
end
|
|
|
|
|
2019-05-03 13:05:12 -04:00
|
|
|
url = if cookies[:return_to] && !dont_redirect_to.include?(cookies[:return_to])
|
2019-04-11 12:45:43 -04:00
|
|
|
cookies[:return_to]
|
2020-05-26 17:37:23 -04:00
|
|
|
elsif user.role.get_permission("can_create_rooms")
|
2019-04-11 12:45:43 -04:00
|
|
|
user.main_room
|
2020-05-26 17:37:23 -04:00
|
|
|
else
|
|
|
|
cant_create_rooms_path
|
2019-04-11 12:45:43 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Delete the cookie if it exists
|
|
|
|
cookies.delete :return_to if cookies[:return_to]
|
|
|
|
|
|
|
|
redirect_to url
|
2018-10-09 14:22:02 -04:00
|
|
|
else
|
2021-02-06 15:40:21 -05:00
|
|
|
session[:user_id] = nil
|
|
|
|
user.create_activation_token
|
|
|
|
redirect_to account_activation_path(digest: user.activation_digest)
|
2018-10-09 14:22:02 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-08-27 11:08:58 -04:00
|
|
|
def ensure_unauthenticated_except_twitter
|
2020-10-26 11:50:43 -04:00
|
|
|
redirect_to current_user.main_room || root_path if current_user && params[:old_twitter_user_id].nil?
|
2019-08-27 11:08:58 -04:00
|
|
|
end
|
|
|
|
|
2018-05-07 16:06:01 -04:00
|
|
|
# Logs current user out of GreenLight.
|
|
|
|
def logout
|
|
|
|
session.delete(:user_id) if current_user
|
|
|
|
end
|
|
|
|
|
2020-01-22 16:32:56 -05:00
|
|
|
# Check if the user is using local accounts
|
|
|
|
def auth_changed_to_local?(user)
|
|
|
|
Rails.configuration.loadbalanced_configuration && user.social_uid.present? && allow_greenlight_accounts?
|
|
|
|
end
|
|
|
|
|
|
|
|
# Check if the user exists under the same email with no social uid and that social accounts are allowed
|
|
|
|
def auth_changed_to_social?(email)
|
|
|
|
Rails.configuration.loadbalanced_configuration &&
|
|
|
|
User.exists?(email: email, provider: @user_domain, social_uid: nil) &&
|
|
|
|
!allow_greenlight_accounts?
|
|
|
|
end
|
|
|
|
|
2020-12-16 19:31:32 -05:00
|
|
|
# Sets the initial user role based on the email mapping
|
|
|
|
def initial_user_role(email)
|
|
|
|
mapping = @settings.get_value("Email Mapping")
|
|
|
|
return "user" unless mapping.present?
|
|
|
|
|
|
|
|
mapping.split(",").each do |map|
|
|
|
|
email_role = map.split("=")
|
|
|
|
return email_role[1] if email.ends_with?(email_role[0])
|
|
|
|
end
|
|
|
|
|
|
|
|
"user" # default to user if role not found
|
|
|
|
end
|
|
|
|
|
2019-08-19 11:28:48 -04:00
|
|
|
private
|
2019-07-09 13:06:07 -04:00
|
|
|
|
2019-08-19 11:28:48 -04:00
|
|
|
# Migrates all of the twitter users rooms to the new account
|
2019-07-09 13:06:07 -04:00
|
|
|
def migrate_twitter_user(user)
|
|
|
|
if !session["old_twitter_user_id"].nil? && user.provider != "twitter"
|
|
|
|
old_user = User.find(session["old_twitter_user_id"])
|
|
|
|
|
|
|
|
old_user.rooms.each do |room|
|
|
|
|
room.owner = user
|
|
|
|
|
2021-02-26 17:34:07 -05:00
|
|
|
room.name = "Old #{room.name}" if room.id == old_user.main_room.id
|
2019-07-09 13:06:07 -04:00
|
|
|
|
|
|
|
room.save!
|
|
|
|
end
|
|
|
|
|
|
|
|
# Query for the old user again so the migrated rooms don't get deleted
|
|
|
|
old_user.reload
|
|
|
|
old_user.destroy!
|
|
|
|
|
|
|
|
session["old_twitter_user_id"] = nil
|
2019-07-11 08:54:52 -04:00
|
|
|
|
|
|
|
flash[:success] = I18n.t("registration.deprecated.merge_success")
|
2019-07-09 13:06:07 -04:00
|
|
|
end
|
|
|
|
end
|
2018-05-07 16:06:01 -04:00
|
|
|
end
|