Class: Auth::AuthenticationsController

Inherits:

ApplicationController

• Object
• ApplicationController
• Auth::AuthenticationsController

Includes:

Controllers::DeviseReturnable, Controllers::MasqueradeGuarded, CrmHelper

Defined in:

app/controllers/auth/authentications_controller.rb

Overview

== Schema Information

Table name: authentications

id :integer not null, primary key
account_id :integer
provider :string(255)
uid :string(255)
created_at :datetime not null
updated_at :datetime not null

Constant Summary

Constants included from Controllers::MasqueradeGuarded

Controllers::MasqueradeGuarded::DEFAULT_BLOCK_MESSAGE

Constants included from Controllers::DeviseReturnable

Controllers::DeviseReturnable::ALLOWED_REDIRECT_HOSTS

Instance Method Summary

• #create ⇒ Object

  POST /authentications POST /authentications.json.

• #destroy ⇒ Object

  DELETE /authentications/1 DELETE /authentications/1.json.

• #index ⇒ Object

  GET /authentications GET /authentications.json.

• #sign_in_employee ⇒ Object

Methods included from CrmHelper

#alert, #array_to_list, #attr_display, #attr_display_value, #attr_displays, #attr_list_display, #audit_button, #audit_links, #audit_trail_creator_name, #bootstrap_class_for, #centered_row, #counter_badge, #counter_span, #crm_home_path, #delete_link, #duration_for_select, #dynamic_status_flow, #edit_link, #friendly_date_range, #identifiers, #modal_close_button, #modal_close_on_submit_js, #modal_dialog, #modal_dialog_body, #modal_dialog_footer, #modal_dialog_header, #multi_locale_attr_display, #navbar_user_initials, #notes_popover, #paginate_bar, #panel, #possible_events, #pretty_json_include, #pretty_json_tag, #product_line_image_row, #render_button_drop_down_options, #render_combo_drop_down, #render_material_alerts, #render_primary_combo_drop_down, #render_simple_drop_down, #render_tab_link, #render_tab_panel, #report_message_js, #simple_list_panel, #simple_panel, #simple_panel_table, #simple_panel_value, #sunny_monthly_budget, #tab_panel, #tab_should_be_open?, #text_only, #time_collection_for_select, #timezone_abbreviated, #traffic_badge_class, #truncate_array_for_display, #try_parse_json_or_ruby_inspect, #turbo_stream_activate_tab, #verification_badge

Methods included from Controllers::MasqueradeGuarded

block_while_masquerading, #masquerade_blocks?

Methods included from Controllers::DeviseReturnable

#check_for_devise_return_path, #devise_return_path_from_omniauth_hash, #safe_referer

Instance Method Details

#create ⇒ Object

POST /authentications
POST /authentications.json

# File 'app/controllers/auth/authentications_controller.rb', line 41

def create
  log_omniauth_diagnostics
  @omniauth = get_omniauth_session_from_session_or_params
  return handle_provider_unreachable unless valid_omniauth_payload?

  authentication = Authentication.find_by(provider: @omniauth['provider'], uid: @omniauth['uid'])
  @account = lookup_non_employee_account_by_omniauth_email

  if current_account
    handle_oauth_for_current_account(authentication)
  else
    handle_oauth_for_anonymous_visitor(authentication)
  end
end

#destroy ⇒ Object

DELETE /authentications/1
DELETE /authentications/1.json

# File 'app/controllers/auth/authentications_controller.rb', line 139

def destroy
  if current_account
    @authentication = current_account.authentications.find(params[:id])
    if current_account.authentications.one? && current_account.encrypted_password.blank?
      flash[:error] =
        "Could not remove #{@authentication.provider.titleize} from your registered authentications! You would have no way to authenticate your account! Either create a password to sign in to your account or consider deleting your account."
    else
      @authentication.destroy
      flash[:info] = "Success! Removed #{Authentication::PROVIDERS[@authentication.provider][:name].titleize} from your registered authentications."
    end
  end
  redirect_back_or_to my_account_path
end

#index ⇒ Object

GET /authentications
GET /authentications.json

# File 'app/controllers/auth/authentications_controller.rb', line 35

def index
  @authentications = current_account.authentications if current_account
end

#sign_in_employee ⇒ Object

# File 'app/controllers/auth/authentications_controller.rb', line 56

def sign_in_employee
  logger.debug "authentications#sign_in_employee: @devise_return_path: #{@devise_return_path}"
  logger.debug "current_account: #{current_account.inspect}"
  logger.debug "request.env['omniauth.auth']: #{request.env['omniauth.auth'].inspect}"
  logger.debug "session['devise.omniauth_data']: #{session['devise.omniauth_data'].inspect}"
  logger.debug "request.env['omniauth.origin']: #{request.env['omniauth.origin'].inspect}"
  logger.debug "request.env['omniauth.params']: #{request.env['omniauth.params'].inspect}"
  logger.debug "@devise_return_path: #{@devise_return_path}"
  omniauth = request.env["omniauth.auth"] || session["devise.omniauth_data"]
  session["devise.omniauth_data"] = nil
  (redirect_to new_account_session_path(devise_return_path: @devise_return_path) and return) if omniauth.blank?
  authentication = Authentication.find_by(provider: omniauth['provider'], uid: omniauth['uid'])
  if authentication && (omniauth['provider'] == 'google_oauth2')
    authentication.update(google_auth_access_token: omniauth['credentials']['token'])
    authentication.update(google_auth_refresh_token: omniauth['credentials']['refresh_token']) if omniauth['credentials']['refresh_token'].present?
  elsif authentication && (omniauth['provider'] == 'zoom')
    Zoom::OauthService.new(account: authentication.account).store_from_omniauth!(omniauth['credentials'])
  end

  # check first that user is currently logged in
  if current_account&.is_employee?
    if omniauth['provider'] == 'google_oauth2'
      existing_auth = current_account.authentications.google_auth.first
      if existing_auth
        existing_auth.update(
          google_auth_access_token: omniauth['credentials']['token'],
          google_auth_refresh_token: omniauth['credentials']['refresh_token'].presence || existing_auth.google_auth_refresh_token
        )
        flash[:notice] = "Google account reconnected successfully. Calendar sync is now enabled."
      else
        current_account.authentications.create(
          provider: omniauth['provider'],
          uid: omniauth['uid'],
          google_auth_access_token: omniauth['credentials']['token'],
          google_auth_refresh_token: omniauth['credentials']['refresh_token']
        )
        flash[:notice] = "Google account connected successfully. Calendar sync is now enabled."
      end
    elsif omniauth['provider'] == 'zoom'
      Zoom::OauthService.new(account: current_account).store_from_omniauth!(omniauth['credentials'])
      existing_auth = current_account.authentications.zoom_auth.first
      current_account.authentications.create(provider: 'zoom', uid: omniauth['uid']) unless existing_auth
      flash[:notice] = "Zoom account connected successfully. Zoom meetings will be created automatically."
    else
      flash[:info] = "You are already signed in."
    end
    # Redirect to the return path if provided, otherwise back to referrer or home
    redirect_to(@devise_return_path || safe_referer || crm_home_path(current_account.party))
  elsif authentication&.account&.is_employee? && authentication.account.disabled?
    # Employee account is disabled - show error
    flash[:error] = authentication.account.inactive_message
    redirect_to new_account_session_path(devise_return_path: @devise_return_path)
  elsif authentication&.account&.is_employee?
    # no current account logged in, so use the found authentication to sign in to their account.
    sign_in(:account, authentication.account)
    # This is now removed, but kept in for reference, 2/28/18, - Ramie
    # logger.debug "Signed in through WarmlyYours Google account, JWT Token is #{env['warden-jwt_auth.token']}"
    logger.debug "Signed in through WarmlyYours Google account"
    redirect_to (@devise_return_path || crm_home_path(authentication.account.party)), allow_other_host: true
  else
    # here we will use the e-mail on the Google warmlyyours.com account to login to the HW account
    account = nil
    email = Authentication.extract_email_from_omniauth_hash(omniauth)
    account = Account.find_by(email: email) if email
    if account&.is_employee? && account.disabled?
      flash[:error] = account.inactive_message
      redirect_to new_account_session_path(devise_return_path: @devise_return_path)
    elsif account&.is_employee?
      sign_in(:account, account)
      # This is now removed, but kept in for reference, 2/28/18, - Ramie
      # logger.debug "Signed in through WarmlyYours Google email, JWT Token is #{env['warden-jwt_auth.token']}"
      logger.debug "Signed in through WarmlyYours Google email}"
      account.authentications.create(provider: omniauth['provider'], uid: omniauth['uid'])
      redirect_to(@devise_return_path || crm_home_path(account.party))
    else
      flash[:error] = "Couldn't find an employee account with e-mail: #{email || 'n/a'}. Please use the google account associated with your WarmlyYours e-mail address."
      redirect_to new_account_session_path(devise_return_path: @devise_return_path)
    end
  end
end