j1_template 2019.4.10 → 2019.4.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/lib/j1/version.rb +1 -1
  3. data/lib/starter_web/Gemfile +1 -1
  4. data/lib/starter_web/_cc_test_data/_config.yml +1 -1
  5. data/lib/starter_web/_config.yml +1 -1
  6. data/lib/starter_web/assets/themes/j1/core/js/j1.js +9 -1
  7. data/lib/starter_web/package.json +1 -1
  8. data/lib/starter_web/pages/public/start/downloads/quickstarter/100_linux_starter.adoc +1 -1
  9. data/lib/starter_web/utilsrv/_defaults/package.json +1 -1
  10. data/lib/starter_web/utilsrv/package.json +1 -1
  11. metadata +15 -50
  12. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.before_merge_added.rb +0 -1267
  13. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.new.rb +0 -1121
  14. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.no_cookie.mgmt.rb +0 -1130
  15. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.ok.rb +0 -1130
  16. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.org.2.rb +0 -1086
  17. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.org.rb +0 -1548
  18. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.update.web_cookie.rb +0 -1333
  19. data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.2.erb +0 -198
  20. data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.additional_inits.erb +0 -254
  21. data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.manage.cookies.erb +0 -255
  22. data/lib/starter_web/assets/_data/_temp/_banner.html +0 -421
  23. data/lib/starter_web/assets/_data/_temp/_panel.html +0 -585
  24. data/lib/starter_web/assets/_data/_temp/banner.case.snippet.html.asciidoc +0 -91
  25. data/lib/starter_web/assets/_data/_temp/banner.new.html.asciidoc +0 -559
  26. data/lib/starter_web/assets/_data/_temp/banner.with.defaults.html.asciidoc +0 -547
  27. data/lib/starter_web/assets/_data/_temp/footer.html.new +0 -228
  28. data/lib/starter_web/assets/_data/_temp/footer.html.org +0 -234
  29. data/lib/starter_web/assets/_data/_temp/footer.old.html +0 -231
  30. data/lib/starter_web/assets/_data/_temp/footer_new.html +0 -226
  31. data/lib/starter_web/assets/_data/_temp/footer_old.html +0 -222
  32. data/lib/starter_web/assets/_data/_temp/menu.old.html +0 -462
  33. data/lib/starter_web/assets/_data/_temp/panel.new.html +0 -560
  34. data/lib/starter_web/assets/_data/_temp/panel.old.html +0 -597
  35. data/lib/starter_web/assets/_data/_temp/panel.org.html +0 -597
  36. data/lib/starter_web/assets/_data/animate.json +0 -120
  37. data/lib/starter_web/assets/_data/ascii_code_table.json +0 -1794
  38. data/lib/starter_web/assets/_data/authclient.html +0 -365
  39. data/lib/starter_web/assets/_data/banner.html +0 -431
  40. data/lib/starter_web/assets/_data/carousel.json +0 -110
  41. data/lib/starter_web/assets/_data/colors.json +0 -43
  42. data/lib/starter_web/assets/_data/cookie_consent.html +0 -225
  43. data/lib/starter_web/assets/_data/countries.json +0 -974
  44. data/lib/starter_web/assets/_data/font_sizes.json +0 -43
  45. data/lib/starter_web/assets/_data/fontawesome_icons.json +0 -5525
  46. data/lib/starter_web/assets/_data/footer.html +0 -239
  47. data/lib/starter_web/assets/_data/galleries.json +0 -160
  48. data/lib/starter_web/assets/_data/mdi_icons.json +0 -14641
  49. data/lib/starter_web/assets/_data/menu.html +0 -469
  50. data/lib/starter_web/assets/_data/messages.yml +0 -130
  51. data/lib/starter_web/assets/_data/objects.json +0 -458
  52. data/lib/starter_web/assets/_data/panel.html +0 -501
  53. data/lib/starter_web/assets/_data/panel.new.html +0 -498
  54. data/lib/starter_web/assets/_data/quicklinks.html +0 -178
  55. data/lib/starter_web/assets/_data/search.yml +0 -131
  56. data/lib/starter_web/assets/_data/sidebar.html +0 -261
  57. data/lib/starter_web/assets/_data/themes.json +0 -59
  58. data/lib/starter_web/assets/_data/twa_v1.json +0 -6978
  59. data/lib/starter_web/assets/_data/twa_v2.json +0 -12812
  60. data/lib/starter_web/assets/_data/webhook.html +0 -190
data/lib/j1_app/j1_auth_manager/_unused/auth_manager.update.web_cookie.rb DELETED
@@ -1,1333 +0,0 @@
1
- # RuboCops - Documentation
2
- # ------------------------------------------------------------------------------
3
- # See: https://rubocop.readthedocs.io/en/latest/
4
-
5
- # RuboCops - Disabled Cops
6
- # ------------------------------------------------------------------------------
7
- # rubocop:disable Metrics/BlockLength
8
- # rubocop:disable Metrics/ClassLength
9
- # rubocop:disable Metrics/LineLength
10
- # rubocop:disable Style/StringLiterals
11
- # rubocop:disable Style/Documentation
12
- # rubocop:disable Metrics/BlockNesting
13
- # rubocop:disable Layout/ClosingParenthesisIndentation
14
- # rubocop:disable Layout/LeadingCommentSpace
15
- # rubocop:disable Layout/EmptyLines
16
- # rubocop:disable Layout/EmptyLinesAroundBlockBody
17
- # rubocop:disable Layout/FirstParameterIndentation
18
- # rubocop:disable Layout/CommentIndentation
19
- # rubocop:disable Layout/AlignParameters
20
- # rubocop:disable Layout/AlignHash
21
- # rubocop:disable Layout/TrailingWhitespace
22
- # rubocop:disable Layout/IndentHash
23
- # rubocop:disable Layout/SpaceAroundOperators
24
- # rubocop:disable Layout/ExtraSpacing
25
- # rubocop:disable Style/UnlessElse
26
- # rubocop:disable Style/HashSyntax
27
-
28
-
29
- # ------------------------------------------------------------------------------
30
- # ~/lib/j1_auth_manager/auth_manager/.rb
31
- #
32
- # Provides authentication services based on Warden|OmniAuth
33
- #
34
- # Product/Info:
35
- # https://jekyll.one
36
- #
37
- # Copyright (C) 2019 Juergen Adams
38
- #
39
- # J1 Template is licensed under the MIT License.
40
- # See: https://github.com/jekyll-one-org/j1_template/blob/master/LICENSE
41
- #
42
- # ------------------------------------------------------------------------------
43
- # NOTES
44
- #
45
- # ------------------------------------------------------------------------------
46
- # frozen_string_literal: true
47
-
48
- module J1App
49
- class AuthManager < Sinatra::Base
50
-
51
- include J1App::Helpers
52
- include J1App::GithubHelpers
53
-
54
- # ==========================================================================
55
- # Sinatra Framework settings
56
- # ==========================================================================
57
-
58
- # NOTE: https://stackoverflow.com/questions/7847536/sinatra-in-facebook-iframe
59
- #
60
- #set :protection, :except => :frame_options
61
-
62
- # Check: http://sinatrarb.com/intro.html
63
- #
64
- #set :static_cache_control, [:public, :max_age => 10]
65
-
66
-
67
- # ==========================================================================
68
- # Base App and Warden Framework settings
69
- # ==========================================================================
70
-
71
- session_data = {}
72
-
73
- # web_session_data = {
74
- # :authenticated => 'false',
75
- # :requested_page => '/',
76
- # :user_name => 'unknown',
77
- # :users_allowed => 'unknown',
78
- # :user_id => 'unknown',
79
- # :provider => 'unknown',
80
- # :provider_url => '/',
81
- # :payment_info => 'unknown',
82
- # :permissions => 'unknown',
83
- # :writer => 'middleware'
84
- # }
85
-
86
- web_session_data = {
87
- :authenticated => 'false',
88
- :requested_page => '/',
89
- :user_name => 'visitor',
90
- :users_allowed => 'all',
91
- :user_id => 'unknown',
92
- :provider => 'j1',
93
- :provider_membership => 'guest',
94
- :provider_url => 'https://jekyll.one',
95
- :payment_info => 'unknown',
96
- :provider_permissions => 'public',
97
- :creator => 'middleware',
98
- :writer => 'middleware'
99
- }
100
-
101
- # Enable SSL for the rack session if configured
102
- # --------------------------------------------------------------------------
103
- require 'rack-ssl-enforcer' if J1App.ssl?
104
- use Rack::SslEnforcer if J1App.ssl?
105
-
106
- # Set the session cookie used by Rack to track all relevant data
107
- # for the authentication service
108
- # --------------------------------------------------------------------------
109
- use Rack::Session::Cookie,
110
- http_only: true, # if set to 'true', make session cookie visible to the browser (document) for HTTP
111
- key: 'j1.app.session',
112
- secret: ENV['J1_SESSION_SECRET'] || SecureRandom.hex
113
-
114
- # use Rack::Cache do |config|
115
- # #
116
- # # ------------------------------------------------------------------------
117
- # config.middleware.delete(Rack::Cache)
118
- # end
119
-
120
- # ==========================================================================
121
- # Warden Framework initialisation
122
- # ==========================================================================
123
-
124
- # Define what (user) data should be put (serialized) into the session
125
- # on requests and responses from Rack environment into the warden
126
- # environment (env['warden']).
127
- # --------------------------------------------------------------------------
128
- Warden::Manager.serialize_into_session do |user|
129
- user
130
- end
131
- Warden::Manager.serialize_from_session do |user|
132
- user
133
- end
134
-
135
- # ==========================================================================
136
- # OmniAuth|Warden Framework initialisation
137
- # ==========================================================================
138
-
139
- # Set the 'default' authentication strategy and exception handler
140
- # (for warden) if the user was not explicitly signed in (signin dialog).
141
- # If 'signin' fails, the default exception 'signin_failure' is thrown
142
- # (used for all OmniAuth strategies registered).
143
- # --------------------------------------------------------------------------
144
- signin_failure = ->(_e) { Rack::Response.new("Can't login", 401).finish }
145
- use Warden::Manager do |config|
146
- # OmniAuth strategies are name-spaced by 'omni' (see: warden_omniauth.rb)
147
- # ------------------------------------------------------------------------
148
- config.default_strategies :"omni_#{J1App.default_provider}"
149
- config.failure_app = signin_failure
150
- end
151
-
152
- use OmniAuth::Builder do |config|
153
- # Workaround to rescue OmniAuth::Strategies::OAuth2::CallbackError?
154
- # for chromium based browsers (e.g. google-chrome)
155
- # ------------------------------------------------------------------------
156
- config.on_failure do
157
- new_path = '/redirect_requested_page'
158
- Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
159
- end
160
-
161
- # Detect and set supported authentication strategies for OmniAuth
162
- # ------------------------------------------------------------------------
163
-
164
- # Additional (strategy) option skip_extra, default: true
165
- #
166
- # If true, skips the collection of raw data (extra) to NOT blow
167
- # up the session cookie (as it is limited to 4K)
168
- skip_extra = true
169
-
170
- if J1App.active_providers.include? 'patreon'
171
- scope = J1App.auth_config['providers']['patreon']['scope'].join(',')
172
- data_collection = J1App.auth_config['providers']['patreon']['data_fields'].join(',')
173
- skip_extra = false if data_collection =~ /raw/i
174
- provider :patreon,
175
- ENV['PATREON_CLIENT_ID'],
176
- ENV['PATREON_CLIENT_SECRET'],
177
- scope: "#{scope}",
178
- skip_extra: skip_extra
179
- end
180
- if J1App.active_providers.include? 'disqus'
181
- scope = J1App.auth_config['providers']['disqus']['scope'].join(',')
182
- data_collection = J1App.auth_config['providers']['disqus']['data_fields'].join(',')
183
- skip_extra = false if data_collection =~ /raw/i
184
- provider :disqus,
185
- ENV['DISQUS_CLIENT_ID'],
186
- ENV['DISQUS_CLIENT_SECRET'],
187
- scope: "#{scope}",
188
- skip_extra: skip_extra
189
- end
190
- if J1App.active_providers.include? 'facebook'
191
- scope = J1App.auth_config['providers']['facebook']['scope'].join(',')
192
- data_collection = J1App.auth_config['providers']['facebook']['data_fields'].join(',')
193
- skip_extra = false if data_collection =~ /raw/i
194
- provider :facebook,
195
- ENV['FACEBOOK_CLIENT_ID'],
196
- ENV['FACEBOOK_CLIENT_SECRET'],
197
- scope: "#{scope}",
198
- skip_extra: skip_extra
199
- end
200
- if J1App.active_providers.include? 'github'
201
- scope = J1App.auth_config['providers']['github']['scope'].join(',')
202
- data_collection = J1App.auth_config['providers']['github']['data_fields'].join(',')
203
- skip_extra = false if data_collection =~ /raw/i
204
- provider :github,
205
- ENV['GITHUB_CLIENT_ID'],
206
- ENV['GITHUB_CLIENT_SECRET'],
207
- scope: "#{scope}",
208
- skip_extra: skip_extra
209
- end
210
- if J1App.active_providers.include? 'twitter'
211
- scope = J1App.auth_config['providers']['twitter']['scope'].join(',')
212
- data_collection = J1App.auth_config['providers']['twitter']['data_fields'].join(',')
213
- skip_extra = false if data_collection =~ /raw/i
214
- provider :twitter,
215
- ENV['TWITTER_CLIENT_ID'],
216
- ENV['TWITTER_CLIENT_SECRET'],
217
- scope: "#{scope}",
218
- skip_extra: skip_extra
219
- end
220
- end
221
-
222
- # Set the (internal) endpoint if a user is successfully authenticated
223
- # --------------------------------------------------------------------------
224
- use J1WardenOmniAuth do |config|
225
- config.redirect_after_callback = '/post_authentication'
226
- end
227
-
228
- # Add the internal logger from Rack to the middleware's of the stack
229
- # --------------------------------------------------------------------------
230
- use Rack::Logger
231
-
232
- # Load user profiles, permissions, conditions and strategies
233
- # --------------------------------------------------------------------------
234
-
235
- providers = J1App.auth_config['providers']
236
- permissions = J1App.permissions
237
-
238
-
239
- # ==========================================================================
240
- # Sinatra (before) FILTER to preprocess all page requests
241
- # ==========================================================================
242
-
243
- # Prepare root (index) page for app detection
244
- #
245
- before '/' do
246
- log_info! "ROOT", "Prepare", 'Web Session'
247
-
248
- # read existing/current cookie 'j1.web.session' to update all data
249
- # of web_session_data (hash) otherwise set initial data
250
- # ------------------------------------------------------------------------
251
- unless env['HTTP_COOKIE'] == nil
252
- log_info! "ROOT", 'Cookie', 'Read current web session data'
253
- web_session_data = readCookie('j1.web.session')
254
- data_json = web_session_data.to_json
255
- log_info! "ROOT", 'Cookie', 'Current web session data', "#{data_json}"
256
-
257
- # if env['HTTP_COOKIE'].include? 'j1.web.session'
258
- # session_encoded = request.cookies['j1.web.session']
259
- # session_decoded = Base64.decode64(session_encoded)
260
- # web_session_data = JSON.parse(session_decoded)
261
- # end
262
-
263
- else
264
- requested_page = env['REQUEST_URI']
265
- session_data['requested_page'] = "#{env['REQUEST_URI']}"
266
- end
267
-
268
- # Create|Initialize the J1 web session cookie
269
- # ------------------------------------------------------------------------
270
- if warden.authenticated?
271
- log_info! "ROOT", 'Cookie', 'Update current user data'
272
-
273
- user = warden.user
274
- log_info! "ROOT", 'AuthCheck', 'User detected as signed in', "#{user[:provider]}"
275
- session_data['authenticated'] = 'true'
276
- session_data['requested_page'] = '/'
277
- session_data['user_name'] = user[:info]['nickname']
278
- session_data['users_allowed'] = providers["#{user[:provider]}"]['users']
279
- session_data['user_id'] = user[:uid]
280
- session_data['provider'] = user[:provider]
281
- session_data['provider_membership'] = 'member'
282
- session_data['provider_url'] = providers["#{user[:provider]}"]['provider_url']
283
- session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
284
- session_data['payment_status'] = user[:info][:payment_status]
285
- else
286
- log_info! "ROOT", 'AuthCheck', 'User detected', 'signed out'
287
- session_data['authenticated'] = 'false'
288
- # session_data['requested_page'] = '/'
289
- session_data['users_allowed'] = 'all'
290
- session_data['user_name'] = 'visitor'
291
- session_data['user_id'] = 'unknown'
292
- session_data['payment_status'] = 'unknown'
293
- session_data['provider'] = 'j1'
294
- session_data['provider_membership'] = 'guest'
295
- session_data['provider_url'] = 'https://jekyll.one'
296
- session_data['provider_permissions'] = 'public'
297
- end
298
- session_data['writer'] = 'middleware'
299
- session_data['creator'] = 'middleware'
300
-
301
- web_session_data = merge( web_session_data, session_data )
302
-
303
- data_json = session_data.to_json
304
- log_info! "ROOT", 'Cookie', 'Merge current user data', "#{data_json}"
305
-
306
- data_json = web_session_data.to_json
307
- log_info! "ROOT", 'Cookie', 'Update web session data', "#{data_json}"
308
- writeCookie('j1.web.session', data_json)
309
- end
310
-
311
- # General page detection (page auth pre-flight)
312
- # --------------------------------------------------------------------------
313
- before '/(pages|posts)/*' do
314
-
315
- log_info! 'AuthManager', 'PreFlight', 'Initial checks initiated'
316
-
317
- # read existing/current cookie 'j1.web.session'
318
- # to update all data of web_session_data (hash)
319
- # if request.warden.user.respond_to?(:info)
320
- # ------------------------------------------------------------------------
321
-
322
- #web_session_data = readCookie('j1.web.session')
323
-
324
- if env['HTTP_COOKIE'].include? 'j1.web.session'
325
- session_encoded = request.cookies['j1.web.session']
326
- session_decoded = Base64.decode64(session_encoded)
327
- # See: https://stackoverflow.com/questions/86653/how-can-i-pretty-format-my-json-output-in-ruby-on-rails
328
- session_pretty = JSON.pretty_generate(session_decoded)
329
- web_session_data = JSON.parse(session_decoded)
330
-
331
- log_info! 'PreFlight', 'Cookie', 'Read web session data', "#{session_decoded}" # ,"#{session_pretty}"
332
- else
333
- requested_page = env['REQUEST_URI']
334
- session_data['requested_page'] = "#{env['REQUEST_URI']}"
335
- end
336
-
337
- # Create|Initialize the J1 web session cookie
338
- # ------------------------------------------------------------------------
339
- log_info! 'PreFlight', 'AuthCheck', 'Check authentication state'
340
- if warden.authenticated?
341
- log_info! 'PreFlight', 'AuthCheck', 'Fick dich'
342
- user = warden.user
343
- session_data['authenticated'] = 'true'
344
- session_data['user_name'] = user[:info]['nickname']
345
- session_data['user_id'] = user[:uid]
346
- session_data['provider'] = user[:provider]
347
- session_data['provider_url'] = providers["#{user[:provider]}"]['provider_url']
348
- session_data['users_allowed'] = providers["#{user[:provider]}"]['users']
349
- session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
350
- session_data['provider_membership'] = 'member'
351
- session_data['payment_status'] = user[:info][:payment_status]
352
- session_data['writer'] = 'middleware'
353
-
354
- web_session_data = merge( web_session_data, session_data )
355
- log_info! 'PreFlight', 'AuthCheck', 'User authenticated', "#{user[:info]['nickname']}"
356
-
357
- session_json = web_session_data.to_json
358
- log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
359
-
360
- session_encoded = Base64.encode64(session_json)
361
- response.set_cookie(
362
- 'j1.web.session',
363
- domain: false,
364
- value: session_encoded.to_s,
365
- path: '/'
366
- )
367
- end
368
-
369
- # User state|content detection for implicit authentication
370
- # ------------------------------------------------------------------------
371
- log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'disabled' if authentication_enabled? == false
372
- log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
373
- pass if authentication_enabled? == false
374
-
375
- log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'enabled'
376
- log_info! 'PreFlight', 'DetectContent', 'Public content detected' if public_content?
377
- log_info! 'PreFlight', 'DetectContent', 'Pass all public content' if public_content?
378
- pass if public_content?
379
-
380
- log_info! 'PreFlight', 'DetectCookieConsent', 'Cookie Consent', "#{web_session_data['cookies_accepted']}"
381
-
382
- # if web_session_data['cookies_accepted'] === 'declined'
383
- # requested_page = env['REQUEST_URI']
384
- # requested_page.scan(/(protected|private)/) do |match|
385
- # category = match[0]
386
- # log_info! 'PreFlight', 'DetectContent', 'Content detected as', "#{category}"
387
- # log_info! 'PreFlight', 'Redirect', 'Pass to dialog page (Cookie Consent)'
388
- # description_title = "Cookie consent declined"
389
- # redirect "/cookie_consent?provider=#{web_session_data['provider']}&user=#{web_session_data['user_name']}&category=#{category}&requested_page=#{requested_page}&title=#{description_title}"
390
- # #redirect requested_page
391
- # end
392
- # end
393
-
394
- log_info! 'PreFlight', 'DetectContent', 'Check content type'
395
-
396
- requested_page = env['REQUEST_URI']
397
- requested_page.scan(/(protected|private)/) do |match|
398
-
399
- category = match[0]
400
- log_info! 'PreFlight', 'DetectContent', 'Content type detected', "#{category}"
401
-
402
- log_info! 'PreFlight', 'AuthCheck', 'Check authorisation status'
403
- if warden.authenticated?
404
- user_name = user[:info]['nickname']
405
- log_info! 'PreFlight', 'AuthCheck', 'User detected', "#{user_name}"
406
-
407
- current_provider = warden.user[:provider]
408
-
409
- # provider_strategy = strategies["#{default_provider}"]
410
- strategy = providers["#{current_provider}"]['strategy']
411
- provider_strategy = :"#{strategy}"
412
-
413
- web_session_data['user_name'] = user_name
414
- web_session_data['provider_url'] = providers["#{current_provider}"]['provider_url']
415
- web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
416
- web_session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
417
- web_session_data['requested_page'] = requested_page
418
-
419
- log_info! 'PreFlight', 'ContentCheck', 'Check permissions'
420
- if permissions[:"#{category}"].include? current_provider
421
- log_info! 'PreFlight', 'ContentCheck', 'Provider detected', "#{current_provider}"
422
- log_info! 'PreFlight', 'ContentCheck', 'Category detected', "#{category}"
423
- log_info! 'PreFlight', 'ContentCheck', 'Category support', 'enabled'
424
-
425
- # Check permissions
426
- #
427
- #log_info! 'Authorisation', 'ConditionCheck', 'Check permissions for provider', "#{current_provider}"
428
- #conditions = J1App.conditions current_provider
429
- # if conditions["#{category}"]
430
- # log_info! 'Authorisation', 'ConditionCheck', 'Conditions detected', "#{category}"
431
- # conditions["#{category}"].each do |k, v|
432
- # case k
433
- # when 'enabled'
434
- # log_info! 'Authorisation', 'ConditionCheck', "#{k}", "#{v}"
435
- # when 'users'
436
- # log_info! 'Authorisation', 'ConditionCheck', 'users'
437
- # v.each do |k, v|
438
- # log_info! 'Authorisation', 'ConditionCheck', "users - #{k}", "#{v}"
439
- # end
440
- # when 'payment'
441
- # log_info! 'Authorisation', 'ConditionCheck', 'payment'
442
- # v.each do |k, v|
443
- # case k
444
- # when 'tiers'
445
- # log_info! 'Authorisation', 'ConditionCheck', "payment - #{k}", "#{v}"
446
- # when 'tier'
447
- # v.each do |k, v|
448
- # log_info! 'Authorisation', 'ConditionCheck', 'payment - tiers - tier : ' "#{k}", "#{v}"
449
- # end
450
- # end
451
- # end
452
- # end
453
- # end
454
- # end
455
- else
456
- provider = permissions[:"#{category}"][0]
457
- log_info! 'PreFlight', 'ContentCheck', 'Provider detected', "#{current_provider}"
458
- log_info! 'PreFlight', 'ContentCheck', 'Category detected', "#{category}"
459
- log_info! 'PreFlight', 'ContentCheck', 'Category supported', 'NO'
460
- log_info! 'PreFlight', 'AuthCheck', 'Authorisation failed for user', "#{user_name}"
461
-
462
- log_info! 'PreFlight', 'SignOut', 'Sign out user', "#{user_name}"
463
- warden.logout
464
- session.clear
465
-
466
- session_json = web_session_data.to_json
467
- log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
468
-
469
- session_encoded = Base64.encode64(session_json)
470
- response.set_cookie(
471
- 'j1.web.session',
472
- domain: false,
473
- value: session_encoded.to_s,
474
- path: '/'
475
- )
476
-
477
- log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
478
- allowed_users = providers["#{provider}"]['users'].join(',')
479
- redirect "/page_validation?provider=#{provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
480
- end
481
-
482
- time = Time.now.ctime.to_s
483
- log_info! 'PreFlight', 'AuthCheck', 'Pass to requested page', "#{requested_page}"
484
- log_info! 'PreFlight', 'AuthCheck', 'Set X-Response-Headers'
485
-
486
- # See: https://stackoverflow.com/questions/10438276/how-to-disable-static-file-caching-in-rails-3-thin-on-windows
487
- # response.headers["Cache-Control"] = 'no-cache, no-store, max-age=0, must-revalidate'
488
- # response.headers["Pragma"] = 'no-cache'
489
- # response.headers["Expires"] = 'Fri, 01 Jan 1990 00:00:00 GMT'
490
- response.headers['X-J1-AuthManager'] = "page-validated;category=#{category};called=" + time
491
- pass
492
- else
493
- log_info! 'PreFlight', 'AuthCheck', 'User detected', 'signed out'
494
- default_provider = permissions[:"#{category}"][0]
495
- log_info! 'PreFlight', 'AuthCheck', 'Set default provider', "#{default_provider}"
496
-
497
- strategy = providers["#{default_provider}"]['strategy']
498
- provider_strategy = :"#{strategy}"
499
-
500
- log_info! 'PreFlight', 'AuthCheck', 'Start processing provider', "#{default_provider}"
501
- log_info! 'PreFlight', 'AuthCheck', 'Authentication strategy', "#{provider_strategy}"
502
-
503
- case provider_strategy
504
-
505
- when :org
506
- warden.authenticate!
507
- github_organization_authenticate! ENV['GITHUB_ORG_NAME']
508
- logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} organization"
509
-
510
- when :team
511
- warden.authenticate!
512
- github_team_authenticate! ENV['GITHUB_TEAM_ID']
513
- logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
514
-
515
- when :teams
516
- warden.authenticate!
517
- github_teams_authenticate! ENV['GITHUB_TEAM_IDS'].split(',')
518
- logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
519
-
520
- when :member
521
- log_info! 'PreFlight', 'AuthCheck', 'Process authentication strategy'
522
-
523
- if env['HTTP_COOKIE'].include? 'j1.web.session'
524
- session_encoded = request.cookies['j1.web.session']
525
- session_decoded = Base64.decode64(session_encoded)
526
- log_info! 'PreFlight', 'Cookie', 'Read web session data' # "#{session_decoded}"
527
- web_session_data = JSON.parse(session_decoded)
528
- end
529
-
530
- # Update cookie data
531
- # ----------------------------------------------------------------------
532
- web_session_data['provider_url'] = providers["#{default_provider}"]['provider_url']
533
- web_session_data['users_allowed'] = providers["#{default_provider}"]['users']
534
- web_session_data['provider_permissions'] = providers["#{default_provider}"]['permissions']
535
- web_session_data['requested_page'] = env['REQUEST_URI']
536
- web_session_data['writer'] = 'middleware'
537
-
538
- # write updated J1 session cookie
539
- #
540
- session_json = web_session_data.to_json
541
- session_encoded = Base64.encode64(session_json)
542
- log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
543
-
544
- response.set_cookie(
545
- 'j1.web.session',
546
- domain: false,
547
- value: session_encoded.to_s,
548
- path: '/'
549
- )
550
-
551
- allowed_users = providers["#{default_provider}"]['users'].join(',')
552
- requested_page = env['REQUEST_URI']
553
-
554
- log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
555
- redirect "/page_validation?provider=#{default_provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
556
- else
557
- raise J1App::ConfigError
558
- end
559
-
560
- end
561
- end
562
- end
563
-
564
-
565
- # ==========================================================================
566
- # API ENDPOINTS (Sinatra HANDLERS)
567
- # ==========================================================================
568
-
569
- # ENDPOINT authentication (called from WEB by auth client)
570
- # --------------------------------------------------------------------------
571
- get '/authentication' do
572
- # collect (common) GET parameter|s
573
- #
574
- request = params.fetch('request')
575
- provider = params.fetch('provider')
576
-
577
- log_info! 'API', 'Authentication', 'Authentication request received'
578
-
579
- # SignIn
580
- # ------------------------------------------------------------------------
581
- if request === 'signin'
582
-
583
- log_info! 'Authentication', 'SignIn', 'Called for provider', "#{provider}"
584
-
585
- # collect (additional) GET parameter|s
586
- # ----------------------------------------------------------------------
587
- allowed_users = params.fetch('allowed_users')
588
-
589
- web_session_data['users_allowed'] = allowed_users
590
- web_session_data['writer'] = 'middleware'
591
-
592
- # Write updated J1 session data to cookie
593
- # --------------------------------------------------------------------
594
- session_json = web_session_data.to_json
595
- log_info! 'Authentication', 'Cookie', 'Write web session data', "#{session_json}"
596
-
597
- session_encoded = Base64.encode64(session_json)
598
- response.set_cookie(
599
- 'j1.web.session',
600
- domain: false,
601
- value: session_encoded.to_s,
602
- path: '/'
603
- )
604
-
605
- if warden.authenticated?
606
- log_info! 'Authentication', 'SignIn', 'User already signed in', "#{warden.user[:info]['nickname']} "
607
- else
608
- log_info! 'Authentication', 'SignIn', 'Initiate OmniAuth authentication'
609
-
610
- # Make (really) sure that old session is cleared before login
611
- # --------------------------------------------------------------------
612
- warden.logout
613
- session.clear
614
- warden.authenticate! :"omni_#{provider}"
615
- end
616
- # SignOut
617
- # ------------------------------------------------------------------------
618
- elsif request === 'signout'
619
- # collect (additional) GET parameter|s
620
- provider_signout = params.fetch('provider_signout')
621
- log_info! 'Authentication', 'SignOut', 'Called for provider', #{provider}"
622
-
623
- if warden.authenticated?
624
- user = warden.user[:info]['nickname']
625
- provider = warden.user[:provider]
626
- provider_url = web_session_data['provider_url']
627
- log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
628
- warden.logout
629
- session.clear
630
-
631
- # Read current J1 web session cookie
632
- # --------------------------------------------------------------------
633
- if env['HTTP_COOKIE'].include? 'j1.web.session'
634
- session_encoded = env['rack.request.cookie_hash']['j1.web.session']
635
- session_decoded = Base64.decode64(session_encoded)
636
- log_info! 'Authentication', 'Cookie', 'Read web session data' # #{session_decoded}"
637
- web_session_data = JSON.parse(session_decoded)
638
- else
639
- web_session_data['requested_page'] = env['REQUEST_URI']
640
- end
641
-
642
- # Update J1 web session data
643
- # --------------------------------------------------------------------
644
- web_session_data['user_name'] = 'visitor'
645
- web_session_data['user_id'] = 'unknown'
646
- web_session_data['users_allowed'] = 'all'
647
- web_session_data['payment_status'] = 'unknown'
648
- web_session_data['provider'] = 'j1'
649
- web_session_data['provider_url'] = 'https://jekyll.one'
650
- web_session_data['provider_permissions'] = 'public'
651
- web_session_data['authenticated'] = 'false'
652
- web_session_data['writer'] = 'middleware'
653
-
654
- # Write updated J1 session data to cookie
655
- # --------------------------------------------------------------------
656
- session_json = web_session_data.to_json
657
- log_info! 'Authentication', 'Cookie', 'Write web session data', "#{session_json}"
658
-
659
- session_encoded = Base64.encode64(session_json)
660
- response.set_cookie(
661
- 'j1.web.session',
662
- domain: false,
663
- value: session_encoded.to_s,
664
- path: '/'
665
- )
666
-
667
- if provider_signout === 'true'
668
- log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
669
- log_info! 'Authentication', 'SignOut', 'Sign out from', "#{provider}"
670
- log_info! 'Authentication', 'Redirect', 'Pass to provider', "#{provider_url}"
671
- redirect "#{provider_url}"
672
- else
673
- log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
674
- log_info! 'Authentication', 'SignOut', 'Sign out from', "session"
675
-
676
- # If signed out, redirect ONLY for PUBLIC pages
677
- # ------------------------------------------------------------------
678
- if redirect_whitelisted?
679
- # Update J1 web session data
680
- # --------------------------------------------------------------------
681
- web_session_data['requested_page']
682
- web_session_data['user_name'] = 'visitor'
683
- web_session_data['user_id'] = 'unknown'
684
- web_session_data['users_allowed'] = 'all'
685
- web_session_data['payment_status'] = 'unknown'
686
- web_session_data['provider'] = 'j1'
687
- web_session_data['provider_url'] = 'https://jekyll.one'
688
- web_session_data['provider_permissions'] = 'public'
689
- web_session_data['authenticated'] = 'false'
690
- web_session_data['writer'] = 'middleware'
691
-
692
- # Write updated J1 session data to cookie
693
- # --------------------------------------------------------------------
694
- session_json = web_session_data.to_json
695
- log_info! 'Authentication', 'Redirect', 'Write web session data', "#{session_json}"
696
-
697
- session_encoded = Base64.encode64(session_json)
698
- response.set_cookie(
699
- 'j1.web.session',
700
- domain: false,
701
- value: session_encoded.to_s,
702
- path: '/'
703
- )
704
- log_info! 'Authentication', 'Redirect', 'Pass to page', "#{web_session_data['requested_page']}"
705
- redirect web_session_data['requested_page']
706
- else
707
- log_info! 'Authentication', 'Redirect', 'Redirect NOT whitelisted'
708
- # Update J1 web session data
709
- # --------------------------------------------------------------------
710
- web_session_data['user_name'] = 'visitor'
711
- web_session_data['user_id'] = 'unknown'
712
- web_session_data['users_allowed'] = 'all'
713
- web_session_data['payment_status'] = 'unknown'
714
- web_session_data['provider'] = 'j1'
715
- web_session_data['provider_url'] = 'https://jekyll.one'
716
- web_session_data['provider_permissions'] = 'public'
717
- web_session_data['authenticated'] = 'false'
718
- web_session_data['writer'] = 'middleware'
719
-
720
- # Write updated J1 session data to cookie
721
- # --------------------------------------------------------------------
722
- session_json = web_session_data.to_json
723
- log_info! 'Authentication', 'Redirect', 'Write web session data', "#{session_json}"
724
-
725
- session_encoded = Base64.encode64(session_json)
726
- response.set_cookie(
727
- 'j1.web.session',
728
- domain: false,
729
- value: session_encoded.to_s,
730
- path: '/'
731
- )
732
- log_info! 'Authentication', 'Redirect', 'Pass to page', "/"
733
- redirect '/'
734
- end
735
- end
736
- else
737
- # THIS condition should NEVER REACHED because NO logout dialog
738
- # (modal) is provided by the auth client if a user isn't signed in.
739
- # Kept this alternative for cases something went wrong.
740
- # --------------------------------------------------------------------
741
- log_info! 'Authentication', 'API', 'DEAD PATH: Called for sign out', 'NOT signed in'
742
-
743
- # Read current J1 session cookie
744
- # --------------------------------------------------------------------
745
- if env['HTTP_COOKIE'].include? 'j1.web.session'
746
- session_encoded = env['rack.request.cookie_hash']['j1.web.session']
747
- session_decoded = Base64.decode64(session_encoded)
748
- web_session_data = JSON.parse(session_decoded)
749
-
750
- log_info! 'Authentication', 'Cookie', 'DEAD PATH. Read web session data' # #{session_decoded}"
751
- else
752
- web_session_data['requested_page'] = env['REQUEST_URI']
753
- end
754
-
755
- # Update J1 web session data
756
- # --------------------------------------------------------------------
757
- web_session_data['user_name'] = 'visitor'
758
- web_session_data['user_id'] = 'unknown'
759
- web_session_data['users_allowed'] = 'all'
760
- web_session_data['payment_status'] = 'unknown'
761
- web_session_data['provider'] = 'j1'
762
- web_session_data['provider_url'] = 'https://jekyll.one'
763
- web_session_data['provider_permissions'] = 'public'
764
- web_session_data['authenticated'] = 'false'
765
- web_session_data['writer'] = 'middleware'
766
-
767
- # Write updated J1 session data to cookie
768
- # --------------------------------------------------------------------
769
- session_json = web_session_data.to_json
770
- log_info! 'Authentication', 'Cookie', 'DEAD PATH. Write web session data', "#{session_json}"
771
-
772
- session_encoded = Base64.encode64(session_json)
773
- response.set_cookie(
774
- 'j1.web.session',
775
- domain: false,
776
- value: session_encoded.to_s,
777
- path: '/'
778
- )
779
-
780
- log_info! 'Post Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{web_session_data['requested_page']}"
781
- redirect web_session_data['requested_page']
782
- end
783
- else
784
- raise J1App::ConfigError
785
- end
786
- end
787
- # END: get '/authentication'
788
- # --------------------------------------------------------------------------
789
-
790
- # ENDPOINT post_authentication (called after a user is back from OAuth Provider)
791
- # --------------------------------------------------------------------------
792
- get '/post_authentication' do
793
- reward = {
794
- :id => 'unknown',
795
- :name => 'unknown',
796
- :link => '#'
797
- }
798
- campaign = {
799
- :id => 'unknown',
800
- :link => '#'
801
- }
802
-
803
- log_info! 'API', 'Post Authentication', 'Identification request received'
804
-
805
- log_info! 'Post Authentication', 'Cookie', 'Read web session data'
806
- session_encoded = request.cookies['j1.web.session']
807
- session_decoded = Base64.decode64(session_encoded)
808
- web_session_data = JSON.parse(session_decoded)
809
-
810
- user = warden.user
811
- user_json = user.to_json
812
-
813
- if user[:provider] === 'disqus'
814
- user[:info][:urls][:site] = "https://disqus.com"
815
- user[:info][:urls][:home] = user[:info]['urls']['profileUrl']
816
- user[:info][:urls][:blog] = "https://disqus.com/by/juergen_adams/"
817
- user[:info][:urls][:member] = user[:info]['urls']['profileUrl']
818
- end
819
-
820
- if user[:provider] === 'github'
821
- user[:info][:urls][:site] = "https://github.com"
822
- user[:info][:urls][:home] = user[:info]['urls']['GitHub']
823
- user[:info][:urls][:blog] = "https://github.com/jekyll-one"
824
- user[:info][:urls][:member] = user[:info]['urls']['Blog']
825
- end
826
-
827
- if user[:provider] === 'patreon'
828
-
829
- user[:info][:urls][:site] = "https://patreon.com"
830
- user[:info][:urls][:home] = "https://patreon.com/home"
831
- user[:info][:urls][:blog] = "https://patreon.com/jekyll_one"
832
-
833
- unless user[:info]['payment_info'].empty?
834
- reward_url = user[:info]['payment_info']['relationships']['reward']['links']['related']
835
- reward_json = RestClient.get "#{reward_url}", {:content_type => :json, :accept => :json}
836
- reward_data = JSON.parse(reward_json)
837
- user[:info][:urls][:member] = "https://patreon.com" + reward_data['data']['attributes']['url']
838
- user[:info][:payment_status] = user[:info]['payment_info']['attributes']['declined_since'].nil? ? 'true' : 'false'
839
- else
840
- reward_url = ""
841
- reward_json = ""
842
- reward_data = ""
843
- user[:info][:payment_status] = 'false'
844
- end
845
-
846
- unless reward_data.empty?
847
- reward[:id] = reward_data['data']['id']
848
- reward[:name] = reward_data['data']['attributes']['title']
849
- reward[:link] = "https://patreon.com" + reward_data['data']['attributes']['url']
850
- campaign[:id] = reward_data['data']['relationships']['campaign']['data']['id']
851
- campaign[:link] = reward_data['data']['relationships']['campaign']['links']['related']
852
- else
853
- reward[:id] = ""
854
- reward[:name] = "no tiers"
855
- reward[:link] = ""
856
- campaign[:id] = ""
857
- campaign[:link] = ""
858
- end
859
- end
860
-
861
- user[:extra][:reward] = reward
862
- user[:extra][:campaign] = campaign
863
-
864
- if user.nil?
865
- # Collection of session data failed (e.g cookie > 4K)
866
- #
867
- log_info! 'Post Authentication', 'Identification', 'Internal error', 'User identification failed'
868
- warden.logout
869
- session.clear
870
- log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
871
- description_title = "Access Denied"
872
- redirect "/access_denied?provider=unknown&user=unknown&category=unknown&title=#{description_title}"
873
- else
874
- log_info! 'Post Authentication', 'Identification', 'User identified successfully'
875
- log_info! 'Post Authentication', 'Cookie', 'Update web session data' # "#{web_session_data}"
876
- web_session_data['user_name'] = user[:info]['nickname']
877
- web_session_data['user_id'] = user[:uid]
878
- web_session_data['provider'] = user[:provider]
879
- web_session_data['provider_membership'] = 'member'
880
- web_session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
881
- web_session_data['authenticated'] = 'true'
882
- web_session_data['payment_status'] = user[:info][:payment_status]
883
- web_session_data['writer'] = 'middleware'
884
-
885
- current_user = user[:info]['nickname'] = user[:info]['nickname']
886
- current_provider = user[:provider]
887
-
888
- web_session_data['requested_page'].scan(/(protected|private)/) do |match|
889
-
890
- # Set category from requested page
891
- #
892
- category = match[0]
893
- log_info! 'Post Authentication', 'Identification', 'Process content type', "#{category}"
894
-
895
- # Check if user is allowed to access protected content in GENERAL
896
- #
897
- log_info! 'Post Authentication', 'Identification', 'Check for allowed users'
898
- unless web_session_data['users_allowed'].include? 'all'
899
- unless web_session_data['users_allowed'].include? "#{current_user}"
900
- log_info! 'Post Authentication', 'Identification', 'User not allowed', "#{current_user}"
901
- log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
902
- log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
903
- warden.logout
904
- session.clear
905
- log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
906
- description_title = "Access Denied"
907
- redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
908
- end
909
- end
910
- log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
911
-
912
- # Check conditions to access protected content (if any)
913
- #
914
- log_info! 'Post Authentication', 'Identification', 'Check for conditions', "#{current_provider}"
915
- check_conditions = providers["#{user[:provider]}"]['conditions'][category]['enabled']
916
- if check_conditions
917
-
918
- if providers["#{user[:provider]}"]['conditions'][category]['users']['whitelist'].nil?
919
- category_whitelist = 'all'
920
- else
921
- category_whitelist = providers["#{user[:provider]}"]['conditions'][category]['users']['whitelist']
922
- end
923
-
924
- # Check if user is BLACKLISTED
925
- #
926
- blacklist = providers["#{user[:provider]}"]['conditions'][category]['users']['blacklist']
927
- if blacklist.include? "#{current_user}"
928
- log_info! 'Post Authentication', 'Identification', 'Check blacklisting'
929
- log_info! 'Post Authentication', 'Identification', 'User blacklisted', "#{current_user}"
930
- user[:info][:blacklisted] = 'true'
931
- log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
932
- warden.logout
933
- session.clear
934
- log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
935
- description_title = "Access Denied"
936
- redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
937
- end
938
-
939
- log_info! 'Post Authentication', 'Identification', 'Check whitelisting'
940
- if category_whitelisted? category_whitelist, current_user
941
- user[:info][:whitelisted] = 'true'
942
- reward[:name] = 'whitelisted'
943
- log_info! 'Post Authentication', 'Identification', 'User whitelisted', "#{current_user}"
944
- log_info! 'Post Authentication', 'Identification', 'Reward set to', 'Whitelisted'
945
- else
946
- log_info! 'Post Authentication', 'Identification', 'No whitelisting found', "#{current_user}"
947
- end
948
-
949
- log_info! 'Post Authentication', 'Identification', 'Check conditions'
950
- unless category_whitelisted? category_whitelist, current_user
951
- log_info! 'Post Authentication', 'Identification', 'Check rewards'
952
- payment_tiers = providers["#{user[:provider]}"]['conditions'][category]['payment']['activated']
953
- log_info! 'Post Authentication', 'Identification', 'Check rewards', "#{current_user}"
954
- if payment_activated? payment_tiers
955
- log_info! 'Post Authentication', 'Identification', 'Reward found', "#{reward[:name]}"
956
-
957
- # Check if any payment exists for that user
958
- #
959
- log_info! 'Post Authentication', 'Identification', 'Check payment status'
960
- if user[:info]['payment_info'].empty?
961
- log_info! 'Post Authentication', 'Identification', 'Payment status: NOT AVAILABLE', "#{current_user}"
962
- log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
963
- warden.logout
964
- session.clear
965
- log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
966
- description_title = "Access Denied"
967
- redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
968
- end
969
-
970
- # Check for VALID payments (scope: pledge-to-me)
971
- #
972
- payment_status = user[:info]['payment_info']['attributes']['declined_since']
973
- unless payment_valid? payment_status
974
- log_info! 'Post Authentication', 'Identification', 'Payment status INVALID', "#{current_user}"
975
- log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
976
- warden.logout
977
- session.clear
978
- log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
979
- description_title = "Access Denied"
980
- redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
981
- else
982
- log_info! 'Post Authentication', 'Identification', 'Payment status VALID', "#{current_user}"
983
- end
984
- end
985
-
986
- end
987
- # end category_whitelisted
988
- else
989
- category_condition_state = providers["#{user[:provider]}"]['conditions'][category]['enabled']
990
- log_info! 'Post Authentication', 'Identification', 'Category check failed for', "#{current_provider}"
991
- log_info! 'Post Authentication', 'Identification', "Category checked", "#{category}"
992
- log_info! 'Post Authentication', 'Identification', "Category support", "#{category_condition_state}"
993
- warden.logout
994
- session.clear
995
- log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
996
- description_title = "Access Denied"
997
- redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
998
- end
999
- # end check conditions
1000
-
1001
- end
1002
- # end protected content
1003
- end
1004
- # end user.nil?
1005
-
1006
- # redirect authenticated|validated user to requested page
1007
- #
1008
- web_session_data['provider'] = current_provider
1009
- web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
1010
-
1011
- # TODO: Add membership|product specific data for the SideBar
1012
-
1013
- # write updated J1 session data to cookie
1014
- #
1015
- session_json = web_session_data.to_json
1016
- log_info! 'Post Authentication', 'Cookie', 'Write web session data', "#{session_json}"
1017
-
1018
- session_encoded = Base64.encode64(session_json)
1019
- response.set_cookie(
1020
- 'j1.web.session',
1021
- domain: false,
1022
- value: session_encoded.to_s,
1023
- path: '/'
1024
- )
1025
-
1026
- time = Time.now.ctime.to_s
1027
-
1028
- log_info! 'Post Authentication', 'Identification', 'Provider', "#{user[:provider]}"
1029
- log_info! 'Post Authentication', 'Identification', 'User', "#{user[:info]['nickname']}"
1030
- log_info! 'Post Authentication', 'Redirect', 'Set Last-Modified', "#{time}"
1031
- log_info! 'Post Authentication', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
1032
-
1033
-
1034
- response.headers['Last-Modified'] = time
1035
- response.headers['Cache-Control'] = 'private,max-age=0,must-revalidate,no-store'
1036
- redirect web_session_data['requested_page']
1037
-
1038
- end
1039
- # END: get /post_authentication
1040
- # --------------------------------------------------------------------------
1041
-
1042
-
1043
- # ENDPOINT status (called from WEB to get current state of an user)
1044
- # --------------------------------------------------------------------------
1045
- get '/status' do
1046
- session_encoded = request.cookies['j1.web.session']
1047
- session_decoded = Base64.decode64(session_encoded)
1048
- web_session_data = JSON.parse(session_decoded)
1049
-
1050
- log_info! 'API', 'Status Request', 'Info request received'
1051
-
1052
- # if request.warden.user.respond_to?(:info)
1053
- #
1054
- if warden.authenticated?
1055
- user_name = warden.user[:info]['nickname']
1056
- user_id = warden.user[:uid]
1057
- provider = warden.user[:provider]
1058
- provider_permissions = web_session_data['provider_permissions']
1059
- provider_site_url = warden.user[:info][:urls][:site]
1060
- provider_home_url = warden.user[:info][:urls][:home]
1061
- provider_blog_url = warden.user[:info][:urls][:blog]
1062
- provider_member_url = warden.user[:info][:urls][:member]
1063
-
1064
- if provider == 'patreon'
1065
- provider_membership = warden.user[:extra][:reward][:name]
1066
- provider_member_url = warden.user[:extra][:reward][:link]
1067
- else
1068
- provider_membership = 'member'
1069
- provider_member_url = '#'
1070
- end
1071
-
1072
- log_info! 'API', 'Status Request', 'User detected as signed in', "#{user_name}"
1073
- else
1074
- user_name = 'unknown'
1075
- log_info! 'API', 'Status Request', 'User detected', 'signed out'
1076
- end
1077
-
1078
- # if request.warden.authenticated?
1079
- #
1080
- if user_name != 'unknown'
1081
- log_info! 'API', 'Status Request', 'Send data', 'SIGNED_IN'
1082
- content_type 'application/json'
1083
- {
1084
- user_name: user_name,
1085
- user_id: user_id,
1086
- provider: provider,
1087
- provider_membership: provider_membership,
1088
- provider_permissions: provider_permissions,
1089
- provider_site_url: provider_site_url,
1090
- provider_home_url: provider_home_url,
1091
- provider_blog_url: provider_blog_url,
1092
- provider_member_url: provider_member_url,
1093
- status: 'signed in'
1094
- }.to_json
1095
- else
1096
- log_info! 'API', 'Status Request', 'Send data', 'SIGNED_OUT'
1097
- content_type 'application/json'
1098
- {
1099
- user_name: 'visitor',
1100
- user_id: 'unknown',
1101
- provider: 'j1',
1102
- provider_membership: 'guest',
1103
- provider_permissions: 'public',
1104
- provider_site_url: '#',
1105
- provider_home_url: '#',
1106
- provider_blog_url: '#',
1107
- provider_member_url: '#',
1108
- status: 'signed out'
1109
- }.to_json
1110
- end
1111
- end
1112
- # END: get /status
1113
- # --------------------------------------------------------------------------
1114
-
1115
- # ENDPOINT cookie_consent (exception, called from the app|auth manager)
1116
- # --------------------------------------------------------------------------
1117
- get '/cookie_consent' do
1118
- provider = params.fetch('provider')
1119
- category = params.fetch('category')
1120
- user = params.fetch('user')
1121
- requested_page = params.fetch('requested_page')
1122
- description_title = params.fetch('title')
1123
-
1124
- log_info! 'API', 'ExceptionHandler', 'Request received'
1125
- log_info! 'ExceptionHandler', 'ERROR', 'Cookies declined'
1126
- log_info! 'ExceptionHandler', 'Redirect', 'Pass to dialog page', 'Cookie Consent'
1127
-
1128
- # Capitalize first char
1129
- provider = provider.sub(/^./, &:upcase)
1130
- route = requested_page
1131
-
1132
- @route = route
1133
- @provider = provider
1134
- @modal = "centralCookieConsent"
1135
- @info_type = "danger"
1136
- @modal_icon = "cookie"
1137
- @modal_agreed_text = "Yes, please"
1138
- @modal_disagreed_text = "No, thanks"
1139
- @modal_title = "Authentication Manager"
1140
- # @modal_description = "<h4>#{description_title}</h4><br /><br />User <b>#{user}</b> from provider <b>#{provider}</b> requested access on <b>#{category}</b> pages.<br /> In order to continue, you need to accept on <b>Cookies</b>."
1141
- @modal_description = "<h4>#{description_title}</h4><br /><br /> In order to continue, you need to accept on <b>Cookies</b>."
1142
-
1143
- erb :auth_manager_ui
1144
- end
1145
- # END: get /cookies_rejected
1146
- # --------------------------------------------------------------------------
1147
-
1148
-
1149
- # ENDPOINT access_denied (exception, called from the app|auth manager)
1150
- # --------------------------------------------------------------------------
1151
- get '/access_denied' do
1152
- provider = params.fetch('provider')
1153
- category = params.fetch('category')
1154
- user = params.fetch('user')
1155
- description_title = params.fetch('title')
1156
-
1157
- log_info! 'API', 'ExceptionHandler', 'Request received'
1158
- log_info! 'ExceptionHandler', 'ERROR', 'Access Denied'
1159
-
1160
- session_encoded = request.cookies['j1.web.session']
1161
- session_decoded = Base64.decode64(session_encoded)
1162
- web_session_data = JSON.parse(session_decoded)
1163
-
1164
- # Update J1 web session data
1165
- # --------------------------------------------------------------------
1166
- web_session_data['user_name'] = user
1167
- # web_session_data['user_id'] = 'unknown'
1168
- # web_session_data['users_allowed'] = 'unknown'
1169
- # web_session_data['payment_status'] = 'unknown'
1170
- web_session_data['provider'] = provider
1171
- # web_session_data['provider_url'] = 'unknown'
1172
- # web_session_data['provider_permissions'] = 'unknown'
1173
- # web_session_data['authenticated'] = 'false'
1174
- web_session_data['writer'] = 'middleware'
1175
-
1176
- log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
1177
-
1178
- # write updated J1 session data to cookie
1179
- #
1180
- session_json = web_session_data.to_json
1181
- session_encoded = Base64.encode64(session_json)
1182
- response.set_cookie(
1183
- 'j1.web.session',
1184
- domain: false,
1185
- value: session_encoded.to_s,
1186
- path: '/'
1187
- )
1188
-
1189
- log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', "Access Denied"
1190
-
1191
- # Capitalize first char
1192
- provider = provider.sub(/^./, &:upcase)
1193
- route = '/'
1194
-
1195
- @route = route
1196
- @provider = provider
1197
- @modal = "centralModalInfo"
1198
- @info_type = "danger"
1199
- @modal_icon = "account-off"
1200
- @modal_ok_text = "Ok, understood"
1201
- @modal_title = "Authentication Manager"
1202
- @modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
1203
-
1204
- erb :auth_manager_ui
1205
- end
1206
- # END: get '/access_denied'
1207
- # --------------------------------------------------------------------------
1208
-
1209
-
1210
- # ENDPOINT invalid_funds (exception, called from the app|auth manager)
1211
- # --------------------------------------------------------------------------
1212
- get '/invalid_funds' do
1213
- provider = params.fetch('provider')
1214
- category = params.fetch('category')
1215
- user = params.fetch('user')
1216
- description_title = params.fetch('title')
1217
-
1218
- log_info! 'API', 'ExceptionHandler', 'Request received'
1219
- log_info! 'ExceptionHandler', 'ERROR', 'Invalid Funds'
1220
-
1221
- session_encoded = request.cookies['j1.web.session']
1222
- session_decoded = Base64.decode64(session_encoded)
1223
- web_session_data = JSON.parse(session_decoded)
1224
-
1225
- # Update J1 web session data
1226
- # --------------------------------------------------------------------
1227
- web_session_data['user_name'] = user
1228
- # web_session_data['user_id'] = 'unknown'
1229
- # web_session_data['users_allowed'] = 'unknown'
1230
- # web_session_data['payment_status'] = 'unknown'
1231
- web_session_data['provider'] = provider
1232
- # web_session_data['provider_url'] = 'unknown'
1233
- # web_session_data['provider_permissions'] = 'unknown'
1234
- # web_session_data['authenticated'] = 'false'
1235
- web_session_data['writer'] = 'middleware'
1236
-
1237
- log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
1238
-
1239
- # write updated J1 session data to cookie
1240
- #
1241
- log_info! 'API', 'Exception Handler', 'ERROR', 'Invalid Funds'
1242
- session_json = web_session_data.to_json
1243
- session_encoded = Base64.encode64(session_json)
1244
- response.set_cookie(
1245
- 'j1.web.session',
1246
- domain: false,
1247
- value: session_encoded.to_s,
1248
- path: '/'
1249
- )
1250
-
1251
- log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', 'Invalid Funds'
1252
-
1253
- # Capitalize first char
1254
- provider = provider.sub(/^./, &:upcase)
1255
- route = '/'
1256
-
1257
- @route = route
1258
- @provider = provider
1259
- @modal = "centralModalInfo"
1260
- @info_type = "danger"
1261
- @modal_icon = "account-off"
1262
- @modal_ok_text = "Ok, understood"
1263
- @modal_title = "Authentication Manager"
1264
- @modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
1265
-
1266
- erb :auth_manager_ui
1267
- end
1268
- # END: get /invalid_funds
1269
- # --------------------------------------------------------------------------
1270
-
1271
-
1272
- # access_protected_content ENDPOINT called from the app (auth manager)
1273
- # --------------------------------------------------------------------------
1274
- get '/page_validation' do
1275
- provider = params.fetch('provider')
1276
- allowed_users = params.fetch('allowed_users')
1277
- page = params.fetch('page')
1278
- category = params.fetch('category')
1279
-
1280
- log_info! 'API', 'PageAccessControl', 'PageValidate request received'
1281
-
1282
- # Capitalize first char
1283
- # provider = provider.sub(/^./, &:upcase)
1284
-
1285
- log_info! 'PageAccessControl', 'AuthCheck', 'Check provider', "#{provider}"
1286
- # jadams, 2019-03-16: Hier ist das Problem
1287
- #
1288
- if warden.authenticated?
1289
- log_info! 'PageAccessControl', 'AuthCheck', 'Grant access for', "#{provider}"
1290
- log_info! 'PageAccessControl', 'Redirect', 'Pass to page', "#{page}"
1291
- route = page
1292
- else
1293
- log_info! 'PageAccessControl', 'AuthCheck', 'Authentication failed', "#{provider}"
1294
- route = "/authentication?request=signin&provider=#{provider}&allowed_users=#{allowed_users}"
1295
- end
1296
-
1297
- log_info! 'PageAccessControl', 'Redirect', 'Pass to SignIn dialog, page', "#{page}"
1298
- # Capitalize first char
1299
- provider = provider.sub(/^./, &:upcase)
1300
-
1301
- @provider = provider
1302
- @route = route
1303
- @modal = "signInProtectedContent"
1304
- @modal_icon = "login"
1305
- @modal_agreed_text = "Yes, please"
1306
- @modal_disagreed_text = "No, thanks"
1307
- @modal_title = "SignIn"
1308
- @modal_image = "/assets/images/attics/admin-dashboard-bootstrap-1280x600.png"
1309
- @modal_description = "The page <b>#{page}</b> you requested belongs to <b>#{category}</b> content. You'll be redirected to authenticate with the provider <b>#{provider}</b>. If signed in successfully, you get access to all <b>#{category} pages</b>."
1310
-
1311
- erb :auth_manager_ui
1312
- end
1313
- # END: get '/page_validation
1314
- # --------------------------------------------------------------------------
1315
-
1316
- # ENDPOINT iframe
1317
- # --------------------------------------------------------------------------
1318
- get '/iframe' do
1319
- @website_url = "https://jekyll-one.github.io/"
1320
- erb :iframe
1321
- end
1322
-
1323
- # Workaround to rescue OmniAuth::Strategies::OAuth2::CallbackError?
1324
- # for chromium based browsers (e.g. google-chrome)
1325
- # ------------------------------------------------------------------------
1326
- get '/redirect_requested_page' do
1327
- log_info! 'Fallback', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
1328
- redirect web_session_data['requested_page']
1329
- end
1330
- # END: get /iframe
1331
- # --------------------------------------------------------------------------
1332
- end
1333
- end