RubyGems - j1_template - Versions diffs - 2019.4.4 → 2019.4.5 - Mend

j1_template 2019.4.4 → 2019.4.5

Files changed (225) hide show

data/lib/j1_app/j1_auth_manager/auth_manager.rb CHANGED Viewed

@@ -68,9 +68,15 @@ module J1App
     # Base App and Warden Framework settings
     # ==========================================================================
+    provider_site_url_default     = J1App.user_settings['provider_site_url']
+    provider_home_url_default     = J1App.user_settings['provider_home_url']
+    provider_blog_url_default     = J1App.user_settings['provider_blog_url']
+    provider_member_url_default   = J1App.user_settings['provider_member_url']
+    provider_privacy_url_default  = J1App.user_settings['provider_privacy_url']
     session_data = {}
-    # web_session_data = {
+    # user_state_data = {
     #     :authenticated       => 'false',
     #     :requested_page      => '/',
     #     :user_name           => 'unknown',
@@ -83,7 +89,7 @@ module J1App
     #     :writer              => 'middleware'
     # }
-    web_session_data = {
+    user_state_data = {
         :authenticated        => 'false',
         :requested_page       => '/',
         :user_name            => 'visitor',
@@ -91,11 +97,16 @@ module J1App
         :user_id              => 'unknown',
         :provider             => 'j1',
         :provider_membership  => 'guest',
-        :provider_url         => 'https://jekyll.one',
+        :provider_site_url    => "#{provider_site_url_default}",
+        :provider_home_url    => "#{provider_home_url_default}",
+        :provider_blog_url    => "#{provider_blog_url_default}",
+        :provider_member_url  => "#{provider_member_url_default}",
+        :provider_privacy_url => "#{provider_privacy_url_default}",
         :payment_info         => 'unknown',
-        :provider_permissions => 'public',
+        :provider_permissions => 'public',
         :creator              => 'middleware',
-        :writer               => 'middleware'
+        :writer               => 'middleware',
+        :mode                 => 'app'
     }
     # Enable SSL for the rack session if configured
@@ -112,7 +123,7 @@ module J1App
         secret: ENV['J1_SESSION_SECRET'] || SecureRandom.hex
     # use Rack::Cache do |config|
-    #   #
+    #   #
     #   # ------------------------------------------------------------------------
     #   config.middleware.delete(Rack::Cache)
     # end
@@ -230,35 +241,27 @@ module J1App
     # Load user profiles, permissions, conditions and strategies
     # --------------------------------------------------------------------------
     providers   = J1App.auth_config['providers']
     permissions = J1App.permissions
     # ==========================================================================
     # Sinatra (before) FILTER to preprocess all page requests
     # ==========================================================================
     # Prepare root (index) page for app detection
-    #
+    # --------------------------------------------------------------------------
     before '/' do
-      log_info! "ROOT", "Prepare", 'Web Session'
+      log_info! "ROOT", "Prepare", 'Page access'
+      # log_info! "ROOT", 'Config', 'Read current user config data', "#{provider_site_url}"
-      # read existing/current cookie 'j1.web.session' to update all data
-      # of web_session_data (hash) otherwise set initial data
+      # read existing/current cookie 'j1.user.state' to update all data
+      # of user_state_data (hash) otherwise set initial data
       # ------------------------------------------------------------------------
       unless env['HTTP_COOKIE'] == nil
-        log_info! "ROOT", 'Cookie', 'Read current web session data'
-        web_session_data = readCookie('j1.web.session')
-        data_json = web_session_data.to_json
-        log_info! "ROOT", 'Cookie', 'Current web session data', "#{data_json}"
-        # if env['HTTP_COOKIE'].include? 'j1.web.session'
-        #   session_encoded = request.cookies['j1.web.session']
-        #   session_decoded = Base64.decode64(session_encoded)
-        #   web_session_data = JSON.parse(session_decoded)
-        # end
+        log_info! "ROOT", 'Cookie', 'Read current user state data'
+        user_state_data = readCookie('j1.user.state')
       else
         requested_page = env['REQUEST_URI']
         session_data['requested_page'] = "#{env['REQUEST_URI']}"
@@ -267,45 +270,37 @@ module J1App
       # Create|Initialize the J1 web session cookie
       # ------------------------------------------------------------------------
       if warden.authenticated?
-        log_info! "ROOT", 'Cookie', 'Update current user data'
         user = warden.user
-        log_info! "ROOT", 'AuthCheck', 'User detected as signed in', "#{user[:provider]}"
+        log_info! "ROOT", 'AuthCheck', 'User detected', "#{user[:provider]}"
+        log_info! "ROOT", 'AuthCheck', 'User detected as signed in'
         session_data['authenticated']         = 'true'
-        session_data['requested_page']        = '/'
         session_data['user_name']             = user[:info]['nickname']
         session_data['users_allowed']         = providers["#{user[:provider]}"]['users']
         session_data['user_id']               = user[:uid]
         session_data['provider']              = user[:provider]
         session_data['provider_membership']   = 'member'
-        session_data['provider_url']          = providers["#{user[:provider]}"]['provider_url']
+        session_data['provider_site_url']     = providers["#{user[:provider]}"]['provider_url']
         session_data['provider_permissions']  = providers["#{user[:provider]}"]['permissions']
         session_data['payment_status']        = user[:info][:payment_status]
       else
         log_info! "ROOT", 'AuthCheck', 'User detected', 'signed out'
         session_data['authenticated']         = 'false'
-#       session_data['requested_page']        = '/'
         session_data['users_allowed']         = 'all'
         session_data['user_name']             = 'visitor'
         session_data['user_id']               = 'unknown'
         session_data['payment_status']        = 'unknown'
         session_data['provider']              = 'j1'
         session_data['provider_membership']   = 'guest'
-        session_data['provider_url']          = 'https://jekyll.one'
+        session_data['provider_site_url']     = "#{provider_site_url_default}"
         session_data['provider_permissions']  = 'public'
       end
-      session_data['writer']                  = 'middleware'
-      session_data['creator']                 = 'middleware'
+    end
-      web_session_data = merge( web_session_data, session_data )
-      data_json = session_data.to_json
-      log_info! "ROOT", 'Cookie', 'Merge current user data', "#{data_json}"
+    user_state_cookie = 'j1.user.state'
-      data_json = web_session_data.to_json
-      log_info! "ROOT", 'Cookie', 'Update web session data', "#{data_json}"
-      writeCookie('j1.web.session', data_json)
-    end
     # General content (type) detection (auth pre-flight)
     # --------------------------------------------------------------------------
@@ -313,24 +308,12 @@ module J1App
       log_info! 'AuthManager', 'PreFlight', 'Initial checks initiated'
-      # read existing/current cookie 'j1.web.session'
-      # to update all data of web_session_data (hash)
-      # if request.warden.user.respond_to?(:info)
-      # ------------------------------------------------------------------------
-      #web_session_data = readCookie('j1.web.session')
-      if env['HTTP_COOKIE'].include? 'j1.web.session'
-        session_encoded     = request.cookies['j1.web.session']
-        session_decoded     = Base64.decode64(session_encoded)
-        # See: https://stackoverflow.com/questions/86653/how-can-i-pretty-format-my-json-output-in-ruby-on-rails
-        session_pretty      = JSON.pretty_generate(session_decoded)
-        web_session_data    = JSON.parse(session_decoded)
-        log_info! 'PreFlight', 'Cookie', 'Read web session data', "#{session_decoded}"  #   ,"#{session_pretty}"
+      if existsCookie? user_state_cookie
+        user_state_data    = readCookie(user_state_cookie)
+        log_info! 'PreFlight', 'Cookie', 'Read user state session data'           #, "#{session_decoded}"
       else
-        requested_page                    = env['REQUEST_URI']
-        session_data['requested_page']  = "#{env['REQUEST_URI']}"
+        requested_page                  = env['REQUEST_URI']
+        session_data['requested_page']  = "#{requested_page}"
       end
       # Create|Initialize the J1 web session cookie
@@ -342,26 +325,22 @@ module J1App
         session_data['user_name']             = user[:info]['nickname']
         session_data['user_id']               = user[:uid]
         session_data['provider']              = user[:provider]
-        session_data['provider_url']          = providers["#{user[:provider]}"]['provider_url']
+        session_data['provider_site_url']     = providers["#{user[:provider]}"]['provider_url']
         session_data['users_allowed']         = providers["#{user[:provider]}"]['users']#
         session_data['provider_permissions']  = providers["#{user[:provider]}"]['permissions']
         session_data['provider_membership']   = 'member'
         session_data['payment_status']        = user[:info][:payment_status]
         session_data['writer']                = 'middleware'
-        web_session_data = merge( web_session_data, session_data )
+        user_state_data = merge( user_state_data, session_data )
         log_info! 'PreFlight', 'AuthCheck', 'User authenticated', "#{user[:info]['nickname']}"
-        session_json = web_session_data.to_json
-        log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
-        writeCookie('j1.web.session', session_json)
       end
       # User state|content detection for implicit authentication
       # ------------------------------------------------------------------------
       log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'disabled' if authentication_enabled? == false
-      log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
+      log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
       pass if authentication_enabled? == false
       log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'enabled'
@@ -369,27 +348,14 @@ module J1App
       log_info! 'PreFlight', 'DetectContent', 'Pass all public content' if public_content?
       pass if public_content?
-      log_info! 'PreFlight', 'DetectCookieConsent', 'Cookie Consent', "#{web_session_data['cookies_accepted']}"
-      # if web_session_data['cookies_accepted'] === 'declined'
-      #   requested_page = env['REQUEST_URI']
-      #   requested_page.scan(/(protected|private)/) do |match|
-      #     category = match[0]
-      #     log_info! 'PreFlight', 'DetectContent', 'Content detected as', "#{category}"
-      #     log_info! 'PreFlight', 'Redirect', 'Pass to dialog page (Cookie Consent)'
-      #     description_title = "Cookie consent declined"
-      #     redirect "/cookie_consent?provider=#{web_session_data['provider']}&user=#{web_session_data['user_name']}&category=#{category}&requested_page=#{requested_page}&title=#{description_title}"
-      #     #redirect requested_page
-      #   end
-      # end
+      log_info! 'PreFlight', 'DetectCookieConsent', 'Cookie Consent', "#{user_state_data['cookies_accepted']}"
       log_info! 'PreFlight', 'DetectContent', 'Check content type'
       requested_page = env['REQUEST_URI']
       requested_page.scan(/(protected|private)/) do |match|
         category = match[0]
-        log_info! 'PreFlight', 'DetectContent', 'Content type detected', "#{category}"
+        log_info! 'PreFlight', 'DetectContent', 'Content type', "#{category}"
         log_info! 'PreFlight', 'AuthCheck', 'Check authorisation status'
         if warden.authenticated?
@@ -397,16 +363,14 @@ module J1App
           log_info! 'PreFlight', 'AuthCheck', 'User detected', "#{user_name}"
           current_provider  = warden.user[:provider]
-          # provider_strategy = strategies["#{default_provider}"]
           strategy          = providers["#{current_provider}"]['strategy']
           provider_strategy = :"#{strategy}"
-          web_session_data['user_name']             = user_name
-          web_session_data['provider_url']          = providers["#{current_provider}"]['provider_url']
-          web_session_data['users_allowed']         = providers["#{current_provider}"]['users']
-          web_session_data['provider_permissions']  = providers["#{user[:provider]}"]['permissions']
-          web_session_data['requested_page']        = requested_page
+          user_state_data['user_name']             = user_name
+          user_state_data['provider_url']          = providers["#{current_provider}"]['provider_url']
+          user_state_data['users_allowed']         = providers["#{current_provider}"]['users']
+          user_state_data['provider_permissions']  = providers["#{user[:provider]}"]['permissions']
+          user_state_data['requested_page']        = requested_page
           log_info! 'PreFlight', 'ContentCheck', 'Check permissions'
           if permissions[:"#{category}"].include? current_provider
@@ -455,31 +419,32 @@ module J1App
             warden.logout
             session.clear
-            session_json = web_session_data.to_json
+            session_json = user_state_data.to_json
             log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
+            # session_encoded = Base64.encode64(session_json)
+            # response.set_cookie(
+            #     'j1.user.state',
+            #     domain: false,
+            #     value: session_encoded.to_s,
+            #     path: '/'
+            # )
-            session_encoded = Base64.encode64(session_json)
-            response.set_cookie(
-                'j1.web.session',
-                domain: false,
-                value: session_encoded.to_s,
-                path: '/'
-            )
+            writeCookie(user_state_cookie, session_json)
             log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
-            allowed_users = providers["#{provider}"]['users'].join(',')
-            redirect "/page_validation?provider=#{provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
+            redirect "/page_validation?page=#{requested_page}"
           end
           time = Time.now.ctime.to_s
           log_info! 'PreFlight', 'AuthCheck', 'Pass to requested page', "#{requested_page}"
           log_info! 'PreFlight', 'AuthCheck', 'Set X-Response-Headers'
           # See: https://stackoverflow.com/questions/10438276/how-to-disable-static-file-caching-in-rails-3-thin-on-windows
           # response.headers["Cache-Control"]   = 'no-cache, no-store, max-age=0, must-revalidate'
           # response.headers["Pragma"]          = 'no-cache'
           # response.headers["Expires"]         = 'Fri, 01 Jan 1990 00:00:00 GMT'
-          response.headers['X-J1-AuthManager']  = "page-validated;category=#{category};called=" +  time
+          # response.headers['X-J1-AuthManager']  = "page-validated;category=#{category};called=" +  time
           pass
         else
           log_info! 'PreFlight', 'AuthCheck', 'User detected', 'signed out'
@@ -497,47 +462,47 @@ module J1App
           when :org
             warden.authenticate!
             github_organization_authenticate! ENV['GITHUB_ORG_NAME']
-            logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} organization"
+            logger.info "Hi There, #{user_state_data[:user_name]}! You have access to the #{params['id']} organization"
           when :team
             warden.authenticate!
             github_team_authenticate! ENV['GITHUB_TEAM_ID']
-            logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
+            logger.info "Hi There, #{user_state_data[:user_name]}! You have access to the #{params['id']} team"
           when :teams
             warden.authenticate!
             github_teams_authenticate! ENV['GITHUB_TEAM_IDS'].split(',')
-            logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
+            logger.info "Hi There, #{user_state_data[:user_name]}! You have access to the #{params['id']} team"
           when :member
             log_info! 'PreFlight', 'AuthCheck', 'Process authentication strategy'
-            if env['HTTP_COOKIE'].include? 'j1.web.session'
-              session_encoded   = request.cookies['j1.web.session']
+            if env['HTTP_COOKIE'].include? 'j1.user.state'
+              session_encoded   = request.cookies['j1.user.state']
               session_decoded   = Base64.decode64(session_encoded)
-              log_info! 'PreFlight', 'Cookie', 'Read web session data'          # "#{session_decoded}"
-              web_session_data    = JSON.parse(session_decoded)
+              log_info! 'PreFlight', 'Cookie', 'Read user state data'           # "#{session_decoded}"
+              user_state_data    = JSON.parse(session_decoded)
             end
             # Update cookie data
             # ----------------------------------------------------------------------
-            web_session_data['provider_url']          = providers["#{default_provider}"]['provider_url']
-            web_session_data['users_allowed']         = providers["#{default_provider}"]['users']
-            web_session_data['provider_permissions']  = providers["#{default_provider}"]['permissions']
-            web_session_data['requested_page']        = env['REQUEST_URI']
-            web_session_data['writer']                = 'middleware'
+            user_state_data['provider_url']          = providers["#{default_provider}"]['provider_url']
+            user_state_data['users_allowed']         = providers["#{default_provider}"]['users']
+            user_state_data['provider_permissions']  = providers["#{default_provider}"]['permissions']
+            user_state_data['requested_page']        = env['REQUEST_URI']
+            user_state_data['writer']                = 'middleware'
             # write updated J1 session cookie
             #
-            session_json = web_session_data.to_json
-            log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
-            writeCookie('j1.web.session', session_json)
+            session_json = user_state_data.to_json
+            log_info! 'PreFlight', 'Cookie', 'Write user state session data', "#{session_json}"
+            writeCookie(user_state_cookie, session_json)
             log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
             allowed_users   = providers["#{default_provider}"]['users'].join(',')
-            requested_page  = env['REQUEST_URI']
-            redirect "/page_validation?provider=#{default_provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
+            requested_page  = env['REQUEST_URI']
+            redirect "/page_validation?page=#{requested_page}"
           else
             raise J1App::ConfigError
           end
@@ -554,47 +519,29 @@ module J1App
     # ENDPOINT authentication (called from WEB by auth client)
     # --------------------------------------------------------------------------
     get '/authentication' do
-      # collect (common) GET parameter|s
-      #
       request   = params.fetch('request')
       provider  = params.fetch('provider')
       log_info! 'API', 'Authentication', 'Authentication request received'
       # SignIn
       # ------------------------------------------------------------------------
       if request === 'signin'
         log_info! 'Authentication', 'SignIn', 'Called for provider', "#{provider}"
         # collect (additional) GET parameter|s
         # ----------------------------------------------------------------------
-        allowed_users                   =  params.fetch('allowed_users')
-        web_session_data['users_allowed'] = allowed_users
-        web_session_data['writer']        = 'middleware'
-        # Write updated J1 session data to cookie
-        # --------------------------------------------------------------------
-        session_json = web_session_data.to_json
-        log_info! 'Authentication', 'Cookie', 'Write web session data', "#{session_json}"
-        session_encoded = Base64.encode64(session_json)
-        response.set_cookie(
-            'j1.web.session',
-            domain: false,
-            value: session_encoded.to_s,
-            path: '/'
-        )
+        allowed_users = params.fetch('allowed_users')
         if warden.authenticated?
           log_info! 'Authentication', 'SignIn', 'User already signed in', "#{warden.user[:info]['nickname']}"
-          requested_page = web_session_data['requested_page']
+          requested_page = user_state_data['requested_page']
           log_info! 'Authentication', 'SignIn', 'Pass user for requested page', "#{requested_page}"
           redirect "#{requested_page}"
         else
           log_info! 'Authentication', 'SignIn', 'Initiate OmniAuth authentication'
           # Make (really) sure that old session is cleared before login
           # --------------------------------------------------------------------
           warden.logout
@@ -607,45 +554,24 @@ module J1App
         # collect (additional) GET parameter|s
         provider_signout = params.fetch('provider_signout')
         log_info! 'Authentication', 'SignOut', 'Called for provider', #{provider}"
         if warden.authenticated?
           user         = warden.user[:info]['nickname']
           provider     = warden.user[:provider]
-          provider_url = web_session_data['provider_url']
+          provider_url = user_state_data['provider_url']
           log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
           warden.logout
           session.clear
-          # Read current J1 web session cookie
-          # --------------------------------------------------------------------
-          if env['HTTP_COOKIE'].include? 'j1.web.session'
-            session_encoded = env['rack.request.cookie_hash']['j1.web.session']
-            session_decoded = Base64.decode64(session_encoded)
-            log_info! 'Authentication', 'Cookie', 'Read web session data' # #{session_decoded}"
-            web_session_data = JSON.parse(session_decoded)
+          # Read current J1 user state cookie
+          # --------------------------------------------------------------------
+          if existsCookie? user_state_cookie
+            user_state_data = readCookie(user_state_cookie)
+            log_info! 'Authentication', 'Cookie', 'Read user state session data'           #, "#{session_decoded}"
           else
-            web_session_data['requested_page'] = env['REQUEST_URI']
+            log_error! 'Authentication', 'Cookie', 'Cookie missing', user_state_cookie
           end
-          # Update J1 web session data
-          # --------------------------------------------------------------------
-          web_session_data['user_name']             = 'visitor'
-          web_session_data['user_id']               = 'unknown'
-          web_session_data['users_allowed']         = 'all'
-          web_session_data['payment_status']        = 'unknown'
-          web_session_data['provider']              = 'j1'
-          web_session_data['provider_url']          = 'https://jekyll.one'
-          web_session_data['provider_membership']   = 'guest'
-          web_session_data['provider_permissions']  = 'public'
-          web_session_data['authenticated']         = 'false'
-          web_session_data['writer']                = 'middleware'
-          # Write updated J1 session data to cookie
-          # --------------------------------------------------------------------
-          session_json = web_session_data.to_json
-          log_info! 'Authentication', 'SignOut', 'Write web session data', "#{session_json}"
-          writeCookie('j1.web.session', session_json)
           if provider_signout === 'true'
             log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
             log_info! 'Authentication', 'SignOut', 'Sign out from', "#{provider}"
@@ -654,12 +580,12 @@ module J1App
           else
             log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
             log_info! 'Authentication', 'SignOut', 'Sign out from', "session"
             # If signed out, redirect ONLY for PUBLIC pages
             # ------------------------------------------------------------------
-            if redirect_whitelisted?web_session_data['requested_page']
-              log_info! 'Authentication', 'Redirect', 'Pass to page', "#{web_session_data['requested_page']}"
-              redirect web_session_data['requested_page']
+            if redirect_whitelisted?user_state_data['requested_page']
+              log_info! 'Authentication', 'Redirect', 'Pass to page', "#{user_state_data['requested_page']}"
+              redirect user_state_data['requested_page']
             else
               log_info! 'Authentication', 'Redirect', 'Redirect NOT whitelisted'
               log_info! 'Authentication', 'Redirect', 'Pass to page', "/"
@@ -672,41 +598,18 @@ module J1App
           # Kept this alternative for cases something went wrong.
           # --------------------------------------------------------------------
           log_info! 'Authentication', 'API', 'DEAD PATH: Called for sign out', 'NOT signed in'
           # Read current J1 session cookie
           # --------------------------------------------------------------------
-          if env['HTTP_COOKIE'].include? 'j1.web.session'
-            session_encoded   = env['rack.request.cookie_hash']['j1.web.session']
-            session_decoded   = Base64.decode64(session_encoded)
-            web_session_data  = JSON.parse(session_decoded)
-            log_info! 'Authentication', 'Cookie', 'DEAD PATH. Read web session data' # #{session_decoded}"
+          if existsCookie? user_state_cookie
+            user_state_data    = readCookie(user_state_cookie)
+            log_info! 'Authentication', 'Cookie', 'DEAD PATH. Read user state session data'     #, "#{session_decoded}"
           else
-            web_session_data['requested_page'] = env['REQUEST_URI']
+            log_error! 'Authentication', 'Cookie', 'Cookie missing', user_state_cookie
           end
-          # Update J1 web session data
-          # --------------------------------------------------------------------
-          web_session_data['user_name']             = 'visitor'
-          web_session_data['user_id']               = 'unknown'
-          web_session_data['users_allowed']         = 'all'
-          web_session_data['payment_status']        = 'unknown'
-          web_session_data['provider']              = 'j1'
-          web_session_data['provider_url']          = 'https://jekyll.one'
-          web_session_data['provider_membership']   = 'guest'
-          web_session_data['provider_permissions']  = 'public'
-          web_session_data['provider_membership']   = 'member'
-          web_session_data['authenticated']         = 'false'
-          web_session_data['writer']                = 'middleware'
-          # Write updated J1 session data to cookie
-          # --------------------------------------------------------------------
-          session_json = web_session_data.to_json
-          log_info! 'Authentication', 'Cookie', 'DEAD PATH. Write web session data', "#{session_json}"
-          writeCookie('j1.web.session', session_json)
-          log_info! 'Post Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{web_session_data['requested_page']}"
-          redirect web_session_data['requested_page']
+          log_info! 'Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{user_state_data['requested_page']}"
+          redirect user_state_data['requested_page']
         end
       else
         raise J1App::ConfigError
@@ -718,6 +621,7 @@ module J1App
     # ENDPOINT post_authentication (called after a user is back from OAuth Provider)
     # --------------------------------------------------------------------------
     get '/post_authentication' do
       reward = {
           :id    => 'unknown',
           :name  => 'unknown',
@@ -730,13 +634,18 @@ module J1App
       log_info! 'API', 'Post Authentication', 'Identification request received'
-      log_info! 'Post Authentication',  'Cookie', 'Read web session data'
-      session_encoded   = request.cookies['j1.web.session']
-      session_decoded   = Base64.decode64(session_encoded)
-      web_session_data    = JSON.parse(session_decoded)
-      user                              = warden.user
-      user_json                         = user.to_json
+      # Read current J1 session cookie
+      # ------------------------------------------------------------------------
+      if existsCookie? user_state_cookie
+        user_state_data = readCookie(user_state_cookie)
+        log_info! 'Post Authentication', 'Cookie', 'Read user state session data' #, "#{session_decoded}"
+        log_info! 'Post Authentication', 'Cookie', 'Requested page', "#{user_state_data['requested_page']}"
+      else
+        log_error! 'Post Authentication', 'Cookie', 'Cookie missing', user_state_cookie
+      end
+      user      = warden.user
+      user_json = user.to_json
       if user[:provider] === 'disqus'
         user[:info][:urls][:site]       = "https://disqus.com"
@@ -789,10 +698,10 @@ module J1App
       user[:extra][:reward]             = reward
       user[:extra][:campaign]           = campaign
+      # EXCEPTION: collection of session data failed (e.g cookie > 4K)
+      #
       if user.nil?
-        # Collection of session data failed (e.g cookie > 4K)
-        #
-        log_info! 'Post Authentication', 'Identification', 'Internal error', 'User identification failed'
+        log_error! 'Post Authentication', 'Identification', 'Internal error', 'User identification failed'
         warden.logout
         session.clear
         log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
@@ -800,20 +709,20 @@ module J1App
         redirect "/access_denied?provider=unknown&user=unknown&category=unknown&title=#{description_title}"
       else
         log_info! 'Post Authentication', 'Identification', 'User identified successfully'
-        log_info! 'Post Authentication',  'Cookie', 'Update web session data'    # "#{web_session_data}"
-        web_session_data['user_name']             = user[:info]['nickname']
-        web_session_data['user_id']               = user[:uid]
-        web_session_data['provider']              = user[:provider]
-        web_session_data['provider_membership']   = 'member'
-        web_session_data['provider_permissions']  = providers["#{user[:provider]}"]['permissions']
-        web_session_data['authenticated']         = 'true'
-        web_session_data['payment_status']        = user[:info][:payment_status]
-        web_session_data['writer']                = 'middleware'
+        user_state_data['user_name']             = user[:info]['nickname']
+        user_state_data['user_id']               = user[:uid]
+        user_state_data['provider']              = user[:provider]
+        user_state_data['provider_membership']   = 'member'
+        user_state_data['provider_permissions']  = providers["#{user[:provider]}"]['permissions']
+        user_state_data['users_allowed']         = providers["#{user[:provider]}"]['users']
+        user_state_data['authenticated']         = 'true'
+        user_state_data['payment_status']        = user[:info][:payment_status]
+        user_state_data['writer']                = 'middleware'
         current_user                            = user[:info]['nickname']  = user[:info]['nickname']
         current_provider                        = user[:provider]
-        web_session_data['requested_page'].scan(/(protected|private)/) do |match|
+        user_state_data['requested_page'].scan(/(protected|private)/) do |match|
           # Set category from requested page
           #
@@ -823,10 +732,10 @@ module J1App
           # Check if user is allowed to access protected content in GENERAL
           #
           log_info! 'Post Authentication', 'Identification', 'Check for allowed users'
-          unless web_session_data['users_allowed'].include? 'all'
-            unless web_session_data['users_allowed'].include? "#{current_user}"
+          unless user_state_data['users_allowed'].include? 'all'
+            unless user_state_data['users_allowed'].include? "#{current_user}"
               log_info! 'Post Authentication', 'Identification', 'User not allowed', "#{current_user}"
-              log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
+              log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{user_state_data['users_allowed']}"
               log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
               warden.logout
               session.clear
@@ -835,7 +744,7 @@ module J1App
               redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
             end
           end
-          log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
+          log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{user_state_data['users_allowed']}"
           # Check conditions to access protected content (if any)
           #
@@ -866,8 +775,8 @@ module J1App
             log_info! 'Post Authentication', 'Identification', 'Check whitelisting'
             if category_whitelisted? category_whitelist, current_user
-              user[:info][:whitelisted]   = 'true'
-              reward[:name]               = 'whitelisted'
+              user[:info][:whitelisted] = 'true'
+              reward[:name]             = 'whitelisted'
               log_info! 'Post Authentication', 'Identification', 'User whitelisted', "#{current_user}"
               log_info! 'Post Authentication', 'Identification', 'Reward set to', 'Whitelisted'
             else
@@ -931,78 +840,85 @@ module J1App
       end
       # end user.nil?
-      # redirect authenticated|validated user to requested page
-      #
-      web_session_data['provider']      = current_provider
-      web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
-      # TODO: Add membership|product specific data for the SideBar
-      # write updated J1 session data to cookie
-      #
-      session_json = web_session_data.to_json
-      log_info! 'Post Authentication', 'Cookie', 'Write web session data', "#{session_json}"
-      session_encoded = Base64.encode64(session_json)
-      response.set_cookie(
-          'j1.web.session',
-          domain: false,
-          value: session_encoded.to_s,
-          path: '/'
-      )
-      time = Time.now.ctime.to_s
       log_info! 'Post Authentication', 'Identification', 'Provider', "#{user[:provider]}"
       log_info! 'Post Authentication', 'Identification', 'User', "#{user[:info]['nickname']}"
-      log_info! 'Post Authentication', 'Redirect', 'Set Last-Modified', "#{time}"
-      log_info! 'Post Authentication', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
-      response.headers['Last-Modified'] = time
-      response.headers['Cache-Control'] = 'private,max-age=0,must-revalidate,no-store'
-      redirect web_session_data['requested_page']
+      # jadams, 2019-07-22: Check if it's needed to modify the respose header
+      #
+      # time = Time.now.ctime.to_s
+      # log_info! 'API', 'Auth Request', 'Set Last-Modified', "#{time}"
+      # response.headers['Last-Modified'] = time
+      # response.headers['Cache-Control'] = 'private,max-age=0,must-revalidate,no-store'
+      # response.headers['X-J1-AuthManager']  = "page-validated;category=#{category};called=" +  time
+      log_info! 'Post Authentication', 'Redirect', 'Pass to requested page', "#{user_state_data['requested_page']}"
+      redirect user_state_data['requested_page']
     end
     # END: get /post_authentication
     # --------------------------------------------------------------------------
     # ENDPOINT status (called from WEB to get current state of an user)
     # --------------------------------------------------------------------------
     get '/status' do
-      session_encoded   = request.cookies['j1.web.session']
-      session_decoded   = Base64.decode64(session_encoded)
-      web_session_data    = JSON.parse(session_decoded)
+      requested_page = params.fetch('page')
+      category = 'public'
+      requested_page.scan(/(public|protected|private)/) do |match|
+        category = match[0]
+      end
       log_info! 'API', 'Status Request', 'Info request received'
+      log_info! 'API', 'Status Request', 'Page requested', "#{requested_page}"
+      log_info! 'API', 'Status Request', 'Content type', "#{category}"
       # if request.warden.user.respond_to?(:info)
       #
       if warden.authenticated?
         user_name               = warden.user[:info]['nickname']
         user_id                 = warden.user[:uid]
+        users_allowed           = providers[warden.user[:provider]]['users']
         provider                = warden.user[:provider]
-        provider_permissions    = web_session_data['provider_permissions']
-        provider_site_url       = warden.user[:info][:urls][:site]
-        provider_home_url       = warden.user[:info][:urls][:home]
-        provider_blog_url       = warden.user[:info][:urls][:blog]
-        provider_member_url     = warden.user[:info][:urls][:member]
+        provider_membership     = 'member'
+        provider_permissions    = user_state_data['provider_permissions']
+        provider_site_url       = J1App.user_settings['provider_site_url']
+        provider_home_url       = J1App.user_settings['provider_home_url']
+        provider_blog_url       = J1App.user_settings['provider_blog_url']
+        provider_member_url     = J1App.user_settings['provider_member_url']
+        provider_privacy_url    = J1App.user_settings['provider_privacy_url']
+        if provider == 'github'
+          provider_site_url       = warden.user[:info][:urls][:site]
+          provider_home_url       = warden.user[:info][:urls][:blog]
+          provider_blog_url       = warden.user[:info][:urls][:blog]
+          provider_member_url     = warden.user[:info][:urls][:blog]
+        end
+        if provider == 'disqus'
+          provider_site_url       = warden.user[:info][:urls][:site]
+          provider_home_url       = warden.user[:info][:urls][:blog]
+          provider_blog_url       = warden.user[:info][:urls][:blog]
+          provider_member_url     = warden.user[:info][:urls][:blog]
+        end
         if provider == 'patreon'
-          provider_membership   = warden.user[:extra][:reward][:name]
-          provider_member_url   = warden.user[:extra][:reward][:link]
-        else
-          provider_membership   = 'member'
-          provider_member_url   = '#'
+          provider_membership     = warden.user[:extra][:reward][:name]
+          provider_site_url       = warden.user[:info][:urls][:site]
+          provider_home_url       = warden.user[:info][:urls][:home]
+          provider_blog_url       = warden.user[:info][:urls][:blog]
+          provider_member_url     = warden.user[:extra][:reward][:link]
         end
-        log_info! 'API', 'Status Request', 'User detected as signed in', "#{user_name}"
+        log_info! 'API', 'Status Request', 'User detected', "#{user_name}"
+        log_info! 'API', 'Status Request', 'User detected as signed in'
       else
         user_name = 'unknown'
         log_info! 'API', 'Status Request', 'User detected', 'signed out'
       end
+      # time = Time.now.ctime.to_s
+      time = Time.now.strftime("%Y-%m-%d %H:%M:%S")
       # if request.warden.authenticated?
       #
       if user_name != 'unknown'
@@ -1011,6 +927,7 @@ module J1App
         {
             user_name:                user_name,
             user_id:                  user_id,
+            users_allowed:            users_allowed,
             provider:                 provider,
             provider_membership:      provider_membership,
             provider_permissions:     provider_permissions,
@@ -1018,7 +935,11 @@ module J1App
             provider_home_url:        provider_home_url,
             provider_blog_url:        provider_blog_url,
             provider_member_url:      provider_member_url,
-            status:                   'signed in'
+            provider_privacy_url:     provider_member_url,
+            page_permission:          category,
+            requested_page:           requested_page,
+            authenticated:            'true',
+            timestamp:                time
         }.to_json
       else
         log_info! 'API', 'Status Request', 'Send data', 'SIGNED_OUT'
@@ -1026,54 +947,25 @@ module J1App
         {
             user_name:                'visitor',
             user_id:                  'unknown',
+            users_allowed:            'all',
             provider:                 'j1',
             provider_membership:      'guest',
             provider_permissions:     'public',
-            provider_site_url:        '#',
-            provider_home_url:        '#',
-            provider_blog_url:        '#',
-            provider_member_url:      '#',
-            status:                   'signed out'
+            provider_site_url:        "#{provider_site_url_default}",
+            provider_home_url:        "#{provider_home_url_default}",
+            provider_blog_url:        "#{provider_blog_url_default}",
+            provider_member_url:      "#{provider_member_url_default}",
+            provider_privacy_url:     "#{provider_privacy_url_default}",
+            page_permission:          category,
+            requested_page:           requested_page,
+            authenticated:            'false',
+            timestamp:                time
         }.to_json
       end
     end
     # END: get /status
     # --------------------------------------------------------------------------
-    # ENDPOINT  cookie_consent (exception, called from the app|auth manager)
-    # --------------------------------------------------------------------------
-    get '/cookie_consent' do
-      provider          = params.fetch('provider')
-      category          = params.fetch('category')
-      user              = params.fetch('user')
-      requested_page    = params.fetch('requested_page')
-      description_title = params.fetch('title')
-      log_info! 'API', 'ExceptionHandler', 'Request received'
-      log_info! 'ExceptionHandler', 'ERROR', 'Cookies declined'
-      log_info! 'ExceptionHandler', 'Redirect', 'Pass to dialog page', 'Cookie Consent'
-      # Capitalize first char
-      provider                = provider.sub(/^./, &:upcase)
-      route                   = requested_page
-      @route                  = route
-      @provider               = provider
-      @modal                  = "centralCookieConsent"
-      @info_type              = "danger"
-      @modal_icon             = "cookie"
-      @modal_agreed_text      = "Yes, please"
-      @modal_disagreed_text   = "No, thanks"
-      @modal_title            = "Authentication Manager"
-      # @modal_description    = "<h4>#{description_title}</h4><br /><br />User <b>#{user}</b> from provider <b>#{provider}</b> requested access on <b>#{category}</b> pages.<br /> In order to continue, you need to accept on <b>Cookies</b>."
-      @modal_description      = "<h4>#{description_title}</h4><br /><br /> In order to continue, you need to accept on <b>Cookies</b>."
-      erb :auth_manager_ui
-    end
-    # END: get /cookies_rejected
-    # --------------------------------------------------------------------------
     #  ENDPOINT access_denied (exception, called from the app|auth manager)
     # --------------------------------------------------------------------------
     get '/access_denied' do
@@ -1083,182 +975,139 @@ module J1App
       description_title = params.fetch('title')
       log_info! 'API', 'ExceptionHandler', 'Request received'
-      log_info! 'ExceptionHandler', 'ERROR', 'Access Denied'
-      session_encoded = request.cookies['j1.web.session']
-      session_decoded = Base64.decode64(session_encoded)
-      web_session_data  = JSON.parse(session_decoded)
-      # Update J1 web session data
-      # --------------------------------------------------------------------
-      web_session_data['user_name']             = user
-      # web_session_data['user_id']               = 'unknown'
-      # web_session_data['users_allowed']         = 'unknown'
-      # web_session_data['payment_status']        = 'unknown'
-      web_session_data['provider']              = provider
-      # web_session_data['provider_url']          = 'unknown'
-      # web_session_data['provider_permissions']  = 'unknown'
-      # web_session_data['authenticated']         = 'false'
-      web_session_data['writer']                = 'middleware'
-      log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
-      # write updated J1 session data to cookie
-      #
-      session_json = web_session_data.to_json
-      session_encoded = Base64.encode64(session_json)
-      response.set_cookie(
-          'j1.web.session',
-          domain: false,
-          value: session_encoded.to_s,
-          path: '/'
-      )
+      log_error! 'ExceptionHandler', 'ERROR', 'Access Denied'
+      # Read current J1 session cookie
+      # ------------------------------------------------------------------------
+      if existsCookie? user_state_cookie
+        user_state_data = readCookie(user_state_cookie)
+        log_info! 'ExceptionHandler', 'Cookie', 'Read user state session data' #, "#{session_decoded}"
+      else
+        log_error! 'ExceptionHandler', 'Cookie', 'Cookie missing', user_state_cookie
+      end
       log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', "Access Denied"
       # Capitalize first char
-      provider  =  provider.sub(/^./, &:upcase)
-      route     = '/'
-      @route                  = route
-      @provider               = provider
-      @modal                  = "centralModalInfo"
-      @info_type              = "danger"
-      @modal_icon             = "account-off"
-      @modal_ok_text          = "Ok, understood"
-      @modal_title            = "Authentication Manager"
-      @modal_description      = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
+      provider =  provider.sub(/^./, &:upcase)
+      route    = '/'
+      @route             = route
+      @provider          = provider
+      @modal             = "centralModalInfo"
+      @info_type         = "danger"
+      @modal_icon        = "account-off"
+      @modal_ok_text     = "Ok, understood"
+      @modal_title       = "Authentication Manager"
+      @modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
       erb :auth_manager_ui
     end
     # END: get '/access_denied'
     # --------------------------------------------------------------------------
-    # ENDPOINT  invalid_funds (exception, called from the app|auth manager)
-    # --------------------------------------------------------------------------
-    get '/invalid_funds' do
-      provider          = params.fetch('provider')
-      category          = params.fetch('category')
-      user              = params.fetch('user')
-      description_title = params.fetch('title')
-      log_info! 'API', 'ExceptionHandler', 'Request received'
-      log_info! 'ExceptionHandler', 'ERROR', 'Invalid Funds'
-      session_encoded = request.cookies['j1.web.session']
-      session_decoded = Base64.decode64(session_encoded)
-      web_session_data  = JSON.parse(session_decoded)
-      # Update J1 web session data
-      # --------------------------------------------------------------------
-      web_session_data['user_name']             = user
-      # web_session_data['user_id']               = 'unknown'
-      # web_session_data['users_allowed']         = 'unknown'
-      # web_session_data['payment_status']        = 'unknown'
-      web_session_data['provider']              = provider
-      # web_session_data['provider_url']          = 'unknown'
-      # web_session_data['provider_permissions']  = 'unknown'
-      # web_session_data['authenticated']         = 'false'
-      web_session_data['writer']                = 'middleware'
-      log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
-      # write updated J1 session data to cookie
-      #
-      log_info! 'API', 'Exception Handler', 'ERROR', 'Invalid Funds'
-      session_json = web_session_data.to_json
-      session_encoded = Base64.encode64(session_json)
-      response.set_cookie(
-          'j1.web.session',
-          domain: false,
-          value: session_encoded.to_s,
-          path: '/'
-      )
-      log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', 'Invalid Funds'
-      # Capitalize first char
-      provider  =  provider.sub(/^./, &:upcase)
-      route     = '/'
-      @route                  = route
-      @provider               = provider
-      @modal                  = "centralModalInfo"
-      @info_type              = "danger"
-      @modal_icon             = "account-off"
-      @modal_ok_text          = "Ok, understood"
-      @modal_title            = "Authentication Manager"
-      @modal_description      = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
-      erb :auth_manager_ui
-    end
-    # END: get /invalid_funds
-    # --------------------------------------------------------------------------
-    # access_protected_content ENDPOINT called from the app (auth manager)
+    # /page_validation ENDPOINT
     # --------------------------------------------------------------------------
     get '/page_validation' do
-      provider        = params.fetch('provider')
-      allowed_users   = params.fetch('allowed_users')
-      page            = params.fetch('page')
-      category        = params.fetch('category')
+      requested_page  = params.fetch('page')
+      category        = ''
+      provider        = ''
+      allowed_users   = ''
-      log_info! 'API', 'PageAccessControl', 'PageValidate request received'
+      log_info! 'API', 'Validate Request', 'Page requested', "#{requested_page}"
+      requested_page.scan(/(protected|private)/) do |match|
+        category      = match[0]
+        provider      = permissions[:"#{category}"][0]
+        allowed_users = providers["#{provider}"]['users'].join(',')
+      end
-      # Capitalize first char
-      # provider        =  provider.sub(/^./, &:upcase)
+      log_info! 'API', 'Validate Request', 'Category detected', "#{category}"
+      log_info! 'API', 'Validate Request', 'Provider detected', "#{provider}"
+      log_info! 'API', 'Validate Request', 'Allowed users detected', "#{allowed_users}"
-      log_info! 'PageAccessControl', 'AuthCheck', 'Check provider', "#{provider}"
-      # jadams, 2019-03-16: Hier ist das Problem
-      #
       if warden.authenticated?
-        log_info! 'PageAccessControl', 'AuthCheck', 'Grant access for', "#{provider}"
-        log_info! 'PageAccessControl', 'Redirect', 'Pass to page', "#{page}"
+        log_info! 'API', 'Validate Request', 'User authenticated for', "#{provider}"
+        log_info! 'API', 'Validate Request', 'Pass to page', "#{requested_page}"
         route = page
       else
-        log_info! 'PageAccessControl', 'AuthCheck', 'Authentication failed', "#{provider}"
+        log_info! 'API', 'Validate Request', 'User not authenticated'
         route = "/authentication?request=signin&provider=#{provider}&allowed_users=#{allowed_users}"
       end
-      log_info! 'PageAccessControl', 'Redirect', 'Pass to SignIn dialog, page', "#{page}"
+      log_info! 'API', 'Validate Request', 'Pass to SignIn dialog'
       # Capitalize first char
-      provider                =  provider.sub(/^./, &:upcase)
-      @provider               = provider
-      @route                  = route
-      @modal                  = "signInProtectedContent"
-      @modal_icon             = "login"
-      @modal_agreed_text      = "Yes, please"
-      @modal_disagreed_text   = "No, thanks"
-      @modal_title            = "SignIn"
-      @modal_image            = "/assets/images/master_header/admin-dashboard-bootstrap-1280x600.png"
-      @modal_description      = "The page <b>#{page}</b> you requested belongs to <b>#{category}</b> content. You'll be redirected to authenticate with the provider <b>#{provider}</b>. If signed in successfully, you get access to all <b>#{category} pages</b>."
+      provider              =  provider.sub(/^./, &:upcase)
+      @provider             = provider
+      @route                = route
+      @modal                = "signInProtectedContent"
+      @modal_icon           = "login"
+      @modal_agreed_text    = "Yes, please"
+      @modal_disagreed_text = "No, thanks"
+      @modal_title          = "SignIn"
+      @modal_image          = "/assets/images/master_header/admin-dashboard-bootstrap-1280x600.png"
+      @modal_description    = "The page <b>#{requested_page}</b> you requested belongs to <b>#{category}</b> content. You'll be redirected to authenticate with the provider <b>#{provider}</b>. If signed in successfully, you get access to all <b>#{category} pages</b>."
       erb :auth_manager_ui
     end
     # END: get '/page_validation
     # --------------------------------------------------------------------------
-    # ENDPOINT iframe
-    # --------------------------------------------------------------------------
-    get '/iframe' do
-      @website_url = "https://jekyll-one.github.io/"
-      erb :iframe
-    end
-    # END: get /iframe
-    # --------------------------------------------------------------------------
     # Rescue OmniAuth::Strategies::OAuth2::CallbackError
     # ------------------------------------------------------------------------
     get '/redirect_on_failure' do
       log_error! 'OmniAuth', 'OAuth2 ', 'Callback error on redirect'
       log_info! 'Redirect on failure', 'Redirect', 'Pass to home page'
-      redirect "/"  # web_session_data['requested_page']
+      redirect "/"  # user_state_data['requested_page']
     end
     # END: get /redirect_on_failure
     # --------------------------------------------------------------------------
+    # ENDPOINT  invalid_funds (exception, called from the app|auth manager)
+    # --------------------------------------------------------------------------
+    # get '/invalid_funds' do
+    #   provider          = params.fetch('provider')
+    #   category          = params.fetch('category')
+    #   user              = params.fetch('user')
+    #   description_title = params.fetch('title')
+    #
+    #   log_info! 'API', 'ExceptionHandler', 'Request received'
+    #   log_info! 'ExceptionHandler', 'ERROR', 'Invalid Funds'
+    #
+    #   session_encoded = request.cookies['j1.user.state']
+    #   session_decoded = Base64.decode64(session_encoded)
+    #   user_state_data  = JSON.parse(session_decoded)
+    #
+    #   log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', 'Invalid Funds'
+    #
+    #   # Capitalize first char
+    #   provider  =  provider.sub(/^./, &:upcase)
+    #   route     = '/'
+    #
+    #   @route                  = route
+    #   @provider               = provider
+    #   @modal                  = "centralModalInfo"
+    #   @info_type              = "danger"
+    #   @modal_icon             = "account-off"
+    #   @modal_ok_text          = "Ok, understood"
+    #   @modal_title            = "Authentication Manager"
+    #   @modal_description      = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
+    #
+    #   erb :auth_manager_ui
+    # end
+    # END: get /invalid_funds
+    # --------------------------------------------------------------------------
+    # ENDPOINT iframe
+    # --------------------------------------------------------------------------
+    # get '/iframe' do
+    #   @website_url = "https://jekyll-one.github.io/"
+    #   erb :iframe
+    # end
+    # END: get /iframe
+    # --------------------------------------------------------------------------
   end
 end