j1_template_mde 2018.4.31 → 2018.4.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (130) hide show
  1. checksums.yaml +4 -4
  2. data/_includes/themes/j1/layouts/layout_metadata_generator.html +5 -6
  3. data/_includes/themes/j1/layouts/layout_shim_generator.html +20 -2
  4. data/_includes/themes/j1/layouts/layout_theme_generator.html +2 -2
  5. data/_includes/themes/j1/modules/connectors/{analytic/google → ad/custom-provider.html} +7 -16
  6. data/_includes/themes/j1/modules/connectors/ad/google-adsense.html +6 -6
  7. data/_includes/themes/j1/modules/connectors/ads +23 -8
  8. data/_includes/themes/j1/modules/connectors/analytic/custom-provider.html +32 -0
  9. data/_includes/themes/j1/modules/connectors/analytic/google-analytics.html +38 -0
  10. data/_includes/themes/j1/modules/connectors/analytics +16 -17
  11. data/_includes/themes/j1/modules/connectors/comment/custom-provider.html +31 -0
  12. data/_includes/themes/j1/modules/connectors/comment/disqus.html +3 -3
  13. data/_includes/themes/j1/modules/connectors/comment/facebook.html +31 -0
  14. data/_includes/themes/j1/modules/connectors/comments +14 -12
  15. data/_includes/themes/j1/modules/connectors/sharing +3 -10
  16. data/_includes/themes/j1/modules/navigator/generator.html +17 -12
  17. data/_includes/themes/j1/modules/navigator/procedures/quicklinks.proc +37 -27
  18. data/_includes/themes/j1/modules/navigator/procedures/sidebar.proc +3 -3
  19. data/_includes/themes/j1/procedures/layouts/module_writer.proc +4 -4
  20. data/_includes/themes/j1/procedures/layouts/resource_writer.proc +6 -6
  21. data/lib/j1/version.rb +1 -1
  22. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.before_merge_added.rb +1267 -0
  23. data/lib/j1_app/j1_auth_manager/_unused/auth_manager.update.web_cookie.rb +1333 -0
  24. data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.2.erb +198 -0
  25. data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.additional_inits.erb +254 -0
  26. data/lib/j1_app/j1_auth_manager/auth_manager.rb +361 -275
  27. data/lib/j1_app/j1_auth_manager/config.rb +9 -9
  28. data/lib/j1_app/j1_auth_manager/helpers.rb +60 -2
  29. data/lib/j1_app/j1_auth_manager/views/auth_manager_ui.erb +123 -37
  30. data/lib/starter_web/Gemfile +1 -1
  31. data/lib/starter_web/_config.yml +42 -32
  32. data/lib/starter_web/_data/j1_config.yml +46 -56
  33. data/lib/starter_web/_data/j1_resources.yml +25 -5
  34. data/lib/starter_web/_data/layouts/default.yml +10 -0
  35. data/lib/starter_web/_data/modules/j1_cookie_consent.yml +120 -0
  36. data/lib/starter_web/_data/modules/j1_log4javascript.yml +24 -22
  37. data/lib/starter_web/_data/modules/j1_navigator.yml +61 -50
  38. data/lib/starter_web/_data/modules/j1_navigator_menu.yml +32 -11
  39. data/lib/starter_web/_data/tables/country.asciidoc +252 -0
  40. data/lib/starter_web/assets/data/_authclient.html +365 -0
  41. data/lib/starter_web/assets/data/authclient.html +213 -222
  42. data/lib/starter_web/assets/data/cookie_consent.html +261 -0
  43. data/lib/starter_web/assets/data/countries.json +974 -0
  44. data/lib/starter_web/assets/data/footer.html +17 -26
  45. data/lib/starter_web/assets/data/menu.html +20 -21
  46. data/lib/starter_web/assets/images/icons/j1/scalable/j1v2.svg +1 -1
  47. data/lib/starter_web/assets/images/master_header/admin-bootstrap.jpg +0 -0
  48. data/lib/starter_web/assets/images/pages/roundtrip/package.json +16 -16
  49. data/lib/starter_web/assets/themes/j1/core/css/theme_extensions.css +1313 -1219
  50. data/lib/starter_web/assets/themes/j1/core/css/theme_extensions.min.css +1 -1
  51. data/lib/starter_web/assets/themes/j1/core/css/uno.css +1251 -1219
  52. data/lib/starter_web/assets/themes/j1/core/css/uno.min.css +1 -1
  53. data/lib/starter_web/assets/themes/j1/core/css/vendor.css +72 -72
  54. data/lib/starter_web/assets/themes/j1/core/css/vendor.min.css +2 -2
  55. data/lib/starter_web/assets/themes/j1/core/js/adapter/algolia.js +1 -1
  56. data/lib/starter_web/assets/themes/j1/core/js/adapter/back2top.js +1 -1
  57. data/lib/starter_web/assets/themes/j1/core/js/adapter/bs_gallery.js +1 -1
  58. data/lib/starter_web/assets/themes/j1/core/js/adapter/cookie_consent.js +345 -0
  59. data/lib/starter_web/assets/themes/j1/core/js/adapter/custom.js +1 -1
  60. data/lib/starter_web/assets/themes/j1/core/js/adapter/lightbox.js +1 -1
  61. data/lib/starter_web/assets/themes/j1/core/js/adapter/logger.js +1 -1
  62. data/lib/starter_web/assets/themes/j1/core/js/adapter/master_header.js +1 -1
  63. data/lib/starter_web/assets/themes/j1/core/js/adapter/navigator.js +254 -190
  64. data/lib/starter_web/assets/themes/j1/core/js/adapter/scroller.js +1 -1
  65. data/lib/starter_web/assets/themes/j1/core/js/adapter/searcher.js +1 -1
  66. data/lib/starter_web/assets/themes/j1/core/js/adapter/stickybits.js +1 -1
  67. data/lib/starter_web/assets/themes/j1/core/js/adapter/switcher.js +1 -1
  68. data/lib/starter_web/assets/themes/j1/core/js/adapter/template.js +432 -97
  69. data/lib/starter_web/assets/themes/j1/core/js/adapter/toccer.js +1 -1
  70. data/lib/starter_web/assets/themes/j1/core/js/template.js +15 -15
  71. data/lib/starter_web/assets/themes/j1/core/js/template.js.map +1 -1
  72. data/lib/starter_web/assets/themes/j1/core/js/template.min.js +1 -1
  73. data/lib/starter_web/assets/themes/j1/extensions/cookiebar/js/cookiebar.js +277 -0
  74. data/lib/starter_web/assets/themes/j1/{core/js/adapter/cookiebar.js → extensions/cookiebar/js/j1cookiebar.js} +1 -1
  75. data/lib/starter_web/collections/_biography/becoming.adoc +1 -1
  76. data/lib/starter_web/collections/_biography/born-to-run.adoc +1 -1
  77. data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/attributes.asciidoc +0 -0
  78. data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/documents/100-docker-using-shared-folders.asciidoc +0 -0
  79. data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/documents/loop.sh +0 -0
  80. data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/tables/debug_variables.asciidoc +0 -0
  81. data/lib/starter_web/collections/posts/{premium → private}/series/_posts/2018-11-01-docker-using-shared-folders.adoc +0 -0
  82. data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/000_includes/attributes.asciidoc +0 -0
  83. data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/000_includes/tables/debug_variables.asciidoc +0 -0
  84. data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/2016-11-20-minneapolis.adoc +0 -0
  85. data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/2016-11-24-narcisse-snake-dens.adoc +0 -0
  86. data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/2016-11-26-columbia-river.adoc +1 -1
  87. data/lib/starter_web/collections/posts/public/featured/_posts/2019-04-12-about-cookies.adoc +175 -0
  88. data/lib/starter_web/collections/posts/public/{featured → jekyll}/_posts/2018-05-01-confusion-about-base-url.adoc +0 -0
  89. data/lib/starter_web/index.html +4 -1
  90. data/lib/starter_web/package.json +1 -1
  91. data/lib/starter_web/pages/{premium → private}/bookshelf/100_about_jekyll_collections.adoc +1 -1
  92. data/lib/starter_web/pages/{premium → private}/bookshelf/200_book_shelf_biography.adoc +1 -1
  93. data/lib/starter_web/pages/{premium → private}/bookshelf/300_book_shelf_fantasy.adoc +1 -1
  94. data/lib/starter_web/pages/{premium → private}/bookshelf/400_book_shelf_romance.adoc +1 -1
  95. data/lib/starter_web/pages/{private → protected}/TeamUp/000_includes/attributes.asciidoc +0 -0
  96. data/lib/starter_web/pages/{private → protected}/TeamUp/index.adoc +3 -3
  97. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/attributes.asciidoc +0 -0
  98. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/100_absolute_sizes.asciidoc +0 -0
  99. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/110_bs_grid_sizes.asciidoc +0 -0
  100. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/120_relative_sizes.asciidoc +0 -0
  101. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/200_rotate.asciidoc +0 -0
  102. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/300_flip.asciidoc +0 -0
  103. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/400_spin_pulsed.asciidoc +0 -0
  104. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/500_bw_color_palette.asciidoc +0 -0
  105. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/510_bs_color_palette.asciidoc +0 -0
  106. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/600_md_color_palette.asciidoc +0 -0
  107. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/601_md_color_palette_indigo.asciidoc +0 -0
  108. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/602_md_color_palette_pink.asciidoc +0 -0
  109. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/100_bs_sizes.asciidoc +0 -0
  110. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/100_relative_sizes.asciidoc +0 -0
  111. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/200_rotate.asciidoc +0 -0
  112. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/300_flip.asciidoc +0 -0
  113. data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/400_spin_pulsed.asciidoc +0 -0
  114. data/lib/starter_web/pages/{private → protected}/previewer/justified_gallery.html +1 -1
  115. data/lib/starter_web/pages/{private → protected}/previewer/mdi_icons_preview.adoc +1 -1
  116. data/lib/starter_web/pages/{private → protected}/previewer/twitter_emoji_preview.adoc +1 -1
  117. data/lib/starter_web/pages/public/about/about_you.adoc +139 -0
  118. data/lib/starter_web/pages/public/legal/de/100_impress.adoc +26 -15
  119. data/lib/starter_web/pages/public/legal/de/200_terms_of_use.adoc +2 -2
  120. data/lib/starter_web/pages/public/legal/en/100_impress.adoc +65 -53
  121. data/lib/starter_web/pages/public/legal/en/200_terms_of_use.adoc +11 -8
  122. data/lib/starter_web/pages/public/legal/en/300_privacy.adoc +46 -68
  123. data/lib/starter_web/pages/public/legal/en/400_license_agreement.adoc +72 -74
  124. data/lib/starter_web/pages/public/legal/en/eu/cookie.policy.asciidoc +55 -0
  125. data/lib/starter_web/pages/public/previewer/bootstrap_theme.adoc +1 -1
  126. data/lib/starter_web/pages/public/start/roundtrip/700_extended_modals.adoc +71 -53
  127. metadata +60 -44
  128. data/_includes/themes/j1/modules/connectors/analytic/googleUA +0 -44
  129. data/lib/starter_web/_data/modules/j1_cookiebar.yml +0 -65
  130. data/lib/starter_web/_unused/package.json.new +0 -125
@@ -0,0 +1,1333 @@
1
+ # RuboCops - Documentation
2
+ # ------------------------------------------------------------------------------
3
+ # See: https://rubocop.readthedocs.io/en/latest/
4
+
5
+ # RuboCops - Disabled Cops
6
+ # ------------------------------------------------------------------------------
7
+ # rubocop:disable Metrics/BlockLength
8
+ # rubocop:disable Metrics/ClassLength
9
+ # rubocop:disable Metrics/LineLength
10
+ # rubocop:disable Style/StringLiterals
11
+ # rubocop:disable Style/Documentation
12
+ # rubocop:disable Metrics/BlockNesting
13
+ # rubocop:disable Layout/ClosingParenthesisIndentation
14
+ # rubocop:disable Layout/LeadingCommentSpace
15
+ # rubocop:disable Layout/EmptyLines
16
+ # rubocop:disable Layout/EmptyLinesAroundBlockBody
17
+ # rubocop:disable Layout/FirstParameterIndentation
18
+ # rubocop:disable Layout/CommentIndentation
19
+ # rubocop:disable Layout/AlignParameters
20
+ # rubocop:disable Layout/AlignHash
21
+ # rubocop:disable Layout/TrailingWhitespace
22
+ # rubocop:disable Layout/IndentHash
23
+ # rubocop:disable Layout/SpaceAroundOperators
24
+ # rubocop:disable Layout/ExtraSpacing
25
+ # rubocop:disable Style/UnlessElse
26
+ # rubocop:disable Style/HashSyntax
27
+
28
+
29
+ # ------------------------------------------------------------------------------
30
+ # ~/lib/j1_auth_manager/auth_manager/.rb
31
+ #
32
+ # Provides authentication services based on Warden|OmniAuth
33
+ #
34
+ # Product/Info:
35
+ # https://jekyll-one.com
36
+ #
37
+ # Copyright (C) 2019 Juergen Adams
38
+ #
39
+ # J1 Template is licensed under the MIT License.
40
+ # See: https://github.com/jekyll-one/j1_template_mde/blob/master/LICENSE
41
+ #
42
+ # ------------------------------------------------------------------------------
43
+ # NOTES
44
+ #
45
+ # ------------------------------------------------------------------------------
46
+ # frozen_string_literal: true
47
+
48
+ module J1App
49
+ class AuthManager < Sinatra::Base
50
+
51
+ include J1App::Helpers
52
+ include J1App::GithubHelpers
53
+
54
+ # ==========================================================================
55
+ # Sinatra Framework settings
56
+ # ==========================================================================
57
+
58
+ # NOTE: https://stackoverflow.com/questions/7847536/sinatra-in-facebook-iframe
59
+ #
60
+ #set :protection, :except => :frame_options
61
+
62
+ # Check: http://sinatrarb.com/intro.html
63
+ #
64
+ #set :static_cache_control, [:public, :max_age => 10]
65
+
66
+
67
+ # ==========================================================================
68
+ # Base App and Warden Framework settings
69
+ # ==========================================================================
70
+
71
+ session_data = {}
72
+
73
+ # web_session_data = {
74
+ # :authenticated => 'false',
75
+ # :requested_page => '/',
76
+ # :user_name => 'unknown',
77
+ # :users_allowed => 'unknown',
78
+ # :user_id => 'unknown',
79
+ # :provider => 'unknown',
80
+ # :provider_url => '/',
81
+ # :payment_info => 'unknown',
82
+ # :permissions => 'unknown',
83
+ # :writer => 'middleware'
84
+ # }
85
+
86
+ web_session_data = {
87
+ :authenticated => 'false',
88
+ :requested_page => '/',
89
+ :user_name => 'visitor',
90
+ :users_allowed => 'all',
91
+ :user_id => 'unknown',
92
+ :provider => 'j1',
93
+ :provider_membership => 'guest',
94
+ :provider_url => 'https://jekyll.one',
95
+ :payment_info => 'unknown',
96
+ :provider_permissions => 'public',
97
+ :creator => 'middleware',
98
+ :writer => 'middleware'
99
+ }
100
+
101
+ # Enable SSL for the rack session if configured
102
+ # --------------------------------------------------------------------------
103
+ require 'rack-ssl-enforcer' if J1App.ssl?
104
+ use Rack::SslEnforcer if J1App.ssl?
105
+
106
+ # Set the session cookie used by Rack to track all relevant data
107
+ # for the authentication service
108
+ # --------------------------------------------------------------------------
109
+ use Rack::Session::Cookie,
110
+ http_only: true, # if set to 'true', make session cookie visible to the browser (document) for HTTP
111
+ key: 'j1.app.session',
112
+ secret: ENV['J1_SESSION_SECRET'] || SecureRandom.hex
113
+
114
+ # use Rack::Cache do |config|
115
+ # #
116
+ # # ------------------------------------------------------------------------
117
+ # config.middleware.delete(Rack::Cache)
118
+ # end
119
+
120
+ # ==========================================================================
121
+ # Warden Framework initialisation
122
+ # ==========================================================================
123
+
124
+ # Define what (user) data should be put (serialized) into the session
125
+ # on requests and responses from Rack environment into the warden
126
+ # environment (env['warden']).
127
+ # --------------------------------------------------------------------------
128
+ Warden::Manager.serialize_into_session do |user|
129
+ user
130
+ end
131
+ Warden::Manager.serialize_from_session do |user|
132
+ user
133
+ end
134
+
135
+ # ==========================================================================
136
+ # OmniAuth|Warden Framework initialisation
137
+ # ==========================================================================
138
+
139
+ # Set the 'default' authentication strategy and exception handler
140
+ # (for warden) if the user was not explicitly signed in (signin dialog).
141
+ # If 'signin' fails, the default exception 'signin_failure' is thrown
142
+ # (used for all OmniAuth strategies registered).
143
+ # --------------------------------------------------------------------------
144
+ signin_failure = ->(_e) { Rack::Response.new("Can't login", 401).finish }
145
+ use Warden::Manager do |config|
146
+ # OmniAuth strategies are name-spaced by 'omni' (see: warden_omniauth.rb)
147
+ # ------------------------------------------------------------------------
148
+ config.default_strategies :"omni_#{J1App.default_provider}"
149
+ config.failure_app = signin_failure
150
+ end
151
+
152
+ use OmniAuth::Builder do |config|
153
+ # Workaround to rescue OmniAuth::Strategies::OAuth2::CallbackError?
154
+ # for chromium based browsers (e.g. google-chrome)
155
+ # ------------------------------------------------------------------------
156
+ config.on_failure do
157
+ new_path = '/redirect_requested_page'
158
+ Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
159
+ end
160
+
161
+ # Detect and set supported authentication strategies for OmniAuth
162
+ # ------------------------------------------------------------------------
163
+
164
+ # Additional (strategy) option skip_extra, default: true
165
+ #
166
+ # If true, skips the collection of raw data (extra) to NOT blow
167
+ # up the session cookie (as it is limited to 4K)
168
+ skip_extra = true
169
+
170
+ if J1App.active_providers.include? 'patreon'
171
+ scope = J1App.auth_config['providers']['patreon']['scope'].join(',')
172
+ data_collection = J1App.auth_config['providers']['patreon']['data_fields'].join(',')
173
+ skip_extra = false if data_collection =~ /raw/i
174
+ provider :patreon,
175
+ ENV['PATREON_CLIENT_ID'],
176
+ ENV['PATREON_CLIENT_SECRET'],
177
+ scope: "#{scope}",
178
+ skip_extra: skip_extra
179
+ end
180
+ if J1App.active_providers.include? 'disqus'
181
+ scope = J1App.auth_config['providers']['disqus']['scope'].join(',')
182
+ data_collection = J1App.auth_config['providers']['disqus']['data_fields'].join(',')
183
+ skip_extra = false if data_collection =~ /raw/i
184
+ provider :disqus,
185
+ ENV['DISQUS_CLIENT_ID'],
186
+ ENV['DISQUS_CLIENT_SECRET'],
187
+ scope: "#{scope}",
188
+ skip_extra: skip_extra
189
+ end
190
+ if J1App.active_providers.include? 'facebook'
191
+ scope = J1App.auth_config['providers']['facebook']['scope'].join(',')
192
+ data_collection = J1App.auth_config['providers']['facebook']['data_fields'].join(',')
193
+ skip_extra = false if data_collection =~ /raw/i
194
+ provider :facebook,
195
+ ENV['FACEBOOK_CLIENT_ID'],
196
+ ENV['FACEBOOK_CLIENT_SECRET'],
197
+ scope: "#{scope}",
198
+ skip_extra: skip_extra
199
+ end
200
+ if J1App.active_providers.include? 'github'
201
+ scope = J1App.auth_config['providers']['github']['scope'].join(',')
202
+ data_collection = J1App.auth_config['providers']['github']['data_fields'].join(',')
203
+ skip_extra = false if data_collection =~ /raw/i
204
+ provider :github,
205
+ ENV['GITHUB_CLIENT_ID'],
206
+ ENV['GITHUB_CLIENT_SECRET'],
207
+ scope: "#{scope}",
208
+ skip_extra: skip_extra
209
+ end
210
+ if J1App.active_providers.include? 'twitter'
211
+ scope = J1App.auth_config['providers']['twitter']['scope'].join(',')
212
+ data_collection = J1App.auth_config['providers']['twitter']['data_fields'].join(',')
213
+ skip_extra = false if data_collection =~ /raw/i
214
+ provider :twitter,
215
+ ENV['TWITTER_CLIENT_ID'],
216
+ ENV['TWITTER_CLIENT_SECRET'],
217
+ scope: "#{scope}",
218
+ skip_extra: skip_extra
219
+ end
220
+ end
221
+
222
+ # Set the (internal) endpoint if a user is successfully authenticated
223
+ # --------------------------------------------------------------------------
224
+ use J1WardenOmniAuth do |config|
225
+ config.redirect_after_callback = '/post_authentication'
226
+ end
227
+
228
+ # Add the internal logger from Rack to the middleware's of the stack
229
+ # --------------------------------------------------------------------------
230
+ use Rack::Logger
231
+
232
+ # Load user profiles, permissions, conditions and strategies
233
+ # --------------------------------------------------------------------------
234
+
235
+ providers = J1App.auth_config['providers']
236
+ permissions = J1App.permissions
237
+
238
+
239
+ # ==========================================================================
240
+ # Sinatra (before) FILTER to preprocess all page requests
241
+ # ==========================================================================
242
+
243
+ # Prepare root (index) page for app detection
244
+ #
245
+ before '/' do
246
+ log_info! "ROOT", "Prepare", 'Web Session'
247
+
248
+ # read existing/current cookie 'j1.web.session' to update all data
249
+ # of web_session_data (hash) otherwise set initial data
250
+ # ------------------------------------------------------------------------
251
+ unless env['HTTP_COOKIE'] == nil
252
+ log_info! "ROOT", 'Cookie', 'Read current web session data'
253
+ web_session_data = readCookie('j1.web.session')
254
+ data_json = web_session_data.to_json
255
+ log_info! "ROOT", 'Cookie', 'Current web session data', "#{data_json}"
256
+
257
+ # if env['HTTP_COOKIE'].include? 'j1.web.session'
258
+ # session_encoded = request.cookies['j1.web.session']
259
+ # session_decoded = Base64.decode64(session_encoded)
260
+ # web_session_data = JSON.parse(session_decoded)
261
+ # end
262
+
263
+ else
264
+ requested_page = env['REQUEST_URI']
265
+ session_data['requested_page'] = "#{env['REQUEST_URI']}"
266
+ end
267
+
268
+ # Create|Initialize the J1 web session cookie
269
+ # ------------------------------------------------------------------------
270
+ if warden.authenticated?
271
+ log_info! "ROOT", 'Cookie', 'Update current user data'
272
+
273
+ user = warden.user
274
+ log_info! "ROOT", 'AuthCheck', 'User detected as signed in', "#{user[:provider]}"
275
+ session_data['authenticated'] = 'true'
276
+ session_data['requested_page'] = '/'
277
+ session_data['user_name'] = user[:info]['nickname']
278
+ session_data['users_allowed'] = providers["#{user[:provider]}"]['users']
279
+ session_data['user_id'] = user[:uid]
280
+ session_data['provider'] = user[:provider]
281
+ session_data['provider_membership'] = 'member'
282
+ session_data['provider_url'] = providers["#{user[:provider]}"]['provider_url']
283
+ session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
284
+ session_data['payment_status'] = user[:info][:payment_status]
285
+ else
286
+ log_info! "ROOT", 'AuthCheck', 'User detected', 'signed out'
287
+ session_data['authenticated'] = 'false'
288
+ # session_data['requested_page'] = '/'
289
+ session_data['users_allowed'] = 'all'
290
+ session_data['user_name'] = 'visitor'
291
+ session_data['user_id'] = 'unknown'
292
+ session_data['payment_status'] = 'unknown'
293
+ session_data['provider'] = 'j1'
294
+ session_data['provider_membership'] = 'guest'
295
+ session_data['provider_url'] = 'https://jekyll.one'
296
+ session_data['provider_permissions'] = 'public'
297
+ end
298
+ session_data['writer'] = 'middleware'
299
+ session_data['creator'] = 'middleware'
300
+
301
+ web_session_data = merge( web_session_data, session_data )
302
+
303
+ data_json = session_data.to_json
304
+ log_info! "ROOT", 'Cookie', 'Merge current user data', "#{data_json}"
305
+
306
+ data_json = web_session_data.to_json
307
+ log_info! "ROOT", 'Cookie', 'Update web session data', "#{data_json}"
308
+ writeCookie('j1.web.session', data_json)
309
+ end
310
+
311
+ # General page detection (page auth pre-flight)
312
+ # --------------------------------------------------------------------------
313
+ before '/(pages|posts)/*' do
314
+
315
+ log_info! 'AuthManager', 'PreFlight', 'Initial checks initiated'
316
+
317
+ # read existing/current cookie 'j1.web.session'
318
+ # to update all data of web_session_data (hash)
319
+ # if request.warden.user.respond_to?(:info)
320
+ # ------------------------------------------------------------------------
321
+
322
+ #web_session_data = readCookie('j1.web.session')
323
+
324
+ if env['HTTP_COOKIE'].include? 'j1.web.session'
325
+ session_encoded = request.cookies['j1.web.session']
326
+ session_decoded = Base64.decode64(session_encoded)
327
+ # See: https://stackoverflow.com/questions/86653/how-can-i-pretty-format-my-json-output-in-ruby-on-rails
328
+ session_pretty = JSON.pretty_generate(session_decoded)
329
+ web_session_data = JSON.parse(session_decoded)
330
+
331
+ log_info! 'PreFlight', 'Cookie', 'Read web session data', "#{session_decoded}" # ,"#{session_pretty}"
332
+ else
333
+ requested_page = env['REQUEST_URI']
334
+ session_data['requested_page'] = "#{env['REQUEST_URI']}"
335
+ end
336
+
337
+ # Create|Initialize the J1 web session cookie
338
+ # ------------------------------------------------------------------------
339
+ log_info! 'PreFlight', 'AuthCheck', 'Check authentication state'
340
+ if warden.authenticated?
341
+ log_info! 'PreFlight', 'AuthCheck', 'Fick dich'
342
+ user = warden.user
343
+ session_data['authenticated'] = 'true'
344
+ session_data['user_name'] = user[:info]['nickname']
345
+ session_data['user_id'] = user[:uid]
346
+ session_data['provider'] = user[:provider]
347
+ session_data['provider_url'] = providers["#{user[:provider]}"]['provider_url']
348
+ session_data['users_allowed'] = providers["#{user[:provider]}"]['users']
349
+ session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
350
+ session_data['provider_membership'] = 'member'
351
+ session_data['payment_status'] = user[:info][:payment_status]
352
+ session_data['writer'] = 'middleware'
353
+
354
+ web_session_data = merge( web_session_data, session_data )
355
+ log_info! 'PreFlight', 'AuthCheck', 'User authenticated', "#{user[:info]['nickname']}"
356
+
357
+ session_json = web_session_data.to_json
358
+ log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
359
+
360
+ session_encoded = Base64.encode64(session_json)
361
+ response.set_cookie(
362
+ 'j1.web.session',
363
+ domain: false,
364
+ value: session_encoded.to_s,
365
+ path: '/'
366
+ )
367
+ end
368
+
369
+ # User state|content detection for implicit authentication
370
+ # ------------------------------------------------------------------------
371
+ log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'disabled' if authentication_enabled? == false
372
+ log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
373
+ pass if authentication_enabled? == false
374
+
375
+ log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'enabled'
376
+ log_info! 'PreFlight', 'DetectContent', 'Public content detected' if public_content?
377
+ log_info! 'PreFlight', 'DetectContent', 'Pass all public content' if public_content?
378
+ pass if public_content?
379
+
380
+ log_info! 'PreFlight', 'DetectCookieConsent', 'Cookie Consent', "#{web_session_data['cookies_accepted']}"
381
+
382
+ # if web_session_data['cookies_accepted'] === 'declined'
383
+ # requested_page = env['REQUEST_URI']
384
+ # requested_page.scan(/(protected|private)/) do |match|
385
+ # category = match[0]
386
+ # log_info! 'PreFlight', 'DetectContent', 'Content detected as', "#{category}"
387
+ # log_info! 'PreFlight', 'Redirect', 'Pass to dialog page (Cookie Consent)'
388
+ # description_title = "Cookie consent declined"
389
+ # redirect "/cookie_consent?provider=#{web_session_data['provider']}&user=#{web_session_data['user_name']}&category=#{category}&requested_page=#{requested_page}&title=#{description_title}"
390
+ # #redirect requested_page
391
+ # end
392
+ # end
393
+
394
+ log_info! 'PreFlight', 'DetectContent', 'Check content type'
395
+
396
+ requested_page = env['REQUEST_URI']
397
+ requested_page.scan(/(protected|private)/) do |match|
398
+
399
+ category = match[0]
400
+ log_info! 'PreFlight', 'DetectContent', 'Content type detected', "#{category}"
401
+
402
+ log_info! 'PreFlight', 'AuthCheck', 'Check authorisation status'
403
+ if warden.authenticated?
404
+ user_name = user[:info]['nickname']
405
+ log_info! 'PreFlight', 'AuthCheck', 'User detected', "#{user_name}"
406
+
407
+ current_provider = warden.user[:provider]
408
+
409
+ # provider_strategy = strategies["#{default_provider}"]
410
+ strategy = providers["#{current_provider}"]['strategy']
411
+ provider_strategy = :"#{strategy}"
412
+
413
+ web_session_data['user_name'] = user_name
414
+ web_session_data['provider_url'] = providers["#{current_provider}"]['provider_url']
415
+ web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
416
+ web_session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
417
+ web_session_data['requested_page'] = requested_page
418
+
419
+ log_info! 'PreFlight', 'ContentCheck', 'Check permissions'
420
+ if permissions[:"#{category}"].include? current_provider
421
+ log_info! 'PreFlight', 'ContentCheck', 'Provider detected', "#{current_provider}"
422
+ log_info! 'PreFlight', 'ContentCheck', 'Category detected', "#{category}"
423
+ log_info! 'PreFlight', 'ContentCheck', 'Category support', 'enabled'
424
+
425
+ # Check permissions
426
+ #
427
+ #log_info! 'Authorisation', 'ConditionCheck', 'Check permissions for provider', "#{current_provider}"
428
+ #conditions = J1App.conditions current_provider
429
+ # if conditions["#{category}"]
430
+ # log_info! 'Authorisation', 'ConditionCheck', 'Conditions detected', "#{category}"
431
+ # conditions["#{category}"].each do |k, v|
432
+ # case k
433
+ # when 'enabled'
434
+ # log_info! 'Authorisation', 'ConditionCheck', "#{k}", "#{v}"
435
+ # when 'users'
436
+ # log_info! 'Authorisation', 'ConditionCheck', 'users'
437
+ # v.each do |k, v|
438
+ # log_info! 'Authorisation', 'ConditionCheck', "users - #{k}", "#{v}"
439
+ # end
440
+ # when 'payment'
441
+ # log_info! 'Authorisation', 'ConditionCheck', 'payment'
442
+ # v.each do |k, v|
443
+ # case k
444
+ # when 'tiers'
445
+ # log_info! 'Authorisation', 'ConditionCheck', "payment - #{k}", "#{v}"
446
+ # when 'tier'
447
+ # v.each do |k, v|
448
+ # log_info! 'Authorisation', 'ConditionCheck', 'payment - tiers - tier : ' "#{k}", "#{v}"
449
+ # end
450
+ # end
451
+ # end
452
+ # end
453
+ # end
454
+ # end
455
+ else
456
+ provider = permissions[:"#{category}"][0]
457
+ log_info! 'PreFlight', 'ContentCheck', 'Provider detected', "#{current_provider}"
458
+ log_info! 'PreFlight', 'ContentCheck', 'Category detected', "#{category}"
459
+ log_info! 'PreFlight', 'ContentCheck', 'Category supported', 'NO'
460
+ log_info! 'PreFlight', 'AuthCheck', 'Authorisation failed for user', "#{user_name}"
461
+
462
+ log_info! 'PreFlight', 'SignOut', 'Sign out user', "#{user_name}"
463
+ warden.logout
464
+ session.clear
465
+
466
+ session_json = web_session_data.to_json
467
+ log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
468
+
469
+ session_encoded = Base64.encode64(session_json)
470
+ response.set_cookie(
471
+ 'j1.web.session',
472
+ domain: false,
473
+ value: session_encoded.to_s,
474
+ path: '/'
475
+ )
476
+
477
+ log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
478
+ allowed_users = providers["#{provider}"]['users'].join(',')
479
+ redirect "/page_validation?provider=#{provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
480
+ end
481
+
482
+ time = Time.now.ctime.to_s
483
+ log_info! 'PreFlight', 'AuthCheck', 'Pass to requested page', "#{requested_page}"
484
+ log_info! 'PreFlight', 'AuthCheck', 'Set X-Response-Headers'
485
+
486
+ # See: https://stackoverflow.com/questions/10438276/how-to-disable-static-file-caching-in-rails-3-thin-on-windows
487
+ # response.headers["Cache-Control"] = 'no-cache, no-store, max-age=0, must-revalidate'
488
+ # response.headers["Pragma"] = 'no-cache'
489
+ # response.headers["Expires"] = 'Fri, 01 Jan 1990 00:00:00 GMT'
490
+ response.headers['X-J1-AuthManager'] = "page-validated;category=#{category};called=" + time
491
+ pass
492
+ else
493
+ log_info! 'PreFlight', 'AuthCheck', 'User detected', 'signed out'
494
+ default_provider = permissions[:"#{category}"][0]
495
+ log_info! 'PreFlight', 'AuthCheck', 'Set default provider', "#{default_provider}"
496
+
497
+ strategy = providers["#{default_provider}"]['strategy']
498
+ provider_strategy = :"#{strategy}"
499
+
500
+ log_info! 'PreFlight', 'AuthCheck', 'Start processing provider', "#{default_provider}"
501
+ log_info! 'PreFlight', 'AuthCheck', 'Authentication strategy', "#{provider_strategy}"
502
+
503
+ case provider_strategy
504
+
505
+ when :org
506
+ warden.authenticate!
507
+ github_organization_authenticate! ENV['GITHUB_ORG_NAME']
508
+ logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} organization"
509
+
510
+ when :team
511
+ warden.authenticate!
512
+ github_team_authenticate! ENV['GITHUB_TEAM_ID']
513
+ logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
514
+
515
+ when :teams
516
+ warden.authenticate!
517
+ github_teams_authenticate! ENV['GITHUB_TEAM_IDS'].split(',')
518
+ logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
519
+
520
+ when :member
521
+ log_info! 'PreFlight', 'AuthCheck', 'Process authentication strategy'
522
+
523
+ if env['HTTP_COOKIE'].include? 'j1.web.session'
524
+ session_encoded = request.cookies['j1.web.session']
525
+ session_decoded = Base64.decode64(session_encoded)
526
+ log_info! 'PreFlight', 'Cookie', 'Read web session data' # "#{session_decoded}"
527
+ web_session_data = JSON.parse(session_decoded)
528
+ end
529
+
530
+ # Update cookie data
531
+ # ----------------------------------------------------------------------
532
+ web_session_data['provider_url'] = providers["#{default_provider}"]['provider_url']
533
+ web_session_data['users_allowed'] = providers["#{default_provider}"]['users']
534
+ web_session_data['provider_permissions'] = providers["#{default_provider}"]['permissions']
535
+ web_session_data['requested_page'] = env['REQUEST_URI']
536
+ web_session_data['writer'] = 'middleware'
537
+
538
+ # write updated J1 session cookie
539
+ #
540
+ session_json = web_session_data.to_json
541
+ session_encoded = Base64.encode64(session_json)
542
+ log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
543
+
544
+ response.set_cookie(
545
+ 'j1.web.session',
546
+ domain: false,
547
+ value: session_encoded.to_s,
548
+ path: '/'
549
+ )
550
+
551
+ allowed_users = providers["#{default_provider}"]['users'].join(',')
552
+ requested_page = env['REQUEST_URI']
553
+
554
+ log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
555
+ redirect "/page_validation?provider=#{default_provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
556
+ else
557
+ raise J1App::ConfigError
558
+ end
559
+
560
+ end
561
+ end
562
+ end
563
+
564
+
565
+ # ==========================================================================
566
+ # API ENDPOINTS (Sinatra HANDLERS)
567
+ # ==========================================================================
568
+
569
+ # ENDPOINT authentication (called from WEB by auth client)
570
+ # --------------------------------------------------------------------------
571
+ get '/authentication' do
572
+ # collect (common) GET parameter|s
573
+ #
574
+ request = params.fetch('request')
575
+ provider = params.fetch('provider')
576
+
577
+ log_info! 'API', 'Authentication', 'Authentication request received'
578
+
579
+ # SignIn
580
+ # ------------------------------------------------------------------------
581
+ if request === 'signin'
582
+
583
+ log_info! 'Authentication', 'SignIn', 'Called for provider', "#{provider}"
584
+
585
+ # collect (additional) GET parameter|s
586
+ # ----------------------------------------------------------------------
587
+ allowed_users = params.fetch('allowed_users')
588
+
589
+ web_session_data['users_allowed'] = allowed_users
590
+ web_session_data['writer'] = 'middleware'
591
+
592
+ # Write updated J1 session data to cookie
593
+ # --------------------------------------------------------------------
594
+ session_json = web_session_data.to_json
595
+ log_info! 'Authentication', 'Cookie', 'Write web session data', "#{session_json}"
596
+
597
+ session_encoded = Base64.encode64(session_json)
598
+ response.set_cookie(
599
+ 'j1.web.session',
600
+ domain: false,
601
+ value: session_encoded.to_s,
602
+ path: '/'
603
+ )
604
+
605
+ if warden.authenticated?
606
+ log_info! 'Authentication', 'SignIn', 'User already signed in', "#{warden.user[:info]['nickname']} "
607
+ else
608
+ log_info! 'Authentication', 'SignIn', 'Initiate OmniAuth authentication'
609
+
610
+ # Make (really) sure that old session is cleared before login
611
+ # --------------------------------------------------------------------
612
+ warden.logout
613
+ session.clear
614
+ warden.authenticate! :"omni_#{provider}"
615
+ end
616
+ # SignOut
617
+ # ------------------------------------------------------------------------
618
+ elsif request === 'signout'
619
+ # collect (additional) GET parameter|s
620
+ provider_signout = params.fetch('provider_signout')
621
+ log_info! 'Authentication', 'SignOut', 'Called for provider', #{provider}"
622
+
623
+ if warden.authenticated?
624
+ user = warden.user[:info]['nickname']
625
+ provider = warden.user[:provider]
626
+ provider_url = web_session_data['provider_url']
627
+ log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
628
+ warden.logout
629
+ session.clear
630
+
631
+ # Read current J1 web session cookie
632
+ # --------------------------------------------------------------------
633
+ if env['HTTP_COOKIE'].include? 'j1.web.session'
634
+ session_encoded = env['rack.request.cookie_hash']['j1.web.session']
635
+ session_decoded = Base64.decode64(session_encoded)
636
+ log_info! 'Authentication', 'Cookie', 'Read web session data' # #{session_decoded}"
637
+ web_session_data = JSON.parse(session_decoded)
638
+ else
639
+ web_session_data['requested_page'] = env['REQUEST_URI']
640
+ end
641
+
642
+ # Update J1 web session data
643
+ # --------------------------------------------------------------------
644
+ web_session_data['user_name'] = 'visitor'
645
+ web_session_data['user_id'] = 'unknown'
646
+ web_session_data['users_allowed'] = 'all'
647
+ web_session_data['payment_status'] = 'unknown'
648
+ web_session_data['provider'] = 'j1'
649
+ web_session_data['provider_url'] = 'https://jekyll.one'
650
+ web_session_data['provider_permissions'] = 'public'
651
+ web_session_data['authenticated'] = 'false'
652
+ web_session_data['writer'] = 'middleware'
653
+
654
+ # Write updated J1 session data to cookie
655
+ # --------------------------------------------------------------------
656
+ session_json = web_session_data.to_json
657
+ log_info! 'Authentication', 'Cookie', 'Write web session data', "#{session_json}"
658
+
659
+ session_encoded = Base64.encode64(session_json)
660
+ response.set_cookie(
661
+ 'j1.web.session',
662
+ domain: false,
663
+ value: session_encoded.to_s,
664
+ path: '/'
665
+ )
666
+
667
+ if provider_signout === 'true'
668
+ log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
669
+ log_info! 'Authentication', 'SignOut', 'Sign out from', "#{provider}"
670
+ log_info! 'Authentication', 'Redirect', 'Pass to provider', "#{provider_url}"
671
+ redirect "#{provider_url}"
672
+ else
673
+ log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
674
+ log_info! 'Authentication', 'SignOut', 'Sign out from', "session"
675
+
676
+ # If signed out, redirect ONLY for PUBLIC pages
677
+ # ------------------------------------------------------------------
678
+ if redirect_whitelisted?
679
+ # Update J1 web session data
680
+ # --------------------------------------------------------------------
681
+ web_session_data['requested_page']
682
+ web_session_data['user_name'] = 'visitor'
683
+ web_session_data['user_id'] = 'unknown'
684
+ web_session_data['users_allowed'] = 'all'
685
+ web_session_data['payment_status'] = 'unknown'
686
+ web_session_data['provider'] = 'j1'
687
+ web_session_data['provider_url'] = 'https://jekyll.one'
688
+ web_session_data['provider_permissions'] = 'public'
689
+ web_session_data['authenticated'] = 'false'
690
+ web_session_data['writer'] = 'middleware'
691
+
692
+ # Write updated J1 session data to cookie
693
+ # --------------------------------------------------------------------
694
+ session_json = web_session_data.to_json
695
+ log_info! 'Authentication', 'Redirect', 'Write web session data', "#{session_json}"
696
+
697
+ session_encoded = Base64.encode64(session_json)
698
+ response.set_cookie(
699
+ 'j1.web.session',
700
+ domain: false,
701
+ value: session_encoded.to_s,
702
+ path: '/'
703
+ )
704
+ log_info! 'Authentication', 'Redirect', 'Pass to page', "#{web_session_data['requested_page']}"
705
+ redirect web_session_data['requested_page']
706
+ else
707
+ log_info! 'Authentication', 'Redirect', 'Redirect NOT whitelisted'
708
+ # Update J1 web session data
709
+ # --------------------------------------------------------------------
710
+ web_session_data['user_name'] = 'visitor'
711
+ web_session_data['user_id'] = 'unknown'
712
+ web_session_data['users_allowed'] = 'all'
713
+ web_session_data['payment_status'] = 'unknown'
714
+ web_session_data['provider'] = 'j1'
715
+ web_session_data['provider_url'] = 'https://jekyll.one'
716
+ web_session_data['provider_permissions'] = 'public'
717
+ web_session_data['authenticated'] = 'false'
718
+ web_session_data['writer'] = 'middleware'
719
+
720
+ # Write updated J1 session data to cookie
721
+ # --------------------------------------------------------------------
722
+ session_json = web_session_data.to_json
723
+ log_info! 'Authentication', 'Redirect', 'Write web session data', "#{session_json}"
724
+
725
+ session_encoded = Base64.encode64(session_json)
726
+ response.set_cookie(
727
+ 'j1.web.session',
728
+ domain: false,
729
+ value: session_encoded.to_s,
730
+ path: '/'
731
+ )
732
+ log_info! 'Authentication', 'Redirect', 'Pass to page', "/"
733
+ redirect '/'
734
+ end
735
+ end
736
+ else
737
+ # THIS condition should NEVER REACHED because NO logout dialog
738
+ # (modal) is provided by the auth client if a user isn't signed in.
739
+ # Kept this alternative for cases something went wrong.
740
+ # --------------------------------------------------------------------
741
+ log_info! 'Authentication', 'API', 'DEAD PATH: Called for sign out', 'NOT signed in'
742
+
743
+ # Read current J1 session cookie
744
+ # --------------------------------------------------------------------
745
+ if env['HTTP_COOKIE'].include? 'j1.web.session'
746
+ session_encoded = env['rack.request.cookie_hash']['j1.web.session']
747
+ session_decoded = Base64.decode64(session_encoded)
748
+ web_session_data = JSON.parse(session_decoded)
749
+
750
+ log_info! 'Authentication', 'Cookie', 'DEAD PATH. Read web session data' # #{session_decoded}"
751
+ else
752
+ web_session_data['requested_page'] = env['REQUEST_URI']
753
+ end
754
+
755
+ # Update J1 web session data
756
+ # --------------------------------------------------------------------
757
+ web_session_data['user_name'] = 'visitor'
758
+ web_session_data['user_id'] = 'unknown'
759
+ web_session_data['users_allowed'] = 'all'
760
+ web_session_data['payment_status'] = 'unknown'
761
+ web_session_data['provider'] = 'j1'
762
+ web_session_data['provider_url'] = 'https://jekyll.one'
763
+ web_session_data['provider_permissions'] = 'public'
764
+ web_session_data['authenticated'] = 'false'
765
+ web_session_data['writer'] = 'middleware'
766
+
767
+ # Write updated J1 session data to cookie
768
+ # --------------------------------------------------------------------
769
+ session_json = web_session_data.to_json
770
+ log_info! 'Authentication', 'Cookie', 'DEAD PATH. Write web session data', "#{session_json}"
771
+
772
+ session_encoded = Base64.encode64(session_json)
773
+ response.set_cookie(
774
+ 'j1.web.session',
775
+ domain: false,
776
+ value: session_encoded.to_s,
777
+ path: '/'
778
+ )
779
+
780
+ log_info! 'Post Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{web_session_data['requested_page']}"
781
+ redirect web_session_data['requested_page']
782
+ end
783
+ else
784
+ raise J1App::ConfigError
785
+ end
786
+ end
787
+ # END: get '/authentication'
788
+ # --------------------------------------------------------------------------
789
+
790
+ # ENDPOINT post_authentication (called after a user is back from OAuth Provider)
791
+ # --------------------------------------------------------------------------
792
+ get '/post_authentication' do
793
+ reward = {
794
+ :id => 'unknown',
795
+ :name => 'unknown',
796
+ :link => '#'
797
+ }
798
+ campaign = {
799
+ :id => 'unknown',
800
+ :link => '#'
801
+ }
802
+
803
+ log_info! 'API', 'Post Authentication', 'Identification request received'
804
+
805
+ log_info! 'Post Authentication', 'Cookie', 'Read web session data'
806
+ session_encoded = request.cookies['j1.web.session']
807
+ session_decoded = Base64.decode64(session_encoded)
808
+ web_session_data = JSON.parse(session_decoded)
809
+
810
+ user = warden.user
811
+ user_json = user.to_json
812
+
813
+ if user[:provider] === 'disqus'
814
+ user[:info][:urls][:site] = "https://disqus.com"
815
+ user[:info][:urls][:home] = user[:info]['urls']['profileUrl']
816
+ user[:info][:urls][:blog] = "https://disqus.com/by/juergen_adams/"
817
+ user[:info][:urls][:member] = user[:info]['urls']['profileUrl']
818
+ end
819
+
820
+ if user[:provider] === 'github'
821
+ user[:info][:urls][:site] = "https://github.com"
822
+ user[:info][:urls][:home] = user[:info]['urls']['GitHub']
823
+ user[:info][:urls][:blog] = "https://github.com/jekyll-one"
824
+ user[:info][:urls][:member] = user[:info]['urls']['Blog']
825
+ end
826
+
827
+ if user[:provider] === 'patreon'
828
+
829
+ user[:info][:urls][:site] = "https://patreon.com"
830
+ user[:info][:urls][:home] = "https://patreon.com/home"
831
+ user[:info][:urls][:blog] = "https://patreon.com/jekyll_one"
832
+
833
+ unless user[:info]['payment_info'].empty?
834
+ reward_url = user[:info]['payment_info']['relationships']['reward']['links']['related']
835
+ reward_json = RestClient.get "#{reward_url}", {:content_type => :json, :accept => :json}
836
+ reward_data = JSON.parse(reward_json)
837
+ user[:info][:urls][:member] = "https://patreon.com" + reward_data['data']['attributes']['url']
838
+ user[:info][:payment_status] = user[:info]['payment_info']['attributes']['declined_since'].nil? ? 'true' : 'false'
839
+ else
840
+ reward_url = ""
841
+ reward_json = ""
842
+ reward_data = ""
843
+ user[:info][:payment_status] = 'false'
844
+ end
845
+
846
+ unless reward_data.empty?
847
+ reward[:id] = reward_data['data']['id']
848
+ reward[:name] = reward_data['data']['attributes']['title']
849
+ reward[:link] = "https://patreon.com" + reward_data['data']['attributes']['url']
850
+ campaign[:id] = reward_data['data']['relationships']['campaign']['data']['id']
851
+ campaign[:link] = reward_data['data']['relationships']['campaign']['links']['related']
852
+ else
853
+ reward[:id] = ""
854
+ reward[:name] = "no tiers"
855
+ reward[:link] = ""
856
+ campaign[:id] = ""
857
+ campaign[:link] = ""
858
+ end
859
+ end
860
+
861
+ user[:extra][:reward] = reward
862
+ user[:extra][:campaign] = campaign
863
+
864
+ if user.nil?
865
+ # Collection of session data failed (e.g cookie > 4K)
866
+ #
867
+ log_info! 'Post Authentication', 'Identification', 'Internal error', 'User identification failed'
868
+ warden.logout
869
+ session.clear
870
+ log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
871
+ description_title = "Access Denied"
872
+ redirect "/access_denied?provider=unknown&user=unknown&category=unknown&title=#{description_title}"
873
+ else
874
+ log_info! 'Post Authentication', 'Identification', 'User identified successfully'
875
+ log_info! 'Post Authentication', 'Cookie', 'Update web session data' # "#{web_session_data}"
876
+ web_session_data['user_name'] = user[:info]['nickname']
877
+ web_session_data['user_id'] = user[:uid]
878
+ web_session_data['provider'] = user[:provider]
879
+ web_session_data['provider_membership'] = 'member'
880
+ web_session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
881
+ web_session_data['authenticated'] = 'true'
882
+ web_session_data['payment_status'] = user[:info][:payment_status]
883
+ web_session_data['writer'] = 'middleware'
884
+
885
+ current_user = user[:info]['nickname'] = user[:info]['nickname']
886
+ current_provider = user[:provider]
887
+
888
+ web_session_data['requested_page'].scan(/(protected|private)/) do |match|
889
+
890
+ # Set category from requested page
891
+ #
892
+ category = match[0]
893
+ log_info! 'Post Authentication', 'Identification', 'Process content type', "#{category}"
894
+
895
+ # Check if user is allowed to access protected content in GENERAL
896
+ #
897
+ log_info! 'Post Authentication', 'Identification', 'Check for allowed users'
898
+ unless web_session_data['users_allowed'].include? 'all'
899
+ unless web_session_data['users_allowed'].include? "#{current_user}"
900
+ log_info! 'Post Authentication', 'Identification', 'User not allowed', "#{current_user}"
901
+ log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
902
+ log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
903
+ warden.logout
904
+ session.clear
905
+ log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
906
+ description_title = "Access Denied"
907
+ redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
908
+ end
909
+ end
910
+ log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
911
+
912
+ # Check conditions to access protected content (if any)
913
+ #
914
+ log_info! 'Post Authentication', 'Identification', 'Check for conditions', "#{current_provider}"
915
+ check_conditions = providers["#{user[:provider]}"]['conditions'][category]['enabled']
916
+ if check_conditions
917
+
918
+ if providers["#{user[:provider]}"]['conditions'][category]['users']['whitelist'].nil?
919
+ category_whitelist = 'all'
920
+ else
921
+ category_whitelist = providers["#{user[:provider]}"]['conditions'][category]['users']['whitelist']
922
+ end
923
+
924
+ # Check if user is BLACKLISTED
925
+ #
926
+ blacklist = providers["#{user[:provider]}"]['conditions'][category]['users']['blacklist']
927
+ if blacklist.include? "#{current_user}"
928
+ log_info! 'Post Authentication', 'Identification', 'Check blacklisting'
929
+ log_info! 'Post Authentication', 'Identification', 'User blacklisted', "#{current_user}"
930
+ user[:info][:blacklisted] = 'true'
931
+ log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
932
+ warden.logout
933
+ session.clear
934
+ log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
935
+ description_title = "Access Denied"
936
+ redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
937
+ end
938
+
939
+ log_info! 'Post Authentication', 'Identification', 'Check whitelisting'
940
+ if category_whitelisted? category_whitelist, current_user
941
+ user[:info][:whitelisted] = 'true'
942
+ reward[:name] = 'whitelisted'
943
+ log_info! 'Post Authentication', 'Identification', 'User whitelisted', "#{current_user}"
944
+ log_info! 'Post Authentication', 'Identification', 'Reward set to', 'Whitelisted'
945
+ else
946
+ log_info! 'Post Authentication', 'Identification', 'No whitelisting found', "#{current_user}"
947
+ end
948
+
949
+ log_info! 'Post Authentication', 'Identification', 'Check conditions'
950
+ unless category_whitelisted? category_whitelist, current_user
951
+ log_info! 'Post Authentication', 'Identification', 'Check rewards'
952
+ payment_tiers = providers["#{user[:provider]}"]['conditions'][category]['payment']['activated']
953
+ log_info! 'Post Authentication', 'Identification', 'Check rewards', "#{current_user}"
954
+ if payment_activated? payment_tiers
955
+ log_info! 'Post Authentication', 'Identification', 'Reward found', "#{reward[:name]}"
956
+
957
+ # Check if any payment exists for that user
958
+ #
959
+ log_info! 'Post Authentication', 'Identification', 'Check payment status'
960
+ if user[:info]['payment_info'].empty?
961
+ log_info! 'Post Authentication', 'Identification', 'Payment status: NOT AVAILABLE', "#{current_user}"
962
+ log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
963
+ warden.logout
964
+ session.clear
965
+ log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
966
+ description_title = "Access Denied"
967
+ redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
968
+ end
969
+
970
+ # Check for VALID payments (scope: pledge-to-me)
971
+ #
972
+ payment_status = user[:info]['payment_info']['attributes']['declined_since']
973
+ unless payment_valid? payment_status
974
+ log_info! 'Post Authentication', 'Identification', 'Payment status INVALID', "#{current_user}"
975
+ log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
976
+ warden.logout
977
+ session.clear
978
+ log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
979
+ description_title = "Access Denied"
980
+ redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
981
+ else
982
+ log_info! 'Post Authentication', 'Identification', 'Payment status VALID', "#{current_user}"
983
+ end
984
+ end
985
+
986
+ end
987
+ # end category_whitelisted
988
+ else
989
+ category_condition_state = providers["#{user[:provider]}"]['conditions'][category]['enabled']
990
+ log_info! 'Post Authentication', 'Identification', 'Category check failed for', "#{current_provider}"
991
+ log_info! 'Post Authentication', 'Identification', "Category checked", "#{category}"
992
+ log_info! 'Post Authentication', 'Identification', "Category support", "#{category_condition_state}"
993
+ warden.logout
994
+ session.clear
995
+ log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
996
+ description_title = "Access Denied"
997
+ redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
998
+ end
999
+ # end check conditions
1000
+
1001
+ end
1002
+ # end protected content
1003
+ end
1004
+ # end user.nil?
1005
+
1006
+ # redirect authenticated|validated user to requested page
1007
+ #
1008
+ web_session_data['provider'] = current_provider
1009
+ web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
1010
+
1011
+ # TODO: Add membership|product specific data for the SideBar
1012
+
1013
+ # write updated J1 session data to cookie
1014
+ #
1015
+ session_json = web_session_data.to_json
1016
+ log_info! 'Post Authentication', 'Cookie', 'Write web session data', "#{session_json}"
1017
+
1018
+ session_encoded = Base64.encode64(session_json)
1019
+ response.set_cookie(
1020
+ 'j1.web.session',
1021
+ domain: false,
1022
+ value: session_encoded.to_s,
1023
+ path: '/'
1024
+ )
1025
+
1026
+ time = Time.now.ctime.to_s
1027
+
1028
+ log_info! 'Post Authentication', 'Identification', 'Provider', "#{user[:provider]}"
1029
+ log_info! 'Post Authentication', 'Identification', 'User', "#{user[:info]['nickname']}"
1030
+ log_info! 'Post Authentication', 'Redirect', 'Set Last-Modified', "#{time}"
1031
+ log_info! 'Post Authentication', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
1032
+
1033
+
1034
+ response.headers['Last-Modified'] = time
1035
+ response.headers['Cache-Control'] = 'private,max-age=0,must-revalidate,no-store'
1036
+ redirect web_session_data['requested_page']
1037
+
1038
+ end
1039
+ # END: get /post_authentication
1040
+ # --------------------------------------------------------------------------
1041
+
1042
+
1043
+ # ENDPOINT status (called from WEB to get current state of an user)
1044
+ # --------------------------------------------------------------------------
1045
+ get '/status' do
1046
+ session_encoded = request.cookies['j1.web.session']
1047
+ session_decoded = Base64.decode64(session_encoded)
1048
+ web_session_data = JSON.parse(session_decoded)
1049
+
1050
+ log_info! 'API', 'Status Request', 'Info request received'
1051
+
1052
+ # if request.warden.user.respond_to?(:info)
1053
+ #
1054
+ if warden.authenticated?
1055
+ user_name = warden.user[:info]['nickname']
1056
+ user_id = warden.user[:uid]
1057
+ provider = warden.user[:provider]
1058
+ provider_permissions = web_session_data['provider_permissions']
1059
+ provider_site_url = warden.user[:info][:urls][:site]
1060
+ provider_home_url = warden.user[:info][:urls][:home]
1061
+ provider_blog_url = warden.user[:info][:urls][:blog]
1062
+ provider_member_url = warden.user[:info][:urls][:member]
1063
+
1064
+ if provider == 'patreon'
1065
+ provider_membership = warden.user[:extra][:reward][:name]
1066
+ provider_member_url = warden.user[:extra][:reward][:link]
1067
+ else
1068
+ provider_membership = 'member'
1069
+ provider_member_url = '#'
1070
+ end
1071
+
1072
+ log_info! 'API', 'Status Request', 'User detected as signed in', "#{user_name}"
1073
+ else
1074
+ user_name = 'unknown'
1075
+ log_info! 'API', 'Status Request', 'User detected', 'signed out'
1076
+ end
1077
+
1078
+ # if request.warden.authenticated?
1079
+ #
1080
+ if user_name != 'unknown'
1081
+ log_info! 'API', 'Status Request', 'Send data', 'SIGNED_IN'
1082
+ content_type 'application/json'
1083
+ {
1084
+ user_name: user_name,
1085
+ user_id: user_id,
1086
+ provider: provider,
1087
+ provider_membership: provider_membership,
1088
+ provider_permissions: provider_permissions,
1089
+ provider_site_url: provider_site_url,
1090
+ provider_home_url: provider_home_url,
1091
+ provider_blog_url: provider_blog_url,
1092
+ provider_member_url: provider_member_url,
1093
+ status: 'signed in'
1094
+ }.to_json
1095
+ else
1096
+ log_info! 'API', 'Status Request', 'Send data', 'SIGNED_OUT'
1097
+ content_type 'application/json'
1098
+ {
1099
+ user_name: 'visitor',
1100
+ user_id: 'unknown',
1101
+ provider: 'j1',
1102
+ provider_membership: 'guest',
1103
+ provider_permissions: 'public',
1104
+ provider_site_url: '#',
1105
+ provider_home_url: '#',
1106
+ provider_blog_url: '#',
1107
+ provider_member_url: '#',
1108
+ status: 'signed out'
1109
+ }.to_json
1110
+ end
1111
+ end
1112
+ # END: get /status
1113
+ # --------------------------------------------------------------------------
1114
+
1115
+ # ENDPOINT cookie_consent (exception, called from the app|auth manager)
1116
+ # --------------------------------------------------------------------------
1117
+ get '/cookie_consent' do
1118
+ provider = params.fetch('provider')
1119
+ category = params.fetch('category')
1120
+ user = params.fetch('user')
1121
+ requested_page = params.fetch('requested_page')
1122
+ description_title = params.fetch('title')
1123
+
1124
+ log_info! 'API', 'ExceptionHandler', 'Request received'
1125
+ log_info! 'ExceptionHandler', 'ERROR', 'Cookies declined'
1126
+ log_info! 'ExceptionHandler', 'Redirect', 'Pass to dialog page', 'Cookie Consent'
1127
+
1128
+ # Capitalize first char
1129
+ provider = provider.sub(/^./, &:upcase)
1130
+ route = requested_page
1131
+
1132
+ @route = route
1133
+ @provider = provider
1134
+ @modal = "centralCookieConsent"
1135
+ @info_type = "danger"
1136
+ @modal_icon = "cookie"
1137
+ @modal_agreed_text = "Yes, please"
1138
+ @modal_disagreed_text = "No, thanks"
1139
+ @modal_title = "Authentication Manager"
1140
+ # @modal_description = "<h4>#{description_title}</h4><br /><br />User <b>#{user}</b> from provider <b>#{provider}</b> requested access on <b>#{category}</b> pages.<br /> In order to continue, you need to accept on <b>Cookies</b>."
1141
+ @modal_description = "<h4>#{description_title}</h4><br /><br /> In order to continue, you need to accept on <b>Cookies</b>."
1142
+
1143
+ erb :auth_manager_ui
1144
+ end
1145
+ # END: get /cookies_rejected
1146
+ # --------------------------------------------------------------------------
1147
+
1148
+
1149
+ # ENDPOINT access_denied (exception, called from the app|auth manager)
1150
+ # --------------------------------------------------------------------------
1151
+ get '/access_denied' do
1152
+ provider = params.fetch('provider')
1153
+ category = params.fetch('category')
1154
+ user = params.fetch('user')
1155
+ description_title = params.fetch('title')
1156
+
1157
+ log_info! 'API', 'ExceptionHandler', 'Request received'
1158
+ log_info! 'ExceptionHandler', 'ERROR', 'Access Denied'
1159
+
1160
+ session_encoded = request.cookies['j1.web.session']
1161
+ session_decoded = Base64.decode64(session_encoded)
1162
+ web_session_data = JSON.parse(session_decoded)
1163
+
1164
+ # Update J1 web session data
1165
+ # --------------------------------------------------------------------
1166
+ web_session_data['user_name'] = user
1167
+ # web_session_data['user_id'] = 'unknown'
1168
+ # web_session_data['users_allowed'] = 'unknown'
1169
+ # web_session_data['payment_status'] = 'unknown'
1170
+ web_session_data['provider'] = provider
1171
+ # web_session_data['provider_url'] = 'unknown'
1172
+ # web_session_data['provider_permissions'] = 'unknown'
1173
+ # web_session_data['authenticated'] = 'false'
1174
+ web_session_data['writer'] = 'middleware'
1175
+
1176
+ log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
1177
+
1178
+ # write updated J1 session data to cookie
1179
+ #
1180
+ session_json = web_session_data.to_json
1181
+ session_encoded = Base64.encode64(session_json)
1182
+ response.set_cookie(
1183
+ 'j1.web.session',
1184
+ domain: false,
1185
+ value: session_encoded.to_s,
1186
+ path: '/'
1187
+ )
1188
+
1189
+ log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', "Access Denied"
1190
+
1191
+ # Capitalize first char
1192
+ provider = provider.sub(/^./, &:upcase)
1193
+ route = '/'
1194
+
1195
+ @route = route
1196
+ @provider = provider
1197
+ @modal = "centralModalInfo"
1198
+ @info_type = "danger"
1199
+ @modal_icon = "account-off"
1200
+ @modal_ok_text = "Ok, understood"
1201
+ @modal_title = "Authentication Manager"
1202
+ @modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
1203
+
1204
+ erb :auth_manager_ui
1205
+ end
1206
+ # END: get '/access_denied'
1207
+ # --------------------------------------------------------------------------
1208
+
1209
+
1210
+ # ENDPOINT invalid_funds (exception, called from the app|auth manager)
1211
+ # --------------------------------------------------------------------------
1212
+ get '/invalid_funds' do
1213
+ provider = params.fetch('provider')
1214
+ category = params.fetch('category')
1215
+ user = params.fetch('user')
1216
+ description_title = params.fetch('title')
1217
+
1218
+ log_info! 'API', 'ExceptionHandler', 'Request received'
1219
+ log_info! 'ExceptionHandler', 'ERROR', 'Invalid Funds'
1220
+
1221
+ session_encoded = request.cookies['j1.web.session']
1222
+ session_decoded = Base64.decode64(session_encoded)
1223
+ web_session_data = JSON.parse(session_decoded)
1224
+
1225
+ # Update J1 web session data
1226
+ # --------------------------------------------------------------------
1227
+ web_session_data['user_name'] = user
1228
+ # web_session_data['user_id'] = 'unknown'
1229
+ # web_session_data['users_allowed'] = 'unknown'
1230
+ # web_session_data['payment_status'] = 'unknown'
1231
+ web_session_data['provider'] = provider
1232
+ # web_session_data['provider_url'] = 'unknown'
1233
+ # web_session_data['provider_permissions'] = 'unknown'
1234
+ # web_session_data['authenticated'] = 'false'
1235
+ web_session_data['writer'] = 'middleware'
1236
+
1237
+ log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
1238
+
1239
+ # write updated J1 session data to cookie
1240
+ #
1241
+ log_info! 'API', 'Exception Handler', 'ERROR', 'Invalid Funds'
1242
+ session_json = web_session_data.to_json
1243
+ session_encoded = Base64.encode64(session_json)
1244
+ response.set_cookie(
1245
+ 'j1.web.session',
1246
+ domain: false,
1247
+ value: session_encoded.to_s,
1248
+ path: '/'
1249
+ )
1250
+
1251
+ log_info! 'ExceptionHandler', 'Redirect', 'Pass to error page', 'Invalid Funds'
1252
+
1253
+ # Capitalize first char
1254
+ provider = provider.sub(/^./, &:upcase)
1255
+ route = '/'
1256
+
1257
+ @route = route
1258
+ @provider = provider
1259
+ @modal = "centralModalInfo"
1260
+ @info_type = "danger"
1261
+ @modal_icon = "account-off"
1262
+ @modal_ok_text = "Ok, understood"
1263
+ @modal_title = "Authentication Manager"
1264
+ @modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
1265
+
1266
+ erb :auth_manager_ui
1267
+ end
1268
+ # END: get /invalid_funds
1269
+ # --------------------------------------------------------------------------
1270
+
1271
+
1272
+ # access_protected_content ENDPOINT called from the app (auth manager)
1273
+ # --------------------------------------------------------------------------
1274
+ get '/page_validation' do
1275
+ provider = params.fetch('provider')
1276
+ allowed_users = params.fetch('allowed_users')
1277
+ page = params.fetch('page')
1278
+ category = params.fetch('category')
1279
+
1280
+ log_info! 'API', 'PageAccessControl', 'PageValidate request received'
1281
+
1282
+ # Capitalize first char
1283
+ # provider = provider.sub(/^./, &:upcase)
1284
+
1285
+ log_info! 'PageAccessControl', 'AuthCheck', 'Check provider', "#{provider}"
1286
+ # jadams, 2019-03-16: Hier ist das Problem
1287
+ #
1288
+ if warden.authenticated?
1289
+ log_info! 'PageAccessControl', 'AuthCheck', 'Grant access for', "#{provider}"
1290
+ log_info! 'PageAccessControl', 'Redirect', 'Pass to page', "#{page}"
1291
+ route = page
1292
+ else
1293
+ log_info! 'PageAccessControl', 'AuthCheck', 'Authentication failed', "#{provider}"
1294
+ route = "/authentication?request=signin&provider=#{provider}&allowed_users=#{allowed_users}"
1295
+ end
1296
+
1297
+ log_info! 'PageAccessControl', 'Redirect', 'Pass to SignIn dialog, page', "#{page}"
1298
+ # Capitalize first char
1299
+ provider = provider.sub(/^./, &:upcase)
1300
+
1301
+ @provider = provider
1302
+ @route = route
1303
+ @modal = "signInProtectedContent"
1304
+ @modal_icon = "login"
1305
+ @modal_agreed_text = "Yes, please"
1306
+ @modal_disagreed_text = "No, thanks"
1307
+ @modal_title = "SignIn"
1308
+ @modal_image = "/assets/images/master_header/admin-dashboard-bootstrap-1280x600.png"
1309
+ @modal_description = "The page <b>#{page}</b> you requested belongs to <b>#{category}</b> content. You'll be redirected to authenticate with the provider <b>#{provider}</b>. If signed in successfully, you get access to all <b>#{category} pages</b>."
1310
+
1311
+ erb :auth_manager_ui
1312
+ end
1313
+ # END: get '/page_validation
1314
+ # --------------------------------------------------------------------------
1315
+
1316
+ # ENDPOINT iframe
1317
+ # --------------------------------------------------------------------------
1318
+ get '/iframe' do
1319
+ @website_url = "https://jekyll-one.github.io/"
1320
+ erb :iframe
1321
+ end
1322
+
1323
+ # Workaround to rescue OmniAuth::Strategies::OAuth2::CallbackError?
1324
+ # for chromium based browsers (e.g. google-chrome)
1325
+ # ------------------------------------------------------------------------
1326
+ get '/redirect_requested_page' do
1327
+ log_info! 'Fallback', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
1328
+ redirect web_session_data['requested_page']
1329
+ end
1330
+ # END: get /iframe
1331
+ # --------------------------------------------------------------------------
1332
+ end
1333
+ end