j1_template_mde 2018.4.31 → 2018.4.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/_includes/themes/j1/layouts/layout_metadata_generator.html +5 -6
- data/_includes/themes/j1/layouts/layout_shim_generator.html +20 -2
- data/_includes/themes/j1/layouts/layout_theme_generator.html +2 -2
- data/_includes/themes/j1/modules/connectors/{analytic/google → ad/custom-provider.html} +7 -16
- data/_includes/themes/j1/modules/connectors/ad/google-adsense.html +6 -6
- data/_includes/themes/j1/modules/connectors/ads +23 -8
- data/_includes/themes/j1/modules/connectors/analytic/custom-provider.html +32 -0
- data/_includes/themes/j1/modules/connectors/analytic/google-analytics.html +38 -0
- data/_includes/themes/j1/modules/connectors/analytics +16 -17
- data/_includes/themes/j1/modules/connectors/comment/custom-provider.html +31 -0
- data/_includes/themes/j1/modules/connectors/comment/disqus.html +3 -3
- data/_includes/themes/j1/modules/connectors/comment/facebook.html +31 -0
- data/_includes/themes/j1/modules/connectors/comments +14 -12
- data/_includes/themes/j1/modules/connectors/sharing +3 -10
- data/_includes/themes/j1/modules/navigator/generator.html +17 -12
- data/_includes/themes/j1/modules/navigator/procedures/quicklinks.proc +37 -27
- data/_includes/themes/j1/modules/navigator/procedures/sidebar.proc +3 -3
- data/_includes/themes/j1/procedures/layouts/module_writer.proc +4 -4
- data/_includes/themes/j1/procedures/layouts/resource_writer.proc +6 -6
- data/lib/j1/version.rb +1 -1
- data/lib/j1_app/j1_auth_manager/_unused/auth_manager.before_merge_added.rb +1267 -0
- data/lib/j1_app/j1_auth_manager/_unused/auth_manager.update.web_cookie.rb +1333 -0
- data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.2.erb +198 -0
- data/lib/j1_app/j1_auth_manager/_unused/auth_manager_ui.additional_inits.erb +254 -0
- data/lib/j1_app/j1_auth_manager/auth_manager.rb +361 -275
- data/lib/j1_app/j1_auth_manager/config.rb +9 -9
- data/lib/j1_app/j1_auth_manager/helpers.rb +60 -2
- data/lib/j1_app/j1_auth_manager/views/auth_manager_ui.erb +123 -37
- data/lib/starter_web/Gemfile +1 -1
- data/lib/starter_web/_config.yml +42 -32
- data/lib/starter_web/_data/j1_config.yml +46 -56
- data/lib/starter_web/_data/j1_resources.yml +25 -5
- data/lib/starter_web/_data/layouts/default.yml +10 -0
- data/lib/starter_web/_data/modules/j1_cookie_consent.yml +120 -0
- data/lib/starter_web/_data/modules/j1_log4javascript.yml +24 -22
- data/lib/starter_web/_data/modules/j1_navigator.yml +61 -50
- data/lib/starter_web/_data/modules/j1_navigator_menu.yml +32 -11
- data/lib/starter_web/_data/tables/country.asciidoc +252 -0
- data/lib/starter_web/assets/data/_authclient.html +365 -0
- data/lib/starter_web/assets/data/authclient.html +213 -222
- data/lib/starter_web/assets/data/cookie_consent.html +261 -0
- data/lib/starter_web/assets/data/countries.json +974 -0
- data/lib/starter_web/assets/data/footer.html +17 -26
- data/lib/starter_web/assets/data/menu.html +20 -21
- data/lib/starter_web/assets/images/icons/j1/scalable/j1v2.svg +1 -1
- data/lib/starter_web/assets/images/master_header/admin-bootstrap.jpg +0 -0
- data/lib/starter_web/assets/images/pages/roundtrip/package.json +16 -16
- data/lib/starter_web/assets/themes/j1/core/css/theme_extensions.css +1313 -1219
- data/lib/starter_web/assets/themes/j1/core/css/theme_extensions.min.css +1 -1
- data/lib/starter_web/assets/themes/j1/core/css/uno.css +1251 -1219
- data/lib/starter_web/assets/themes/j1/core/css/uno.min.css +1 -1
- data/lib/starter_web/assets/themes/j1/core/css/vendor.css +72 -72
- data/lib/starter_web/assets/themes/j1/core/css/vendor.min.css +2 -2
- data/lib/starter_web/assets/themes/j1/core/js/adapter/algolia.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/back2top.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/bs_gallery.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/cookie_consent.js +345 -0
- data/lib/starter_web/assets/themes/j1/core/js/adapter/custom.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/lightbox.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/logger.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/master_header.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/navigator.js +254 -190
- data/lib/starter_web/assets/themes/j1/core/js/adapter/scroller.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/searcher.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/stickybits.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/switcher.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/adapter/template.js +432 -97
- data/lib/starter_web/assets/themes/j1/core/js/adapter/toccer.js +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/template.js +15 -15
- data/lib/starter_web/assets/themes/j1/core/js/template.js.map +1 -1
- data/lib/starter_web/assets/themes/j1/core/js/template.min.js +1 -1
- data/lib/starter_web/assets/themes/j1/extensions/cookiebar/js/cookiebar.js +277 -0
- data/lib/starter_web/assets/themes/j1/{core/js/adapter/cookiebar.js → extensions/cookiebar/js/j1cookiebar.js} +1 -1
- data/lib/starter_web/collections/_biography/becoming.adoc +1 -1
- data/lib/starter_web/collections/_biography/born-to-run.adoc +1 -1
- data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/attributes.asciidoc +0 -0
- data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/documents/100-docker-using-shared-folders.asciidoc +0 -0
- data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/documents/loop.sh +0 -0
- data/lib/starter_web/collections/posts/{premium → private}/series/_posts/000_includes/tables/debug_variables.asciidoc +0 -0
- data/lib/starter_web/collections/posts/{premium → private}/series/_posts/2018-11-01-docker-using-shared-folders.adoc +0 -0
- data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/000_includes/attributes.asciidoc +0 -0
- data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/000_includes/tables/debug_variables.asciidoc +0 -0
- data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/2016-11-20-minneapolis.adoc +0 -0
- data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/2016-11-24-narcisse-snake-dens.adoc +0 -0
- data/lib/starter_web/collections/posts/{private → protected}/wikipedia/_posts/2016-11-26-columbia-river.adoc +1 -1
- data/lib/starter_web/collections/posts/public/featured/_posts/2019-04-12-about-cookies.adoc +175 -0
- data/lib/starter_web/collections/posts/public/{featured → jekyll}/_posts/2018-05-01-confusion-about-base-url.adoc +0 -0
- data/lib/starter_web/index.html +4 -1
- data/lib/starter_web/package.json +1 -1
- data/lib/starter_web/pages/{premium → private}/bookshelf/100_about_jekyll_collections.adoc +1 -1
- data/lib/starter_web/pages/{premium → private}/bookshelf/200_book_shelf_biography.adoc +1 -1
- data/lib/starter_web/pages/{premium → private}/bookshelf/300_book_shelf_fantasy.adoc +1 -1
- data/lib/starter_web/pages/{premium → private}/bookshelf/400_book_shelf_romance.adoc +1 -1
- data/lib/starter_web/pages/{private → protected}/TeamUp/000_includes/attributes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/TeamUp/index.adoc +3 -3
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/attributes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/100_absolute_sizes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/110_bs_grid_sizes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/120_relative_sizes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/200_rotate.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/300_flip.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/400_spin_pulsed.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/500_bw_color_palette.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/510_bs_color_palette.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/600_md_color_palette.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/601_md_color_palette_indigo.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/mdi_icons/602_md_color_palette_pink.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/100_bs_sizes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/100_relative_sizes.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/200_rotate.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/300_flip.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/000_includes/tables/twitter_emoji/400_spin_pulsed.asciidoc +0 -0
- data/lib/starter_web/pages/{private → protected}/previewer/justified_gallery.html +1 -1
- data/lib/starter_web/pages/{private → protected}/previewer/mdi_icons_preview.adoc +1 -1
- data/lib/starter_web/pages/{private → protected}/previewer/twitter_emoji_preview.adoc +1 -1
- data/lib/starter_web/pages/public/about/about_you.adoc +139 -0
- data/lib/starter_web/pages/public/legal/de/100_impress.adoc +26 -15
- data/lib/starter_web/pages/public/legal/de/200_terms_of_use.adoc +2 -2
- data/lib/starter_web/pages/public/legal/en/100_impress.adoc +65 -53
- data/lib/starter_web/pages/public/legal/en/200_terms_of_use.adoc +11 -8
- data/lib/starter_web/pages/public/legal/en/300_privacy.adoc +46 -68
- data/lib/starter_web/pages/public/legal/en/400_license_agreement.adoc +72 -74
- data/lib/starter_web/pages/public/legal/en/eu/cookie.policy.asciidoc +55 -0
- data/lib/starter_web/pages/public/previewer/bootstrap_theme.adoc +1 -1
- data/lib/starter_web/pages/public/start/roundtrip/700_extended_modals.adoc +71 -53
- metadata +60 -44
- data/_includes/themes/j1/modules/connectors/analytic/googleUA +0 -44
- data/lib/starter_web/_data/modules/j1_cookiebar.yml +0 -65
- data/lib/starter_web/_unused/package.json.new +0 -125
|
@@ -68,17 +68,34 @@ module J1App
|
|
|
68
68
|
# Base App and Warden Framework settings
|
|
69
69
|
# ==========================================================================
|
|
70
70
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
71
|
+
session_data = {}
|
|
72
|
+
|
|
73
|
+
# web_session_data = {
|
|
74
|
+
# :authenticated => 'false',
|
|
75
|
+
# :requested_page => '/',
|
|
76
|
+
# :user_name => 'unknown',
|
|
77
|
+
# :users_allowed => 'unknown',
|
|
78
|
+
# :user_id => 'unknown',
|
|
79
|
+
# :provider => 'unknown',
|
|
80
|
+
# :provider_url => '/',
|
|
81
|
+
# :payment_info => 'unknown',
|
|
82
|
+
# :permissions => 'unknown',
|
|
83
|
+
# :writer => 'middleware'
|
|
84
|
+
# }
|
|
85
|
+
|
|
86
|
+
web_session_data = {
|
|
87
|
+
:authenticated => 'false',
|
|
88
|
+
:requested_page => '/',
|
|
89
|
+
:user_name => 'visitor',
|
|
90
|
+
:users_allowed => 'all',
|
|
91
|
+
:user_id => 'unknown',
|
|
92
|
+
:provider => 'j1',
|
|
93
|
+
:provider_membership => 'guest',
|
|
94
|
+
:provider_url => 'https://jekyll.one',
|
|
95
|
+
:payment_info => 'unknown',
|
|
96
|
+
:provider_permissions => 'public',
|
|
97
|
+
:creator => 'middleware',
|
|
98
|
+
:writer => 'middleware'
|
|
82
99
|
}
|
|
83
100
|
|
|
84
101
|
# Enable SSL for the rack session if configured
|
|
@@ -90,10 +107,15 @@ module J1App
|
|
|
90
107
|
# for the authentication service
|
|
91
108
|
# --------------------------------------------------------------------------
|
|
92
109
|
use Rack::Session::Cookie,
|
|
93
|
-
http_only: true,
|
|
110
|
+
http_only: true, # if set to 'true', make session cookie visible to the browser (document) for HTTP
|
|
94
111
|
key: 'j1.app.session',
|
|
95
112
|
secret: ENV['J1_SESSION_SECRET'] || SecureRandom.hex
|
|
96
113
|
|
|
114
|
+
# use Rack::Cache do |config|
|
|
115
|
+
# #
|
|
116
|
+
# # ------------------------------------------------------------------------
|
|
117
|
+
# config.middleware.delete(Rack::Cache)
|
|
118
|
+
# end
|
|
97
119
|
|
|
98
120
|
# ==========================================================================
|
|
99
121
|
# Warden Framework initialisation
|
|
@@ -110,7 +132,6 @@ module J1App
|
|
|
110
132
|
user
|
|
111
133
|
end
|
|
112
134
|
|
|
113
|
-
|
|
114
135
|
# ==========================================================================
|
|
115
136
|
# OmniAuth|Warden Framework initialisation
|
|
116
137
|
# ==========================================================================
|
|
@@ -225,17 +246,23 @@ module J1App
|
|
|
225
246
|
log_info! "ROOT", "Prepare", 'Web Session'
|
|
226
247
|
|
|
227
248
|
# read existing/current cookie 'j1.web.session' to update all data
|
|
228
|
-
# of
|
|
249
|
+
# of web_session_data (hash) otherwise set initial data
|
|
229
250
|
# ------------------------------------------------------------------------
|
|
230
251
|
unless env['HTTP_COOKIE'] == nil
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
252
|
+
log_info! "ROOT", 'Cookie', 'Read current web session data'
|
|
253
|
+
web_session_data = readCookie('j1.web.session')
|
|
254
|
+
data_json = web_session_data.to_json
|
|
255
|
+
log_info! "ROOT", 'Cookie', 'Current web session data', "#{data_json}"
|
|
256
|
+
|
|
257
|
+
# if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
258
|
+
# session_encoded = request.cookies['j1.web.session']
|
|
259
|
+
# session_decoded = Base64.decode64(session_encoded)
|
|
260
|
+
# web_session_data = JSON.parse(session_decoded)
|
|
261
|
+
# end
|
|
262
|
+
|
|
236
263
|
else
|
|
237
264
|
requested_page = env['REQUEST_URI']
|
|
238
|
-
|
|
265
|
+
session_data['requested_page'] = "#{env['REQUEST_URI']}"
|
|
239
266
|
end
|
|
240
267
|
|
|
241
268
|
# Create|Initialize the J1 web session cookie
|
|
@@ -245,39 +272,40 @@ module J1App
|
|
|
245
272
|
|
|
246
273
|
user = warden.user
|
|
247
274
|
log_info! "ROOT", 'AuthCheck', 'User detected as signed in', "#{user[:provider]}"
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
275
|
+
session_data['authenticated'] = 'true'
|
|
276
|
+
session_data['requested_page'] = '/'
|
|
277
|
+
session_data['user_name'] = user[:info]['nickname']
|
|
278
|
+
session_data['users_allowed'] = providers["#{user[:provider]}"]['users']
|
|
279
|
+
session_data['user_id'] = user[:uid]
|
|
280
|
+
session_data['provider'] = user[:provider]
|
|
281
|
+
session_data['provider_membership'] = 'member'
|
|
282
|
+
session_data['provider_url'] = providers["#{user[:provider]}"]['provider_url']
|
|
283
|
+
session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
284
|
+
session_data['payment_status'] = user[:info][:payment_status]
|
|
257
285
|
else
|
|
258
286
|
log_info! "ROOT", 'AuthCheck', 'User detected', 'signed out'
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
287
|
+
session_data['authenticated'] = 'false'
|
|
288
|
+
# session_data['requested_page'] = '/'
|
|
289
|
+
session_data['users_allowed'] = 'all'
|
|
290
|
+
session_data['user_name'] = 'visitor'
|
|
291
|
+
session_data['user_id'] = 'unknown'
|
|
292
|
+
session_data['payment_status'] = 'unknown'
|
|
293
|
+
session_data['provider'] = 'j1'
|
|
294
|
+
session_data['provider_membership'] = 'guest'
|
|
295
|
+
session_data['provider_url'] = 'https://jekyll.one'
|
|
296
|
+
session_data['provider_permissions'] = 'public'
|
|
268
297
|
end
|
|
269
|
-
|
|
298
|
+
session_data['writer'] = 'middleware'
|
|
299
|
+
session_data['creator'] = 'middleware'
|
|
270
300
|
|
|
271
|
-
|
|
272
|
-
|
|
301
|
+
web_session_data = merge( web_session_data, session_data )
|
|
302
|
+
|
|
303
|
+
data_json = session_data.to_json
|
|
304
|
+
log_info! "ROOT", 'Cookie', 'Merge current user data', "#{data_json}"
|
|
273
305
|
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
domain: false,
|
|
278
|
-
value: session_encoded.to_s,
|
|
279
|
-
path: '/'
|
|
280
|
-
)
|
|
306
|
+
data_json = web_session_data.to_json
|
|
307
|
+
log_info! "ROOT", 'Cookie', 'Update web session data', "#{data_json}"
|
|
308
|
+
writeCookie('j1.web.session', data_json)
|
|
281
309
|
end
|
|
282
310
|
|
|
283
311
|
# General page detection (page auth pre-flight)
|
|
@@ -287,64 +315,79 @@ module J1App
|
|
|
287
315
|
log_info! 'AuthManager', 'PreFlight', 'Initial checks initiated'
|
|
288
316
|
|
|
289
317
|
# read existing/current cookie 'j1.web.session'
|
|
290
|
-
# to update all data of
|
|
318
|
+
# to update all data of web_session_data (hash)
|
|
291
319
|
# if request.warden.user.respond_to?(:info)
|
|
292
320
|
# ------------------------------------------------------------------------
|
|
321
|
+
|
|
322
|
+
#web_session_data = readCookie('j1.web.session')
|
|
323
|
+
|
|
293
324
|
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
294
325
|
session_encoded = request.cookies['j1.web.session']
|
|
295
326
|
session_decoded = Base64.decode64(session_encoded)
|
|
296
|
-
|
|
327
|
+
# See: https://stackoverflow.com/questions/86653/how-can-i-pretty-format-my-json-output-in-ruby-on-rails
|
|
328
|
+
session_pretty = JSON.pretty_generate(session_decoded)
|
|
329
|
+
web_session_data = JSON.parse(session_decoded)
|
|
297
330
|
|
|
298
|
-
log_info! 'PreFlight', 'Cookie', 'Read web session data'
|
|
331
|
+
log_info! 'PreFlight', 'Cookie', 'Read web session data', "#{session_decoded}" # ,"#{session_pretty}"
|
|
299
332
|
else
|
|
300
333
|
requested_page = env['REQUEST_URI']
|
|
301
|
-
|
|
334
|
+
session_data['requested_page'] = "#{env['REQUEST_URI']}"
|
|
302
335
|
end
|
|
303
336
|
|
|
304
337
|
# Create|Initialize the J1 web session cookie
|
|
305
338
|
# ------------------------------------------------------------------------
|
|
306
|
-
log_info! 'PreFlight', 'AuthCheck', 'Check authentication
|
|
339
|
+
log_info! 'PreFlight', 'AuthCheck', 'Check authentication state'
|
|
307
340
|
if warden.authenticated?
|
|
308
341
|
user = warden.user
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
342
|
+
session_data['authenticated'] = 'true'
|
|
343
|
+
session_data['user_name'] = user[:info]['nickname']
|
|
344
|
+
session_data['user_id'] = user[:uid]
|
|
345
|
+
session_data['provider'] = user[:provider]
|
|
346
|
+
session_data['provider_url'] = providers["#{user[:provider]}"]['provider_url']
|
|
347
|
+
session_data['users_allowed'] = providers["#{user[:provider]}"]['users']#
|
|
348
|
+
session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
349
|
+
session_data['provider_membership'] = 'member'
|
|
350
|
+
session_data['payment_status'] = user[:info][:payment_status]
|
|
351
|
+
session_data['writer'] = 'middleware'
|
|
352
|
+
|
|
353
|
+
web_session_data = merge( web_session_data, session_data )
|
|
319
354
|
log_info! 'PreFlight', 'AuthCheck', 'User authenticated', "#{user[:info]['nickname']}"
|
|
320
355
|
|
|
321
|
-
session_json =
|
|
322
|
-
log_info! 'PreFlight', 'Cookie', 'Write web session data'
|
|
356
|
+
session_json = web_session_data.to_json
|
|
357
|
+
log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
|
|
358
|
+
writeCookie('j1.web.session', session_json)
|
|
323
359
|
|
|
324
|
-
session_encoded = Base64.encode64(session_json)
|
|
325
|
-
response.set_cookie(
|
|
326
|
-
'j1.web.session',
|
|
327
|
-
domain: false,
|
|
328
|
-
value: session_encoded.to_s,
|
|
329
|
-
path: '/'
|
|
330
|
-
)
|
|
331
360
|
end
|
|
332
361
|
|
|
333
362
|
# User state|content detection for implicit authentication
|
|
334
363
|
# ------------------------------------------------------------------------
|
|
335
364
|
log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'disabled' if authentication_enabled? == false
|
|
336
|
-
log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
|
|
365
|
+
log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
|
|
337
366
|
pass if authentication_enabled? == false
|
|
338
367
|
|
|
339
368
|
log_info! 'PreFlight', 'CheckConfig', 'Authentication check', 'enabled'
|
|
340
|
-
log_info! 'PreFlight', 'DetectContent', 'Public content
|
|
369
|
+
log_info! 'PreFlight', 'DetectContent', 'Public content detected' if public_content?
|
|
341
370
|
log_info! 'PreFlight', 'DetectContent', 'Pass all public content' if public_content?
|
|
342
371
|
pass if public_content?
|
|
343
372
|
|
|
373
|
+
log_info! 'PreFlight', 'DetectCookieConsent', 'Cookie Consent', "#{web_session_data['cookies_accepted']}"
|
|
374
|
+
|
|
375
|
+
# if web_session_data['cookies_accepted'] === 'declined'
|
|
376
|
+
# requested_page = env['REQUEST_URI']
|
|
377
|
+
# requested_page.scan(/(protected|private)/) do |match|
|
|
378
|
+
# category = match[0]
|
|
379
|
+
# log_info! 'PreFlight', 'DetectContent', 'Content detected as', "#{category}"
|
|
380
|
+
# log_info! 'PreFlight', 'Redirect', 'Pass to dialog page (Cookie Consent)'
|
|
381
|
+
# description_title = "Cookie consent declined"
|
|
382
|
+
# redirect "/cookie_consent?provider=#{web_session_data['provider']}&user=#{web_session_data['user_name']}&category=#{category}&requested_page=#{requested_page}&title=#{description_title}"
|
|
383
|
+
# #redirect requested_page
|
|
384
|
+
# end
|
|
385
|
+
# end
|
|
386
|
+
|
|
344
387
|
log_info! 'PreFlight', 'DetectContent', 'Check content type'
|
|
345
388
|
|
|
346
389
|
requested_page = env['REQUEST_URI']
|
|
347
|
-
requested_page.scan(/(private
|
|
390
|
+
requested_page.scan(/(protected|private)/) do |match|
|
|
348
391
|
|
|
349
392
|
category = match[0]
|
|
350
393
|
log_info! 'PreFlight', 'DetectContent', 'Content type detected', "#{category}"
|
|
@@ -360,11 +403,11 @@ module J1App
|
|
|
360
403
|
strategy = providers["#{current_provider}"]['strategy']
|
|
361
404
|
provider_strategy = :"#{strategy}"
|
|
362
405
|
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
406
|
+
web_session_data['user_name'] = user_name
|
|
407
|
+
web_session_data['provider_url'] = providers["#{current_provider}"]['provider_url']
|
|
408
|
+
web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
|
|
409
|
+
web_session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
410
|
+
web_session_data['requested_page'] = requested_page
|
|
368
411
|
|
|
369
412
|
log_info! 'PreFlight', 'ContentCheck', 'Check permissions'
|
|
370
413
|
if permissions[:"#{category}"].include? current_provider
|
|
@@ -413,8 +456,8 @@ module J1App
|
|
|
413
456
|
warden.logout
|
|
414
457
|
session.clear
|
|
415
458
|
|
|
416
|
-
session_json =
|
|
417
|
-
log_info! 'PreFlight', 'Cookie', 'Write web session data'
|
|
459
|
+
session_json = web_session_data.to_json
|
|
460
|
+
log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
|
|
418
461
|
|
|
419
462
|
session_encoded = Base64.encode64(session_json)
|
|
420
463
|
response.set_cookie(
|
|
@@ -428,7 +471,16 @@ module J1App
|
|
|
428
471
|
allowed_users = providers["#{provider}"]['users'].join(',')
|
|
429
472
|
redirect "/page_validation?provider=#{provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
|
|
430
473
|
end
|
|
474
|
+
|
|
475
|
+
time = Time.now.ctime.to_s
|
|
431
476
|
log_info! 'PreFlight', 'AuthCheck', 'Pass to requested page', "#{requested_page}"
|
|
477
|
+
log_info! 'PreFlight', 'AuthCheck', 'Set X-Response-Headers'
|
|
478
|
+
|
|
479
|
+
# See: https://stackoverflow.com/questions/10438276/how-to-disable-static-file-caching-in-rails-3-thin-on-windows
|
|
480
|
+
# response.headers["Cache-Control"] = 'no-cache, no-store, max-age=0, must-revalidate'
|
|
481
|
+
# response.headers["Pragma"] = 'no-cache'
|
|
482
|
+
# response.headers["Expires"] = 'Fri, 01 Jan 1990 00:00:00 GMT'
|
|
483
|
+
response.headers['X-J1-AuthManager'] = "page-validated;category=#{category};called=" + time
|
|
432
484
|
pass
|
|
433
485
|
else
|
|
434
486
|
log_info! 'PreFlight', 'AuthCheck', 'User detected', 'signed out'
|
|
@@ -446,17 +498,17 @@ module J1App
|
|
|
446
498
|
when :org
|
|
447
499
|
warden.authenticate!
|
|
448
500
|
github_organization_authenticate! ENV['GITHUB_ORG_NAME']
|
|
449
|
-
logger.info "Hi There, #{
|
|
501
|
+
logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} organization"
|
|
450
502
|
|
|
451
503
|
when :team
|
|
452
504
|
warden.authenticate!
|
|
453
505
|
github_team_authenticate! ENV['GITHUB_TEAM_ID']
|
|
454
|
-
logger.info "Hi There, #{
|
|
506
|
+
logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
|
|
455
507
|
|
|
456
508
|
when :teams
|
|
457
509
|
warden.authenticate!
|
|
458
510
|
github_teams_authenticate! ENV['GITHUB_TEAM_IDS'].split(',')
|
|
459
|
-
logger.info "Hi There, #{
|
|
511
|
+
logger.info "Hi There, #{web_session_data[:user_name]}! You have access to the #{params['id']} team"
|
|
460
512
|
|
|
461
513
|
when :member
|
|
462
514
|
log_info! 'PreFlight', 'AuthCheck', 'Process authentication strategy'
|
|
@@ -465,34 +517,27 @@ module J1App
|
|
|
465
517
|
session_encoded = request.cookies['j1.web.session']
|
|
466
518
|
session_decoded = Base64.decode64(session_encoded)
|
|
467
519
|
log_info! 'PreFlight', 'Cookie', 'Read web session data' # "#{session_decoded}"
|
|
468
|
-
|
|
520
|
+
web_session_data = JSON.parse(session_decoded)
|
|
469
521
|
end
|
|
470
522
|
|
|
471
523
|
# Update cookie data
|
|
472
524
|
# ----------------------------------------------------------------------
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
525
|
+
web_session_data['provider_url'] = providers["#{default_provider}"]['provider_url']
|
|
526
|
+
web_session_data['users_allowed'] = providers["#{default_provider}"]['users']
|
|
527
|
+
web_session_data['provider_permissions'] = providers["#{default_provider}"]['permissions']
|
|
528
|
+
web_session_data['requested_page'] = env['REQUEST_URI']
|
|
529
|
+
web_session_data['writer'] = 'middleware'
|
|
478
530
|
|
|
479
531
|
# write updated J1 session cookie
|
|
480
532
|
#
|
|
481
|
-
session_json =
|
|
482
|
-
|
|
483
|
-
|
|
533
|
+
session_json = web_session_data.to_json
|
|
534
|
+
log_info! 'PreFlight', 'Cookie', 'Write web session data', "#{session_json}"
|
|
535
|
+
writeCookie('j1.web.session', session_json)
|
|
484
536
|
|
|
485
|
-
|
|
486
|
-
'j1.web.session',
|
|
487
|
-
domain: false,
|
|
488
|
-
value: session_encoded.to_s,
|
|
489
|
-
path: '/'
|
|
490
|
-
)
|
|
537
|
+
log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
|
|
491
538
|
|
|
492
539
|
allowed_users = providers["#{default_provider}"]['users'].join(',')
|
|
493
540
|
requested_page = env['REQUEST_URI']
|
|
494
|
-
|
|
495
|
-
log_info! 'PreFlight', 'Redirect', 'Call API request', 'PageValidate'
|
|
496
541
|
redirect "/page_validation?provider=#{default_provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
|
|
497
542
|
else
|
|
498
543
|
raise J1App::ConfigError
|
|
@@ -527,13 +572,13 @@ module J1App
|
|
|
527
572
|
# ----------------------------------------------------------------------
|
|
528
573
|
allowed_users = params.fetch('allowed_users')
|
|
529
574
|
|
|
530
|
-
|
|
531
|
-
|
|
575
|
+
web_session_data['users_allowed'] = allowed_users
|
|
576
|
+
web_session_data['writer'] = 'middleware'
|
|
532
577
|
|
|
533
578
|
# Write updated J1 session data to cookie
|
|
534
579
|
# --------------------------------------------------------------------
|
|
535
|
-
session_json =
|
|
536
|
-
log_info! 'Authentication', 'Cookie', 'Write web session data' #
|
|
580
|
+
session_json = web_session_data.to_json
|
|
581
|
+
log_info! 'Authentication', 'Cookie', 'Write web session data', "#{session_json}"
|
|
537
582
|
|
|
538
583
|
session_encoded = Base64.encode64(session_json)
|
|
539
584
|
response.set_cookie(
|
|
@@ -561,117 +606,106 @@ module J1App
|
|
|
561
606
|
provider_signout = params.fetch('provider_signout')
|
|
562
607
|
log_info! 'Authentication', 'SignOut', 'Called for provider', #{provider}"
|
|
563
608
|
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
session_encoded = Base64.encode64(session_json)
|
|
665
|
-
response.set_cookie(
|
|
666
|
-
'j1.web.session',
|
|
667
|
-
domain: false,
|
|
668
|
-
value: session_encoded.to_s,
|
|
669
|
-
path: '/'
|
|
670
|
-
)
|
|
671
|
-
|
|
672
|
-
log_info! 'Post Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{j1_web_session['requested_page']}"
|
|
673
|
-
redirect j1_web_session['requested_page']
|
|
674
|
-
end
|
|
609
|
+
if warden.authenticated?
|
|
610
|
+
user = warden.user[:info]['nickname']
|
|
611
|
+
provider = warden.user[:provider]
|
|
612
|
+
provider_url = web_session_data['provider_url']
|
|
613
|
+
log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
|
|
614
|
+
warden.logout
|
|
615
|
+
session.clear
|
|
616
|
+
|
|
617
|
+
# Read current J1 web session cookie
|
|
618
|
+
# --------------------------------------------------------------------
|
|
619
|
+
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
620
|
+
session_encoded = env['rack.request.cookie_hash']['j1.web.session']
|
|
621
|
+
session_decoded = Base64.decode64(session_encoded)
|
|
622
|
+
log_info! 'Authentication', 'Cookie', 'Read web session data' # #{session_decoded}"
|
|
623
|
+
web_session_data = JSON.parse(session_decoded)
|
|
624
|
+
else
|
|
625
|
+
web_session_data['requested_page'] = env['REQUEST_URI']
|
|
626
|
+
end
|
|
627
|
+
|
|
628
|
+
# Update J1 web session data
|
|
629
|
+
# --------------------------------------------------------------------
|
|
630
|
+
web_session_data['user_name'] = 'visitor'
|
|
631
|
+
web_session_data['user_id'] = 'unknown'
|
|
632
|
+
web_session_data['users_allowed'] = 'all'
|
|
633
|
+
web_session_data['payment_status'] = 'unknown'
|
|
634
|
+
web_session_data['provider'] = 'j1'
|
|
635
|
+
web_session_data['provider_url'] = 'https://jekyll.one'
|
|
636
|
+
web_session_data['provider_membership'] = 'guest'
|
|
637
|
+
web_session_data['provider_permissions'] = 'public'
|
|
638
|
+
web_session_data['authenticated'] = 'false'
|
|
639
|
+
web_session_data['writer'] = 'middleware'
|
|
640
|
+
|
|
641
|
+
# Write updated J1 session data to cookie
|
|
642
|
+
# --------------------------------------------------------------------
|
|
643
|
+
session_json = web_session_data.to_json
|
|
644
|
+
log_info! 'Authentication', 'SignOut', 'Write web session data', "#{session_json}"
|
|
645
|
+
writeCookie('j1.web.session', session_json)
|
|
646
|
+
|
|
647
|
+
if provider_signout === 'true'
|
|
648
|
+
log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
|
|
649
|
+
log_info! 'Authentication', 'SignOut', 'Sign out from', "#{provider}"
|
|
650
|
+
log_info! 'Authentication', 'Redirect', 'Pass to provider', "#{provider_url}"
|
|
651
|
+
redirect "#{provider_url}"
|
|
652
|
+
else
|
|
653
|
+
log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
|
|
654
|
+
log_info! 'Authentication', 'SignOut', 'Sign out from', "session"
|
|
655
|
+
|
|
656
|
+
# If signed out, redirect ONLY for PUBLIC pages
|
|
657
|
+
# ------------------------------------------------------------------
|
|
658
|
+
if redirect_whitelisted?web_session_data['requested_page']
|
|
659
|
+
log_info! 'Authentication', 'Redirect', 'Pass to page', "#{web_session_data['requested_page']}"
|
|
660
|
+
redirect web_session_data['requested_page']
|
|
661
|
+
else
|
|
662
|
+
log_info! 'Authentication', 'Redirect', 'Redirect NOT whitelisted'
|
|
663
|
+
log_info! 'Authentication', 'Redirect', 'Pass to page', "/"
|
|
664
|
+
redirect '/'
|
|
665
|
+
end
|
|
666
|
+
end
|
|
667
|
+
else
|
|
668
|
+
# THIS condition should NEVER REACHED because NO logout dialog
|
|
669
|
+
# (modal) is provided by the auth client if a user isn't signed in.
|
|
670
|
+
# Kept this alternative for cases something went wrong.
|
|
671
|
+
# --------------------------------------------------------------------
|
|
672
|
+
log_info! 'Authentication', 'API', 'DEAD PATH: Called for sign out', 'NOT signed in'
|
|
673
|
+
|
|
674
|
+
# Read current J1 session cookie
|
|
675
|
+
# --------------------------------------------------------------------
|
|
676
|
+
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
677
|
+
session_encoded = env['rack.request.cookie_hash']['j1.web.session']
|
|
678
|
+
session_decoded = Base64.decode64(session_encoded)
|
|
679
|
+
web_session_data = JSON.parse(session_decoded)
|
|
680
|
+
|
|
681
|
+
log_info! 'Authentication', 'Cookie', 'DEAD PATH. Read web session data' # #{session_decoded}"
|
|
682
|
+
else
|
|
683
|
+
web_session_data['requested_page'] = env['REQUEST_URI']
|
|
684
|
+
end
|
|
685
|
+
|
|
686
|
+
# Update J1 web session data
|
|
687
|
+
# --------------------------------------------------------------------
|
|
688
|
+
web_session_data['user_name'] = 'visitor'
|
|
689
|
+
web_session_data['user_id'] = 'unknown'
|
|
690
|
+
web_session_data['users_allowed'] = 'all'
|
|
691
|
+
web_session_data['payment_status'] = 'unknown'
|
|
692
|
+
web_session_data['provider'] = 'j1'
|
|
693
|
+
web_session_data['provider_url'] = 'https://jekyll.one'
|
|
694
|
+
web_session_data['provider_membership'] = 'guest'
|
|
695
|
+
web_session_data['provider_permissions'] = 'public'
|
|
696
|
+
web_session_data['provider_membership'] = 'member'
|
|
697
|
+
web_session_data['authenticated'] = 'false'
|
|
698
|
+
web_session_data['writer'] = 'middleware'
|
|
699
|
+
|
|
700
|
+
# Write updated J1 session data to cookie
|
|
701
|
+
# --------------------------------------------------------------------
|
|
702
|
+
session_json = web_session_data.to_json
|
|
703
|
+
log_info! 'Authentication', 'Cookie', 'DEAD PATH. Write web session data', "#{session_json}"
|
|
704
|
+
writeCookie('j1.web.session', session_json)
|
|
705
|
+
|
|
706
|
+
log_info! 'Post Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{web_session_data['requested_page']}"
|
|
707
|
+
redirect web_session_data['requested_page']
|
|
708
|
+
end
|
|
675
709
|
else
|
|
676
710
|
raise J1App::ConfigError
|
|
677
711
|
end
|
|
@@ -697,7 +731,7 @@ module J1App
|
|
|
697
731
|
log_info! 'Post Authentication', 'Cookie', 'Read web session data'
|
|
698
732
|
session_encoded = request.cookies['j1.web.session']
|
|
699
733
|
session_decoded = Base64.decode64(session_encoded)
|
|
700
|
-
|
|
734
|
+
web_session_data = JSON.parse(session_decoded)
|
|
701
735
|
|
|
702
736
|
user = warden.user
|
|
703
737
|
user_json = user.to_json
|
|
@@ -764,19 +798,20 @@ module J1App
|
|
|
764
798
|
redirect "/access_denied?provider=unknown&user=unknown&category=unknown&title=#{description_title}"
|
|
765
799
|
else
|
|
766
800
|
log_info! 'Post Authentication', 'Identification', 'User identified successfully'
|
|
767
|
-
log_info! 'Post Authentication', 'Cookie', 'Update web session data' # "#{
|
|
768
|
-
|
|
769
|
-
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
774
|
-
|
|
801
|
+
log_info! 'Post Authentication', 'Cookie', 'Update web session data' # "#{web_session_data}"
|
|
802
|
+
web_session_data['user_name'] = user[:info]['nickname']
|
|
803
|
+
web_session_data['user_id'] = user[:uid]
|
|
804
|
+
web_session_data['provider'] = user[:provider]
|
|
805
|
+
web_session_data['provider_membership'] = 'member'
|
|
806
|
+
web_session_data['provider_permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
807
|
+
web_session_data['authenticated'] = 'true'
|
|
808
|
+
web_session_data['payment_status'] = user[:info][:payment_status]
|
|
809
|
+
web_session_data['writer'] = 'middleware'
|
|
775
810
|
|
|
776
|
-
current_user
|
|
777
|
-
current_provider
|
|
811
|
+
current_user = user[:info]['nickname'] = user[:info]['nickname']
|
|
812
|
+
current_provider = user[:provider]
|
|
778
813
|
|
|
779
|
-
|
|
814
|
+
web_session_data['requested_page'].scan(/(protected|private)/) do |match|
|
|
780
815
|
|
|
781
816
|
# Set category from requested page
|
|
782
817
|
#
|
|
@@ -786,10 +821,10 @@ module J1App
|
|
|
786
821
|
# Check if user is allowed to access protected content in GENERAL
|
|
787
822
|
#
|
|
788
823
|
log_info! 'Post Authentication', 'Identification', 'Check for allowed users'
|
|
789
|
-
unless
|
|
790
|
-
unless
|
|
824
|
+
unless web_session_data['users_allowed'].include? 'all'
|
|
825
|
+
unless web_session_data['users_allowed'].include? "#{current_user}"
|
|
791
826
|
log_info! 'Post Authentication', 'Identification', 'User not allowed', "#{current_user}"
|
|
792
|
-
log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{
|
|
827
|
+
log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
|
|
793
828
|
log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
|
|
794
829
|
warden.logout
|
|
795
830
|
session.clear
|
|
@@ -798,7 +833,7 @@ module J1App
|
|
|
798
833
|
redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
|
|
799
834
|
end
|
|
800
835
|
end
|
|
801
|
-
log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{
|
|
836
|
+
log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{web_session_data['users_allowed']}"
|
|
802
837
|
|
|
803
838
|
# Check conditions to access protected content (if any)
|
|
804
839
|
#
|
|
@@ -818,7 +853,7 @@ module J1App
|
|
|
818
853
|
if blacklist.include? "#{current_user}"
|
|
819
854
|
log_info! 'Post Authentication', 'Identification', 'Check blacklisting'
|
|
820
855
|
log_info! 'Post Authentication', 'Identification', 'User blacklisted', "#{current_user}"
|
|
821
|
-
user[:info][:blacklisted]
|
|
856
|
+
user[:info][:blacklisted] = 'true'
|
|
822
857
|
log_info! 'Post Authentication', 'Identification', 'Logout user from current session', "#{current_user}"
|
|
823
858
|
warden.logout
|
|
824
859
|
session.clear
|
|
@@ -876,6 +911,16 @@ module J1App
|
|
|
876
911
|
|
|
877
912
|
end
|
|
878
913
|
# end category_whitelisted
|
|
914
|
+
else
|
|
915
|
+
category_condition_state = providers["#{user[:provider]}"]['conditions'][category]['enabled']
|
|
916
|
+
log_info! 'Post Authentication', 'Identification', 'Category check failed for', "#{current_provider}"
|
|
917
|
+
log_info! 'Post Authentication', 'Identification', "Category checked", "#{category}"
|
|
918
|
+
log_info! 'Post Authentication', 'Identification', "Category support", "#{category_condition_state}"
|
|
919
|
+
warden.logout
|
|
920
|
+
session.clear
|
|
921
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
|
|
922
|
+
description_title = "Access Denied"
|
|
923
|
+
redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
|
|
879
924
|
end
|
|
880
925
|
# end check conditions
|
|
881
926
|
|
|
@@ -886,15 +931,15 @@ module J1App
|
|
|
886
931
|
|
|
887
932
|
# redirect authenticated|validated user to requested page
|
|
888
933
|
#
|
|
889
|
-
|
|
890
|
-
|
|
934
|
+
web_session_data['provider'] = current_provider
|
|
935
|
+
web_session_data['users_allowed'] = providers["#{current_provider}"]['users']
|
|
891
936
|
|
|
892
937
|
# TODO: Add membership|product specific data for the SideBar
|
|
893
938
|
|
|
894
939
|
# write updated J1 session data to cookie
|
|
895
940
|
#
|
|
896
|
-
session_json =
|
|
897
|
-
log_info! 'Post Authentication', 'Cookie', 'Write web session data'
|
|
941
|
+
session_json = web_session_data.to_json
|
|
942
|
+
log_info! 'Post Authentication', 'Cookie', 'Write web session data', "#{session_json}"
|
|
898
943
|
|
|
899
944
|
session_encoded = Base64.encode64(session_json)
|
|
900
945
|
response.set_cookie(
|
|
@@ -904,10 +949,17 @@ module J1App
|
|
|
904
949
|
path: '/'
|
|
905
950
|
)
|
|
906
951
|
|
|
952
|
+
time = Time.now.ctime.to_s
|
|
953
|
+
|
|
907
954
|
log_info! 'Post Authentication', 'Identification', 'Provider', "#{user[:provider]}"
|
|
908
955
|
log_info! 'Post Authentication', 'Identification', 'User', "#{user[:info]['nickname']}"
|
|
909
|
-
log_info! 'Post Authentication', 'Redirect', '
|
|
910
|
-
|
|
956
|
+
log_info! 'Post Authentication', 'Redirect', 'Set Last-Modified', "#{time}"
|
|
957
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
|
|
958
|
+
|
|
959
|
+
|
|
960
|
+
response.headers['Last-Modified'] = time
|
|
961
|
+
response.headers['Cache-Control'] = 'private,max-age=0,must-revalidate,no-store'
|
|
962
|
+
redirect web_session_data['requested_page']
|
|
911
963
|
|
|
912
964
|
end
|
|
913
965
|
# END: get /post_authentication
|
|
@@ -919,7 +971,7 @@ module J1App
|
|
|
919
971
|
get '/status' do
|
|
920
972
|
session_encoded = request.cookies['j1.web.session']
|
|
921
973
|
session_decoded = Base64.decode64(session_encoded)
|
|
922
|
-
|
|
974
|
+
web_session_data = JSON.parse(session_decoded)
|
|
923
975
|
|
|
924
976
|
log_info! 'API', 'Status Request', 'Info request received'
|
|
925
977
|
|
|
@@ -929,7 +981,7 @@ module J1App
|
|
|
929
981
|
user_name = warden.user[:info]['nickname']
|
|
930
982
|
user_id = warden.user[:uid]
|
|
931
983
|
provider = warden.user[:provider]
|
|
932
|
-
provider_permissions =
|
|
984
|
+
provider_permissions = web_session_data['provider_permissions']
|
|
933
985
|
provider_site_url = warden.user[:info][:urls][:site]
|
|
934
986
|
provider_home_url = warden.user[:info][:urls][:home]
|
|
935
987
|
provider_blog_url = warden.user[:info][:urls][:blog]
|
|
@@ -939,7 +991,7 @@ module J1App
|
|
|
939
991
|
provider_membership = warden.user[:extra][:reward][:name]
|
|
940
992
|
provider_member_url = warden.user[:extra][:reward][:link]
|
|
941
993
|
else
|
|
942
|
-
provider_membership = '
|
|
994
|
+
provider_membership = 'member'
|
|
943
995
|
provider_member_url = '#'
|
|
944
996
|
end
|
|
945
997
|
|
|
@@ -970,11 +1022,11 @@ module J1App
|
|
|
970
1022
|
log_info! 'API', 'Status Request', 'Send data', 'SIGNED_OUT'
|
|
971
1023
|
content_type 'application/json'
|
|
972
1024
|
{
|
|
973
|
-
user_name: '
|
|
1025
|
+
user_name: 'visitor',
|
|
974
1026
|
user_id: 'unknown',
|
|
975
|
-
provider: '
|
|
976
|
-
provider_membership: '
|
|
977
|
-
provider_permissions: '
|
|
1027
|
+
provider: 'j1',
|
|
1028
|
+
provider_membership: 'guest',
|
|
1029
|
+
provider_permissions: 'public',
|
|
978
1030
|
provider_site_url: '#',
|
|
979
1031
|
provider_home_url: '#',
|
|
980
1032
|
provider_blog_url: '#',
|
|
@@ -986,6 +1038,40 @@ module J1App
|
|
|
986
1038
|
# END: get /status
|
|
987
1039
|
# --------------------------------------------------------------------------
|
|
988
1040
|
|
|
1041
|
+
# ENDPOINT cookie_consent (exception, called from the app|auth manager)
|
|
1042
|
+
# --------------------------------------------------------------------------
|
|
1043
|
+
get '/cookie_consent' do
|
|
1044
|
+
provider = params.fetch('provider')
|
|
1045
|
+
category = params.fetch('category')
|
|
1046
|
+
user = params.fetch('user')
|
|
1047
|
+
requested_page = params.fetch('requested_page')
|
|
1048
|
+
description_title = params.fetch('title')
|
|
1049
|
+
|
|
1050
|
+
log_info! 'API', 'ExceptionHandler', 'Request received'
|
|
1051
|
+
log_info! 'ExceptionHandler', 'ERROR', 'Cookies declined'
|
|
1052
|
+
log_info! 'ExceptionHandler', 'Redirect', 'Pass to dialog page', 'Cookie Consent'
|
|
1053
|
+
|
|
1054
|
+
# Capitalize first char
|
|
1055
|
+
provider = provider.sub(/^./, &:upcase)
|
|
1056
|
+
route = requested_page
|
|
1057
|
+
|
|
1058
|
+
@route = route
|
|
1059
|
+
@provider = provider
|
|
1060
|
+
@modal = "centralCookieConsent"
|
|
1061
|
+
@info_type = "danger"
|
|
1062
|
+
@modal_icon = "cookie"
|
|
1063
|
+
@modal_agreed_text = "Yes, please"
|
|
1064
|
+
@modal_disagreed_text = "No, thanks"
|
|
1065
|
+
@modal_title = "Authentication Manager"
|
|
1066
|
+
# @modal_description = "<h4>#{description_title}</h4><br /><br />User <b>#{user}</b> from provider <b>#{provider}</b> requested access on <b>#{category}</b> pages.<br /> In order to continue, you need to accept on <b>Cookies</b>."
|
|
1067
|
+
@modal_description = "<h4>#{description_title}</h4><br /><br /> In order to continue, you need to accept on <b>Cookies</b>."
|
|
1068
|
+
|
|
1069
|
+
erb :auth_manager_ui
|
|
1070
|
+
end
|
|
1071
|
+
# END: get /cookies_rejected
|
|
1072
|
+
# --------------------------------------------------------------------------
|
|
1073
|
+
|
|
1074
|
+
|
|
989
1075
|
# ENDPOINT access_denied (exception, called from the app|auth manager)
|
|
990
1076
|
# --------------------------------------------------------------------------
|
|
991
1077
|
get '/access_denied' do
|
|
@@ -999,25 +1085,25 @@ module J1App
|
|
|
999
1085
|
|
|
1000
1086
|
session_encoded = request.cookies['j1.web.session']
|
|
1001
1087
|
session_decoded = Base64.decode64(session_encoded)
|
|
1002
|
-
|
|
1088
|
+
web_session_data = JSON.parse(session_decoded)
|
|
1003
1089
|
|
|
1004
1090
|
# Update J1 web session data
|
|
1005
1091
|
# --------------------------------------------------------------------
|
|
1006
|
-
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
|
|
1010
|
-
|
|
1011
|
-
|
|
1012
|
-
|
|
1013
|
-
|
|
1014
|
-
|
|
1015
|
-
|
|
1016
|
-
log_info! 'ExceptionHandler', 'Cookie', 'Write web session data'
|
|
1092
|
+
web_session_data['user_name'] = user
|
|
1093
|
+
# web_session_data['user_id'] = 'unknown'
|
|
1094
|
+
# web_session_data['users_allowed'] = 'unknown'
|
|
1095
|
+
# web_session_data['payment_status'] = 'unknown'
|
|
1096
|
+
web_session_data['provider'] = provider
|
|
1097
|
+
# web_session_data['provider_url'] = 'unknown'
|
|
1098
|
+
# web_session_data['provider_permissions'] = 'unknown'
|
|
1099
|
+
# web_session_data['authenticated'] = 'false'
|
|
1100
|
+
web_session_data['writer'] = 'middleware'
|
|
1101
|
+
|
|
1102
|
+
log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
|
|
1017
1103
|
|
|
1018
1104
|
# write updated J1 session data to cookie
|
|
1019
1105
|
#
|
|
1020
|
-
session_json =
|
|
1106
|
+
session_json = web_session_data.to_json
|
|
1021
1107
|
session_encoded = Base64.encode64(session_json)
|
|
1022
1108
|
response.set_cookie(
|
|
1023
1109
|
'j1.web.session',
|
|
@@ -1060,26 +1146,26 @@ module J1App
|
|
|
1060
1146
|
|
|
1061
1147
|
session_encoded = request.cookies['j1.web.session']
|
|
1062
1148
|
session_decoded = Base64.decode64(session_encoded)
|
|
1063
|
-
|
|
1149
|
+
web_session_data = JSON.parse(session_decoded)
|
|
1064
1150
|
|
|
1065
1151
|
# Update J1 web session data
|
|
1066
1152
|
# --------------------------------------------------------------------
|
|
1067
|
-
|
|
1068
|
-
|
|
1069
|
-
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
|
|
1074
|
-
|
|
1075
|
-
|
|
1076
|
-
|
|
1077
|
-
log_info! 'ExceptionHandler', 'Cookie', 'Write web session data'
|
|
1153
|
+
web_session_data['user_name'] = user
|
|
1154
|
+
# web_session_data['user_id'] = 'unknown'
|
|
1155
|
+
# web_session_data['users_allowed'] = 'unknown'
|
|
1156
|
+
# web_session_data['payment_status'] = 'unknown'
|
|
1157
|
+
web_session_data['provider'] = provider
|
|
1158
|
+
# web_session_data['provider_url'] = 'unknown'
|
|
1159
|
+
# web_session_data['provider_permissions'] = 'unknown'
|
|
1160
|
+
# web_session_data['authenticated'] = 'false'
|
|
1161
|
+
web_session_data['writer'] = 'middleware'
|
|
1162
|
+
|
|
1163
|
+
log_info! 'ExceptionHandler', 'Cookie', 'Write web session data', "#{session_json}"
|
|
1078
1164
|
|
|
1079
1165
|
# write updated J1 session data to cookie
|
|
1080
1166
|
#
|
|
1081
1167
|
log_info! 'API', 'Exception Handler', 'ERROR', 'Invalid Funds'
|
|
1082
|
-
session_json =
|
|
1168
|
+
session_json = web_session_data.to_json
|
|
1083
1169
|
session_encoded = Base64.encode64(session_json)
|
|
1084
1170
|
response.set_cookie(
|
|
1085
1171
|
'j1.web.session',
|
|
@@ -1164,8 +1250,8 @@ module J1App
|
|
|
1164
1250
|
# for chromium based browsers (e.g. google-chrome)
|
|
1165
1251
|
# ------------------------------------------------------------------------
|
|
1166
1252
|
get '/redirect_requested_page' do
|
|
1167
|
-
log_info! 'Fallback', 'Redirect', 'Pass to requested page', "#{
|
|
1168
|
-
redirect
|
|
1253
|
+
log_info! 'Fallback', 'Redirect', 'Pass to requested page', "#{web_session_data['requested_page']}"
|
|
1254
|
+
redirect web_session_data['requested_page']
|
|
1169
1255
|
end
|
|
1170
1256
|
# END: get /iframe
|
|
1171
1257
|
# --------------------------------------------------------------------------
|