j1_template_mde 2018.4.25 → 2018.4.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/_includes/themes/j1/layouts/layout_shim_generator.html +11 -0
- data/lib/j1/version.rb +1 -1
- data/lib/j1_app.rb +0 -1
- data/lib/j1_app/j1_auth_manager/auth_manager.rb +498 -292
- data/lib/j1_app/j1_auth_manager/helpers.rb +19 -2
- data/lib/j1_app/omniauth/strategies/disqus.rb +1 -1
- data/lib/j1_app/omniauth/strategies/patreon.rb +5 -3
- data/lib/starter_web/Gemfile +4 -4
- data/lib/starter_web/_config.yml +2 -2
- data/lib/starter_web/_data/apps/j1_bootstrap_gallery.yml +11 -10
- data/lib/starter_web/_data/apps/j1_carousel.yml +49 -48
- data/lib/starter_web/_data/apps/j1_justified_gallery.yml +14 -12
- data/lib/starter_web/_data/apps/j1_light_gallery.yml +10 -8
- data/lib/starter_web/_data/apps/j1_lightbox.yml +31 -29
- data/lib/starter_web/_data/apps/j1_link_checker.yml +6 -4
- data/lib/starter_web/_data/asciidoc2pdf/default-theme.yml +57 -55
- data/lib/starter_web/_data/asciidoc2pdf/j1-theme.yml +6 -6
- data/lib/starter_web/_data/builder/blog_navigator.yml +9 -11
- data/lib/starter_web/_data/j1_colors.yml +27 -27
- data/lib/starter_web/_data/j1_config.yml +43 -41
- data/lib/starter_web/_data/j1_polyfills.yml +49 -0
- data/lib/starter_web/_data/j1_resources.yml +5 -4
- data/lib/starter_web/_data/layouts/app.yml +14 -15
- data/lib/starter_web/_data/layouts/blog_archive.yml +24 -26
- data/lib/starter_web/_data/layouts/collection.yml +24 -25
- data/lib/starter_web/_data/layouts/default.yml +74 -107
- data/lib/starter_web/_data/layouts/home.yml +24 -32
- data/lib/starter_web/_data/layouts/page.yml +24 -25
- data/lib/starter_web/_data/layouts/post.yml +24 -25
- data/lib/starter_web/_data/layouts/raw.yml +14 -15
- data/lib/starter_web/_data/modules/j1_back2top.yml +25 -23
- data/lib/starter_web/_data/modules/j1_footer.yml +5 -4
- data/lib/starter_web/_data/modules/j1_header.yml +4 -4
- data/lib/starter_web/_data/modules/j1_iframe_resizer.yml +40 -20
- data/lib/starter_web/_data/modules/j1_jekyll_search.yml +25 -12
- data/lib/starter_web/_data/modules/j1_log4javascript.yml +12 -12
- data/lib/starter_web/_data/modules/j1_panel.yml +56 -58
- data/lib/starter_web/_data/modules/j1_parallax.yml +10 -6
- data/lib/starter_web/_data/modules/j1_polyfills.yml +0 -0
- data/lib/starter_web/_data/modules/j1_smooth_scroll.yml +83 -55
- data/lib/starter_web/_data/modules/j1_theme_switcher.yml +57 -43
- data/lib/starter_web/_data/modules/j1_toccer.yml +36 -35
- data/lib/starter_web/_data/pages/builder.yml +17 -16
- data/lib/starter_web/_rack/config.ru +4 -3
- data/lib/starter_web/assets/themes/j1/core/css/uno.css +8 -2
- data/lib/starter_web/assets/themes/j1/core/css/uno.min.css +1 -1
- data/lib/starter_web/package.json +1 -1
- metadata +4 -4
- data/lib/starter_web/_config.yml.kapott +0 -1064
- data/lib/starter_web/assets/data/_panel.html +0 -597
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c9af654adc5781e70b236b5f49ee79aee1b69e26
|
|
4
|
+
data.tar.gz: 8a7501b1fb331f25849681cabca813f64c015c64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a457a75fabc48f95e12af75aee06a8dd8ae4955a8c510ab605ca07d366e10771c212f7ba8e77a3f972b3c3c250f72c0e572bb36c7ec113703b6456151136623
|
|
7
|
+
data.tar.gz: aec61c1a051c847fc2f36158d8a0741141c3574c81ff6efa3a9203ce6ddeb5e48541c62084bf11de549ca5964b5bb802e10ce4ec6ce2895e659d7e7bd6eff40d
|
|
@@ -22,6 +22,7 @@
|
|
|
22
22
|
-------------------------------------------------------------------------------- {% endcomment %}
|
|
23
23
|
{% assign j1_apps = site.data.apps %}
|
|
24
24
|
{% assign nedb_config = j1_apps.j1_nedb %}
|
|
25
|
+
{% assign stickyfill = site.data.j1_polyfills.stickyfill.enabled %}
|
|
25
26
|
|
|
26
27
|
{% comment %} Main
|
|
27
28
|
-------------------------------------------------------------------------------- {% endcomment %}
|
|
@@ -31,6 +32,16 @@
|
|
|
31
32
|
<script>
|
|
32
33
|
// [INFO ] [j1.layout.shim_loader.html ] [create global ENVIRONMENT variable for Javascript access]
|
|
33
34
|
var j1_environment = "{{ site.environment }}";
|
|
35
|
+
var sticky_elements = $('.sticky');
|
|
36
|
+
|
|
37
|
+
{% comment %} Polyfill initializations
|
|
38
|
+
------------------------------------------------------------------------------ {% endcomment %}
|
|
39
|
+
{% if stickyfill %}
|
|
40
|
+
<!-- [INFO ] [j1.layout.shim_loader.html ] [load and activate the polyfill stickyfill for elements using CSS style "sticky"] -->
|
|
41
|
+
$(document).ready(function() {
|
|
42
|
+
Stickyfill.add(sticky_elements);
|
|
43
|
+
});
|
|
44
|
+
{% endif %}
|
|
34
45
|
|
|
35
46
|
// [INFO ] [j1.layout.shim_loader.html ] [create global NeDB database object]
|
|
36
47
|
// jadams, 2017-06-06: for the time being, NeDB is NOT a module */
|
data/lib/j1/version.rb
CHANGED
data/lib/j1_app.rb
CHANGED
|
@@ -1,4 +1,30 @@
|
|
|
1
|
-
#
|
|
1
|
+
# RuboCops - Documentation
|
|
2
|
+
# ------------------------------------------------------------------------------
|
|
3
|
+
# See: https://rubocop.readthedocs.io/en/latest/
|
|
4
|
+
|
|
5
|
+
# RuboCops - Disabled Cops
|
|
6
|
+
# ------------------------------------------------------------------------------
|
|
7
|
+
# rubocop:disable Metrics/BlockLength
|
|
8
|
+
# rubocop:disable Metrics/ClassLength
|
|
9
|
+
# rubocop:disable Metrics/LineLength
|
|
10
|
+
# rubocop:disable Style/StringLiterals
|
|
11
|
+
# rubocop:disable Style/Documentation
|
|
12
|
+
# rubocop:disable Metrics/BlockNesting
|
|
13
|
+
# rubocop:disable Layout/ClosingParenthesisIndentation
|
|
14
|
+
# rubocop:disable Layout/LeadingCommentSpace
|
|
15
|
+
# rubocop:disable Layout/EmptyLines
|
|
16
|
+
# rubocop:disable Layout/EmptyLinesAroundBlockBody
|
|
17
|
+
# rubocop:disable Layout/FirstParameterIndentation
|
|
18
|
+
# rubocop:disable Layout/CommentIndentation
|
|
19
|
+
# rubocop:disable Layout/AlignParameters
|
|
20
|
+
# rubocop:disable Layout/AlignHash
|
|
21
|
+
# rubocop:disable Layout/TrailingWhitespace
|
|
22
|
+
# rubocop:disable Layout/IndentHash
|
|
23
|
+
# rubocop:disable Layout/SpaceAroundOperators
|
|
24
|
+
# rubocop:disable Layout/ExtraSpacing
|
|
25
|
+
# rubocop:disable Style/UnlessElse
|
|
26
|
+
# rubocop:disable Style/HashSyntax
|
|
27
|
+
|
|
2
28
|
|
|
3
29
|
# ------------------------------------------------------------------------------
|
|
4
30
|
# ~/lib/j1_auth_manager/auth_manager/.rb
|
|
@@ -17,6 +43,8 @@
|
|
|
17
43
|
# NOTES
|
|
18
44
|
#
|
|
19
45
|
# ------------------------------------------------------------------------------
|
|
46
|
+
# frozen_string_literal: true
|
|
47
|
+
|
|
20
48
|
module J1App
|
|
21
49
|
class AuthManager < Sinatra::Base
|
|
22
50
|
|
|
@@ -173,7 +201,7 @@ module J1App
|
|
|
173
201
|
# Set the (internal) endpoint if a user is successfully authenticated
|
|
174
202
|
# --------------------------------------------------------------------------
|
|
175
203
|
use J1WardenOmniAuth do |config|
|
|
176
|
-
config.redirect_after_callback = '/
|
|
204
|
+
config.redirect_after_callback = '/post_authentication'
|
|
177
205
|
end
|
|
178
206
|
|
|
179
207
|
# Add the internal logger from Rack to the middleware's of the stack
|
|
@@ -194,8 +222,7 @@ module J1App
|
|
|
194
222
|
# Prepare root (index) page for app detection
|
|
195
223
|
#
|
|
196
224
|
before '/' do
|
|
197
|
-
log_info! "
|
|
198
|
-
#logger.info "ROOT PAGE: Prepare J1 web session data"
|
|
225
|
+
log_info! "ROOT", "Prepare", 'Web Session'
|
|
199
226
|
|
|
200
227
|
# read existing/current cookie 'j1.web.session' to update all data
|
|
201
228
|
# of j1_web_session (hash) otherwise set initial data
|
|
@@ -214,10 +241,10 @@ module J1App
|
|
|
214
241
|
# Create|Initialize the J1 web session cookie
|
|
215
242
|
# ------------------------------------------------------------------------
|
|
216
243
|
if warden.authenticated?
|
|
217
|
-
log_info! "
|
|
244
|
+
log_info! "ROOT", 'Cookie', 'Update current user data'
|
|
218
245
|
|
|
219
246
|
user = warden.user
|
|
220
|
-
log_info! "
|
|
247
|
+
log_info! "ROOT", 'AuthCheck', 'User detected as signed in', "#{user[:provider]}"
|
|
221
248
|
j1_web_session['authenticated'] = 'true'
|
|
222
249
|
j1_web_session['requested_page'] = '/'
|
|
223
250
|
j1_web_session['users_allowed'] = providers["#{user[:provider]}"]['users']
|
|
@@ -226,15 +253,15 @@ module J1App
|
|
|
226
253
|
j1_web_session['provider'] = user[:provider]
|
|
227
254
|
j1_web_session['provider_url'] = providers["#{user[:provider]}"]['home_url']
|
|
228
255
|
j1_web_session['permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
229
|
-
j1_web_session['
|
|
256
|
+
j1_web_session['payment_status'] = user[:info][:payment_status]
|
|
230
257
|
else
|
|
231
|
-
log_info! "
|
|
258
|
+
log_info! "ROOT", 'AuthCheck', 'User detected', 'signed out'
|
|
232
259
|
j1_web_session['authenticated'] = 'false'
|
|
233
260
|
j1_web_session['requested_page'] = '/'
|
|
234
261
|
j1_web_session['users_allowed'] = 'all'
|
|
235
262
|
j1_web_session['user_name'] = 'unknown'
|
|
236
263
|
j1_web_session['user_id'] = 'unknown'
|
|
237
|
-
j1_web_session['
|
|
264
|
+
j1_web_session['payment_status'] = 'unknown'
|
|
238
265
|
j1_web_session['provider'] = 'unknown'
|
|
239
266
|
j1_web_session['provider_url'] = 'unknown'
|
|
240
267
|
j1_web_session['permissions'] = 'unknown'
|
|
@@ -242,7 +269,7 @@ module J1App
|
|
|
242
269
|
j1_web_session['writer'] = 'middleware'
|
|
243
270
|
|
|
244
271
|
session_json = j1_web_session.to_json
|
|
245
|
-
log_info! "
|
|
272
|
+
log_info! "ROOT", 'Cookie', 'Update web session data' # "#{session_json}"
|
|
246
273
|
|
|
247
274
|
session_encoded = Base64.encode64(session_json)
|
|
248
275
|
response.set_cookie(
|
|
@@ -253,10 +280,8 @@ module J1App
|
|
|
253
280
|
)
|
|
254
281
|
end
|
|
255
282
|
|
|
256
|
-
#
|
|
283
|
+
# General page detection (page auth pre-flight)
|
|
257
284
|
# --------------------------------------------------------------------------
|
|
258
|
-
#before '/*' do
|
|
259
|
-
#before /\/\w+\/(public|private|premium)/ do
|
|
260
285
|
before '/(pages|posts)/*' do
|
|
261
286
|
|
|
262
287
|
# read existing/current cookie 'j1.web.session'
|
|
@@ -268,7 +293,7 @@ module J1App
|
|
|
268
293
|
session_decoded = Base64.decode64(session_encoded)
|
|
269
294
|
j1_web_session = JSON.parse(session_decoded)
|
|
270
295
|
|
|
271
|
-
log_info! '
|
|
296
|
+
log_info! 'PreFlight', 'Cookie', 'Read web session data' # "#{session_decoded}"
|
|
272
297
|
else
|
|
273
298
|
requested_page = env['REQUEST_URI']
|
|
274
299
|
j1_web_session['requested_page'] = "#{env['REQUEST_URI']}"
|
|
@@ -276,9 +301,8 @@ module J1App
|
|
|
276
301
|
|
|
277
302
|
# Create|Initialize the J1 web session cookie
|
|
278
303
|
# ------------------------------------------------------------------------
|
|
304
|
+
log_info! 'PreFlight', 'AuthCheck', 'Check authentication status'
|
|
279
305
|
if warden.authenticated?
|
|
280
|
-
log_info! 'Authorisation', 'UpdateCookie', 'Set current user data'
|
|
281
|
-
|
|
282
306
|
user = warden.user
|
|
283
307
|
j1_web_session['authenticated'] = 'true'
|
|
284
308
|
j1_web_session['user_name'] = user[:info]['nickname']
|
|
@@ -287,11 +311,13 @@ module J1App
|
|
|
287
311
|
j1_web_session['provider_url'] = providers["#{user[:provider]}"]['home_url']
|
|
288
312
|
j1_web_session['users_allowed'] = providers["#{user[:provider]}"]['users']#
|
|
289
313
|
j1_web_session['permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
290
|
-
j1_web_session['
|
|
314
|
+
j1_web_session['payment_status'] = user[:info][:payment_status]
|
|
291
315
|
j1_web_session['writer'] = 'middleware'
|
|
292
316
|
|
|
317
|
+
log_info! 'PreFlight', 'AuthCheck', 'User authenticated', "#{user[:info]['nickname']}"
|
|
318
|
+
|
|
293
319
|
session_json = j1_web_session.to_json
|
|
294
|
-
log_info! '
|
|
320
|
+
log_info! 'PreFlight', 'Cookie', 'Write web session data' # "#{session_json}"
|
|
295
321
|
|
|
296
322
|
session_encoded = Base64.encode64(session_json)
|
|
297
323
|
response.set_cookie(
|
|
@@ -304,27 +330,27 @@ module J1App
|
|
|
304
330
|
|
|
305
331
|
# User state|content detection for implicit authentication
|
|
306
332
|
# ------------------------------------------------------------------------
|
|
307
|
-
log_info! '
|
|
308
|
-
log_info! '
|
|
333
|
+
log_info! 'PreFlight', 'CheckConfig', 'Authentication check detected', "false" if authentication_enabled? == false
|
|
334
|
+
log_info! 'PreFlight', 'AuthCheck', 'Pass for all pages' if authentication_enabled? == false
|
|
309
335
|
pass if authentication_enabled? == false
|
|
310
|
-
|
|
311
|
-
log_info! '
|
|
312
|
-
log_info! '
|
|
336
|
+
|
|
337
|
+
log_info! 'PreFlight', 'CheckConfig', 'Authentication check detected', "true"
|
|
338
|
+
log_info! 'PreFlight', 'DetectContent', 'Public content detected' if public_content?
|
|
339
|
+
log_info! 'PreFlight', 'DetectContent', 'Pass all public content' if public_content?
|
|
313
340
|
pass if public_content?
|
|
314
|
-
log_info! 'Authorisation', 'DetectContent', 'Check for protected content'
|
|
315
341
|
|
|
316
|
-
|
|
342
|
+
log_info! 'PreFlight', 'DetectContent', 'Check for protected content'
|
|
317
343
|
|
|
344
|
+
requested_page = env['REQUEST_URI']
|
|
318
345
|
requested_page.scan(/(private|premium)/) do |match|
|
|
319
346
|
|
|
320
347
|
category = match[0]
|
|
321
|
-
log_info! '
|
|
348
|
+
log_info! 'PreFlight', 'DetectContent', 'Content detected', "#{category}"
|
|
322
349
|
|
|
350
|
+
log_info! 'PreFlight', 'AuthCheck', 'Check authorisation status'
|
|
323
351
|
if warden.authenticated?
|
|
324
|
-
log_info! 'Authorisation', 'UpdateCookie', 'Set current user data'
|
|
325
|
-
|
|
326
352
|
user_name = user[:info]['nickname']
|
|
327
|
-
log_info! '
|
|
353
|
+
log_info! 'PreFlight', 'AuthCheck', 'User detected', "#{user_name}"
|
|
328
354
|
|
|
329
355
|
current_provider = warden.user[:provider]
|
|
330
356
|
|
|
@@ -338,49 +364,55 @@ module J1App
|
|
|
338
364
|
j1_web_session['permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
339
365
|
j1_web_session['requested_page'] = requested_page
|
|
340
366
|
|
|
367
|
+
log_info! 'PreFlight', 'ContentCheck', 'Check permissions'
|
|
341
368
|
if permissions[:"#{category}"].include? current_provider
|
|
342
|
-
log_info! '
|
|
343
|
-
log_info! '
|
|
369
|
+
log_info! 'PreFlight', 'ContentCheck', 'Provider detected', "#{current_provider}"
|
|
370
|
+
log_info! 'PreFlight', 'ContentCheck', 'Category detected', "#{category}"
|
|
371
|
+
log_info! 'PreFlight', 'ContentCheck', 'Category supported', 'YES'
|
|
372
|
+
|
|
344
373
|
# Check permissions
|
|
345
374
|
#
|
|
346
|
-
log_info! 'Authorisation', 'ConditionCheck', 'Check permissions for provider', "#{current_provider}"
|
|
347
|
-
conditions = J1App.conditions current_provider
|
|
348
|
-
if conditions["#{category}"]
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
end
|
|
375
|
+
#log_info! 'Authorisation', 'ConditionCheck', 'Check permissions for provider', "#{current_provider}"
|
|
376
|
+
#conditions = J1App.conditions current_provider
|
|
377
|
+
# if conditions["#{category}"]
|
|
378
|
+
# log_info! 'Authorisation', 'ConditionCheck', 'Conditions detected', "#{category}"
|
|
379
|
+
# conditions["#{category}"].each do |k, v|
|
|
380
|
+
# case k
|
|
381
|
+
# when 'enabled'
|
|
382
|
+
# log_info! 'Authorisation', 'ConditionCheck', "#{k}", "#{v}"
|
|
383
|
+
# when 'users'
|
|
384
|
+
# log_info! 'Authorisation', 'ConditionCheck', 'users'
|
|
385
|
+
# v.each do |k, v|
|
|
386
|
+
# log_info! 'Authorisation', 'ConditionCheck', "users - #{k}", "#{v}"
|
|
387
|
+
# end
|
|
388
|
+
# when 'payment'
|
|
389
|
+
# log_info! 'Authorisation', 'ConditionCheck', 'payment'
|
|
390
|
+
# v.each do |k, v|
|
|
391
|
+
# case k
|
|
392
|
+
# when 'tiers'
|
|
393
|
+
# log_info! 'Authorisation', 'ConditionCheck', "payment - #{k}", "#{v}"
|
|
394
|
+
# when 'tier'
|
|
395
|
+
# v.each do |k, v|
|
|
396
|
+
# log_info! 'Authorisation', 'ConditionCheck', 'payment - tiers - tier : ' "#{k}", "#{v}"
|
|
397
|
+
# end
|
|
398
|
+
# end
|
|
399
|
+
# end
|
|
400
|
+
# end
|
|
401
|
+
# end
|
|
402
|
+
# end
|
|
374
403
|
else
|
|
375
404
|
provider = permissions[:"#{category}"][0]
|
|
376
|
-
log_info! '
|
|
377
|
-
log_info! '
|
|
378
|
-
log_info! '
|
|
405
|
+
log_info! 'PreFlight', 'ContentCheck', 'Provider detected', "#{current_provider}"
|
|
406
|
+
log_info! 'PreFlight', 'ContentCheck', 'Category detected', "#{category}"
|
|
407
|
+
log_info! 'PreFlight', 'ContentCheck', 'Category supported', 'NO'
|
|
408
|
+
log_info! 'PreFlight', 'AuthCheck', 'Authorisation failed for user', "#{user_name}"
|
|
409
|
+
|
|
410
|
+
log_info! 'PreFlight', 'SignOut', 'Sign out user', "#{user_name}"
|
|
379
411
|
warden.logout
|
|
380
412
|
session.clear
|
|
381
413
|
|
|
382
414
|
session_json = j1_web_session.to_json
|
|
383
|
-
log_info! '
|
|
415
|
+
log_info! 'PreFlight', 'Cookie', 'Write web session data' # "#{session_json}"
|
|
384
416
|
|
|
385
417
|
session_encoded = Base64.encode64(session_json)
|
|
386
418
|
response.set_cookie(
|
|
@@ -390,24 +422,22 @@ module J1App
|
|
|
390
422
|
path: '/'
|
|
391
423
|
)
|
|
392
424
|
|
|
393
|
-
log_info! '
|
|
394
|
-
|
|
425
|
+
log_info! 'PreFlight', 'AuthCheck', 'Call for authentication'
|
|
395
426
|
allowed_users = providers["#{provider}"]['users'].join(',')
|
|
396
427
|
redirect "/access_protected_content?provider=#{provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
|
|
397
428
|
end
|
|
398
|
-
log_info! '
|
|
429
|
+
log_info! 'PreFlight', 'AuthCheck', 'Pass to requested page', "#{requested_page}"
|
|
399
430
|
pass
|
|
400
431
|
else
|
|
401
|
-
log_info! '
|
|
432
|
+
log_info! 'PreFlight', 'AuthCheck', 'User detected', 'signed out'
|
|
402
433
|
default_provider = permissions[:"#{category}"][0]
|
|
403
|
-
log_info! '
|
|
434
|
+
log_info! 'PreFlight', 'AuthCheck', 'Set default provider', "#{default_provider}"
|
|
404
435
|
|
|
405
|
-
# provider_strategy = strategies["#{default_provider}"]
|
|
406
436
|
strategy = providers["#{default_provider}"]['strategy']
|
|
407
437
|
provider_strategy = :"#{strategy}"
|
|
408
438
|
|
|
409
|
-
log_info! '
|
|
410
|
-
log_info! '
|
|
439
|
+
log_info! 'PreFlight', 'AuthCheck', 'Start processing provider', "#{default_provider}"
|
|
440
|
+
log_info! 'PreFlight', 'AuthCheck', 'Set authentication strategy', "#{provider_strategy}"
|
|
411
441
|
|
|
412
442
|
case provider_strategy
|
|
413
443
|
|
|
@@ -427,19 +457,17 @@ module J1App
|
|
|
427
457
|
logger.info "Hi There, #{j1_web_session[:user_name]}! You have access to the #{params['id']} team"
|
|
428
458
|
|
|
429
459
|
when :member
|
|
430
|
-
log_info! '
|
|
460
|
+
log_info! 'PreFlight', 'AuthCheck', 'Process Authentication Strategy', "member"
|
|
431
461
|
|
|
432
462
|
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
433
463
|
session_encoded = request.cookies['j1.web.session']
|
|
434
464
|
session_decoded = Base64.decode64(session_encoded)
|
|
435
|
-
log_info! '
|
|
465
|
+
log_info! 'PreFlight', 'Cookie', 'Read web session data' # "#{session_decoded}"
|
|
436
466
|
j1_web_session = JSON.parse(session_decoded)
|
|
437
467
|
end
|
|
438
468
|
|
|
439
469
|
# Update cookie data
|
|
440
470
|
# ----------------------------------------------------------------------
|
|
441
|
-
log_info! 'Authentication', 'UpdateCookie', 'Set current user data'
|
|
442
|
-
|
|
443
471
|
j1_web_session['provider_url'] = providers["#{default_provider}"]['home_url']
|
|
444
472
|
j1_web_session['users_allowed'] = providers["#{default_provider}"]['users']
|
|
445
473
|
j1_web_session['permissions'] = providers["#{default_provider}"]['permissions']
|
|
@@ -450,7 +478,7 @@ module J1App
|
|
|
450
478
|
#
|
|
451
479
|
session_json = j1_web_session.to_json
|
|
452
480
|
session_encoded = Base64.encode64(session_json)
|
|
453
|
-
log_info! '
|
|
481
|
+
log_info! 'PreFlight', 'Cookie', 'Write web session data' # "#{session_json}"
|
|
454
482
|
|
|
455
483
|
response.set_cookie(
|
|
456
484
|
'j1.web.session',
|
|
@@ -462,7 +490,7 @@ module J1App
|
|
|
462
490
|
allowed_users = providers["#{default_provider}"]['users'].join(',')
|
|
463
491
|
requested_page = env['REQUEST_URI']
|
|
464
492
|
|
|
465
|
-
log_info! '
|
|
493
|
+
log_info! 'PreFlight', 'Redirect', 'Call Request for Page Access Control'
|
|
466
494
|
redirect "/access_protected_content?provider=#{default_provider}&category=#{category}&page=#{requested_page}&allowed_users=#{allowed_users}"
|
|
467
495
|
else
|
|
468
496
|
raise J1App::ConfigError
|
|
@@ -485,9 +513,11 @@ module J1App
|
|
|
485
513
|
request = params.fetch('request')
|
|
486
514
|
provider = params.fetch('provider')
|
|
487
515
|
|
|
516
|
+
# SignIn
|
|
517
|
+
# ------------------------------------------------------------------------
|
|
488
518
|
if request === 'signin'
|
|
489
519
|
|
|
490
|
-
log_info! 'Authentication', '
|
|
520
|
+
log_info! 'Authentication', 'SignIn', 'Called for provider', "#{provider}"
|
|
491
521
|
|
|
492
522
|
# collect (additional) GET parameter|s
|
|
493
523
|
# ----------------------------------------------------------------------
|
|
@@ -499,7 +529,7 @@ module J1App
|
|
|
499
529
|
# Write updated J1 session data to cookie
|
|
500
530
|
# --------------------------------------------------------------------
|
|
501
531
|
session_json = j1_web_session.to_json
|
|
502
|
-
log_info! 'Authentication', '
|
|
532
|
+
log_info! 'Authentication', 'Cookie', 'Write web session data' # #{session_json}"
|
|
503
533
|
|
|
504
534
|
session_encoded = Base64.encode64(session_json)
|
|
505
535
|
response.set_cookie(
|
|
@@ -510,263 +540,357 @@ module J1App
|
|
|
510
540
|
)
|
|
511
541
|
|
|
512
542
|
if warden.authenticated?
|
|
513
|
-
log_info! 'Authentication', '
|
|
543
|
+
log_info! 'Authentication', 'SignIn', 'User already signed in', "#{warden.user[:info]['nickname']} "
|
|
514
544
|
else
|
|
515
|
-
log_info! 'Authentication', '
|
|
545
|
+
log_info! 'Authentication', 'SignIn', 'Initiate OmniAuth request phase', "#{provider}"
|
|
546
|
+
|
|
516
547
|
# Make (really) sure that old session is cleared before login
|
|
517
548
|
# --------------------------------------------------------------------
|
|
518
549
|
warden.logout
|
|
519
550
|
session.clear
|
|
520
551
|
warden.authenticate! :"omni_#{provider}"
|
|
521
552
|
end
|
|
522
|
-
|
|
523
|
-
|
|
553
|
+
# SignOut
|
|
554
|
+
# ------------------------------------------------------------------------
|
|
524
555
|
elsif request === 'signout'
|
|
525
|
-
|
|
526
|
-
log_info! 'Authentication', 'RestApi', 'Called for sign out'
|
|
527
|
-
|
|
528
556
|
# collect (additional) GET parameter|s
|
|
529
|
-
# ----------------------------------------------------------------------
|
|
530
557
|
provider_signout = params.fetch('provider_signout')
|
|
558
|
+
log_info! 'Authentication', 'SignOut', 'Called for provider', #{provider}"
|
|
559
|
+
|
|
560
|
+
if warden.authenticated?
|
|
561
|
+
user = warden.user[:info]['nickname']
|
|
562
|
+
provider = warden.user[:provider]
|
|
563
|
+
provider_url = j1_web_session['provider_url']
|
|
564
|
+
log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
|
|
565
|
+
warden.logout
|
|
566
|
+
session.clear
|
|
567
|
+
|
|
568
|
+
# Read current J1 web session cookie
|
|
569
|
+
# --------------------------------------------------------------------
|
|
570
|
+
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
571
|
+
session_encoded = env['rack.request.cookie_hash']['j1.web.session']
|
|
572
|
+
session_decoded = Base64.decode64(session_encoded)
|
|
573
|
+
log_info! 'Authentication', 'Cookie', 'Read web session data' # #{session_decoded}"
|
|
574
|
+
j1_web_session = JSON.parse(session_decoded)
|
|
575
|
+
else
|
|
576
|
+
j1_web_session['requested_page'] = env['REQUEST_URI']
|
|
577
|
+
end
|
|
531
578
|
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
log_info! 'Authentication', 'RestApi', 'Redirect to', "/"
|
|
596
|
-
redirect '/'
|
|
597
|
-
end
|
|
598
|
-
end
|
|
599
|
-
else
|
|
600
|
-
# THIS condition should NEVER REACHED because NO logout dialog
|
|
601
|
-
# (modal) is provided by the auth client if a user isn't signed in.
|
|
602
|
-
# Kept this alternative for cases something went wrong.
|
|
603
|
-
# --------------------------------------------------------------------
|
|
604
|
-
log_info! 'Authentication', 'RestApi', 'DEAD PATH: Called for sign out', 'NOT signed in'
|
|
605
|
-
|
|
606
|
-
# Read current J1 session cookie
|
|
607
|
-
# --------------------------------------------------------------------
|
|
608
|
-
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
609
|
-
session_encoded = env['rack.request.cookie_hash']['j1.web.session']
|
|
610
|
-
session_decoded = Base64.decode64(session_encoded)
|
|
611
|
-
j1_web_session = JSON.parse(session_decoded)
|
|
612
|
-
|
|
613
|
-
log_info! 'Authentication', 'RestApi', 'DEAD PATH: Read J1 web session data from cookie' # #{session_decoded}"
|
|
614
|
-
else
|
|
615
|
-
j1_web_session['requested_page'] = env['REQUEST_URI']
|
|
616
|
-
end
|
|
579
|
+
# Update J1 web session data
|
|
580
|
+
# --------------------------------------------------------------------
|
|
581
|
+
j1_web_session['user_name'] = 'unknown'
|
|
582
|
+
j1_web_session['user_id'] = 'unknown'
|
|
583
|
+
j1_web_session['users_allowed'] = 'unknown'
|
|
584
|
+
j1_web_session['payment_status'] = 'unknown'
|
|
585
|
+
j1_web_session['provider'] = 'unknown'
|
|
586
|
+
j1_web_session['provider_url'] = 'unknown'
|
|
587
|
+
j1_web_session['permissions'] = 'unknown'
|
|
588
|
+
j1_web_session['authenticated'] = 'false'
|
|
589
|
+
j1_web_session['writer'] = 'middleware'
|
|
590
|
+
|
|
591
|
+
# Write updated J1 session data to cookie
|
|
592
|
+
# --------------------------------------------------------------------
|
|
593
|
+
session_json = j1_web_session.to_json
|
|
594
|
+
log_info! 'Authentication', 'Cookie', 'Write web session data' # #{session_json}"
|
|
595
|
+
|
|
596
|
+
session_encoded = Base64.encode64(session_json)
|
|
597
|
+
response.set_cookie(
|
|
598
|
+
'j1.web.session',
|
|
599
|
+
domain: false,
|
|
600
|
+
value: session_encoded.to_s,
|
|
601
|
+
path: '/'
|
|
602
|
+
)
|
|
603
|
+
|
|
604
|
+
if provider_signout === 'true'
|
|
605
|
+
log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
|
|
606
|
+
log_info! 'Authentication', 'SignOut', 'Sign out from', "#{provider}"
|
|
607
|
+
log_info! 'Authentication', 'Redirect', 'Pass to provider', "#{provider_url}"
|
|
608
|
+
redirect "#{provider_url}"
|
|
609
|
+
else
|
|
610
|
+
log_info! 'Authentication', 'SignOut', 'Sign out user', "#{user}"
|
|
611
|
+
log_info! 'Authentication', 'SignOut', 'Sign out from', "session"
|
|
612
|
+
|
|
613
|
+
# If signed out, redirect ONLY for PUBLIC pages
|
|
614
|
+
# ------------------------------------------------------------------
|
|
615
|
+
if redirect_whitelisted?j1_web_session['requested_page']
|
|
616
|
+
log_info! 'Authentication', 'Redirect', 'Pass to page', "#{j1_web_session['requested_page']}"
|
|
617
|
+
redirect j1_web_session['requested_page']
|
|
618
|
+
else
|
|
619
|
+
log_info! 'Authentication', 'Redirect', 'Redirect NOT whitelisted'
|
|
620
|
+
log_info! 'Authentication', 'Redirect', 'Pass to page', "/"
|
|
621
|
+
redirect '/'
|
|
622
|
+
end
|
|
623
|
+
end
|
|
624
|
+
else
|
|
625
|
+
# THIS condition should NEVER REACHED because NO logout dialog
|
|
626
|
+
# (modal) is provided by the auth client if a user isn't signed in.
|
|
627
|
+
# Kept this alternative for cases something went wrong.
|
|
628
|
+
# --------------------------------------------------------------------
|
|
629
|
+
log_info! 'Authentication', 'API', 'DEAD PATH: Called for sign out', 'NOT signed in'
|
|
630
|
+
|
|
631
|
+
# Read current J1 session cookie
|
|
632
|
+
# --------------------------------------------------------------------
|
|
633
|
+
if env['HTTP_COOKIE'].include? 'j1.web.session'
|
|
634
|
+
session_encoded = env['rack.request.cookie_hash']['j1.web.session']
|
|
635
|
+
session_decoded = Base64.decode64(session_encoded)
|
|
636
|
+
j1_web_session = JSON.parse(session_decoded)
|
|
637
|
+
|
|
638
|
+
log_info! 'Authentication', 'Cookie', 'DEAD PATH. Read web session data' # #{session_decoded}"
|
|
639
|
+
else
|
|
640
|
+
j1_web_session['requested_page'] = env['REQUEST_URI']
|
|
641
|
+
end
|
|
617
642
|
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
643
|
+
# Update J1 web session data
|
|
644
|
+
# --------------------------------------------------------------------
|
|
645
|
+
j1_web_session['user_name'] = 'unknown'
|
|
646
|
+
j1_web_session['user_id'] = 'unknown'
|
|
647
|
+
j1_web_session['users_allowed'] = 'unknown'
|
|
648
|
+
j1_web_session['payment_status'] = 'unknown'
|
|
649
|
+
j1_web_session['provider'] = 'unknown'
|
|
650
|
+
j1_web_session['provider_url'] = 'unknown'
|
|
651
|
+
j1_web_session['permissions'] = 'unknown'
|
|
652
|
+
j1_web_session['authenticated'] = 'false'
|
|
653
|
+
j1_web_session['writer'] = 'middleware'
|
|
654
|
+
|
|
655
|
+
# Write updated J1 session data to cookie
|
|
656
|
+
# --------------------------------------------------------------------
|
|
657
|
+
session_json = j1_web_session.to_json
|
|
658
|
+
log_info! 'Authentication', 'Cookie', 'DEAD PATH. Write web session data' # #{session_json}"
|
|
659
|
+
|
|
660
|
+
session_encoded = Base64.encode64(session_json)
|
|
661
|
+
response.set_cookie(
|
|
662
|
+
'j1.web.session',
|
|
663
|
+
domain: false,
|
|
664
|
+
value: session_encoded.to_s,
|
|
665
|
+
path: '/'
|
|
666
|
+
)
|
|
667
|
+
|
|
668
|
+
log_info! 'Post Authentication', 'Redirect', 'DEAD PATH: Pass to requested page', "#{j1_web_session['requested_page']}"
|
|
669
|
+
redirect j1_web_session['requested_page']
|
|
670
|
+
end
|
|
646
671
|
else
|
|
647
672
|
raise J1App::ConfigError
|
|
648
673
|
end
|
|
649
674
|
end
|
|
675
|
+
# END get '/authentication'
|
|
676
|
+
# --------------------------------------------------------------------------
|
|
650
677
|
|
|
651
678
|
# Post-processing ENDPOINT called after a user is authenticated
|
|
652
679
|
# --------------------------------------------------------------------------
|
|
653
|
-
get '/
|
|
654
|
-
|
|
680
|
+
get '/post_authentication' do
|
|
655
681
|
reward = {
|
|
656
682
|
:id => 'unknown',
|
|
657
683
|
:name => 'unknown',
|
|
658
684
|
:link => '#'
|
|
659
685
|
}
|
|
660
|
-
|
|
661
686
|
campaign = {
|
|
662
687
|
:id => 'unknown',
|
|
663
688
|
:link => '#'
|
|
664
689
|
}
|
|
665
690
|
|
|
691
|
+
log_info! 'API', 'Post Authentication', 'Verification request detected'
|
|
692
|
+
|
|
693
|
+
log_info! 'Post Authentication', 'Cookie', 'Read web session data'
|
|
666
694
|
session_encoded = request.cookies['j1.web.session']
|
|
667
695
|
session_decoded = Base64.decode64(session_encoded)
|
|
668
696
|
j1_web_session = JSON.parse(session_decoded)
|
|
669
697
|
|
|
670
|
-
log_info! 'Authentication', '
|
|
698
|
+
log_info! 'Post Authentication', 'Identification', 'Update web session data' # "#{j1_web_session}"
|
|
671
699
|
|
|
672
|
-
user
|
|
673
|
-
user_json
|
|
700
|
+
user = warden.user
|
|
701
|
+
user_json = user.to_json
|
|
674
702
|
|
|
675
703
|
if user[:provider] === 'disqus'
|
|
676
|
-
user[:info][:urls][:site]
|
|
677
|
-
user[:info][:urls][:home]
|
|
678
|
-
user[:info][:urls][:blog]
|
|
679
|
-
user[:info][:urls][:member]
|
|
704
|
+
user[:info][:urls][:site] = "https://disqus.com"
|
|
705
|
+
user[:info][:urls][:home] = user[:info]['urls']['profileUrl']
|
|
706
|
+
user[:info][:urls][:blog] = "https://disqus.com/by/juergen_adams/"
|
|
707
|
+
user[:info][:urls][:member] = user[:info]['urls']['profileUrl']
|
|
680
708
|
end
|
|
681
709
|
|
|
682
710
|
if user[:provider] === 'github'
|
|
683
|
-
user[:info][:urls][:site]
|
|
684
|
-
user[:info][:urls][:home]
|
|
685
|
-
user[:info][:urls][:blog]
|
|
686
|
-
user[:info][:urls][:member]
|
|
711
|
+
user[:info][:urls][:site] = "https://github.com"
|
|
712
|
+
user[:info][:urls][:home] = user[:info]['urls']['GitHub']
|
|
713
|
+
user[:info][:urls][:blog] = "https://github.com/jekyll-one"
|
|
714
|
+
user[:info][:urls][:member] = user[:info]['urls']['Blog']
|
|
687
715
|
end
|
|
688
716
|
|
|
689
717
|
if user[:provider] === 'patreon'
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
693
|
-
|
|
694
|
-
|
|
695
|
-
user[:info][
|
|
696
|
-
|
|
697
|
-
#
|
|
698
|
-
|
|
699
|
-
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
705
|
-
|
|
718
|
+
|
|
719
|
+
user[:info][:urls][:site] = "https://patreon.com"
|
|
720
|
+
user[:info][:urls][:home] = "https://patreon.com/home"
|
|
721
|
+
user[:info][:urls][:blog] = "https://patreon.com/jekyll_one"
|
|
722
|
+
|
|
723
|
+
unless user[:info]['payment_info'].empty?
|
|
724
|
+
reward_url = user[:info]['payment_info']['relationships']['reward']['links']['related']
|
|
725
|
+
reward_json = RestClient.get "#{reward_url}", {:content_type => :json, :accept => :json}
|
|
726
|
+
reward_data = JSON.parse(reward_json)
|
|
727
|
+
user[:info][:urls][:member] = "https://patreon.com" + reward_data['data']['attributes']['url']
|
|
728
|
+
user[:info][:payment_status] = user[:info]['payment_info']['attributes']['declined_since'].nil? ? 'true' : 'false'
|
|
729
|
+
else
|
|
730
|
+
reward_url = ""
|
|
731
|
+
reward_json = ""
|
|
732
|
+
reward_data = ""
|
|
733
|
+
user[:info][:payment_status] = 'false'
|
|
734
|
+
end
|
|
735
|
+
|
|
736
|
+
unless reward_data.empty?
|
|
737
|
+
reward[:id] = reward_data['data']['id']
|
|
738
|
+
reward[:name] = reward_data['data']['attributes']['title']
|
|
739
|
+
reward[:link] = "https://patreon.com" + reward_data['data']['attributes']['url']
|
|
740
|
+
campaign[:id] = reward_data['data']['relationships']['campaign']['data']['id']
|
|
741
|
+
campaign[:link] = reward_data['data']['relationships']['campaign']['links']['related']
|
|
742
|
+
else
|
|
743
|
+
reward[:id] = ""
|
|
744
|
+
reward[:name] = "no tiers"
|
|
745
|
+
reward[:link] = ""
|
|
746
|
+
campaign[:id] = ""
|
|
747
|
+
campaign[:link] = ""
|
|
748
|
+
end
|
|
706
749
|
end
|
|
707
750
|
|
|
708
|
-
user[:extra][:reward]
|
|
709
|
-
user[:extra][:campaign]
|
|
751
|
+
user[:extra][:reward] = reward
|
|
752
|
+
user[:extra][:campaign] = campaign
|
|
710
753
|
|
|
711
754
|
if user.nil?
|
|
712
755
|
# Collection of session data failed (e.g cookie > 4K)
|
|
713
756
|
#
|
|
714
|
-
log_info! 'Authentication', '
|
|
715
|
-
|
|
757
|
+
log_info! 'Post Authentication', 'Identification', 'Internal error', 'User authentication failed'
|
|
716
758
|
warden.logout
|
|
717
759
|
session.clear
|
|
718
|
-
|
|
760
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
|
|
761
|
+
description_title = "Access Denied"
|
|
762
|
+
redirect "/access_denied?provider=unknown&user=unknown&category=unknown&title=#{description_title}"
|
|
719
763
|
else
|
|
720
|
-
log_info! 'Authentication',
|
|
721
|
-
|
|
764
|
+
log_info! 'Post Authentication', 'Cookie', 'Update web session data'
|
|
722
765
|
j1_web_session['user_name'] = user[:info]['nickname']
|
|
723
766
|
j1_web_session['user_id'] = user[:uid]
|
|
724
767
|
j1_web_session['provider'] = user[:provider]
|
|
725
768
|
j1_web_session['permissions'] = providers["#{user[:provider]}"]['permissions']
|
|
726
769
|
j1_web_session['authenticated'] = 'true'
|
|
727
|
-
j1_web_session['
|
|
770
|
+
j1_web_session['payment_status'] = user[:info][:payment_status]
|
|
728
771
|
j1_web_session['writer'] = 'middleware'
|
|
729
772
|
|
|
730
773
|
current_user = user[:info]['nickname'] = user[:info]['nickname']
|
|
731
774
|
current_provider = user[:provider]
|
|
732
775
|
|
|
733
776
|
j1_web_session['requested_page'].scan(/(private|premium)/) do |match|
|
|
777
|
+
|
|
778
|
+
# Set category from requested page
|
|
779
|
+
#
|
|
734
780
|
category = match[0]
|
|
781
|
+
log_info! 'Post Authentication', 'Identification', 'Process content type', "#{category}"
|
|
782
|
+
|
|
783
|
+
# Check if user is allowed to access protected content in GENERAL
|
|
784
|
+
#
|
|
785
|
+
log_info! 'Post Authentication', 'Identification', 'Check allowed users'
|
|
735
786
|
unless j1_web_session['users_allowed'].include? 'all'
|
|
736
787
|
unless j1_web_session['users_allowed'].include? "#{current_user}"
|
|
737
|
-
log_info! 'Authentication', '
|
|
738
|
-
log_info! 'Authentication', '
|
|
788
|
+
log_info! 'Post Authentication', 'Identification', 'User not allowed', "#{current_user}"
|
|
789
|
+
log_info! 'Post Authentication', 'Identification', 'Allowed users', "#{j1_web_session['users_allowed']}"
|
|
790
|
+
log_info! 'Post Authentication', 'Association', 'Logout user from current session', "#{current_user}"
|
|
739
791
|
warden.logout
|
|
740
792
|
session.clear
|
|
741
|
-
log_info! 'Authentication', '
|
|
742
|
-
|
|
793
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
|
|
794
|
+
description_title = "Access Denied"
|
|
795
|
+
redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
|
|
743
796
|
end
|
|
744
797
|
end
|
|
745
|
-
end
|
|
746
798
|
|
|
747
|
-
|
|
799
|
+
# Check conditions to access protected content (if any)
|
|
800
|
+
#
|
|
801
|
+
log_info! 'Post Authentication', 'Identification', 'Check conditions', "#{current_provider}"
|
|
802
|
+
check_conditions = providers["#{user[:provider]}"]['conditions'][category]['enabled']
|
|
803
|
+
if check_conditions
|
|
748
804
|
|
|
749
|
-
|
|
750
|
-
|
|
805
|
+
if providers["#{user[:provider]}"]['conditions'][category]['users']['whitelist'].nil?
|
|
806
|
+
category_whitelist = 'all'
|
|
807
|
+
else
|
|
808
|
+
category_whitelist = providers["#{user[:provider]}"]['conditions'][category]['users']['whitelist']
|
|
809
|
+
end
|
|
751
810
|
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
|
|
811
|
+
# Check if user is BLACKLISTED
|
|
812
|
+
#
|
|
813
|
+
blacklist = providers["#{user[:provider]}"]['conditions'][category]['users']['blacklist']
|
|
814
|
+
if blacklist.include? "#{current_user}"
|
|
815
|
+
log_info! 'Post Authentication', 'Identification', 'Check blacklisting'
|
|
816
|
+
log_info! 'Post Authentication', 'Identification', 'User blacklisted', "#{current_user}"
|
|
817
|
+
user[:info][:blacklisted] = 'true'
|
|
818
|
+
log_info! 'Post Authentication', 'Association', 'Logout user from current session', "#{current_user}"
|
|
819
|
+
warden.logout
|
|
820
|
+
session.clear
|
|
821
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
|
|
822
|
+
description_title = "Access Denied"
|
|
823
|
+
redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
|
|
824
|
+
end
|
|
825
|
+
|
|
826
|
+
log_info! 'Post Authentication', 'Identification', 'Check whitelisting'
|
|
827
|
+
if category_whitelisted? category_whitelist, current_user
|
|
828
|
+
user[:info][:whitelisted] = 'true'
|
|
829
|
+
reward[:name] = 'whitelisted'
|
|
830
|
+
log_info! 'Post Authentication', 'Identification', 'User whitelisted', "#{current_user}"
|
|
831
|
+
log_info! 'Post Authentication', 'Identification', 'Reward set to', 'Whitelisted'
|
|
832
|
+
else
|
|
833
|
+
log_info! 'Post Authentication', 'Identification', 'No whitelisting found', "#{current_user}"
|
|
834
|
+
end
|
|
835
|
+
|
|
836
|
+
log_info! 'Post Authentication', 'Identification', 'Check conditions'
|
|
837
|
+
unless category_whitelisted? category_whitelist, current_user
|
|
838
|
+
log_info! 'Post Authentication', 'Identification', 'Check rewards'
|
|
839
|
+
payment_tiers = providers["#{user[:provider]}"]['conditions'][category]['payment']['activated']
|
|
840
|
+
log_info! 'Post Authentication', 'Identification', 'Check rewards', "#{current_user}"
|
|
841
|
+
if payment_activated? payment_tiers
|
|
842
|
+
log_info! 'Post Authentication', 'Identification', 'Reward found', "#{reward[:name]}"
|
|
843
|
+
|
|
844
|
+
# Check if any payment exists for that user
|
|
845
|
+
#
|
|
846
|
+
log_info! 'Post Authentication', 'Identification', 'Check payment status'
|
|
847
|
+
if user[:info]['payment_info'].empty?
|
|
848
|
+
log_info! 'Post Authentication', 'Identification', 'Payment status: NOT AVAILABLE', "#{current_user}"
|
|
849
|
+
log_info! 'Post Authentication', 'Association', 'Logout user from current session', "#{current_user}"
|
|
850
|
+
warden.logout
|
|
851
|
+
session.clear
|
|
852
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
|
|
853
|
+
description_title = "Access Denied"
|
|
854
|
+
redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
|
|
855
|
+
end
|
|
856
|
+
|
|
857
|
+
# Check for VALID payments (scope: pledge-to-me)
|
|
858
|
+
#
|
|
859
|
+
payment_status = user[:info]['payment_info']['attributes']['declined_since']
|
|
860
|
+
unless payment_valid? payment_status
|
|
861
|
+
log_info! 'Post Authentication', 'Identification', 'Payment status INVALID', "#{current_user}"
|
|
862
|
+
log_info! 'Post Authentication', 'Association', 'Logout user from current session', "#{current_user}"
|
|
863
|
+
warden.logout
|
|
864
|
+
session.clear
|
|
865
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to error page (access_denied)'
|
|
866
|
+
description_title = "Access Denied"
|
|
867
|
+
redirect "/access_denied?provider=#{current_provider}&user=#{current_user}&category=#{category}&title=#{description_title}"
|
|
868
|
+
else
|
|
869
|
+
log_info! 'Post Authentication', 'Identification', 'Payment status VALID', "#{current_user}"
|
|
870
|
+
end
|
|
871
|
+
end
|
|
872
|
+
|
|
873
|
+
end
|
|
874
|
+
# end category_whitelisted
|
|
762
875
|
end
|
|
876
|
+
# end check conditions
|
|
877
|
+
|
|
763
878
|
end
|
|
879
|
+
# end protected content
|
|
764
880
|
end
|
|
881
|
+
# end user.nil?
|
|
882
|
+
|
|
883
|
+
# redirect authenticated|validated user to requested page
|
|
884
|
+
#
|
|
885
|
+
j1_web_session['provider'] = current_provider
|
|
886
|
+
j1_web_session['users_allowed'] = providers["#{current_provider}"]['users']
|
|
887
|
+
|
|
888
|
+
# TODO: Add membership|product specific data for the SideBar
|
|
765
889
|
|
|
766
890
|
# write updated J1 session data to cookie
|
|
767
891
|
#
|
|
768
892
|
session_json = j1_web_session.to_json
|
|
769
|
-
log_info! 'Authentication', '
|
|
893
|
+
log_info! 'Post Authentication', 'Cookie', 'Write web session data' # "#{session_json}"
|
|
770
894
|
|
|
771
895
|
session_encoded = Base64.encode64(session_json)
|
|
772
896
|
response.set_cookie(
|
|
@@ -776,27 +900,25 @@ module J1App
|
|
|
776
900
|
path: '/'
|
|
777
901
|
)
|
|
778
902
|
|
|
779
|
-
|
|
780
|
-
#
|
|
781
|
-
log_info! 'Authentication', '
|
|
782
|
-
log_info! 'Authentication', 'Callback', 'Signed in as user', "#{user[:info]['nickname']}"
|
|
783
|
-
log_info! 'Authentication', 'Callback', 'Requested page', "#{j1_web_session['requested_page']}"
|
|
903
|
+
log_info! 'Post Authentication', 'Identification', 'Signed in at provider', "#{user[:provider]}"
|
|
904
|
+
log_info! 'Post Authentication', 'Identification', 'Signed in as user', "#{user[:info]['nickname']}"
|
|
905
|
+
log_info! 'Post Authentication', 'Redirect', 'Pass to requested page', "#{j1_web_session['requested_page']}"
|
|
784
906
|
redirect j1_web_session['requested_page']
|
|
785
|
-
end
|
|
786
907
|
|
|
787
|
-
get '/redirect_requested_page' do
|
|
788
|
-
log_info! 'Authentication', 'RedirectPage', 'Requested page', "#{j1_web_session['requested_page']}"
|
|
789
|
-
redirect j1_web_session['requested_page']
|
|
790
908
|
end
|
|
909
|
+
# end get /post_authentication
|
|
910
|
+
# --------------------------------------------------------------------------
|
|
911
|
+
|
|
791
912
|
|
|
792
913
|
# Status|Info ENDPOINT called from the web to get current state on an user
|
|
793
914
|
# --------------------------------------------------------------------------
|
|
794
915
|
get '/status' do
|
|
795
|
-
log_info! 'Status', 'RestApi', 'Info request detected'
|
|
796
916
|
session_encoded = request.cookies['j1.web.session']
|
|
797
917
|
session_decoded = Base64.decode64(session_encoded)
|
|
798
918
|
j1_web_session = JSON.parse(session_decoded)
|
|
799
919
|
|
|
920
|
+
log_info! 'API', 'Status Request', 'Info request detected'
|
|
921
|
+
|
|
800
922
|
# if request.warden.user.respond_to?(:info)
|
|
801
923
|
#
|
|
802
924
|
if warden.authenticated?
|
|
@@ -817,16 +939,16 @@ module J1App
|
|
|
817
939
|
provider_member_url = '#'
|
|
818
940
|
end
|
|
819
941
|
|
|
820
|
-
log_info! '
|
|
942
|
+
log_info! 'API', 'Status Request', 'User detected as signed in', "#{user_name}"
|
|
821
943
|
else
|
|
822
944
|
user_name = 'unknown'
|
|
823
|
-
log_info! '
|
|
945
|
+
log_info! 'API', 'Status Request', 'User detected', 'signed out'
|
|
824
946
|
end
|
|
825
947
|
|
|
826
948
|
# if request.warden.authenticated?
|
|
827
949
|
#
|
|
828
950
|
if user_name != 'unknown'
|
|
829
|
-
log_info! '
|
|
951
|
+
log_info! 'API', 'Status Request', 'Send data', 'SIGNED_IN'
|
|
830
952
|
content_type 'application/json'
|
|
831
953
|
{
|
|
832
954
|
user_name: user_name,
|
|
@@ -841,7 +963,7 @@ module J1App
|
|
|
841
963
|
status: 'signed in'
|
|
842
964
|
}.to_json
|
|
843
965
|
else
|
|
844
|
-
log_info! '
|
|
966
|
+
log_info! 'API', 'Status Request', 'Send data', 'SIGNED_OUT'
|
|
845
967
|
content_type 'application/json'
|
|
846
968
|
{
|
|
847
969
|
user_name: 'unknown',
|
|
@@ -858,13 +980,15 @@ module J1App
|
|
|
858
980
|
end
|
|
859
981
|
end
|
|
860
982
|
|
|
861
|
-
#
|
|
983
|
+
# Exception ENDPOINT called from the app (auth manager)
|
|
862
984
|
# --------------------------------------------------------------------------
|
|
863
985
|
get '/access_denied' do
|
|
986
|
+
provider = params.fetch('provider')
|
|
987
|
+
category = params.fetch('category')
|
|
988
|
+
user = params.fetch('user')
|
|
989
|
+
description_title = params.fetch('title')
|
|
864
990
|
|
|
865
|
-
|
|
866
|
-
category = params.fetch('category')
|
|
867
|
-
user = params.fetch('user')
|
|
991
|
+
log_info! 'API', 'Exception', 'Page Access Request denied'
|
|
868
992
|
|
|
869
993
|
session_encoded = request.cookies['j1.web.session']
|
|
870
994
|
session_decoded = Base64.decode64(session_encoded)
|
|
@@ -872,23 +996,82 @@ module J1App
|
|
|
872
996
|
|
|
873
997
|
# Update J1 web session data
|
|
874
998
|
# --------------------------------------------------------------------
|
|
875
|
-
j1_web_session['user_name']
|
|
876
|
-
j1_web_session['user_id']
|
|
877
|
-
j1_web_session['users_allowed']
|
|
878
|
-
j1_web_session['
|
|
879
|
-
j1_web_session['provider']
|
|
880
|
-
j1_web_session['provider_url']
|
|
881
|
-
j1_web_session['permissions']
|
|
882
|
-
j1_web_session['authenticated']
|
|
883
|
-
j1_web_session['writer']
|
|
999
|
+
j1_web_session['user_name'] = 'unknown'
|
|
1000
|
+
j1_web_session['user_id'] = 'unknown'
|
|
1001
|
+
j1_web_session['users_allowed'] = 'unknown'
|
|
1002
|
+
j1_web_session['payment_status'] = 'unknown'
|
|
1003
|
+
j1_web_session['provider'] = 'unknown'
|
|
1004
|
+
j1_web_session['provider_url'] = 'unknown'
|
|
1005
|
+
j1_web_session['permissions'] = 'unknown'
|
|
1006
|
+
j1_web_session['authenticated'] = 'false'
|
|
1007
|
+
j1_web_session['writer'] = 'middleware'
|
|
884
1008
|
|
|
885
1009
|
# write updated J1 session data to cookie
|
|
886
1010
|
#
|
|
1011
|
+
log_info! 'API', 'Exception Handler', 'ERROR', 'Access Denied'
|
|
1012
|
+
session_json = j1_web_session.to_json
|
|
1013
|
+
log_info! 'Exception Handler', 'Cookie', 'Write web session data' # "#{session_json}"
|
|
1014
|
+
|
|
1015
|
+
session_encoded = Base64.encode64(session_json)
|
|
1016
|
+
response.set_cookie(
|
|
1017
|
+
'j1.web.session',
|
|
1018
|
+
domain: false,
|
|
1019
|
+
value: session_encoded.to_s,
|
|
1020
|
+
path: '/'
|
|
1021
|
+
)
|
|
887
1022
|
|
|
888
|
-
log_info!
|
|
1023
|
+
log_info! 'Exception Handler', 'Redirect', 'Pass to error page', "Access Denied"
|
|
889
1024
|
|
|
1025
|
+
# Capitalize first char
|
|
1026
|
+
provider = provider.sub(/^./, &:upcase)
|
|
1027
|
+
route = '/'
|
|
1028
|
+
|
|
1029
|
+
@route = route
|
|
1030
|
+
@provider = provider
|
|
1031
|
+
@modal = "centralModalInfo"
|
|
1032
|
+
@info_type = "danger"
|
|
1033
|
+
@modal_icon = "account-off"
|
|
1034
|
+
@modal_ok_text = "Ok, understood"
|
|
1035
|
+
@modal_title = "Authentication Manager"
|
|
1036
|
+
@modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
|
|
1037
|
+
|
|
1038
|
+
erb :auth_manager_ui
|
|
1039
|
+
end
|
|
1040
|
+
# END get '/access_denied'
|
|
1041
|
+
# --------------------------------------------------------------------------
|
|
1042
|
+
|
|
1043
|
+
|
|
1044
|
+
# Exception ENDPOINT called from the app (auth manager)
|
|
1045
|
+
# --------------------------------------------------------------------------
|
|
1046
|
+
get '/invalid_funds' do
|
|
1047
|
+
provider = params.fetch('provider')
|
|
1048
|
+
category = params.fetch('category')
|
|
1049
|
+
user = params.fetch('user')
|
|
1050
|
+
description_title = params.fetch('title')
|
|
1051
|
+
|
|
1052
|
+
log_info! 'API', 'Exception', 'Invalid Funds'
|
|
1053
|
+
|
|
1054
|
+
session_encoded = request.cookies['j1.web.session']
|
|
1055
|
+
session_decoded = Base64.decode64(session_encoded)
|
|
1056
|
+
j1_web_session = JSON.parse(session_decoded)
|
|
1057
|
+
|
|
1058
|
+
# Update J1 web session data
|
|
1059
|
+
# --------------------------------------------------------------------
|
|
1060
|
+
j1_web_session['user_name'] = 'unknown'
|
|
1061
|
+
j1_web_session['user_id'] = 'unknown'
|
|
1062
|
+
j1_web_session['users_allowed'] = 'unknown'
|
|
1063
|
+
j1_web_session['payment_status'] = 'unknown'
|
|
1064
|
+
j1_web_session['provider'] = 'unknown'
|
|
1065
|
+
j1_web_session['provider_url'] = 'unknown'
|
|
1066
|
+
j1_web_session['permissions'] = 'unknown'
|
|
1067
|
+
j1_web_session['authenticated'] = 'false'
|
|
1068
|
+
j1_web_session['writer'] = 'middleware'
|
|
1069
|
+
|
|
1070
|
+
# write updated J1 session data to cookie
|
|
1071
|
+
#
|
|
1072
|
+
log_info! 'API', 'Exception Handler', 'ERROR', 'Invalid Funds'
|
|
890
1073
|
session_json = j1_web_session.to_json
|
|
891
|
-
log_info!
|
|
1074
|
+
log_info! 'Exception Handler', 'Cookie', 'Write web session data' # "#{session_json}"
|
|
892
1075
|
|
|
893
1076
|
session_encoded = Base64.encode64(session_json)
|
|
894
1077
|
response.set_cookie(
|
|
@@ -898,10 +1081,11 @@ module J1App
|
|
|
898
1081
|
path: '/'
|
|
899
1082
|
)
|
|
900
1083
|
|
|
901
|
-
|
|
1084
|
+
log_info! 'Exception Handler', 'Redirect', 'Pass to error page', 'Invalid Funds'
|
|
902
1085
|
|
|
903
1086
|
# Capitalize first char
|
|
904
|
-
provider
|
|
1087
|
+
provider = provider.sub(/^./, &:upcase)
|
|
1088
|
+
route = '/'
|
|
905
1089
|
|
|
906
1090
|
@route = route
|
|
907
1091
|
@provider = provider
|
|
@@ -910,29 +1094,40 @@ module J1App
|
|
|
910
1094
|
@modal_icon = "account-off"
|
|
911
1095
|
@modal_ok_text = "Ok, understood"
|
|
912
1096
|
@modal_title = "Authentication Manager"
|
|
913
|
-
@modal_description = "<h4
|
|
1097
|
+
@modal_description = "<h4>#{description_title}</h4></br></br> User <b>#{user}</b> from provider <b>#{provider}</b> is not allowed to access <b>#{category}</b> pages."
|
|
914
1098
|
|
|
915
1099
|
erb :auth_manager_ui
|
|
916
1100
|
end
|
|
1101
|
+
# END get /invalid_funds
|
|
1102
|
+
# --------------------------------------------------------------------------
|
|
1103
|
+
|
|
917
1104
|
|
|
918
1105
|
# access_protected_content ENDPOINT called from the app (auth manager)
|
|
919
1106
|
# --------------------------------------------------------------------------
|
|
920
1107
|
get '/access_protected_content' do
|
|
921
|
-
|
|
922
|
-
provider = params.fetch('provider')
|
|
1108
|
+
provider = params.fetch('provider')
|
|
923
1109
|
allowed_users = params.fetch('allowed_users')
|
|
924
1110
|
page = params.fetch('page')
|
|
925
1111
|
category = params.fetch('category')
|
|
926
1112
|
|
|
1113
|
+
log_info! 'API', 'PageAccessControl', 'Page Access Request detected'
|
|
1114
|
+
|
|
927
1115
|
# Capitalize first char
|
|
928
|
-
# provider = provider.sub(/^./, &:upcase)
|
|
1116
|
+
# provider = provider.sub(/^./, &:upcase)
|
|
929
1117
|
|
|
1118
|
+
log_info! 'PageAccessControl', 'AuthCheck', 'Check authentication for provider', "#{provider}"
|
|
1119
|
+
# jadams, 2019-03-16: Hier ist das Problem
|
|
1120
|
+
#
|
|
930
1121
|
if warden.authenticated?
|
|
1122
|
+
log_info! 'PageAccessControl', 'AuthCheck', 'Grant access for provider', "#{provider}"
|
|
1123
|
+
log_info! 'PageAccessControl', 'Redirect', 'Pass to page', "#{page}"
|
|
931
1124
|
route = page
|
|
932
1125
|
else
|
|
1126
|
+
log_info! 'PageAccessControl', 'AuthCheck', 'Authentication failed for provider', "#{provider}"
|
|
933
1127
|
route = "/authentication?request=signin&provider=#{provider}&allowed_users=#{allowed_users}"
|
|
934
1128
|
end
|
|
935
1129
|
|
|
1130
|
+
log_info! 'PageAccessControl', 'Redirect', 'Pass to SignIn dialog for page', "#{page}"
|
|
936
1131
|
# Capitalize first char
|
|
937
1132
|
provider = provider.sub(/^./, &:upcase)
|
|
938
1133
|
|
|
@@ -948,11 +1143,22 @@ module J1App
|
|
|
948
1143
|
|
|
949
1144
|
erb :auth_manager_ui
|
|
950
1145
|
end
|
|
1146
|
+
# END get '/access_protected_content'
|
|
1147
|
+
# --------------------------------------------------------------------------
|
|
1148
|
+
|
|
951
1149
|
|
|
952
1150
|
get '/iframe' do
|
|
953
1151
|
@website_url = "https://jekyll-one.github.io/"
|
|
954
1152
|
erb :iframe
|
|
955
1153
|
end
|
|
956
1154
|
|
|
1155
|
+
# Workaround to rescue OmniAuth::Strategies::OAuth2::CallbackError?
|
|
1156
|
+
# for chromium based browsers (e.g. google-chrome)
|
|
1157
|
+
# ------------------------------------------------------------------------
|
|
1158
|
+
get '/redirect_requested_page' do
|
|
1159
|
+
log_info! 'Fallback', 'Redirect', 'Pass to requested page', "#{j1_web_session['requested_page']}"
|
|
1160
|
+
redirect j1_web_session['requested_page']
|
|
1161
|
+
end
|
|
1162
|
+
|
|
957
1163
|
end
|
|
958
1164
|
end
|