lesli_shield 0.1.1 → 1.0.0

data/app/controllers/users/sessions_controller.rb

@@ -1,10 +1,8 @@
-# frozen_string_literal: true
-
 =begin
 
 Lesli
 
-Copyright (c) 2023, Lesli Technologies, S. A.
+Copyright (c) 2025, Lesli Technologies, S. A.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -21,7 +19,7 @@ along with this program. If not, see http://www.gnu.org/licenses/.
 
 Lesli · Ruby on Rails SaaS Development Framework.
 
-Made with ♥ by https://www.lesli.tech
+Made with ♥ by LesliTech
 Building a better future, one line of code at a time.
 
 @contact  hello@lesli.tech
@@ -32,37 +30,34 @@ Building a better future, one line of code at a time.
 // · 
 =end
 
+#require "uri"
+
 class Users::SessionsController < Devise::SessionsController
 
     # Creates a new session for the user and allows them access to the platform
     def create
 
         # search for a existing user 
-        user = Lesli::User.find_for_database_authentication(email: sign_in_params[:email])
+        user = ::Lesli::User.find_for_database_authentication(email: sign_in_params[:email])        
 
         # respond with a no valid credentials generic error if not valid user found
         unless user
-            # Lesli::Account::Activity.log("core", "/session/create", "session_creation_failed", "no_valid_email", {
-            #     email: (sign_in_params[:email] || "")
-            # }) 
-            return respond_with_error(I18n.t("core.users/sessions.invalid_credentials"))
+            danger(I18n.t("lesli.users/sessions.message_invalid_credentials"))
+            redirect_to user_session_path(:r => sign_in_params[:redirect]) and return 
         end
 
         # save a invalid credentials log for the requested user
-        log = user.logs.new({ title: "session_creation_atempt" })
+        activity = user.activities.new({ title: "session_create", description:"atempt" })
 
         # check password validation
         unless user.valid_password?(sign_in_params[:password])
 
             # save a invalid credentials log for the requested user
-            log.update({
-                title: "session_creation_failed",
-                description: "invalid_credentials"
-            })
+            activity.update(description: "invalid_credentials")
 
             # respond with a no valid credentials generic error if not valid user found
-            return respond_with_error(I18n.t("core.users/sessions.invalid_credentials"))
-
+            danger(I18n.t("lesli.users/sessions.message_invalid_credentials"))
+            redirect_to user_session_path(:r => sign_in_params[:redirect]) and return 
         end
 
         # check if user meet requirements to create a new session
@@ -71,16 +66,11 @@ class Users::SessionsController < Devise::SessionsController
             # if user do not meet requirements to login
             unless valid
 
-                log.update({
-                    title: "session_creation_failed",
-                    description: failures.join(", ")
-                })
-
-                # return and respond with the reasons user is not able to login
-                return respond_with_error(failures.join(", "))
+                activity.update(description: failures.join(", "))
 
+                danger(failures.join(", "))
+                redirect_to user_session_path(:r => sign_in_params[:redirect]) and return 
             end
-
         end
 
 
@@ -89,8 +79,9 @@ class Users::SessionsController < Devise::SessionsController
 
 
         # create a new session for the user
-        current_session = Lesli::UserSessionService.new(user)
+        current_session = Lesli::User::SessionService.new(user)
         .create(get_user_agent(false), request.remote_ip)
+        .result
 
         # make session id globally available
         session[:user_session_id] = current_session[:id]
@@ -107,35 +98,34 @@ class Users::SessionsController < Devise::SessionsController
         # do a user login
         sign_in(:user, user)
 
+        # create a log for login atempts
+        activity.update({ 
+            title: "session_create", 
+            description: "successful", 
+            session_id: current_session[:id] 
+        })
+
         # respond successful and send the path user should go
         #respond_with_successful({ default_path: user.has_role_with_default_path?() })
-        respond_with_successful({ default_path: Lesli.config.path_after_login || "/" })
-
+        #respond_with_successful({ default_path: Lesli.config.path_after_login || "/" })
+        redirect_to(safe_redirect_path(sign_in_params[:redirect]))
     end
 
     private 
 
-    # @return [Parameters] Allowed parameters for the discussion
-    # @description Sanitizes the parameters received from an HTTP call to only allow the specified ones.
-    #     Allowed params are _:email_, _:password_.
-    # @example
-    #     supose params contains {
-    #         "user": {
-    #             "id": 5,
-    #             "email": "john.smith@email.com",
-    #             "password": "my_password_123"
-    #         }
-    #     }
-    #     allowed_params = sign_in_params
-    #     puts allowed_params
-    #     will remove the _id_ field and only print {
-    #         "user": {
-    #             "email": "john.smith@email.com",
-    #             "password": "my_password_123"
-    #         }
-    #     }
-    def sign_in_params
-        params.fetch(:user, {}).permit(:email, :password)
+    def safe_redirect_path redirect_path
+        if redirect_path.present?
+            uri = URI.parse(redirect_path)
+            # Ensures it's a local path
+            return redirect_path if uri.relative?  
+        end
+        Lesli.config.path_after_login || root_path
+    rescue URI::InvalidURIError
+        # If the URL is invalid, fallback to root
+        root_path  
     end
 
+    def sign_in_params
+        params.fetch(:user, {}).permit(:email, :password, :redirect)
+    end
 end

data/app/helpers/lesli_shield/sessions_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module SessionsHelper
+  end
+end

data/app/helpers/lesli_shield/settings_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module SettingsHelper
+  end
+end

data/app/helpers/lesli_shield/users_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module UsersHelper
+  end
+end

data/app/interfaces/lesli_shield/authentication_interface.rb

@@ -0,0 +1,64 @@
+module LesliShield
+    module AuthenticationInterface
+
+        # Validate user authentication and session status
+        def authenticate_request
+
+            # this version Lesli requires to be mounted as root "/"
+            # engine_path = Lesli::Engine.routes.find_script_name({})
+            engine_path = nil
+
+            # check if the users is logged into the system
+            unless user_signed_in?()
+
+                message = "Please Login to view that page!"
+
+                # check if requested url is valid
+                if (request.get? && is_navigational_format? && !request.xhr? && !request.fullpath.blank?)
+
+                    # redirect only if the path worth it
+                    if request.fullpath != "/"
+
+                        # redirect with requested url, so user will be redirected after login
+                        redirect_to("#{engine_path}/login?r=#{request.fullpath}", notice: message) and return
+
+                    end
+
+                end
+
+                # redirect to root route
+                redirect_to("#{engine_path}/login", notice: message) and return
+
+            end
+
+            # run aditinal validations only for html requests
+            return true unless request.format.html?
+
+            # # get the current user session
+            # current_session = current_user.sessions.find_by(id: session[:user_session_id])
+
+            # # check if user has an active session
+            # if current_session.equal? nil or !current_session.active?
+            #     current_user.logs.create({ title: "system_session_logout", description: "session finished by the system"})
+            #     sign_out current_user
+            #     redirect_to "#{engine_path}/logout" and return
+            # end
+
+            # if !current_session.expiration_at.blank? && current_session.expiration_at < Time.current
+            #     current_user.logs.create({ title: "system_session_logout", description: "session expired by the system"})
+            #     sign_out current_user
+            #     redirect_to "#{engine_path}/logout" and return
+            # end
+
+            # # check password expiration date
+            # if current_user.has_expired_password?
+            #     unless controller_name == "profiles"
+            #         current_user.logs.create({ description: "redirect_due_to_expired_password" })
+            #         redirect_to "/administration/profile#force-password-reset", notice: I18n.t("core.users/sessions.messages_danger_password_expired")
+            #         return
+            #     end
+            # end
+
+        end
+    end
+end

data/app/interfaces/lesli_shield/authorization_interface.rb

@@ -0,0 +1,40 @@
+module LesliShield
+    module AuthorizationInterface
+
+        # Check if current_user has privileges to complete this request
+        def authorize_request
+
+            # check if user has access to the requested controller
+            # this search is over all the privileges for all the roles of the users
+            granted = current_user.has_privileges_for?(params[:controller], params[:action])
+
+
+            # get the path to which the user is limited to
+            limited_path = false# current_user.has_role_limited_to_path?
+
+            # to redirect to the limited path we must check:
+            #   limited_path must not to be nil or empty string ("")
+            #   limited_path must not to be equal to the current path (to avoid a loop)
+            #   request must not to be AJAX
+            #   request must be for show or index views
+            if  !limited_path.blank? and
+                !(limited_path == request.original_fullpath) and
+                !(request[:format] == "json") and
+                ["show", "index"].include?(params[:action])
+
+                return redirect_to(limited_path)
+            end
+
+            # privilege for object not found
+            if granted.blank?
+                current_user.activities.create({ title: "privilege_not_found", description: request.path })
+                return respond_with_unauthorized({ controller: params[:controller], privilege: params[:action] })
+            end
+
+            unless granted
+                current_user.activities.create({ title: "privilege_not_granted", description: request.path })
+                return respond_with_unauthorized({ controller: params[:controller], privilege: params[:action] })
+            end
+        end
+    end
+end

data/app/models/lesli_shield/application_record.rb

@@ -1,5 +1,5 @@
 module LesliShield
-  class ApplicationRecord < ActiveRecord::Base
-    self.abstract_class = true
-  end
+    class ApplicationRecord < ::Lesli::ApplicationLesliRecord
+        self.abstract_class = true
+    end
 end

data/app/models/lesli_shield/setting.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  class Setting < ApplicationRecord
+  end
+end

data/app/models/lesli_shield/user.rb

@@ -0,0 +1,5 @@
+module LesliShield
+    class User < ::Lesli::User
+        #has_many :activities, class_name: "Lesli::Item::Activity"
+    end
+end

data/app/views/devise/confirmations/new.html.erb

@@ -1,2 +1,16 @@
 <h2>Resend confirmation instructions</h2>
 
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
+  <%= render "devise/shared/error_messages", resource: resource %>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Resend confirmation instructions" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

data/app/views/devise/passwords/edit.html.erb

@@ -1,79 +1,37 @@
-<%
-=begin
 
-Lesli
+<%= render("lesli/wrappers/application-devise-simple", title:"Cambiar contraseña") do %>
 
-Copyright (c) 2023, Lesli Technologies, S. A.
+    <%= form_for(
+        resource, 
+        as: resource_name, 
+        url: user_password_path(reset_password_token: params[:reset_password_token]),
+        html: { class: "has-text-centered", method: :put },
+        builder: LesliView::Forms::Builder
+        ) do |form| %>
 
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
+            <%= render "devise/shared/error_messages", resource: resource %>
 
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
+            <%= form.field_control_builder(
+                label_html:form.label(:password), 
+                control_html:form.password_field(:password, autocomplete: "current-password", placeholder: "* * * * * *"),
+                message_text: flash.first&.second,
+                category: flash.first&.first,
+                icon: "key"
+            ) %>
 
-You should have received a copy of the GNU General Public License
-along with this program. If not, see http://www.gnu.org/licenses/.
+            <%= form.field_control_builder(
+                label_html:form.label(:password_confirmation), 
+                control_html:form.password_field(:password_confirmation, autocomplete: "current-password", placeholder: "* * * * * *"),
+                message_text: flash.first&.second,
+                category: flash.first&.first,
+                icon: "key"
+            ) %>
 
-Lesli · Ruby on Rails SaaS Development Framework.
+            <input type="hidden" name="user[reset_password_token]" value="<%= params[:reset_password_token] %>">
 
-Made with ♥ by https://www.lesli.tech
-Building a better future, one line of code at a time.
+            <%= form.field_control_button("Cambiar contraseña", icon:"key") %>
 
-@contact  hello@lesli.tech
-@website  https://www.lesli.tech
-@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+        <% end %>
 
-// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
-// · 
-=end
-%>
-
-<%= render("lesli/wrappers/application-devise-simple", title: "Cambiar contraseña") do %>
-
-    <form ref="form" @submit="putPasswordEdit">
-        <p v-if="notification.show" :class="[notification.type, 'is-size-5', 'mt-2']">
-            {{ notification.message }}
-        </p>
-        <div class="field mb-4">
-            <p class="label mb-2">Ingrese su nueva contraseña</p>
-            <p class="control has-icons-left">  
-                <input 
-                    class="input" 
-                    type="password"
-                    v-model="password_edit.new_password"
-                    required="true"
-                    name="user_email"
-                    placeholder="Contraseña nueva"
-                />
-                <span class="icon is-small is-left">
-                    <i class="ri-key-line"></i>
-                </span>
-            </p>
-        </div>
-        <div class="field mb-4">
-            <p class="label mb-1">Confirmar contraseña</p>
-            <p class="control has-icons-left">  
-                <input 
-                    class="input" 
-                    type="password"
-                    v-model="password_edit.new_password_confirmation"
-                    required="true"
-                    name="user_email"
-                    placeholder="Confirmar contraseña"
-                />
-                <span class="icon is-small is-left">
-                    <i class="ri-key-2-line"></i>
-                </span>
-            </p>
-        </div>
-        <div class="login-controls has-text-centered">
-            <button class="button is-primary">
-                Cambiar contraseña
-            </button>
-        </div>
-    </form>
+    <%= render("devise/shared/links", login:true, password_reset:false, magic_link:false, otp:false) %>  
 <% end %>

data/app/views/devise/passwords/new.html.erb

@@ -1,75 +1,33 @@
-<%
-=begin
 
-Lesli
-
-Copyright (c) 2023, Lesli Technologies, S. A.
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program. If not, see http://www.gnu.org/licenses/.
-
-Lesli · Ruby on Rails SaaS Development Framework.
-
-Made with ♥ by https://www.lesli.tech
-Building a better future, one line of code at a time.
-
-@contact  hello@lesli.tech
-@website  https://www.lesli.tech
-@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
-
-// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
-// · 
-=end
-%>
-
-
-<%= render("lesli/wrappers/application-devise-simple", title: "Forgot your password?") do %>
-
-    <form class="has-text-centered" @submit="postPasswordNew" method="post">
-
-        <div class="field mb-4">
-            <p class="label mb-2">
-                Enter your email address you use in Lesli. 
-                We'll send instructions for setting a new password to your email.
-            </p>
-            <p v-if="notification.show" :class="['help', notification.type, 'is-size-5', 'mt-2']">
-                {{ notification.message }}
-            </p>
-            <div class="control has-icons-left has-icons-right">
-                <input 
-                    class="input" 
-                    type="email"
-                    v-model="sign_in.email"
-                    required="true"
-                    name="user_email"
-                    placeholder="email"
-                />
-                <span :class="['icon', 'is-small', 'is-left', `has-text-${notification.type}`]">
-                    <i class="ri-mail-lock-line"></i>
-                </span>
-            </div>
-        </div>
-
-        <div class="field">
-            <div class="control">
-                <button 
-                    type="submit" 
-                    :class="['button', 'is-primary', 'mb-2', {'is-loading':loading}]">
-                    Send password reset instructions
-                </button>
-            </div>
-        </div>
-    </form>
-    
-    <%= render("devise/shared/links", magic_link:false, otp:false, login:true) %>
+<%= render("lesli/wrappers/application-devise-simple", title:"Forgot your password?") do %>
+
+    <%= form_for(
+        resource, 
+        as: resource_name, 
+        url: user_password_path(),
+        html: { class: "has-text-centered" },
+        builder: LesliView::Forms::Builder
+        ) do |form| %>
+
+            <%= render "devise/shared/error_messages", resource: resource %>
+
+            <%= form.field_control_email(
+                :email, 
+                icon: "person_search",
+                label: "Enter your email address you use in Lesli. We'll send instructions for setting a new password to your email.") 
+            %>
+
+            <%= form.field_control_button("Send me reset password instructions", icon:"email") %>
+
+            <% if Lesli.config.security.dig(:allow_registration) %>
+                <p class="account has-text-centered">
+                    Still not registered? 
+                    <%= link_to(new_user_registration_path, :class => "has-text-primary") do %>
+                        <u><b>Create account</b></u>
+                    <% end %>
+                </p> 
+            <% end %>
+        <% end %>
+
+    <%= render("devise/shared/links", login:true, password_reset:false, magic_link:false, otp:false) %>  
 <% end %>