ucb_rails_user 0.9.0

data/app/controllers/ucb_rails_user/concerns/sessions_controller.rb

@@ -0,0 +1,68 @@
+module UcbRailsUser::Concerns::SessionsController
+  extend ActiveSupport::Concern
+
+  included do
+    skip_before_action :ensure_authenticated_user, :log_request
+  end
+
+  # Redirects to authentication provider
+  #
+  # @return [nil]
+  def new
+    provider = UcbRailsUser[:omniauth_provider] || :cas
+    redirect_to "/auth/#{provider}"
+  end
+
+  # Login user after authentication by provider
+  #
+  # @return [nil]
+  def create
+    uid = request.env['omniauth.auth'].uid
+    session[:omniauth_provider] = request.env['omniauth.auth'].provider
+
+    if user_session_manager.login(uid)
+      session[:uid] = uid
+      redirect_to session[:original_url] || root_path
+    else
+      redirect_to not_authorized_path
+    end
+  end
+
+  # Log user out
+  #
+  # @return [nil]
+  def destroy
+    user_session_manager.logout(current_user)
+    provider = session[:omniauth_provider]
+    reset_session
+    p "using #{redirect_url(provider)}"
+    redirect_to redirect_url(provider)
+  end
+
+  # Action called when unauthorized access attempted
+  #
+  # @return [nil]
+  def not_authorized
+    render(:text => "Not Authorized", :status => 401)
+  end
+
+  # Handler for authentication failure.
+  #
+  # @return [nil]
+  def failure
+    Rails.logger.debug("Authentication Failed for: #{request.env['omniauth.auth']}")
+    render(:text => "Not Authorized", :status => 401)
+  end
+
+  private
+
+  def redirect_url(provider)
+    if provider.to_s == 'cas'
+      "https://#{UcbRailsUser[:cas_host]}/cas/logout?service=#{root_url}"
+    else
+      root_path
+    end
+  end
+
+
+end

data/app/controllers/ucb_rails_user/concerns/users_controller.rb

@@ -0,0 +1,132 @@
+module UcbRailsUser::Concerns::UsersController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :find_user, :only => [:edit, :update, :destroy]
+    before_action :ensure_admin_user
+    skip_before_action :ensure_admin_user, if: ->{ action_name == "toggle_superuser" && Rails.env.development? }
+  end
+
+  def index
+    @users = User.all
+    respond_to do |format|
+      format.html { @users = User.all }
+      format.json { render json: UcbRails::UsersDatatable.new(view_context).as_json }
+    end
+  end
+
+  def search
+    @results = UcbRailsUser::LdapPerson::Finder.find_by_attributes(
+      {
+        givenname: params.fetch(:first_name),
+        sn: params.fetch(:last_name),
+        employeenumber: params.fetch(:employee_id)
+      },
+      sort: :last_first_downcase
+    )
+  end
+
+  def edit
+  end
+
+  def new
+  end
+
+  def create
+    uid = params.fetch(:ldap_uid)
+    user = nil
+    if user = User.find_by_ldap_uid(uid)
+      flash[:warning] = "User already exists"
+    else
+      begin
+        user = UcbRailsUser::UserLdapService.create_user_from_uid(uid)
+        flash[:notice] = "Record created"
+      rescue Exception => e
+        raise e
+        flash[:danger] = "Unable to create new user - please try again"
+        return redirect_to new_admin_user_path()
+      end
+    end
+    redirect_to edit_admin_user_path(user)
+  end
+
+  def update
+    if @user.update_attributes(user_params)
+      redirect_to(admin_users_path, notice: 'Record updated')
+    else
+      render("edit")
+    end
+  end
+
+  def destroy
+    if @user.destroy
+      flash[:notice] = 'Record deleted'
+    else
+      flash[:error] = @user.errors[:base].first
+    end
+
+    redirect_to(admin_users_path)
+  end
+
+  def ldap_search
+    # FIXME: this was retrofitted to support typeahead ajax json queries
+    if(query = params[:query])
+      @lps_entries = UcbRails::OmniUserTypeahead.new.ldap_results(query)
+      @lps_entries.map!{|entry|
+        attrs = entry.attributes.tap{|attrs| attrs["first_last_name"] = "#{attrs['first_name']} #{attrs['last_name']}" }
+        attrs.as_json
+      }
+
+      render json: @lps_entries
+
+    else
+      @lps_entries = UcbRails::LdapPerson::Finder.find_by_first_last(
+        params.fetch(:first_name),
+        params.fetch(:last_name),
+        :sort => :last_first_downcase
+      )
+      @lps_existing_uids = User.where(ldap_uid: @lps_entries.map(&:uid)).pluck(:uid)
+      render 'lps/search'
+    end
+
+  end
+
+  def typeahead_search
+    uta = UcbRails::UserTypeahead.new
+    render json: uta.results(params.fetch(:query))
+  end
+
+  def omni_typeahead_search
+    uta = UcbRails::OmniUserTypeahead.new
+    render json: uta.results(params.fetch(:query))
+  end
+
+  def toggle_superuser
+    current_user.try(:superuser!, !superuser?)
+    redirect_to root_path
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(
+      :superuser_flag,
+      :inactive_flag,
+      :first_name,
+      :last_name,
+      :email,
+      :alternate_email,
+      :phone,
+      :last_request_at,
+      :last_logout_at,
+      :last_login_at,
+      :uid
+    )
+  end
+
+  def find_user
+    @user ||= User.find(params.fetch(:id))
+  end
+
+end
+

data/app/controllers/ucb_rails_user/home_controller.rb

@@ -0,0 +1,10 @@
+class UcbRailsUser::HomeController < ApplicationController
+  include UcbRailsUser::Concerns::ControllerMethods
+  include UcbRailsUser::Concerns::HomeController
+
+  # Don't add anything more here - any logic for this class should go into
+  # Concerns::HomeController. This will make it much easier for host
+  # apps to customize behavior if they need to
+  # http://guides.rubyonrails.org/engines.html#implementing-decorator-pattern-using-activesupport-concern
+end
+

data/app/controllers/ucb_rails_user/sessions_controller.rb

@@ -0,0 +1,9 @@
+# Manages starting and ending of sessions, i.e., logging in and out.
+class UcbRailsUser::SessionsController < ApplicationController
+  include UcbRailsUser::Concerns::SessionsController
+
+  # Don't add anything more here - any logic for this class should go into
+  # Concerns::SessionsController. This will make it much easier for host
+  # apps to customize behavior if they need to
+  # http://guides.rubyonrails.org/engines.html#implementing-decorator-pattern-using-activesupport-concern
+end

data/app/controllers/ucb_rails_user/users_controller.rb

@@ -0,0 +1,8 @@
+class UcbRailsUser::UsersController < ApplicationController
+  include UcbRailsUser::Concerns::UsersController
+
+  # Don't add anything more here - any logic for this controller should go into
+  # Concerns::UserController. This will make it much easier for host apps to customize
+  # behavior if they need to
+  # http://guides.rubyonrails.org/engines.html#implementing-decorator-pattern-using-activesupport-concern
+end

data/app/helpers/ucb_rails_user/users_helper.rb

@@ -0,0 +1,18 @@
+module UcbRailsUser
+  module UsersHelper
+
+    def link_to_new_user
+      text = 'New User'
+      # text = image_tag('ucb_rails/glyphicons_006_user_add.png', size: '14x14')
+      button(text, :primary,
+        class: 'ldap-person-search',
+        data: {
+          search_url: "",
+          result_link_url: new_admin_user_path,
+          result_link_http_method: 'post',
+        }
+      )
+    end
+
+  end
+end

data/app/helpers/ucb_rails_user_helper.rb

@@ -0,0 +1,17 @@
+# These methods should be extracted into own gem.
+module UcbRailsUserHelper
+
+  def ucbr_table_tag(*args)
+    options = canonicalize_options(args.extract_options!)
+
+    ar_class = args.first
+    if ar_class.respond_to?(:haml_attributes)
+      options[:id] ||= ar_class.haml_attributes["id"]
+      options = ensure_class(options, ar_class.haml_attributes["class"])
+    end
+
+    bs_table_tag(options) do
+      yield
+    end
+  end
+end

data/app/models/concerns/user_concerns.rb

@@ -0,0 +1,53 @@
+module UserConcerns
+  extend ActiveSupport::Concern
+
+  # Overridden by application
+  def roles
+    []
+  end
+
+  def has_role?(role)
+    superuser? || roles.include?(role)
+  end
+
+  def active?
+    !inactive?
+  end
+
+  def inactive?
+    inactive_flag
+  end
+
+  def superuser!(_superuser=true)
+    update_attribute(:superuser_flag, _superuser)
+  end
+
+  def superuser?
+    superuser_flag
+  end
+
+  def inactive!(_inactive=true)
+    update_attribute(:inactive_flag, _inactive)
+  end
+
+  def ldap_entry
+    UcbRailsUser::LdapPerson::Finder.find_by_uid!(uid)
+  end
+
+  def full_name
+    return nil unless first_name || last_name
+    "#{first_name} #{last_name}".strip
+  end
+
+  class_methods do
+    def active
+      where(inactive_flag: false)
+    end
+
+    def superuser
+      where(superuser_flag: true)
+    end
+  end
+
+end
+

data/app/models/ucb_rails_user/configuration/cas.rb

@@ -0,0 +1,53 @@
+module UcbRailsUser
+  module Configuration
+
+    class Cas
+      attr_accessor :config
+
+      def initialize(config)
+        self.config = config.presence || {}
+      end
+
+      def configure
+        configure_omniauth
+        set_ucb_rails_cas_host
+      end
+
+      def configure_omniauth
+        host_name = host
+        Rails.application.config.middleware.use OmniAuth::Builder do
+
+          unless Rails.env.production?
+            provider(:developer, fields: [:uid], uid_field: :uid)
+          end
+
+          provider :cas,
+            host: host_name,
+            login_url: '/cas/login?renew=true', # renew=true forces the login screen to appear each time
+            service_validate_url: '/cas/serviceValidate'
+        end
+      end
+
+      def set_ucb_rails_cas_host
+        UcbRailsUser.config.cas_host = host
+      end
+
+      private
+
+      def host
+        config.fetch('host', default_host)
+      end
+
+      def default_host
+        Rails.env.production? ? 'auth.berkeley.edu' : 'auth-test.berkeley.edu'
+      end
+
+      class << self
+        def configure(config)
+          new(config).configure
+        end
+      end
+    end
+
+  end
+end

data/app/models/ucb_rails_user/configuration/configuration.rb

@@ -0,0 +1,72 @@
+module UcbRailsUser
+  module Configuration
+
+  # Manage configuration from file.  Per environment or overall.
+  #
+  # @example
+  #   # config/config.yml
+  #   test:
+  #     ldap:
+  #       username: test_username
+  #       password: test_password
+  #
+  #   ldap:
+  #     username: top_username
+  #     password: top_password
+  #
+  #   # in config/initializers/ucb_rails.rb  (e.g.)
+  #   config = UcbRailsUser::Credentials.new
+  #
+  #   # in production -- pulls from top level, since no 'production' key
+  #   config.for('ldap') #=> { 'username' => 'top_username', 'password' => 'top_password' }
+  #
+  #   # in test -- pulls from 'test' key
+  #   config.for('ldap') #=> { 'username' => 'test_username', 'password' => 'test_password' }
+  class Configuration
+    FileNotFound = Class.new(StandardError)
+    KeyNotFound = Class.new(StandardError)
+
+    attr_accessor :config_filename, :config_yaml
+
+    def initialize(filename=Rails.root.join('config/config.yml'))
+      self.config_filename = filename.to_s
+      load_file
+    end
+
+    # Return configuration value for _key_.
+    # @param key [String]
+    def for(key)
+      from_environment(key) || from_top_level(key)
+    end
+
+    # Return configuration value for _key_.
+    # @raise [UcbRailsUser::Configuration::KeyNotFound] if _key_ not in configuration file.
+    def for!(key)
+      self.for(key) or raise(KeyNotFound, key.inspect)
+    end
+
+    private
+
+    def from_environment(key)
+      environment_value && environment_value[key]
+    end
+
+    def from_top_level(key)
+      config_yaml[key]
+    end
+
+    def environment_value
+      config_yaml[Rails.env]
+    end
+
+    def load_file
+      if File.exists?(config_filename)
+        self.config_yaml = YAML.load_file(config_filename)
+      else
+        raise(FileNotFound, config_filename)
+      end
+    end
+  end
+
+end
+end