Class: EgovUtils::User

Inherits:
Principal show all
Defined in:
app/models/egov_utils/user.rb

Constant Summary collapse

DEFAULT_ROLE = 
nil
SEARCH_FIELDS = 
[
  'login', 'firstname', 'lastname', 'mail',
  "CONCAT(firstname, ' ', lastname)", "CONCAT(lastname, ' ', firstname)"
].freeze

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Principal

#auth_source, #ldap?, #ldap_domain, #organization_by_domain, #organization_id, #organization_id_by_key, #organization_key, #organization_with_suborganizations_ids, #organization_with_suborganizations_keys, #reload

Class Method Details

.anonymousObject 



91
92
93
 
# File 'app/models/egov_utils/user.rb', line 91

def self.anonymous
  self.new
end

.authenticate(login, password, active_only = true) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'app/models/egov_utils/user.rb', line 53

def self.authenticate(, password, active_only=true)
   = .to_s
  password = password.to_s

  # Make sure no one can sign in with an empty login or password
  return nil if .empty? || password.empty?

  # Fail over to case-insensitive if none was found
  user = find_by(login: ) || where( arel_table[:login].lower.eq(.downcase) ).first

  if user
    # user is already in local database
    return nil unless user.password_check?(password)
    return nil if active_only && !user.active?
  else
    # user is not yet registered, try to authenticate with available sources
    attrs = EgovUtils::AuthSource.authenticate(, password)
    if attrs
      user = new(attrs.merge(active: true))
      if user.ldap_register_allowed? && user.save
        user.reload
        logger.info("User '#{user.}' created from external auth source: #{user.provider}") if logger && user.auth_source
      end
    end
  end

  if user && !user.new_record?
    # Check last login
    if user.days_before_inactive && (user. || user.created_at) < (Time.now - user.days_before_inactive.days)
      user.update_column(:active, false)
    end

    user.update_column(:last_login_at, Time.now) if user.active?
  end

  user
end

.currentObject 



99
100
101
 
# File 'app/models/egov_utils/user.rb', line 99

def self.current
  RequestLocals.fetch(:current_user) { User.anonymous }
end

.current=(user) ⇒ Object 



95
96
97
 
# File 'app/models/egov_utils/user.rb', line 95

def self.current=(user)
  RequestLocals.store[:current_user] = user || anonymous
end

Instance Method Details

#admin?Boolean

Returns:

  • (Boolean) 


139
140
141
 
# File 'app/models/egov_utils/user.rb', line 139

def admin?
  has_role?('admin')
end

#all_role_namesObject 



147
148
149
150
151
 
# File 'app/models/egov_utils/user.rb', line 147

def all_role_names
  @all_role_names ||= groups.map(&:roles).flatten + Array(roles)
  @all_role_names << DEFAULT_ROLE if DEFAULT_ROLE && !@all_role_names.any?
  @all_role_names
end

#all_rolesObject 



153
154
155
 
# File 'app/models/egov_utils/user.rb', line 153

def all_roles
  all_role_names.map{|rn| EgovUtils::UserUtils::Role.find(rn) }.compact.collect{|cls| cls.new }
end

#fullnameObject 



135
136
137
 
# File 'app/models/egov_utils/user.rb', line 135

def fullname
  "#{firstname} #{lastname}"
end

#generate_reset_password_tokenObject 



176
177
178
179
 
# File 'app/models/egov_utils/user.rb', line 176

def generate_reset_password_token
  self.confirmation_code = nil
  generate_confirmation_code
end

#has_role?(role_name) ⇒ Boolean

Returns:

  • (Boolean) 


143
144
145
 
# File 'app/models/egov_utils/user.rb', line 143

def has_role?(role_name)
  all_role_names.include?(role_name)
end

#ldap_dnObject 



157
158
159
160
161
162
 
# File 'app/models/egov_utils/user.rb', line 157

def ldap_dn
  @ldap_dn ||= begin
    dn = auth_source.send(:get_user_dn, )
    dn[:dn] if dn
  end
end

#ldap_groupsObject 



164
165
166
 
# File 'app/models/egov_utils/user.rb', line 164

def ldap_groups
  groups.where.not(ldap_uid: nil)
end

#ldap_register_allowed?Boolean

Returns:

  • (Boolean) 


111
112
113
 
# File 'app/models/egov_utils/user.rb', line 111

def ldap_register_allowed?
  auth_source && auth_source.register_members_only? && ldap_groups.any?
end

#locked?Boolean

Returns:

  • (Boolean) 


131
132
133
 
# File 'app/models/egov_utils/user.rb', line 131

def locked?
  false
end

#logged?Boolean

Returns:

  • (Boolean) 


127
128
129
 
# File 'app/models/egov_utils/user.rb', line 127

def logged?
  persisted?
end

#must_change_password?Boolean

Returns:

  • (Boolean) 


168
169
170
 
# File 'app/models/egov_utils/user.rb', line 168

def must_change_password?
  (super || password_expired?) && !provider?
end

#password_change_possible?Boolean

Returns:

  • (Boolean) 


123
124
125
 
# File 'app/models/egov_utils/user.rb', line 123

def password_change_possible?
  !provider.present?
end

#password_check?(password) ⇒ Boolean

Returns:

  • (Boolean) 


115
116
117
118
119
120
121
 
# File 'app/models/egov_utils/user.rb', line 115

def password_check?(password)
  if provider.present?
    auth_source.authenticate(, password)
  else
    authenticate(password)
  end
end

#password_expired?Boolean

Returns:

  • (Boolean) 


172
173
174
 
# File 'app/models/egov_utils/user.rb', line 172

def password_expired?
  false
end

#rolesObject 



107
108
109
 
# File 'app/models/egov_utils/user.rb', line 107

def roles
  logged? ? super : ['anonymous']
end

#to_sObject 



103
104
105
 
# File 'app/models/egov_utils/user.rb', line 103

def to_s
  fullname
end