Class: Lato::User

Inherits:
ApplicationRecord show all
Includes:
DependencyHelper, LatoUserApplication
Defined in:
app/models/lato/user.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from DependencyHelper

#depends_on

Instance Attribute Details

#actionsObject

Free for custom user indexes with actions



3
4
5
# File 'app/models/lato/user.rb', line 3

def actions
  @actions
end

Instance Method Details

#accept_invitation(params) ⇒ Object



297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
# File 'app/models/lato/user.rb', line 297

def accept_invitation(params)
  invitation = Lato::Invitation.find_by(id: params[:id], accepted_code: params[:accepted_code])
  if !invitation || invitation.accepted? || invitation.email != email
    errors.add(:base, :invitation_invalid)
    return
  end

  ActiveRecord::Base.transaction do
    raise ActiveRecord::Rollback unless save && invitation.update(
      accepted_at: Time.now,
      lato_user_id: id
    )

    true
  end
end

#add_web3_connection(params) ⇒ Object



314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
# File 'app/models/lato/user.rb', line 314

def add_web3_connection(params)
  depends_on('eth')

  signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
  signature_address = Eth::Util.public_key_to_address signature_pubkey
  unless signature_address.to_s.downcase == params[:web3_address].downcase
    errors.add(:base, :web3_address_invalid)
    return
  end

  update(web3_address: params[:web3_address])
rescue StandardError => e
  errors.add(:base, :web3_connection_error)
  false
end

#authenticator(params) ⇒ Object



430
431
432
433
434
435
436
437
438
439
440
441
# File 'app/models/lato/user.rb', line 430

def authenticator(params)
  return false unless authenticator_enabled?

  totp = ROTP::TOTP.new(authenticator_secret)
  result = totp.verify(params[:authenticator_code])
  unless result
    errors.add(:base, :authenticator_code_invalid)
    return
  end

  true
end

#authenticator_enabled?Boolean

Returns:

  • (Boolean)


60
61
62
# File 'app/models/lato/user.rb', line 60

def authenticator_enabled?
  !authenticator_secret.blank?
end

#authenticator_qr_code_base64(size = 200) ⇒ Object



95
96
97
# File 'app/models/lato/user.rb', line 95

def authenticator_qr_code_base64(size = 200)
  "data:image/png;base64,#{Base64.strict_encode64(RQRCode::QRCode.new(ROTP::TOTP.new(authenticator_secret, :issuer => Lato.config.application_title).provisioning_uri(email).to_s).as_png(size: size, border_modules: 0).to_s)}"
end

#c_email_verification_code(value = nil) ⇒ Object



454
455
456
457
458
459
460
# File 'app/models/lato/user.rb', line 454

def c_email_verification_code(value = nil)
  cache_key = "Lato::User/c_email_verification_code/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 30.minutes)
  value
end

#c_email_verification_semaphore(value = nil) ⇒ Object

Cache



446
447
448
449
450
451
452
# File 'app/models/lato/user.rb', line 446

def c_email_verification_semaphore(value = nil)
  cache_key = "Lato::User/c_email_verification_semaphore/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 2.minutes)
  value
end

#c_password_update_code(value = nil) ⇒ Object



462
463
464
465
466
467
468
# File 'app/models/lato/user.rb', line 462

def c_password_update_code(value = nil)
  cache_key = "Lato::User/c_password_update_code/#{id}"
  return Rails.cache.read(cache_key) if value.nil?

  Rails.cache.write(cache_key, value, expires_in: 30.minutes)
  value
end

#destroy_with_confirmation(params) ⇒ Object



288
289
290
291
292
293
294
295
# File 'app/models/lato/user.rb', line 288

def destroy_with_confirmation(params)
  unless params[:email_confirmation] == email
    errors.add(:email, :not_correct)
    return
  end

  destroy
end

#email_protectedObject



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'app/models/lato/user.rb', line 75

def email_protected
  return email unless email.include?('@')
  
  local_part, domain = email.split('@', 2)
  
  # Keep first 2 characters of local part
  chars_to_keep = [local_part.length, 2].min
  protected_local = local_part[0, chars_to_keep] + '*' * [local_part.length - chars_to_keep, 0].max
  
  # Keep domain as is or partially protect it
  chars_to_keep = [domain.length, 2].min
  protected_domain = domain[0, chars_to_keep] + '*' * [domain.length - chars_to_keep, 0].max
  
  "#{protected_local}@#{protected_domain}"
end

#full_nameObject

Helpers



71
72
73
# File 'app/models/lato/user.rb', line 71

def full_name
  "#{last_name} #{first_name}"
end

#generate_authenticator_secretObject



422
423
424
# File 'app/models/lato/user.rb', line 422

def generate_authenticator_secret
  update(authenticator_secret: ROTP::Base32.random)
end

#gravatar_image_url(size = 200) ⇒ Object



91
92
93
# File 'app/models/lato/user.rb', line 91

def gravatar_image_url(size = 200)
  @gravatar_image_url ||= "https://www.gravatar.com/avatar/#{Digest::MD5.hexdigest(email)}?s=#{size}"
end

#register_webauthn_credential(credential_payload, encoded_challenge) ⇒ Object



352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
# File 'app/models/lato/user.rb', line 352

def register_webauthn_credential(credential_payload, encoded_challenge)
  if credential_payload.blank?
    errors.add(:base, :webauthn_payload_missing)
    return false
  end

  if encoded_challenge.blank?
    errors.add(:base, :webauthn_challenge_missing)
    return false
  end

  parsed_payload = JSON.parse(credential_payload)
  credential = WebAuthn::Credential.from_create(parsed_payload)
  credential.verify(Base64.strict_decode64(encoded_challenge))

  update(
    webauthn_id: Base64.strict_encode64(credential.raw_id),
    webauthn_public_key: credential.public_key
  )
rescue JSON::ParserError, WebAuthn::Error => e
  Rails.logger.error(e)
  errors.add(:base, :webauthn_registration_failed)
  false
end

#remove_authenticator_secretObject



426
427
428
# File 'app/models/lato/user.rb', line 426

def remove_authenticator_secret
  update(authenticator_secret: nil)
end

#remove_web3_connectionObject



330
331
332
333
# File 'app/models/lato/user.rb', line 330

def remove_web3_connection
  update(web3_address: nil)
  true
end

#remove_webauthn_credentialObject



415
416
417
418
419
420
# File 'app/models/lato/user.rb', line 415

def remove_webauthn_credential
  update(
    webauthn_id: nil,
    webauthn_public_key: nil
  )
end

#request_recover_password(params) ⇒ Object



226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
# File 'app/models/lato/user.rb', line 226

def request_recover_password(params)
  user = Lato::User.find_by(email: params[:email])
  unless user
    errors.add(:email, :not_registered)
    return
  end

  code = SecureRandom.hex.upcase
  delivery = Lato::UserMailer.password_update_mail(user.id, code).deliver_now
  unless delivery
    errors.add(:base, :email_sending_error)
    return
  end

  self.id = user.id
  reload

  c_password_update_code(code)

  true
end

#request_verify_emailObject



187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# File 'app/models/lato/user.rb', line 187

def request_verify_email
  if c_email_verification_semaphore
    errors.add(:base, :email_verification_limit)
    return
  end

  code = SecureRandom.hex.upcase
  delivery = Lato::UserMailer.email_verification_mail(id, code).deliver_now
  unless delivery
    errors.add(:base, :email_sending_error)
    return
  end

  c_email_verification_code(code)
  c_email_verification_semaphore(true)

  true
end

#signin(params) ⇒ Object



117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# File 'app/models/lato/user.rb', line 117

def (params)
  self.email = params[:email]

  user = Lato::User.find_by(email: params[:email])
  unless user
    errors.add(:email, :not_correct)
    return
  end

  unless user.authenticate(params[:password])
    errors.add(:password, :not_correct)
    return
  end

  self.id = user.id
  reload

  begin
    lato_log_user_signins.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  # Send login notification email unless disabled via config
  unless Lato.config.
    Lato::UserMailer.(id, params[:ip_address]).deliver_later
  end

  true
end

#signup(params = {}) ⇒ Object

Operations



102
103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'app/models/lato/user.rb', line 102

def (params = {})
  return unless save

  begin
    lato_log_user_signups.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  true
end

#update_accepted_privacy_policy_version(params) ⇒ Object



270
271
272
273
274
275
276
277
# File 'app/models/lato/user.rb', line 270

def update_accepted_privacy_policy_version(params)
  unless params[:confirm]
    errors.add(:base, :privacy_policy_invalid)
    return
  end

  update(accepted_privacy_policy_version: Lato.config.legal_privacy_policy_version)
end

#update_accepted_terms_and_conditions_version(params) ⇒ Object



279
280
281
282
283
284
285
286
# File 'app/models/lato/user.rb', line 279

def update_accepted_terms_and_conditions_version(params)
  unless params[:confirm]
    errors.add(:base, :terms_and_conditions_invalid)
    return
  end

  update(accepted_terms_and_conditions_version: Lato.config.legal_terms_and_conditions_version)
end

#update_password(params) ⇒ Object



248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
# File 'app/models/lato/user.rb', line 248

def update_password(params)
  password_update_code = c_password_update_code

  if password_update_code.blank?
    errors.add(:base, :password_update_code_expired)
    return
  end

  unless password_update_code == params[:code]
    errors.add(:base, :password_update_code_invalid)
    return
  end

  c_password_update_code('')

  update(params.permit(:password, :password_confirmation).merge(
    authenticator_secret: nil, # Reset authenticator secret when password is updated
    webauthn_id: nil,          # Reset webauthn credential when password is updated
    webauthn_public_key: nil   # Reset webauthn credential when password is updated
  ))
end

#valid_accepted_privacy_policy_version?Boolean

Questions

Returns:

  • (Boolean)


52
53
54
# File 'app/models/lato/user.rb', line 52

def valid_accepted_privacy_policy_version?
  @valid_accepted_privacy_policy_version ||= accepted_privacy_policy_version >= Lato.config.legal_privacy_policy_version
end

#valid_accepted_terms_and_conditions_version?Boolean

Returns:

  • (Boolean)


56
57
58
# File 'app/models/lato/user.rb', line 56

def valid_accepted_terms_and_conditions_version?
  @valid_accepted_terms_and_conditions_version ||= accepted_terms_and_conditions_version >= Lato.config.legal_terms_and_conditions_version
end

#verify_email(params) ⇒ Object



206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
# File 'app/models/lato/user.rb', line 206

def verify_email(params)
  email_verification_code = c_email_verification_code

  if email_verification_code.blank?
    errors.add(:base, :email_verification_code_expired)
    return
  end

  unless email_verification_code == params[:code]
    errors.add(:base, :email_verification_code_invalid)
    return
  end

  c_email_verification_code('')
  c_email_verification_semaphore(false)

  update_column(:email_verified_at, Time.now)
  true
end

#web3_signin(params) ⇒ Object



151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# File 'app/models/lato/user.rb', line 151

def (params)
  depends_on('eth')

  self.web3_address = params[:web3_address]

  user = Lato::User.find_by(web3_address: params[:web3_address].downcase)
  unless user
    errors.add(:web3_address, :not_correct)
    return
  end

  signature_pubkey = Eth::Signature.personal_recover(params[:web3_nonce], params[:web3_signed_nonce])
  signature_address = Eth::Util.public_key_to_address signature_pubkey
  unless signature_address.to_s.downcase == params[:web3_address].downcase
    errors.add(:web3_signed_nonce, :not_correct)
    return
  end

  self.id = user.id
  reload

  begin
    lato_log_user_signins.create(
      ip_address: params[:ip_address],
      user_agent: params[:user_agent]
    )
  rescue StandardError => e
    Rails.logger.error(e)
  end

  true
rescue StandardError => e
  errors.add(:base, :web3_connection_error)
  false
end

#webauthn_authentication(params, encoded_challenge) ⇒ Object



377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
# File 'app/models/lato/user.rb', line 377

def webauthn_authentication(params, encoded_challenge)
  return false unless webauthn_enabled?

  if params[:webauthn_credential].blank?
    errors.add(:base, :webauthn_payload_missing)
    return false
  end

  if encoded_challenge.blank?
    errors.add(:base, :webauthn_challenge_missing)
    return false
  end

  parsed_payload = JSON.parse(params[:webauthn_credential])
  
  # Converti i campi da base64url a base64 standard per il gem webauthn
  parsed_payload['rawId'] = base64url_to_base64(parsed_payload['rawId'])
  parsed_payload['response']['clientDataJSON'] = base64url_to_base64(parsed_payload['response']['clientDataJSON'])
  parsed_payload['response']['authenticatorData'] = base64url_to_base64(parsed_payload['response']['authenticatorData'])
  parsed_payload['response']['signature'] = base64url_to_base64(parsed_payload['response']['signature'])
  parsed_payload['response']['userHandle'] = base64url_to_base64(parsed_payload['response']['userHandle']) if parsed_payload['response']['userHandle']
  
  credential = WebAuthn::Credential.from_get(parsed_payload)
  
  credential.verify(
    encoded_challenge,
    public_key: webauthn_public_key,
    sign_count: 0
  )

  true
rescue JSON::ParserError, WebAuthn::Error => e
  Rails.logger.error(e)
  Rails.logger.error(e.backtrace.join("\n"))
  errors.add(:base, :webauthn_authentication_failed)
  false
end

#webauthn_authentication_optionsObject



346
347
348
349
350
# File 'app/models/lato/user.rb', line 346

def webauthn_authentication_options
  WebAuthn::Credential.options_for_get(
    allow: webauthn_allow_credentials.map { |cred| Base64.strict_encode64(cred) }
  )
end

#webauthn_enabled?Boolean

Returns:

  • (Boolean)


64
65
66
# File 'app/models/lato/user.rb', line 64

def webauthn_enabled?
  webauthn_id.present? && webauthn_public_key.present?
end

#webauthn_registration_optionsObject



335
336
337
338
339
340
341
342
343
344
# File 'app/models/lato/user.rb', line 335

def webauthn_registration_options
  WebAuthn::Credential.options_for_create(
    user: {
      id: Base64.strict_encode64(webauthn_user_handle),
      name: email,
      display_name: full_name
    },
    exclude: webauthn_exclude_credentials.map { |cred| Base64.strict_encode64(cred) }
  )
end