jam-cloud/web/app/controllers/sessions_controller.rb

# this is not a jam session - this is an 'auth session'
class SessionsController < ApplicationController

  layout "web"

  def new
    @login_error = false
    render :layout => "landing"
  end

  def create
    user = User.authenticate(params[:session][:email], params[:session][:password])

    if user.nil?
      @login_error = true
      render 'new', :layout => "landing"
    else

      if jkclient_agent?
        user.update_progression_field(:first_ran_client_at)
      end

      @session_only_cookie = !jkclient_agent? && !params[:user].nil? && 0 == params[:user][:remember_me].to_i
      complete_sign_in user
    end
  end


# OAuth docs
# http://net.tutsplus.com/tutorials/ruby/how-to-use-omniauth-to-authenticate-your-users/
  def create_oauth
    auth_hash = request.env['omniauth.auth']
    authorization = UserAuthorization.find_by_provider_and_uid(auth_hash["provider"], auth_hash["uid"])
    if authorization
      # Sign in for a user who has already registered.
      complete_sign_in authorization.user
    else
      # Sign up for a completely new user.
      # First/last name: auth_hash["info"]["first_name"] and auth_hash["info"]["last_name"]
      # token: auth_hash["credentials"]["token"] -- "expires_at"
      #
      # For debugging - to see what all is there:
      # render :text => auth_hash.to_yaml
      #FbGraph.debug!
      token = auth_hash[:credentials][:token]

      # FIXME:
      # This should probably be in a transaction somehow, meaning the user 
      # create and the authorization create. Concern is UserManager.new.signup sends
      # an email and whatnot.
      #
      # Also, should we grab their photo from facebook?
      user = UserManager.new.signup(remote_ip: remote_ip(),
                                    first_name: auth_hash[:info][:first_name],
                                    last_name: auth_hash[:info][:last_name],
                                    email: auth_hash[:info][:email])
                              
      # Users who sign up using oauth are presumed to have valid email adddresses.
      user.confirm_email!
      
      auth = user.user_authorizations.build :provider => auth_hash[:provider], 
                                            :uid => auth_hash[:uid], 
                                            :token => auth_hash[:credentials][:token], 
                                            :token_expiration => Time.at(auth_hash[:credentials][:expires_at])
      user.save
      complete_sign_in user
    end
  end


  # https://github.com/intridea/omniauth/wiki/Saving-User-Location
  def oauth_callback

    auth_hash = request.env['omniauth.auth']

    provider = auth_hash[:provider]

    if provider == 'twitter'
      @user_authorization = current_user.build_twitter_authorization(auth_hash)
      if !@user_authorization.save
        # this is a very poorly styled page, but it's better than a server error.
        # the only reason this happens is because some other account has authed this twitter acct
        render "twitter_oauth_failure"
        return
      end

      redirect_to request.env['omniauth.origin'] || '/'
      return
    elsif provider == 'facebook'
      fb_uid = auth_hash[:uid]
      token = auth_hash[:credentials][:token]
      token_expiration = Time.at(auth_hash[:credentials][:expires_at])
      first_name = auth_hash[:extra][:raw_info][:first_name]
      last_name = auth_hash[:extra][:raw_info][:last_name]
      email = auth_hash[:extra][:raw_info][:email]
      gender = auth_hash[:extra][:raw_info][:gender]

      fb_signup = FacebookSignup.new
      fb_signup.uid = fb_uid
      fb_signup.token = token
      fb_signup.token_expires_at = token_expiration
      fb_signup.first_name = first_name
      fb_signup.last_name = last_name
      fb_signup.email = email
      if gender == 'male'
        fb_signup.gender = 'M'
      elsif gender == 'female'
        fb_signup.gender = 'F'
      end
      fb_signup.save!

      redirect_to "#{signup_path}?facebook_signup=#{fb_signup.lookup_id}"
      return
    end

    if current_user.nil?
      render :nothing => true, :status => 404
      return
    end

    #authorization = UserAuthorization.find_by_provider_and_uid(auth_hash["provider"], auth_hash["uid"])

    # Always make and save a new authorization. This is because they expire, and honestly there's no cost
    # to just making and saving it.
    #if authorization.nil?
      authorization = current_user.user_authorizations.build :provider => auth_hash[:provider],
                                                             :uid => auth_hash[:uid], 
                                                             :token => auth_hash[:credentials][:token], 
                                                             :token_expiration => Time.at(auth_hash[:credentials][:expires_at])
      authorization.save
    #end

    render 'oauth_complete', :layout => "landing"
  end

  def complete_sign_in(user)
    sign_in user

    if !params[:sso].nil? && params[:sso] == "desk"
      # generate multipass token and sign it
      multipass = DeskMultipass.new(user)
      callback_url = SampleApp::Application.config.multipass_callback_url
      redirect_to "#{callback_url}?multipass=#{multipass.token}&signature=#{multipass.signature}"
    else
      redirect_back_or client_url
    end
  end

  def destroy
    # earlier, code here would delete the connection using client_id  from cookies
    # however, we should never try to delete the client_id cookie (make it as permanent as possible)
    # also, because the client will stop heartbeating and close the connection to gateway,
    # in any case the server will notice after 10 seconds that the user is gone.
    # if we really want someone to know right away that the client is gone, then just make sure the client calls
    # leave session before it calls delete (VRFS-617 should solve that)
    sign_out
    redirect_to client_url
  end

  def failure
    redirect_to request.query_parameters['origin'] || '/'
  end

  def connection_state
    if (defined?(TEST_CONNECT_STATES) && TEST_CONNECT_STATES) || 'development'==Rails.env
      @prefix = defined?(TEST_CONNECT_STATE_JS_LOG_PREFIX) ? TEST_CONNECT_STATE_JS_LOG_PREFIX : '*** '
      render('connection_state', :layout => 'client') && return
    end
    render :nothing => true, :status => 404
  end

end
* jam-web working for milestone1 2012-09-03 22:03:16 +00:00			`# this is not a jam session - this is an 'auth session'`
* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`class SessionsController < ApplicationController`

* VRFS-1083 - twitter mostly working; need to deal with edge cases 2014-02-07 14:07:08 +00:00			`layout "web"`

* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`def new`
* signin shows error -- but pretty ugly 2013-06-05 02:43:41 +00:00			`@login_error = false`
* sign-in up to spec VRFS-323 2013-06-02 19:27:46 +00:00			`render :layout => "landing"`
* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`end`

			`def create`
* VRFS-88 api/login done 2012-11-14 05:57:10 +00:00			`user = User.authenticate(params[:session][:email], params[:session][:password])`

			`if user.nil?`
* signin shows error -- but pretty ugly 2013-06-05 02:43:41 +00:00			`@login_error = true`
			`render 'new', :layout => "landing"`
* VRFS-88 api/login done 2012-11-14 05:57:10 +00:00			`else`
* VRFS-734 - adding all user progression tracking that is possible currently 2013-09-30 02:37:22 +00:00
			`if jkclient_agent?`
			`user.update_progression_field(:first_ran_client_at)`
			`end`

vrfs-273/403: recognize remember me option using browser 2013-08-09 16:07:04 +00:00			`@session_only_cookie = !jkclient_agent? && !params[:user].nil? && 0 == params[:user][:remember_me].to_i`
another set of oauth work 2012-11-15 08:47:19 +00:00			`complete_sign_in user`
* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`end`
			`end`

* VRFS-1083 - twitter mostly working; need to deal with edge cases 2014-02-07 14:07:08 +00:00
now oauth is working 2012-11-15 09:30:30 +00:00			`# OAuth docs`
			`# http://net.tutsplus.com/tutorials/ruby/how-to-use-omniauth-to-authenticate-your-users/`
Omniauth routes 2012-11-12 20:12:32 +00:00			`def create_oauth`
			`auth_hash = request.env['omniauth.auth']`
facebook integration work 2012-11-15 06:18:37 +00:00			`authorization = UserAuthorization.find_by_provider_and_uid(auth_hash["provider"], auth_hash["uid"])`
			`if authorization`
			`# Sign in for a user who has already registered.`
			`complete_sign_in authorization.user`
			`else`
			`# Sign up for a completely new user.`
			`# First/last name: auth_hash["info"]["first_name"] and auth_hash["info"]["last_name"]`
			`# token: auth_hash["credentials"]["token"] -- "expires_at"`
			`#`
			`# For debugging - to see what all is there:`
			`# render :text => auth_hash.to_yaml`
another set of oauth work 2012-11-15 08:47:19 +00:00			`#FbGraph.debug!`
			`token = auth_hash[:credentials][:token]`

			`# FIXME:`
			`# This should probably be in a transaction somehow, meaning the user`
			`# create and the authorization create. Concern is UserManager.new.signup sends`
			`# an email and whatnot.`
Use maxmind to populate location fields, added tests 2012-12-02 06:46:30 +00:00			`#`
			`# Also, should we grab their photo from facebook?`
* VRFS-1025 finished 2014-02-03 21:19:14 +00:00			`user = UserManager.new.signup(remote_ip: remote_ip(),`
			`first_name: auth_hash[:info][:first_name],`
			`last_name: auth_hash[:info][:last_name],`
			`email: auth_hash[:info][:email])`
added spec tests 2012-11-20 09:48:48 +00:00
			`# Users who sign up using oauth are presumed to have valid email adddresses.`
			`user.confirm_email!`

oauth tests 2012-11-22 07:52:13 +00:00			`auth = user.user_authorizations.build :provider => auth_hash[:provider],`
			`:uid => auth_hash[:uid],`
			`:token => auth_hash[:credentials][:token],`
			`:token_expiration => Time.at(auth_hash[:credentials][:expires_at])`
facebook integration work 2012-11-15 06:18:37 +00:00			`user.save`
			`complete_sign_in user`
			`end`
			`end`

* VRFS-1083 - twitter mostly working; need to deal with edge cases 2014-02-07 14:07:08 +00:00
			`# https://github.com/intridea/omniauth/wiki/Saving-User-Location`
gmail invitations 2013-09-07 07:59:55 +00:00			`def oauth_callback`
* VRFS-1025 finished 2014-02-03 21:19:14 +00:00
			`auth_hash = request.env['omniauth.auth']`

			`provider = auth_hash[:provider]`

* VRFS-1083 - twitter mostly working; need to deal with edge cases 2014-02-07 14:07:08 +00:00			`if provider == 'twitter'`
* VRFS-1083 user_authorizations require user now; found some bugs 2014-02-07 17:18:57 +00:00			`@user_authorization = current_user.build_twitter_authorization(auth_hash)`
			`if !@user_authorization.save`
			`# this is a very poorly styled page, but it's better than a server error.`
			`# the only reason this happens is because some other account has authed this twitter acct`
			`render "twitter_oauth_failure"`
			`return`
			`end`

* VRFS-1083 - twitter mostly working; need to deal with edge cases 2014-02-07 14:07:08 +00:00			`redirect_to request.env['omniauth.origin'] \|\| '/'`
			`return`
			`elsif provider == 'facebook'`
* VRFS-1025 finished 2014-02-03 21:19:14 +00:00			`fb_uid = auth_hash[:uid]`
			`token = auth_hash[:credentials][:token]`
			`token_expiration = Time.at(auth_hash[:credentials][:expires_at])`
			`first_name = auth_hash[:extra][:raw_info][:first_name]`
			`last_name = auth_hash[:extra][:raw_info][:last_name]`
			`email = auth_hash[:extra][:raw_info][:email]`
			`gender = auth_hash[:extra][:raw_info][:gender]`

			`fb_signup = FacebookSignup.new`
			`fb_signup.uid = fb_uid`
			`fb_signup.token = token`
			`fb_signup.token_expires_at = token_expiration`
			`fb_signup.first_name = first_name`
			`fb_signup.last_name = last_name`
			`fb_signup.email = email`
			`if gender == 'male'`
			`fb_signup.gender = 'M'`
			`elsif gender == 'female'`
			`fb_signup.gender = 'F'`
			`end`
			`fb_signup.save!`

			`redirect_to "#{signup_path}?facebook_signup=#{fb_signup.lookup_id}"`
			`return`
			`end`

gmail invitations 2013-09-07 07:59:55 +00:00			`if current_user.nil?`
			`render :nothing => true, :status => 404`
			`return`
			`end`

more work 2013-09-10 00:56:55 +00:00			`#authorization = UserAuthorization.find_by_provider_and_uid(auth_hash["provider"], auth_hash["uid"])`
gmail invitations 2013-09-07 07:59:55 +00:00
more work 2013-09-10 00:56:55 +00:00			`# Always make and save a new authorization. This is because they expire, and honestly there's no cost`
			`# to just making and saving it.`
			`#if authorization.nil?`
* VRFS-1025 finished 2014-02-03 21:19:14 +00:00			`authorization = current_user.user_authorizations.build :provider => auth_hash[:provider],`
gmail invitations 2013-09-07 07:59:55 +00:00			`:uid => auth_hash[:uid],`
			`:token => auth_hash[:credentials][:token],`
			`:token_expiration => Time.at(auth_hash[:credentials][:expires_at])`
			`authorization.save`
more work 2013-09-10 00:56:55 +00:00			`#end`
gmail invitations 2013-09-07 07:59:55 +00:00
* fix for typo in render layout in sessions controller 2013-09-08 03:17:11 +00:00			`render 'oauth_complete', :layout => "landing"`
gmail invitations 2013-09-07 07:59:55 +00:00			`end`

facebook integration work 2012-11-15 06:18:37 +00:00			`def complete_sign_in(user)`
			`sign_in user`
VRFS-377 desk.com integration 2013-07-01 01:06:22 +00:00
			`if !params[:sso].nil? && params[:sso] == "desk"`
VRFS-377 desk.com integration 2013-07-04 21:11:20 +00:00			`# generate multipass token and sign it`
			`multipass = DeskMultipass.new(user)`
			`callback_url = SampleApp::Application.config.multipass_callback_url`
VRFS-377 fix redirect url 2013-07-04 21:21:35 +00:00			`redirect_to "#{callback_url}?multipass=#{multipass.token}&signature=#{multipass.signature}"`
VRFS-377 desk.com integration 2013-07-01 01:06:22 +00:00			`else`
			`redirect_back_or client_url`
			`end`
Omniauth routes 2012-11-12 20:12:32 +00:00			`end`

* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`def destroy`
* fixing CTRL + N causing client update to go away in mac version of the client 2013-09-02 03:09:49 +00:00			`# earlier, code here would delete the connection using client_id from cookies`
* VRFS-616 - make sure to kill streams on signout. Also, noticed that a connection in conn_mgr was whacking connection in such a way that notifies didn't go out to others in party; took that out 2013-09-01 19:23:09 +00:00			`# however, we should never try to delete the client_id cookie (make it as permanent as possible)`
			`# also, because the client will stop heartbeating and close the connection to gateway,`
			`# in any case the server will notice after 10 seconds that the user is gone.`
* fixing CTRL + N causing client update to go away in mac version of the client 2013-09-02 03:09:49 +00:00			`# if we really want someone to know right away that the client is gone, then just make sure the client calls`
			`# leave session before it calls delete (VRFS-617 should solve that)`
* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`sign_out`
Initial version of landing page and support for non-logged-in client home. 2012-11-17 21:03:06 +00:00			`redirect_to client_url`
* removed all microposts/follower stuff; just user sign up and login 2012-08-31 03:01:52 +00:00			`end`
Omniauth routes 2012-11-12 20:12:32 +00:00
			`def failure`
* VRFS-1083 - twitter mostly working; need to deal with edge cases 2014-02-07 14:07:08 +00:00			`redirect_to request.query_parameters['origin'] \|\| '/'`
Omniauth routes 2012-11-12 20:12:32 +00:00			`end`
vrfs192: code cleanup 2013-02-28 18:44:33 +00:00
			`def connection_state`
vrfs192: added TEST_CONNECT_STATES bracked for connection states testing logic; added Capaybara::Poltergeist support; added connection_state.html.rb and associated actions/routes/tests for running connection state test suite in dev or test env 2013-03-01 01:51:15 +00:00			`if (defined?(TEST_CONNECT_STATES) && TEST_CONNECT_STATES) \|\| 'development'==Rails.env`
			`@prefix = defined?(TEST_CONNECT_STATE_JS_LOG_PREFIX) ? TEST_CONNECT_STATE_JS_LOG_PREFIX : '*** '`
			`render('connection_state', :layout => 'client') && return`
			`end`
			`render :nothing => true, :status => 404`
vrfs192: code cleanup 2013-02-28 18:44:33 +00:00			`end`

Omniauth routes 2012-11-12 20:12:32 +00:00			`end`