mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-19 13:19:39 +02:00
c7c281073f
* Initial impersonation * Impersonation audit * Keep super admin separate * Remove vscode settings * Comment cleanup * Comment out impersonation fixtures for now * Remove unused controlelr * Add impersonation testing (#1326) * Add impersonation testing * Remove unused method * Update schema.rb * Update brakeman --------- Co-authored-by: Zach Gollwitzer <zach@maybe.co>
46 lines
1.1 KiB
Ruby
46 lines
1.1 KiB
Ruby
module Authentication
|
|
extend ActiveSupport::Concern
|
|
|
|
included do
|
|
before_action :set_request_details
|
|
before_action :authenticate_user!
|
|
end
|
|
|
|
class_methods do
|
|
def skip_authentication(**options)
|
|
skip_before_action :authenticate_user!, **options
|
|
end
|
|
end
|
|
|
|
private
|
|
def authenticate_user!
|
|
if session_record = find_session_by_cookie
|
|
Current.session = session_record
|
|
else
|
|
if self_hosted_first_login?
|
|
redirect_to new_registration_url
|
|
else
|
|
redirect_to new_session_url
|
|
end
|
|
end
|
|
end
|
|
|
|
def find_session_by_cookie
|
|
Session.find_by(id: cookies.signed[:session_token])
|
|
end
|
|
|
|
def create_session_for(user)
|
|
session = user.sessions.create!
|
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
|
session
|
|
end
|
|
|
|
def self_hosted_first_login?
|
|
Rails.application.config.app_mode.self_hosted? && User.count.zero?
|
|
end
|
|
|
|
def set_request_details
|
|
Current.user_agent = request.user_agent
|
|
Current.ip_address = request.ip
|
|
end
|
|
end
|