class UserSessionsController < ApplicationController skip_before_action :set_time_zone skip_before_action :login_required, except: :destroy skip_before_action :set_locale, only: :create before_action :redirect_root, only: :new def new #current_user_session.destroy unless current_user_session.nil? # error with vitrine session @session_original_fullpath = session[:original_fullpath] reset_session # session.destroy @session_pixtech='' #select template for the homepage if params[:session_pixtech_select] && !params[:session_pixtech_select].blank? @session_pixtech=params[:session_pixtech_select] else urls_in = PixtechParam.where(name: 'url_in').pluck(:value) case URI(root_url).host when 'agences.pixpalace.com','pixadmin.pixpalace.com' @template='pixadmin' @com_frame='pixadmin' when '2.pixpalace.com','pp2a.pixpalace2.com','pp2b.pixpalace2.com' @template='pixpalace2' @com_frame='pixpalace2' when 'www.pixtrakk.com' @template='pixtrakk' @com_frame='pixtrakk' when 'www.pixpalace.com', 'www2.pixpalace.com' @template='pixpalace' @com_frame='web' when *urls_in @session_pixtech = Pixtech.joins(:pixtech_params).select('pixteches.name').where(pixtech_params: {name: 'url_in', value: URI(root_url).host}).first.name else @template='pixpalace' @com_frame='cs' end end if @session_pixtech.blank? if Server.itself?(PP2_SERVER_NAME) #PP pictures number @pp_pics_tot = Pixways.count_prov_pictures(PA_URL) #PP2 pictures number @pp2_pics_tot = Image.search_count with: {content_error: false} else #PP pictures number @pp_pics_tot = Image.search_count with: {content_error: false} #PP2 pictures number @pp2_pics_tot = Pixways.count_prov_pictures(PP2_URL_BACKUP) end @pixways_url = "https://#{t('pixways_website_url')}" render 'new' else @pixtech_full_name = Pixways.get_pixtech_param_value(@session_pixtech,'full_name') @pixtech_logo_login = Pixways.get_pixtech_param_value(@session_pixtech,'login_page_logo') @pixtech_logo_login = Rails.application.assets.resolve("#{@pixtech_logo_login}").present? ? @pixtech_logo_login : 'PixTech_big.png' @custom_css = Pixways.get_pixtech_param_value(@session_pixtech,'custom_css') if @session_pixtech && @session_pixtech.include?('vitrine') if params[:user_token] pixtech_vitrine_user = User.find_by(persistence_token: params[:user_token]) else login_user_vitrine = Pixways.get_pixtech_param_value(@session_pixtech,'login_guest_vitrine') pixtech_vitrine_user = User.find_by(login: login_user_vitrine) end if pixtech_vitrine_user.nil? flash[:alert] = I18n.t'flash.wrong_server_connexion_auto' reason = params[:user_token] ? "user with persistence_token #{params[:user_token]}" : "user with login #{login_user_vitrine}" logger.warn "Failed login from #{request.remote_ip} at #{Time.now}, reason : #{reason} not found" @session_pixtech = @session_pixtech.partition('_vitrine')[0] render 'new_pixtech' elsif !(Server.itself?(Server.joins(:titles).where(titles: {id: pixtech_vitrine_user.title_id}).first.name)) #current_user_session.destroy flash[:alert] = I18n.t'flash.wrong_server_connexion_auto' reason = params[:user_token] ? "persistence_token #{params[:user_token]}" : "login #{login_user_vitrine}" logger.warn "Failed login from #{request.remote_ip} at #{Time.now}, reason : wrong server for user with #{reason}" @session_pixtech = @session_pixtech.partition('_vitrine')[0] render 'new_pixtech' else # current_user_session.destroy unless current_user_session.nil? # necessary? # reset_session # session.destroy create(pixtech_vitrine_user,@session_pixtech,@session_original_fullpath) and return end else render 'new_pixtech' end end end def create(user=nil, session_pixtech='',original_fullpath='') #def create(user=nil, session_pixtech='',original_fullpath=params[:session_original_fullpath]) if params[:from] == 'pix' logi = marek_internal_decrypt(params[:login]) pwd = Pixlog.find_by_username(logi).nil? ? "" : Pixlog.find_by_username(logi).company @user_session = UserSession.new(login: logi, password: pwd) ags = params[:provs] if params[:provs] pp_params = params[:pp2_params] if params[:pp2_params] pp_locale = params[:locale] if params[:locale] elsif !params[:user_token].blank? user = User.where(persistence_token: params[:user_token], status: 'active').first @user_session = UserSession.new(user) @connect_try = 1 elsif user @user_session = UserSession.new(user) else @user_session = UserSession.new(permitted_params) end if @user_session.save current_user = UserSession.find.user if current_user.nil? set_locale session[:pixtech] = params[:session_pixtech].nil? ? session_pixtech : params[:session_pixtech] session[:service_name] = session[:pixtech].blank? ? 'PixPalace' : 'PixTech' if session[:pixtech].blank? session[:provider_word]= 'provider' session[:creator_word]= 'creator' else provider_word_param_value = Pixways.get_pixtech_param_value(session[:pixtech],'provider_word') creator_word_param_value = Pixways.get_pixtech_param_value(session[:pixtech],'creator_word') session[:provider_word]= provider_word_param_value.blank? ? 'provider' : provider_word_param_value session[:creator_word]= creator_word_param_value.blank? ? 'creator' : creator_word_param_value end if current_user.light_boxes.empty? current_user.light_boxes.create(:name => I18n.t('light_box.name'), :title_id => current_user.title_id) end if mobile_browser? # do not update user's settings but only params for the session - problem with PixTech vitrine where user pixtech_vitrine is used as the guest profile # current_user.setting.update_attribute(:default_per_page,8) # current_user.setting.update_attribute(:display_params_previsualisation,0) # current_user.setting.update_attribute(:display_params_display_text,0) # cookies[:pw_provider_panel_state] = false # cookies[:pw_search_panel_state] = false # cookies['ui-tabs-1'] = -1 # cookies['ui-tabs-2'] = -1 else cookies[:pw_search_panel_state] = false unless cookies[:pw_search_panel_state].present? cookies['ui-tabs-1'] = -1 unless cookies['ui-tabs-1'].present? cookies['ui-tabs-2'] = -1 unless cookies['ui-tabs-2'].present? end provs = [] provbd = [] provhd = [] provpe = [] tpgn = Title.find(current_user.title_id).title_provider_group_name.id TitleProviderGroup.joins(:provider).where(title_provider_group_name_id: tpgn).order('providers.name').collect{|tpg| provs << tpg.provider_id} provs.each do |p| tpg_id = TitleProviderGroup.where(provider_id: p, title_provider_group_name_id: tpgn) provbd[p] = Authorization.is_ok?(1, tpg_id) provhd[p] = Authorization.is_ok?(2, tpg_id) provpe[p] = Authorization.is_ok?(3, tpg_id) end session[:provs] = provs session[:provbd] = provbd session[:provhd] = provhd session[:provpe] = provpe border_color = [] provs.each do |p| border_color[p] = current_user.setting.border_color_provider[p.to_s] if current_user.setting.border_color_provider.include?(p.to_s) end unless current_user.setting.border_color_provider.nil? session[:border_color] = border_color session[:login_pp2] = marek_crypt(current_user.login) session[:title_name] = Title.find(current_user.title_id).name session[:time_zone] = current_user.setting.time_zone if (session[:pixtech] && !session[:pixtech].blank?) && (current_user.is_photographer? || current_user.is_photographer_admin?) author_prov = Provider.where(name: "#{current_user.last_name.mb_chars.upcase.to_s} #{current_user.first_name.capitalize}",provider_type_id: 2) unless author_prov.nil? session[:pixtech_author] = [] author_prov.each do |p| session[:pixtech_author] << p.id if p.is_pixtech_author?(session[:pixtech]) end end end flash[:notice] = I18n.t'flash.logged_in_successfully' #redirect_back_or_default(home_url(pp_params: pp_params, ags: ags)) if session[:pixtech]=='vozimage' render :text => "" else # if original_fullpath.blank? redirect_to(home_url(pp_params: pp_params, ags: ags, locale: pp_locale)) # else # redirect_to(original_fullpath) # end end else note_failed_signin redirect_to(root_url) end end def destroy current_user_session.destroy flash[:notice] = I18n.t'flash.you_have_been_logged_out' if session[:pixtech] && session[:pixtech] == 'vozimage' vozimage_url_out = Pixways.get_pixtech_param_value('vozimage','url_out') vozimage_url_out.blank? ? redirect_to(root_url) : redirect_to(vozimage_url_out) elsif Server.itself?(PTREF_SERVER_NAME) render layout: false else redirect_to(root_url) end reset_session # session.destroy end def update redirect_to action: 'new', user_token: params['user_token'] end def error render file: "#{Rails.public_path}/500.html", layout: false, status: 500 end def denied render file: "#{Rails.public_path}/422.html", layout: false, status: 422 end # Track failed login attempts def note_failed_signin if !(params[:user_session].nil?) and !(params[:user_session][:login].nil?) login_failed = params[:user_session][:login] elsif !(params[:login].nil?) login_failed = marek_internal_decrypt(params[:login]) else login_failed = 'nil login' end flash[:alert] = I18n.t'flash.log_in_failed' logger.warn "Failed login for '#{login_failed}' from #{request.remote_ip} at #{Time.now}, error : #{@user_session.errors.full_messages}" end def check_user check_cred_res = {} check_cred_res['success'] = true if Pixways.get_pixtech_param_value(params[:session_pixtech],'email_as_login') == 'true' user = User.find_by(email: params[:login]) else user = User.find_by(login: params[:login]) end #check login if user.nil? check_cred_res['success'] = false check_cred_res['error'] = I18n.t'flash.log_in_failed' else #check if user is deactivated if user.is_deactivated? || user.status != 'active' check_cred_res['success'] = false reason = user.is_deactivated? ? t('flash.deactivated_account') : t('flash.inactive_account') check_cred_res['error'] = "#{t'flash.failed_connection'} : #{reason}" else #check password if !(user.valid_password?(params[:password])) check_cred_res['success'] = false check_cred_res['error'] = I18n.t'flash.log_in_failed' else #check server user_server_name = Server.joins(:titles).where(titles: {id: user.title_id}).first.name admin_group_name = Pixways.get_pixtech_param_value(params[:session_pixtech],'admin_group_name') author_group_prefix = params[:session_pixtech].blank? ? "" : "0_#{params[:session_pixtech].capitalize}" # To change if changed in the creation process user_group_name = TitleProviderGroupName.joins(:titles).where(titles: {id: user.title_id}).first.name if (params[:session_pixtech].blank? && !Server.itself?(user_server_name)) || # Check if user's title belong to the server where they try to connect ( Server.itself?(PIXADMIN_SERVER_NAME) && !params[:session_pixtech].blank? && !user.is_superadmin? && (user_group_name != admin_group_name && !user_group_name.start_with?(author_group_prefix)) ) # Check if user's title's group is one in the PixTech parameters to avoid user to connect with other PixTech admin interface (ignored if superadmin) check_cred_res['success'] = false check_cred_res['error'] = I18n.t'flash.wrong_server' else check_cred_res['success'] = true check_cred_res['token'] = user.persistence_token end end end end if check_cred_res['error'] flash[:alert] = check_cred_res['error'] logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now}, error : #{check_cred_res['error']}" # note_failed_signin end respond_to do |format| format.json { render json: check_cred_res.to_json } end end def check_user_email check_user_res = {} if params[:google_jwt] begin decoded_token = JWT.decode(params[:google_jwt], nil, false) user = User.find_by(email: decoded_token[0]['email']) rescue JWT::InvalidIssuerError => e check_user_res['success'] = false check_user_res['error'] = e.message end else user = User.find_by(email: params[:email]) end #check login if user.nil? check_user_res['success'] = false check_user_res['error'] = I18n.t'flash.no_registered_user_with_email' else check_user_res['success'] = true check_user_res['token'] = user.persistence_token end respond_to do |format| format.json { render json: check_user_res.to_json } end end private def redirect_root redirect_to ('/') if request.fullpath=="/user_session/new" end def permitted_params params.require(:user_session).permit(:login, :email, :password) end end