Merge pull request #914 from internetee/refactor-devise-integration

Refactor devise integration

app/api/repp/api.rb

@@ -4,7 +4,7 @@ class API < Grape::API
     prefix :repp
 
     http_basic do |username, password|
-      @current_user ||= ApiUser.find_by(username: username, password: password)
+      @current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
       if @current_user
         true
       else

app/controllers/admin/api_users_controller.rb

@@ -32,7 +32,10 @@ def edit;
     end
 
     def update
-      params[:api_user].delete(:password) if params[:api_user][:password].blank?
+      if params[:api_user][:plain_text_password].blank?
+        params[:api_user].delete(:plain_text_password)
+      end
+
       if @api_user.update(api_user_params)
         flash[:notice] = I18n.t('record_updated')
         redirect_to [:admin, @api_user]
@@ -59,7 +62,7 @@ def set_api_user
     end
 
     def api_user_params
-      params.require(:api_user).permit(:username, :password, :active,
+      params.require(:api_user).permit(:username, :plain_text_password, :active,
                                        :registrar_id, :registrar_typeahead,
                                        :identity_code, { roles: [] })
     end

app/controllers/admin/base_controller.rb

@@ -1,10 +1,20 @@
 module Admin
   class BaseController < ApplicationController
-    before_action :authenticate_user!
+    before_action :authenticate_admin_user!
     helper_method :head_title_sufix
 
     def head_title_sufix
       t(:admin_head_title_sufix)
     end
+
+    private
+
+    def current_ability
+      @current_ability ||= Ability.new(current_admin_user)
+    end
+
+    def user_for_paper_trail
+      current_admin_user ? current_admin_user.id_role_username : 'anonymous'
+    end
   end
-end
+end

app/controllers/admin/dashboard_controller.rb

@@ -0,0 +1,7 @@
+module Admin
+  class DashboardController < BaseController
+    authorize_resource class: false
+
+    def show; end
+  end
+end

app/controllers/admin/pending_deletes_controller.rb

@@ -6,7 +6,7 @@ class PendingDeletesController < BaseController
     def update
       authorize! :update, :pending
 
-      if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}")
+      if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}")
         redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
       else
         redirect_to admin_domain_path(@domain.id), alert: t(:failure)
@@ -16,7 +16,7 @@ def update
     def destroy
       authorize! :destroy, :pending
 
-      if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}")
+      if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}")
         redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
       else
         redirect_to admin_domain_path(@domain.id), alert: t(:failure)

app/controllers/admin/pending_updates_controller.rb

@@ -6,7 +6,7 @@ class PendingUpdatesController < BaseController
     def update
       authorize! :update, :pending
 
-      if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}")
+      if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}")
         redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
       else
         redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure)
@@ -15,7 +15,7 @@ def update
 
     def destroy
       authorize! :destroy, :pending
-      if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}")
+      if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}")
         redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
       else
         redirect_to admin_domain_path(@domain.id), alert: t(:failure)

app/controllers/admin/sessions_controller.rb

@@ -1,28 +1,17 @@
 module Admin
   class SessionsController < Devise::SessionsController
-    skip_authorization_check only: :create
+    private
 
-    def login
-      @admin_user = AdminUser.new
+    def after_sign_in_path_for(_resource_or_scope)
+      admin_domains_path
     end
 
-    def create
-      if params[:admin_user].blank?
-        @admin_user = AdminUser.new
-        flash[:alert] = 'Something went wrong'
-        return render 'login'
-      end
-
-      @admin_user = AdminUser.find_by(username: params[:admin_user][:username])
-      @admin_user ||= AdminUser.new(username: params[:admin_user][:username])
+    def after_sign_out_path_for(_resource_or_scope)
+      new_admin_user_session_path
+    end
 
-      if @admin_user.valid_password?(params[:admin_user][:password])
-        sign_in @admin_user, event: :authentication
-        redirect_to admin_root_url, notice: I18n.t(:welcome)
-      else
-        flash[:alert] = 'Authorization error'
-        render 'login'
-      end
+    def user_for_paper_trail
+      current_admin_user ? current_admin_user.id_role_username : 'anonymous'
     end
   end
-end
+end

app/controllers/api/v1/registrant/contacts_controller.rb

@@ -35,7 +35,7 @@ def show
         private
 
         def set_contacts_pool
-          country_code, ident = current_user.registrant_ident.to_s.split '-'
+          country_code, ident = current_registrant_user.registrant_ident.to_s.split '-'
           associated_domain_ids = begin
             BusinessRegistryCache.fetch_by_ident_and_cc(ident, country_code).associated_domain_ids
           end

app/controllers/api/v1/registrant/domains_controller.rb

@@ -16,12 +16,12 @@ def index
                    status: :bad_request) && return
           end
 
-          @domains = associated_domains(current_user).limit(limit).offset(offset)
+          @domains = associated_domains(current_registrant_user).limit(limit).offset(offset)
           render json: @domains
         end
 
         def show
-          domain_pool = associated_domains(current_user)
+          domain_pool = associated_domains(current_registrant_user)
           @domain = domain_pool.find_by(uuid: params[:uuid])
 
           if @domain

app/controllers/application_controller.rb

@@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base
   end
 
   rescue_from CanCan::AccessDenied do |exception|
-    redirect_to current_root_url, alert: exception.message
+    redirect_to root_url, alert: exception.message
   end
 
-  helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url
   helper_method :available_languages
 
-  def registrant_request?
-    request.path.match(/^\/registrant/)
-  end
-
-  def registrar_request?
-    request.path.match(/^\/registrar/)
-  end
-
-  def admin_request?
-    request.path.match(/^\/admin/)
-  end
-
-  def current_root_url
-    if registrar_request?
-      registrar_root_url
-    elsif registrant_request?
-      registrant_login_url
-    elsif admin_request?
-      admin_root_url
-    end
-  end
-
-  def after_sign_in_path_for(_resource)
-    rt = session[:user_return_to].to_s.presence
-    login_paths = [admin_login_path, registrar_login_path, '/login']
-    return rt if rt && !login_paths.include?(rt)
-    current_root_url
-  end
-
-  def after_sign_out_path_for(_resource)
-    if registrar_request?
-      registrar_login_url
-    elsif registrant_request?
-      registrant_login_url
-    elsif admin_request?
-      admin_login_url
-    end
-  end
-
   def info_for_paper_trail
     { uuid: request.uuid }
   end
 
-  def user_for_paper_trail
-    user_log_str(current_user)
-  end
-
-  def user_log_str(user)
-    user.nil? ? 'public' : user.id_role_username
-  end
-
   def comma_support_for(parent_key, key)
     return if params[parent_key].blank?
     return if params[parent_key][key].blank?
@@ -80,4 +32,4 @@ def comma_support_for(parent_key, key)
   def available_languages
     { en: 'English', et: 'Estonian' }.invert
   end
-end
+end

app/controllers/epp/sessions_controller.rb

@@ -81,7 +81,7 @@ def login
 
     if success
       if params[:parsed_frame].css('newPW').first
-        unless @api_user.update(password: params[:parsed_frame].css('newPW').first.text)
+        unless @api_user.update(plain_text_password: params[:parsed_frame].css('newPW').first.text)
           response.headers['X-EPP-Returncode'] = '2500'
           handle_errors(@api_user) and return
         end
@@ -128,7 +128,7 @@ def logout
   def login_params
     user = params[:parsed_frame].css('clID').first.text
     pw = params[:parsed_frame].css('pw').first.text
-    { username: user, password: pw }
+    { username: user, plain_text_password: pw }
   end
 
   private

app/controllers/registrant/contacts_controller.rb

@@ -3,7 +3,6 @@ class Registrant::ContactsController < RegistrantController
 
   def show
     @contact = Contact.where(id: contacts).find_by(id: params[:id])
-    @current_user = current_user
 
     authorize! :read, @contact
   end
@@ -22,7 +21,7 @@ def contacts
 
   def domain_ids
     @domain_ids ||= begin
-      ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
+      ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-'
       BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids
     end
   end

app/controllers/registrant/domain_delete_confirms_controller.rb

@@ -19,7 +19,8 @@ def update
                                                           domain_name: @domain.name,
                                                           verification_token: params[:token])
 
-    initiator = current_user ? current_user.username : t(:user_not_authenticated)
+    initiator = current_registrant_user ? current_registrant_user.username :
+                  t(:user_not_authenticated)
 
     if params[:rejected]
       if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")

app/controllers/registrant/domain_update_confirms_controller.rb

@@ -19,7 +19,8 @@ def update
                                                           domain_name: @domain.name,
                                                           verification_token: params[:token])
 
-    initiator = current_user ? current_user.username : t(:user_not_authenticated)
+    initiator = current_registrant_user ? current_registrant_user.username :
+                  t(:user_not_authenticated)
 
     if params[:rejected]
       if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}")

app/controllers/registrant/domains_controller.rb

@@ -54,13 +54,13 @@ def set_domain
   end
 
   def domains
-    ident_cc, ident = @current_user.registrant_ident.split '-'
+    ident_cc, ident = current_registrant_user.registrant_ident.split '-'
     begin
       BusinessRegistryCache.fetch_associated_domains ident, ident_cc
     rescue Soap::Arireg::NotAvailableError => error
       flash[:notice] = I18n.t(error.json[:message])
       Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
-      current_user.domains
+      current_registrant_user.domains
     end
   end
 

app/controllers/registrant/sessions_controller.rb

@@ -1,20 +1,18 @@
 class Registrant::SessionsController < Devise::SessionsController
   layout 'registrant/application'
 
-  def login
-  end
+  def new; end
 
   def id
     id_code, id_issuer = request.env['SSL_CLIENT_S_DN'], request.env['SSL_CLIENT_I_DN_O']
     id_code, id_issuer = 'test', RegistrantUser::ACCEPTED_ISSUER if Rails.env.development?
 
     @user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer)
     if @user
-      sign_in(@user, event: :authentication)
-      redirect_to registrant_root_url
+      sign_in_and_redirect(:registrant_user, @user, event: :authentication)
     else
       flash[:alert] = t('login_failed_check_id_card')
-      redirect_to registrant_login_url
+      redirect_to new_registrant_user_session_url
     end
   end
 
@@ -68,7 +66,7 @@ def mid_status
     when 'USER_AUTHENTICATED'
       @user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}")
 
-      sign_in @user
+      sign_in(:registrant_user, @user)
       flash[:notice] = t(:welcome)
       flash.keep(:notice)
       render js: "window.location = '#{registrant_root_path}'"
@@ -97,4 +95,18 @@ def find_user_by_idc(idc)
     return User.new unless idc
     ApiUser.find_by(identity_code: idc) || User.new
   end
-end
+
+  private
+
+  def after_sign_in_path_for(_resource_or_scope)
+    registrant_root_path
+  end
+
+  def after_sign_out_path_for(_resource_or_scope)
+    new_registrant_user_session_path
+  end
+
+  def user_for_paper_trail
+    current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
+  end
+end

app/controllers/registrant_controller.rb

@@ -1,11 +1,22 @@
 class RegistrantController < ApplicationController
-  before_action :authenticate_user!
+  before_action :authenticate_registrant_user!
   layout 'registrant/application'
 
   include Registrant::ApplicationHelper
 
   helper_method :head_title_sufix
+
   def head_title_sufix
     t(:registrant_head_title_sufix)
   end
-end
+
+  private
+
+  def current_ability
+    @current_ability ||= Ability.new(current_registrant_user, request.remote_ip)
+  end
+
+  def user_for_paper_trail
+    current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
+  end
+end