System-End/identity-vault
1
0
Fork 0
mirror of https://github.com/System-End/identity-vault.git synced 2026-04-19 19:45:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
identity-vault/app/controllers/backend/sessions_controller.rb
24c02 a260c265f0 initial public commit!!!
2025-09-02 13:53:47 -04:00

82 lines
2.7 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

module Backend
class SessionsController < ApplicationController
skip_before_action :authenticate_user!, only: [ :new, :create, :fake_slack_callback_for_dev ]
skip_after_action :verify_authorized
def new
redirect_uri = url_for(action: :create, only_path: false)
redirect_to User.authorize_url(redirect_uri),
host: "https://slack.com",
allow_other_host: true
end
def create
redirect_uri = url_for(action: :create, only_path: false)
if params[:error].present?
uuid = Honeybadger.notify("Slack OAuth error: #{params[:error]}")
redirect_to backend_login_path, alert: "failed to authenticate with Slack! (error: #{uuid})"
return
end
begin
@user = User.from_slack_token(params[:code], redirect_uri)
rescue => e
uuid = Honeybadger.notify(e)
redirect_to backend_login_path, alert: "error authenticating! (error: #{uuid})"
return
end
if @user&.persisted?
session[:user_id] = @user.id
flash[:success] = "welcome aboard!"
redirect_to backend_root_path
else
redirect_to backend_login_path, alert: "you haven't been provisioned an account on this service yet this attempt been logged."
end
end
def fake_slack_callback_for_dev
unless Rails.env.development?
Honeybadger.notify("Fake Slack callback attempted in non-development environment. WTF?!")
redirect_to backend_root_path, alert: "this is only available in development mode."
return
end
@user = User.find_by(slack_id: params[:slack_id], active: true)
if @user.nil?
redirect_to backend_root_path, alert: "dunno who that is, sorry."
return
end
session[:user_id] = @user.id
redirect_to backend_root_path, notice: "welcome aboard!"
end
def impersonate
unless current_user.superadmin?
redirect_to backend_root_path, alert: "you are not authorized to impersonate users. this incident has been reported :-P"
Honeybadger.notify("Impersonation attempt by #{current_user.username} to #{params[:id]}")
return
end
session[:impersonator_user_id] ||= current_user.id
user = User.find(params[:id])
session[:user_id] = user.id
flash[:success] = "hey #{user.username}! how's it going? nice 'stache and glasses!"
redirect_to backend_root_path
end
def stop_impersonating
session[:user_id] = session[:impersonator_user_id]
session[:impersonator_user_id] = nil
redirect_to backend_root_path, notice: "welcome back, 007!"
end
def destroy
session[:user_id] = nil
redirect_to backend_root_path, notice: "bye, see you next time!"
end
end
end
Reference in a new issue View git blame Copy permalink