Merge pull request #1075 from internetee/support-id-card-v2018

Support id card v2018
2025-07-24 03:30:33 +02:00 · 2019-03-20 18:02:19 +02:00 · 2019-03-20 18:02:19 +02:00 · 743c6fecab
commit 743c6fecab
parent b74777f676 a08f063640
20 changed files with 267 additions and 97 deletions
--- a/app/controllers/registrant/sessions_controller.rb
+++ b/app/controllers/registrant/sessions_controller.rb
@ -1,21 +1,6 @@
 class Registrant::SessionsController < Devise::SessionsController
  layout 'registrant/application'

-  def new; end
-
-  def id
-    id_code, id_issuer = request.env['SSL_CLIENT_S_DN'], request.env['SSL_CLIENT_I_DN_O']
-    id_code, id_issuer = 'test', RegistrantUser::ACCEPTED_ISSUER if Rails.env.development?
-
-    @user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer)
-    if @user
-      sign_in_and_redirect(:registrant_user, @user, event: :authentication)
-    else
-      flash[:alert] = t('login_failed_check_id_card')
-      redirect_to new_registrant_user_session_url
-    end
-  end
-
  def login_mid
    @user = User.new
  end
@ -91,11 +76,6 @@ class Registrant::SessionsController < Devise::SessionsController
    end
  end

-  def find_user_by_idc(idc)
-    return User.new unless idc
-    ApiUser.find_by(identity_code: idc) || User.new
-  end
-
  private

  def after_sign_in_path_for(_resource_or_scope)
@ -109,4 +89,4 @@ class Registrant::SessionsController < Devise::SessionsController
  def user_for_paper_trail
    current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
  end
-end
+end
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -48,15 +48,22 @@ class Registrar
      end
    end

-    def id
-      @user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)
+    def id_card
+      self.resource = warden.authenticate!(auth_options)

-      if @user
-        sign_in_and_redirect(:registrar_user, @user, event: :authentication)
-      else
-        flash[:alert] = t('no_such_user')
-        redirect_to new_registrar_user_session_url
+      restricted_ip = Authorization::RestrictedIP.new(request.ip)
+      ip_allowed = restricted_ip.can_access_registrar_area?(resource.registrar)
+
+      unless ip_allowed
+        render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
+        warden.logout(:registrar_user)
+        return
      end
+
+      set_flash_message!(:notice, :signed_in)
+      sign_in(resource_name, resource)
+      yield resource if block_given?
+      respond_with resource, location: after_sign_in_path_for(resource)
    end

    def login_mid