Merge pull request #1698 from internetee/add-tara-to-registrant

Expand TARA auth logic to registrant portal
2025-07-23 03:06:14 +02:00 · 2020-10-15 16:58:12 +03:00 · 2020-10-15 16:58:12 +03:00 · 7f81883e7b
commit 7f81883e7b
parent 0e55f413a5 a8a985b9d3
22 changed files with 158 additions and 401 deletions
--- a/app/controllers/registrant/sessions_controller.rb
+++ b/app/controllers/registrant/sessions_controller.rb
@ -1,81 +1,6 @@
 class Registrant::SessionsController < Devise::SessionsController
  layout 'registrant/application'

-  def login_mid
-    @user = User.new
-  end
-
-  def mid
-    phone = params[:user][:phone]
-    endpoint = "#{ENV['sk_digi_doc_service_endpoint']}"
-    client = Digidoc::Client.new(endpoint)
-    client.logger = Rails.application.config.logger unless Rails.env.test?
-
-    # country_codes = {'+372' => 'EST'}
-    response = client.authenticate(
-      phone: "+372#{phone}",
-      message_to_display: 'Authenticating',
-      service_name: ENV['sk_digi_doc_service_name'] || 'Testing'
-    )
-
-    if response.faultcode
-      render json: { message: response.detail.message }, status: :unauthorized
-      return
-    end
-
-    @user = RegistrantUser.find_or_create_by_mid_data(response)
-
-    if @user.persisted?
-      session[:user_country] = response.user_country
-      session[:user_id_code] = response.user_id_code
-      session[:mid_session_code] = client.session_code
-
-      render json: {
-        message: t(:confirmation_sms_was_sent_to_your_phone_verification_code_is, { code: response.challenge_id })
-      }, status: :ok
-    else
-      render json: { message: t(:no_such_user) }, status: :unauthorized
-    end
-  end
-
-  def mid_status
-    endpoint = "#{ENV['sk_digi_doc_service_endpoint']}"
-    client = Digidoc::Client.new(endpoint)
-    client.logger = Rails.application.config.logger unless Rails.env.test?
-    client.session_code = session[:mid_session_code]
-    auth_status = client.authentication_status
-
-    case auth_status.status
-    when 'OUTSTANDING_TRANSACTION'
-      render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
-    when 'USER_AUTHENTICATED'
-      @user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}")
-
-      sign_in(:registrant_user, @user)
-      flash[:notice] = t(:welcome)
-      flash.keep(:notice)
-      render js: "window.location = '#{registrant_root_path}'"
-    when 'NOT_VALID'
-      render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
-    when 'EXPIRED_TRANSACTION'
-      render json: { message: t(:session_timeout) }, status: :bad_request
-    when 'USER_CANCEL'
-      render json: { message: t(:user_cancelled) }, status: :bad_request
-    when 'MID_NOT_READY'
-      render json: { message: t(:mid_not_ready) }, status: :bad_request
-    when 'PHONE_ABSENT'
-      render json: { message: t(:phone_absent) }, status: :bad_request
-    when 'SENDING_ERROR'
-      render json: { message: t(:sending_error) }, status: :bad_request
-    when 'SIM_ERROR'
-      render json: { message: t(:sim_error) }, status: :bad_request
-    when 'INTERNAL_ERROR'
-      render json: { message: t(:internal_error) }, status: :bad_request
-    else
-      render json: { message: t(:internal_error) }, status: :bad_request
-    end
-  end
-
  private

  def after_sign_in_path_for(_resource_or_scope)
--- a/app/controllers/registrar/tara_controller.rb
+++ b/app/controllers/registrar/tara_controller.rb
@ -1,33 +0,0 @@
-class Registrar
-  class TaraController < ApplicationController
-    skip_authorization_check
-
-    # rubocop:disable Style/AndOr
-    def callback
-      session[:omniauth_hash] = user_hash
-      @api_user = ApiUser.from_omniauth(user_hash)
-
-      if @api_user
-        flash[:notice] = t(:signed_in_successfully)
-        sign_in_and_redirect(:registrar_user, @api_user)
-      else
-        show_error and return
-      end
-    end
-    # rubocop:enable Style/AndOr
-
-    def cancel
-      redirect_to root_path, notice: t(:sign_in_cancelled)
-    end
-
-    def show_error
-      redirect_to new_registrar_user_session_url, alert: t(:no_such_user)
-    end
-
-    private
-
-    def user_hash
-      request.env['omniauth.auth']
-    end
-  end
-end
--- a/app/controllers/sso/tara_controller.rb
+++ b/app/controllers/sso/tara_controller.rb
@ -0,0 +1,40 @@
+module Sso
+  class TaraController < ApplicationController
+    skip_authorization_check
+
+    def registrant_callback
+      user = RegistrantUser.find_or_create_by_omniauth_data(user_hash)
+      callback(user, registrar: false)
+    end
+
+    def registrar_callback
+      user = ApiUser.from_omniauth(user_hash)
+      callback(user, registrar: true)
+    end
+
+    # rubocop:disable Style/AndOr
+    def callback(user, registrar: true)
+      session[:omniauth_hash] = user_hash
+      (show_error(registrar: registrar) and return) unless user
+
+      flash[:notice] = t(:signed_in_successfully)
+      sign_in_and_redirect(registrar ? :registrar_user : :registrant_user, user)
+    end
+    # rubocop:enable Style/AndOr
+
+    def cancel
+      redirect_to root_path, notice: t(:sign_in_cancelled)
+    end
+
+    def show_error(registrar: true)
+      path = registrar ? new_registrar_user_session_url : new_registrant_user_session_url
+      redirect_to path, alert: t(:no_such_user)
+    end
+
+    private
+
+    def user_hash
+      request.env['omniauth.auth']
+    end
+  end
+end