diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index 7de43f7fc..52ff6aa7c 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -1,10 +1,20 @@ module Admin class BaseController < ApplicationController - before_action :authenticate_user! + before_action :authenticate_admin_user! helper_method :head_title_sufix def head_title_sufix t(:admin_head_title_sufix) end + + private + + def current_ability + @current_ability ||= Ability.new(current_admin_user) + end + + def user_for_paper_trail + current_admin_user.present? ? current_admin_user.id_role_username : 'public' + end end -end +end \ No newline at end of file diff --git a/app/controllers/admin/pending_deletes_controller.rb b/app/controllers/admin/pending_deletes_controller.rb index 86529da84..9cc8702c5 100644 --- a/app/controllers/admin/pending_deletes_controller.rb +++ b/app/controllers/admin/pending_deletes_controller.rb @@ -6,7 +6,7 @@ module Admin def update authorize! :update, :pending - if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}") + if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) @@ -16,7 +16,7 @@ module Admin def destroy authorize! :destroy, :pending - if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}") + if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) diff --git a/app/controllers/admin/pending_updates_controller.rb b/app/controllers/admin/pending_updates_controller.rb index e402227e0..4a2e5ec7c 100644 --- a/app/controllers/admin/pending_updates_controller.rb +++ b/app/controllers/admin/pending_updates_controller.rb @@ -6,7 +6,7 @@ module Admin def update authorize! :update, :pending - if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}") + if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied) else redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure) @@ -15,7 +15,7 @@ module Admin def destroy authorize! :destroy, :pending - if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}") + if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 1bdcd30dc..1e9be9eb7 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -1,8 +1,6 @@ module Admin class SessionsController < Devise::SessionsController - skip_authorization_check only: :create - - def login + def new @admin_user = AdminUser.new end @@ -10,19 +8,28 @@ module Admin if params[:admin_user].blank? @admin_user = AdminUser.new flash[:alert] = 'Something went wrong' - return render 'login' + return render :new end @admin_user = AdminUser.find_by(username: params[:admin_user][:username]) @admin_user ||= AdminUser.new(username: params[:admin_user][:username]) if @admin_user.valid_password?(params[:admin_user][:password]) - sign_in @admin_user, event: :authentication - redirect_to admin_root_url, notice: I18n.t(:welcome) + sign_in_and_redirect(:admin_user, @admin_user, event: :authentication) else flash[:alert] = 'Authorization error' - render 'login' + render :new end end + + private + + def after_sign_in_path_for(resource_or_scope) + admin_root_path + end + + def after_sign_out_path_for(resource_or_scope) + new_admin_user_session_path + end end -end +end \ No newline at end of file diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 87dabad01..518b752b7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base end rescue_from CanCan::AccessDenied do |exception| - redirect_to current_root_url, alert: exception.message + redirect_to root_url, alert: exception.message end - helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url helper_method :available_languages - def registrant_request? - request.path.match(/^\/registrant/) - end - - def registrar_request? - request.path.match(/^\/registrar/) - end - - def admin_request? - request.path.match(/^\/admin/) - end - - def current_root_url - if registrar_request? - registrar_root_url - elsif registrant_request? - registrant_login_url - elsif admin_request? - admin_root_url - end - end - - def after_sign_in_path_for(_resource) - rt = session[:user_return_to].to_s.presence - login_paths = [admin_login_path, registrar_login_path, '/login'] - return rt if rt && !login_paths.include?(rt) - current_root_url - end - - def after_sign_out_path_for(_resource) - if registrar_request? - registrar_login_url - elsif registrant_request? - registrant_login_url - elsif admin_request? - admin_login_url - end - end - def info_for_paper_trail { uuid: request.uuid } end - def user_for_paper_trail - user_log_str(current_user) - end - - def user_log_str(user) - user.nil? ? 'public' : user.id_role_username - end - def comma_support_for(parent_key, key) return if params[parent_key].blank? return if params[parent_key][key].blank? @@ -80,4 +32,8 @@ class ApplicationController < ActionController::Base def available_languages { en: 'English', et: 'Estonian' }.invert end -end + + def user_for_paper_trail + current_user.present? ? current_user.id_role_username : 'public' + end +end \ No newline at end of file diff --git a/app/controllers/registrant/contacts_controller.rb b/app/controllers/registrant/contacts_controller.rb index db6c279eb..948bc1a94 100644 --- a/app/controllers/registrant/contacts_controller.rb +++ b/app/controllers/registrant/contacts_controller.rb @@ -2,7 +2,6 @@ class Registrant::ContactsController < RegistrantController helper_method :domain_ids def show @contact = Contact.where(id: contacts).find_by(id: params[:id]) - @current_user = current_user authorize! :read, @contact end @@ -19,7 +18,7 @@ class Registrant::ContactsController < RegistrantController def domain_ids @domain_ids ||= begin - ident_cc, ident = @current_user.registrant_ident.to_s.split '-' + ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-' BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids end end diff --git a/app/controllers/registrant/domain_delete_confirms_controller.rb b/app/controllers/registrant/domain_delete_confirms_controller.rb index af8516462..a57c6178a 100644 --- a/app/controllers/registrant/domain_delete_confirms_controller.rb +++ b/app/controllers/registrant/domain_delete_confirms_controller.rb @@ -19,7 +19,7 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController domain_name: @domain.name, verification_token: params[:token]) - initiator = current_user ? current_user.username : t(:user_not_authenticated) + initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated) if params[:rejected] if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}") diff --git a/app/controllers/registrant/domain_update_confirms_controller.rb b/app/controllers/registrant/domain_update_confirms_controller.rb index ca91f0192..feaa39d6e 100644 --- a/app/controllers/registrant/domain_update_confirms_controller.rb +++ b/app/controllers/registrant/domain_update_confirms_controller.rb @@ -19,7 +19,7 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController domain_name: @domain.name, verification_token: params[:token]) - initiator = current_user ? current_user.username : t(:user_not_authenticated) + initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated) if params[:rejected] if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}") diff --git a/app/controllers/registrant/domains_controller.rb b/app/controllers/registrant/domains_controller.rb index 0e2f6eeaf..06b24624d 100644 --- a/app/controllers/registrant/domains_controller.rb +++ b/app/controllers/registrant/domains_controller.rb @@ -54,13 +54,13 @@ class Registrant::DomainsController < RegistrantController end def domains - ident_cc, ident = @current_user.registrant_ident.split '-' + ident_cc, ident = current_registrant_user.registrant_ident.split '-' begin BusinessRegistryCache.fetch_associated_domains ident, ident_cc rescue Soap::Arireg::NotAvailableError => error flash[:notice] = I18n.t(error.json[:message]) Rails.logger.fatal("[EXCEPTION] #{error.to_s}") - current_user.domains + current_registrant_user.domains end end diff --git a/app/controllers/registrant/sessions_controller.rb b/app/controllers/registrant/sessions_controller.rb index 80a23eb0a..c29c920b0 100644 --- a/app/controllers/registrant/sessions_controller.rb +++ b/app/controllers/registrant/sessions_controller.rb @@ -1,7 +1,7 @@ class Registrant::SessionsController < Devise::SessionsController layout 'registrant/application' - def login + def new end def id @@ -10,11 +10,10 @@ class Registrant::SessionsController < Devise::SessionsController @user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer) if @user - sign_in(@user, event: :authentication) - redirect_to registrant_root_url + sign_in_and_redirect(:registrant_user, @user, event: :authentication) else flash[:alert] = t('login_failed_check_id_card') - redirect_to registrant_login_url + redirect_to new_registrant_user_session_url end end @@ -68,7 +67,7 @@ class Registrant::SessionsController < Devise::SessionsController when 'USER_AUTHENTICATED' @user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}") - sign_in @user + sign_in(:registrant_user, @user) flash[:notice] = t(:welcome) flash.keep(:notice) render js: "window.location = '#{registrant_root_path}'" @@ -97,4 +96,14 @@ class Registrant::SessionsController < Devise::SessionsController return User.new unless idc ApiUser.find_by(identity_code: idc) || User.new end -end + + private + + def after_sign_in_path_for(resource_or_scope) + registrant_root_path + end + + def after_sign_out_path_for(resource_or_scope) + new_registrant_user_session_path + end +end \ No newline at end of file diff --git a/app/controllers/registrant_controller.rb b/app/controllers/registrant_controller.rb index 72fb78a08..76be97a1f 100644 --- a/app/controllers/registrant_controller.rb +++ b/app/controllers/registrant_controller.rb @@ -1,11 +1,22 @@ class RegistrantController < ApplicationController - before_action :authenticate_user! + before_action :authenticate_registrant_user! layout 'registrant/application' include Registrant::ApplicationHelper helper_method :head_title_sufix + def head_title_sufix t(:registrant_head_title_sufix) end -end + + private + + def current_ability + @current_ability ||= Ability.new(current_registrant_user, request.remote_ip) + end + + def user_for_paper_trail + current_registrant_user.present? ? current_registrant_user.id_role_username : 'public' + end +end \ No newline at end of file diff --git a/app/controllers/registrar/account_activities_controller.rb b/app/controllers/registrar/account_activities_controller.rb index 0b95d0122..baa0256af 100644 --- a/app/controllers/registrar/account_activities_controller.rb +++ b/app/controllers/registrar/account_activities_controller.rb @@ -4,7 +4,7 @@ class Registrar def index params[:q] ||= {} - account = current_user.registrar.cash_account + account = current_registrar_user.registrar.cash_account ca_cache = params[:q][:created_at_lteq] begin diff --git a/app/controllers/registrar/base_controller.rb b/app/controllers/registrar/base_controller.rb index 90f2f5210..2bd2eb492 100644 --- a/app/controllers/registrar/base_controller.rb +++ b/app/controllers/registrar/base_controller.rb @@ -2,7 +2,7 @@ class Registrar class BaseController < ApplicationController include Registrar::ApplicationHelper - before_action :authenticate_user! + before_action :authenticate_registrar_user! before_action :check_ip_restriction helper_method :depp_controller? helper_method :head_title_sufix @@ -10,21 +10,21 @@ class Registrar protected def current_ability - @current_ability ||= Ability.new(current_user, request.remote_ip) + @current_ability ||= Ability.new(current_registrar_user, request.remote_ip) end private def check_ip_restriction ip_restriction = Authorization::RestrictedIP.new(request.ip) - allowed = ip_restriction.can_access_registrar_area?(current_user.registrar) + allowed = ip_restriction.can_access_registrar_area?(current_registrar_user.registrar) return if allowed - sign_out current_user + sign_out current_registrar_user flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip) - redirect_to registrar_login_url + redirect_to new_registrar_user_session_url end def depp_controller? @@ -34,5 +34,9 @@ class Registrar def head_title_sufix t(:registrar_head_title_sufix) end + + def user_for_paper_trail + current_registrar_user.present? ? current_registrar_user.id_role_username : 'public' + end end end diff --git a/app/controllers/registrar/bulk_change_controller.rb b/app/controllers/registrar/bulk_change_controller.rb index 562344a46..441127f6c 100644 --- a/app/controllers/registrar/bulk_change_controller.rb +++ b/app/controllers/registrar/bulk_change_controller.rb @@ -10,7 +10,7 @@ class Registrar private def available_contacts - current_user.registrar.contacts.order(:name).pluck(:name, :code) + current_registrar_user.registrar.contacts.order(:name).pluck(:name, :code) end def default_tab diff --git a/app/controllers/registrar/contacts_controller.rb b/app/controllers/registrar/contacts_controller.rb index cb059641e..f343f9bfb 100644 --- a/app/controllers/registrar/contacts_controller.rb +++ b/app/controllers/registrar/contacts_controller.rb @@ -21,11 +21,11 @@ class Registrar end if params[:statuses_contains] - contacts = current_user.registrar.contacts.includes(:registrar).where( + contacts = current_registrar_user.registrar.contacts.includes(:registrar).where( "contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}" ) else - contacts = current_user.registrar.contacts.includes(:registrar) + contacts = current_registrar_user.registrar.contacts.includes(:registrar) end normalize_search_parameters do @@ -45,7 +45,7 @@ class Registrar @contacts = Contact.find_by(name: params[:q][:name_matches]) end - contacts = current_user.registrar.contacts.includes(:registrar) + contacts = current_registrar_user.registrar.contacts.includes(:registrar) contacts = contacts.filter_by_states(params[:statuses_contains]) if params[:statuses_contains] normalize_search_parameters do diff --git a/app/controllers/registrar/current_user_controller.rb b/app/controllers/registrar/current_user_controller.rb index 266e4b915..624ee294e 100644 --- a/app/controllers/registrar/current_user_controller.rb +++ b/app/controllers/registrar/current_user_controller.rb @@ -3,9 +3,9 @@ class Registrar skip_authorization_check def switch - raise 'Cannot switch to unlinked user' unless current_user.linked_with?(new_user) + raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user) - sign_in(new_user) + sign_in(:registrar_user, new_user) redirect_to :back, notice: t('.switched', new_user: new_user) end diff --git a/app/controllers/registrar/deposits_controller.rb b/app/controllers/registrar/deposits_controller.rb index ec6d13977..6b10ccdd3 100644 --- a/app/controllers/registrar/deposits_controller.rb +++ b/app/controllers/registrar/deposits_controller.rb @@ -7,7 +7,7 @@ class Registrar end def create - @deposit = Deposit.new(deposit_params.merge(registrar: current_user.registrar)) + @deposit = Deposit.new(deposit_params.merge(registrar: current_registrar_user.registrar)) @invoice = @deposit.issue_prepayment_invoice if @invoice&.persisted? diff --git a/app/controllers/registrar/depp_controller.rb b/app/controllers/registrar/depp_controller.rb index 234ab40b7..87269b160 100644 --- a/app/controllers/registrar/depp_controller.rb +++ b/app/controllers/registrar/depp_controller.rb @@ -5,13 +5,13 @@ class Registrar rescue_from(Errno::ECONNRESET, Errno::ECONNREFUSED) do |exception| logger.error 'COULD NOT CONNECT TO REGISTRY' logger.error exception.backtrace.join("\n") - redirect_to registrar_login_url, alert: t(:no_connection_to_registry) + redirect_to new_registrar_user_session_url, alert: t(:no_connection_to_registry) end before_action :authenticate_user def authenticate_user - redirect_to registrar_login_url and return unless depp_current_user + redirect_to new_registrar_user_session_url and return unless depp_current_user end def depp_controller? @@ -19,10 +19,10 @@ class Registrar end def depp_current_user - return nil unless current_user + return nil unless current_registrar_user @depp_current_user ||= Depp::User.new( - tag: current_user.username, - password: current_user.password + tag: current_registrar_user.username, + password: current_registrar_user.password ) end diff --git a/app/controllers/registrar/domain_transfers_controller.rb b/app/controllers/registrar/domain_transfers_controller.rb index 7c0925f03..f65f3cece 100644 --- a/app/controllers/registrar/domain_transfers_controller.rb +++ b/app/controllers/registrar/domain_transfers_controller.rb @@ -21,7 +21,7 @@ class Registrar uri = URI.parse("#{ENV['repp_url']}domain_transfers") request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') request.body = { data: { domainTransfers: domain_transfers } }.to_json - request.basic_auth(current_user.username, current_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.password) if Rails.env.test? diff --git a/app/controllers/registrar/domains_controller.rb b/app/controllers/registrar/domains_controller.rb index 7cb8fdfbe..d2969bb69 100644 --- a/app/controllers/registrar/domains_controller.rb +++ b/app/controllers/registrar/domains_controller.rb @@ -16,11 +16,11 @@ class Registrar end if params[:statuses_contains] - domains = current_user.registrar.domains.includes(:registrar, :registrant).where( + domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant).where( "statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}" ) else - domains = current_user.registrar.domains.includes(:registrar, :registrant) + domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant) end normalize_search_parameters do @@ -142,7 +142,7 @@ class Registrar def search_contacts authorize! :create, Depp::Domain - scope = current_user.registrar.contacts.limit(10) + scope = current_registrar_user.registrar.contacts.limit(10) if params[:query].present? escaped_str = ActiveRecord::Base.connection.quote_string params[:query] scope = scope.where("name ilike '%#{escaped_str}%' OR code ilike '%#{escaped_str}%' ") @@ -159,7 +159,7 @@ class Registrar def contacts - current_user.registrar.contacts + current_registrar_user.registrar.contacts end def normalize_search_parameters diff --git a/app/controllers/registrar/invoices_controller.rb b/app/controllers/registrar/invoices_controller.rb index 735df91a3..548e47ebe 100644 --- a/app/controllers/registrar/invoices_controller.rb +++ b/app/controllers/registrar/invoices_controller.rb @@ -6,7 +6,7 @@ class Registrar def index params[:q] ||= {} - invoices = current_user.registrar.invoices.includes(:invoice_items, :account_activity) + invoices = current_registrar_user.registrar.invoices.includes(:invoice_items, :account_activity) normalize_search_parameters do @q = invoices.search(params[:q]) diff --git a/app/controllers/registrar/nameservers_controller.rb b/app/controllers/registrar/nameservers_controller.rb index b6f7af829..90dd5afb4 100644 --- a/app/controllers/registrar/nameservers_controller.rb +++ b/app/controllers/registrar/nameservers_controller.rb @@ -12,7 +12,7 @@ class Registrar attributes: { hostname: params[:new_hostname], ipv4: ipv4, ipv6: ipv6 } } }.to_json - request.basic_auth(current_user.username, current_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/controllers/registrar/profile_controller.rb b/app/controllers/registrar/profile_controller.rb index 5f202a894..1fe6d6a0b 100644 --- a/app/controllers/registrar/profile_controller.rb +++ b/app/controllers/registrar/profile_controller.rb @@ -5,13 +5,13 @@ class Registrar helper_method :linked_users def show - @user = current_user + @user = current_registrar_user end private def linked_users - current_user.linked_users + current_registrar_user.linked_users end end end diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index 1a8b195ee..d7a690752 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -3,7 +3,7 @@ class Registrar before_action :check_ip_restriction helper_method :depp_controller? - def login + def new @depp_user = Depp::User.new end @@ -30,7 +30,7 @@ class Registrar unless @api_user @depp_user.errors.add(:base, t(:no_such_user)) - render 'login' and return + render :new and return end if @depp_user.pki @@ -41,14 +41,13 @@ class Registrar if @depp_user.errors.none? if @api_user.active? - sign_in @api_user - redirect_to registrar_root_url + sign_in_and_redirect(:registrar_user, @api_user) else @depp_user.errors.add(:base, :not_active) - render 'login' + render :new end else - render 'login' + render :new end end @@ -56,11 +55,10 @@ class Registrar @user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip) if @user - sign_in(@user, event: :authentication) - redirect_to registrar_root_url + sign_in_and_redirect(:registrar_user, @user, event: :authentication) else flash[:alert] = t('no_such_user') - redirect_to registrar_login_url + redirect_to new_registrar_user_session_url end end @@ -91,7 +89,7 @@ class Registrar @user = find_user_by_idc_and_allowed(response.user_id_code) else @user = find_user_by_idc(response.user_id_code) - end + end if @user.persisted? session[:user_id_code] = response.user_id_code @@ -117,7 +115,7 @@ class Registrar render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok when 'USER_AUTHENTICATED' @user = find_user_by_idc_and_allowed(session[:user_id_code]) - sign_in @user + sign_in(:registrar_user, @user) flash[:notice] = t(:welcome) flash.keep(:notice) render js: "window.location = '#{registrar_root_url}'" @@ -163,8 +161,6 @@ class Registrar end end - - def check_ip_restriction ip_restriction = Authorization::RestrictedIP.new(request.ip) allowed = ip_restriction.can_access_registrar_area_sign_in_page? @@ -173,5 +169,13 @@ class Registrar render text: t('registrar.authorization.ip_not_allowed', ip: request.ip) end + + def after_sign_in_path_for(resource_or_scope) + registrar_root_path + end + + def after_sign_out_path_for(resource_or_scope) + new_registrar_user_session_path + end end -end +end \ No newline at end of file diff --git a/app/controllers/registrar/tech_contacts_controller.rb b/app/controllers/registrar/tech_contacts_controller.rb index 9d4568ad6..fe3dd86da 100644 --- a/app/controllers/registrar/tech_contacts_controller.rb +++ b/app/controllers/registrar/tech_contacts_controller.rb @@ -8,7 +8,7 @@ class Registrar request = Net::HTTP::Patch.new(uri) request.set_form_data(current_contact_id: params[:current_contact_id], new_contact_id: params[:new_contact_id]) - request.basic_auth(current_user.username, current_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/views/admin/base/_menu.haml b/app/views/admin/base/_menu.haml index 7c813e43e..957b7826d 100644 --- a/app/views/admin/base/_menu.haml +++ b/app/views/admin/base/_menu.haml @@ -41,4 +41,4 @@ - if signed_in? %ul.nav.navbar-nav.navbar-right - %li= link_to t(:log_out, user: current_user), '/admin/logout' + %li= link_to t(:log_out, user: current_admin_user), destroy_admin_user_session_path, method: :delete, class: 'navbar-link' diff --git a/app/views/admin/sessions/login.haml b/app/views/admin/sessions/new.haml similarity index 84% rename from app/views/admin/sessions/login.haml rename to app/views/admin/sessions/new.haml index 1ecca10ae..d37461c85 100644 --- a/app/views/admin/sessions/login.haml +++ b/app/views/admin/sessions/new.haml @@ -3,7 +3,7 @@ %h2.form-signin-heading.text-center Eesti Interneti SA %hr .form-signin - = form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f| + = form_for(@admin_user, url: admin_user_session_path, html: {class: 'form-signin'}) do |f| = render 'admin/shared/errors', object: f.object - error_class = f.object.errors.any? ? 'has-error' : '' diff --git a/app/views/layouts/devise.haml b/app/views/layouts/devise.haml index aaa1c8e31..839290cef 100644 --- a/app/views/layouts/devise.haml +++ b/app/views/layouts/devise.haml @@ -18,7 +18,7 @@ %span.icon-bar %span.icon-bar %span.icon-bar - = link_to admin_login_path, class: 'navbar-brand' do + = link_to new_admin_user_session_path, class: 'navbar-brand' do = ENV['app_name'] - if unstable_env.present? .text-center diff --git a/app/views/layouts/registrant/application.html.erb b/app/views/layouts/registrant/application.html.erb index 075ac4652..6d47b72cf 100644 --- a/app/views/layouts/registrant/application.html.erb +++ b/app/views/layouts/registrant/application.html.erb @@ -37,7 +37,7 @@ <% end %> <% end %> - <% if current_user %> + <% if current_registrant_user %>
diff --git a/app/views/registrant/sessions/login.haml b/app/views/registrant/sessions/new.haml similarity index 100% rename from app/views/registrant/sessions/login.haml rename to app/views/registrant/sessions/new.haml diff --git a/app/views/registrar/base/_current_user.html.erb b/app/views/registrar/base/_current_user.html.erb index 75d159bfb..0e45c9c7d 100644 --- a/app/views/registrar/base/_current_user.html.erb +++ b/app/views/registrar/base/_current_user.html.erb @@ -1,5 +1,5 @@ -<% current_user_presenter = UserPresenter.new(user: current_user, view: self) %> +<% current_user_presenter = UserPresenter.new(user: current_registrar_user, view: self) %> <%= link_to current_user_presenter.login_with_role, registrar_profile_path, id: 'registrar-profile-btn', class: 'navbar-link' %> | -<%= link_to t('.sign_out'), registrar_destroy_user_session_path, method: :delete, class: 'navbar-link' %> +<%= link_to t('.sign_out'), destroy_registrar_user_session_path, method: :delete, class: 'navbar-link' %> diff --git a/app/views/registrar/invoices/index.haml b/app/views/registrar/invoices/index.haml index 61d955708..47270f2a6 100644 --- a/app/views/registrar/invoices/index.haml +++ b/app/views/registrar/invoices/index.haml @@ -4,8 +4,8 @@ = render 'shared/title', name: t(:your_account) = t(:your_current_account_balance_is, - balance: currency(current_user.registrar.cash_account.balance), - currency: current_user.registrar.cash_account.currency) + balance: currency(current_registrar_user.registrar.cash_account.balance), + currency: current_registrar_user.registrar.cash_account.currency) %h1= t(:invoices) .row diff --git a/app/views/registrar/sessions/login.haml b/app/views/registrar/sessions/new.haml similarity index 88% rename from app/views/registrar/sessions/login.haml rename to app/views/registrar/sessions/new.haml index 75ec951af..4d273c9f4 100644 --- a/app/views/registrar/sessions/login.haml +++ b/app/views/registrar/sessions/new.haml @@ -2,7 +2,7 @@ .form-signin.col-md-6.center-block.text-center %h2.form-signin-heading.text-center= t(:log_in) %hr - = form_for @depp_user, url: registrar_sessions_path, html: {class: 'form-signin'} do |f| + = form_for @depp_user, url: registrar_user_session_path, html: {class: 'form-signin'} do |f| = render 'registrar/shared/errors', object: f.object - error_class = f.object.errors.any? ? 'has-error' : '' diff --git a/config/locales/registrar/sessions.en.yml b/config/locales/registrar/sessions.en.yml index 25031e189..55d72979c 100644 --- a/config/locales/registrar/sessions.en.yml +++ b/config/locales/registrar/sessions.en.yml @@ -1,7 +1,7 @@ en: registrar: sessions: - login: + new: login_btn: Login login_mid: login_btn: Login diff --git a/config/routes.rb b/config/routes.rb index 7e0e99815..6c78b1742 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -22,6 +22,16 @@ Rails.application.routes.draw do namespace :registrar do root 'dashboard#show' + devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + class_name: 'ApiUser' + devise_scope :registrar_user do + get 'login/mid' => 'sessions#login_mid' + post 'login/mid' => 'sessions#mid' + post 'login/mid_status' => 'sessions#mid_status' + post 'id' => 'sessions#id' + post 'mid' => 'sessions#mid' + end + resources :invoices do member do get 'download_pdf' @@ -33,18 +43,6 @@ Rails.application.routes.draw do resources :deposits resources :account_activities - devise_scope :user do - get 'login' => 'sessions#login' - get 'login/mid' => 'sessions#login_mid' - post 'login/mid' => 'sessions#mid' - post 'login/mid_status' => 'sessions#mid_status' - - post 'sessions' => 'sessions#create' - post 'id' => 'sessions#id' - post 'mid' => 'sessions#mid' - delete 'logout', to: '/devise/sessions#destroy', as: :destroy_user_session - end - put 'current_user/switch/:new_user_id', to: 'current_user#switch', as: :switch_current_user resource :profile, controller: :profile, only: :show @@ -100,6 +98,16 @@ Rails.application.routes.draw do namespace :registrant do root 'domains#index' + devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + class_name: 'RegistrantUser' + devise_scope :registrant_user do + get 'login/mid' => 'sessions#login_mid' + post 'login/mid' => 'sessions#mid' + post 'login/mid_status' => 'sessions#mid_status' + post 'mid' => 'sessions#mid' + post 'id' => 'sessions#id' + end + resources :domains, only: %i[index show] do collection do get :download_list @@ -112,19 +120,6 @@ Rails.application.routes.draw do resources :domain_update_confirms resources :domain_delete_confirms - - devise_scope :user do - get 'login' => 'sessions#login' - get 'login/mid' => 'sessions#login_mid' - post 'login/mid' => 'sessions#mid' - post 'login/mid_status' => 'sessions#mid_status' - - post 'sessions' => 'sessions#create' - post 'mid' => 'sessions#mid' - post 'id' => 'sessions#id' - get 'logout' => '/devise/sessions#destroy' - end - resources :domains do resources :registrant_verifications collection do @@ -150,6 +145,8 @@ Rails.application.routes.draw do # ADMIN ROUTES namespace :admin do root 'dashboard#show' + devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + class_name: 'AdminUser' resources :keyrelays resources :zonefiles @@ -251,18 +248,10 @@ Rails.application.routes.draw do resources :epp_logs resources :repp_logs - devise_scope :user do - get 'login' => 'sessions#login' - post 'sessions' => 'sessions#create' - get 'logout' => '/devise/sessions#destroy' - end - - authenticate :user do + authenticate :admin_user do mount Que::Web, at: 'que' end end - devise_for :users - root to: redirect('admin/login') -end +end \ No newline at end of file diff --git a/doc/controllers_complete.svg b/doc/controllers_complete.svg index 7f3644dd3..0501ceac9 100644 --- a/doc/controllers_complete.svg +++ b/doc/controllers_complete.svg @@ -433,14 +433,6 @@ ApplicationController -admin_request? -after_sign_in_path_for -after_sign_out_path_for -api_user_log_str -current_root_url -registrant_request? -registrar_request? -user_for_paper_trail _layout diff --git a/spec/features/registrar/home_link_spec.rb b/spec/features/registrar/home_link_spec.rb index 04d61e1b7..b42c41746 100644 --- a/spec/features/registrar/home_link_spec.rb +++ b/spec/features/registrar/home_link_spec.rb @@ -2,7 +2,7 @@ require 'rails_helper' RSpec.feature 'Registrar area home link', db: true do scenario 'is visible' do - visit registrar_login_url + visit new_registrar_user_session_url expect(page).to have_link('registrar-home-btn', href: registrar_root_path) end end diff --git a/spec/features/registrar/sign_in/mobile_id_spec.rb b/spec/features/registrar/sign_in/mobile_id_spec.rb index bc26daff5..35c0cc18e 100644 --- a/spec/features/registrar/sign_in/mobile_id_spec.rb +++ b/spec/features/registrar/sign_in/mobile_id_spec.rb @@ -9,7 +9,7 @@ RSpec.feature 'Mobile ID login', db: true do end scenario 'login with phone number' do - visit registrar_login_path + visit new_registrar_user_session_url click_on 'login-with-mobile-id-btn' fill_in 'user[phone]', with: '1234' diff --git a/spec/features/registrar/sign_in/password_spec.rb b/spec/features/registrar/sign_in/password_spec.rb deleted file mode 100644 index 64e22b8f4..000000000 --- a/spec/features/registrar/sign_in/password_spec.rb +++ /dev/null @@ -1,39 +0,0 @@ -require 'rails_helper' - -RSpec.feature 'Registrar area password sign-in' do - scenario 'signs in the user with valid credentials' do - create(:api_user_with_unlimited_balance, - active: true, - login: 'test', - password: 'testtest') - - visit registrar_login_path - sign_in_with 'test', 'testtest' - - expect(page).to have_text(t('registrar.base.current_user.sign_out')) - end - - scenario 'notifies the user with invalid credentials' do - create(:api_user, login: 'test', password: 'testtest') - - visit registrar_login_path - sign_in_with 'test', 'invalid' - - expect(page).to have_text('No such user') - end - - scenario 'notifies the user with inactive account' do - create(:api_user, active: false, login: 'test', password: 'testtest') - - visit registrar_login_path - sign_in_with 'test', 'testtest' - - expect(page).to have_text('User is not active') - end - - def sign_in_with(username, password) - fill_in 'depp_user_tag', with: username - fill_in 'depp_user_password', with: password - click_button 'Login' - end -end diff --git a/spec/features/registrar/sign_out_spec.rb b/spec/features/registrar/sign_out_spec.rb deleted file mode 100644 index 09ae011cd..000000000 --- a/spec/features/registrar/sign_out_spec.rb +++ /dev/null @@ -1,14 +0,0 @@ -require 'rails_helper' - -RSpec.feature 'Registrar area sign-out', settings: false do - background do - sign_in_to_registrar_area(user: create(:api_user_with_unlimited_balance)) - end - - scenario 'signs the user out' do - visit registrar_root_path - click_on t('registrar.base.current_user.sign_out') - - expect(page).to have_text('Signed out successfully.') - end -end diff --git a/spec/requests/registrar/ip_restriction_spec.rb b/spec/requests/registrar/ip_restriction_spec.rb index 69ba33602..e43b7946b 100644 --- a/spec/requests/registrar/ip_restriction_spec.rb +++ b/spec/requests/registrar/ip_restriction_spec.rb @@ -22,7 +22,7 @@ RSpec.describe 'Registrar area IP restriction', settings: false do context 'when ip is allowed' do let!(:white_ip) { create(:white_ip, ipv4: '127.0.0.1', - registrar: controller.current_user.registrar, + registrar: controller.current_registrar_user.registrar, interfaces: [WhiteIp::REGISTRAR]) } specify do @@ -36,12 +36,12 @@ RSpec.describe 'Registrar area IP restriction', settings: false do it 'signs the user out' do get registrar_root_url follow_redirect! - expect(controller.current_user).to be_nil + expect(controller.current_registrar_user).to be_nil end it 'redirects to login url' do get registrar_root_url - expect(response).to redirect_to(registrar_login_url) + expect(response).to redirect_to(new_registrar_user_session_url) end end end @@ -67,14 +67,14 @@ RSpec.describe 'Registrar area IP restriction', settings: false do interfaces: [WhiteIp::REGISTRAR]) } specify do - get registrar_login_path + get new_registrar_user_session_path expect(response).to be_success end end context 'when ip is not allowed' do specify do - get registrar_login_path + get new_registrar_user_session_path expect(response.body).to match "Access denied" end end @@ -82,7 +82,7 @@ RSpec.describe 'Registrar area IP restriction', settings: false do context 'when IP restriction is disabled' do specify do - get registrar_login_path + get new_registrar_user_session_path expect(response).to be_success end end diff --git a/spec/requests/registrar/linked_users_spec.rb b/spec/requests/registrar/linked_users_spec.rb index d5d51e3c6..352508f6d 100644 --- a/spec/requests/registrar/linked_users_spec.rb +++ b/spec/requests/registrar/linked_users_spec.rb @@ -6,7 +6,7 @@ RSpec.describe 'Registrar area linked users', db: false do let!(:current_user) { create(:api_user, id: 1, identity_code: 'code') } before do - sign_in_to_registrar_area(user: current_user) + sign_in current_user end context 'when ip is allowed' do @@ -23,7 +23,7 @@ RSpec.describe 'Registrar area linked users', db: false do it 'signs in as a new user' do put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_url } follow_redirect! - expect(controller.current_user.id).to eq(2) + expect(controller.current_registrar_user.id).to eq(2) end it 'redirects back' do @@ -46,7 +46,6 @@ RSpec.describe 'Registrar area linked users', db: false do put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path } end - follow_redirect! expect(controller.current_user.id).to eq(1) end end @@ -62,7 +61,7 @@ RSpec.describe 'Registrar area linked users', db: false do specify do put '/registrar/current_user/switch/2' - expect(response).to redirect_to(registrar_login_url) + expect(response).to redirect_to(new_registrar_user_session_url) end end end @@ -70,7 +69,7 @@ RSpec.describe 'Registrar area linked users', db: false do context 'when user is not authenticated' do specify do put '/registrar/current_user/switch/2' - expect(response).to redirect_to(registrar_login_url) + expect(response).to redirect_to(new_registrar_user_session_url) end end end diff --git a/spec/requests/registrar/sign_in/password_spec.rb b/spec/requests/registrar/sign_in/password_spec.rb deleted file mode 100644 index b875de98a..000000000 --- a/spec/requests/registrar/sign_in/password_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'rails_helper' - -RSpec.describe 'Registrar area password sign-in', settings: false do - let!(:user) { create(:api_user, active: true, login: 'test', password: 'testtest') } - - it 'signs the user in' do - post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' } - follow_redirect! - expect(controller.current_user).to eq(user) - end - - it 'redirects to root url' do - post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' } - expect(response).to redirect_to(registrar_root_url) - end -end diff --git a/spec/requests/registrar/sign_out_spec.rb b/spec/requests/registrar/sign_out_spec.rb deleted file mode 100644 index 4f5b099c0..000000000 --- a/spec/requests/registrar/sign_out_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'rails_helper' - -RSpec.describe 'Registrar area sign-out', settings: false do - before do - sign_in_to_registrar_area - end - - it 'signs the user out' do - delete registrar_destroy_user_session_path - follow_redirect! - expect(controller.current_user).to be_nil - end - - it 'redirects to login url' do - delete registrar_destroy_user_session_path - expect(response).to redirect_to(registrar_login_url) - end -end diff --git a/spec/support/features/session_helpers.rb b/spec/support/features/session_helpers.rb index df02691d2..70ebce981 100644 --- a/spec/support/features/session_helpers.rb +++ b/spec/support/features/session_helpers.rb @@ -1,7 +1,7 @@ module Features module SessionHelpers def sign_in_to_admin_area(user: create(:admin_user)) - visit admin_login_url + visit new_admin_user_session_url fill_in 'admin_user[username]', with: user.username fill_in 'admin_user[password]', with: user.password @@ -10,7 +10,7 @@ module Features end def sign_in_to_registrar_area(user: create(:api_user)) - visit registrar_login_url + visit new_registrar_user_session_url fill_in 'depp_user_tag', with: user.username fill_in 'depp_user_password', with: user.password diff --git a/spec/support/requests/session_helpers.rb b/spec/support/requests/session_helpers.rb index 84cb9c701..6c30c00c9 100644 --- a/spec/support/requests/session_helpers.rb +++ b/spec/support/requests/session_helpers.rb @@ -1,11 +1,11 @@ module Requests module SessionHelpers def sign_in_to_admin_area(user: create(:admin_user)) - post admin_sessions_path, admin_user: { username: user.username, password: user.password } + post admin_user_session_path, admin_user: { username: user.username, password: user.password } end def sign_in_to_registrar_area(user: create(:api_user)) - post registrar_sessions_path, { depp_user: { tag: user.username, password: user.password } } + post registrar_user_session_path, { depp_user: { tag: user.username, password: user.password } } end end -end +end \ No newline at end of file diff --git a/test/integration/admin/login_test.rb b/test/integration/admin/login_test.rb new file mode 100644 index 000000000..898c8b148 --- /dev/null +++ b/test/integration/admin/login_test.rb @@ -0,0 +1,27 @@ +require 'test_helper' + +class AdminAreaLoginTest < ActionDispatch::IntegrationTest + def setup + @user = users(:admin) + end + + def test_correct_username_and_password + visit new_admin_user_session_url + fill_in 'admin_user_username', with: @user.username + fill_in 'admin_user_password', with: 'testtest' + click_button 'Log in' + + assert_text 'Log out' + assert_current_path admin_root_path + end + + def test_wrong_password + visit new_admin_user_session_url + fill_in 'admin_user_username', with: @user.username + fill_in 'admin_user_password', with: 'wrong' + click_button 'Log in' + + assert_text 'Authorization error' + assert_current_path new_admin_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/admin/logout_test.rb b/test/integration/admin/logout_test.rb new file mode 100644 index 000000000..f15776993 --- /dev/null +++ b/test/integration/admin/logout_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' + +class AdminAreaLogoutTest < ActionDispatch::IntegrationTest + def setup + sign_in users(:admin) + end + + def test_logout + visit admin_root_url + click_on 'Log out' + + assert_text 'Signed out successfully' + assert_current_path new_admin_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/admin/protected_area_test.rb b/test/integration/admin/protected_area_test.rb new file mode 100644 index 000000000..b13e335ce --- /dev/null +++ b/test/integration/admin/protected_area_test.rb @@ -0,0 +1,22 @@ +require 'test_helper' + +class AdminAreaProtectedAreaTest < ActionDispatch::IntegrationTest + def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area + visit admin_domains_url + assert_text 'You need to sign in before continuing' + assert_current_path new_admin_user_session_path + end + + def test_authenticated_user_can_access_protected_area + sign_in users(:admin) + visit admin_domains_url + assert_current_path admin_domains_path + end + + def test_authenticated_user_is_not_asked_to_authenticate_again + sign_in users(:admin) + visit new_admin_user_session_url + assert_text 'You are already signed in' + assert_current_path admin_root_path + end +end \ No newline at end of file diff --git a/test/integration/registrar/login_test.rb b/test/integration/registrar/login_test.rb new file mode 100644 index 000000000..bfacd3c16 --- /dev/null +++ b/test/integration/registrar/login_test.rb @@ -0,0 +1,39 @@ +require 'test_helper' + +class RegistrarAreaLoginTest < ActionDispatch::IntegrationTest + def setup + @user = users(:api_bestnames) + end + + def test_correct_username_and_password + visit new_registrar_user_session_url + fill_in 'depp_user_tag', with: @user.username + fill_in 'depp_user_password', with: 'testtest' + click_button 'Login' + + assert_text 'Log out' + assert_current_path registrar_root_path + end + + def test_wrong_password + visit new_registrar_user_session_url + fill_in 'depp_user_tag', with: @user.username + fill_in 'depp_user_password', with: 'wrong' + click_button 'Login' + + assert_text 'No such user' + assert_current_path new_registrar_user_session_path + end + + def test_inactive_user + @user.update!(active: false) + + visit new_registrar_user_session_url + fill_in 'depp_user_tag', with: @user.username + fill_in 'depp_user_password', with: 'testtest' + click_button 'Login' + + assert_text 'User is not active' + assert_current_path new_registrar_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/registrar/logout_test.rb b/test/integration/registrar/logout_test.rb new file mode 100644 index 000000000..9f2bba9dd --- /dev/null +++ b/test/integration/registrar/logout_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' + +class RegistrarAreaLogoutTest < ActionDispatch::IntegrationTest + def setup + sign_in users(:api_bestnames) + end + + def test_logout + visit registrar_root_url + click_on 'Log out' + + assert_text 'Signed out successfully' + assert_current_path new_registrar_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/registrar/protected_area_test.rb b/test/integration/registrar/protected_area_test.rb new file mode 100644 index 000000000..967a37dec --- /dev/null +++ b/test/integration/registrar/protected_area_test.rb @@ -0,0 +1,22 @@ +require 'test_helper' + +class RegistrarAreaProtectedAreaTest < ActionDispatch::IntegrationTest + def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area + visit registrar_domains_url + assert_text 'You need to sign in before continuing' + assert_current_path new_registrar_user_session_path + end + + def test_authenticated_user_can_access_protected_area + sign_in users(:api_bestnames) + visit registrar_domains_url + assert_current_path registrar_domains_path + end + + def test_authenticated_user_is_not_asked_to_authenticate_again + sign_in users(:api_bestnames) + visit new_registrar_user_session_url + assert_text 'You are already signed in' + assert_current_path registrar_root_path + end +end \ No newline at end of file