Use Tara user hash

2025-08-14 05:29:29 +02:00 · 2020-09-29 12:21:04 +05:00 · 2020-09-29 12:21:04 +05:00 · bb37527dae
commit bb37527dae
parent a3042c39ee
3 changed files with 45 additions and 68 deletions
--- a/app/controllers/registrar/tara_controller.rb
+++ b/app/controllers/registrar/tara_controller.rb
@ -1,41 +1,33 @@
 require 'tampering_detected'
 class Registrar
  class TaraController < ApplicationController
    skip_authorization_check
    rescue_from Errors::TamperingDetected do
      redirect_to root_url, alert: t('auth.tara.tampering')
    end
    def callback
      session[:omniauth_hash] = user_hash
-      @user = User.from_omniauth(user_hash)
+      @api_user = ApiUser.from_omniauth(user_hash)
-      return unless @user.persisted?
+      return unless @api_user.persisted?
-      sign_in(User, @user)
+      sign_in_and_redirect(:registrar_user, @api_user)
      redirect_to user_path(@user.uuid), notice: t('devise.sessions.signed_in')
    end
    # rubocop:disable Metrics/MethodLength
-    def create
+    # def create
-      tara_logger.info create_params
+    #   @user = User.new(create_params)
-      @user = User.new(create_params)
+    #   check_for_tampering
-      check_for_tampering
+    #   create_password
-      create_password
+    #
-
+    #   respond_to do |format|
-      respond_to do |format|
+    #     if @user.save
-        if @user.save
+    #       format.html do
-          format.html do
+    #         sign_in(User, @user)
-            sign_in(User, @user)
+    #         redirect_to user_path(@user.uuid), notice: t(:created)
-            redirect_to user_path(@user.uuid), notice: t(:created)
+    #       end
-          end
+    #     else
-        else
+    #       format.html { render :callback }
-          format.html { render :callback }
+    #     end
-        end
+    #   end
-      end
+    # end
    end
    # rubocop:enable Metrics/MethodLength
    def cancel
@ -44,30 +36,22 @@ class Registrar
    private
-    def create_params
+    # def create_params
-      params.require(:user)
+    #   params.require(:user)
-            .permit(:email, :identity_code, :country_code, :given_names, :surname,
+    #         .permit(:email, :identity_code, :country_code, :given_names, :surname,
-                    :accepts_terms_and_conditions, :locale, :uid, :provider)
+    #                 :accepts_terms_and_conditions, :locale, :uid, :provider)
-    end
+    # end
-    def check_for_tampering
+    # def create_password
-      return unless @user.tampered_with?(session[:omniauth_hash])
+    #   @user.password = Devise.friendly_token[0..20]
-
+    # end
      session.delete(:omniauth_hash)
      raise Errors::TamperingDetected
    end
    def create_password
      @user.password = Devise.friendly_token[0..20]
    end
    def user_hash
      tara_logger.info request.env
      request.env['omniauth.auth']
    end
    def tara_logger
-      @tara_logger ||= Logger.new(Rails.root.join('log', 'tara_auth2.log'))
+      @tara_logger ||= Logger.new(Rails.root.join('log', 'tara_auth4.log'))
    end
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -15,34 +15,27 @@ class User < ApplicationRecord
  end
  # rubocop:disable Metrics/AbcSize
-  def tampered_with?(omniauth_hash)
+  # def tampered_with?(omniauth_hash)
-    # uid_from_hash = omniauth_hash['uid']
+  #   # uid_from_hash = omniauth_hash['uid']
-    # provider_from_hash = omniauth_hash['provider']
+  #   # provider_from_hash = omniauth_hash['provider']
-    #
+  #   #
-    # begin
+  #   # begin
-    #   uid != uid_from_hash ||
+  #   #   uid != uid_from_hash ||
-    #     provider != provider_from_hash ||
+  #   #     provider != provider_from_hash ||
-    #     country_code != uid_from_hash.slice(0..1) ||
+  #   #     country_code != uid_from_hash.slice(0..1) ||
-    #     identity_code != uid_from_hash.slice(2..-1) ||
+  #   #     identity_code != uid_from_hash.slice(2..-1) ||
-    #     given_names != omniauth_hash.dig('info', 'first_name') ||
+  #   #     given_names != omniauth_hash.dig('info', 'first_name') ||
-    #     surname != omniauth_hash.dig('info', 'last_name')
+  #   #     surname != omniauth_hash.dig('info', 'last_name')
  #   # end
  #   false
  # end
    false
  end
  # rubocop:enable Metrics/AbcSize
  def self.from_omniauth(omniauth_hash)
    uid = omniauth_hash['uid']
-    provider = omniauth_hash['provider']
+    # provider = omniauth_hash['provider']
-    User.find_or_initialize_by(provider: provider, uid: uid) do |user|
+    User.find_by(uid: uid)
      user.given_names = omniauth_hash.dig('info', 'first_name')
      user.surname = omniauth_hash.dig('info', 'last_name')
      if provider == TARA_PROVIDER
        user.country_code = uid.slice(0..1)
        user.identity_code = uid.slice(2..-1)
      end
    end
  end
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -89,7 +89,7 @@ Rails.application.routes.draw do
      match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_callback
      match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel',
            as: :tara_cancel
-      match '/open_id/create', via: [:post], to: 'tara#create', as: :tara_create
+      # match '/open_id/create', via: [:post], to: 'tara#create', as: :tara_create
    end
    resources :invoices, except: %i[new create edit update destroy] do