Prepare view & controller

2025-07-25 20:18:22 +02:00 · 2020-09-23 13:01:33 +05:00 · 2020-09-23 13:01:33 +05:00 · ffeb1d4baa
commit ffeb1d4baa
parent 8ff92548bf
6 changed files with 2612 additions and 388 deletions
--- a/app/controllers/registrar/tara_controller.rb
+++ b/app/controllers/registrar/tara_controller.rb
@ -1,64 +1,71 @@
 require 'tampering_detected'
-class TaraController < ApplicationController
+class Registrar
-  rescue_from Errors::TamperingDetected do
+  class TaraController < ApplicationController
-    redirect_to root_url, alert: t('auth.tara.tampering')
+    rescue_from Errors::TamperingDetected do
-  end
+      redirect_to root_url, alert: t('auth.tara.tampering')
    end
-  def callback
+    def callback
-    session[:omniauth_hash] = user_hash
+      session[:omniauth_hash] = user_hash
      @user = User.from_omniauth(user_hash)
-    @user = User.from_omniauth(user_hash)
+      return unless @user.persisted?
-    return unless @user.persisted?
+      sign_in(User, @user)
      redirect_to user_path(@user.uuid), notice: t('devise.sessions.signed_in')
    end
-    sign_in(User, @user)
+    # rubocop:disable Metrics/MethodLength
-    redirect_to user_path(@user.uuid), notice: t('devise.sessions.signed_in')
+    def create
-  end
+      tara_logger.info create_params
      @user = User.new(create_params)
      check_for_tampering
      create_password
-  # rubocop:disable Metrics/MethodLength
+      respond_to do |format|
-  def create
+        if @user.save
-    @user = User.new(create_params)
+          format.html do
-    check_for_tampering
+            sign_in(User, @user)
-    create_password
+            redirect_to user_path(@user.uuid), notice: t(:created)
-
+          end
-    respond_to do |format|
+        else
-      if @user.save
+          format.html { render :callback }
        format.html do
          sign_in(User, @user)
          redirect_to user_path(@user.uuid), notice: t(:created)
        end
      else
        format.html { render :callback }
      end
    end
-  end
+    # rubocop:enable Metrics/MethodLength
  # rubocop:enable Metrics/MethodLength
-  def cancel
+    def cancel
-    redirect_to root_path, notice: t(:sign_in_cancelled)
+      redirect_to root_path, notice: t(:sign_in_cancelled)
-  end
+    end
-  private
+    private
-  def create_params
+    def create_params
-    params.require(:user)
+      params.require(:user)
-          .permit(:email, :identity_code, :country_code, :given_names, :surname,
+            .permit(:email, :identity_code, :country_code, :given_names, :surname,
-                  :accepts_terms_and_conditions, :locale, :uid, :provider)
+                    :accepts_terms_and_conditions, :locale, :uid, :provider)
-  end
+    end
-  def check_for_tampering
+    def check_for_tampering
-    return unless @user.tampered_with?(session[:omniauth_hash])
+      return unless @user.tampered_with?(session[:omniauth_hash])
-    session.delete(:omniauth_hash)
+      session.delete(:omniauth_hash)
-    raise Errors::TamperingDetected
+      raise Errors::TamperingDetected
-  end
+    end
-  def create_password
+    def create_password
-    @user.password = Devise.friendly_token[0..20]
+      @user.password = Devise.friendly_token[0..20]
-  end
+    end
-  def user_hash
+    def user_hash
-    request.env['omniauth.auth']
+      tara_logger.info request.env
      request.env['omniauth.auth']
    end
    def tara_logger
      @tara_logger ||= Logger.new(Rails.root.join('log', 'tara_auth2.log'))
    end
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -16,17 +16,18 @@ class User < ApplicationRecord
  # rubocop:disable Metrics/AbcSize
  def tampered_with?(omniauth_hash)
-    uid_from_hash = omniauth_hash['uid']
+    # uid_from_hash = omniauth_hash['uid']
-    provider_from_hash = omniauth_hash['provider']
+    # provider_from_hash = omniauth_hash['provider']
-
+    #
-    begin
+    # begin
-      uid != uid_from_hash ||
+    #   uid != uid_from_hash ||
-        provider != provider_from_hash ||
+    #     provider != provider_from_hash ||
-        country_code != uid_from_hash.slice(0..1) ||
+    #     country_code != uid_from_hash.slice(0..1) ||
-        identity_code != uid_from_hash.slice(2..-1) ||
+    #     identity_code != uid_from_hash.slice(2..-1) ||
-        given_names != omniauth_hash.dig('info', 'first_name') ||
+    #     given_names != omniauth_hash.dig('info', 'first_name') ||
-        surname != omniauth_hash.dig('info', 'last_name')
+    #     surname != omniauth_hash.dig('info', 'last_name')
-    end
+    # end
    false
  end
  # rubocop:enable Metrics/AbcSize
--- a/app/views/registrar/sessions/new.html.erb
+++ b/app/views/registrar/sessions/new.html.erb
@ -19,12 +19,16 @@
        <hr>
-        <%= link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do %>
+        <%#= link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do %>
-            <%= image_tag 'mid.gif' %>
+            <%#= image_tag 'mid.gif' %>
-        <% end %>
+        <%# end %>
-        <%= link_to registrar_id_card_sign_in_path, method: :post do %>
+        <%#= link_to registrar_id_card_sign_in_path, method: :post do %>
            <%#= image_tag 'id_card.gif' %>
        <%# end %>
        <%= link_to "/auth/tara", method: :post, class: "ui button big primary" do %>
            <%= image_tag 'id_card.gif' %>
        <% end %>
    </div>
-</div>
+</div>
--- a/app/views/registrar/tara/callback.html.erb
+++ b/app/views/registrar/tara/callback.html.erb
--- a/config/locales/registrar/sessions.en.yml
+++ b/config/locales/registrar/sessions.en.yml
@ -7,3 +7,7 @@ en:
      login_mid:
        header: Log in with mobile-id
        submit_btn: Login
    tara:
      callback:
        header_html: "Eesti Interneti SA<br>Registrar Portal"
        submit_btn: Login
--- a/db/structure.sql
+++ b/db/structure.sql