cafe-grader-web

Commit r852:41c96ab8e589 public

parent | child
Description:
use uuid cookie
Commit status:
[Not Reviewed]
References:
default
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r852:41c96ab8e589 - - 3 files changed: 20 inserted, 2 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,104 +1,112
1 require 'ipaddr'
1 require 'ipaddr'
2 + require "securerandom"
2
3
3 class ApplicationController < ActionController::Base
4 class ApplicationController < ActionController::Base
4 protect_from_forgery
5 protect_from_forgery
5
6
6 before_action :current_user
7 before_action :current_user
7 before_action :nav_announcement
8 before_action :nav_announcement
9 + before_action :unique_visitor_id
8
10
9 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
11 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
10 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
12 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
11 WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore'
13 WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore'
12 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
14 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
13
15
14 #report and redirect for unauthorized activities
16 #report and redirect for unauthorized activities
15 def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
17 def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
16 flash[:notice] = notice
18 flash[:notice] = notice
17 redirect_to login_main_path
19 redirect_to login_main_path
18 end
20 end
19
21
20 # Returns the current logged-in user (if any).
22 # Returns the current logged-in user (if any).
21 def current_user
23 def current_user
22 return nil unless session[:user_id]
24 return nil unless session[:user_id]
23 @current_user ||= User.find(session[:user_id])
25 @current_user ||= User.find(session[:user_id])
24 end
26 end
25
27
26 def nav_announcement
28 def nav_announcement
27 @nav_announcement = Announcement.where(on_nav_bar: true)
29 @nav_announcement = Announcement.where(on_nav_bar: true)
28 end
30 end
29
31
30 def admin_authorization
32 def admin_authorization
31 return false unless check_valid_login
33 return false unless check_valid_login
32 user = User.includes(:roles).find(session[:user_id])
34 user = User.includes(:roles).find(session[:user_id])
33 unless user.admin?
35 unless user.admin?
34 unauthorized_redirect
36 unauthorized_redirect
35 return false
37 return false
36 end
38 end
37 return true
39 return true
38 end
40 end
39
41
40 def authorization_by_roles(allowed_roles)
42 def authorization_by_roles(allowed_roles)
41 return false unless check_valid_login
43 return false unless check_valid_login
42 unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) }
44 unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) }
43 unauthorized_redirect
45 unauthorized_redirect
44 return false
46 return false
45 end
47 end
46 end
48 end
47
49
48 def testcase_authorization
50 def testcase_authorization
49 #admin always has privileged
51 #admin always has privileged
50 if @current_user.admin?
52 if @current_user.admin?
51 return true
53 return true
52 end
54 end
53
55
54 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
56 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
55 end
57 end
56
58
59 + def unique_visitor_id
60 + unless cookies[:uuid]
61 + value = SecureRandom.uuid
62 + cookies[:uuid] = { value: value, expires: 20.year }
63 + end
64 + end
57
65
58 protected
66 protected
59
67
60 #redirect to root (and also force logout)
68 #redirect to root (and also force logout)
61 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
69 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
62 def check_valid_login
70 def check_valid_login
63 #check if logged in
71 #check if logged in
64 unless session[:user_id]
72 unless session[:user_id]
65 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
73 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
66 unauthorized_redirect('You need to login but you cannot log in at this time')
74 unauthorized_redirect('You need to login but you cannot log in at this time')
67 else
75 else
68 unauthorized_redirect('You need to login')
76 unauthorized_redirect('You need to login')
69 end
77 end
70 return false
78 return false
71 end
79 end
72
80
73 # check if run in single user mode
81 # check if run in single user mode
74 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
82 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
75 if @current_user==nil || (!@current_user.admin?)
83 if @current_user==nil || (!@current_user.admin?)
76 unauthorized_redirect('You cannot log in at this time')
84 unauthorized_redirect('You cannot log in at this time')
77 return false
85 return false
78 end
86 end
79 end
87 end
80
88
81 # check if the user is enabled
89 # check if the user is enabled
82 unless @current_user.enabled? || @current_user.admin?
90 unless @current_user.enabled? || @current_user.admin?
83 unauthorized_redirect 'Your account is disabled'
91 unauthorized_redirect 'Your account is disabled'
84 return false
92 return false
85 end
93 end
86
94
87 # check if user ip is allowed
95 # check if user ip is allowed
88 unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
96 unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY]
89 unless is_request_ip_allowed?
97 unless is_request_ip_allowed?
90 unauthorized_redirect 'Your IP is not allowed to login at this time.'
98 unauthorized_redirect 'Your IP is not allowed to login at this time.'
91 return false
99 return false
92 end
100 end
93 end
101 end
94
102
95 if GraderConfiguration.multicontests?
103 if GraderConfiguration.multicontests?
96 return true if @current_user.admin?
104 return true if @current_user.admin?
97 begin
105 begin
98 if @current_user.contest_stat(true).forced_logout
106 if @current_user.contest_stat(true).forced_logout
99 flash[:notice] = 'You have been automatically logged out.'
107 flash[:notice] = 'You have been automatically logged out.'
100 redirect_to :controller => 'main', :action => 'index'
108 redirect_to :controller => 'main', :action => 'index'
101 end
109 end
102 rescue
110 rescue
103 end
111 end
104 end
112 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,89 +1,99
1 class LoginController < ApplicationController
1 class LoginController < ApplicationController
2
2
3 @@authenticators = []
3 @@authenticators = []
4
4
5 def index
5 def index
6 # show login screen
6 # show login screen
7 reset_session
7 reset_session
8 redirect_to :controller => 'main', :action => 'login'
8 redirect_to :controller => 'main', :action => 'login'
9 end
9 end
10
10
11 def login
11 def login
12 user = get_authenticated_user(params[:login], params[:password])
12 user = get_authenticated_user(params[:login], params[:password])
13 unless user
13 unless user
14 flash[:notice] = 'Wrong password'
14 flash[:notice] = 'Wrong password'
15 redirect_to :controller => 'main', :action => 'login'
15 redirect_to :controller => 'main', :action => 'login'
16 return
16 return
17 end
17 end
18
18
19 if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin?
19 if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin?
20 flash[:notice] = 'You must accept the agreement before logging in'
20 flash[:notice] = 'You must accept the agreement before logging in'
21 redirect_to :controller => 'main', :action => 'login'
21 redirect_to :controller => 'main', :action => 'login'
22 return
22 return
23 end
23 end
24
24
25 + #store uuid when login
26 + if user.last_ip.nil?
27 + user.last_ip = cookies[:uuid]
28 + else
29 + if user.last_ip != cookies[:uuid]
30 + user.last_ip =cookies[:uuid]
31 + #log different login
32 + end
33 + end
34 +
25 #process logging in
35 #process logging in
26 session[:user_id] = user.id
36 session[:user_id] = user.id
27 session[:admin] = user.admin?
37 session[:admin] = user.admin?
28
38
29 # clear forced logout flag for multicontests contest change
39 # clear forced logout flag for multicontests contest change
30 if GraderConfiguration.multicontests?
40 if GraderConfiguration.multicontests?
31 contest_stat = user.contest_stat
41 contest_stat = user.contest_stat
32 if contest_stat.respond_to? :forced_logout
42 if contest_stat.respond_to? :forced_logout
33 if contest_stat.forced_logout
43 if contest_stat.forced_logout
34 contest_stat.forced_logout = false
44 contest_stat.forced_logout = false
35 contest_stat.save
45 contest_stat.save
36 end
46 end
37 end
47 end
38 end
48 end
39
49
40 #save login information
50 #save login information
41 - Login.create(user_id: user.id, ip_address: request.remote_ip)
51 + Login.create(user_id: user.id, ip_address: cookies[:uuid])
42
52
43 redirect_to :controller => 'main', :action => 'list'
53 redirect_to :controller => 'main', :action => 'list'
44 end
54 end
45
55
46 def site_login
56 def site_login
47 begin
57 begin
48 site = Site.find(params[:login][:site_id])
58 site = Site.find(params[:login][:site_id])
49 rescue ActiveRecord::RecordNotFound
59 rescue ActiveRecord::RecordNotFound
50 site = nil
60 site = nil
51 end
61 end
52 if site==nil
62 if site==nil
53 flash[:notice] = 'Wrong site'
63 flash[:notice] = 'Wrong site'
54 redirect_to :controller => 'main', :action => 'login' and return
64 redirect_to :controller => 'main', :action => 'login' and return
55 end
65 end
56 if (site.password) and (site.password == params[:login][:password])
66 if (site.password) and (site.password == params[:login][:password])
57 session[:site_id] = site.id
67 session[:site_id] = site.id
58 redirect_to :controller => 'site', :action => 'index'
68 redirect_to :controller => 'site', :action => 'index'
59 else
69 else
60 flash[:notice] = 'Wrong site password'
70 flash[:notice] = 'Wrong site password'
61 redirect_to :controller => 'site', :action => 'login'
71 redirect_to :controller => 'site', :action => 'login'
62 end
72 end
63 end
73 end
64
74
65 def logout
75 def logout
66 redirect_to root_path
76 redirect_to root_path
67 end
77 end
68
78
69 def self.add_authenticator(authenticator)
79 def self.add_authenticator(authenticator)
70 @@authenticators << authenticator
80 @@authenticators << authenticator
71 end
81 end
72
82
73 protected
83 protected
74
84
75 def get_authenticated_user(login, password)
85 def get_authenticated_user(login, password)
76 if @@authenticators.empty?
86 if @@authenticators.empty?
77 return User.authenticate(login, password)
87 return User.authenticate(login, password)
78 else
88 else
79 user = User.authenticate(login, password)
89 user = User.authenticate(login, password)
80 @@authenticators.each do |authenticator|
90 @@authenticators.each do |authenticator|
81 if not user
91 if not user
82 user = authenticator.authenticate(login, password)
92 user = authenticator.authenticate(login, password)
83 end
93 end
84 end
94 end
85 return user
95 return user
86 end
96 end
87 end
97 end
88
98
89 end
99 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,91 +1,91
1 require 'digest/sha1'
1 require 'digest/sha1'
2 require 'net/pop'
2 require 'net/pop'
3 require 'net/https'
3 require 'net/https'
4 require 'net/http'
4 require 'net/http'
5 require 'json'
5 require 'json'
6
6
7 class User < ActiveRecord::Base
7 class User < ActiveRecord::Base
8
8
9 has_and_belongs_to_many :roles
9 has_and_belongs_to_many :roles
10
10
11 #has_and_belongs_to_many :groups
11 #has_and_belongs_to_many :groups
12 has_many :groups_users, class_name: 'GroupUser'
12 has_many :groups_users, class_name: 'GroupUser'
13 has_many :groups, :through => :groups_users
13 has_many :groups, :through => :groups_users
14
14
15 has_many :test_requests, -> {order(submitted_at: :desc)}
15 has_many :test_requests, -> {order(submitted_at: :desc)}
16
16
17 has_many :messages, -> { order(created_at: :desc) },
17 has_many :messages, -> { order(created_at: :desc) },
18 :class_name => "Message",
18 :class_name => "Message",
19 :foreign_key => "sender_id"
19 :foreign_key => "sender_id"
20
20
21 has_many :replied_messages, -> { order(created_at: :desc) },
21 has_many :replied_messages, -> { order(created_at: :desc) },
22 :class_name => "Message",
22 :class_name => "Message",
23 :foreign_key => "receiver_id"
23 :foreign_key => "receiver_id"
24
24
25 has_many :logins
25 has_many :logins
26
26
27 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
27 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
28
28
29 belongs_to :site
29 belongs_to :site
30 belongs_to :country
30 belongs_to :country
31
31
32 has_and_belongs_to_many :contests, -> { order(:name)}
32 has_and_belongs_to_many :contests, -> { order(:name)}
33
33
34 scope :activated_users, -> {where activated: true}
34 scope :activated_users, -> {where activated: true}
35
35
36 validates_presence_of :login
36 validates_presence_of :login
37 validates_uniqueness_of :login
37 validates_uniqueness_of :login
38 validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
38 validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
39 validates_length_of :login, :within => 3..30
39 validates_length_of :login, :within => 3..30
40
40
41 validates_presence_of :full_name
41 validates_presence_of :full_name
42 validates_length_of :full_name, :minimum => 1
42 validates_length_of :full_name, :minimum => 1
43 -
43 +
44 validates_presence_of :password, :if => :password_required?
44 validates_presence_of :password, :if => :password_required?
45 validates_length_of :password, :within => 4..50, :if => :password_required?
45 validates_length_of :password, :within => 4..50, :if => :password_required?
46 validates_confirmation_of :password, :if => :password_required?
46 validates_confirmation_of :password, :if => :password_required?
47
47
48 validates_format_of :email,
48 validates_format_of :email,
49 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
49 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
50 :if => :email_validation?
50 :if => :email_validation?
51 validate :uniqueness_of_email_from_activated_users,
51 validate :uniqueness_of_email_from_activated_users,
52 :if => :email_validation?
52 :if => :email_validation?
53 validate :enough_time_interval_between_same_email_registrations,
53 validate :enough_time_interval_between_same_email_registrations,
54 :if => :email_validation?
54 :if => :email_validation?
55
55
56 # these are for ytopc
56 # these are for ytopc
57 # disable for now
57 # disable for now
58 #validates_presence_of :province
58 #validates_presence_of :province
59
59
60 attr_accessor :password
60 attr_accessor :password
61
61
62 before_save :encrypt_new_password
62 before_save :encrypt_new_password
63 before_save :assign_default_site
63 before_save :assign_default_site
64 before_save :assign_default_contest
64 before_save :assign_default_contest
65
65
66 # this is for will_paginate
66 # this is for will_paginate
67 cattr_reader :per_page
67 cattr_reader :per_page
68 @@per_page = 50
68 @@per_page = 50
69
69
70 def self.authenticate(login, password)
70 def self.authenticate(login, password)
71 user = find_by_login(login)
71 user = find_by_login(login)
72 if user
72 if user
73 return user if user.authenticated?(password)
73 return user if user.authenticated?(password)
74 end
74 end
75 end
75 end
76
76
77 def authenticated?(password)
77 def authenticated?(password)
78 if self.activated
78 if self.activated
79 hashed_password == User.encrypt(password,self.salt)
79 hashed_password == User.encrypt(password,self.salt)
80 else
80 else
81 false
81 false
82 end
82 end
83 end
83 end
84
84
85 def login_with_name
85 def login_with_name
86 "[#{login}] #{full_name}"
86 "[#{login}] #{full_name}"
87 end
87 end
88
88
89 def admin?
89 def admin?
90 has_role?('admin')
90 has_role?('admin')
91 end
91 end
You need to be logged in to leave comments. Login now