Select Git revision
networks.py
sessions_controller.rb NaN GiB
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/.
#
# Copyright (c) 2022 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# Greenlight is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with Greenlight; if not, see <http://www.gnu.org/licenses/>.
# frozen_string_literal: true
module Api
module V1
class SessionsController < ApiController
skip_before_action :ensure_authenticated, only: %i[index create]
# GET /api/v1/sessions
# Returns the current_user
def index
return render_data data: current_user, serializer: CurrentUserSerializer, status: :ok if current_user
render_data data: { signed_in: false, default_locale: ENV.fetch('DEFAULT_LOCALE') }, status: :ok
end
# POST /api/v1/sessions
# Signs a user in and updates the session cookie
def create
# TODO: Add proper error logging for non-verified token hcaptcha
return render_error if hcaptcha_enabled? && !verify_hcaptcha(response: params[:token])
# Search for a user within the current provider and, if not found, search for a super admin within bn provider
user = User.find_by(email: session_params[:email], provider: current_provider) || User.find_by(email: session_params[:email], provider: 'bn')
# Return an error if the user is not found
return render_error if user.blank?
# Will return an error if the user is NOT from the current provider and if the user is NOT a super admin
return render_error if user.provider != current_provider && !user.super_admin?
# TODO: Add proper error logging for non-verified token hcaptcha
if user.authenticate(session_params[:password])
return render_error data: user.id, errors: Rails.configuration.custom_error_msgs[:unverified_user] unless user.verified?
return render_error errors: Rails.configuration.custom_error_msgs[:pending_user] if user.pending?
return render_error errors: Rails.configuration.custom_error_msgs[:banned_user] if user.banned?
sign_in user
render_data data: current_user, serializer: CurrentUserSerializer, status: :ok
else
render_error
end
end
# DELETE /api/v1/sessions/signout
# Clears the session cookie and signs the user out
def destroy
sign_out
render_data status: :ok
end
private
def session_params
params.require(:session).permit(:email, :password, :extend_session)
end
def sign_in(user)
user.generate_session_token!(extended_session: session_params[:extend_session])
# Creates an extended_session cookie if extend_session is selected in sign in form.
if session_params[:extend_session]
cookies.encrypted[:_extended_session] = {
value: {
session_token: user.session_token
},
expires: 7.days,
httponly: true,
secure: true
}
end
session[:session_token] = user.session_token
end
def sign_out
current_user.generate_session_token!
session[:session_token] = nil
cookies.delete :_extended_session
end
end
end
end