12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- module Gql::Mutations::Concerns::HandlesAuthentication
- extend ActiveSupport::Concern
- included do # rubocop:disable Metrics/BlockLength
- # reimplementation of `authenticate_with_password`
- def authenticate(login:, password:, two_factor_authentication: nil, two_factor_recovery: nil, remember_me: false)
- auth = begin
- if two_factor_authentication.present?
- Auth.new(login, password, **two_factor_authentication)
- elsif two_factor_recovery.present?
- Auth.new(login, password, two_factor_method: 'recovery_codes', two_factor_payload: two_factor_recovery[:recovery_code])
- else
- Auth.new(login, password)
- end
- end
- begin
- auth.valid!
- rescue Auth::Error::TwoFactorRequired => e
- return {
- two_factor_required: {
- default_two_factor_authentication_method: e.default_two_factor_authentication_method,
- available_two_factor_authentication_methods: e.available_two_factor_authentication_methods,
- recovery_codes_available: e.recovery_codes_available
- }
- }
- rescue Auth::Error::Base => e
- return error_response({ message: e.message })
- end
- create_session(auth&.user, remember_me)
- authenticate_result
- end
- def authenticate_result
- {
- session: {
- id: context[:controller].session.id,
- after_auth: Auth::AfterAuth.run(context.current_user, context[:controller].session)
- }
- }
- end
- def create_session(user, remember_me, authentication_type = 'password')
- context[:controller].session.delete(:switched_from_user_id)
- # authentication_check_prerequesits is private
- context[:controller].send(:authentication_check_prerequesits, user, 'session')
- context[:current_user] = user
- initiate_session_for(user, remember_me, authentication_type)
- end
- def initiate_session_for(user, remember_me, authentication_type)
- # TODO: Check if this can be moved to a central place, because it's also the same code in the sessions controller.
- context[:controller].request.env['rack.session.options'][:expire_after] = 1.year if remember_me
- initiate_session_data(authentication_type)
- user.activity_stream_log('session started', user.id, true)
- end
- def initiate_session_data(authentication_type)
- context[:controller].session[:persistent] = true
- context[:controller].session[:authentication_type] = authentication_type
- end
- end
- end
|