Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 731c237d0c
Branches Tags
zammad
/
app
/
models
/
token.rb

token.rb 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
    2. 

  2. 

  3. class Token < ActiveRecord::Base
    4. 

  4.   before_create :generate_token
    5. 

  5.   belongs_to    :user
    6. 

  6.   store         :preferences
    7. 

  7. 

  8. =begin
    9. 

  9. 

  10. create new token
    11. 

  11. 

  12.   token = Token.create(action: 'PasswordReset', user_id: user.id)
    13. 

  13. 

  14. returns
    15. 

  15. 

  16.   the token
    17. 

  17. 

  18. create new persistent token
    19. 

  19. 

  20.   token = Token.create(
    21. 

  21.     action:     'api',
    22. 

  22.     persistent: true,
    23. 

  23.     user_id:    user.id,
    24. 

  24.     preferences: {
    25. 

  25.       permission: {
    26. 

  26.         'user_preferences.calendar' => true,
    27. 

  27.       }
    28. 

  28.     }
    29. 

  29.   )
    30. 

  30. 

  31. in case if you use it via an controller, e. g. you can verify via "curl -H "Authorization: Token token=33562a00d7eda2a7c2fb639b91c6bcb8422067b6" http://...
    32. 

  32. 

  33. returns
    34. 

  34. 

  35.   the token
    36. 

  36. 

  37. =end
    38. 

  38. 

  39. =begin
    40. 

  40. 

  41. check token
    42. 

  42. 

  43.   user = Token.check(action: 'PasswordReset', name: 'TheTokenItSelf')
    44. 

  44. 

  45. check api token with permissions
    46. 

  46. 

  47.   user = Token.check(action: 'api', name: 'TheTokenItSelf', permission: 'admin.session')
    48. 

  48. 

  49. returns
    50. 

  50. 

  51.   user for who this token was created
    52. 

  52. 

  53. =end
    54. 

  54. 

  55.   def self.check(data)
    56. 

  56. 

  57.     # fetch token
    58. 

  58.     token = Token.find_by(action: data[:action], name: data[:name])
    59. 

  59.     return if !token
    60. 

  60. 

  61.     # check if token is still valid
    62. 

  62.     if !token.persistent &&
    63. 

  63.        token.created_at < 1.day.ago
    64. 

  64. 

  65.       # delete token
    66. 

  66.       token.delete
    67. 

  67.       token.save
    68. 

  68.       return
    69. 

  69.     end
    70. 

  70. 

  71.     user = token.user
    72. 

  72. 

  73.     # persistent token not valid if user is inative
    74. 

  74.     if !data[:inactive_user]
    75. 

  75.       return if token.persistent && user.active == false
    76. 

  76.     end
    77. 

  77. 

  78.     # add permission check
    79. 

  79.     if data[:permission]
    80. 

  80.       return if !user.permissions?(data[:permission])
    81. 

  81.       return if !token.preferences[:permission]
    82. 

  82.       return if !token.preferences[:permission].include?(data[:permission])
    83. 

  83.     end
    84. 

  84. 

  85.     # return token user
    86. 

  86.     user
    87. 

  87.   end
    88. 

  88. 

  89. =begin
    90. 

  90. 

  91. cleanup old token
    92. 

  92. 

  93.   Token.cleanup
    94. 

  94. 

  95. =end
    96. 

  96. 

  97.   def self.cleanup
    98. 

  98.     Token.where('persistent IS ? AND created_at < ?', nil, Time.zone.now - 30.days).delete_all
    99. 

  99.     true
    100. 

  100.   end
    101. 

  101. 

  102.   private
    103. 

  103. 

  104.   def generate_token
    105. 

  105. 

  106.     loop do
    107. 

  107.       self.name = SecureRandom.urlsafe_base64(48)
    108. 

  108.       break if !Token.exists?(name: name)
    109. 

  109.     end
    110. 

  110.   end
    111. 

  111. end
    112.