Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: d3a57bc5c7
Branches Tags
zammad
/
app
/
graphql
/
gql
/
mutations
/
concerns
/
handles_authentication.rb

handles_authentication.rb 2.6 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module Gql::Mutations::Concerns::HandlesAuthentication
    4. 

  4.   extend ActiveSupport::Concern
    5. 

  5. 

  6.   included do # rubocop:disable Metrics/BlockLength
    7. 

  7. 

  8.     # reimplementation of `authenticate_with_password`
    9. 

  9.     def authenticate(login:, password:, two_factor_authentication: nil, two_factor_recovery: nil, remember_me: false)
    10. 

  10.       auth = begin
    11. 

  11.         if two_factor_authentication.present?
    12. 

  12.           Auth.new(login, password, **two_factor_authentication)
    13. 

  13.         elsif two_factor_recovery.present?
    14. 

  14.           Auth.new(login, password, two_factor_method: 'recovery_codes', two_factor_payload: two_factor_recovery[:recovery_code])
    15. 

  15.         else
    16. 

  16.           Auth.new(login, password)
    17. 

  17.         end
    18. 

  18.       end
    19. 

  19. 

  20.       begin
    21. 

  21.         auth.valid!
    22. 

  22.       rescue Auth::Error::TwoFactorRequired => e
    23. 

  23.         return {
    24. 

  24.           two_factor_required: {
    25. 

  25.             default_two_factor_authentication_method:    e.default_two_factor_authentication_method,
    26. 

  26.             available_two_factor_authentication_methods: e.available_two_factor_authentication_methods,
    27. 

  27.             recovery_codes_available:                    e.recovery_codes_available
    28. 

  28.           }
    29. 

  29.         }
    30. 

  30.       rescue Auth::Error::Base => e
    31. 

  31.         return error_response({ message: e.message })
    32. 

  32.       end
    33. 

  33. 

  34.       create_session(auth&.user, remember_me)
    35. 

  35. 

  36.       authenticate_result
    37. 

  37.     end
    38. 

  38. 

  39.     def authenticate_result
    40. 

  40.       {
    41. 

  41.         session: {
    42. 

  42.           id:         context[:controller].session.id,
    43. 

  43.           after_auth: Auth::AfterAuth.run(context.current_user, context[:controller].session)
    44. 

  44.         }
    45. 

  45.       }
    46. 

  46.     end
    47. 

  47. 

  48.     def create_session(user, remember_me, authentication_type = 'password')
    49. 

  49.       context[:controller].session.delete(:switched_from_user_id)
    50. 

  50. 

  51.       # authentication_check_prerequesits is private
    52. 

  52.       context[:controller].send(:authentication_check_prerequesits, user, 'session')
    53. 

  53.       context[:current_user] = user
    54. 

  54. 

  55.       initiate_session_for(user, remember_me, authentication_type)
    56. 

  56.     end
    57. 

  57. 

  58.     def initiate_session_for(user, remember_me, authentication_type)
    59. 

  59.       # TODO: Check if this can be moved to a central place, because it's also the same code in the sessions controller.
    60. 

  60.       context[:controller].request.env['rack.session.options'][:expire_after] = 1.year if remember_me
    61. 

  61.       initiate_session_data(authentication_type)
    62. 

  62.       user.activity_stream_log('session started', user.id, true)
    63. 

  63.     end
    64. 

  64. 

  65.     def initiate_session_data(authentication_type)
    66. 

  66.       context[:controller].session[:persistent] = true
    67. 

  67.       context[:controller].session[:authentication_type] = authentication_type
    68. 

  68.     end
    69. 

  69.   end
    70. 

  70. end
    71.