diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 168bd522..fe2fd78d 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -1,5 +1,6 @@ class AccountController < BaseController before_action :set_pagy_params, only: :index + before_action :find_request_ip, only: :switch_user # rubocop:disable Metrics/MethodLength def index @@ -63,7 +64,8 @@ def switch_user sign_out uuid = store_auth_info(token: @response.token, - data: @response.registrar) + data: @response.registrar, + request_ip: @request_ip) sign_in uuid flash.notice = @message redirect_to account_path @@ -103,4 +105,8 @@ def format_csv filename = "account_activities_#{Time.zone.now.to_formatted_s(:number)}.csv" send_data raw_csv, filename: filename, type: "#{Mime[:csv]}; charset=utf-8" end + + def find_request_ip + @request_ip = auth_info[:request_ip] + end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 28e0736d..495f840a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -36,7 +36,7 @@ def sign_out def sign_in(uuid) session[:uuid] = uuid - cookies.delete(:ip_address) + cookies.delete(:request_ip) end def reset_bulk_change_cache @@ -75,7 +75,7 @@ def respond(msg, dialog: false) end end - def store_auth_info(token:, data:) + def store_auth_info(token:, request_ip:, data:) uuid = SecureRandom.uuid Rails.cache.write(uuid, { username: data[:username], registrar_name: data[:registrar_name], @@ -83,6 +83,7 @@ def store_auth_info(token:, data:) legaldoc_mandatory: data[:legaldoc_mandatory], address_processing: data[:address_processing], token: token, + request_ip: request_ip, abilities: data[:abilities] }, expires_in: 18.hours) uuid end diff --git a/app/controllers/auth/auth_controller.rb b/app/controllers/auth/auth_controller.rb index 51660ab2..401a9e75 100644 --- a/app/controllers/auth/auth_controller.rb +++ b/app/controllers/auth/auth_controller.rb @@ -8,9 +8,10 @@ def create result = conn.call_action handle_response(result); return if performed? - uuid = store_auth_info(token: conn.auth_token, - data: @response) + uuid = store_auth_info(token: conn.auth_token, request_ip: auth_info[:request_ip], data: @response) + sign_in uuid + redirect_to dashboard_url, notice: I18n.t('auth.sessions.logged_in') end diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index af9cc18a..c3e38a1b 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -21,12 +21,15 @@ def user_payload { username: auth_params[:username], password: auth_params[:password], - request_ip: cookies[:ip_address] || request.ip, + request_ip: cookies[:request_ip] || request.ip, + requester: 'webclient', + user_cert: request.env['HTTP_SSL_CLIENT_CERT'], + user_cert_cn: request.env['HTTP_SSL_CLIENT_S_DN_CN'], } end def save_ip_address - cookies[:ip_address] = { + cookies[:request_ip] = { value: request.ip, expires: 1.day.from_now, # Adjust the expiration as needed secure: Rails.env.production?, # Set to true for secure cookies in production diff --git a/app/controllers/auth/tara_controller.rb b/app/controllers/auth/tara_controller.rb index 10df0472..31ffb8f4 100644 --- a/app/controllers/auth/tara_controller.rb +++ b/app/controllers/auth/tara_controller.rb @@ -1,15 +1,13 @@ module Auth class TaraController < AuthController - before_action :require_no_authentication, only: %i[callback] + before_action :require_no_authentication, only: :callback def callback conn = ApiConnector::Auth::OmniauthTaraChecker.new(username: nil) - result = conn.call_action(payload: tara_payload) + result = conn.call_action(params: tara_callback_params) handle_response(result); return if performed? - create do - { username: @response.username, token: @response.token, request_ip: cookies[:ip_address] } - end + create { user_payload } end def cancel @@ -18,7 +16,7 @@ def cancel private - def tara_payload + def tara_callback_params { auth: { uid: omniauth_user_hash.try(:uid), @@ -26,6 +24,15 @@ def tara_payload } end + def user_payload + { + username: @response.username, + token: @response.token, + request_ip: cookies[:request_ip] || request.ip, + requester: 'tara' + } + end + def omniauth_user_hash request.env['omniauth.auth']&.delete_if { |key, _| key == 'credentials' } end diff --git a/app/services/api_connector.rb b/app/services/api_connector.rb index 55b76ef9..ba485b60 100644 --- a/app/services/api_connector.rb +++ b/app/services/api_connector.rb @@ -10,6 +10,9 @@ class ApiConnector def initialize(username:, password: nil, token: nil, **other_options) @auth_token = token || generate_token(username: username, password: password) @request_ip = other_options[:request_ip] + @requester = other_options[:requester] + @user_cert = other_options[:user_cert] + @user_cert_cn = other_options[:user_cert_cn] end def self.call(**args) @@ -90,7 +93,10 @@ def base_headers headers = { 'Authorization' => "Basic #{@auth_token}", } - headers.merge!({ 'X-Client-IP' => @request_ip }) if @request_ip + headers.merge!({ 'Request-IP' => @request_ip }) if @request_ip + headers.merge!({ 'Requester' => @requester }) if @requester + headers.merge!({ 'User-Certificate' => @user_cert }) if @user_cert + headers.merge!({ 'User-Certificate-CN' => @user_cert_cn }) if @user_cert_cn headers end diff --git a/app/services/api_connector/auth/omniauth_tara_checker.rb b/app/services/api_connector/auth/omniauth_tara_checker.rb index 2fcb87a2..c84d0796 100644 --- a/app/services/api_connector/auth/omniauth_tara_checker.rb +++ b/app/services/api_connector/auth/omniauth_tara_checker.rb @@ -9,9 +9,8 @@ class OmniauthTaraChecker < ApiConnector endpoint: '/registrar/auth/tara_callback', }.freeze - def check_omniauth_user_info(payload: nil) - request(url: endpoint_url, - method: method, params: payload) + def check_omniauth_user_info(params: nil) + request(url: endpoint_url, method: method, params: params) end end end