Adding interlock authentication

2014-02-23 05:55:00 -07:00 · 2014-02-23 05:55:00 -07:00 · 095b6d3965
commit 095b6d3965
parent c5556a0d50
12 changed files with 81 additions and 15 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -13,6 +13,20 @@ class ApplicationController < ActionController::Base

  @payment_methods = [[nil],["PayPal"],["Dwolla"],["Bill Pay"],["Check"],["Cash"],["Other"]]
  @payment_instructions = {nil => nil, :paypal => "Set up a monthly recurring payment to hslfinances@gmail.com", :dwolla => "Set up a monthly recurring payment to hslfinances@gmail.com", :billpay =>  "Have your bank send a monthly check to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201", :check => "Mail to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201 OR put in the drop safe at the Lab with a deposit slip firmly attached each month.", :cash => "Put in the drop safe at the Lab with a deposit slip firmly attached each month.", :other => "Hmm... talk to a Treasurer!"}
+
+  # Check authorization of a user / sign them in manually
+  def check_auth(email,password)
+    resource = User.find_by_email(email)
+    if resource && resource.valid_password?(password)
+      resource.remember_me = true
+      sign_in :user, resource
+      return true
+    else
+      return false
+    end
+  end
+
+
 end

 # Add a "fit" function to sanitize inputs for mac history
--- a/app/controllers/cards_controller.rb
+++ b/app/controllers/cards_controller.rb
@ -1,6 +1,6 @@
 class CardsController < ApplicationController
-  load_and_authorize_resource
-  before_filter :authenticate_user!
+  load_and_authorize_resource except: :authorize
+  before_filter :authenticate_user!, except: :authorize
  
  # GET /cards
  # GET /cards.json
@ -111,6 +111,41 @@ class CardsController < ApplicationController
    end
  end

+  def authorize
+
+    # Stop unless signed in already, OR if the supplied user/pass params are good.
+    unless current_user || check_auth(params['user'],params['pass'])
+      @auth = "bad_user_or_pass"
+    else
+      # Stop unless the user can access the door system
+      unless can? :authorize, Card
+        @auth = "bad_user_permissions"
+        Rails.logger.warn "----------\r\nWARNING: CARD AUTH ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------"
+      else
+
+        begin
+          @card = Card.find(:first, :conditions => ["lower(card_number) = ?", params[:id].downcase])
+          @auth = @card.inspect 
+          if @card && @card.user 
+            @auth = @card.user.has_certification?(params[:device])
+          else
+            @auth = false
+          end
+        rescue
+          @auth = false
+        end
+      end
+    end
+
+    if @card && @card.user
+      username = @card.user.name
+    else
+      username = nil
+    end
+
+    render json: [@auth, username]
+  end
+
  # DELETE /cards/1
  # DELETE /cards/1.json
  def destroy
--- a/app/controllers/space_api_controller.rb
+++ b/app/controllers/space_api_controller.rb
@ -102,15 +102,4 @@ class SpaceApiController < ApplicationController

  end

-  def check_auth(email,password)
-    resource = User.find_by_email(email)
-    if resource && resource.valid_password?(password)
-      resource.remember_me = true
-      sign_in :user, resource
-      return true
-    else
-      return false
-    end
-  end
-
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -24,6 +24,7 @@ class Ability

      if user.card_access_enabled
        can :access_doors_remotely, :door_access
+        can :authorize, Card # used for interlock card/certification auth
      end

      # Instructors can manage certs and see users
--- a/app/models/certification.rb
+++ b/app/models/certification.rb
@ -1,5 +1,7 @@
 class Certification < ActiveRecord::Base
-  attr_accessible :description, :name
+  attr_accessible :description, :name, :slug
  has_many :user_certifications
  has_many :users, :through => :user_certifications
+
+  validates_presence_of :name, :slug
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -136,6 +136,14 @@ class User < ActiveRecord::Base
    Rails.logger.info UserMailer.email(self,from_user,subject,body).deliver
  end

+  def has_certification?(cert_slug)
+   if self.certifications.find_by_slug(cert_slug)
+     true
+   else
+     false
+   end
+  end
+
  private

  def send_new_user_email
--- a/app/views/certifications/_form.html.erb
+++ b/app/views/certifications/_form.html.erb
@ -15,6 +15,10 @@
    <%= f.label :name %><br />
    <%= f.text_field :name %>
  </div>
+  <div class="field">
+    <%= f.label :slug, "Slug (lowercase, single-word identifier)" %><br />
+    <%= f.text_field :slug %>
+  </div>
  <div class="field">
    <%= f.label :description %><br />
    <%= f.text_area :description %>
--- a/app/views/certifications/index.html.erb
+++ b/app/views/certifications/index.html.erb
@ -5,6 +5,7 @@
 <ul>
 <% @certifications.each do |certification| %>
  <li><%= link_to certification.name, certification %>
+  (<%= certification.slug %>)
  <% if can? :update, certification %> | <%= link_to 'Edit', edit_certification_path(certification) %><% end %>
  <% if can? :destroy, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %>
  </li>
--- a/app/views/certifications/show.html.erb
+++ b/app/views/certifications/show.html.erb
@ -3,6 +3,11 @@
  <%= @certification.name %>
 </p>

+<p>
+  <b>Slug (lowercase, single-word identifier):</b>
+  <%= @certification.slug %>
+</p>
+
 <p>
  <b>Description:</b>
  <%= simple_format @certification.description %>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -44,6 +44,7 @@ Dooraccess::Application.routes.draw do
  match 'users/create' => 'users#create', :via => :post  # Use POST users/create instead of POST users to avoid devise conflict

  match 'cards/upload_all' => 'cards#upload_all', :as => :upload_all
+  match 'cards/authorize/:id' => 'cards#authorize', :as => :authorize
  resources :cards
  match 'cards/:id/upload' => 'cards#upload', :as => :upload

--- a/db/migrate/20140223060554_add_slug_to_certifications.rb
+++ b/db/migrate/20140223060554_add_slug_to_certifications.rb
@ -0,0 +1,5 @@
+class AddSlugToCertifications < ActiveRecord::Migration
+  def change
+    add_column :certifications, :slug, :string
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20140214070420) do
+ActiveRecord::Schema.define(:version => 20140223060554) do

  create_table "cards", :force => true do |t|
    t.string   "card_number"
@ -27,6 +27,7 @@ ActiveRecord::Schema.define(:version => 20140214070420) do
    t.string   "description"
    t.datetime "created_at",  :null => false
    t.datetime "updated_at",  :null => false
+    t.string   "slug"
  end

  create_table "door_logs", :force => true do |t|