From 095b6d3965cc69644c2deefee2692fb437a755d6 Mon Sep 17 00:00:00 2001 From: Will Bradley Date: Sun, 23 Feb 2014 05:55:00 -0700 Subject: [PATCH] Adding interlock authentication --- app/controllers/application_controller.rb | 14 +++++++ app/controllers/cards_controller.rb | 39 ++++++++++++++++++- app/controllers/space_api_controller.rb | 11 ------ app/models/ability.rb | 1 + app/models/certification.rb | 4 +- app/models/user.rb | 8 ++++ app/views/certifications/_form.html.erb | 4 ++ app/views/certifications/index.html.erb | 1 + app/views/certifications/show.html.erb | 5 +++ config/routes.rb | 1 + ...140223060554_add_slug_to_certifications.rb | 5 +++ db/schema.rb | 3 +- 12 files changed, 81 insertions(+), 15 deletions(-) create mode 100644 db/migrate/20140223060554_add_slug_to_certifications.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3094f18..9c3009f 100755 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -13,6 +13,20 @@ class ApplicationController < ActionController::Base @payment_methods = [[nil],["PayPal"],["Dwolla"],["Bill Pay"],["Check"],["Cash"],["Other"]] @payment_instructions = {nil => nil, :paypal => "Set up a monthly recurring payment to hslfinances@gmail.com", :dwolla => "Set up a monthly recurring payment to hslfinances@gmail.com", :billpay => "Have your bank send a monthly check to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201", :check => "Mail to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201 OR put in the drop safe at the Lab with a deposit slip firmly attached each month.", :cash => "Put in the drop safe at the Lab with a deposit slip firmly attached each month.", :other => "Hmm... talk to a Treasurer!"} + + # Check authorization of a user / sign them in manually + def check_auth(email,password) + resource = User.find_by_email(email) + if resource && resource.valid_password?(password) + resource.remember_me = true + sign_in :user, resource + return true + else + return false + end + end + + end # Add a "fit" function to sanitize inputs for mac history diff --git a/app/controllers/cards_controller.rb b/app/controllers/cards_controller.rb index 8104783..75d5e0a 100755 --- a/app/controllers/cards_controller.rb +++ b/app/controllers/cards_controller.rb @@ -1,6 +1,6 @@ class CardsController < ApplicationController - load_and_authorize_resource - before_filter :authenticate_user! + load_and_authorize_resource except: :authorize + before_filter :authenticate_user!, except: :authorize # GET /cards # GET /cards.json @@ -111,6 +111,41 @@ class CardsController < ApplicationController end end + def authorize + + # Stop unless signed in already, OR if the supplied user/pass params are good. + unless current_user || check_auth(params['user'],params['pass']) + @auth = "bad_user_or_pass" + else + # Stop unless the user can access the door system + unless can? :authorize, Card + @auth = "bad_user_permissions" + Rails.logger.warn "----------\r\nWARNING: CARD AUTH ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------" + else + + begin + @card = Card.find(:first, :conditions => ["lower(card_number) = ?", params[:id].downcase]) + @auth = @card.inspect + if @card && @card.user + @auth = @card.user.has_certification?(params[:device]) + else + @auth = false + end + rescue + @auth = false + end + end + end + + if @card && @card.user + username = @card.user.name + else + username = nil + end + + render json: [@auth, username] + end + # DELETE /cards/1 # DELETE /cards/1.json def destroy diff --git a/app/controllers/space_api_controller.rb b/app/controllers/space_api_controller.rb index ad16688..30e75aa 100755 --- a/app/controllers/space_api_controller.rb +++ b/app/controllers/space_api_controller.rb @@ -102,15 +102,4 @@ class SpaceApiController < ApplicationController end - def check_auth(email,password) - resource = User.find_by_email(email) - if resource && resource.valid_password?(password) - resource.remember_me = true - sign_in :user, resource - return true - else - return false - end - end - end diff --git a/app/models/ability.rb b/app/models/ability.rb index ef0f185..c47e640 100755 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -24,6 +24,7 @@ class Ability if user.card_access_enabled can :access_doors_remotely, :door_access + can :authorize, Card # used for interlock card/certification auth end # Instructors can manage certs and see users diff --git a/app/models/certification.rb b/app/models/certification.rb index 3699dee..0fbf656 100755 --- a/app/models/certification.rb +++ b/app/models/certification.rb @@ -1,5 +1,7 @@ class Certification < ActiveRecord::Base - attr_accessible :description, :name + attr_accessible :description, :name, :slug has_many :user_certifications has_many :users, :through => :user_certifications + + validates_presence_of :name, :slug end diff --git a/app/models/user.rb b/app/models/user.rb index 2c76625..0b4390b 100755 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -136,6 +136,14 @@ class User < ActiveRecord::Base Rails.logger.info UserMailer.email(self,from_user,subject,body).deliver end + def has_certification?(cert_slug) + if self.certifications.find_by_slug(cert_slug) + true + else + false + end + end + private def send_new_user_email diff --git a/app/views/certifications/_form.html.erb b/app/views/certifications/_form.html.erb index d4fd187..c228bdd 100755 --- a/app/views/certifications/_form.html.erb +++ b/app/views/certifications/_form.html.erb @@ -15,6 +15,10 @@ <%= f.label :name %>
<%= f.text_field :name %> +
+ <%= f.label :slug, "Slug (lowercase, single-word identifier)" %>
+ <%= f.text_field :slug %> +
<%= f.label :description %>
<%= f.text_area :description %> diff --git a/app/views/certifications/index.html.erb b/app/views/certifications/index.html.erb index 0ffc078..5063a8b 100755 --- a/app/views/certifications/index.html.erb +++ b/app/views/certifications/index.html.erb @@ -5,6 +5,7 @@