Adding interlock authentication

app/controllers/application_controller.rb

@@ -13,6 +13,20 @@ class ApplicationController < ActionController::Base
 
   @payment_methods = [[nil],["PayPal"],["Dwolla"],["Bill Pay"],["Check"],["Cash"],["Other"]]
   @payment_instructions = {nil => nil, :paypal => "Set up a monthly recurring payment to hslfinances@gmail.com", :dwolla => "Set up a monthly recurring payment to hslfinances@gmail.com", :billpay =>  "Have your bank send a monthly check to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201", :check => "Mail to HeatSync Labs Treasurer, 140 W Main St, Mesa AZ 85201 OR put in the drop safe at the Lab with a deposit slip firmly attached each month.", :cash => "Put in the drop safe at the Lab with a deposit slip firmly attached each month.", :other => "Hmm... talk to a Treasurer!"}
+
+  # Check authorization of a user / sign them in manually
+  def check_auth(email,password)
+    resource = User.find_by_email(email)
+    if resource && resource.valid_password?(password)
+      resource.remember_me = true
+      sign_in :user, resource
+      return true
+    else
+      return false
+    end
+  end
+
+
 end
 
 # Add a "fit" function to sanitize inputs for mac history

app/controllers/cards_controller.rb

@@ -1,6 +1,6 @@
 class CardsController < ApplicationController
-  load_and_authorize_resource
+  load_and_authorize_resource except: :authorize
-  before_filter :authenticate_user!
+  before_filter :authenticate_user!, except: :authorize
   
   # GET /cards
   # GET /cards.json
@@ -111,6 +111,41 @@ class CardsController < ApplicationController
     end
   end
 
+  def authorize
+
+    # Stop unless signed in already, OR if the supplied user/pass params are good.
+    unless current_user || check_auth(params['user'],params['pass'])
+      @auth = "bad_user_or_pass"
+    else
+      # Stop unless the user can access the door system
+      unless can? :authorize, Card
+        @auth = "bad_user_permissions"
+        Rails.logger.warn "----------\r\nWARNING: CARD AUTH ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------"
+      else
+
+        begin
+          @card = Card.find(:first, :conditions => ["lower(card_number) = ?", params[:id].downcase])
+          @auth = @card.inspect 
+          if @card && @card.user 
+            @auth = @card.user.has_certification?(params[:device])
+          else
+            @auth = false
+          end
+        rescue
+          @auth = false
+        end
+      end
+    end
+
+    if @card && @card.user
+      username = @card.user.name
+    else
+      username = nil
+    end
+
+    render json: [@auth, username]
+  end
+
   # DELETE /cards/1
   # DELETE /cards/1.json
   def destroy

app/controllers/space_api_controller.rb

@@ -102,15 +102,4 @@ class SpaceApiController < ApplicationController
 
   end
 
-  def check_auth(email,password)
-    resource = User.find_by_email(email)
-    if resource && resource.valid_password?(password)
-      resource.remember_me = true
-      sign_in :user, resource
-      return true
-    else
-      return false
-    end
-  end
-
 end

app/models/ability.rb

@@ -24,6 +24,7 @@ class Ability
 
       if user.card_access_enabled
         can :access_doors_remotely, :door_access
+        can :authorize, Card # used for interlock card/certification auth
       end
 
       # Instructors can manage certs and see users

app/models/certification.rb

@@ -1,5 +1,7 @@
 class Certification < ActiveRecord::Base
-  attr_accessible :description, :name
+  attr_accessible :description, :name, :slug
   has_many :user_certifications
   has_many :users, :through => :user_certifications
+
+  validates_presence_of :name, :slug
 end

app/models/user.rb

@@ -136,6 +136,14 @@ class User < ActiveRecord::Base
     Rails.logger.info UserMailer.email(self,from_user,subject,body).deliver
   end
 
+  def has_certification?(cert_slug)
+   if self.certifications.find_by_slug(cert_slug)
+     true
+   else
+     false
+   end
+  end
+
   private
 
   def send_new_user_email

app/views/certifications/_form.html.erb

@@ -15,6 +15,10 @@
     <%= f.label :name %><br />
     <%= f.text_field :name %>
   </div>
+  <div class="field">
+    <%= f.label :slug, "Slug (lowercase, single-word identifier)" %><br />
+    <%= f.text_field :slug %>
+  </div>
   <div class="field">
     <%= f.label :description %><br />
     <%= f.text_area :description %>

app/views/certifications/index.html.erb

@@ -5,6 +5,7 @@
 <ul>
 <% @certifications.each do |certification| %>
   <li><%= link_to certification.name, certification %>
+  (<%= certification.slug %>)
   <% if can? :update, certification %> | <%= link_to 'Edit', edit_certification_path(certification) %><% end %>
   <% if can? :destroy, certification %> | <%= link_to 'Destroy', certification, :confirm => 'Are you sure?', :method => :delete %><% end %>
   </li>

app/views/certifications/show.html.erb

@@ -3,6 +3,11 @@
   <%= @certification.name %>
 </p>
 
+<p>
+  <b>Slug (lowercase, single-word identifier):</b>
+  <%= @certification.slug %>
+</p>
+
 <p>
   <b>Description:</b>
   <%= simple_format @certification.description %>

config/routes.rb

@@ -44,6 +44,7 @@ Dooraccess::Application.routes.draw do
   match 'users/create' => 'users#create', :via => :post  # Use POST users/create instead of POST users to avoid devise conflict
 
   match 'cards/upload_all' => 'cards#upload_all', :as => :upload_all
+  match 'cards/authorize/:id' => 'cards#authorize', :as => :authorize
   resources :cards
   match 'cards/:id/upload' => 'cards#upload', :as => :upload
 

db/migrate/20140223060554_add_slug_to_certifications.rb

@@ -0,0 +1,5 @@
+class AddSlugToCertifications < ActiveRecord::Migration
+  def change
+    add_column :certifications, :slug, :string
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20140214070420) do
+ActiveRecord::Schema.define(:version => 20140223060554) do
 
   create_table "cards", :force => true do |t|
     t.string   "card_number"
@@ -27,6 +27,7 @@ ActiveRecord::Schema.define(:version => 20140214070420) do
     t.string   "description"
     t.datetime "created_at",  :null => false
     t.datetime "updated_at",  :null => false
+    t.string   "slug"
   end
 
   create_table "door_logs", :force => true do |t|