Migrate to Rais 8.0

- Remove all Rodauth stuff and implement simple custom auth - Migrate from sprockets to propshaft, hack some bootstrap stuff
2024-11-08 22:05:31 +01:00 · 2024-11-08 22:05:31 +01:00 · c35c7da6e0
commit c35c7da6e0
parent 0198a22278
66 changed files with 518 additions and 684 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,6 +1,7 @@
 # frozen_string_literal: true

 class ApplicationController < ActionController::Base
+  include Authentication
  include Pagy::Backend

  # allow_browser versions: :modern
@ -13,15 +14,29 @@ class ApplicationController < ActionController::Base
  def initialize_navbar
    return unless request.get?

-    @navbar_items = if rodauth.logged_in?
+    @navbar_items = if authenticated?
      [
-        { label: "Dashboard",                       icon: :speedometer2,   path: :root },
-        { label: Report.model_name.human(count: 2), icon: :'journal-text', path: :reports },
-        { label: I18n.t("backoffice"),              icon: :gear,         path: :backoffice, active: %w[backoffice checklists checks links link_categories].include?(controller_name) },
-        { label: Account.model_name.human,          icon: :person,         path: profile_path }
+        {
+          label: "Dashboard",
+          icon: :speedometer2,
+          path: :root
+        },
+        {
+          label: Report.model_name.human(count: 2),
+          icon: :'journal-text',
+          path: :reports },
+        {
+          label: I18n.t("backoffice"),
+          icon: :gear,
+          path: :backoffice,
+          active: %w[backoffice checklists checks links link_categories].include?(controller_name) },
+        {
+          label: "Konto",
+          path: profile_path
+        }
      ]
    else
-      [ { label: "Login", icon: :'door-closed', path: rodauth.login_path, label_class: "text-info" } ]
+      [ { label: "Login", icon: :'door-closed', path: new_session_path, label_class: "text-info" } ]
    end
    @nav_path = controller_name
    @search_url = nil
--- a/app/controllers/concerns/authentication.rb
+++ b/app/controllers/concerns/authentication.rb
@ -0,0 +1,55 @@
+module Authentication
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :require_authentication
+    helper_method :authenticated?
+  end
+
+  class_methods do
+    def allow_unauthenticated_access(**options)
+      skip_before_action :require_authentication, **options
+    end
+  end
+
+  private
+    def authenticated?
+      resume_session
+    end
+
+    def require_authentication
+      resume_session || request_authentication
+    end
+
+
+    def resume_session
+      Current.session ||= find_session_by_cookie
+    end
+
+    def find_session_by_cookie
+      Session.find_by(id: cookies.signed[:session_id])
+    end
+
+
+    def request_authentication
+      session[:return_to_after_authenticating] = request.url
+      redirect_to new_session_path
+    end
+
+    def after_authentication_url
+      session.delete(:return_to_after_authenticating) || root_url
+    end
+
+
+    def start_new_session_for(user)
+      user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session|
+        Current.session = session
+        cookies.signed.permanent[:session_id] = { value: session.id, httponly: true, same_site: :lax }
+      end
+    end
+
+    def terminate_session
+      Current.session.destroy
+      cookies.delete(:session_id)
+    end
+end
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@ -1,10 +1,36 @@
 # frozen_string_literal: true

 class HomeController < ApplicationController
+  allow_unauthenticated_access only: [ :show ]
+
  def show
-    if rodauth.logged_in?
-    else
-      render :root
-    end
+  end
+
+  def profile
+  end
+
+  private
+  def initialize_sidebar_items
+    return [] unless action_name == "profile"
+
+    [
+      {
+        label: "Profil",
+        icon: :person,
+        path: profile_path,
+        active: action_name == "profile"
+      },
+      # {
+      #   label: "Passwort ändern",
+      #   path: new_password_path,
+      #   icon: :lock
+      # },
+      {
+        label: "Logout",
+        icon: :"box-arrow-right",
+        path: session_path,
+        method: :delete
+      }
+    ]
  end
 end
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@ -0,0 +1,33 @@
+class PasswordsController < ApplicationController
+  allow_unauthenticated_access
+  before_action :set_user_by_token, only: %i[ edit update ]
+
+  def new
+  end
+
+  def create
+    if user = User.find_by(email_address: params[:email_address])
+      PasswordsMailer.reset(user).deliver_later
+    end
+
+    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
+  end
+
+  def edit
+  end
+
+  def update
+    if @user.update(params.permit(:password, :password_confirmation))
+      redirect_to new_session_path, notice: "Password has been reset."
+    else
+      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
+    end
+  end
+
+  private
+    def set_user_by_token
+      @user = User.find_by_password_reset_token!(params[:token])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
+    end
+end
--- a/app/controllers/rodauth_controller.rb
+++ b/app/controllers/rodauth_controller.rb
@ -1,39 +0,0 @@
-class RodauthController < ApplicationController
-  # Used by Rodauth for rendering views, CSRF protection, running any
-  # registered action callbacks and rescue handlers, instrumentation etc.
-
-  # Controller callbacks and rescue handlers will run around Rodauth endpoints.
-  # before_action :verify_captcha, only: :login, if: -> { request.post? }
-  # rescue_from("SomeError") { |exception| ... }
-
-  # Layout can be changed for all Rodauth pages or only certain pages.
-  # layout "authentication"
-  # layout -> do
-  #   case rodauth.current_route
-  #   when :login, :create_account, :verify_account, :verify_account_resend,
-  #        :reset_password, :reset_password_request
-  #     "authentication"
-  #   else
-  #     "application"
-  #   end
-  # end
-  #
-  before_action do
-    # Fix encoding in rodauth views.
-    response.headers["Content-Type"] = "text/html; charset=utf-8" if request.format.html?
-  end
-
-  def profile
-  end
-
-  private
-  def initialize_sidebar_items
-    return unless rodauth.logged_in?
-
-    [
-      { label: "Profile", icon: :'person', path: profile_path, active: action_name == "profile" },
-      { label: "Passwort ändern", icon: :'lock', path: rodauth.change_password_path, active: action_name == "change_password" },
-      { label: "Logout", icon: :'box-arrow-right', path: rodauth.logout_path, active: action_name == "logout" }
-    ]
-  end
-end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -0,0 +1,24 @@
+class SessionsController < ApplicationController
+  allow_unauthenticated_access only: %i[ new create ]
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." }
+
+  def new
+    redirect_to :root if authenticated?
+  end
+
+  def create
+    redirect_to :root if authenticated?
+
+    if user = User.authenticate_by(params.permit(:email_address, :password))
+      start_new_session_for user
+      redirect_to after_authentication_url
+    else
+      redirect_to new_session_path, alert: "Try another email address or password."
+    end
+  end
+
+  def destroy
+    terminate_session
+    redirect_to new_session_path
+  end
+end