From 66b362c790ba823a9f1eac8ad04b3f275f3cbd86 Mon Sep 17 00:00:00 2001 From: Emiel Date: Thu, 19 Sep 2024 19:12:48 +0200 Subject: [PATCH] #953 Frontpage 500 + #963 gracefully logout participant --- core/frameworks/green_light/_live_hook.ex | 2 +- core/lib/core/authorization.ex | 2 + core/lib/core_web/routes.ex | 2 + ...xternal_sign_in.ex => external_account.ex} | 0 .../user.ex | 0 core/systems/account/_plug.ex | 41 +++++++++++++++++++ core/systems/account/user_auth.ex | 14 +++++-- core/systems/home/page_builder.ex | 14 +++++++ 8 files changed, 70 insertions(+), 5 deletions(-) rename core/lib/{external_sign_in.ex => external_account.ex} (100%) rename core/lib/{external_sign_in => external_account}/user.ex (100%) create mode 100644 core/systems/account/_plug.ex diff --git a/core/frameworks/green_light/_live_hook.ex b/core/frameworks/green_light/_live_hook.ex index 0e289d05a6..2140457587 100644 --- a/core/frameworks/green_light/_live_hook.ex +++ b/core/frameworks/green_light/_live_hook.ex @@ -27,7 +27,7 @@ defmodule Frameworks.GreenLight.LiveHook do live_view_module ) - Logger.notice("User #{user.id} can_access? #{live_view_module}: #{can_access?}") + user && Logger.notice("User #{user.id} can_access? #{live_view_module}: #{can_access?}") can_access? else auth_module().can_access?(user, live_view_module) diff --git a/core/lib/core/authorization.ex b/core/lib/core/authorization.ex index cb30098f91..0577ef7750 100644 --- a/core/lib/core/authorization.ex +++ b/core/lib/core/authorization.ex @@ -220,6 +220,8 @@ defmodule Core.Authorization do can?(principal, permission) end + def can_access?(nil, _entity, _module), do: false + def can_access?(_principal, nil, _module), do: false def can_access?(principal, entity, module) when is_atom(module) do diff --git a/core/lib/core_web/routes.ex b/core/lib/core_web/routes.ex index 0478e35301..d63397b6e9 100644 --- a/core/lib/core_web/routes.ex +++ b/core/lib/core_web/routes.ex @@ -12,6 +12,8 @@ defmodule CoreWeb.Routes do plug(:accepts, ["html"]) plug(:fetch_session) + plug(Systems.Account.Plug) + plug(Cldr.Plug.PutLocale, apps: [ cldr: CoreWeb.Cldr, diff --git a/core/lib/external_sign_in.ex b/core/lib/external_account.ex similarity index 100% rename from core/lib/external_sign_in.ex rename to core/lib/external_account.ex diff --git a/core/lib/external_sign_in/user.ex b/core/lib/external_account/user.ex similarity index 100% rename from core/lib/external_sign_in/user.ex rename to core/lib/external_account/user.ex diff --git a/core/systems/account/_plug.ex b/core/systems/account/_plug.ex new file mode 100644 index 0000000000..226c9e74fd --- /dev/null +++ b/core/systems/account/_plug.ex @@ -0,0 +1,41 @@ +defmodule Systems.Account.Plug do + @behaviour Plug + + import Plug.Conn + alias Systems.Account + + @valid_participant_path ~r"^\/assignment\/\d.*$" + + @impl true + def init(opts), do: opts + + @impl true + def call(conn, _opts) do + case current_user(conn) do + {:ok, %{} = user} -> + external? = Account.Public.external?(user) + signof_if_needed(conn, external?) + + _ -> + conn + end + end + + defp current_user(conn) do + if user_token = get_session(conn, :user_token) do + {:ok, Account.Public.get_user_by_session_token(user_token)} + else + {:error, :no_user_token} + end + end + + defp signof_if_needed(%{request_path: request_path} = conn, true) do + if Regex.match?(@valid_participant_path, request_path) do + conn + else + Account.UserAuth.forget_user(conn) + end + end + + defp signof_if_needed(conn, _), do: conn +end diff --git a/core/systems/account/user_auth.ex b/core/systems/account/user_auth.ex index a2b3ec04bc..304035492c 100644 --- a/core/systems/account/user_auth.ex +++ b/core/systems/account/user_auth.ex @@ -83,19 +83,25 @@ defmodule Systems.Account.UserAuth do It clears all session data for safety. See renew_session. """ def log_out_user(conn) do - user_token = get_session(conn, :user_token) - user_token && Account.Public.delete_session_token(user_token) - if live_socket_id = get_session(conn, :live_socket_id) do CoreWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{}) end conn + |> forget_user() |> renew_session() - |> delete_resp_cookie(@remember_me_cookie) |> redirect(to: ~p"/user/signin") end + @doc """ + Removes user token and cookie + """ + def forget_user(conn) do + user_token = get_session(conn, :user_token) + user_token && Account.Public.delete_session_token(user_token) + delete_resp_cookie(conn, @remember_me_cookie) + end + @doc """ Authenticates the user by looking into the session and remember me token. diff --git a/core/systems/home/page_builder.ex b/core/systems/home/page_builder.ex index b396e2d0c8..30acc798ff 100644 --- a/core/systems/home/page_builder.ex +++ b/core/systems/home/page_builder.ex @@ -16,6 +16,20 @@ defmodule Systems.Home.PageBuilder do alias Systems.Pool alias Systems.Crew + def view_model(_, %{current_user: nil}) do + %{ + hero: %{ + type: :illustration2, + params: %{ + title: dgettext("eyra-home", "member.title") + } + }, + active_menu_item: :home, + next_best_action: nil, + blocks: [] + } + end + def view_model(_, %{current_user: user} = assigns) do panl? = panl_participant?(user) put_locale(user, panl?)