class MainController

Controller responsible for providing login and logout processes as well as displaying main page

Controller responsible for providing login and logout processes as well as displaying main page

Public Instance Methods

about() click to toggle source
# File app/controllers/main_controller.rb, line 155
def about
  # dummy action for remote rjs calls
  # triggered by clicking on the about icon
end
clear_role_switch_session() click to toggle source

Action only relevant if REMOTE_USER config is on and if an admin switched role. Since there might not be a logout link provide a vehicle to expire the session (I.e. cancel the role switch).

# File app/controllers/main_controller.rb, line 256
def clear_role_switch_session
  m_logger = MarkusLogger.instance

  # The real_uid field of session keeps track of the uid of the original
  # user that is logged in if there is a role switch
  if !session[:real_uid].nil? && !session[:uid].nil?
    # An admin was logged in as a student or grader
    m_logger.log("Admin '#{User.find_by_id(session[:real_uid]).user_name}' logged out from '#{User.find_by_id(session[:uid]).user_name}'.")
  else
    #The user was not assuming another role
    m_logger.log("WARNING: Possible break in attempt from '#{current_user.user_name}'.")
  end
  clear_session
  cookies.delete :auth_token
  reset_session
  redirect_to :action => 'login'
end
index() click to toggle source
# File app/controllers/main_controller.rb, line 145
def index
  @current_user = current_user
  if @current_user.student? or @current_user.ta?
    redirect_to :controller => 'assignments', :action => 'index'
    return
  end
  @assignments = Assignment.unscoped.all(:order => 'due_date DESC')
  render :index, :layout => 'content'
end
login() click to toggle source

Handles login requests; usually redirected here when trying to access the website and has not logged in yet, or session has expired. User is redirected to main page if session is still active and valid.

# File app/controllers/main_controller.rb, line 23
def login

  # external auth has been done, skip markus authorization
  if MarkusConfigurator.markus_config_remote_user_auth
    if @markus_auth_remote_user.nil?
      render 'shared/http_status.html', :locals => { :code => '403', :message => HttpStatusHelper::ERROR_CODE['message']['403'] }, :status => 403, :layout => false
      return
    else
      login_success = login_without_authentication(@markus_auth_remote_user)
      if login_success
        uri = session[:redirect_uri]
        session[:redirect_uri] = nil
        refresh_timeout
        current_user.set_api_key # set api key in DB for user if not yet set
        # redirect to last visited page or to main page
        redirect_to( uri || { :action => 'index' } )
        return
      else
        @login_error = flash[:error][0]
        render :remote_user_auth_login_fail
        return
      end
    end
  end

  # check cookies
  if cookies_enabled
    unless params[:cookieTest].nil?
      # remove the :cookieTest => "currentlyTesting" parameter after testing for cookies by redirecting
      redirect_to :controller => 'main', :action => 'login'
    end
  else
    flash_message(:error, I18n.t(:cookies_off))
    return

  end

  # Check if it's the user's first visit this session
  # Need to accomodate redirects for local and cookie testing
  if params.has_key?(:locale) && !params.has_key?(:cookieTest)
    if session[:first_visit].nil?
      @first_visit = true
      session[:first_visit] = 'false'
    else
      @first_visit = false
    end
  end

  @current_user = current_user
  # redirect to main page if user is already logged in.
  if logged_in? && !request.post?
    redirect_to :action => 'index'
    return
  end
  return unless request.post?

  # strip username
  params[:user_login].strip!

  # Get information of the user that is trying to login if his or her
  # authentication is valid
  validation_result = validate_user(params[:user_login], params[:user_login], params[:user_password])
  unless validation_result[:error].nil?
    flash_message(:error, validation_result[:error])
    redirect_to :action => 'login'
    return
  end
  # validation worked
  found_user = validation_result[:user]
  if found_user.nil?
    return
  end

  # Has this student been hidden?
  if found_user.student? && found_user.hidden
    flash_message(:error, I18n.t('account_disabled'))
    redirect_to(:action => 'login') && return
  end

  self.current_user = found_user

  if logged_in?
    uri = session[:redirect_uri]
    session[:redirect_uri] = nil
    refresh_timeout
    current_user.set_api_key # set api key in DB for user if not yet set
    # redirect to last visited page or to main page
    redirect_to( uri || { :action => 'index' } )
  else
    flash_message(:error, I18n.t(:login_failed))
  end
end
login_as() click to toggle source

Authenticates the admin (i.e. validates her password). Given the user, that the admin would like to login as and the admin’s password switch to the desired user on success.

If the current user already recorded, matches the password entered in the form, grant the current user (an admin) access to the account of the user name entered in the form.

Relevant partials:

role_switch_handler
role_switch_error
role_switch_content
role_switch
# File app/controllers/main_controller.rb, line 191
def login_as
  validation_result = nil
  if MarkusConfigurator.markus_config_remote_user_auth
    validation_result = validate_user_without_login(params[:effective_user_login],
                                      params[:user_login])
  else
    validation_result = validate_user(params[:effective_user_login],
                                      params[:user_login],
                                      params[:admin_password])
  end
  unless validation_result[:error].nil?
    # There were validation errors
    render :partial => 'role_switch_handler.js',
      :locals => { :error => validation_result[:error] }, :handlers => [:erb]
    return
  end

  found_user = validation_result[:user]
  if found_user.nil?
    return
  end

  # Check if an admin is trying to login as another admin. Should not be allowed
  if found_user.admin?
    # error
    render :partial => 'role_switch_handler.js', :locals =>
          { :error => I18n.t(:cannot_login_as_another_admin) }, :handlers => [:erb]
    return
  end

  # Log the admin that assumed the role of another user together with the time
  # and date that the role switch occurred
  m_logger = MarkusLogger.instance
  m_logger.log("Admin '#{current_user.user_name}' logged in as '#{params[:effective_user_login]}'.")

  # Save the uid of the admin that is switching roles
  session[:real_uid] = session[:uid]
  # Change the uid of the current user
  self.current_user = found_user

  if logged_in?
    uri = session[:redirect_uri]
    session[:redirect_uri] = nil
    refresh_timeout
    current_user.set_api_key # set api key in DB for user if not yet set
    # All good, redirect to the main page of the viewer, discard
    # role switch modal
    render :partial => 'role_switch_handler.js', :locals =>
        { :error => nil }, :handlers => [:erb]
  else
    render :partial => 'role_switch_handler.js', :locals =>
        { :error => I18n.t(:login_failed) }, :handlers => [:erb]
  end
end
logout() click to toggle source

Clear the sesssion for current user and redirect to login page

# File app/controllers/main_controller.rb, line 118
def logout
  logout_redirect = MarkusConfigurator.markus_config_logout_redirect
  if logout_redirect == 'NONE'
    page_not_found
    return
  end
  m_logger = MarkusLogger.instance

  # The real_uid field of session keeps track of the uid of the original
  # user that is logged in if there is a role switch
  if !session[:real_uid].nil? && !session[:uid].nil?
    #An admin was logged in as a student or grader
    m_logger.log("Admin '#{User.find_by_id(session[:real_uid]).user_name}' logged out from '#{User.find_by_id(session[:uid]).user_name}'.")
  else
    #The user was not assuming another role
    m_logger.log("User '#{current_user.user_name}' logged out.")
  end
  clear_session
  cookies.delete :auth_token
  reset_session
  if logout_redirect == 'DEFAULT'
    redirect_to :action => 'login'
  else
    redirect_to logout_redirect
  end
end
page_not_found() click to toggle source

Render 404 error (page not found) if no other route matches. See config/routes.rb

# File app/controllers/main_controller.rb, line 174
def page_not_found
  render 'shared/http_status.html', :locals => { :code => '404', :message => HttpStatusHelper::ERROR_CODE['message']['404'] }, :status => 404, :layout => false
end
reset_api_key() click to toggle source
# File app/controllers/main_controller.rb, line 160
def reset_api_key
  render 'shared/http_status.html', :locals => { :code => '404', :message => HttpStatusHelper::ERROR_CODE['message']['404'] }, :status => 404, :layout => false and return unless request.post?
  # Students shouldn't be able to change their API key
  unless @current_user.student?
    @current_user.reset_api_key
    @current_user.save
  else
    render 'shared/http_status.html', :locals => { :code => '404', :message => HttpStatusHelper::ERROR_CODE['message']['404'] }, :status => 404, :layout => false and return
  end
  render 'api_key_replace.js', :locals => {:user => @current_user }, :handlers => [:erb]
end
role_switch() click to toggle source
# File app/controllers/main_controller.rb, line 246
def role_switch
  # dummy action for remote rjs calls
  # triggered by clicking on the "Switch role" link
  # please keep.
end