b31d354f-f32c-42d8-9f2e-84ea71396506

Committed 16 Dec 2024 05:24PM UTC coverage: 83.419% (-0.9%) from 84.289%

Build # b31d354f-f32c-42d8-9f2e-84ea71396506

Build Type

Pull #875

circleci

Committed by

carolyncole

Commit Message

Adding the concept of a System Login and an Active Web Login

Pull Request Pull Request #875: Getting an extra cas ticket that we could theoretically pass along to mediaflux

Run Details

4 of 4 branches covered (100.0%)

48 of 75 new or added lines in 8 files covered. (64.0%)

9 existing lines in 2 files now uncovered.

2274 of 2726 relevant lines covered (83.42%)

364.38 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.46

/app/models/user.rb

# frozen_string_literal: true

require "csv"
class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :rememberable, :omniauthable

  has_many :user_requests, dependent: :destroy

  USER_REGISTRATION_LIST = Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")

  attr_accessor :mediaflux_session

  def self.from_cas(access_token)
    user = User.find_by(provider: access_token.provider, uid: access_token.uid)
    if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded
      user.initialize_name_values(access_token.extra)
      user.save
    end
    user
  end

  # Users that can be project sponsors
  def self.sponsor_users
    if Rails.env.development? || Rails.env.staging?
      User.where(eligible_sponsor: true).or(User.where(superuser: true))
    else
      User.where(eligible_sponsor: true)
    end
  end

  # Users that can be data managers
  def self.manager_users
    if Rails.env.development? || Rails.env.staging?
      User.where(eligible_manager: true).or(User.where(superuser: true))
    else
      User.where(eligible_manager: true)
    end
  end

  def clear_mediaflux_session(session)
    Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")
    @mediaflux_session = nil
    session[:mediaflux_session] = nil
  end

  def mediaflux_from_session(session)
    logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"
    if session[:mediaflux_session].blank?
      logger.debug("!!!! Creating a new session !!! #{uid}")
      session[:mediaflux_session] = SystemUser.mediaflux_session
      session[:active_web_user] = false
    end
    @active_web_user = session[:active_web_user]
    @mediaflux_session = session[:mediaflux_session]
  end

  def medaiflux_login(token, session)
    logger.debug("mediaflux session created for #{uid}")
    logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")
    if logon_request.error?
      raise "Invalid Logon #{logon_request.response_error}"
    end
    @mediaflux_session = logon_request.session_token
    @active_web_user = true
    session[:mediaflux_session] = @mediaflux_session
    session[:active_web_user] = @active_web_user
    logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"
  end

  def terminate_mediaflux_session
    return if @mediaflux_session.nil? # nothing to terminate
    logger.debug "!!!! Terminating mediaflux session"

    Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body
    @mediaflux_session = nil
  end

  # Initialize the name values from the CAS information.
  # Our name fields do not match their name fields, so we need to translate.
  def initialize_name_values(extra_cas_info)
    self.given_name = extra_cas_info.givenname
    self.family_name =  extra_cas_info.sn
    self.display_name = extra_cas_info.pudisplayname
  end

  # Return the display name if it exists, otherwise return the uid
  # @return [String]
  def display_name_safe
    return uid if display_name.blank?

    display_name
  end

  # Is this user eligible to be a data sponsor in this environment?
  # @return [Boolean]
  def eligible_sponsor?
    return true if superuser
    super
  end

  # Is this user eligible to be a data manger in this environment?
  # @return [Boolean]
  def eligible_manager?
    return true if superuser
    super
  end

  # Is this user eligible to be a data user in this environment?
  # @return [Boolean]
  def eligible_data_user?
    return true if superuser
    return true if !eligible_sponsor? && !eligible_manager
  end

  # Is this user eligible to be a sysadmin in this environment?
  # @return [Boolean]
  def eligible_sysadmin?
    return true if superuser || sysadmin
  end

  # Parse the USER_REGISTRATION_LIST csv
  # @return [CSV::Table]
  def self.csv_data
    CSV.parse(File.read(USER_REGISTRATION_LIST), headers: true)
  end

  # Load the user registration list from the CSV file.
  # Select the file that matches the rails environment.
  def self.load_registration_list
    User.csv_data.each do |line|
      user = User.find_by(uid: line["uid"]) || User.new
      user.uid = line["uid"]
      user.family_name = line["family_name"]
      user.display_name = line["display_name"]
      user.email = user.uid + "@princeton.edu"
      # If we don't say that this is a cas user, they won't be able to log in with CAS
      user.provider = "cas"
      user.eligible_sponsor = line["eligible_sponsor"] == "TRUE"
      user.eligible_manager = line["eligible_manager"] == "TRUE"
      user.superuser = line["superuser"] == "TRUE"
      user.sysadmin = line["sysadmin"] == "TRUE"
      user.trainer = line["tester_trainer"] == "TRUE"
      user.save
    end
  end

  # Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise
  # to calculate what information will be stored in the session and to serialize an object
  # back from the session.
  #
  # By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes
  # problems if we repopulate our User table and the IDs change. The implementation provided below
  # uses the User.uid field (which is unique, does not change, and it's required) as the value to
  # store in the session to prevent this issue.
  #
  # References:
  #   https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
  #   https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
  #   https://github.com/wardencommunity/warden/wiki/Setup
  def self.serialize_into_session(record)
    # The return value _must_ have at least two elements since the serialize_from_session() requires
    # two arguments (see below)
    [record.uid, ""]
  end

  def self.serialize_from_session(key, _salt, _opts = {})
    User.where(uid: key)&.first
  end

  # Fetches the most recent download jobs for the user
  def latest_downloads(limit: 10)
    @latest_downloads ||= UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)
  end
end

1	# frozen_string_literal: true
2
3	require "csv"	1✔
4	class User < ApplicationRecord	1✔
5	# Include default devise modules. Others available are:
6	# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
7	devise :rememberable, :omniauthable	1✔
8
9	has_many :user_requests, dependent: :destroy	1✔
10
11	USER_REGISTRATION_LIST = Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")	1✔
12
13	attr_accessor :mediaflux_session	1✔
14
15	def self.from_cas(access_token)	1✔
16	user = User.find_by(provider: access_token.provider, uid: access_token.uid)	9✔
17	if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded	9✔
18	user.initialize_name_values(access_token.extra)	7✔
19	user.save	7✔
20	end
21	user	9✔
22	end
23
24	# Users that can be project sponsors
25	def self.sponsor_users	1✔
26	if Rails.env.development? \|\| Rails.env.staging?	28✔
27	User.where(eligible_sponsor: true).or(User.where(superuser: true))	1✔
28	else
29	User.where(eligible_sponsor: true)	27✔
30	end
31	end
32
33	# Users that can be data managers
34	def self.manager_users	1✔
35	if Rails.env.development? \|\| Rails.env.staging?	26✔
36	User.where(eligible_manager: true).or(User.where(superuser: true))	×
37	else
38	User.where(eligible_manager: true)	26✔
39	end
40	end
41
42	def clear_mediaflux_session(session)	1✔
NEW 43	Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")	×
UNCOV 44	@mediaflux_session = nil	×
UNCOV 45	session[:mediaflux_session] = nil	×
46	end
47
48	def mediaflux_from_session(session)	1✔
49	logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]} user: #{uid}"	248✔
50	if session[:mediaflux_session].blank?	248✔
51	logger.debug("!!!! Creating a new session !!! #{uid}")	103✔
52	session[:mediaflux_session] = SystemUser.mediaflux_session	103✔
53	session[:active_web_user] = false	101✔
54	end
55	@active_web_user = session[:active_web_user]	246✔
56	@mediaflux_session = session[:mediaflux_session]	246✔
57	end
58
59	def medaiflux_login(token, session)	1✔
NEW 60	logger.debug("mediaflux session created for #{uid}")	×
NEW 61	logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")	×
NEW 62	if logon_request.error?	×
NEW 63	raise "Invalid Logon #{logon_request.response_error}"	×
64	end
NEW 65	@mediaflux_session = logon_request.session_token	×
NEW 66	@active_web_user = true	×
NEW 67	session[:mediaflux_session] = @mediaflux_session	×
NEW 68	session[:active_web_user] = @active_web_user	×
NEW 69	logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]} user: #{uid}"	×
70	end
71
72	def terminate_mediaflux_session	1✔
73	return if @mediaflux_session.nil? # nothing to terminate	×
NEW 74	logger.debug "!!!! Terminating mediaflux session"	×
75
76	Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body	×
77	@mediaflux_session = nil	×
78	end
79
80	# Initialize the name values from the CAS information.
81	# Our name fields do not match their name fields, so we need to translate.
82	def initialize_name_values(extra_cas_info)	1✔
83	self.given_name = extra_cas_info.givenname	7✔
84	self.family_name = extra_cas_info.sn	7✔
85	self.display_name = extra_cas_info.pudisplayname	7✔
86	end
87
88	# Return the display name if it exists, otherwise return the uid
89	# @return [String]
90	def display_name_safe	1✔
91	return uid if display_name.blank?	451✔
92
93	display_name	449✔
94	end
95
96	# Is this user eligible to be a data sponsor in this environment?
97	# @return [Boolean]
98	def eligible_sponsor?	1✔
99	return true if superuser	227✔
100	super	207✔
101	end
102
103	# Is this user eligible to be a data manger in this environment?
104	# @return [Boolean]
105	def eligible_manager?	1✔
106	return true if superuser	109✔
107	super	103✔
108	end
109
110	# Is this user eligible to be a data user in this environment?
111	# @return [Boolean]
112	def eligible_data_user?	1✔
113	return true if superuser	10✔
114	return true if !eligible_sponsor? && !eligible_manager	10✔
115	end
116
117	# Is this user eligible to be a sysadmin in this environment?
118	# @return [Boolean]
119	def eligible_sysadmin?	1✔
120	return true if superuser \|\| sysadmin	201✔
121	end
122
123	# Parse the USER_REGISTRATION_LIST csv
124	# @return [CSV::Table]
125	def self.csv_data	1✔
126	CSV.parse(File.read(USER_REGISTRATION_LIST), headers: true)	6✔
127	end
128
129	# Load the user registration list from the CSV file.
130	# Select the file that matches the rails environment.
131	def self.load_registration_list	1✔
132	User.csv_data.each do \|line\|	7✔
133	user = User.find_by(uid: line["uid"]) \|\| User.new	576✔
134	user.uid = line["uid"]	576✔
135	user.family_name = line["family_name"]	576✔
136	user.display_name = line["display_name"]	576✔
137	user.email = user.uid + "@princeton.edu"	576✔
138	# If we don't say that this is a cas user, they won't be able to log in with CAS
139	user.provider = "cas"	576✔
140	user.eligible_sponsor = line["eligible_sponsor"] == "TRUE"	576✔
141	user.eligible_manager = line["eligible_manager"] == "TRUE"	576✔
142	user.superuser = line["superuser"] == "TRUE"	576✔
143	user.sysadmin = line["sysadmin"] == "TRUE"	576✔
144	user.trainer = line["tester_trainer"] == "TRUE"	576✔
145	user.save	576✔
146	end
147	end
148
149	# Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise
150	# to calculate what information will be stored in the session and to serialize an object
151	# back from the session.
152	#
153	# By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes
154	# problems if we repopulate our User table and the IDs change. The implementation provided below
155	# uses the User.uid field (which is unique, does not change, and it's required) as the value to
156	# store in the session to prevent this issue.
157	#
158	# References:
159	# https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
160	# https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
161	# https://github.com/wardencommunity/warden/wiki/Setup
162	def self.serialize_into_session(record)	1✔
163	# The return value _must_ have at least two elements since the serialize_from_session() requires
164	# two arguments (see below)
165	[record.uid, ""]	146✔
166	end
167
168	def self.serialize_from_session(key, _salt, _opts = {})	1✔
169	User.where(uid: key)&.first	158✔
170	end
171
172	# Fetches the most recent download jobs for the user
173	def latest_downloads(limit: 10)	1✔
174	@latest_downloads \|\|= UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)	52✔
175	end
176	end

pulibrary / tigerdata-app / b31d354f-f32c-42d8-9f2e-84ea71396506

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous