Class: DBAuth

Inherits:

Object

• Object
• DBAuth

Defined in:

backend/app/model/dbauth.rb

Class Method Summary

• .authenticate(username, password) ⇒ Object
• .authenticate_token(username, token) ⇒ Object
• .delete_user(username) ⇒ Object
• .generate_token(username) ⇒ Object
• .matching_usernames(query) ⇒ Object
• .set_password(username, password) ⇒ Object

Class Method Details

.authenticate(username, password) ⇒ Object

# File 'backend/app/model/dbauth.rb', line 30

def self.authenticate(username, password)
  username = username.downcase

  DB.open do |db|
    pwhash = db[:auth_db].filter(:username => username).get(:pwhash)

    if pwhash and (Password.new(pwhash) == password)
      user = User.find(:username => username)
      JSONModel(:user).from_hash(
       :username => username,
       :name => user.name,
       :email => user.email,
       :first_name => user.first_name,
       :last_name => user.last_name,
       :telephone => user.telephone,
       :title => user.title,
       :department => user.department,
       :additional_contact => user.additional_contact
      )
    else
      nil
    end
  end
end

.authenticate_token(username, token) ⇒ Object

# File 'backend/app/model/dbauth.rb', line 91

def self.authenticate_token(username, token)
  user = User.find(username: username)
  if user.system_mtime < Time.now - 30*60
    return nil
  end
  token = Base64.urlsafe_decode64(token)
  DB.open do |db|
    pwhash = db[:auth_db].filter(username: username).get(:pwhash)
    if pwhash && (Password.new(token) == [user.system_mtime, pwhash].join)
      # void the old password and the token at the same time
      db[:auth_db].filter(username: username).update(pwhash: token)
      user = User.find(username: username)
      User.to_jsonmodel(user)
    else
      nil
    end
  end
end

.delete_user(username) ⇒ Object

# File 'backend/app/model/dbauth.rb', line 70

def self.delete_user(username)
  DB.open do |db|
    db[:auth_db].filter(:username => username).delete
  end
end

.generate_token(username) ⇒ Object

# File 'backend/app/model/dbauth.rb', line 77

def self.generate_token(username)
  user = User.find(username: username)
  user.system_mtime = Time.now
  user.save
  user = User.find(username: username)
  DB.open do |db|
    pwhash = db[:auth_db].filter(username: username).get(:pwhash)
    raise "Cannot generate token for passwordless users" if pwhash.nil?
    raw_token = Password.create([user.system_mtime, pwhash].join)
    return Base64.urlsafe_encode64(raw_token)
  end
end

.matching_usernames(query) ⇒ Object

# File 'backend/app/model/dbauth.rb', line 56

def self.matching_usernames(query)
  DB.open do |db|
    query = query.gsub(/[%]/, '').downcase
    db[:auth_db].left_outer_join(:user, :username => :username).
                 filter(Sequel.~(:is_system_user => 1)).
                 filter(Sequel.like(Sequel.function(:lower, :auth_db__username),
                                    "#{query}%")).
      select(:auth_db__username).
      limit(AppConfig[:max_usernames_per_source].to_i).
      map {|row| row[:username]}
  end
end

.set_password(username, password) ⇒ Object

# File 'backend/app/model/dbauth.rb', line 9

def self.set_password(username, password)
  pwhash = Password.create(password)
  username = username.downcase

  DB.open do |db|
    DB.attempt {
      db[:auth_db].insert(:username => username,
                          :pwhash => pwhash,
                          :create_time => Time.now,
                          :system_mtime => Time.now)
    }.and_if_constraint_fails {
      db[:auth_db].
      filter(:username => username).
      update(:username => username,
             :pwhash => pwhash,
             :system_mtime => Time.now)
    }
  end
end