added eeid auth

Author: OlegPhenomenon

Gemfile

@@ -39,6 +39,9 @@ gem 'net-smtp', require: false
 gem 'net-imap', require: false
 gem 'net-pop', require: false
 gem "apipie-rails", "~> 1.2.0"
+gem 'omniauth', '>=2.0.0'
+gem 'omniauth-rails_csrf_protection'
+gem 'omniauth-tara', github: 'internetee/omniauth-tara'
 
 # Use Rack CORS for handling Cross-Origin Resource Sharing (CORS), making cross-origin AJAX possible
 # gem 'rack-cors'

app/controllers/auth/tara_controller.rb

@@ -0,0 +1,51 @@
+# rubocop:disable Metrics
+
+module Auth
+  class TaraController < ParentController
+    allow_unauthenticated
+
+    def callback
+      expires_now
+
+      unless in_white_list?
+        flash[:alert] = I18n.t('.access_denied')
+        redirect_to sign_in_path, status: :see_other and return
+      end
+
+      session[:omniauth_hash] = user_hash.delete_if { |key, _| key == 'credentials' }
+      @user = User.from_omniauth(user_hash)
+      @user.save! && @user.reload
+
+      @app_session = create_app_session
+
+      if @app_session
+        log_in @app_session
+        set_current_session
+
+        redirect_to root_path, status: :see_other
+      else
+        flash[:alert] = I18n.t('.incorrect_details')
+        render 'dashboard/index', status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def in_white_list?
+      WhiteCode.find_by(code: user_hash['uid'].slice(2..-1)).present?
+    end
+
+    def set_current_session
+      Current.user = @user
+      flash[:notice] = I18n.t('.success')
+    end
+
+    def user_hash
+      request.env['omniauth.auth']
+    end
+
+    def create_app_session
+      @user.app_sessions.create
+    end
+  end
+end

app/controllers/concerns/authenticate.rb

@@ -0,0 +1,72 @@
+module Authenticate
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :authenticate
+    before_action :need_to_login, unless: :logged_in?
+
+    helper_method :logged_in?
+    helper_method :current_user
+  end
+
+  class_methods do
+    def skip_authentication(**options)
+      skip_before_action :authenticate, options
+      skip_before_action :need_to_login, options
+    end
+
+    def allow_unauthenticated(**options)
+      skip_before_action :need_to_login, options
+    end
+  end
+
+  protected
+
+  def log_in(app_session, remember_me: false)
+    if remember_me
+      cookies.encrypted.permanent[:app_session] = {
+        value: app_session.to_h
+      }
+    else
+      cookies.signed[:app_session] = {
+        value: app_session.to_h,
+        expires: 1.day
+      }
+    end
+  end
+
+  def logout
+    Current&.app_session&.destroy
+  end
+
+  def logged_in?
+    Current.user.present?
+  end
+
+  def current_user
+    Current.user
+  end
+
+  private
+
+  def need_to_login
+    flash[:notice] = t('login_required')
+    render 'sessions/new', status: :unauthorized
+  end
+
+  def authenticate
+    cookie = cookies.encrypted[:app_session]&.with_indifferent_access
+    cookie = cookies.signed[:app_session]&.with_indifferent_access if cookie.nil?
+
+    return nil if cookie.nil?
+
+    user = User.find(cookie[:user_id])
+    app_session = user&.authenticate_session_token(cookie[:app_session], cookie[:token])
+
+    Current.user = app_session&.user
+    Current.app_session = app_session
+  rescue NoMatchingPatternError, ActiveRecord::RecordNotFound
+    Current.user = nil
+    Current.app_session = nil
+  end
+end

app/controllers/dashboard_controller.rb

@@ -1,6 +1,4 @@
 class DashboardController < ParentController
-  before_action :require_user_logged_in!
-
   def index
     @pagy, @invoices = pagy(Invoice.search(params),
                             items: params[:per_page] ||= 25,

app/controllers/dashboards/invoice_status_controller.rb

@@ -1,6 +1,4 @@
 class Dashboards::InvoiceStatusController < ParentController
-  before_action :require_user_logged_in!
-
   def update
     @invoice = Invoice.find(params[:id])
     temporary_unavailable and return unless @invoice.registry?

app/controllers/everypay_controller.rb

@@ -1,6 +1,4 @@
 class EverypayController < ParentController
-  before_action :require_user_logged_in!
-
   def index; end
 
   def everypay_data

app/controllers/invoice_details/descriptions_controller.rb

@@ -1,6 +1,4 @@
 class InvoiceDetails::DescriptionsController < ParentController
-  before_action :require_user_logged_in!
-
   def show
     @description = Invoice.find(params[:id])&.description
   end

app/controllers/invoice_details/directo_controller.rb

@@ -1,8 +1,5 @@
 class InvoiceDetails::DirectoController < ParentController
   require 'rexml/document'
-
-  before_action :require_user_logged_in!
-
   def show
     directo = Invoice.find(params[:id])
 

app/controllers/invoice_details/everypay_response_controller.rb

@@ -1,6 +1,4 @@
 class InvoiceDetails::EverypayResponseController < ParentController
-  before_action :require_user_logged_in!
-
   def show
     everypay = Invoice.find(params[:id])
     @everypay = everypay.everypay_response

app/controllers/invoice_details/payment_references_controller.rb

@@ -1,6 +1,4 @@
 class InvoiceDetails::PaymentReferencesController < ParentController
-  before_action :require_user_logged_in!
-
   def show
     @payment_reference = Invoice.find(params[:id])&.payment_reference
   end