forked from OpenNeo/impress
Emi Matchu
58d86cf3ac
Oh right, if you can remove your email, there's a way to fully lock out your account: 1. Create account via NeoPass, so no password is set. 2. Ensure you have an email saved, then disconnect NeoPass. 3. Remove the email. 4. Now you have no NeoPass, no email, and no password! In this change, we add a validation that requires an account to always have at least one login method. This works well for the case described above, and also helps offer server-side validation to the "can't disconnect NeoPass until you have an email and password" stuff that previously was only enforced by disabling the button. That is, the following procedure could also lock you out before, whereas now it raises the "Whoops, there was an error disconnecting your NeoPass from your account, sorry." message: 1. Create account via NeoPass, so no password is set. 2. Ensure you have an email saved, so "Disconnect" button is enabled. 3. Open a new browser tab, and remove the email. 4. In the original browser tab, click "Disconnect".
216 lines
No EOL
8.1 KiB
Ruby
216 lines
No EOL
8.1 KiB
Ruby
class AuthUser < AuthRecord
|
|
self.table_name = 'users'
|
|
|
|
devise :database_authenticatable, :encryptable, :registerable, :validatable,
|
|
:rememberable, :trackable, :recoverable, :omniauthable,
|
|
omniauth_providers: [:neopass]
|
|
|
|
validates :name, presence: true, uniqueness: {case_sensitive: false},
|
|
length: {maximum: 30}
|
|
|
|
validates :uid, uniqueness: {scope: :provider, allow_nil: true}
|
|
|
|
validate :has_at_least_one_login_method
|
|
|
|
has_one :user, foreign_key: :remote_id, inverse_of: :auth_user
|
|
|
|
# If the email is blank, ensure that it's `nil` rather than an empty string,
|
|
# or else the database's uniqueness constraint will object to multiple users
|
|
# who all have the empty string as their email.
|
|
before_validation { self.email = nil if email.blank? }
|
|
|
|
# It's important to keep AuthUser and User in sync. When we create an AuthUser
|
|
# (e.g. through the registration process), we create a matching User, too. And
|
|
# when the AuthUser's name changes, we update User to match.
|
|
#
|
|
# TODO: Should we sync deletions too? We don't do deletions anywhere in app
|
|
# right now, so I'll hold off to avoid leaving dead code around.
|
|
after_create :create_user!
|
|
after_update :sync_name_with_user!, if: :saved_change_to_name?
|
|
|
|
def create_user!
|
|
User.create!(name: name, auth_server_id: 1, remote_id: id)
|
|
end
|
|
|
|
def sync_name_with_user!
|
|
user.name = name
|
|
user.save!
|
|
end
|
|
|
|
def uses_omniauth?
|
|
provider? && uid?
|
|
end
|
|
|
|
def email_required?
|
|
# Email is required when creating a new account from scratch, but it isn't
|
|
# required when creating a new account via third-party login (e.g. it's
|
|
# already taken). It's also okay to remove your email address, though this
|
|
if new_record?
|
|
# When creating a new account, email is required when building it from
|
|
# scratch, but not required when using third-party login. This is mainly
|
|
# because third-party login can't reliably offer an unused email!
|
|
!uses_omniauth?
|
|
else
|
|
# TODO: I had wanted to make email required if you already have one, to
|
|
# make it harder to accidentally remove? I expected
|
|
# `email_before_last_save` to be the way to check this, but it
|
|
# seemed to be `nil` when calling this, go figure! For now, we're
|
|
# allowing email to be removed.
|
|
#
|
|
# NOTE: This is important for the case where you're disconnecting a
|
|
# NeoPass, but you don't have an email set, because your NeoPass
|
|
# email already belonged to another account. I don't think it makes
|
|
# sense to require people to add an alternate real email address in
|
|
# order to be able to disconnect a NeoPass from a DTI account they
|
|
# maybe even created by accident!
|
|
false
|
|
end
|
|
end
|
|
|
|
def password_required?
|
|
super && !uses_omniauth?
|
|
end
|
|
|
|
def uses_neopass?
|
|
provider == "neopass"
|
|
end
|
|
|
|
def neopass_friendly_id
|
|
neopass_email || uid
|
|
end
|
|
|
|
def uses_password?
|
|
encrypted_password?
|
|
end
|
|
|
|
def update_with_password(params)
|
|
# If this account already uses passwords, use Devise's default behavior.
|
|
return super(params) if uses_password?
|
|
|
|
# Otherwise, we implement similar logic, but skipping the check for
|
|
# `current_password`: Bulk-assign most attributes, but only set the
|
|
# password if it's non-empty.
|
|
self.attributes = params.except(:password, :password_confirmation,
|
|
:current_password)
|
|
if params[:password].present?
|
|
self.password = params[:password]
|
|
self.password_confirmation = params[:password_confirmation]
|
|
end
|
|
|
|
self.save
|
|
end
|
|
|
|
def connect_omniauth!(auth)
|
|
raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?
|
|
|
|
begin
|
|
update!(provider: auth.provider, uid: auth.uid,
|
|
neopass_email: auth.info.email)
|
|
rescue ActiveRecord::RecordInvalid
|
|
# If this auth is already bound to another account, raise a specific
|
|
# error about it, instead of the normal error.
|
|
if errors.where(:uid).any? { |e| e.type == :taken }
|
|
raise AuthAlreadyConnected, "there's already an account with " +
|
|
"provider #{auth.provider}, uid #{auth.uid}"
|
|
end
|
|
raise
|
|
end
|
|
end
|
|
|
|
def disconnect_neopass
|
|
# If there's no NeoPass, we're already done!
|
|
return true if !uses_neopass?
|
|
|
|
begin
|
|
# Remove all of the NeoPass fields, and return whether we were
|
|
# successful. (I don't know why it wouldn't be, but let's be resilient!)
|
|
#
|
|
# NOTE: I considered leaving `neopass_email` in place, to help us support
|
|
# users who accidentally got locked out… but I think it's more
|
|
# important to respect data privacy and not be holding onto an
|
|
# email address the user doesn't realize we have!
|
|
update(provider: nil, uid: nil, neopass_email: nil)
|
|
rescue => error
|
|
# If something strange happens, log it and gracefully return `false`!
|
|
Sentry.capture_exception error
|
|
Rails.logger.error error
|
|
false
|
|
end
|
|
end
|
|
|
|
def has_at_least_one_login_method
|
|
if !uses_password? && !email? && !uses_neopass?
|
|
errors.add(:base, "You must have either a password, an email, or a " +
|
|
"NeoPass. Otherwise, you can't log in!")
|
|
end
|
|
end
|
|
|
|
def self.find_by_omniauth(auth)
|
|
find_by(provider: auth.provider, uid: auth.uid)
|
|
end
|
|
|
|
def self.from_omniauth(auth)
|
|
raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?
|
|
|
|
transaction do
|
|
find_or_create_by!(provider: auth.provider, uid: auth.uid) do |user|
|
|
# This account is new! Let's do the initial setup.
|
|
|
|
# TODO: Can we somehow get the Neopets username if one exists, instead
|
|
# of just using total randomness?
|
|
user.name = build_unique_username
|
|
|
|
# Copy the email address from their Neopets account to their DTI
|
|
# account, unless they already have a DTI account with this email, in
|
|
# which case, ignore it. (It's primarily for their own convenience with
|
|
# password recovery!)
|
|
email_exists = AuthUser.where(email: auth.info.email).exists?
|
|
user.email = auth.info.email unless email_exists
|
|
|
|
# Additionally, regardless of whether we save it as `email`, we also
|
|
# save the email address as `neopass_email`, to use in the Settings UI
|
|
# to indicate what NeoPass you're linked to.
|
|
user.neopass_email = auth.info.email
|
|
end.tap do |user|
|
|
# If this account already existed, make sure we've saved the latest
|
|
# email to `neopass_email`. (In practice, this *shouldn't* ever change
|
|
# after initial setup, because NeoPass emails are immutable? But why
|
|
# not be resilient!)
|
|
unless user.previously_new_record?
|
|
user.update!(neopass_email: auth.info.email)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
def self.build_unique_username
|
|
# Start with a base name like "neopass-kougra-".
|
|
random_species_name = Species.all.pluck(:name).sample
|
|
base_name = "neopass-#{random_species_name}"
|
|
|
|
# Fetch the list of names that already start with that.
|
|
name_query = sanitize_sql_like(base_name) + "%"
|
|
similar_names = where("name LIKE ?", name_query).pluck(:name).to_set
|
|
|
|
# Shuffle the list of four-digit numbers to create 10000 possible names,
|
|
# then use the first one that's not already claimed.
|
|
potential_names = (0..9999).map { |n| "#{base_name}-#{n}" }.shuffle
|
|
name = potential_names.find { |name| !similar_names.include?(name) }
|
|
return name unless name.nil?
|
|
|
|
# If that failed, try again but with six digits.
|
|
potential_names = (0..999999).map { |n| "#{base_name}-#{n}" }.shuffle
|
|
name = potential_names.find { |name| !similar_names.include?(name) }
|
|
return name unless name.nil?
|
|
|
|
# If *that* failed, then golly gee, we have millions of NeoPass users
|
|
# running around using the default username. Good for us, I guess?? If so,
|
|
# uhh, let's cross that bridge when we come to it. (At time of writing,
|
|
# there are about 60k total registered DTI users at *all*.)
|
|
raise "Failed to build unique username (all million+ names starting with " +
|
|
"\"#{base_name}\" are taken??)"
|
|
end
|
|
|
|
class AuthAlreadyConnected < ArgumentError;end
|
|
class MissingAuthInfoError < ArgumentError;end
|
|
end |