2016-11-15 16:56:29 +01:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-02-20 22:53:20 +01:00
|
|
|
class ApplicationController < ActionController::Base
|
|
|
|
# Prevent CSRF attacks by raising an exception.
|
|
|
|
# For APIs, you may want to use :null_session instead.
|
|
|
|
protect_from_forgery with: :exception
|
2016-03-25 14:12:24 +01:00
|
|
|
|
2017-04-08 02:30:50 +02:00
|
|
|
include Localized
|
2017-04-30 00:28:16 +02:00
|
|
|
include UserTrackingConcern
|
2018-05-11 13:20:58 +02:00
|
|
|
include SessionTrackingConcern
|
2019-07-21 22:32:16 +02:00
|
|
|
include CacheConcern
|
2019-07-30 11:10:46 +02:00
|
|
|
include DomainControlHelper
|
2023-07-12 17:06:00 +02:00
|
|
|
include DatabaseHelper
|
2023-09-01 15:41:10 +02:00
|
|
|
include AuthorizedFetchHelper
|
2023-10-23 17:46:21 +02:00
|
|
|
include SelfDestructHelper
|
2017-04-16 12:51:30 +02:00
|
|
|
|
|
|
|
helper_method :current_account
|
2017-06-25 23:51:32 +02:00
|
|
|
helper_method :current_session
|
2017-09-19 16:36:23 +02:00
|
|
|
helper_method :current_theme
|
2017-04-16 12:51:30 +02:00
|
|
|
helper_method :single_user_mode?
|
2018-02-28 19:04:53 +01:00
|
|
|
helper_method :use_seamless_external_login?
|
2023-03-17 10:09:01 +01:00
|
|
|
helper_method :omniauth_only?
|
|
|
|
helper_method :sso_account_settings
|
2023-08-02 19:32:48 +02:00
|
|
|
helper_method :limited_federation_mode?
|
2023-04-23 22:35:54 +02:00
|
|
|
helper_method :body_class_string
|
2023-04-25 16:51:38 +02:00
|
|
|
helper_method :skip_csrf_meta_tags?
|
2016-08-24 17:56:44 +02:00
|
|
|
|
2021-05-05 19:44:35 +02:00
|
|
|
rescue_from ActionController::ParameterMissing, Paperclip::AdapterRegistry::NoHandlerError, with: :bad_request
|
2017-11-11 20:23:33 +01:00
|
|
|
rescue_from Mastodon::NotPermittedError, with: :forbidden
|
2021-05-05 19:44:35 +02:00
|
|
|
rescue_from ActionController::RoutingError, ActiveRecord::RecordNotFound, with: :not_found
|
|
|
|
rescue_from ActionController::UnknownFormat, with: :not_acceptable
|
|
|
|
rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
|
2020-03-08 15:17:39 +01:00
|
|
|
rescue_from Mastodon::RateLimitExceededError, with: :too_many_requests
|
2016-09-08 02:40:51 +02:00
|
|
|
|
2021-05-05 19:44:35 +02:00
|
|
|
rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error
|
2021-07-21 18:34:39 +02:00
|
|
|
rescue_from Mastodon::RaceConditionError, Stoplight::Error::RedLight, ActiveRecord::SerializationFailure, with: :service_unavailable
|
|
|
|
|
|
|
|
rescue_from Seahorse::Client::NetworkingError do |e|
|
|
|
|
Rails.logger.warn "Storage server error: #{e}"
|
|
|
|
service_unavailable
|
|
|
|
end
|
2021-05-05 19:44:35 +02:00
|
|
|
|
2023-10-23 17:46:21 +02:00
|
|
|
before_action :check_self_destruct!
|
|
|
|
|
2023-04-25 16:51:38 +02:00
|
|
|
before_action :store_referrer, except: :raise_not_found, if: :devise_controller?
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
|
|
|
before_action :require_functional!, if: :user_signed_in?
|
2016-10-02 17:11:08 +02:00
|
|
|
|
2023-04-23 22:27:24 +02:00
|
|
|
before_action :set_cache_control_defaults
|
|
|
|
|
2019-08-16 02:08:35 +02:00
|
|
|
skip_before_action :verify_authenticity_token, only: :raise_not_found
|
|
|
|
|
2016-09-08 02:40:51 +02:00
|
|
|
def raise_not_found
|
2016-09-29 21:28:21 +02:00
|
|
|
raise ActionController::RoutingError, "No route matches #{params[:unmatched_route]}"
|
2016-09-08 02:40:51 +02:00
|
|
|
end
|
|
|
|
|
2016-10-02 17:11:08 +02:00
|
|
|
private
|
|
|
|
|
2019-07-11 20:11:09 +02:00
|
|
|
def public_fetch_mode?
|
|
|
|
!authorized_fetch_mode?
|
|
|
|
end
|
|
|
|
|
2023-04-25 16:51:38 +02:00
|
|
|
def store_referrer
|
|
|
|
return if request.referer.blank?
|
|
|
|
|
|
|
|
redirect_uri = URI(request.referer)
|
|
|
|
return if redirect_uri.path.start_with?('/auth')
|
|
|
|
|
|
|
|
stored_url = redirect_uri.to_s if redirect_uri.host == request.host && redirect_uri.port == request.port
|
|
|
|
|
|
|
|
store_location_for(:user, stored_url)
|
2016-10-02 17:11:08 +02:00
|
|
|
end
|
|
|
|
|
Change unconfirmed user login behaviour (#11375)
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
2019-07-22 10:48:50 +02:00
|
|
|
def require_functional!
|
|
|
|
redirect_to edit_user_registration_path unless current_user.functional?
|
2016-12-06 18:03:30 +01:00
|
|
|
end
|
|
|
|
|
2023-04-25 16:51:38 +02:00
|
|
|
def skip_csrf_meta_tags?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2017-08-05 04:24:58 +02:00
|
|
|
def after_sign_out_path_for(_resource_or_scope)
|
2023-03-15 03:52:40 +01:00
|
|
|
if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true'
|
|
|
|
'/auth/auth/openid_connect/logout'
|
|
|
|
else
|
|
|
|
new_user_session_path
|
|
|
|
end
|
2017-08-05 04:24:58 +02:00
|
|
|
end
|
|
|
|
|
2016-08-18 17:13:41 +02:00
|
|
|
protected
|
|
|
|
|
2018-09-09 04:10:44 +02:00
|
|
|
def truthy_param?(key)
|
|
|
|
ActiveModel::Type::Boolean.new.cast(params[key])
|
|
|
|
end
|
|
|
|
|
2017-05-01 22:24:36 +02:00
|
|
|
def forbidden
|
|
|
|
respond_with_error(403)
|
2016-09-08 02:40:51 +02:00
|
|
|
end
|
|
|
|
|
2017-05-01 22:24:36 +02:00
|
|
|
def not_found
|
|
|
|
respond_with_error(404)
|
2017-01-15 00:30:23 +01:00
|
|
|
end
|
|
|
|
|
2017-05-01 22:24:36 +02:00
|
|
|
def gone
|
|
|
|
respond_with_error(410)
|
2017-04-23 05:21:10 +02:00
|
|
|
end
|
|
|
|
|
2017-01-15 00:30:23 +01:00
|
|
|
def unprocessable_entity
|
2017-05-01 22:24:36 +02:00
|
|
|
respond_with_error(422)
|
2016-10-05 13:26:44 +02:00
|
|
|
end
|
|
|
|
|
2018-05-26 01:09:30 +02:00
|
|
|
def not_acceptable
|
|
|
|
respond_with_error(406)
|
|
|
|
end
|
|
|
|
|
2019-08-30 01:34:47 +02:00
|
|
|
def bad_request
|
|
|
|
respond_with_error(400)
|
|
|
|
end
|
|
|
|
|
2019-08-18 18:04:18 +02:00
|
|
|
def internal_server_error
|
|
|
|
respond_with_error(500)
|
|
|
|
end
|
|
|
|
|
2019-08-30 01:34:47 +02:00
|
|
|
def service_unavailable
|
|
|
|
respond_with_error(503)
|
|
|
|
end
|
|
|
|
|
2020-03-08 15:17:39 +01:00
|
|
|
def too_many_requests
|
|
|
|
respond_with_error(429)
|
|
|
|
end
|
|
|
|
|
2017-04-15 16:46:27 +02:00
|
|
|
def single_user_mode?
|
2024-03-13 15:11:23 +01:00
|
|
|
@single_user_mode ||= Rails.configuration.x.single_user_mode && Account.without_internal.exists?
|
2017-04-15 16:46:27 +02:00
|
|
|
end
|
|
|
|
|
2018-02-28 19:04:53 +01:00
|
|
|
def use_seamless_external_login?
|
|
|
|
Devise.pam_authentication || Devise.ldap_authentication
|
2018-02-02 10:18:55 +01:00
|
|
|
end
|
|
|
|
|
2023-03-17 10:09:01 +01:00
|
|
|
def omniauth_only?
|
|
|
|
ENV['OMNIAUTH_ONLY'] == 'true'
|
|
|
|
end
|
|
|
|
|
|
|
|
def sso_account_settings
|
2023-04-24 20:26:04 +02:00
|
|
|
ENV.fetch('SSO_ACCOUNT_SETTINGS', nil)
|
2023-03-17 10:09:01 +01:00
|
|
|
end
|
|
|
|
|
2016-08-18 17:13:41 +02:00
|
|
|
def current_account
|
2019-06-25 20:18:15 +02:00
|
|
|
return @current_account if defined?(@current_account)
|
|
|
|
|
|
|
|
@current_account = current_user&.account
|
2016-08-18 17:13:41 +02:00
|
|
|
end
|
2016-11-29 15:49:39 +01:00
|
|
|
|
2017-06-25 23:51:32 +02:00
|
|
|
def current_session
|
2019-06-25 20:18:15 +02:00
|
|
|
return @current_session if defined?(@current_session)
|
|
|
|
|
|
|
|
@current_session = SessionActivation.find_by(session_id: cookies.signed['_session_id']) if cookies.signed['_session_id'].present?
|
2017-06-25 23:51:32 +02:00
|
|
|
end
|
|
|
|
|
2017-09-19 16:36:23 +02:00
|
|
|
def current_theme
|
2018-08-23 14:17:35 +02:00
|
|
|
return Setting.theme unless Themes.instance.names.include? current_user&.setting_theme
|
2023-02-20 06:58:28 +01:00
|
|
|
|
2017-09-19 16:36:23 +02:00
|
|
|
current_user.setting_theme
|
|
|
|
end
|
|
|
|
|
2023-04-23 22:35:54 +02:00
|
|
|
def body_class_string
|
|
|
|
@body_classes || ''
|
|
|
|
end
|
|
|
|
|
2017-04-21 18:11:20 +02:00
|
|
|
def respond_with_error(code)
|
2019-12-30 04:38:18 +01:00
|
|
|
respond_to do |format|
|
|
|
|
format.any { render "errors/#{code}", layout: 'error', status: code, formats: [:html] }
|
|
|
|
format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[code] }, status: code }
|
|
|
|
end
|
2017-04-21 18:11:20 +02:00
|
|
|
end
|
2023-04-23 22:27:24 +02:00
|
|
|
|
2023-10-23 17:46:21 +02:00
|
|
|
def check_self_destruct!
|
|
|
|
return unless self_destruct?
|
|
|
|
|
|
|
|
respond_to do |format|
|
|
|
|
format.any { render 'errors/self_destruct', layout: 'auth', status: 410, formats: [:html] }
|
2024-02-26 23:43:07 +01:00
|
|
|
format.json { render json: { error: Rack::Utils::HTTP_STATUS_CODES[410] }, status: 410 }
|
2023-10-23 17:46:21 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-04-23 22:27:24 +02:00
|
|
|
def set_cache_control_defaults
|
|
|
|
response.cache_control.replace(private: true, no_store: true)
|
|
|
|
end
|
2016-02-20 22:53:20 +01:00
|
|
|
end
|