valexl/auth_bitrix.rb Secret

## auth_bitrix.rb
class VAlexL::RCCW::Auth::Bitrix
  attr_reader :company

  def initialize(company, bitrix_user_attrs)
    @company = company
    @bitrix_user_attrs = bitrix_user_attrs
  end

  def sign_in_to_bitrix?
    @bitrix_user_attrs.present?
  end

  def current_user
    return nil unless sign_in_to_bitrix?
    return @current_user if @current_user

    @current_user = company.users.find_or_initialize_by email: @bitrix_user_attrs[:email].downcase
    @current_user.bitrix_user_id = @bitrix_user_attrs[:user_id]

    if @current_user.name.blank?
      @current_user.name, @current_user.lastname = @bitrix_user_attrs[:login].split(".")
    end

    @current_user.save if @current_user.new_record? || @current_user.changed?
    @current_user
  end

end

## auth_main.rb
class VAlexL::RCCW::Auth::Main

  def initialize(company, session)
    @company       = company
    @session       = session.clone
    @bitrix_auth   = VAlexL::RCCW::Auth::Bitrix.new @company, @session[:bitrix_user]
    @manually_auth = VAlexL::RCCW::Auth::Manually.new @company, id: @session[:user_id]
  end

  def user_sign_in?
    return true  if @bitrix_auth.sign_in_to_bitrix? && current_user.present?
    return false if time_of_session_is_up? # if there is not any information about user in memchache or if there is information that user is logged of
                                           # then get infromation about current user session
    current_user.present?
  end

  def current_user
    @current_user ||= @manually_auth.current_user
    @current_user ||= @bitrix_auth.current_user

    return nil if @current_user.blank? || @current_user.is_inactive?
    @current_user
  end

  private
    def time_of_session_is_up?
      return false unless last_touch_either_blank_or_was_24_hours_ago?
      Rails.logger.info '------------**************-------------'
      Rails.logger.info '#### The time of session is up ####'
      Rails.logger.info '------------**************-------------'
      true
    end

    def last_touch_either_blank_or_was_24_hours_ago?
      return true if @session[:last_touch].blank?
      @session[:last_touch].to_time < Time.now - 24.hours
    end
end

## auth_manualy.rb
class VAlexL::RCCW::Auth::Manually
  # check current session state
  include ActiveModel::Validations

  attr_reader :company, :password, :email, :user_id

  def initialize(company, user_auth_data)
    @company  = company
    @user_id  = user_auth_data[:id]
    @email    = user_auth_data[:email]

    @password = user_auth_data[:password]
  end

  def check_permission!
    return true if access_is_allowed? && is_user_active?
    errors.add(:base, I18n.t('activerecord.errors.libs.auth.access_denied')) unless access_is_allowed?
    errors.add(:base, I18n.t('activerecord.errors.libs.auth.inactive_user')) if access_is_allowed? && not(is_user_active?)
    false
  end

  def current_use
    return @current_user if @current_user.present?
    @current_user   = User.server_admins.find_by_id user_id
    @current_user ||= User.server_admins.find_by_email email
    if company.present?
      @current_user ||= company.users.find_by_id user_id
      @current_user ||= company.users.find_by_email email
    end
    @current_user
  end

  private
    def access_is_allowed?
      current_user.present? && valid_password?
    end

    def valid_password?
      return false if current_user.encrypted_password.blank?
      bcrypt       = ::BCrypt::Password.new(current_user.encrypted_password)
      eng_password = ::BCrypt::Engine.hash_secret("#{password}", bcrypt.salt)
      secure_compare(eng_password, current_user.encrypted_password)
    end

    def secure_compare(a, b)
      return false if a.blank? || b.blank? || a.bytesize != b.bytesize
      l = a.unpack "C#{a.bytesize}"

      res = 0
      b.each_byte { |byte| res |= byte ^ l.shift }
      res == 0
    end

    def is_user_active?
      return true if current_user.blank? || current_user.is_active?
      false
    end


end
	class VAlexL::RCCW::Auth::Bitrix
	attr_reader :company

	def initialize(company, bitrix_user_attrs)
	@company = company
	@bitrix_user_attrs = bitrix_user_attrs
	end

	def sign_in_to_bitrix?
	@bitrix_user_attrs.present?
	end

	def current_user
	return nil unless sign_in_to_bitrix?
	return @current_user if @current_user

	@current_user = company.users.find_or_initialize_by email: @bitrix_user_attrs[:email].downcase
	@current_user.bitrix_user_id = @bitrix_user_attrs[:user_id]

	if @current_user.name.blank?
	@current_user.name, @current_user.lastname = @bitrix_user_attrs[:login].split(".")
	end

	@current_user.save if @current_user.new_record? \|\| @current_user.changed?
	@current_user
	end

	end
	class VAlexL::RCCW::Auth::Main

	def initialize(company, session)
	@company = company
	@session = session.clone
	@bitrix_auth = VAlexL::RCCW::Auth::Bitrix.new @company, @session[:bitrix_user]
	@manually_auth = VAlexL::RCCW::Auth::Manually.new @company, id: @session[:user_id]
	end

	def user_sign_in?
	return true if @bitrix_auth.sign_in_to_bitrix? && current_user.present?
	return false if time_of_session_is_up? # if there is not any information about user in memchache or if there is information that user is logged of
	# then get infromation about current user session
	current_user.present?
	end

	def current_user
	@current_user \|\|= @manually_auth.current_user
	@current_user \|\|= @bitrix_auth.current_user

	return nil if @current_user.blank? \|\| @current_user.is_inactive?
	@current_user
	end

	private
	def time_of_session_is_up?
	return false unless last_touch_either_blank_or_was_24_hours_ago?
	Rails.logger.info '------------**************-------------'
	Rails.logger.info '#### The time of session is up ####'
	Rails.logger.info '------------**************-------------'
	true
	end

	def last_touch_either_blank_or_was_24_hours_ago?
	return true if @session[:last_touch].blank?
	@session[:last_touch].to_time < Time.now - 24.hours
	end
	end
	class VAlexL::RCCW::Auth::Manually
	# check current session state
	include ActiveModel::Validations

	attr_reader :company, :password, :email, :user_id

	def initialize(company, user_auth_data)
	@company = company
	@user_id = user_auth_data[:id]
	@email = user_auth_data[:email]

	@password = user_auth_data[:password]
	end

	def check_permission!
	return true if access_is_allowed? && is_user_active?
	errors.add(:base, I18n.t('activerecord.errors.libs.auth.access_denied')) unless access_is_allowed?
	errors.add(:base, I18n.t('activerecord.errors.libs.auth.inactive_user')) if access_is_allowed? && not(is_user_active?)
	false
	end

	def current_use
	return @current_user if @current_user.present?
	@current_user = User.server_admins.find_by_id user_id
	@current_user \|\|= User.server_admins.find_by_email email
	if company.present?
	@current_user \|\|= company.users.find_by_id user_id
	@current_user \|\|= company.users.find_by_email email
	end
	@current_user
	end

	private
	def access_is_allowed?
	current_user.present? && valid_password?
	end

	def valid_password?
	return false if current_user.encrypted_password.blank?
	bcrypt = ::BCrypt::Password.new(current_user.encrypted_password)
	eng_password = ::BCrypt::Engine.hash_secret("#{password}", bcrypt.salt)
	secure_compare(eng_password, current_user.encrypted_password)
	end

	def secure_compare(a, b)
	return false if a.blank? \|\| b.blank? \|\| a.bytesize != b.bytesize
	l = a.unpack "C#{a.bytesize}"

	res = 0
	b.each_byte { \|byte\| res \|= byte ^ l.shift }
	res == 0
	end

	def is_user_active?
	return true if current_user.blank? \|\| current_user.is_active?
	false
	end


	end