search

kandanapp / kandan

Kandan is an Open Source Alternative to HipChat
GNU Affero General Public License v3.0
2.72k stars 407 forks source link

Fixed current user list not being updated when user logs in #326

Closed scouttyg closed 10 years ago

scouttyg commented 10 years ago

This pull request fixes issue #270

scouttyg commented 10 years ago

Some time ago, Devise got rid of their module "Token Authenticatable" (see here: https://github.com/plataformatec/devise/issues/2616). The issue is, Kandan relies on the authentication_token to keep track of users connecting / disconnecting. See:

faye.js.coffee:

    authExtension = {
      outgoing: (message, callback)->
        if message.channel == "/meta/subscribe"
          message['ext'] = {
            auth_token: Kandan.Helpers.Users.currentUser().auth_token
          }
        callback(message)
    }

Kandan.Helpers.Users.currentUser() checks $.data(document, 'current-user'), which is added in application.html.erb as:

  <%- if user_signed_in? %>
    <%= javascript_tag do %>
      $.data(document, "current-user", <%= current_user_data.to_json.html_safe %>);
    <% end %>
  <%- end %>

Which references Application helper as:

module ApplicationHelper
  def current_user_data
    current_user_data = {
      :id            => current_user.id,
      :first_name    => current_user.first_name,
      :last_name     => current_user.last_name,
      :email         => current_user.email,
      :username      => current_user.username,
      :auth_token    => current_user.authentication_token,
      :gravatar_hash => current_user.gravatar_hash,
      :avatar_url    => current_user.avatar_url
    }
  end
end

The issue is, auth_token won't be there for any version of Devise after they removed the Token Authenticatable" module. This means message['ext'] wont contain the auth token, which means in devise_auth.rb:

class DeviseAuth
  def incoming(message, callback)
    if message['channel'] == "/meta/subscribe"
      auth_token = message['ext']['auth_token']
      user = User.find_by_authentication_token(auth_token)
      if user
        ActiveUsers.add(message['clientId'], user) # if not meta_channels?(message['subscription'])
        return callback.call(message) 
      else
        message['error'] = "Invalid auth token"
      end
    end
    # puts "Message: #{message.inspect}"
    callback.call(message)
  end

  # def meta_channels?(channel)
    #if ("/app/activities" =~ /\/app\/.*/ || "/app/activities" =~ /\/app\/.*/
  # end

  #TODO disable publishing by users or use only user-published msgs
end

It wont add a user to Active Users because message['ext']['auth_token'] wont be there, which means `User.find_by_authentication_token(nil) will cause a bunch of issues. This means you won't get a message that a user has connected when they have, you won't have an active user list, and a whole bunch of quirky behavior.