mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.1 KiB
38 lines
1.1 KiB
# frozen_string_literal: true
|
|
|
|
module IframeAuthentication
|
|
extend ActiveSupport::Concern
|
|
|
|
private
|
|
|
|
# Custom authentication for iframe context
|
|
# AJAX requests from Vue components don't include the auth token that's in the iframe URL,
|
|
# so we extract it from the HTTP referer header as a fallback
|
|
def authenticate_from_referer
|
|
return if signed_in?
|
|
|
|
token = params[:auth_token] || session[:auth_token] || request.headers['X-Auth-Token']
|
|
|
|
# If no token found, extract from referer URL (iframe page has the token)
|
|
if token.blank? && request.referer.present?
|
|
referer_uri = URI.parse(request.referer)
|
|
referer_params = CGI.parse(referer_uri.query || '')
|
|
token = referer_params['auth_token']&.first
|
|
end
|
|
|
|
if token.present?
|
|
sha256 = Digest::SHA256.hexdigest(token)
|
|
user = User.joins(:access_token).active.find_by(access_token: { sha256: sha256 })
|
|
|
|
return unless user
|
|
|
|
sign_in(user)
|
|
session[:auth_token] = token
|
|
return
|
|
end
|
|
|
|
Rails.logger.error "#{self.class.name}: Authentication failed"
|
|
render json: { error: 'Authentication required' }, status: :unauthorized
|
|
end
|
|
end
|