require 'active_record' require 'cartodb-common' require 'securerandom' require_relative 'user_service' require_relative 'user_db_service' require_relative 'synchronization_oauth' require_relative '../../helpers/data_services_metrics_helper' require_dependency 'carto/helpers/auth_token_generator' require_dependency 'carto/helpers/user_commons' # TODO: This probably has to be moved as the service of the proper User Model class Carto::User < ActiveRecord::Base extend Forwardable include DataServicesMetricsHelper include Carto::AuthTokenGenerator include Carto::UserCommons include Concerns::CartodbCentralSynchronizable # INFO: select filter is done for security and performance reasons. Add new columns if needed. DEFAULT_SELECT = "users.email, users.username, users.admin, users.organization_id, users.id, users.avatar_url," \ "users.api_key, users.database_schema, users.database_name, users.name, users.location," \ "users.disqus_shortname, users.account_type, users.twitter_username, users.google_maps_key, " \ "users.viewer, users.quota_in_bytes, users.database_host, users.crypted_password, " \ "users.builder_enabled, users.private_tables_enabled, users.private_maps_enabled, " \ "users.org_admin, users.last_name, users.google_maps_private_key, users.website, " \ "users.description, users.available_for_hire, users.frontend_version, users.asset_host, "\ "users.no_map_logo, users.industry, users.company, users.phone, users.job_role, "\ "users.public_map_quota, users.public_dataset_quota, users.private_map_quota, "\ "users.maintenance_mode, users.company_employees, users.use_case, users.session_salt".freeze has_many :tables, class_name: Carto::UserTable, inverse_of: :user has_many :visualizations, inverse_of: :user has_many :maps, inverse_of: :user has_many :layers_user has_many :layers, through: :layers_user, after_add: Proc.new { |user, layer| layer.set_default_order(user) } belongs_to :organization, inverse_of: :users belongs_to :rate_limit has_one :owned_organization, class_name: Carto::Organization, inverse_of: :owner, foreign_key: :owner_id has_one :static_notifications, class_name: Carto::UserNotification, inverse_of: :user has_many :self_feature_flags_user, dependent: :destroy, foreign_key: :user_id, inverse_of: :user, class_name: Carto::FeatureFlagsUser has_many :self_feature_flags, through: :self_feature_flags_user, source: :feature_flag has_many :assets, inverse_of: :user has_many :data_imports, inverse_of: :user has_many :geocodings, inverse_of: :user has_many :synchronization_oauths, class_name: Carto::SynchronizationOauth, inverse_of: :user, dependent: :destroy has_many :search_tweets, class_name: Carto::SearchTweet, inverse_of: :user has_many :synchronizations, inverse_of: :user has_many :tags, inverse_of: :user has_many :permissions, inverse_of: :owner, foreign_key: :owner_id has_many :connector_configurations, inverse_of: :user, dependent: :destroy has_many :client_applications, class_name: Carto::ClientApplication, dependent: :destroy has_many :tokens, class_name: Carto::OauthToken, dependent: :destroy has_many :users_group, dependent: :destroy, class_name: Carto::UsersGroup has_many :groups, through: :users_group has_many :received_notifications, inverse_of: :user has_many :api_keys, inverse_of: :user has_many :user_multifactor_auths, inverse_of: :user, class_name: Carto::UserMultifactorAuth has_many :dbdirect_certificates, inverse_of: :user, dependent: :destroy has_one :dbdirect_ip, inverse_of: :user, dependent: :destroy has_many :oauth_apps, inverse_of: :user, dependent: :destroy has_many :oauth_app_users, inverse_of: :user, dependent: :destroy has_many :granted_oauth_apps, through: :oauth_app_users, class_name: Carto::OauthApp, source: 'oauth_app' delegate [ :database_username, :database_password, :in_database, :db_size_in_bytes, :get_api_calls, :table_count, :public_visualization_count, :all_visualization_count, :visualization_count, :owned_visualization_count, :twitter_imports_count, :link_privacy_visualization_count, :password_privacy_visualization_count, :public_privacy_visualization_count, :private_privacy_visualization_count ] => :service attr_reader :password # TODO: From sequel, can be removed once finished alias_method :maps_dataset, :maps alias_method :layers_dataset, :layers alias_method :assets_dataset, :assets alias_method :data_imports_dataset, :data_imports alias_method :geocodings_dataset, :geocodings def carto_user; self end before_create :set_database_host before_create :generate_api_key before_create :generate_session_salt after_save { reset_password_rate_limit if crypted_password_changed? } after_destroy { rate_limit.destroy_completely(self) if rate_limit } after_destroy :invalidate_varnish_cache # Compatibility with ::User, where the association is defined as one_to_one def client_application client_applications.first end # Auto creates notifications on first access def static_notifications_with_creation static_notifications_without_creation || build_static_notifications(user: self, notifications: {}) end alias_method_chain :static_notifications, :creation def default_avatar "cartodb.s3.amazonaws.com/static/public_dashboard_default_avatar.png" end # TODO: Revisit methods below to delegate to the service, many look like not proper of the model itself def service @service ||= Carto::UserService.new(self) end def db_service @db_service ||= Carto::UserDBService.new(self) end def default_dataset_privacy Carto::UserTable::PRIVACY_VALUES_TO_TEXTS[default_table_privacy] end def default_table_privacy private_tables_enabled ? Carto::UserTable::PRIVACY_PRIVATE : Carto::UserTable::PRIVACY_PUBLIC end def twitter_datasource_enabled (read_attribute(:twitter_datasource_enabled) || organization.try(&:twitter_datasource_enabled)) && twitter_configured? end def google_maps_private_key if organization.try(:google_maps_private_key).blank? read_attribute(:google_maps_private_key) else organization.google_maps_private_key end end # return the default basemap based on the default setting. If default attribute is not set, first basemaps is returned # it only takes into account basemaps enabled for that user def default_basemap default = if google_maps_enabled? && basemaps['GMaps'].present? ['GMaps', basemaps['GMaps']] else basemaps.find { |_, group_basemaps| group_basemaps.find { |_, attr| attr['default'] } } end default ||= basemaps.first # return only the attributes default[1].first[1] end def remaining_geocoding_quota(options = {}) remaining = if organization.present? organization.remaining_geocoding_quota(options) else geocoding_quota - get_geocoding_calls(options) end (remaining > 0 ? remaining : 0) end def remaining_here_isolines_quota(options = {}) remaining = if organization.present? organization.remaining_here_isolines_quota(options) else here_isolines_quota - get_here_isolines_calls(options) end (remaining > 0 ? remaining : 0) end def remaining_obs_snapshot_quota(options = {}) remaining = if organization.present? organization.remaining_obs_snapshot_quota(options) else obs_snapshot_quota - get_obs_snapshot_calls(options) end (remaining > 0 ? remaining : 0) end def remaining_obs_general_quota(options = {}) remaining = if organization.present? organization.remaining_obs_general_quota(options) else obs_general_quota - get_obs_general_calls(options) end (remaining > 0 ? remaining : 0) end def remaining_mapzen_routing_quota(options = {}) remaining = if organization.present? organization.remaining_mapzen_routing_quota(options) else mapzen_routing_quota.to_i - get_mapzen_routing_calls(options) end (remaining > 0 ? remaining : 0) end def oauth_for_service(service) synchronization_oauths.where(service: service).first end # INFO: don't use, use CartoDB::OAuths#add instead def add_oauth(service, token) # INFO: this should be the right way, but there's a problem with pgbouncer: # ActiveRecord::StatementInvalid: PG::Error: ERROR: prepared statement "a1" does not exist # synchronization_oauths.create( # service: service, # token: token # ) # INFO: even this fails eventually, th the same error. See https://github.com/CartoDB/cartodb/issues/4003 synchronization_oauth = Carto::SynchronizationOauth.new( user_id: id, service: service, token: token ) synchronization_oauth.save synchronization_oauths.append(synchronization_oauth) synchronization_oauth end def get_geocoding_calls(options = {}) date_from, date_to, orgwise = ds_metrics_parameters_from_options(options) get_user_geocoding_data(self, date_from, date_to, orgwise) end def get_here_isolines_calls(options = {}) date_from, date_to, orgwise = ds_metrics_parameters_from_options(options) get_user_here_isolines_data(self, date_from, date_to, orgwise) end def get_obs_snapshot_calls(options = {}) date_from, date_to, orgwise = ds_metrics_parameters_from_options(options) get_user_obs_snapshot_data(self, date_from, date_to, orgwise) end def get_obs_general_calls(options = {}) date_from, date_to, orgwise = ds_metrics_parameters_from_options(options) get_user_obs_general_data(self, date_from, date_to, orgwise) end def get_mapzen_routing_calls(options = {}) date_from, date_to, orgwise = ds_metrics_parameters_from_options(options) get_user_mapzen_routing_data(self, date_from, date_to, orgwise) end def password_in_use?(old_password = nil, new_password = nil) return false if new_record? return old_password == new_password if old_password Carto::Common::EncryptionService.verify(password: new_password, secure_password: crypted_password_was, secret: Cartodb.config[:password_secret]) end alias_method :should_display_old_password?, :needs_password_confirmation? alias_method :password_set?, :needs_password_confirmation? def get_auth_token # Circumvent DEFAULT_SELECT, didn't add auth_token there for sercurity (presenters, etc) auth_token = Carto::User.select(:auth_token).find(id).auth_token auth_token || generate_and_save_auth_token end def notifications_for_category(category) static_notifications.notifications[category] || {} end def view_dashboard update_column(:dashboard_viewed_at, Time.now) end def send_password_reset! generate_token(:password_reset_token) self.password_reset_sent_at = Time.zone.now save! Resque.enqueue(::Resque::UserJobs::Mail::PasswordReset, id) end def dbdirect_effective_ips dbdirect_effective_ip&.ips || [] end def dbdirect_effective_ips=(ips) ips ||= [] reload dbdirect_ip ? dbdirect_ip.update!(ips: ips) : create_dbdirect_ip!(ips: ips) end def dbdirect_effective_ip reload.dbdirect_ip end private def set_database_host self.database_host ||= ::SequelRails.configuration.environment_for(Rails.env)['host'] end def generate_api_key self.api_key ||= make_token end def generate_session_salt self.session_salt ||= SecureRandom.hex end def generate_token(column) begin self[column] = SecureRandom.urlsafe_base64 end while Carto::User.exists?(column => self[column]) end def ds_metrics_parameters_from_options(options) date_from = (options[:from] ? options[:from].to_date : last_billing_cycle) date_to = (options[:to] ? options[:to].to_date : Date.today) orgwise = options.fetch(:orgwise, true) [date_from, date_to, orgwise] end end