aha_builder_core 1.0.15 → 1.0.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ab96bb0d7db25dcab119a0fc590ddfdc0a60b2984ae041f42f7380f9da1a229
-  data.tar.gz: 83b6752ca39af681cf7a617855b9cd3b89b2a83eef98c28c7e440b9018389bfb
+  metadata.gz: 040e466bb6704c03036a10c3b1242abe7180212e6c34319ff6377d090f1f5373
+  data.tar.gz: 8fae9ac629308b1f7ecf306f3f5fee5b362f181fab5dd2a2f75502e0ed22dccf
 SHA512:
-  metadata.gz: da4a0a3dd5af21d498c34fab9c845928f017c8489c6cc857986fa70bc01fc318e440b1c555288afb872c8a29d46b6ed43dff0e8e8723f5d562635f598b7bcbff
-  data.tar.gz: 8c27600959bfa94734744c8ef7b2f27fd22173da39a04eef001835261d695368b31cc1959f4496e5a481b5c792ff0d199884e6d265b7d98771ff30f725483b3a
+  metadata.gz: 16711e2de018b08fdedcb47a92d5e1a6a3ea3862d88d786c8ce609d76de9f620293760cbb74bb7cff68d243133ee0ad6041020c02e98ee7d6210d68ea234b7a3
+  data.tar.gz: 883be935bafe88f56091079f1b38cdcc3104b115d3f1d3e633bb78d501e9c0b9d7df9b3010416162343b7c943623eb124645bbf2282dc8336b5be2c691308534

data/README.md

@@ -1,6 +1,10 @@
 # Aha Builder Core Client
 
-Ruby client for Aha! Builder core authentication services which provides login and signup using email/password, social logins (Google, Github, Microsoft), SAML SSO and password reset.
+Ruby client for Aha! Builder core which provides application services:
+
+* Authentication services for login and signup using email/password, social logins (Google, Github, Microsoft), SAML SSO and password reset.
+* Email sending API.
+* User guide content API.
 
 ## Installation
 
@@ -18,7 +22,7 @@ No configuration is necessary and no environment variables are necessary.
 
 The authentication UI is provided completely by the core system. During authentication the user is redirected to the login page, and will return (via HTTP redirect) to the `/callback` URL when authentication is complete. Your application must implement a callback action at `/callback` to receive the code. Any value passed in as `state` is returned verbatim to the callback.
 
-Protection against CSRF atacks is handled internally by the Aha::Auth library and there is no need to use a nonce in the state parameter.
+Protection against CSRF attacks is handled internally by the Aha::Auth library and there is no need to use a nonce in the state parameter.
 
 ### Generate Login URL
 
@@ -88,7 +92,6 @@ local_user.update!(
 # Store tokens in session or database
 session[:session_token] = result[:session_token]
 session[:refresh_token] = result[:refresh_token]
-session[:user_id] = local_user.id
 
 # Redirect to application
 redirect_to root_path
@@ -202,3 +205,20 @@ Each page hash contains:
 - `position` - Sort order (integer)
 - `children_count` - Number of child pages
 - `content_html` - HTML content (only in `load_page` response)
+
+## Email Sending
+
+Aha! Builder core provides a mail API that can be used as an ActionMailer delivery method.
+
+### ActionMailer Integration
+
+Configure your Rails application to send emails through Aha! Builder core:
+
+```ruby
+# config/initializers/action_mailer.rb
+ActionMailer::Base.add_delivery_method :aha_mail, Aha::Mail::DeliveryMethod
+
+# config/environments/production.rb
+config.action_mailer.delivery_method = :aha_mail
+```
+

data/lib/aha/auth/client.rb

@@ -52,7 +52,7 @@ module Aha
         begin
           claims = decode_and_verify_token(session_token)
           return Session.from_claims(claims) if claims
-        rescue ExpiredTokenError 
+        rescue ExpiredTokenError
           # Token has expired, attempt refresh
         end
 
@@ -73,7 +73,8 @@ module Aha
         end
 
         Session.invalid
-      rescue InvalidTokenError, ExpiredTokenError
+      rescue InvalidTokenError, ExpiredTokenError => e
+        Rails.logger.info("Session token invalid or expired #{e.message}")
         Session.invalid
       end
 
@@ -82,9 +83,12 @@ module Aha
       # @param session_token [String] The session token to revoke
       # @return [Boolean] true if successful
       def logout(session_token:)
-        get("/api/core/auth_ui/logout", headers: { "Authorization" => "Bearer #{session_token}" })
+        claims = decode_and_verify_token(session_token)
+        user_id = claims["sub"] # JWT subject is the user_id
+
+        post("/api/core/auth/users/#{user_id}/logout", {})
         true
-      rescue ApiError
+      rescue InvalidTokenError, ExpiredTokenError, ApiError
         false
       end
 
@@ -106,7 +110,7 @@ module Aha
         public_key = @token_cache.get_key(kid) { fetch_jwks }
 
         unless public_key
-          # Try refreshing the cache in case there's a new key
+          # Force refresh the cache in case there's a new key
           @token_cache.refresh! { fetch_jwks }
           public_key = @token_cache.get_key(kid) { fetch_jwks }
           raise InvalidTokenError, "Unknown key ID: #{kid}" unless public_key
@@ -115,7 +119,11 @@ module Aha
         # Verify the token
         options = {
           algorithm: ALGORITHM,
-          verify_expiration: true
+          aud: @configuration.client_id.to_s,
+          verify_expiration: true,
+          verify_aud: true,
+          verify_iat: true,
+          required_claims: %w[sub sid aud iat exp],
         }
 
         decoded = JWT.decode(token, public_key, true, options)
@@ -157,6 +165,10 @@ module Aha
 
       def http_client
         @http_client ||= Faraday.new(url: @configuration.server_url) do |conn|
+          if @configuration.enable_logging && @configuration.logger
+            conn.response :logger, @configuration.logger, bodies: true
+          end
+
           conn.request :retry, max: 2, interval: 0.5, backoff_factor: 2
           conn.options.timeout = @configuration.timeout
 

data/lib/aha/auth/configuration.rb

@@ -21,6 +21,12 @@ module Aha
       # HTTP timeout in seconds (default: 30)
       attr_accessor :timeout
 
+      # Enable logging of HTTP requests and responses (default: false)
+      attr_accessor :enable_logging
+
+      # Logger instance for HTTP logging (default: Rails.logger)
+      attr_accessor :logger
+
       def initialize
         @server_url = ENV.fetch("AHA_CORE_SERVER_URL", "https://secure.aha.io/api/core")
         @api_key = ENV.fetch("AHA_CORE_API_KEY", nil)
@@ -28,6 +34,8 @@ module Aha
         @jwks_cache_ttl = 3600 # 1 hour
         @refresh_threshold = 120 # 2 minutes
         @timeout = 30
+        @enable_logging = false
+        @logger = Rails.logger
       end
 
       def validate!

data/lib/aha/auth/token_cache.rb

@@ -34,11 +34,6 @@ module Aha
         end
       end
 
-      # Check if the cache is stale
-      def stale?
-        @fetched_at.nil? || (Time.now.utc - @fetched_at) > @ttl
-      end
-
       # Clear the cache
       def clear!
         @mutex.synchronize do
@@ -49,6 +44,10 @@ module Aha
 
       private
 
+      def stale?
+        @fetched_at.nil? || (Time.now.utc - @fetched_at) > @ttl
+      end
+
       def refresh_if_needed(&fetcher)
         fetch_keys(&fetcher) if stale?
       end
@@ -59,7 +58,10 @@ module Aha
 
         @keys = {}
         jwks["keys"].each do |key_data|
+          # Valdate the key is appropriate for our use.
           next unless key_data["kty"] == "RSA"
+          next unless key_data["use"] == "sig"
+          next unless key_data["alg"] == "RS256"
 
           kid = key_data["kid"]
           @keys[kid] = build_rsa_key(key_data)

data/lib/aha/auth/users_resource.rb

@@ -11,9 +11,9 @@ module Aha
       # Create a new user
       #
       # @param email [String] User's email address
-      # @param first_name [String] User's first name
-      # @param last_name [String] User's last name
-      # @param password [String] User's password
+      # @param first_name [String] User's first name (optional)
+      # @param last_name [String] User's last name (optional)
+      # @param password [String] User's password (optional)
       # @return [User] The created user
       def create(email:, first_name:, last_name:, password:)
         response = post(

data/lib/aha/auth.rb

@@ -77,26 +77,13 @@ module Aha
       def authenticate_with_code(code:, cookies:)
         # Split the code and nonce if present
         actual_code, nonce = code.split(".", 2)
+        
+        raise "CSRF verification failed: unable to verify nonce" unless nonce
 
-        # Verify CSRF protection if nonce is present
-        if nonce
-          cookie_nonce = cookies[:auth_nonce]
-
-          # Verify nonce matches
-          if cookie_nonce.blank? 
-            raise "CSRF verification failed: nonce missing in cookie"
-          end
-
-          if cookie_nonce != nonce
-            raise "CSRF verification failed: nonce mismatch"
-          end
-
-          # Clear the nonce from session after verification
-          cookies.delete(:auth_nonce)
-        else
-          # If we fon't have a none, we can't verify CSRF.
-          raise "CSRF verification failed: unable to verify nonce"
-        end
+        cookie_nonce = cookies[:auth_nonce]
+        cookies.delete(:auth_nonce)
+        raise "CSRF verification failed: nonce missing in cookie" if cookie_nonce.blank? 
+        raise "CSRF verification failed: nonce mismatch" if cookie_nonce != nonce
 
         client.authenticate_with_code(code: actual_code)
       end

data/lib/aha/mail/delivery_method.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Aha
+  module Mail
+    class DeliveryMethod
+      attr_accessor :settings
+
+      def initialize(settings = {})
+        @settings = settings
+      end
+
+      def deliver!(mail)
+        # Extract mail attributes
+        mail_params = {
+          from: format_addresses(mail.from).first,
+          to: format_addresses(mail.to),
+          cc: format_addresses(mail.cc),
+          bcc: format_addresses(mail.bcc),
+          reply_to: format_addresses(mail.reply_to),
+          subject: mail.subject,
+        }
+
+        # Determine content type and body
+        if mail.multipart?
+          # For multipart messages, prefer HTML over plain text
+          html_part = mail.html_part
+          text_part = mail.text_part
+
+          if html_part
+            mail_params[:body] = html_part.body.decoded
+            mail_params[:content_type] = "text/html"
+          elsif text_part
+            mail_params[:body] = text_part.body.decoded
+            mail_params[:content_type] = "text/plain"
+          else
+            mail_params[:body] = mail.body.decoded
+            mail_params[:content_type] = mail.content_type
+          end
+        else
+          mail_params[:body] = mail.body.decoded
+          mail_params[:content_type] = mail.content_type || "text/plain"
+        end
+
+        # Send via the Aha::Mail API
+        Aha::Mail.send_mail(mail_params)
+      rescue StandardError => e
+        # ActionMailer expects delivery methods to raise exceptions on failure
+        raise "Failed to deliver mail via Aha::Mail: #{e.message}"
+      end
+
+      private
+
+      def format_addresses(addresses)
+        return [] if addresses.nil?
+
+        Array(addresses).map do |address|
+          if address.is_a?(::Mail::Address)
+            address.to_s
+          else
+            address
+          end
+        end.compact
+      end
+    end
+  end
+end

data/lib/aha/mail.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative "mail/delivery_method"
+
+module Aha
+  module Mail
+    class << self
+      def send_mail(mail_params)
+        client.send(:post, "/api/core/mail/send", mail: mail_params)
+      end
+
+      private
+
+      def client
+        Aha::Auth.send(:client)
+      end
+    end
+  end
+end

data/lib/aha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Aha
-  VERSION = "1.0.15"
+  VERSION = "1.0.16"
 end

data/lib/aha_builder_core.rb

@@ -2,3 +2,4 @@
 
 require_relative "aha/auth"
 require_relative "aha/user_guide"
+require_relative "aha/mail"

data/lib/generators/aha_builder_core/auth/USAGE

@@ -16,7 +16,7 @@ Example:
     And add routes:
         get "login" => "sessions#new"
         get "callback" => "sessions#callback"
-        delete "logout" => "sessions#logout"
+        get "logout" => "sessions#logout"
 
     You can add custom attributes to the User model:
         bin/rails generate aha_builder_core:auth company:string role:string

data/lib/generators/aha_builder_core/auth/templates/authentication.rb.tt

@@ -23,7 +23,7 @@ module Authentication
         session[:refresh_token] = session_result.new_refresh_token
       end
 
-      @current_user = User.find_by(id: session[:user_id])
+      @current_user = User.find_by(id: session_result.user_id)
       Current.user = @current_user
     else
       clear_session
@@ -50,9 +50,7 @@ module Authentication
   end
 
   def clear_session
-    session.delete(:session_token)
-    session.delete(:refresh_token)
-    session.delete(:user_id)
+    reset_session
     @current_user = nil
   end
 end

data/lib/generators/aha_builder_core/auth/templates/sessions_controller.rb.tt

@@ -4,7 +4,7 @@ class SessionsController < ApplicationController
 
   def new
     redirect_to Aha::Auth.login_url(
-      state: { return_to: params[:return_to] || root_path }.to_json,
+      state: { return_to: relative_url(params[:return_to] || root_path) }.to_json,
       cookies:
     ), allow_other_host: true
   end
@@ -25,10 +25,9 @@ class SessionsController < ApplicationController
 
       session[:session_token] = result[:session_token]
       session[:refresh_token] = result[:refresh_token]
-      session[:user_id] = user.id
 
       state = JSON.parse(params[:state]) rescue {}
-      redirect_to state["return_to"] || root_path
+      redirect_to relative_url(state["return_to"] || root_path)
     else
       redirect_to login_path, alert: "Authentication failed. Please try again."
     end
@@ -49,4 +48,13 @@ class SessionsController < ApplicationController
     clear_session
     redirect_to root_path, notice: "Successfully signed out."
   end
+
+  private
+
+  def relative_url(url) 
+    uri = URI.parse(url) 
+    [[uri.path, uri.query].compact.join("?"), uri.fragment].compact.join("#") 
+  rescue StandardError => e 
+    nil 
+  end 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aha_builder_core
 version: !ruby/object:Gem::Version
-  version: 1.0.15
+  version: 1.0.16
 platform: ruby
 authors:
 - Aha! Labs Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-01-16 00:00:00.000000000 Z
+date: 2026-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -123,6 +123,8 @@ files:
 - lib/aha/auth/token_cache.rb
 - lib/aha/auth/user.rb
 - lib/aha/auth/users_resource.rb
+- lib/aha/mail.rb
+- lib/aha/mail/delivery_method.rb
 - lib/aha/user_guide.rb
 - lib/aha/version.rb
 - lib/aha_builder_core.rb
@@ -149,7 +151,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.2.0
+      version: 3.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="