api-blocks 0.2.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac783dd6db7fa3ce389eda86b7fd62b8e48d440ecf4ed6a9502b1078fcbfcc5f
-  data.tar.gz: b689fd259ce4ceb3d30cca568133e36660d8d29e9dd228263b2de352b1761d69
+  metadata.gz: 66461c9b8a8937195f5481be3ecf649923d9a9534e7cb4d1194d0b31e1325b92
+  data.tar.gz: 81ac3b5a4c0f1d5c4ed3b0653d57e1aa6e343cd03dbdf17a3f400248ddbff840
 SHA512:
-  metadata.gz: aa854d23bbde6cebf1fd196d1cb61871073567630e2c0500b4fbacd783dfeebc1307a53a1b1ee6e9ef18c2ef3b885eb2ec0984c060403a436d1718d5b7c4431a
-  data.tar.gz: b993c3868b1950bdea4dd8e130331ef07c3f1331241159d89d36bbfd359cf8bc254df3209dff88e0c08451e84236a553444072e0fc7f6981cb4dfd9fcfb6b39e
+  metadata.gz: 0d0d11a13c33b6fbd07a0e4c54e4a36b89cc3680443908d4db4ec76600c4735a822e9f12ed3e081e5d860cb121ae3c7d30cd3fd8849508ca6ddad180c3fbbc8d
+  data.tar.gz: b828665074662b5a2c91739efeb3728d502a22c215688ddd0061cce3b0656370c8d539610d103f522112b160bc922a931934fc4993104cf91cdd9425ce7b1d02

data/lib/api_blocks/controller.rb

@@ -45,17 +45,32 @@ module ApiBlocks::Controller
     def authorize(record, query = nil)
       super(self.class.pundit_api_scope + [record], query)
     end
+
+    handle_api_error Pundit::NotAuthorizedError do |error|
+      [{ detail: error.message }, :forbidden]
+    end
+
+    mattr_accessor :pundit_api_scope, default: []
   end
 
   class_methods do
     # Provide a default scope to pundit's `PolicyFinder`.
     def pundit_scope(*scope)
-      @pundit_api_scope = scope
+      self.pundit_api_scope = scope
     end
 
-    # Returns the scope for pundit's `PolicyFinder`.
-    def pundit_api_scope
-      @pundit_api_scope || []
+    # Defines a error handler that returns
+    def handle_api_error(error_class)
+      rescue_from error_class do |ex|
+        problem, status =
+          if block_given?
+            yield ex
+          else
+            [{ detail: ex.message }, :ok]
+          end
+
+        render problem: problem, status: status
+      end
     end
   end
 end

data/lib/api_blocks/doorkeeper/invitations/application.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+# ApiBlocks::Doorkeeper::Invitations::Application adds `invitation_uri`
+# validation to `Doorkeeper::Application`.
+#
+# This module is automatically included on rails application startup if the
+# invitations migrations have been ran.
+#
+# @private
+#
+module ApiBlocks::Doorkeeper::Invitations::Application
+  extend ActiveSupport::Concern
+
+  included do
+    validates :invitation_uri, "doorkeeper/redirect_uri": true
+  end
+end

data/lib/api_blocks/doorkeeper/invitations/controller.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+# ApiBlocks::Doorkeeper::Invitations::Controller implements a devise invitable
+# API controller.
+module ApiBlocks::Doorkeeper::Invitations::Controller
+  extend ActiveSupport::Concern
+
+  included do # rubocop:disable Metrics/BlockLength
+    skip_after_action :verify_authorized
+    skip_after_action :verify_policy_scoped
+
+    # Initialize a new invitation.
+    def create
+      user = user_model.invite!(
+        create_params, current_user, application: oauth_application,
+      )
+
+      return render(status: :no_content) if user.errors.empty?
+
+      respond_with(user)
+    end
+
+    # Renders informations about the invited user.
+    def show
+      user = user_model.find_by_invitation_token(params[:invitation_token], false)
+
+      if user.nil? || !user.persisted?
+        return render(
+          problem: { details: "invalid invitation token" },
+          status: :bad_request
+        )
+      end
+
+      respond_with(user)
+    end
+
+    # Redirects to the application's redirect uri.
+    def callback
+      query = {
+        invitation_token: params[:invitation_token]
+      }.to_query
+
+      redirect_to("#{oauth_application.invitation_uri}?#{query}")
+    end
+
+    # Finalize the invitation.
+    def update
+      user = user_model.accept_invitation!(update_params)
+
+      return respond_with(user) unless user.errors.empty?
+
+      user.unlock_access! if unlockable?(user)
+
+      respond_with(Doorkeeper::OAuth::TokenResponse.new(
+        access_token(oauth_application, user)
+      ).body)
+    end
+
+    private
+
+    def create_params
+      params.require(:user).permit(:email)
+    end
+
+    def update_params
+      params.require(:user).permit(
+        :invitation_token, :password, :password_confirmation
+      )
+    end
+
+    # Copied over from devise base controller in order to determine wether a ser
+    # is unlockable or not.
+    def unlockable?(resource)
+      resource.respond_to?(:unlock_access!) &&
+        resource.respond_to?(:unlock_strategy_enabled?) &&
+        resource.unlock_strategy_enabled?(:email)
+    end
+
+    # Returns a new access token for this user.
+    def access_token(application, user)
+      Doorkeeper::AccessToken.find_or_create_for(
+        application,
+        user.id,
+        Doorkeeper.configuration.default_scopes,
+        Doorkeeper.configuration.access_token_expires_in,
+        true
+      )
+    end
+
+    def oauth_application
+      @oauth_application ||= Doorkeeper::Application.find_by!(
+        uid: params[:client_id]
+      )
+    end
+
+
+    # Returns the user model class.
+    def user_model
+      raise 'the method `user_model` must be implemented on your password controller' # rubocop:disable Metrics/LineLength
+    end
+  end
+end

data/lib/api_blocks/doorkeeper/invitations/migration_generator.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+# ApiBlocks::Doorkeeper::Invitations::MigrationGenerator implements the Rails
+# generator for doorkeeper invitations api migrations.
+#
+# @private
+#
+class ApiBlocks::Doorkeeper::Invitations::MigrationGenerator < ::Rails::Generators::Base # rubocop:disable Metrics/LineLength
+  include ::Rails::Generators::Migration
+
+  source_root File.expand_path('templates', __dir__)
+  desc 'Installs doorkeeper invitations api migrations'
+
+  def install
+    migration_template(
+      'migration.rb.erb',
+      'db/migrate/add_invitation_uri_to_doorkeeper_applications.rb',
+      migration_version: migration_version
+    )
+  end
+
+  def self.next_migration_number(dirname)
+    ActiveRecord::Generators::Base.next_migration_number(dirname)
+  end
+
+  private
+
+  def migration_version
+    "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+  end
+end

data/lib/api_blocks/doorkeeper/invitations.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# ApiBlocks::Doorkeeper::Invitations implements an API invitation workflow.
+module ApiBlocks::Doorkeeper::Invitations
+  extend ActiveSupport::Autoload
+
+  autoload :Controller
+  autoload :Application
+end

data/lib/api_blocks/doorkeeper/passwords/controller.rb

@@ -65,10 +65,8 @@ module ApiBlocks::Doorkeeper::Passwords::Controller
     # Initialize the reset password workflow, sends a reset password email to
     # the user.
     def create
-      application = Doorkeeper::Application.find_by!(uid: params[:client_id])
-
       user = user_model.send_reset_password_instructions(
-        create_params, application: application
+        create_params, application: oauth_application
       )
 
       if successfully_sent?(user)
@@ -81,29 +79,26 @@ module ApiBlocks::Doorkeeper::Passwords::Controller
     # Handles the redirection from the email towards the application's
     # `redirect_uri`.
     def callback
-      application = Doorkeeper::Application.find_by!(uid: params[:client_id])
-
       query = {
         reset_password_token: params[:reset_password_token]
       }.to_query
 
       redirect_to(
-        "#{application.reset_password_uri}?#{query}"
+        "#{oauth_application.reset_password_uri}?#{query}"
       )
     end
 
     # Updates the user password and returns a new Doorkeeper::AccessToken.
     def update
-      application = Doorkeeper::Application.find_by!(uid: params[:client_id])
       user = user_model.reset_password_by_token(update_params)
 
-      if user.errors.empty?
-        user.unlock_access! if unlockable?(user)
+      return respond_with(user) unless user.errors.empty?
 
-        render json: access_token(application, user)
-      else
-        respond_with(user)
-      end
+      user.unlock_access! if unlockable?(user)
+
+      respond_with(Doorkeeper::OAuth::TokenResponse.new(
+        access_token(oauth_application, user)
+      ).body)
     end
 
     private
@@ -150,6 +145,12 @@ module ApiBlocks::Doorkeeper::Passwords::Controller
       )
     end
 
+    def oauth_application
+      @oauth_application ||= Doorkeeper::Application.find_by!(
+        uid: params[:client_id]
+      )
+    end
+
     # Returns the user model class.
     def user_model
       raise 'the method `user_model` must be implemented on your password controller' # rubocop:disable Metrics/LineLength

data/lib/api_blocks/doorkeeper.rb

@@ -5,4 +5,5 @@ module ApiBlocks::Doorkeeper
   extend ActiveSupport::Autoload
 
   autoload :Passwords
+  autoload :Invitations
 end

data/lib/api_blocks/railtie.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "problem_details-rails"
+
 # ApiBlocks::Railtie implements the Rails integration for ApiBlocks.
 #
 # @private
@@ -21,9 +23,24 @@ class ApiBlocks::Railtie < Rails::Railtie
         ApiBlocks::Doorkeeper::Passwords::Application
       )
     end
+
+    ActiveSupport.on_load(:active_record) do
+      # do not load the Doorkeeper::Application extensions if migrations have
+      # not been setup.
+      invitation_uri = Doorkeeper::Application.columns.find do |col|
+        col.name == 'invitation_uri'
+      end
+
+      next unless invitation_uri
+
+      Doorkeeper::Application.include(
+        ApiBlocks::Doorkeeper::Invitations::Application
+      )
+    end
   end
 
   generators do
     require_relative 'doorkeeper/passwords/migration_generator'
+    require_relative 'doorkeeper/invitations/migration_generator'
   end
 end

data/lib/api_blocks/responder.rb

@@ -10,13 +10,15 @@ require 'dry/monads/result'
 class ApiBlocks::Responder < ActionController::Responder
   include Responders::HttpCacheResponder
 
-  # Override resource_errors to handle more error kinds
+  # Override resource_errors to handle more error kinds and return a status
+  # code.
+  #
   def resource_errors
     case @resource
     when ApplicationRecord
-      { errors: @resource.errors }
+      [{ errors: @resource.errors }, :unprocessable_entity]
     when ActiveRecord::RecordInvalid
-      { errors: @resource.record.errors }
+      [{ errors: @resource.record.errors }, :unprocessable_entity]
     else
       # propagate the error so it can be handled through the standard rails
       # error handlers.
@@ -24,6 +26,24 @@ class ApiBlocks::Responder < ActionController::Responder
     end
   end
 
+  # Display is just a shortcut to render a resource's errors with the current
+  # format using `problem_details` when format is set to JSON.
+  #
+  def display_errors
+    return super unless format == :json
+
+    errors, status = resource_errors
+
+    controller.render problem: errors, status: status
+  end
+
+  # All other formats follow the procedure below. First we try to render a
+  # template, if the template is not available, we verify if the resource
+  # responds to :to_format and display it.
+  #
+  # In addition, if the resource is a Dry::Monads::Result we unwrap it and
+  # assign the failure instead.
+  #
   def to_format
     return super unless resource.is_a?(Dry::Monads::Result)
 

data/lib/api_blocks/version.rb

@@ -2,5 +2,5 @@
 
 module ApiBlocks
   # Current version of ApiBlocks
-  VERSION = '0.2.1'
+  VERSION = '0.4.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: api-blocks
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Paul d'Hubert
@@ -66,6 +66,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: problem_details-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: pundit
   requirement: !ruby/object:Gem::Requirement
@@ -244,6 +258,10 @@ files:
 - lib/api_blocks.rb
 - lib/api_blocks/controller.rb
 - lib/api_blocks/doorkeeper.rb
+- lib/api_blocks/doorkeeper/invitations.rb
+- lib/api_blocks/doorkeeper/invitations/application.rb
+- lib/api_blocks/doorkeeper/invitations/controller.rb
+- lib/api_blocks/doorkeeper/invitations/migration_generator.rb
 - lib/api_blocks/doorkeeper/passwords.rb
 - lib/api_blocks/doorkeeper/passwords/application.rb
 - lib/api_blocks/doorkeeper/passwords/controller.rb