api_user_auth 0.0.12

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7e9ccdf1f2cf33bd87ef4749039eba166b88f5ee6672a5c7d9bcce66fe7f71be
+  data.tar.gz: 4aa20626e6910277f8e91d8f81bfe370e2676d90e7f8fe1cbd2548faa6cf755e
+SHA512:
+  metadata.gz: 2413f31cedcce9f135953583590c298f5665e06c04a94b1ba6d202618d65d8d6b95ccb3d141a8312778efb36659e8394a3d00cc5e323b860bc089c1078d4a261
+  data.tar.gz: 8207fe9d20aaa88a85b353a6b6f9e6d236ebce8e49619013729325f113e64b84f9b7696dc7bb0f197a630ab92dc0bda55077b7b761ad6a04743a80e51d36371b

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 Alex M
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,36 @@
+# ApiUserAuth
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'api_user_auth'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install api_user_auth
+```
+
+Run rails generator:
+```bash
+rails generate api_user_auth
+# OR
+rails g api_user_auth
+```
+
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,53 @@
+# begin
+#   require 'bundler/setup'
+# rescue LoadError
+#   puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+# end
+#
+# require 'rdoc/task'
+#
+# RDoc::Task.new(:rdoc) do |rdoc|
+#   rdoc.rdoc_dir = 'rdoc'
+#   rdoc.title    = 'ApiUserAuth'
+#   rdoc.options << '--line-numbers'
+#   rdoc.rdoc_files.include('README.md')
+#   rdoc.rdoc_files.include('lib/**/*.rb')
+# end
+#
+# APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+# load 'rails/tasks/engine.rake'
+#
+# load 'rails/tasks/statistics.rake'
+#
+# require 'bundler/gem_tasks'
+#
+# require 'rake/testtask'
+#
+# Rake::TestTask.new(:test) do |t|
+#   t.libs << 'test'
+#   t.pattern = 'test/**/*_test.rb'
+#   t.verbose = false
+# end
+#
+# task default: :test
+
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each { |f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc 'Run all specs in spec directory (excluding plugin specs)'
+RSpec::Core::RakeTask.new(spec: 'app:db:test:prepare')
+
+task default: :spec

data/app/assets/config/api_user_auth_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/api_user_auth .js
+//= link_directory ../stylesheets/api_user_auth .css

data/app/assets/javascripts/api_user_auth/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require rails-ujs
+//= require activestorage
+//= require_tree .

data/app/assets/stylesheets/api_user_auth/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/api_user_auth/auth_controller.rb

@@ -0,0 +1,75 @@
+module ApiUserAuth
+  # Registration/Login controller
+  class AuthController < ActionController::API
+    rescue_from Exceptions::Unauthorized, with: :auth_user_unauthorized
+    rescue_from Exceptions::WrongParams, with: :auth_user_wrong_params
+    rescue_from ApiUserAuth::Exceptions::ProviderError,
+                with: :auth_user_provider
+    rescue_from ::ActiveRecord::RecordNotFound, with: :auth_user_not_found
+
+    def create
+      auth_user = AuthUser.create_by_params(base_params)
+      render json: auth_user.to_json, status: 201
+    end
+
+    def login
+      auth_user = AuthUser.login_by_params(base_params)
+      render json: auth_user.to_json, status: 200
+    end
+
+    def password
+      auth_user = AuthUser.update_password(
+        params.permit(:email, :password, :code).to_h
+      )
+      render json: auth_user.to_json, status: 200
+    end
+
+    def forgot_password
+      auth_user = AuthUser.forgot_password(
+        params.permit(:email)
+      )
+      render json: auth_user.to_json
+    end
+
+    def logout
+      if request.headers['Authorization'].blank?
+        raise Exceptions::Unauthorized,
+              'Header [Authorization] can not be blank!'
+      end
+      token = request.headers['Authorization'].sub(/Bearer\s*=?/, '')
+      auth_user = AuthUser.find_fy_token(token)
+      if auth_user.present? && auth_user.logout(token)
+        render json: {}, status: 200
+      else
+        render json: {}, status: 400
+      end
+    end
+
+    def provider
+      auth_user = AuthUser.create_by_provider(params)
+      render json: auth_user.to_json
+    end
+
+    private
+
+    def base_params
+      params.permit(:email, :password).to_h
+    end
+
+    def auth_user_not_found
+      render json: {}, status: 404
+    end
+
+    def auth_user_unauthorized(exception)
+      render json: { message: exception.message || 'Unauthorized' }, status: 401
+    end
+
+    def auth_user_provider(exception)
+      render json: { message: exception.message }, status: 422
+    end
+
+    def auth_user_wrong_params(exception)
+      render json: { message: exception.message }, status: 422
+    end
+  end
+end

data/app/helpers/api_user_auth/application_helper.rb

@@ -0,0 +1,5 @@
+module ApiUserAuth
+  # Application helper
+  module ApplicationHelper
+  end
+end

data/app/jobs/api_user_auth/application_job.rb

@@ -0,0 +1,4 @@
+module ApiUserAuth
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/api_user_auth/application_mailer.rb

@@ -0,0 +1,7 @@
+module ApiUserAuth
+  # Application mailer
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/mailers/api_user_auth/forgot_password_mailer.rb

@@ -0,0 +1,12 @@
+module ApiUserAuth
+  # Forgot password mailer
+  class ForgotPasswordMailer < ActionMailer::Base
+    default from: 'support@example.com'
+
+    def reset_code(user)
+      @email = user.email
+      @code = user.code
+      mail to: user.email, subject: 'Password Code Reset'
+    end
+  end
+end

data/app/mailers/api_user_auth/welcome_mailer.rb

@@ -0,0 +1,11 @@
+module ApiUserAuth
+  # Welcome mailer
+  class WelcomeMailer < ActionMailer::Base
+    default from: 'support@example.com'
+
+    def welcome(user)
+      @email = user.email
+      mail to: user.email, subject: 'Welcome !'
+    end
+  end
+end

data/app/models/api_user_auth/application_record.rb

@@ -0,0 +1,5 @@
+module ApiUserAuth
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/api_user_auth/auth_user.rb

@@ -0,0 +1,167 @@
+module ApiUserAuth
+  # Base user auth model
+  class AuthUser < ApplicationRecord
+    after_create :send_welcome
+
+    attr_accessor :is_new
+
+    def self.create_by_params(params)
+      if params[:email].blank?
+        raise Exceptions::WrongParams, 'Email can not be blank!'
+      end
+      if params[:password].blank?
+        raise Exceptions::WrongParams, 'Password can not be blank!'
+      end
+      auth_user = AuthUser.find_or_initialize_by(email: params[:email])
+
+      if auth_user.new_record?
+        auth_user.is_new = true
+        auth_user.update_password(params[:password])
+      else
+        raise Exceptions::WrongParams, 'User already exists !'
+      end
+      auth_user
+    end
+
+    def self.login_by_params(params)
+      if params[:email].blank?
+        raise Exceptions::WrongParams, 'Email can not be blank!'
+      end
+      if params[:password].blank?
+        raise Exceptions::WrongParams, 'Password can not be blank!'
+      end
+
+      auth_user = AuthUser.find_by(email: params[:email])
+
+      if auth_user && auth_user.valid_password?(params[:password])
+        auth_user.generate_token
+        auth_user.save
+        auth_user.is_new = false
+      else
+        raise Exceptions::Unauthorized, 'Invalid Email or Password!'
+      end
+      auth_user
+    end
+
+    def self.update_password(params)
+      if params[:email].blank?
+        raise Exceptions::WrongParams, 'Email can not be blank!'
+      end
+      if params[:password].blank?
+        raise Exceptions::WrongParams, 'Password can not be blank!'
+      end
+      if params[:code].blank?
+        raise Exceptions::WrongParams, 'Code can not be blank!'
+      end
+      auth_user = AuthUser.find_by(email: params[:email])
+
+      if auth_user.blank?
+        raise Exceptions::WrongParams, 'Email is invalid!'
+      end
+
+      if auth_user.code.eql?(params[:code])
+        auth_user.update_password(params[:password])
+      else
+        raise Exceptions::WrongParams, 'Code is invalid!'
+      end
+    end
+
+    def update_password(password)
+      self.password = password
+      generate_token
+      save
+    end
+
+    def self.forgot_password(params)
+      if params[:email].blank?
+        raise Exceptions::WrongParams, 'Email can not be blank!'
+      end
+      auth_user = AuthUser.find_by(email: params[:email])
+      if auth_user.blank?
+        raise Exceptions::WrongParams, 'Email is invalid!'
+      end
+      auth_user.send_reset_password
+    end
+
+    def self.create_by_provider(params)
+      if params[:provider].blank?
+        raise Exceptions::WrongParams, 'Provider can not be blank!'
+      end
+      if params[:token].blank?
+        raise Exceptions::WrongParams, 'Token can not be blank!'
+      end
+
+      provider_data = case params[:provider]
+                      when /facebook/i
+                        Providers::Facebook.get_user(params[:token])
+                      when /google/i
+                        Providers::Google.get_user(params[:token])
+                      when /instagram/i
+                        Providers::Instagram.get_user(params[:token])
+                      else
+                        raise ::ApiUserAuth::Exceptions::ProviderError,
+                              'Wrong provider!'
+                      end
+
+      auth_user = AuthUser.find_or_initialize_by(email: provider_data[:email])
+      auth_user.encrypted_password = params[:token]
+      auth_user.generate_token
+      auth_user.is_new = auth_user.new_record?
+      auth_user.user_provider_data = provider_data
+      auth_user.provider = params[:provider]
+      auth_user.save
+      auth_user
+    end
+
+    def self.find_fy_token(token)
+      unless token =~ ApiUserAuth::UUID_REGEX
+        raise Exceptions::Unauthorized,
+              'Header [Authorization] token is invalid!'
+      end
+      where(
+        '? = ANY("api_user_auth_auth_users"."auth_tokens")',
+        token
+      ).limit(1).first
+    end
+
+    def to_json
+      { id: id, email: email, auth_token: auth_tokens.last, is_new: is_new }
+    end
+
+    def generate_token
+      auth_tokens << SecureRandom.uuid
+    end
+
+    def password=(passwd)
+      self.encrypted_password = hexdigest(passwd) if passwd.present?
+    end
+
+    def valid_password?(passwd)
+      encrypted_password == hexdigest(passwd)
+    end
+
+    def send_reset_password
+      self.code = Random.new.rand((10**(6 - 1))..(10**6)).to_s
+      ForgotPasswordMailer.reset_code(self).deliver_now if save
+    end
+
+    def logout(token)
+      auth_tokens.delete(token)
+      save
+    end
+
+    private
+
+    def send_welcome
+      WelcomeMailer.welcome(self).deliver_now
+    end
+
+    def hexdigest(text)
+      Digest::SHA256.hexdigest(text + secure_salt)
+    end
+
+    def secure_salt
+      Digest::MD5.hexdigest('a18a9143-f193-4e76-a6de-f2912e96b71f')
+    end
+  end
+end

data/app/views/api_user_auth/forgot_password_mailer/reset_code.html.erb

@@ -0,0 +1,3 @@
+<%= @email %>
+</br>
+<strong><%= @code %></strong>

data/app/views/api_user_auth/welcome_mailer/welcome.html.erb

@@ -0,0 +1,2 @@
+<h1>Welcome</h1>
+<%= @email %>

data/app/views/layouts/api_user_auth/application.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Api user auth</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "api_user_auth/application", media: "all" %>
+  <%= javascript_include_tag "api_user_auth/application" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,12 @@
+ApiUserAuth::Engine.routes.draw do
+  resources :auth, only: :create do
+    collection do
+      post 'login', action: :login
+      post 'provider', action: :provider
+      patch 'forgot_password', action: :forgot_password
+      patch 'password', action: :password
+      post 'login', action: :login
+      delete 'logout', action: :logout
+    end
+  end
+end

data/db/migrate/20180703111608_create_api_user_auth_auth_users.rb

@@ -0,0 +1,16 @@
+class CreateApiUserAuthAuthUsers < ActiveRecord::Migration[5.2]
+  def change
+    enable_extension 'pgcrypto'
+
+    create_table :api_user_auth_auth_users do |t|
+      t.string :email, null: false, index: { unique: true }
+      t.string :encrypted_password, null: false
+      t.string :code, default: ''
+      t.uuid :auth_tokens, array: true, default: []
+      t.jsonb :user_provider_data, default: {}
+      t.string :provider, default: 'email'
+
+      t.timestamps
+    end
+  end
+end

data/lib/api_user_auth/controller.rb

@@ -0,0 +1,39 @@
+module ApiUserAuth
+  # Base controller module
+  module Controller
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :authenticate
+      rescue_from Exceptions::Unauthorized, with: :auth_user_unauthorized
+    end
+
+    def auth_user_unauthorized(exception)
+      render json: { message: exception.message }, status: 401
+    end
+
+    private
+
+    def authenticate
+      if request.headers['Authorization'].blank?
+        raise Exceptions::Unauthorized,
+              'Header [Authorization] can not be blank!'
+      end
+      http_authenticate
+      if @auth_user.blank?
+        raise Exceptions::Unauthorized,
+              'Header [Authorization] token is invalid!'
+      end
+    end
+
+    def http_authenticate
+      authenticate_with_http_token do |token, _options|
+        unless token =~ ApiUserAuth::UUID_REGEX
+          raise Exceptions::Unauthorized,
+                'Header [Authorization] token is invalid!'
+        end
+        @auth_user = AuthUser.find_fy_token(token)
+      end
+    end
+  end
+end

data/lib/api_user_auth/engine.rb

@@ -0,0 +1,10 @@
+module ApiUserAuth
+  class Engine < ::Rails::Engine
+    isolate_namespace ApiUserAuth
+
+    config.generators do |g|
+      g.test_framework :rspec
+      g.fixture_replacement :factory_bot, dir: 'spec/factories'
+    end
+  end
+end

data/lib/api_user_auth/exceptions.rb

@@ -0,0 +1,9 @@
+module ApiUserAuth
+  module Exceptions
+    class Unauthorized < ::StandardError; end
+    class WrongParams < ::StandardError; end
+
+    class ProviderError < ::StandardError; end
+    class InvalidToken < ProviderError; end
+  end
+end

data/lib/api_user_auth/providers/facebook.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module ApiUserAuth
+  module Providers
+    # Get info from Facebook token
+    class Facebook
+      API_PATH = 'https://graph.facebook.com/v3.0/me'.freeze
+      FIELDS = %w[id name email birthday hometown gender picture].freeze
+
+      def initialize(token)
+        @token = token
+        @data = {}
+      end
+
+      def api_info_url
+        params = {
+          access_token: @token,
+          fields: FIELDS.join(','),
+          format: 'json'
+        }
+        URI("#{API_PATH}?#{params.to_query}")
+      end
+
+      def get_user_data
+        api_get_request
+        user_data
+      end
+
+      def user_data
+        {
+          id: @data[:id], name: @data[:name], email: @data[:email],
+          img_url: (@data[:picture] || {}).try(:[], :data).try(:[], :url),
+          info: {
+            birthday: @data[:birthday],
+            city: (@data[:hometown] || {}).try(:[], :name),
+            gender: @data[:gender]
+          }
+        }
+      end
+
+      def self.get_user(token)
+        fb = Facebook.new(token)
+        fb.get_user_data
+      end
+
+      private
+
+      def api_get_request
+        response = ::Net::HTTP.get_response(api_info_url)
+        case response.code.to_i
+        when 200
+          @data = JSON.parse(response.body, symbolize_names: true)
+        when 400
+          raise ApiUserAuth::Exceptions::InvalidToken, 'Invalid Token'
+        else
+          raise ApiUserAuth::Exceptions::ProviderError, 'Provider Error'
+        end
+      end
+    end
+  end
+end