RubyGems - atomic_admin - Versions diffs - 1.1.0 → 2.0.0.beta.1 - Mend

atomic_admin 1.1.0 → 2.0.0.beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

data/app/controllers/concerns/require_jwt_token.rb ADDED Viewed

@@ -0,0 +1,77 @@
+module RequireJwtToken
+   extend ActiveSupport::Concern
+  included do
+    attr_accessor :auth_source
+    before_action :validate_admin_token
+    before_action :validate_internal_token
+  end
+  def is_atomic_admin?
+    self.auth_source == :atomic_admin
+  end
+  def is_internal?
+    self.auth_source == :internal
+  end
+  protected
+  def validate_admin_token
+    encoded_token = get_encoded_token(request)
+    decoder = AtomicAdmin::JwtToken::JwksDecoder.new(AtomicAdmin.admin_jwks_url)
+    token = decoder.decode(encoded_token)&.first
+    validate_claims!(token)
+    self.auth_source = :atomic_admin
+    token
+  rescue Exception => e
+    # Capture all exceptions to let the internal token validation handle it
+    Rails.logger.error "Admin JWT Error occured #{e.inspect}"
+    nil
+  end
+  def validate_internal_token
+    return if is_atomic_admin?
+    encoded_token = get_encoded_token(request)
+    decoder = AtomicAdmin::JwtToken::SecretDecoder.new(AtomicAdmin.internal_secret)
+    token = decoder.decode!(encoded_token)
+    validate_claims!(token)
+    current_application_instance_id = request.env['atomic.validated.application_instance_id']
+    if current_application_instance_id && current_application_instance_id != token["application_instance_id"]
+      raise AtomicAdmin::JwtToken::InvalidTokenError, "Invalid application instance id"
+    end
+    @user_tenant = token["user_tenant"] if token["user_tenant"].present?
+    @user = User.find(token["user_id"])
+    sign_in(@user, event: :authentication, store: false)
+    self.auth_source = :internal
+  rescue JWT::DecodeError, AtomicAdmin::JwtToken::InvalidTokenError => e
+    Rails.logger.error "Internal JWT Error occured #{e.inspect}"
+    render json: { error: "Unauthorized: Invalid token." }, status: :unauthorized
+  end
+  private
+  def get_encoded_token(req)
+    return req.params[:jwt] if req.params[:jwt]
+    header = req.headers["Authorization"] || req.headers[:authorization]
+    raise AtomicAdmin::JwtToken::MissingTokenError, "No authorization header found" if header.nil?
+    token = header.split(" ").last
+    raise AtomicAdmin::JwtToken::MissingTokenError, "Invalid authorization header string" if token.nil?
+    token
+  end
+  def validate_claims!(token)
+    if AtomicAdmin.audience != token["aud"]
+      raise AtomicAdmin::JwtToken::InvalidTokenError, "Expected audience to be #{AtomicAdmin.audience} but was #{token["aud"]}"
+    end
+  end
+end

data/config/routes.rb CHANGED Viewed

@@ -1,13 +1,29 @@
 AtomicAdmin::Engine.routes.draw do
-    # namespace :lti do
-  resources :atomic_lti_platform
-  resources :atomic_lti_install
-  resources :atomic_tenant_deployment
-  post '/atomic_tenant_deployment/search', to: 'atomic_tenant_deployment#search'
+  namespace :api do
+    namespace :admin do
+      namespace :v1 do
+        resources :lti_platforms
+        resources :lti_installs
+        resources :tenant_deployments
+        resources :sites
-  resources :atomic_tenant_platform_guid_strategy
-  post '/atomic_tenant_platform_guid_strategy/search', to: 'atomic_tenant_platform_guid_strategy#search'
-  post '/atomic_tenant_client_id_strategy/search', to: 'atomic_tenant_client_id_strategy#search'
+        resources :applications do
+          member do
+            get :interactions
+          end
-  resources :atomic_tenant_client_id_strategy
+          resources :application_instances do
+            member do
+              get :interactions
+              get :stats
+            end
+            resources :tenant_client_id_strategies
+            resources :tenant_platform_guid_strategies
+            resources :tenant_deployments
+          end
+        end
+      end
+    end
+  end
 end

data/lib/atomic_admin/interaction.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module AtomicAdmin::Interaction
+  class Manager
+    def initialize
+      @interactions = {}
+      @curr_index = 0
+    end
+    def add(key, **kwargs)
+      @interactions[key] = {
+        **kwargs,
+        order: @curr_index,
+      }
+      @curr_index += 1
+    end
+    def get(key)
+      @interactions[key]
+    end
+    def tap
+      yield self
+      self
+    end
+    def resolve(**kwargs)
+      sorted = @interactions.sort_by { |key, interaction| interaction[:order] }
+      sorted.map do |key, interaction|
+        type = interaction[:type]
+        hash = {
+          key: key,
+          type: type,
+          title: interaction[:title],
+          icon: interaction[:icon],
+        }
+        case type
+        when :jsonform
+          schema_factory = interaction[:schema]
+          schema = schema_factory.new(**kwargs)
+          hash[:schema] = schema.schema
+          hash[:uischema] = schema.uischema
+        end
+        hash
+      end
+    end
+  end
+end

data/lib/atomic_admin/jwt_token/jwks_decoder.rb ADDED Viewed

@@ -0,0 +1,41 @@
+module AtomicAdmin::JwtToken
+  # Decodes a JWT token using the JWKS endpoint
+  # This is used for decoding JWT tokens issued by the new
+  # admin app
+  class JwksDecoder
+    ALGORITHMS = ["RS256"].freeze
+    def initialize(jwks_url, algorithms = ALGORITHMS)
+      @jwks_url = jwks_url
+      @algorithms = algorithms
+    end
+    def decode(token, validate = true)
+      load_admin_jwks = ->(options) do
+        Rails.cache.delete("atomic_admin_jwks") if options[:kid_not_found]
+        # NOTE: the cached keys only expire when we recieve a kid_not_found error
+        keys = Rails.cache.fetch("atomic_admin_jwks") do
+          HTTParty.get(@jwks_url).parsed_response
+        end
+        JWT::JWK::Set.new(keys).select { |k| k[:use] == "sig" }
+      end
+      JWT.decode(
+        token,
+        nil,
+        validate,
+        { algorithms: @algorithms, jwks: load_admin_jwks },
+      )
+    end
+    def decode!(token)
+      token = decode(token)
+      raise AtomicAdmin::JwtToken::InvalidTokenError, "Unable to decode jwt token" if token.blank?
+      raise AtomicAdmin::JwtToken::InvalidTokenError, "Invalid token payload" if token.empty?
+      token[0]
+    end
+  end
+end

data/lib/atomic_admin/jwt_token/secret_decoder.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module AtomicAdmin::JwtToken
+  # Decodes a JWT token using a known secret. This is used for decoding
+  # JWT tokens issued by the application itself for the old admin app
+  class SecretDecoder
+    ALGORITHM = "HS512".freeze
+    def initialize(secret, algorithm = ALGORITHM)
+      @secret = secret
+      @algorithm = algorithm
+    end
+    def decode(token, validate = true)
+      JWT.decode(
+        token,
+        @secret,
+        validate,
+        { algorithm: @algorithm },
+      )
+    end
+    def decode!(token)
+      token = decode(token)
+      raise AtomicAdmin::JwtToken::InvalidTokenError, "Unable to decode jwt token" if token.blank?
+      raise AtomicAdmin::JwtToken::InvalidTokenError, "Invalid token payload" if token.empty?
+      token[0]
+    end
+  end
+end

data/lib/atomic_admin/jwt_token.rb CHANGED Viewed

@@ -1,69 +1,9 @@
-## Note: This code is basically copied out of the starter app to authenticate
-##        admin app api calls. Lives at /app/controllers/concerns/jwt_token.rb in
-##        starter app
+require_relative 'jwt_token/jwks_decoder'
+require_relative 'jwt_token/secret_decoder'
 module AtomicAdmin
   module JwtToken
-    ALGORITHM = "HS512".freeze
     class InvalidTokenError < StandardError; end
-    def self.valid?(token, secret = nil, algorithm = ALGORITHM)
-      decode(token, secret, true, algorithm)
-    end
-    def self.decode(token, secret = nil, validate = true, algorithm = ALGORITHM)
-      JWT.decode(
-        token,
-        secret || Rails.application.secrets.auth0_client_secret,
-        validate,
-        { algorithm: algorithm },
-      )
-    end
-    def decoded_jwt_token(req, secret = nil)
-      token = AtomicAdmin::JwtToken.valid?(encoded_token(req), secret)
-      raise InvalidTokenError, "Unable to decode jwt token" if token.blank?
-      raise InvalidTokenError, "Invalid token payload" if token.empty?
-      token[0]
-    end
-    def validate_token
-      token = decoded_jwt_token(request)
-      raise InvalidTokenError if Rails.application.secrets.auth0_client_id != token["aud"]
-      current_application_instance_id = request.env['atomic.validated.application_instance_id']
-      if current_application_instance_id && current_application_instance_id != token["application_instance_id"]
-        raise InvalidTokenError
-      end
-      @user_tenant = token["user_tenant"] if token["user_tenant"].present?
-      @user = User.find(token["user_id"])
-      sign_in(@user, event: :authentication, store: false)
-    rescue JWT::DecodeError, InvalidTokenError => e
-      Rails.logger.error "JWT Error occured #{e.inspect}"
-      begin
-        render json: { error: "Unauthorized: Invalid token." }, status: :unauthorized
-      rescue NoMethodError
-        raise GraphQL::ExecutionError, "Unauthorized: Invalid token."
-      end
-    end
-    protected
-    def encoded_token(req)
-      return req.params[:jwt] if req.params[:jwt]
-      header = req.headers["Authorization"] || req.headers[:authorization]
-      raise InvalidTokenError, "No authorization header found" if header.nil?
-      token = header.split(" ").last
-      raise InvalidTokenError, "Invalid authorization header string" if token.nil?
-      token
-    end
+    class MissingTokenError < StandardError; end
   end
-end
+end

data/lib/atomic_admin/schema/application_instance_configuration_schema.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module AtomicAdmin::Schema
+  class ApplicationInstanceConfigurationSchema < ApplicationInstanceSchema
+    def schema
+      {
+        type: "object",
+        properties: {
+          config: {
+            type: "object",
+          },
+          lti_config: {
+            type: "object",
+          },
+        },
+      }
+    end
+    def uischema
+      {
+        type: "VerticalLayout",
+        elements: [
+          {
+            type: "Group",
+            label: "Custom App Instance Configuration",
+            elements: [
+              {
+                type: "Control",
+                scope: "#/properties/config",
+                options: {
+                  format: "json",
+                  props: {
+                    size: "full",
+                    label: "",
+                    height: "400px",
+                  },
+                },
+              },
+            ],
+          },
+          {
+            type: "Group",
+            label: "LTI Config",
+            elements: [
+              {
+                type: "Control",
+                scope: "#/properties/lti_config",
+                options: {
+                  format: "json",
+                  props: {
+                    size: "full",
+                    label: "",
+                    height: "400px",
+                  },
+                },
+              },
+            ],
+          },
+        ],
+      }
+    end
+  end
+end

data/lib/atomic_admin/schema/application_instance_create_schema.rb ADDED Viewed

@@ -0,0 +1,77 @@
+module AtomicAdmin::Schema
+  class ApplicationInstanceCreateSchema
+    attr_accessor :application
+    def initialize(application)
+      @application = application
+    end
+    def schema
+      sites = Site.all
+      {
+        type: "object",
+        required: ["nickname", "site_id", "lti_key"],
+        properties: {
+          nickname: {
+            type: "string",
+            minLength: 1,
+          },
+          primary_contact: {
+            type: ["string", "null"],
+          },
+          lti_key: {
+            type: "string",
+          },
+          site_id: {
+            type: "number",
+            oneOf: sites.map do |site|
+              {
+                title: site.url,
+                const: site.id
+              }
+            end
+          },
+        },
+      }
+    end
+    def uischema
+      {
+        type: "VerticalLayout",
+        elements: [
+          {
+            type: "HorizontalLayout",
+            elements: [
+              {
+                type: "Control",
+                scope: "#/properties/nickname",
+              },
+              {
+                type: "Control",
+                scope: "#/properties/primary_contact",
+              },
+            ],
+          },
+          {
+            type: "HorizontalLayout",
+            elements: [
+              {
+                type: "Control",
+                scope: "#/properties/site_id",
+                props: {
+                  label: "Site"
+                }
+              },
+              {
+                type: "Control",
+                scope: "#/properties/lti_key",
+              },
+            ]
+          }
+       ]
+      }
+    end
+  end
+end

data/lib/atomic_admin/schema/application_instance_general_settings_schema.rb ADDED Viewed

@@ -0,0 +1,156 @@
+module AtomicAdmin::Schema
+  class ApplicationInstanceGeneralSettingsSchema < ApplicationInstanceSchema
+    def schema
+      sites = Site.all
+      {
+        type: "object",
+        properties: {
+          nickname: {
+            type: "string",
+            minLength: 1,
+          },
+          primary_contact: {
+            type: ["string", "null"],
+          },
+          created_at: {
+            type: "string",
+            format: "date-time",
+          },
+          lti_key: {
+            type: "string",
+          },
+          lti_secret: {
+            type: "string",
+          },
+          #  The available sites is based on the sites that have been created
+          #  so this would require it to be dynamically generated on the fly
+          site_id: {
+            type: "number",
+            oneOf: sites.map do |site|
+              {
+                title: site.url,
+                const: site.id
+              }
+            end
+          },
+          domain: {
+            type: "string",
+          },
+          canvas_token: {
+            type: ["string", "null"],
+          },
+          rollbar_enabled: {
+            type: "boolean",
+          },
+          use_scoped_developer_key: {
+            type: "boolean",
+          },
+        },
+        required: ["nickname"],
+      }
+    end
+    def uischema
+      token_preview = @application_instance.canvas_token_preview() || "Not set"
+      {
+        type: "HorizontalLayout",
+        elements: [
+          {
+            type: "Group",
+            label: "General Settings",
+            elements: [
+              {
+                type: "VerticalLayout",
+                elements: [
+                  {
+                    type: "Control",
+                    scope: "#/properties/nickname",
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/primary_contact",
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/created_at",
+                    label: "Date Created",
+                    options: {
+                      format: "date",
+                      props: {
+                        isReadOnly: true,
+                        size: "small",
+                      },
+                    },
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/site_id",
+                    label: "LMS URL",
+                    options: {
+                      props: {
+                        menuSize: "auto",
+                      }
+                    }
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/domain",
+                    label: "LTI Tool Domain",
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/canvas_token",
+                    label: "Canvas Token",
+                    options: {
+                      props: {
+                        message: "Current Canvas Token: #{token_preview}",
+                      },
+                    },
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/rollbar_enabled",
+                    label: "Enable Rollbar",
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/use_scoped_developer_key",
+                    label: "Use Scoped Developer Key",
+                  },
+                ],
+              },
+            ],
+          },
+          {
+            type: "Group",
+            label: "LTI Key and Secret",
+            elements: [
+              {
+                type: "VerticalLayout",
+                elements: [
+                  {
+                    type: "Control",
+                    scope: "#/properties/lti_key",
+                    label: "LTI Key",
+                    options: {
+                      props: {
+                        isReadOnly: true,
+                      },
+                    },
+                  },
+                  {
+                    type: "Control",
+                    scope: "#/properties/lti_secret",
+                    label: "LTI Secret",
+                  },
+                ],
+              },
+            ],
+          },
+        ],
+      }
+    end
+  end
+end