authify-api 0.0.6 → 0.1.0

data/lib/authify/api/serializers/user_serializer.rb

@@ -7,7 +7,10 @@ module Authify
 
         attribute :email
         attribute :full_name
-        has_many :api_keys
+        attribute :admin
+        attribute :created_at
+
+        has_many :apikeys
         has_many :groups
         has_many :organizations
         has_many :identities

data/lib/authify/api/services/api.rb

@@ -6,47 +6,42 @@ module Authify
         use Middleware::JWTAuth
         register Sinatra::JSONAPI
 
-        configure do
-          set :protection, except: :http_origin
-        end
-
-        # rubocop:disable Metrics/BlockLength
-        before '*' do
-          headers 'Access-Control-Allow-Origin' => '*',
-                  'Access-Control-Allow-Methods' => %w(
-                    OPTIONS
-                    DELETE
-                    GET
-                    PATCH
-                    POST
-                    PUT
-                  )
+        helpers Helpers::APIUser
 
-          unless env[:authenticated]
-            processed_headers = request.env.dup.each_with_object({}) do |(k, v), acc|
-              acc[Regexp.last_match(1).downcase] = v if k =~ /^http_(.*)/i
+        helpers do
+          def determine_roles
+            on_behalf_of = processed_headers['x_authify_on_behalf_of']
+            if !env[:authenticated] && remote_app
+              env[:authenticated] = true
+              update_current_user on_behalf_of if on_behalf_of
             end
-            if processed_headers.key?('x_authify_access')
-              access = processed_headers['x_authify_access']
-              secret = processed_headers['x_authify_secret']
-              remote_app = Models::TrustedDelegate.from_access_key(access, secret)
-              env[:authenticated] = true if remote_app
 
-              if remote_app && processed_headers.key?('x_authify_on_behalf_of')
-                @current_user = Models::User.find_by_email(
-                  processed_headers['x_authify_on_behalf_of']
-                )
-              end
-            end
+            @roles ||= []
+            @roles << :trusted if remote_app && !on_behalf_of
+            @roles << :user if env[:authenticated]
+            @roles << :admin if current_user && current_user.admin?
           end
-          unless env[:authenticated]
-            halt 401, env[:authentication_errors].map(&:message).join(', ')
+
+          def role
+            (@roles || []).uniq
           end
         end
 
-        helpers Helpers::APIUser
+        before '*' do
+          # headers 'Access-Control-Allow-Origin' => '*',
+          #        'Access-Control-Allow-Methods' => %w(
+          #          OPTIONS
+          #          DELETE
+          #          GET
+          #          PATCH
+          #          POST
+          #          PUT
+          #        )
+          determine_roles
+        end
 
-        resource :api_keys, &Controllers::APIKey
+        resource :apikeys, &Controllers::APIKey
+        resource :identities, &Controllers::Identity
         resource :groups, &Controllers::Group
         resource :organizations, &Controllers::Organization
         resource :users, &Controllers::User

data/lib/authify/api/services/jwt_provider.rb

@@ -21,7 +21,7 @@ module Authify
           begin
             unless request.get? || request.options?
               request.body.rewind
-              @parsed_body = JSON.parse(request.body.read)
+              @parsed_body = JSON.parse(request.body.read, symbolize_names: true)
             end
           rescue => e
             halt(400, { error: "Request must be valid JSON: #{e.message}" }.to_json)
@@ -30,14 +30,26 @@ module Authify
 
         post '/token' do
           # For CLI / Typical API clients
-          access = @parsed_body['access_key']
-          secret = @parsed_body['secret_key']
+          access = @parsed_body[:access_key] || @parsed_body[:'access-key']
+          secret = @parsed_body[:secret_key] || @parsed_body[:'secret-key']
           # For Web UIs
-          email = @parsed_body['email']
-          password = @parsed_body['password']
+          email = @parsed_body[:email]
+          password = @parsed_body[:password]
+          # For Trusted Delegates signing users in via omniauth
+          del_data = @parsed_body[:delegate]
+          omni_provider = @parsed_body[:provider]
+          omni_uid = @parsed_body[:uid]
+          trusted_delegate = if del_data
+                               Models::TrustedDelegate.from_access_key(
+                                 del_data[:access],
+                                 del_data[:secret]
+                               )
+                             end
 
           found_user = if access
                          Models::User.from_api_key(access, secret)
+                       elsif trusted_delegate
+                         Models::User.from_identity(omni_provider, omni_uid)
                        elsif email
                          Models::User.from_email(email, password)
                        end
@@ -50,10 +62,20 @@ module Authify
           end
         end
 
+        # Provide information about the JWTs generated by the server
+        get '/meta' do
+          {
+            algorithm: CONFIG[:jwt][:algorithm],
+            issuer: CONFIG[:jwt][:issuer],
+            expiration: CONFIG[:jwt][:expiration]
+          }.to_json
+        end
+
+        # Provide access to the public ECDSA key
         get '/key' do
-          content_type 'application/x-pem-file'
-          headers['Content-Disposition'] = 'attachment;filename=public_key.pem'
-          public_key.export
+          {
+            data: public_key.export
+          }.to_json
         end
       end
     end

data/lib/authify/api/services/registration.rb

@@ -0,0 +1,63 @@
+module Authify
+  module API
+    module Services
+      # A Sinatra App specifically for registering with the system
+      class Registration < Service
+        helpers Helpers::APIUser
+
+        configure do
+          set :protection, except: :http_origin
+        end
+
+        before '*' do
+          content_type 'application/json'
+          headers 'Access-Control-Allow-Origin' => '*',
+                  'Access-Control-Allow-Methods' => %w(
+                    OPTIONS
+                    GET
+                    POST
+                  )
+
+          begin
+            unless request.get? || request.options?
+              request.body.rewind
+              @parsed_body = JSON.parse(request.body.read, symbolize_names: true)
+            end
+          rescue => e
+            halt(400, { error: "Request must be valid JSON: #{e.message}" }.to_json)
+          end
+        end
+
+        post '/signup' do
+          email = @parsed_body[:email]
+          via = @parsed_body[:via]
+          password = @parsed_body[:password]
+          name = @parsed_body[:name]
+          del_data = @parsed_body[:delegate]
+          trusted_delegate = if del_data
+                               Models::TrustedDelegate.from_access_key(
+                                 del_data[:access],
+                                 del_data[:secret]
+                               )
+                             end
+
+          halt(422, 'Duplicate User') if Models::User.exists?(email: email)
+          halt(403, 'Password Required') unless password || trusted_delegate
+
+          new_user = Models::User.new(email: email)
+          new_user.full_name = name if name
+          new_user.password = password if password
+          if via && via[:provider]
+            new_user.identities.build(
+              provider: via[:provider],
+              uid: via[:uid] ? via[:uid] : email
+            )
+          end
+          new_user.save
+          update_current_user new_user
+          { id: new_user.id, email: new_user.email, jwt: jwt_token(new_user) }.to_json
+        end
+      end
+    end
+  end
+end

data/lib/authify/api/version.rb

@@ -2,8 +2,8 @@ module Authify
   module API
     VERSION = [
       0, # Major
-      0, # Minor
-      6  # Patch
+      1, # Minor
+      0  # Patch
     ].join('.')
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authify-api
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.1.0
 platform: ruby
 authors:
 - Jonathan Gnagy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-02-07 00:00:00.000000000 Z
+date: 2017-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: authify-core
@@ -56,16 +56,42 @@ dependencies:
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: sinatra-contrib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0.beta2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: sinatra-activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -123,33 +149,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: jsonapi-serializers
+  name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: sinja
+  name: jsonapi-serializers
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '0.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '0.16'
 - !ruby/object:Gem::Dependency
   name: puma
   requirement: !ruby/object:Gem::Requirement
@@ -287,29 +313,34 @@ files:
 - db/migrate/20170203231922_create_organizations_and_organization_memberships.rb
 - db/migrate/20170203231929_create_groups.rb
 - db/migrate/20170204001405_create_trusted_delegates.rb
+- db/migrate/20170208021933_add_admin_to_user.rb
+- db/migrate/20170208022427_set_default_for_user_admin.rb
 - db/schema.rb
 - lib/authify/api.rb
-- lib/authify/api/controllers/api_key.rb
+- lib/authify/api/controllers/apikey.rb
 - lib/authify/api/controllers/group.rb
+- lib/authify/api/controllers/identity.rb
 - lib/authify/api/controllers/organization.rb
 - lib/authify/api/controllers/user.rb
 - lib/authify/api/helpers/api_user.rb
 - lib/authify/api/helpers/jwt_encryption.rb
 - lib/authify/api/jsonapi_utils.rb
-- lib/authify/api/models/api_key.rb
+- lib/authify/api/models/apikey.rb
 - lib/authify/api/models/group.rb
 - lib/authify/api/models/identity.rb
 - lib/authify/api/models/organization.rb
 - lib/authify/api/models/organization_membership.rb
 - lib/authify/api/models/trusted_delegate.rb
 - lib/authify/api/models/user.rb
-- lib/authify/api/serializers/api_key_serializer.rb
+- lib/authify/api/serializers/apikey_serializer.rb
 - lib/authify/api/serializers/group_serializer.rb
+- lib/authify/api/serializers/identity_serializer.rb
 - lib/authify/api/serializers/organization_serializer.rb
 - lib/authify/api/serializers/user_serializer.rb
 - lib/authify/api/service.rb
 - lib/authify/api/services/api.rb
 - lib/authify/api/services/jwt_provider.rb
+- lib/authify/api/services/registration.rb
 - lib/authify/api/version.rb
 homepage: https://github.com/knuedge/authify-api
 licenses:

data/lib/authify/api/controllers/api_key.rb

@@ -1,36 +0,0 @@
-module Authify
-  module API
-    module Controllers
-      APIKey = proc do
-        helpers do
-          def find(id)
-            Models::APIKey.find(id.to_i)
-          end
-        end
-
-        index do
-          Models::APIKey.all
-        end
-
-        show do
-          last_modified resource.updated_at
-          next resource
-        end
-
-        destroy do
-          resource.destroy
-        end
-
-        show_many do |ids|
-          Models::APIKey.find(ids)
-        end
-
-        has_one :user do
-          pluck do
-            resource.user
-          end
-        end
-      end
-    end
-  end
-end