RubyGems - aven - Versions diffs - 0.0.1 → 0.0.2 - Mend

aven 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 787e11b1022af941769fa87fa5ba94984d46cb1dad8b0920ff780ece60f2b68d
-  data.tar.gz: f6485456b219a405fc48d7ae645098fcda745877a7efd93a6a61522e5383b065
+  metadata.gz: a02e3ced6d96476bc2d2237a080cd459c7787295f0838558613b8c56c65417d2
+  data.tar.gz: da6fef70eddb6b4b3c9b22d9ef9dedc3553457a6745e4e8839f45352f5685c47
 SHA512:
-  metadata.gz: a5e5a300447b6cf2768acd41bf5c16ba3f56400a8da4e3a491e8263e7127e2b1d2b3346c033281e2500671d4c9bf6e86f9286799478afa27b73ca66bee2d886e
-  data.tar.gz: ba97a554b0c026cb4fb3af9ae5c6b5470746f47cf3d8c74788aa2f8dcedb477b08dc9a766c8cd8c425718c0b934339f20ecee788e732f8d7b04499be5b6b50e8
+  metadata.gz: 1024472cdaf1a181500949d2a40ac7d997299411f53f9614826f501c43e383a0a1f288c03bf74e508180074eaec9b89a9a451409900fb24e972033f6496799cf
+  data.tar.gz: c94494371d0a5f62d3a81bcfc8c0b31026189e7d2df8a04675dacebd3724def86e137172691ef1c905b313f14d2e3f5556edc428e7a1b4f794824f338eeedb96

data/Rakefile CHANGED Viewed

@@ -1,6 +1,6 @@
 require "bundler/setup"
-APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
 load "rails/tasks/engine.rake"
 load "rails/tasks/statistics.rake"

data/app/components/aven/views/oauth/error/component.html.erb ADDED Viewed

@@ -0,0 +1,44 @@
+<div class="min-h-screen flex items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
+  <div class="max-w-md w-full space-y-8">
+    <div>
+      <h2 class="mt-6 text-center text-3xl font-extrabold text-gray-900">
+        Authentication Failed
+      </h2>
+      <div class="mt-4 bg-red-50 border border-red-200 rounded-md p-4">
+        <div class="flex">
+          <div class="flex-shrink-0">
+            <svg class="h-5 w-5 text-red-400" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor">
+              <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd" />
+            </svg>
+          </div>
+          <div class="ml-3">
+            <h3 class="text-sm font-medium text-red-800">
+              <%= error_message %>
+            </h3>
+            <% if error_class.present? %>
+              <p class="mt-2 text-xs text-red-700">
+                Error type: <%= error_class %>
+              </p>
+            <% end %>
+          </div>
+        </div>
+      </div>
+    </div>
+    <div class="space-y-4">
+      <% provider_links.each do |provider| %>
+        <%= link_to(
+          "Try again with #{provider.to_s.capitalize}",
+          oauth_path_for(provider),
+          class: "group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500"
+        ) %>
+      <% end %>
+      <%= link_to(
+        "Back to home",
+        home_path,
+        class: "group relative w-full flex justify-center py-2 px-4 border border-gray-300 text-sm font-medium rounded-md text-gray-700 bg-white hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500"
+      ) %>
+    </div>
+  </div>
+</div>

data/app/components/aven/views/oauth/error/component.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Aven::Views::Oauth::Error
+  class Component < Aven::ApplicationViewComponent
+    option :error_message
+    option :error_class, optional: true
+    option :current_user, optional: true
+    def provider_links
+      Aven.configuration.oauth_providers.keys
+    end
+    def oauth_path_for(provider)
+      case provider.to_sym
+      when :github
+        Aven::Engine.routes.url_helpers.oauth_github_path
+      when :google
+        Aven::Engine.routes.url_helpers.oauth_google_path
+      else
+        "#"
+      end
+    end
+    def home_path
+      if helpers.respond_to?(:main_app) && helpers.main_app.respond_to?(:root_path)
+        helpers.main_app.root_path
+      else
+        Aven::Engine.routes.url_helpers.root_path
+      end
+    end
+  end
+end

data/app/components/aven/views/static/index/component.html.erb CHANGED Viewed

@@ -4,13 +4,13 @@
 <% if current_user %>
   <div><%= current_user.id %></div>
-  <%= link_to("Logout", helpers.logout_path) %>
+  <%= link_to("Logout", Aven::Engine.routes.url_helpers.logout_path) %>
 <% else %>
-  <% Aven.configuration.auth.providers.each do |provider_config| %>
+  <% Aven.configuration.oauth_providers.each do |provider, config| %>
     <%=
       link_to(
-        "Login with #{provider_config[:provider]}",
-        helpers.authenticate_path(provider: provider_config[:provider])
+        "Login with #{provider.to_s.capitalize}",
+        oauth_path_for(provider)
       )
     %>
   <% end %>

data/app/components/aven/views/static/index/component.rb CHANGED Viewed

@@ -1,5 +1,16 @@
 module Aven::Views::Static::Index
   class Component < Aven::ApplicationViewComponent
     option(:current_user, optional: true)
+    def oauth_path_for(provider)
+      case provider.to_sym
+      when :github
+        Aven::Engine.routes.url_helpers.oauth_github_path
+      when :google
+        Aven::Engine.routes.url_helpers.oauth_google_path
+      else
+        "#"
+      end
+    end
   end
 end

data/app/controllers/aven/admin/base.rb CHANGED Viewed

@@ -6,11 +6,11 @@ module Aven
       private
-      def authenticate_admin!
-        unless current_user&.admin
-          redirect_to(root_path)
+        def authenticate_admin!
+          unless current_user&.admin
+            redirect_to(root_path)
+          end
         end
-      end
     end
   end
 end

data/app/controllers/aven/application_controller.rb CHANGED Viewed

@@ -1,5 +1,27 @@
 module Aven
   class ApplicationController < ActionController::Base
     include Aven::ApplicationHelper
+    helper_method :current_workspace
+    # Get the current workspace from session
+    def current_workspace
+      return @current_workspace if defined?(@current_workspace)
+      @current_workspace = if session[:workspace_id].present? && current_user
+        current_user.workspaces.find_by(id: session[:workspace_id])
+      elsif current_user
+        # Auto-select first workspace if none selected
+        workspace = current_user.workspaces.first
+        session[:workspace_id] = workspace&.id
+        workspace
+      end
+    end
+    # Set the current workspace
+    def current_workspace=(workspace)
+      @current_workspace = workspace
+      session[:workspace_id] = workspace&.id
+    end
   end
 end

data/app/controllers/aven/auth_controller.rb CHANGED Viewed

@@ -1,64 +1,12 @@
-# frozen_string_literal: true
 module Aven
   class AuthController < ApplicationController
-    def authenticate
-      provider = params[:provider].to_s
-      raise(StandardError, "invalid provider") unless configured_providers.include?(provider)
-      redirect_post(
-        send("user_#{provider}_omniauth_authorize_path"),
-        params: { authenticity_token: form_authenticity_token }
-      )
-    end
-    def action_missing(action_name)
-      if configured_providers.include?(action_name.to_s)
-        handle_omniauth(action_name.to_s)
-      else
-        raise AbstractController::ActionNotFound, "The action '#{action_name}' could not be found for #{self.class.name}"
-      end
-    end
-    def passthru
-      logout if request.method == "GET"
-    end
-    def failure
-      logout if request.method == "GET"
-    end
     def logout
-      sign_out(current_user) if current_user
-      reset_session
-      redirect_to after_sign_out_path_for(nil)
-    end
-    private
-    def configured_providers
-      @configured_providers ||= Aven.configuration.auth.providers.map { |p| p[:provider].to_s }
-    end
-    def handle_omniauth(kind)
-      auth_tenant = request.host # or however you determine tenant
-      user = Aven::User.create_from_omniauth!(request.env, auth_tenant)
-      if user.persisted?
-        sign_in_and_redirect user, event: :authentication
-      else
-        session["devise.auth"] = request.env["omniauth.auth"].except(:extra)
-        redirect_to new_user_registration_url
+      sign_out
+      begin
+        redirect_to(main_app.root_path, notice: "You have been signed out successfully.")
+      rescue NoMethodError
+        redirect_to(root_path, notice: "You have been signed out successfully.")
       end
     end
-    def after_sign_in_path_for(resource)
-      stored_location_for(resource) || Aven.configuration.authenticated_root_path || root_path
-    end
-    def after_sign_out_path_for(resource_or_scope)
-      Aven.configuration.authenticated_root_path || root_path
-    end
   end
-end
+end

data/app/controllers/aven/oauth/auth0_controller.rb ADDED Viewed

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+require "net/http"
+require "json"
+module Aven
+  module Oauth
+    class Auth0Controller < BaseController
+      # Auth0 uses your domain (e.g., your-tenant.auth0.com or your-tenant.us.auth0.com)
+      # These URLs will be constructed dynamically based on the configured domain
+      DEFAULT_SCOPE = "openid email profile"
+      protected
+        def authorization_url(state)
+          params = {
+            client_id: oauth_config[:client_id],
+            redirect_uri: callback_url,
+            response_type: "code",
+            scope: oauth_config[:scope] || DEFAULT_SCOPE,
+            state:
+          }
+          # Optionally add audience parameter if specified (for API access)
+          params[:audience] = oauth_config[:audience] if oauth_config[:audience].present?
+          "#{auth0_authorization_url}?#{params.to_query}"
+        end
+        def exchange_code_for_token(code)
+          params = {
+            grant_type: "authorization_code",
+            client_id: oauth_config[:client_id],
+            client_secret: oauth_config[:client_secret],
+            code:,
+            redirect_uri: callback_url
+          }
+          oauth_request(URI(auth0_token_url), params)
+        end
+        def fetch_user_info(access_token)
+          response = oauth_get_request(URI(auth0_userinfo_url), access_token)
+          {
+            id: response[:sub],
+            email: response[:email],
+            name: response[:name] || response[:nickname],
+            picture: response[:picture]
+          }
+        end
+      private
+        def callback_url
+          aven.oauth_auth0_callback_url(host: request.host, protocol: request.protocol)
+        end
+        def oauth_config
+          @oauth_config ||= Aven.configuration.oauth_providers[:auth0] || raise("Auth0 OAuth not configured")
+        end
+        def auth0_domain
+          @auth0_domain ||= oauth_config[:domain] || raise("Auth0 domain not configured")
+        end
+        def auth0_base_url
+          @auth0_base_url ||= auth0_domain.start_with?("http") ? auth0_domain : "https://#{auth0_domain}"
+        end
+        def auth0_authorization_url
+          "#{auth0_base_url}/authorize"
+        end
+        def auth0_token_url
+          "#{auth0_base_url}/oauth/token"
+        end
+        def auth0_userinfo_url
+          "#{auth0_base_url}/userinfo"
+        end
+    end
+  end
+end

data/app/controllers/aven/oauth/base_controller.rb ADDED Viewed

@@ -0,0 +1,183 @@
+# frozen_string_literal: true
+module Aven
+  module Oauth
+    class BaseController < ApplicationController
+      skip_before_action :verify_authenticity_token, only: [:callback]
+      # Initiates OAuth flow
+      def create
+        state = SecureRandom.hex(16)
+        session[:oauth_state] = state
+        redirect_to authorization_url(state), allow_other_host: true
+      end
+      # Handles OAuth callback
+      def callback
+        validate_state!
+        token_data = exchange_code_for_token(params[:code])
+        user_info = fetch_user_info(token_data[:access_token])
+        user = find_or_create_user(user_info, token_data)
+        if user.persisted?
+          sign_in_and_redirect(user)
+        else
+          handle_failed_authentication(user)
+        end
+      rescue => e
+        Rails.logger.error("OAuth authentication failed: #{e.class.name} - #{e.message}")
+        Rails.logger.error(e.backtrace.first(10).join("\n")) unless Rails.env.production?
+        error_message = if Rails.env.production?
+          "Authentication failed. Please try again."
+        else
+          "#{e.message}"
+        end
+        error_class = Rails.env.production? ? nil : e.class.name
+        render_error_page(error_message, error_class)
+      end
+      # Renders OAuth error page
+      def error
+        @error_message = params[:message] || "Authentication failed"
+        @error_class = params[:error_class]
+        view_component(
+          "oauth/error",
+          error_message: @error_message,
+          error_class: @error_class,
+          current_user:
+        )
+      end
+      protected
+        # Must be implemented by subclasses
+        def authorization_url(state)
+          raise NotImplementedError
+        end
+        def exchange_code_for_token(code)
+          raise NotImplementedError
+        end
+        def fetch_user_info(access_token)
+          raise NotImplementedError
+        end
+        # Common helper methods
+        def validate_state!
+          if params[:state] != session[:oauth_state]
+            raise StandardError, "Invalid state parameter"
+          end
+          session.delete(:oauth_state)
+        end
+        def find_or_create_user(user_info, token_data)
+          auth_tenant = request.host
+          user = Aven::User.where(auth_tenant:)
+                           .where("remote_id = ? OR email = ?", user_info[:id].to_s, user_info[:email])
+                           .first_or_initialize
+          user.tap do |u|
+            u.auth_tenant = auth_tenant
+            u.remote_id = user_info[:id].to_s
+            u.email = user_info[:email]
+            u.access_token = token_data[:access_token]
+            u.save
+          end
+        end
+        def sign_in_and_redirect(user)
+          sign_in(user)
+          set_current_workspace_for(user)
+          redirect_to after_sign_in_path_for(user)
+        end
+        def set_current_workspace_for(user)
+          workspace = user.workspaces.first
+          # Create default workspace if user has none (new sign up)
+          if workspace.nil?
+            workspace = Aven::Workspace.create!(label: "Default Workspace")
+            Aven::WorkspaceUser.create!(user: user, workspace: workspace)
+            user.reload
+          end
+          # Set current workspace in session
+          session[:workspace_id] = workspace.id
+        end
+        def handle_failed_authentication(user)
+          error_message = if !Rails.env.production? && user.errors.any?
+            user.errors.full_messages.join(", ")
+          else
+            "Failed to create user account"
+          end
+          error_class = Rails.env.production? ? nil : "User::ValidationError"
+          render_error_page(error_message, error_class)
+        end
+        def render_error_page(message, error_class = nil)
+          view_component(
+            "oauth/error",
+            error_message: message,
+            error_class:,
+            current_user:
+          )
+        end
+        def after_sign_in_path_for(resource)
+          stored_location_for(resource) ||
+            Aven.configuration.resolve_authenticated_root_path ||
+            begin
+              main_app.root_path
+            rescue NoMethodError
+              root_path
+            end
+        end
+        # HTTP helper for OAuth requests
+        def oauth_request(uri, params, headers = {})
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
+          request = Net::HTTP::Post.new(uri)
+          request.set_form_data(params)
+          headers.each { |key, value| request[key] = value }
+          response = http.request(request)
+          unless response.is_a?(Net::HTTPSuccess)
+            raise StandardError, "OAuth request failed: #{response.body}"
+          end
+          JSON.parse(response.body, symbolize_names: true)
+        end
+        def oauth_get_request(uri, access_token)
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
+          request = Net::HTTP::Get.new(uri)
+          request["Authorization"] = "Bearer #{access_token}"
+          response = http.request(request)
+          unless response.is_a?(Net::HTTPSuccess)
+            raise StandardError, "OAuth request failed: #{response.body}"
+          end
+          JSON.parse(response.body, symbolize_names: true)
+        end
+    end
+  end
+end