aven 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 787e11b1022af941769fa87fa5ba94984d46cb1dad8b0920ff780ece60f2b68d
-  data.tar.gz: f6485456b219a405fc48d7ae645098fcda745877a7efd93a6a61522e5383b065
+  metadata.gz: a02e3ced6d96476bc2d2237a080cd459c7787295f0838558613b8c56c65417d2
+  data.tar.gz: da6fef70eddb6b4b3c9b22d9ef9dedc3553457a6745e4e8839f45352f5685c47
 SHA512:
-  metadata.gz: a5e5a300447b6cf2768acd41bf5c16ba3f56400a8da4e3a491e8263e7127e2b1d2b3346c033281e2500671d4c9bf6e86f9286799478afa27b73ca66bee2d886e
-  data.tar.gz: ba97a554b0c026cb4fb3af9ae5c6b5470746f47cf3d8c74788aa2f8dcedb477b08dc9a766c8cd8c425718c0b934339f20ecee788e732f8d7b04499be5b6b50e8
+  metadata.gz: 1024472cdaf1a181500949d2a40ac7d997299411f53f9614826f501c43e383a0a1f288c03bf74e508180074eaec9b89a9a451409900fb24e972033f6496799cf
+  data.tar.gz: c94494371d0a5f62d3a81bcfc8c0b31026189e7d2df8a04675dacebd3724def86e137172691ef1c905b313f14d2e3f5556edc428e7a1b4f794824f338eeedb96

data/Rakefile

@@ -1,6 +1,6 @@
 require "bundler/setup"
 
-APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
 load "rails/tasks/engine.rake"
 
 load "rails/tasks/statistics.rake"

data/app/components/aven/views/oauth/error/component.html.erb

@@ -0,0 +1,44 @@
+<div class="min-h-screen flex items-center justify-center bg-gray-50 py-12 px-4 sm:px-6 lg:px-8">
+  <div class="max-w-md w-full space-y-8">
+    <div>
+      <h2 class="mt-6 text-center text-3xl font-extrabold text-gray-900">
+        Authentication Failed
+      </h2>
+      <div class="mt-4 bg-red-50 border border-red-200 rounded-md p-4">
+        <div class="flex">
+          <div class="flex-shrink-0">
+            <svg class="h-5 w-5 text-red-400" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor">
+              <path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd" />
+            </svg>
+          </div>
+          <div class="ml-3">
+            <h3 class="text-sm font-medium text-red-800">
+              <%= error_message %>
+            </h3>
+            <% if error_class.present? %>
+              <p class="mt-2 text-xs text-red-700">
+                Error type: <%= error_class %>
+              </p>
+            <% end %>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="space-y-4">
+      <% provider_links.each do |provider| %>
+        <%= link_to(
+          "Try again with #{provider.to_s.capitalize}",
+          oauth_path_for(provider),
+          class: "group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500"
+        ) %>
+      <% end %>
+
+      <%= link_to(
+        "Back to home",
+        home_path,
+        class: "group relative w-full flex justify-center py-2 px-4 border border-gray-300 text-sm font-medium rounded-md text-gray-700 bg-white hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500"
+      ) %>
+    </div>
+  </div>
+</div>

data/app/components/aven/views/oauth/error/component.rb

@@ -0,0 +1,30 @@
+module Aven::Views::Oauth::Error
+  class Component < Aven::ApplicationViewComponent
+    option :error_message
+    option :error_class, optional: true
+    option :current_user, optional: true
+
+    def provider_links
+      Aven.configuration.oauth_providers.keys
+    end
+
+    def oauth_path_for(provider)
+      case provider.to_sym
+      when :github
+        Aven::Engine.routes.url_helpers.oauth_github_path
+      when :google
+        Aven::Engine.routes.url_helpers.oauth_google_path
+      else
+        "#"
+      end
+    end
+
+    def home_path
+      if helpers.respond_to?(:main_app) && helpers.main_app.respond_to?(:root_path)
+        helpers.main_app.root_path
+      else
+        Aven::Engine.routes.url_helpers.root_path
+      end
+    end
+  end
+end

data/app/components/aven/views/static/index/component.html.erb

@@ -4,13 +4,13 @@
 
 <% if current_user %>
   <div><%= current_user.id %></div>
-  <%= link_to("Logout", helpers.logout_path) %>
+  <%= link_to("Logout", Aven::Engine.routes.url_helpers.logout_path) %>
 <% else %>
-  <% Aven.configuration.auth.providers.each do |provider_config| %>
+  <% Aven.configuration.oauth_providers.each do |provider, config| %>
     <%=
       link_to(
-        "Login with #{provider_config[:provider]}",
-        helpers.authenticate_path(provider: provider_config[:provider])
+        "Login with #{provider.to_s.capitalize}",
+        oauth_path_for(provider)
       )
     %>
   <% end %>

data/app/components/aven/views/static/index/component.rb

@@ -1,5 +1,16 @@
 module Aven::Views::Static::Index
   class Component < Aven::ApplicationViewComponent
     option(:current_user, optional: true)
+
+    def oauth_path_for(provider)
+      case provider.to_sym
+      when :github
+        Aven::Engine.routes.url_helpers.oauth_github_path
+      when :google
+        Aven::Engine.routes.url_helpers.oauth_google_path
+      else
+        "#"
+      end
+    end
   end
 end

data/app/controllers/aven/admin/base.rb

@@ -6,11 +6,11 @@ module Aven
 
       private
 
-      def authenticate_admin!
-        unless current_user&.admin
-          redirect_to(root_path)
+        def authenticate_admin!
+          unless current_user&.admin
+            redirect_to(root_path)
+          end
         end
-      end
     end
   end
 end

data/app/controllers/aven/application_controller.rb

@@ -1,5 +1,27 @@
 module Aven
   class ApplicationController < ActionController::Base
     include Aven::ApplicationHelper
+
+    helper_method :current_workspace
+
+    # Get the current workspace from session
+    def current_workspace
+      return @current_workspace if defined?(@current_workspace)
+
+      @current_workspace = if session[:workspace_id].present? && current_user
+        current_user.workspaces.find_by(id: session[:workspace_id])
+      elsif current_user
+        # Auto-select first workspace if none selected
+        workspace = current_user.workspaces.first
+        session[:workspace_id] = workspace&.id
+        workspace
+      end
+    end
+
+    # Set the current workspace
+    def current_workspace=(workspace)
+      @current_workspace = workspace
+      session[:workspace_id] = workspace&.id
+    end
   end
 end

data/app/controllers/aven/auth_controller.rb

@@ -1,64 +1,12 @@
-# frozen_string_literal: true
-
 module Aven
   class AuthController < ApplicationController
-    def authenticate
-      provider = params[:provider].to_s
-
-      raise(StandardError, "invalid provider") unless configured_providers.include?(provider)
-
-      redirect_post(
-        send("user_#{provider}_omniauth_authorize_path"),
-        params: { authenticity_token: form_authenticity_token }
-      )
-    end
-
-    def action_missing(action_name)
-      if configured_providers.include?(action_name.to_s)
-        handle_omniauth(action_name.to_s)
-      else
-        raise AbstractController::ActionNotFound, "The action '#{action_name}' could not be found for #{self.class.name}"
-      end
-    end
-
-    def passthru
-      logout if request.method == "GET"
-    end
-
-    def failure
-      logout if request.method == "GET"
-    end
-
     def logout
-      sign_out(current_user) if current_user
-      reset_session
-      redirect_to after_sign_out_path_for(nil)
-    end
-
-    private
-
-    def configured_providers
-      @configured_providers ||= Aven.configuration.auth.providers.map { |p| p[:provider].to_s }
-    end
-
-    def handle_omniauth(kind)
-      auth_tenant = request.host # or however you determine tenant
-      user = Aven::User.create_from_omniauth!(request.env, auth_tenant)
-
-      if user.persisted?
-        sign_in_and_redirect user, event: :authentication
-      else
-        session["devise.auth"] = request.env["omniauth.auth"].except(:extra)
-        redirect_to new_user_registration_url
+      sign_out
+      begin
+        redirect_to(main_app.root_path, notice: "You have been signed out successfully.")
+      rescue NoMethodError
+        redirect_to(root_path, notice: "You have been signed out successfully.")
       end
     end
-
-    def after_sign_in_path_for(resource)
-      stored_location_for(resource) || Aven.configuration.authenticated_root_path || root_path
-    end
-
-    def after_sign_out_path_for(resource_or_scope)
-      Aven.configuration.authenticated_root_path || root_path
-    end
   end
-end
+end

data/app/controllers/aven/oauth/auth0_controller.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "json"
+
+module Aven
+  module Oauth
+    class Auth0Controller < BaseController
+      # Auth0 uses your domain (e.g., your-tenant.auth0.com or your-tenant.us.auth0.com)
+      # These URLs will be constructed dynamically based on the configured domain
+      DEFAULT_SCOPE = "openid email profile"
+
+      protected
+
+        def authorization_url(state)
+          params = {
+            client_id: oauth_config[:client_id],
+            redirect_uri: callback_url,
+            response_type: "code",
+            scope: oauth_config[:scope] || DEFAULT_SCOPE,
+            state:
+          }
+
+          # Optionally add audience parameter if specified (for API access)
+          params[:audience] = oauth_config[:audience] if oauth_config[:audience].present?
+
+          "#{auth0_authorization_url}?#{params.to_query}"
+        end
+
+        def exchange_code_for_token(code)
+          params = {
+            grant_type: "authorization_code",
+            client_id: oauth_config[:client_id],
+            client_secret: oauth_config[:client_secret],
+            code:,
+            redirect_uri: callback_url
+          }
+
+          oauth_request(URI(auth0_token_url), params)
+        end
+
+        def fetch_user_info(access_token)
+          response = oauth_get_request(URI(auth0_userinfo_url), access_token)
+
+          {
+            id: response[:sub],
+            email: response[:email],
+            name: response[:name] || response[:nickname],
+            picture: response[:picture]
+          }
+        end
+
+      private
+
+        def callback_url
+          aven.oauth_auth0_callback_url(host: request.host, protocol: request.protocol)
+        end
+
+        def oauth_config
+          @oauth_config ||= Aven.configuration.oauth_providers[:auth0] || raise("Auth0 OAuth not configured")
+        end
+
+        def auth0_domain
+          @auth0_domain ||= oauth_config[:domain] || raise("Auth0 domain not configured")
+        end
+
+        def auth0_base_url
+          @auth0_base_url ||= auth0_domain.start_with?("http") ? auth0_domain : "https://#{auth0_domain}"
+        end
+
+        def auth0_authorization_url
+          "#{auth0_base_url}/authorize"
+        end
+
+        def auth0_token_url
+          "#{auth0_base_url}/oauth/token"
+        end
+
+        def auth0_userinfo_url
+          "#{auth0_base_url}/userinfo"
+        end
+    end
+  end
+end

data/app/controllers/aven/oauth/base_controller.rb

@@ -0,0 +1,183 @@
+# frozen_string_literal: true
+
+module Aven
+  module Oauth
+    class BaseController < ApplicationController
+      skip_before_action :verify_authenticity_token, only: [:callback]
+
+      # Initiates OAuth flow
+      def create
+        state = SecureRandom.hex(16)
+        session[:oauth_state] = state
+
+        redirect_to authorization_url(state), allow_other_host: true
+      end
+
+      # Handles OAuth callback
+      def callback
+        validate_state!
+
+        token_data = exchange_code_for_token(params[:code])
+        user_info = fetch_user_info(token_data[:access_token])
+
+        user = find_or_create_user(user_info, token_data)
+
+        if user.persisted?
+          sign_in_and_redirect(user)
+        else
+          handle_failed_authentication(user)
+        end
+      rescue => e
+        Rails.logger.error("OAuth authentication failed: #{e.class.name} - #{e.message}")
+        Rails.logger.error(e.backtrace.first(10).join("\n")) unless Rails.env.production?
+
+        error_message = if Rails.env.production?
+          "Authentication failed. Please try again."
+        else
+          "#{e.message}"
+        end
+
+        error_class = Rails.env.production? ? nil : e.class.name
+        render_error_page(error_message, error_class)
+      end
+
+      # Renders OAuth error page
+      def error
+        @error_message = params[:message] || "Authentication failed"
+        @error_class = params[:error_class]
+
+        view_component(
+          "oauth/error",
+          error_message: @error_message,
+          error_class: @error_class,
+          current_user:
+        )
+      end
+
+      protected
+
+        # Must be implemented by subclasses
+        def authorization_url(state)
+          raise NotImplementedError
+        end
+
+        def exchange_code_for_token(code)
+          raise NotImplementedError
+        end
+
+        def fetch_user_info(access_token)
+          raise NotImplementedError
+        end
+
+        # Common helper methods
+        def validate_state!
+          if params[:state] != session[:oauth_state]
+            raise StandardError, "Invalid state parameter"
+          end
+          session.delete(:oauth_state)
+        end
+
+        def find_or_create_user(user_info, token_data)
+          auth_tenant = request.host
+
+          user = Aven::User.where(auth_tenant:)
+                           .where("remote_id = ? OR email = ?", user_info[:id].to_s, user_info[:email])
+                           .first_or_initialize
+
+          user.tap do |u|
+            u.auth_tenant = auth_tenant
+            u.remote_id = user_info[:id].to_s
+            u.email = user_info[:email]
+            u.access_token = token_data[:access_token]
+            u.save
+          end
+        end
+
+        def sign_in_and_redirect(user)
+          sign_in(user)
+          set_current_workspace_for(user)
+          redirect_to after_sign_in_path_for(user)
+        end
+
+        def set_current_workspace_for(user)
+          workspace = user.workspaces.first
+
+          # Create default workspace if user has none (new sign up)
+          if workspace.nil?
+            workspace = Aven::Workspace.create!(label: "Default Workspace")
+            Aven::WorkspaceUser.create!(user: user, workspace: workspace)
+            user.reload
+          end
+
+          # Set current workspace in session
+          session[:workspace_id] = workspace.id
+        end
+
+        def handle_failed_authentication(user)
+          error_message = if !Rails.env.production? && user.errors.any?
+            user.errors.full_messages.join(", ")
+          else
+            "Failed to create user account"
+          end
+
+          error_class = Rails.env.production? ? nil : "User::ValidationError"
+          render_error_page(error_message, error_class)
+        end
+
+        def render_error_page(message, error_class = nil)
+          view_component(
+            "oauth/error",
+            error_message: message,
+            error_class:,
+            current_user:
+          )
+        end
+
+        def after_sign_in_path_for(resource)
+          stored_location_for(resource) ||
+            Aven.configuration.resolve_authenticated_root_path ||
+            begin
+              main_app.root_path
+            rescue NoMethodError
+              root_path
+            end
+        end
+
+        # HTTP helper for OAuth requests
+        def oauth_request(uri, params, headers = {})
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
+
+          request = Net::HTTP::Post.new(uri)
+          request.set_form_data(params)
+          headers.each { |key, value| request[key] = value }
+
+          response = http.request(request)
+
+          unless response.is_a?(Net::HTTPSuccess)
+            raise StandardError, "OAuth request failed: #{response.body}"
+          end
+
+          JSON.parse(response.body, symbolize_names: true)
+        end
+
+        def oauth_get_request(uri, access_token)
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
+
+          request = Net::HTTP::Get.new(uri)
+          request["Authorization"] = "Bearer #{access_token}"
+
+          response = http.request(request)
+
+          unless response.is_a?(Net::HTTPSuccess)
+            raise StandardError, "OAuth request failed: #{response.body}"
+          end
+
+          JSON.parse(response.body, symbolize_names: true)
+        end
+    end
+  end
+end