beyond_canvas 0.15.1.pre → 0.16.2.pre

data/app/controllers/beyond_canvas/authentications_controller.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require_dependency 'beyond_canvas/application_controller'
+
+module BeyondCanvas
+  class AuthenticationsController < ApplicationController # :nodoc:
+    layout 'beyond_canvas/public'
+
+    include ::BeyondCanvas::Authentication
+    include ::BeyondCanvas::ResourceManagement
+
+    before_action :validate_app_installation_request!, only: :new
+
+    def new
+      self.resource = resource_class.new
+    end
+
+    def create
+      # Search for the api url. If there is no record it creates a new record.
+      resource_params = new_resource_params
+      self.resource = resource_class.find_or_create_by(beyond_api_url: resource_params[:api_url])
+      # Assign the attributes to the record
+      raise ActiveRecord::RecordNotSaved unless resource.update(resource_params)
+      # Get and save access_token and refresh_token using the authentication code
+      raise BeyondApi::Error if resource.authenticate.is_a?(BeyondApi::Error)
+
+      redirect_to after_create_path
+    rescue ActiveRecord::RecordNotSaved, BeyondApi::Error, StandardError => e
+      logger.error "[BeyondCanvas] #{e.message}".red
+      send "handle_#{e.class.name.split('::').first.underscore}_exception", e
+    end
+
+    def update
+      create
+    end
+
+    private
+
+    def new_resource_params
+      send "new_#{resource_name}_params"
+    end
+
+    def after_create_path
+      new_resource_params[:return_url]
+    end
+
+    def handle_active_record_exception(_exception)
+      flash[:error] = t('beyond_canvas.authentications.failure')
+      render :new
+    end
+
+    def handle_beyond_api_exception(_exception)
+      flash[:error] = t('beyond_canvas.authentications.failure')
+      render :new
+    end
+
+    def handle_standard_error_exception(_exception)
+      flash[:error] = t('beyond_canvas.authentications.failure')
+      render :new
+    end
+  end
+end

data/app/controllers/concerns/beyond_canvas/authentication.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module BeyondCanvas
+  module Authentication # :nodoc:
+    extend ActiveSupport::Concern
+    AUTH_RESOURCE = BeyondCanvas.auth_model
+
+    class_eval <<-METHODS, __FILE__, __LINE__ + 1
+      def current_#{AUTH_RESOURCE}
+        instance_variable_get("@#{AUTH_RESOURCE}")
+      end
+
+      def new_#{AUTH_RESOURCE}_params
+        beyond_canvas_parameter_sanitizer.sanitize
+      end
+    METHODS
+
+    private
+
+    def beyond_canvas_parameter_sanitizer
+      @beyond_canvas_parameter_sanitizer ||= BeyondCanvas::ParameterSanitizer.new(AUTH_RESOURCE, params)
+    end
+  end
+end

data/app/controllers/concerns/beyond_canvas/request_validation.rb

@@ -31,7 +31,7 @@ module BeyondCanvas
     def valid_signature?(signature, data, secret)
       digest = OpenSSL::Digest.new('SHA1')
       hmac = OpenSSL::HMAC.digest(digest, secret, data)
-      signature == Base64.encode64(hmac).chop
+      URI.decode(signature) == Base64.encode64(hmac).chop
     end
   end
 end

data/app/controllers/concerns/beyond_canvas/resource_management.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module BeyondCanvas
+  module ResourceManagement # :nodoc:
+    extend ActiveSupport::Concern
+
+    included do
+      # Share some methods defined in the controller to make them available for the view
+      if respond_to?(:helper_method)
+        helpers = %w[resource resource_name resource_class]
+        helper_method(*helpers)
+      end
+    end
+
+    protected
+
+    def resource_name
+      BeyondCanvas.auth_model
+    end
+
+    def resource
+      instance_variable_get(:"@#{resource_name}")
+    end
+
+    def resource=(new_resource)
+      instance_variable_set(:"@#{resource_name}", new_resource)
+    end
+
+    def resource_class
+      resource_name.classify.constantize
+    end
+  end
+end

data/app/javascript/beyond_canvas/base.js

@@ -1,5 +1,3 @@
-import 'jquery';
-
 import './initializers/buttons';
 import './initializers/flash';
 import './initializers/inputs';

data/app/javascript/beyond_canvas/initializers/buttons.js

@@ -1,6 +1,6 @@
-const SPINNER_ANIMATION_TIMEOUT = 125;
+import { disableActionElements, enableActionElements, hideSpinner, showSpinner } from './functions';
 
-(function($) {
+(function ($) {
   const onDOMReady = function () {
     const inputs = $('input, textarea, select').not(':input[type=button], :input[type=submit], :input[type=reset]');
 
@@ -11,9 +11,7 @@ const SPINNER_ANIMATION_TIMEOUT = 125;
         if ($(input).is(':hidden')) {
           e.preventDefault();
         }
-        $('button[class^="button"]').each(function () {
-          hideSpinner($(this));
-        });
+        hideSpinner();
         enableActionElements();
       });
     });
@@ -31,18 +29,17 @@ const SPINNER_ANIMATION_TIMEOUT = 125;
           <div class="bounce1"></div>
           <div class="bounce2"></div>
           <div class="bounce3"></div>
-        </div>`
-      );
+        </div>`);
 
       // Bind ajax:success and ajax:error to the form the button belongs to
       button
         .closest('form')
         .on('ajax:success', function () {
-          hideSpinner(button);
+          hideSpinner();
           enableActionElements();
         })
         .on('ajax:error', function () {
-          hideSpinner(button);
+          hideSpinner();
           enableActionElements();
         });
     });
@@ -53,35 +50,5 @@ const SPINNER_ANIMATION_TIMEOUT = 125;
     showSpinner($(this));
   });
 
-  $(document)
-    .on('ready page:load turbolinks:load', onDOMReady);
+  $(document).on('ready page:load turbolinks:load', onDOMReady);
 })(jQuery);
-
-function showSpinner(button) {
-  // Adjust the width of the button
-  button.width(button.width() + $('.spinner').outerWidth(true));
-  // Show the spinner
-  setTimeout(function() {
-    button.find('.spinner').css('display', 'flex');
-  }, SPINNER_ANIMATION_TIMEOUT);
-}
-
-function hideSpinner(button) {
-  setTimeout(function () {
-    // Hide the spinner
-    button.find('.spinner').hide();
-    // Adjust the width of the button
-    button.width(button.data('oldWidth'));
-  }, SPINNER_ANIMATION_TIMEOUT);
-}
-
-function disableActionElements() {
-  $('a, input[type="submit"], input[type="button"], input[type="reset"], button').each(function() {
-    $(this).addClass('actions--disabled');
-  });
-}
-function enableActionElements() {
-  $('a, input[type="submit"], input[type="button"], input[type="reset"], button').each(function() {
-    $(this).removeClass('actions--disabled');
-  });
-}

data/app/javascript/beyond_canvas/initializers/flash.js

@@ -1,4 +1,6 @@
-(function($) {
+import { closeAlert } from './functions';
+
+(function ($) {
   const onDOMReady = function () {
     $('.flash').each(function () {
       $(this).css('right', -$(this).width() + 'px');
@@ -9,19 +11,9 @@
     }, 100);
   };
 
-  $(document).on('click', '.flash', function() {
+  $(document).on('click', '.flash', function () {
     closeAlert();
   });
 
-  $(document)
-    .on('ready page:load turbolinks:load', onDOMReady);
+  $(document).on('ready page:load turbolinks:load', onDOMReady);
 })(jQuery);
-
-function closeAlert() {
-  $('.flash')
-    .removeClass('flash--shown')
-    .delay(700)
-    .queue(function() {
-      $(this).remove();
-    });
-}

data/app/javascript/beyond_canvas/initializers/functions.js

@@ -0,0 +1,41 @@
+const SPINNER_ANIMATION_TIMEOUT = 125;
+
+export function showSpinner(button) {
+  // Adjust the width of the button
+  button.width(button.width() + $('.spinner').outerWidth(true));
+  // Show the spinner
+  setTimeout(function () {
+    button.find('.spinner').css('display', 'flex');
+  }, SPINNER_ANIMATION_TIMEOUT);
+}
+
+export function hideSpinner() {
+  $('button[class^="button"]').each(function (_, button) {
+    setTimeout(function () {
+      // Hide the spinner
+      $(button).find('.spinner').hide();
+      // Adjust the width of the button
+      $(button).width($(button).data('oldWidth'));
+    }, SPINNER_ANIMATION_TIMEOUT);
+  });
+}
+
+export function disableActionElements() {
+  $('a, input[type="submit"], input[type="button"], input[type="reset"], button').each(function (_, button) {
+    $(button).addClass('actions--disabled');
+  });
+}
+export function enableActionElements() {
+  $('a, input[type="submit"], input[type="button"], input[type="reset"], button').each(function (_, button) {
+    $(button).removeClass('actions--disabled');
+  });
+}
+
+export function closeAlert() {
+  $('.flash')
+    .removeClass('flash--shown')
+    .delay(700)
+    .queue(function () {
+      $(this).remove();
+    });
+}

data/app/javascript/beyond_canvas/initializers/inputs.js

@@ -1,4 +1,4 @@
-(function($) {
+(function ($) {
   const onDOMReady = function () {
     $('input[type="file"]').each(function () {
       var $input = $(this),
@@ -9,10 +9,7 @@
         var fileName = '';
 
         if (this.files && this.files.length > 1)
-          fileName = (this.getAttribute('data-multiple-caption') || '').replace(
-            '{count}',
-            this.files.length
-          );
+          fileName = (this.getAttribute('data-multiple-caption') || '').replace('{count}', this.files.length);
         else if (e.target.value) fileName = e.target.value.split('\\').pop();
 
         if (fileName)
@@ -33,6 +30,5 @@
     });
   };
 
-  $(document)
-    .on('ready page:load turbolinks:load', onDOMReady);
+  $(document).on('ready page:load turbolinks:load', onDOMReady);
 })(jQuery);

data/app/views/beyond_canvas/authentications/new.html.erb

@@ -0,0 +1,18 @@
+<div class='card card--padding'>
+
+  <%= form_for(resource, as: resource_name) do |f| %>
+
+    <h2 class='card__headline'>Install <%= BeyondCanvas.configuration.site_title %> in your shop</h2>
+
+    <%= f.hidden_field :code,             value: params[:code] || resource.code %>
+    <%= f.hidden_field :signature,        value: params[:signature] || resource.signature %>
+    <%= f.hidden_field :return_url,       value: params[:return_url] || resource.return_url %>
+    <%= f.hidden_field :api_url,          value: params[:api_url] || resource.api_url %>
+    <%= f.hidden_field :access_token_url, value: params[:access_token_url] || resource.access_token_url %>
+
+    <div class='form__actions--spaced'>
+      <%= f.button 'Save', type: :submit, class: 'button__solid--primary' %>
+    </div>
+
+  <% end %>
+</div>

data/app/views/layouts/beyond_canvas/public.html.erb

@@ -5,7 +5,9 @@
 
 <body class="body--public">
   <main class="main <%= params[:controller].gsub(/[\/_]/, "-") %>--<%= params[:action] %>">
-    <%= render 'beyond_canvas/shared/flash' %>
+    <div id="flash">
+      <%= render 'beyond_canvas/shared/flash' %>
+    </div>
     <%= render 'beyond_canvas/locales/edit' %>
     <div class="main-wrapper">
       <%= render 'beyond_canvas/shared/logo' %>

data/config/locales/en.yml

@@ -0,0 +1,4 @@
+en:
+  beyond_canvas:
+    authentications:
+      failure: Shop could not be saved

data/config/routes.rb

@@ -2,4 +2,10 @@
 
 BeyondCanvas::Engine.routes.draw do
   put '/locale', to: 'system#update_locale', as: :update_locale
+
+  def create_default_routes(resource_name)
+    resources resource_name, controller: 'authentications', except: :destroy
+  end
+
+  create_default_routes(BeyondCanvas.auth_model.pluralize.to_sym) unless BeyondCanvas.use_rails_app_controller
 end

data/lib/beyond_canvas.rb

@@ -12,10 +12,26 @@ require 'http/accept'
 require 'premailer/rails'
 
 require 'beyond_api'
+require 'attr_encrypted'
+require 'blind_index'
 
 module BeyondCanvas # :nodoc:
-  autoload :AssetRegistration, 'beyond_canvas/asset_registration'
-  autoload :Configuration,     'beyond_canvas/configuration'
+  autoload :AssetRegistration,  'beyond_canvas/asset_registration'
+  autoload :Configuration,      'beyond_canvas/configuration'
+
+  module Models # :nodoc:
+    autoload :Authentication,   'beyond_canvas/models/authentication'
+    autoload :Shop,             'beyond_canvas/models/shop'
+    autoload :Utils,            'beyond_canvas/models/utils'
+  end
+
+  autoload :ParameterSanitizer, 'beyond_canvas/parameter_sanitizer'
+
+  mattr_accessor :use_rails_app_controller
+  @@use_rails_app_controller = false # rubocop:disable Style/ClassVars
+
+  mattr_accessor :auth_model
+  @@auth_model = 'shop' # rubocop:disable Style/ClassVars
 
   class << self
     def configuration

data/lib/beyond_canvas/configuration.rb

@@ -2,7 +2,7 @@
 
 module BeyondCanvas
   class Configuration # :nodoc:
-    attr_accessor :site_title, :site_logo, :favicon, :skip_webpacker
+    attr_accessor :site_title, :site_logo, :favicon, :skip_webpacker, :encryption_key, :blind_index_key, :namespace
 
     include AssetRegistration
 
@@ -11,6 +11,9 @@ module BeyondCanvas
       @site_logo = nil
       @favicon = nil
       @skip_webpacker = false
+      @encryption_key = nil
+      @blind_index_key = nil
+      @namespace = '/'
     end
 
     def setup!

data/lib/beyond_canvas/engine.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'beyond_canvas/rails/routes'
+
 module BeyondCanvas
   class Engine < ::Rails::Engine # :nodoc:
     isolate_namespace BeyondCanvas
@@ -15,7 +17,9 @@ module BeyondCanvas
 
     config.before_initialize do
       ActiveSupport.on_load :action_controller do
+        include ::BeyondCanvas::Authentication
         include ::BeyondCanvas::LocaleManagement
+        include ::BeyondCanvas::ResourceManagement
         include ::BeyondCanvas::RequestValidation
         include ::BeyondCanvas::StatusCodes
 

data/lib/beyond_canvas/models/authentication.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module BeyondCanvas
+  module Models
+    module Authentication # :nodoc:
+      extend ActiveSupport::Concern
+
+      included do
+        attr_accessor :code, :signature, :access_token_url
+
+        ##############################################################################
+        # Encrypted attribute configuration
+        ##############################################################################
+
+        attr_encrypted :beyond_api_url,       key: [BeyondCanvas.configuration.encryption_key].pack('H*')
+        attr_encrypted :beyond_access_token,  key: [BeyondCanvas.configuration.encryption_key].pack('H*')
+        attr_encrypted :beyond_refresh_token, key: [BeyondCanvas.configuration.encryption_key].pack('H*')
+
+        blind_index    :beyond_api_url,       key: [BeyondCanvas.configuration.blind_index_key].pack('H*')
+
+        ##############################################################################
+        # Validations
+        ##############################################################################
+
+        # Callback url params
+
+        validates :code,
+                  presence: true,
+                  on: :create
+        validates :signature,
+                  presence: true,
+                  on: :create
+        validates :access_token_url,
+                  presence: true,
+                  on: :create
+
+        # Database fields
+
+        validates :beyond_api_url,
+                  presence: true
+        validates :beyond_access_token,
+                  presence: true,
+                  unless: -> { encrypted_beyond_access_token_was.blank? }
+        validates :beyond_refresh_token,
+                  presence: true,
+                  unless: -> { encrypted_beyond_refresh_token_was.blank? }
+
+        ##############################################################################
+        # Instance methods
+        ##############################################################################
+
+        #
+        # Get and save access_token and refresh_token using the authentication code
+        # NOTE: This method is used during the shop creation, as it is the only point
+        # we know about the authentication code
+        #
+        def authenticate
+          session = BeyondApi::Session.new(api_url: beyond_api_url)
+          session.token.create(code)
+          update(beyond_access_token: session.access_token,
+                 beyond_refresh_token: session.refresh_token)
+        end
+      end
+    end
+  end
+end