bookingsync-engine 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 148999512eaa0db2fb982dd0d359fb5650f48f44
+  data.tar.gz: 821ee7611331e250f0c0d4f2a9f6bc4334f8bec2
+SHA512:
+  metadata.gz: e6c2439872589f7bac7801dd61b28e13c4f33e7e5c57e516a3c40f90e2a593e8c22d07ac59bed9d489d3a09b7b7d295593005f6fdcffd3a9c4f39b45964e8391
+  data.tar.gz: 9cdd1bf10710164feedf35b0fb9a0ffea02109b87be78e049fd243be7025c510a54e2ea20c98fb76244a07dfefae1391da77f6f75fae9ef74e9c4a0c94c8efbd

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2014 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,31 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+require 'thor'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'BookingSync'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task default: :spec

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,18 @@
+class SessionsController < ApplicationController
+  def create
+    auth = request.env["omniauth.auth"]
+    account = ::Account.from_omniauth(auth)
+    account_authorized(account)
+    redirect_to after_bookingsync_sign_in_path
+  end
+
+  def destroy
+    clear_authorization!
+    redirect_to after_bookingsync_sign_out_path
+  end
+
+  def failure
+    allow_bookingsync_iframe
+    @error_message = params[:message].try(:humanize)
+  end
+end

data/app/views/sessions/failure.html.erb

@@ -0,0 +1,5 @@
+<h1>Authentication failed</h1>
+
+<p>Error: <%= @error_message %></p>
+
+<a href="/auth/bookingsync">Sign in again</a>

data/config/routes.rb

@@ -0,0 +1,5 @@
+Rails.application.routes.draw do
+  get '/auth/:provider/callback', to: 'sessions#create'
+  get '/auth/failure', to: 'sessions#failure'
+  get '/signout' => 'sessions#destroy', as: :signout
+end

data/lib/bookingsync.rb

@@ -0,0 +1,4 @@
+require "bookingsync/engine"
+
+module BookingSync
+end

data/lib/bookingsync/engine.rb

@@ -0,0 +1,88 @@
+require 'omniauth'
+require 'omniauth-bookingsync'
+require 'bookingsync-api'
+
+module BookingSync
+  class Engine < ::Rails::Engine
+    initializer "bookingsync.add_omniauth" do |app|
+      app.middleware.use OmniAuth::Builder do
+        provider :bookingsync,
+          ENV['BOOKINGSYNC_APP_ID'],
+          ENV['BOOKINGSYNC_APP_SECRET'],
+          scope: ENV['BOOKINGSYNC_SCOPE'],
+          setup: -> (env) {
+            if url = ENV['BOOKINGSYNC_URL']
+              env['omniauth.strategy'].options[:client_options].site = url
+            end
+            env['omniauth.strategy'].options[:client_options].ssl = {
+              verify: ENV['BOOKINGSYNC_VERIFY_SSL'] != 'false'
+            }
+          }
+      end
+    end
+
+    initializer "bookingsync.controller_helper" do |app|
+      require "bookingsync/engine/helpers"
+      require "bookingsync/engine/session_helpers"
+      require "bookingsync/engine/auth_helpers"
+      require "bookingsync/engine/token_helpers"
+
+      ActiveSupport.on_load :action_controller do
+        include BookingSync::Engine::Helpers
+        include BookingSync::Engine::SessionHelpers
+        include BookingSync::Engine::AuthHelpers
+        include BookingSync::Engine::TokenHelpers
+      end
+    end
+
+    # @return [Boolean]
+    cattr_accessor :embedded
+    self.embedded = true
+
+    # Duration of inactivity after which the authorization will be reset.
+    # See {BookingSync::Engine::SessionHelpers#sign_out_if_inactive}.
+    # @return [Fixnum]
+    cattr_accessor :sign_out_after
+    self.sign_out_after = 10.minutes
+
+    # Set the engine into embedded mode.
+    #
+    # Embedded apps are loaded from within the BookingSync app store, and
+    # have a different method to redirect during the OAuth authorization
+    # process. <b>This method will not work when the app is not embedded</b>.
+    def self.embedded!
+      self.embedded = true
+    end
+
+    # Set the engine into standalone mode.
+    #
+    # This setting is requried for the applications using this Engine
+    # to work outside of the BookingSync app store.
+    #
+    # Restores the normal mode of redirecting during OAuth authorization.
+    def self.standalone!
+      self.embedded = false
+    end
+
+    # OAuth client configured for the application.
+    #
+    # The ENV variables used for configuration are described in {file:README.md}.
+    #
+    # @return [OAuth2::Client] configured OAuth client
+    def self.oauth_client
+      client_options = {
+        site: ENV['BOOKINGSYNC_URL'] || 'https://www.bookingsync.com',
+        connection_opts: { headers: { accept: "application/vnd.api+json" } }
+      }
+      client_options[:ssl] = { verify: ENV['BOOKINGSYNC_VERIFY_SSL'] != 'false' }
+      OAuth2::Client.new(ENV['BOOKINGSYNC_APP_ID'], ENV['BOOKINGSYNC_APP_SECRET'],
+        client_options)
+    end
+
+    def self.application_token
+      oauth_client.client_credentials.get_token
+    end
+  end
+end
+
+require "bookingsync/engine/model"

data/lib/bookingsync/engine/auth_helpers.rb

@@ -0,0 +1,103 @@
+module BookingSync::Engine::AuthHelpers
+  extend ActiveSupport::Concern
+
+  included do
+    rescue_from OAuth2::Error, with: :handle_oauth_error
+    rescue_from BookingSync::API::Unauthorized, with: :reset_authorization!
+    helper_method :current_account
+  end
+
+  private
+
+  # @return [Account, nil] currently authorized Account or nil if unauthorized
+  def current_account
+    @current_account ||= ::Account.find_by(uid: session[:account_id]) if session[:account_id].present?
+  end
+
+  # Callback after account is authorized.
+  #
+  # Stores the authorized account's uid in the session.
+  #
+  # @param account [Account] the just authorized account
+  def account_authorized(account)
+    session[:account_id] = account.uid.to_s
+  end
+
+  # Clear authorization if the account passed from the BookingSync app store
+  # embed doesn't match the currently authorized account
+  def enforce_requested_account_authorized!
+    clear_authorization! unless requested_account_authorized?
+  end
+
+  # Checks if the account requested from the BookingSync app store embed
+  # matches currently authorized account.
+  def requested_account_authorized?
+    session[:_bookingsync_account_id].blank? ||
+      session[:_bookingsync_account_id] == session[:account_id]
+  end
+
+  # Removes the authorization from session. Will not redirect to any other
+  # page, see {#reset_authorization!}
+  def clear_authorization!
+    session[:account_id] = nil
+  end
+
+  # Removes authorization from session and requests new authorization.
+  # For removing authorization without redirecting, see {#clear_authorization!}.
+  def reset_authorization!
+    session[:_bookingsync_account_id] =
+      params[:account_id].presence || session[:account_id]
+    clear_authorization!
+    request_authorization!
+  end
+
+  def request_authorization!
+    if BookingSync::Engine.embedded
+      allow_bookingsync_iframe
+      path = "/auth/bookingsync/?account_id=#{session[:_bookingsync_account_id]}"
+      render text: "<script type='text/javascript'>top.location.href = '#{path}';</script>"
+    else
+      redirect_to "/auth/bookingsync"
+    end
+  end
+
+  # Handler to rescue OAuth errors
+  #
+  # @param error [OAuth2::Error] the rescued error
+  def handle_oauth_error(error)
+    if error.code == "Not authorized"
+      current_account.try(:clear_token!)
+      reset_authorization!
+    else
+      raise
+    end
+  end
+
+  # Path to which the user should be redirected after successful authorization.
+  # This method should be overridden in applications using this engine.
+  #
+  # Defaults to root_path.
+  def after_bookingsync_sign_in_path
+    root_path
+  end
+
+  # Path to which the user should be redirected after sign out.
+  # This method should be overridden in applications using this engine.
+  #
+  # Defaults to root_path.
+  def after_bookingsync_sign_out_path
+    root_path
+  end
+
+  # Requests authorization if not currently authorized.
+  def authenticate_account!
+    store_bookingsync_account_id if BookingSync::Engine.embedded
+    sign_out_if_inactive
+    enforce_requested_account_authorized!
+    request_authorization! unless current_account
+  end
+
+  def store_bookingsync_account_id # :nodoc:
+    session[:_bookingsync_account_id] = params.delete(:_bookingsync_account_id)
+  end
+end

data/lib/bookingsync/engine/helpers.rb

@@ -0,0 +1,15 @@
+# General helpers related to integrating applications with BookingSync
+module BookingSync::Engine::Helpers
+  extend ActiveSupport::Concern
+
+  private
+
+  # Clears the X-Frame-Options header so that the application can be embedded
+  # in an iframe. This is required for loading applications in the
+  # BookingSync app store.
+  #
+  # This should set ALLOW-FROM, but it's not supported in Chrome and Safari.
+  def allow_bookingsync_iframe
+    response.headers['X-Frame-Options'] = '' if ::BookingSync::Engine.embedded
+  end
+end

data/lib/bookingsync/engine/model.rb

@@ -0,0 +1,59 @@
+module BookingSync::Engine::Model
+  extend ActiveSupport::Concern
+
+  module ClassMethods
+    def from_omniauth(auth)
+      where(auth.slice(:provider, :uid)).first_or_initialize.tap do |account|
+        account.provider  = auth.provider
+        account.uid       = auth.uid
+        account.name      = auth.info.business_name
+
+        account.update_token(auth.credentials)
+
+        account.save!
+      end
+    end
+  end
+
+  def token
+    @token ||= begin
+      token_options = {}
+      if oauth_refresh_token
+        token_options[:refresh_token] = oauth_refresh_token
+        token_options[:expires_at]    = oauth_expires_at
+      end
+
+      token = OAuth2::AccessToken.new(BookingSync::Engine.oauth_client,
+        oauth_access_token, token_options)
+
+      if token.expired?
+        token = token.refresh!
+        update_token!(token)
+      end
+
+      token
+    end
+  end
+
+  def api
+    @api ||= BookingSync::API::Client.new(token.token)
+  end
+
+  def update_token(token)
+    self.oauth_access_token   = token.token
+    self.oauth_refresh_token  = token.refresh_token
+    self.oauth_expires_at     = token.expires_at
+  end
+
+  def update_token!(token)
+    update_token(token)
+    save!
+  end
+
+  def clear_token!
+    self.oauth_access_token   = nil
+    self.oauth_refresh_token  = nil
+    self.oauth_expires_at     = nil
+    save!
+  end
+end

data/lib/bookingsync/engine/session_helpers.rb

@@ -0,0 +1,18 @@
+module BookingSync::Engine::SessionHelpers
+  extend ActiveSupport::Concern
+
+  private
+
+  # Automatically resets authorization when the session goes inactive.
+  # This is only enabled when the engine is set to embedded mode.
+  def sign_out_if_inactive
+    return unless BookingSync::Engine.embedded
+
+    last_visit = session[:_bookingsync_last_visit]
+    session[:_bookingsync_last_visit] = Time.now.to_i
+
+    if last_visit && (Time.now.to_i - last_visit > BookingSync::Engine.sign_out_after)
+      clear_authorization!
+    end
+  end
+end

data/lib/bookingsync/engine/token_helpers.rb

@@ -0,0 +1,31 @@
+module BookingSync::Engine::TokenHelpers
+  extend ActiveSupport::Concern
+
+  private
+
+  # OAuth access token for the current account. Will refresh the token
+  # if it's expired and store the new token in the database.
+  #
+  # @return [OAuth2::AccessToken] access token for current account
+  def current_account_token
+    current_account.token
+  end
+
+  # OAuth access token for the application. The token is obtained from
+  # {BookingSync::Engine#appliation_token}.
+  #
+  # Will fetch new token if the current one is expired.
+  #
+  # The token is stored in thread local storage, to reduce the amount of
+  # token requests.
+  #
+  # @return [OAuth2::AccessToken] access token for application
+  def application_token
+    token = Thread.current[:_bookingsync_application_token]
+    if token.nil? || token.expired?
+      token = Thread.current[:_bookingsync_application_token] =
+        BookingSync::Engine.application_token
+    end
+    token
+  end
+end

data/lib/bookingsync/engine/version.rb

@@ -0,0 +1,3 @@
+module BookingSync
+  ENGINE_VERSION = "0.1.0"
+end

data/lib/generators/bookingsync/install/install_generator.rb

@@ -0,0 +1,16 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+
+module BookingSync
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.join(File.dirname(__FILE__), 'templates')
+
+      def copy_migrations
+        migration_template "create_accounts.rb", "db/migrate/create_accounts.rb"
+      end
+    end
+  end
+end