booth 0.0.1 → 0.0.2

data/lib/booth/password_resets/find.rb

@@ -1,36 +0,0 @@
-module Booth
-  module PasswordResets
-    class Find
-      include ::Booth::Logging
-      include ::Booth::MethodObject
-
-      option :secret_key
-
-      def call
-        do_check_secret_key_syntax
-          .on_success { do_find_password_reset }
-      end
-
-      private
-
-      def do_check_secret_key_syntax
-        ::Booth::Syntaxes::SecretKey.call(secret_key)
-      end
-
-      def do_find_password_reset
-        debug { "Looking for PasswordReset with secret key #{secret_key.inspect}" }
-        @password_reset = ::Booth::Models::PasswordReset.find_by(secret_key:)
-
-        if @password_reset
-          debug { "Found PasswordReset with ID #{@password_reset.id.inspect}" }
-          @password_reset.update! accessed_at: Time.current if @password_reset.accessed_at.blank?
-          return Tron.success(:found_password_reset, password_reset: @password_reset)
-        end
-
-        message = "Could not find userland PasswordReset with secret key #{secret_key.inspect}"
-        debug { message }
-        Tron.failure :password_reset_not_found, public_message: I18n.t('booth.unknown_secret_key')
-      end
-    end
-  end
-end

data/lib/booth/password_resets/propagate_to_credential.rb

@@ -1,36 +0,0 @@
-module Booth
-  module PasswordResets
-    class PropagateToCredential
-      include ::Booth::Logging
-      include ::Booth::MethodObject
-
-      param :password_reset
-
-      def call
-        debug { 'Propagating PasswordReset to Credential...' }
-        raise "Expected PasswordReset to be valid: #{password_reset.errors.to_a.to_sentence}" if password_reset.invalid?
-
-        password_reset.transaction do
-          update_credential!
-          invalidate_password_resets!
-          finalize_password_reset!
-        end
-      end
-
-      private
-
-      def update_credential!
-        password_reset.credential.update! password_digest: password_reset.password_digest
-      end
-
-      def invalidate_password_resets!
-        password_reset.other_password_resets_of_this_credential
-                      .update_all(revoked_at: Time.current) # rubocop:disable Rails/SkipsModelValidations
-      end
-
-      def finalize_password_reset!
-        password_reset.update! propagated_at: Time.current
-      end
-    end
-  end
-end

data/lib/booth/password_resets/step.rb

@@ -1,18 +0,0 @@
-module Booth
-  module PasswordResets
-    class Step
-      include ::Booth::MethodObject
-
-      param :password_reset
-
-      def call
-        return :completed if password_reset.completed?
-        return :revoked if password_reset.revoked?
-        return :timed_out unless password_reset.recently_created?
-        return :confirm_password if password_reset.password_chosen_at.present?
-
-        :choose_password
-      end
-    end
-  end
-end

data/lib/booth/recoveries/create.rb

@@ -1,45 +0,0 @@
-module Booth
-  module Recoveries
-    class Create
-      include ::Booth::Logging
-      include ::Booth::MethodObject
-
-      option :scope
-      option :email
-      option :ip
-
-      def call
-        do_check_cooldown
-          .on_success { do_check_email_syntax }
-          .on_success { do_create_recovery }
-      end
-
-      private
-
-      def do_check_cooldown
-        # TODO: Check recovery cooldown of email in the table `booth_recoveries`.
-        #       Respect consumed_at and revoked_at and created_at and creator_ip and email.
-        Tron.success :username_rate_limit_ok_dummy
-      end
-
-      def do_check_email_syntax
-        check = ::Booth::Syntaxes::Email.call(email)
-
-        check.on_success do
-          @email_address = check.normalized_email
-        end
-
-        check
-      end
-
-      def do_create_recovery
-        recovery = ::Booth::Models::Recovery.create! scope: scope,
-                                                     email: email,
-                                                     creator_ip: ip
-
-        Tron.success :applicable_for_recovery, email: recovery.email,
-                                               recovery_id: recovery.id
-      end
-    end
-  end
-end

data/lib/booth/requests/storages/otp.rb

@@ -1,54 +0,0 @@
-module Booth
-  module Requests
-    module Storages
-      class Otp
-        include ::Booth::Logging
-
-        delegate :reset, :timed_out?, :lifespan, :seconds_until_auto_reset, to: :session
-
-        def initialize(session:)
-          @session = session
-        end
-
-        # -------
-        # Getters
-        # -------
-
-        def secret_key
-          session[:secret_key]
-        end
-
-        def secret_key_has_been_seen?
-          !!session[:secret_key_has_been_seen]
-        end
-
-        def secret_key_recently_changed?
-          !!session[:secret_key_recently_changed]
-        end
-
-        # -------
-        # Setters
-        # -------
-
-        def generate_secret_key!
-          debug { 'Generating secret OTP key for registration' }
-          session[:secret_key] = ::Booth::Models::Credential.otp_random_secret
-        end
-
-        def secret_key_has_been_seen!
-          debug { 'Remembering that the secret OTP key has been registered' }
-          session[:secret_key_has_been_seen] = true
-        end
-
-        def secret_key_recently_changed!
-          reset
-          session[:secret_key_recently_changed] = true
-        end
-
-        private
-
-        attr_reader :session
-      end
-    end
-  end
-end

data/lib/booth/requests/storages/password.rb

@@ -1,49 +0,0 @@
-module Booth
-  module Requests
-    module Storages
-      class Password
-        include ::Booth::Logging
-
-        delegate :reset, :timed_out?, :lifespan, :seconds_until_auto_reset, to: :session
-
-        def initialize(session:)
-          @session = session
-        end
-
-        # -------
-        # Getters
-        # -------
-
-        def password_digest
-          session[:password_digest]
-        end
-
-        # To show a reminder for the user to logout other devices after password change.
-        # This value either times out or is deleted at read-confirmation by the user.
-        def password_recently_changed?
-          !!session[:password_recently_changed]
-        end
-
-        # -------
-        # Setters
-        # -------
-
-        def password_digest=(new_password_digest)
-          debug { 'Remembering new password digest' }
-          session[:password_digest] = new_password_digest
-        end
-
-        def password_recently_changed!
-          debug { 'Remembering that the password was recently changed' }
-          session[:password_recently_changed] = true
-        end
-
-        private
-
-        attr_reader :session
-
-        delegate :scope, to: :session, private: true
-      end
-    end
-  end
-end

data/lib/booth/requests/storages/password_reset.rb

@@ -1,35 +0,0 @@
-module Booth
-  module Requests
-    module Storages
-      class PasswordReset
-        include ::Booth::Logging
-
-        delegate :reset, :timed_out?, :lifespan, :seconds_until_auto_reset, to: :session
-
-        def initialize(session:)
-          @session = session
-        end
-
-        # -------
-        # Getters
-        # -------
-
-        def email
-          session[:email]
-        end
-
-        # -------
-        # Setters
-        # -------
-
-        def email=(new_email)
-          session[:email] = new_email
-        end
-
-        private
-
-        attr_reader :session
-      end
-    end
-  end
-end

data/lib/booth/requests/storages/recovery.rb

@@ -1,35 +0,0 @@
-module Booth
-  module Requests
-    module Storages
-      class Recovery
-        include ::Booth::Logging
-
-        delegate :reset, :timed_out?, :lifespan, :seconds_until_auto_reset, to: :session
-
-        def initialize(session:)
-          @session = session
-        end
-
-        # -------
-        # Getters
-        # -------
-
-        def email
-          session[:email]
-        end
-
-        # -------
-        # Setters
-        # -------
-
-        def email=(new_email)
-          session[:email] = new_email
-        end
-
-        private
-
-        attr_reader :session
-      end
-    end
-  end
-end

data/lib/booth/sessions/create_and_login.rb

@@ -1,46 +0,0 @@
-module Booth
-  module Sessions
-    class CreateAndLogin
-      include ::Booth::MethodObject
-      include ::Booth::Logging
-
-      option :credential
-      option :request, ::Booth::Request
-
-      def call
-        if request.scope != credential.scope.to_sym
-          debug { "Request has scope #{request.scope.inspect} but Credential has #{credential.scope.to_sym.inspect}" }
-          raise 'Not performing login because something in your setup is wrong.'
-        end
-
-        request.authentication
-               .login(session: create_session)
-
-        # Consume everything that led up to this authentication to avoid re-authentication.
-        # If we don't reset the cookie here, the "remote login flow" could log you right back in.
-        login_storage.reset
-        registration_storage.reset
-
-        Tron.success :session_created_and_logged_in, return_path: request.return_path
-      end
-
-      private
-
-      def create_session
-        debug { "Creating new Session for credential ID #{credential.id}" }
-
-        ::Booth::Models::Session.create! credential:,
-                                         agent: request.agent,
-                                         most_recent_ip: request.ip
-      end
-
-      def login_storage
-        request.storage.login
-      end
-
-      def registration_storage
-        request.storage.registration
-      end
-    end
-  end
-end

data/lib/booth/sessions/historical_locations.rb

@@ -1,18 +0,0 @@
-module Booth
-  module Sessions
-    class HistoricalLocations
-      include ::Booth::MethodObject
-
-      param :session
-
-      # TODO: Show IPs for cities that are different from the most recent IP.
-      def call
-        return if historical_locations.values.blank?
-
-        historical_locations.values.reject { _1 == location }.uniq.sort.join(', ').presence
-      end
-
-      delegate :location, :historical_locations, to: :session, private: true
-    end
-  end
-end

data/lib/booth/sessions/index.rb

@@ -1,59 +0,0 @@
-module Booth
-  module Sessions
-    class Index
-      include ::Booth::MethodObject
-
-      option :credential_id
-      option :current_session_id
-
-      def call
-        # Booth currently doesn't support pagination.
-        # To avoid an attacking vector that could bring our database down,
-        # we simply pull the handbrake when trying to fetch too many sessions.
-        # Nobody should have that many active concurrent sessions.
-        raise "Too many sessions for Credential ID #{credential_id}" if base_scope.count > max_allowed_sessions
-
-        base_scope.map do |session|
-          ::Booth::ToStruct.call(exposed_attributes(session))
-        end
-      end
-
-      private
-
-      def exposed_attributes(session)
-        result = { is_current: current_session_id == session.id }
-
-        exposed_attribute_names.each do |attribute|
-          result[attribute] = session.public_send(attribute)
-        end
-
-        result
-      end
-
-      def exposed_attribute_names
-        %i[id
-           activity_at
-           created_at
-           agent
-           most_recent_ip
-           historical_ips
-           location
-           historical_location_names
-           browser_name
-           platform_name
-           browser_image_path
-           platform_image_path]
-      end
-
-      def base_scope
-        ::Booth::Models::Session.active_scope
-                                .sorted_scope
-                                .owned_by_scope(credential_id:)
-      end
-
-      def max_allowed_sessions
-        500
-      end
-    end
-  end
-end

data/lib/booth/sessions/revoke.rb

@@ -1,51 +0,0 @@
-module Booth
-  module Sessions
-    class Revoke
-      include ::Booth::MethodObject
-      include ::Booth::Logging
-
-      option :credential_id
-      option :session_id
-
-      def call
-        do_check_id_syntax
-          .on_success { do_revoke_session }
-      end
-
-      private
-
-      def do_check_id_syntax
-        ::Booth::Syntaxes::Uuid.call(credential_id, raise_if_invalid: true)
-        ::Booth::Syntaxes::Uuid.call(session_id, raise_if_invalid: true)
-
-        Tron.success :valid_session_id_syntax
-      end
-
-      def do_revoke_session
-        unless session
-          debug { "Session #{session_id.inspect} not found for credential #{credential_id.inspect}" }
-          return Tron.success :session_not_found
-        end
-
-        if session.revoked_at.present?
-          debug { "Session #{session.id.inspect} is already revoked." }
-          return Tron.success :already_revoked,
-                              public_message: I18n.t('booth.session_revoked', ip: session.most_recent_ip)
-        end
-
-        debug { "Revoking Session #{session.id.inspect}" }
-        session.update! revoked_at: Time.current,
-                        revoke_reason: :manual
-
-        Tron.success :session_revoked, public_message: I18n.t('booth.session_revoked', ip: session.most_recent_ip)
-      end
-
-      def session
-        return @session if defined?(@session)
-
-        @session = ::Booth::Models::Session.where(credential_id:)
-                                           .find_by(id: session_id)
-      end
-    end
-  end
-end

data/lib/booth/sessions/revoke_all_others.rb

@@ -1,43 +0,0 @@
-module Booth
-  module Sessions
-    class RevokeAllOthers
-      include ::Booth::MethodObject
-
-      option :credential_id
-      option :surviving_session_id
-
-      def call
-        do_check_id_syntax
-          .on_success { do_revoke_all_other_session }
-      end
-
-      private
-
-      def do_check_id_syntax
-        ::Booth::Syntaxes::Uuid.call(credential_id, raise_if_invalid: true)
-        ::Booth::Syntaxes::Uuid.call(surviving_session_id, raise_if_invalid: true)
-
-        Tron.success :valid_session_id_syntax
-      end
-
-      def do_revoke_all_other_session
-        if sessions.blank?
-          return Tron.success :nothing_to_revoke, public_message: I18n.t('booth.all_other_sessions_revoked')
-        end
-
-        # Preferring speed. Because if there are many we don't want the page to hang.
-        sessions.update_all revoked_at: Time.current,
-                            revoke_reason: :manual_all_others
-
-        Tron.success :other_sessions_revoked, public_message: I18n.t('booth.all_other_sessions_revoked')
-      end
-
-      def sessions
-        return @sessions if defined?(@sessions)
-
-        @sessions = ::Booth::Models::Session.where(credential_id:)
-                                            .where.not(id: surviving_session_id)
-      end
-    end
-  end
-end

data/lib/booth/sessions/to_passport.rb

@@ -1,51 +0,0 @@
-module Booth
-  module Sessions
-    # A Passport is an immutable representation of your current browser-session.
-    class ToPassport
-      include ::Booth::MethodObject
-      include ::Booth::Logging
-
-      param :session
-
-      def call
-        ::Booth::ToStruct.call(attributes)
-      end
-
-      private
-
-      delegate :credential, to: :session, private: true
-
-      def attributes
-        {
-          id: session.id,
-          username: credential.username,
-          credential_id: credential.id,
-          mode:,
-          incognito_credential_id: session.incognito_credential_id,
-          revoked_at: session.revoked_at,
-          onboarding_secret_key:,
-          is:,
-        }
-      end
-
-      def is
-        ::Booth::Credentials::Mode.new(credential)
-      end
-
-      def mode
-        credential.mode.to_sym
-      end
-
-      def onboarding_secret_key
-        return unless credential.mode_first_time?
-
-        # If a first-time credential is in a logged in state,
-        # that means this credential was just self-registered.
-
-        # In that case, reveal the onboarding secret key,
-        # so that the end-user may choose a login method for the first time.
-        credential.onboarding&.secret_key
-      end
-    end
-  end
-end

data/lib/booth/syntaxes/contest_code.rb

@@ -1,58 +0,0 @@
-module Booth
-  module Syntaxes
-    class ContestCode
-      include ::Booth::Logging
-      include ::Booth::MethodObject
-
-      param :input
-
-      def call
-        debug { "Checking contest #{input.inspect} for valid syntax..." }
-        check_blank.on_success { check_characters }
-                   .on_success { check_length }
-      end
-
-      private
-
-      def check_blank
-        return Tron.success :contest_code_present if input.present?
-
-        debug { 'This contest is blank.' }
-        Tron.failure :blank_contest_code,
-                     normalized_contest_code: nil,
-                     public_message: I18n.t('booth.blank_contest_code')
-      end
-
-      def check_characters
-        return Tron.success :contest_code_consists_of_digits if input_without_spaces.match?(allowed_regexp)
-
-        debug { 'This contest contains invalid characters' }
-        Tron.failure :invalid_contest_code_format,
-                     normalized_contest_code: nil,
-                     public_message: I18n.t('booth.invalid_contest_code_format')
-      end
-
-      def check_length
-        if input_without_spaces.to_s.length == ::Booth.config.contest_digits
-          return Tron.success :valid_contest_code_syntax,
-                              normalized_contest_code: input_without_spaces
-        end
-
-        debug { "This contest is not #{::Booth.config.contest_digits} characters long." }
-        Tron.failure :wrong_contest_code_length,
-                     normalized_contest_code: nil,
-                     public_message: I18n.t('booth.wrong_contest_code_length', digits: ::Booth.config.contest_digits)
-      end
-
-      # Helpers
-
-      def input_without_spaces
-        input.to_s.delete(' ')
-      end
-
-      def allowed_regexp
-        /\A\d+\z/
-      end
-    end
-  end
-end