bullet_train 1.0.6 → 1.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edaadd5d50965bf9b15be0e2c69ead2e4180ab34a1cba61035546546dd00bb87
-  data.tar.gz: 0b41c024ef616cd3a33b114da7dca2f0c0161713003269569a210e2937814004
+  metadata.gz: a460b28ddcaa9b63e0b3d86ff22bd1f55947bb98e76abe6febde2be804253732
+  data.tar.gz: efe38f3559f947a23bbb33a87bf199e692c4595d886b01911c2756945576a750
 SHA512:
-  metadata.gz: 0c599a9871fdf7b746ac62452489554e271c62a8384ca6f747bb512f0334bdd22d6ec78e9fb6218d2a78a17f26afe343a78e70aff0fd4c9d7d5992f8a2a322fe
-  data.tar.gz: ca2f4b81605161e94f3a704d63bdcbcbced15228688f2ee454e1db9876d1d198e56e9ba9f3b5f34f2c7b1841fa5ac655bba5dedd1e5bf6cd7016a6d1c19414cf
+  metadata.gz: c46781c9c2a4f4fc3c6e31326610fa87839c73d0f96b802c344a2048683f73c7842720fcd2d059b7adb11630767490d9bbc6fadda839a624fe80a6ff28766db8
+  data.tar.gz: cead3f1bc71f9d70ea51fa211252770370f07526dbc9879073f1326fd9fe2fd9b52ebbd6f9a8922b998b848b2da2add9bc9ad991928c088348bd33a1e8fc35e7

data/app/controllers/account/invitations_controller.rb

@@ -1,3 +1,3 @@
 class Account::InvitationsController < Account::ApplicationController
-  include Invitations::ControllerBase
+  include Account::Invitations::ControllerBase
 end

data/app/controllers/account/two_factors_controller.rb

@@ -0,0 +1,18 @@
+class Account::TwoFactorsController < Account::ApplicationController
+  before_action :authenticate_user!
+
+  def create
+    @backup_codes = current_user.generate_otp_backup_codes!
+    @user = current_user
+
+    current_user.update(
+      otp_secret: User.generate_otp_secret,
+      otp_required_for_login: true
+    )
+  end
+
+  def destroy
+    @user = current_user
+    current_user.update(otp_required_for_login: false)
+  end
+end

data/app/controllers/concerns/account/controllers/base.rb

@@ -0,0 +1,118 @@
+module Account::Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    include LoadsAndAuthorizesResource
+    include Fields::ControllerSupport
+
+    before_action :set_last_seen_at, if: proc {
+      user_signed_in? && (current_user.last_seen_at.nil? || current_user.last_seen_at < 1.minute.ago)
+    }
+
+    layout "account"
+
+    before_action :authenticate_user!
+    before_action :set_paper_trail_whodunnit
+    before_action :ensure_onboarding_is_complete_and_set_next_step
+  end
+
+  class_methods do
+    # this is a template method called by LoadsAndAuthorizesResource.
+    # it allows that module to understand what namespaces of a controller
+    # are organizing the controllers, and which are organizing the models.
+    def regex_to_remove_controller_namespace
+      /^Account::/
+    end
+  end
+
+  def adding_user_email?
+    is_a?(Account::Onboarding::UserEmailController)
+  end
+
+  def adding_user_details?
+    is_a?(Account::Onboarding::UserDetailsController)
+  end
+
+  def adding_team?
+    return true if request.get? && request.path == new_account_team_path
+    return true if request.post? && request.path == account_teams_path
+    false
+  end
+
+  def switching_teams?
+    return true if request.get? && request.path == account_teams_path
+    false
+  end
+
+  def managing_account?
+    is_a?(Account::UsersController) || self.class.module_parents.include?(Oauth)
+  end
+
+  def accepting_invitation?
+    (params[:controller] == "account/invitations") && (params[:action] == "show" || params[:action] == "accept")
+  end
+
+  def ensure_onboarding_is_complete_and_set_next_step
+    unless ensure_onboarding_is_complete
+      session[:after_onboarding_url] ||= request.url
+    end
+  end
+
+  def ensure_onboarding_is_complete
+    # This is temporary, but if we've gotten this far and `@team` is loaded, we need to ensure current_team is
+    # updated for the checks below. This entire concept of `current_team` is going away soon.
+    current_user.update(current_team: @team) if @team&.persisted?
+
+    # since the onboarding controllers are child classes of this class,
+    # we actually have to check to make sure we're not currently on that
+    # step otherwise we'll end up in an endless redirection loop.
+    if current_user.email_is_oauth_placeholder?
+      if adding_user_email?
+        return true
+      else
+        redirect_to edit_account_onboarding_user_email_path(current_user)
+        return false
+      end
+    end
+
+    # some team-related onboarding steps need to be skipped if we're in the process
+    # of creating a new team.
+    unless adding_team? || accepting_invitation?
+
+      # USER ONBOARDING STUFF
+      # first we make sure the user is properly onboarded.
+      unless current_team.present?
+
+        # don't force the user to create a team if they've already got one.
+        if current_user.teams.any?
+          current_user.update(current_team: current_user.teams.first)
+        else
+          redirect_to new_account_team_path
+          return false
+        end
+      end
+
+      # TEAM ONBOARDING STUFF.
+      # then make sure the team is properly onboarded.
+
+      # since the onboarding controllers are child classes of this class,
+      # we actually have to check to make sure we're not currently on that
+      # step otherwise we'll end up in an endless redirection loop.
+      unless current_user.details_provided?
+        if adding_user_details?
+          return true
+        else
+          redirect_to edit_account_onboarding_user_detail_path(current_user)
+          return false
+        end
+      end
+
+    end
+
+    true
+  end
+
+  def set_last_seen_at
+    current_user.update_attribute(:last_seen_at, Time.current)
+  end
+end

data/app/controllers/concerns/account/users/controller_base.rb

@@ -1,7 +1,7 @@
 module Account::Users::ControllerBase
   extend ActiveSupport::Concern
 
-  include do
+  included do
     load_and_authorize_resource
 
     before_action do

data/app/controllers/concerns/controllers/base.rb

@@ -0,0 +1,119 @@
+module Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    # these are common for authentication workflows.
+    include InvitationOnlyHelper
+    include InvitationsHelper
+
+    include DeviseCurrentAttributes
+
+    around_action :set_locale
+    layout :layout_by_resource
+
+    before_action { @updating = request.headers["X-Cable-Ready"] == "update" }
+
+    # TODO Extract this into an optional `bullet_train-sentry` package.
+    before_action :set_sentry_context
+
+    skip_before_action :verify_authenticity_token, if: -> { controller_name == "sessions" && action_name == "create" }
+
+    rescue_from CanCan::AccessDenied do |exception|
+      if current_user.nil?
+        respond_to do |format|
+          format.html do
+            session["user_return_to"] = request.path
+            redirect_to [:new, :user, :session], alert: exception.message
+          end
+        end
+      elsif current_user.teams.none?
+        respond_to do |format|
+          format.html { redirect_to [:new, :account, :team], alert: exception.message }
+        end
+      else
+        respond_to do |format|
+          # TODO we do this for now because it ensures `current_team` doesn't remain set in an invalid state.
+          format.html { redirect_to [:account, current_user.teams.first], alert: exception.message }
+        end
+      end
+    end
+  end
+
+  # this is an ugly hack, but it's what is recommended at
+  # https://github.com/plataformatec/devise/wiki/How-To:-Create-custom-layouts
+  def layout_by_resource
+    if devise_controller?
+      "devise"
+    else
+      "public"
+    end
+  end
+
+  def after_sign_in_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def after_sign_up_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def current_team
+    helpers.current_team
+  end
+
+  def current_membership
+    helpers.current_membership
+  end
+
+  def current_locale
+    helpers.current_locale
+  end
+
+  def enforce_invitation_only
+    if invitation_only?
+      unless helpers.invited?
+        redirect_to [:account, :teams], notice: t("teams.notifications.invitation_only")
+      end
+    end
+  end
+
+  def set_locale
+    I18n.locale = [
+      current_user&.locale,
+      current_user&.current_team&.locale,
+      http_accept_language.compatible_language_from(I18n.available_locales),
+      I18n.default_locale.to_s
+    ].compact.find { |potential_locale| I18n.available_locales.include?(potential_locale.to_sym) }
+    yield
+    I18n.locale = I18n.default_locale
+  end
+
+  # Whitelist the account namespace and prevent JavaScript
+  # embedding when passing paths as parameters in links.
+  def only_allow_path(path)
+    return if path.nil?
+    account_namespace_regexp = /^\/account\/*+/
+    scheme = URI.parse(path).scheme
+    return nil unless path.match?(account_namespace_regexp) && scheme != "javascript"
+    path
+  end
+
+  # TODO Extract this into an optional `bullet_train-sentry` package.
+  def set_sentry_context
+    return unless ENV["SENTRY_DSN"]
+
+    Sentry.configure_scope do |scope|
+      scope.set_user(id: current_user.id, email: current_user.email) if current_user
+
+      scope.set_context(
+        "request",
+        {
+          url: request.url,
+          params: params.to_unsafe_h
+        }
+      )
+    end
+  end
+end

data/app/controllers/concerns/devise_current_attributes.rb

@@ -0,0 +1,13 @@
+module DeviseCurrentAttributes
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_current_user
+  end
+
+  def set_current_user
+    if current_user
+      Current.user = current_user
+    end
+  end
+end

data/app/controllers/concerns/registrations/controller_base.rb

@@ -1,7 +1,7 @@
 module Registrations::ControllerBase
   extend ActiveSupport::Concern
 
-  include do
+  included do
     def new
       if invitation_only?
         unless session[:invitation_uuid] || session[:invitation_key]

data/app/controllers/concerns/sessions/controller_base.rb

@@ -1,7 +1,7 @@
 module Sessions::ControllerBase
   extend ActiveSupport::Concern
 
-  include do
+  included do
     def pre_otp
       if (@email = params["user"]["email"].downcase.strip.presence)
         @user = User.find_by(email: @email)

data/app/models/concerns/records/base.rb

@@ -0,0 +1,60 @@
+module Records::Base
+  extend ActiveSupport::Concern
+
+  included do
+    if defined?(Webhooks::Outgoing::IssuingModel)
+      include Webhooks::Outgoing::IssuingModel
+    end
+
+    if defined?(ObfuscatesId)
+      include ObfuscatesId
+    end
+
+    if defined?(QuestionMethodsFromScopes)
+      include QuestionMethodsFromScopes
+    end
+
+    include CableReady::Updatable
+    enable_updates
+
+    extend ActiveHash::Associations::ActiveRecordExtensions
+
+    # 🏚 i'd like to deprecate these. they're not descriptive enough.
+    scope :newest, -> { order("created_at DESC") }
+    scope :oldest, -> { order("created_at ASC") }
+
+    scope :newest_created, -> { order("created_at DESC") }
+    scope :oldest_created, -> { order("created_at ASC") }
+    scope :newest_updated, -> { order("updated_at DESC") }
+    scope :oldest_updated, -> { order("updated_at ASC") }
+
+    # Microscope adds useful scopes targeting ActiveRecord `boolean`, `date` and `datetime` attributes.
+    # https://github.com/mirego/microscope
+    acts_as_microscope
+  end
+
+  class_methods do
+    # by default we represent methods by their first string attribute.
+    def label_attribute
+      columns_hash.values.find { |column| column.sql_type_metadata.type == :string }&.name
+    end
+  end
+
+  # this is a template method you can override in activerecord models if we shouldn't just use their first string to
+  # identify them.
+  def label_string
+    if (label_attribute = self.class.label_attribute)
+      send("#{label_attribute}_was")
+    else
+      self.class.name.underscore.split("/").last.titleize
+    end
+  end
+
+  def parent_collection
+    # TODO Try to suggest what the entire method definition should actually be
+    # using parent_key below to do so.
+    model_name = self.class
+    # parent_key = model_name.reflect_on_all_associations(:belongs_to).first.name
+    raise "You're trying to use a feature that requires #{model_name} to have a `collection` method defined that returns the Active Record association that this model belongs to within its parent object."
+  end
+end

data/app/views/account/two_factors/create.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/account/two_factors/destroy.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/layouts/account.html.erb

@@ -0,0 +1 @@
+<%= render "themes/#{current_theme}/layouts/account" %>

data/app/views/layouts/devise.html.erb

@@ -0,0 +1 @@
+<%= render "themes/#{current_theme}/layouts/devise" %>

data/lib/bullet_train/version.rb

@@ -1,3 +1,3 @@
 module BulletTrain
-  VERSION = "1.0.6"
+  VERSION = "1.0.10"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train
 version: !ruby/object:Gem::Version
-  version: 1.0.6
+  version: 1.0.10
 platform: ruby
 authors:
 - Andrew Culver
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-30 00:00:00.000000000 Z
+date: 2022-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -40,13 +40,17 @@ files:
 - app/controllers/account/onboarding/user_details_controller.rb
 - app/controllers/account/onboarding/user_email_controller.rb
 - app/controllers/account/teams_controller.rb
+- app/controllers/account/two_factors_controller.rb
 - app/controllers/account/users_controller.rb
+- app/controllers/concerns/account/controllers/base.rb
 - app/controllers/concerns/account/invitations/controller_base.rb
 - app/controllers/concerns/account/memberships/controller_base.rb
 - app/controllers/concerns/account/onboarding/user_details/controller_base.rb
 - app/controllers/concerns/account/onboarding/user_email/controller_base.rb
 - app/controllers/concerns/account/teams/controller_base.rb
 - app/controllers/concerns/account/users/controller_base.rb
+- app/controllers/concerns/controllers/base.rb
+- app/controllers/concerns/devise_current_attributes.rb
 - app/controllers/concerns/registrations/controller_base.rb
 - app/controllers/concerns/sessions/controller_base.rb
 - app/controllers/registrations_controller.rb
@@ -71,6 +75,7 @@ files:
 - app/mailers/user_mailer.rb
 - app/models/concerns/invitations/base.rb
 - app/models/concerns/memberships/base.rb
+- app/models/concerns/records/base.rb
 - app/models/concerns/teams/base.rb
 - app/models/concerns/users/base.rb
 - app/models/invitation.rb
@@ -109,6 +114,8 @@ files:
 - app/views/account/teams/new.html.erb
 - app/views/account/teams/show.html.erb
 - app/views/account/teams/show.json.jbuilder
+- app/views/account/two_factors/create.js.erb
+- app/views/account/two_factors/destroy.js.erb
 - app/views/account/users/_breadcrumbs.html.erb
 - app/views/account/users/_form.html.erb
 - app/views/account/users/edit.html.erb
@@ -128,6 +135,8 @@ files:
 - app/views/devise/shared/_links.html.erb
 - app/views/devise/shared/_oauth.html.erb
 - app/views/devise/unlocks/new.html.erb
+- app/views/layouts/account.html.erb
+- app/views/layouts/devise.html.erb
 - config/locales/en/devise.en.yml
 - config/locales/en/invitations.en.yml
 - config/locales/en/memberships.en.yml