bullet_train 1.0.7 → 1.0.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 91587205ff146fede77d497b179accabc819d44eca37b45a073b5e97bf0fdfd0
-  data.tar.gz: ea97e2ea8db1e6a2ce999bc06032777bc35b6d7ba6ef8f1740a408601f4a2bc7
+  metadata.gz: fe8d2496703f3d58b654d6a86b7fa9f5b0e1a29d7f6abc392c4393e0033147fc
+  data.tar.gz: 4d2eec433d7d5b7b8c9d65adb600c338e561b905fb659925dd70d162a979cfc5
 SHA512:
-  metadata.gz: 119ac0424011467fd3aeab95aba0213aae4711ea1246288cd38b597149a685e2874e1891371ab680a0a0f3f8e50834a2faa501670379c633c40a62a05ad5bab5
-  data.tar.gz: 2c958dd9a290d69143dd2829018054fb5a28b35d85d3635f311cc1814087fee3ebc83d9c2f7e9dd238a3b527e24b7e251db8d0efc626ac22b082fa980775f6ca
+  metadata.gz: 52f166965026e286f9d8f1c36bee7dc002192eb754ab5186ad6d225de5317b124fc58865b16ac371336c2df38742c0c46deb34cf2a3321357f385284ea35fe61
+  data.tar.gz: 5fdadbf567930300788d5a5806495cc39331bd160425e722e2ebb515af2f3880ae7b0b0471f6ccc4e19cd27c40fc7b0bfb82f847c8050c840a7ff38be2c66515

data/app/controllers/account/invitations_controller.rb

@@ -1,3 +1,3 @@
 class Account::InvitationsController < Account::ApplicationController
-  include Invitations::ControllerBase
+  include Account::Invitations::ControllerBase
 end

data/app/controllers/account/two_factors_controller.rb

@@ -0,0 +1,18 @@
+class Account::TwoFactorsController < Account::ApplicationController
+  before_action :authenticate_user!
+
+  def create
+    @backup_codes = current_user.generate_otp_backup_codes!
+    @user = current_user
+
+    current_user.update(
+      otp_secret: User.generate_otp_secret,
+      otp_required_for_login: true
+    )
+  end
+
+  def destroy
+    @user = current_user
+    current_user.update(otp_required_for_login: false)
+  end
+end

data/app/controllers/concerns/account/controllers/base.rb

@@ -0,0 +1,118 @@
+module Account::Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    include LoadsAndAuthorizesResource
+    include Fields::ControllerSupport
+
+    before_action :set_last_seen_at, if: proc {
+      user_signed_in? && (current_user.last_seen_at.nil? || current_user.last_seen_at < 1.minute.ago)
+    }
+
+    layout "account"
+
+    before_action :authenticate_user!
+    before_action :set_paper_trail_whodunnit
+    before_action :ensure_onboarding_is_complete_and_set_next_step
+  end
+
+  class_methods do
+    # this is a template method called by LoadsAndAuthorizesResource.
+    # it allows that module to understand what namespaces of a controller
+    # are organizing the controllers, and which are organizing the models.
+    def regex_to_remove_controller_namespace
+      /^Account::/
+    end
+  end
+
+  def adding_user_email?
+    is_a?(Account::Onboarding::UserEmailController)
+  end
+
+  def adding_user_details?
+    is_a?(Account::Onboarding::UserDetailsController)
+  end
+
+  def adding_team?
+    return true if request.get? && request.path == new_account_team_path
+    return true if request.post? && request.path == account_teams_path
+    false
+  end
+
+  def switching_teams?
+    return true if request.get? && request.path == account_teams_path
+    false
+  end
+
+  def managing_account?
+    is_a?(Account::UsersController) || self.class.module_parents.include?(Oauth)
+  end
+
+  def accepting_invitation?
+    (params[:controller] == "account/invitations") && (params[:action] == "show" || params[:action] == "accept")
+  end
+
+  def ensure_onboarding_is_complete_and_set_next_step
+    unless ensure_onboarding_is_complete
+      session[:after_onboarding_url] ||= request.url
+    end
+  end
+
+  def ensure_onboarding_is_complete
+    # This is temporary, but if we've gotten this far and `@team` is loaded, we need to ensure current_team is
+    # updated for the checks below. This entire concept of `current_team` is going away soon.
+    current_user.update(current_team: @team) if @team&.persisted?
+
+    # since the onboarding controllers are child classes of this class,
+    # we actually have to check to make sure we're not currently on that
+    # step otherwise we'll end up in an endless redirection loop.
+    if current_user.email_is_oauth_placeholder?
+      if adding_user_email?
+        return true
+      else
+        redirect_to edit_account_onboarding_user_email_path(current_user)
+        return false
+      end
+    end
+
+    # some team-related onboarding steps need to be skipped if we're in the process
+    # of creating a new team.
+    unless adding_team? || accepting_invitation?
+
+      # USER ONBOARDING STUFF
+      # first we make sure the user is properly onboarded.
+      unless current_team.present?
+
+        # don't force the user to create a team if they've already got one.
+        if current_user.teams.any?
+          current_user.update(current_team: current_user.teams.first)
+        else
+          redirect_to new_account_team_path
+          return false
+        end
+      end
+
+      # TEAM ONBOARDING STUFF.
+      # then make sure the team is properly onboarded.
+
+      # since the onboarding controllers are child classes of this class,
+      # we actually have to check to make sure we're not currently on that
+      # step otherwise we'll end up in an endless redirection loop.
+      unless current_user.details_provided?
+        if adding_user_details?
+          return true
+        else
+          redirect_to edit_account_onboarding_user_detail_path(current_user)
+          return false
+        end
+      end
+
+    end
+
+    true
+  end
+
+  def set_last_seen_at
+    current_user.update_attribute(:last_seen_at, Time.current)
+  end
+end

data/app/controllers/concerns/controllers/base.rb

@@ -0,0 +1,119 @@
+module Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    # these are common for authentication workflows.
+    include InvitationOnlyHelper
+    include InvitationsHelper
+
+    include DeviseCurrentAttributes
+
+    around_action :set_locale
+    layout :layout_by_resource
+
+    before_action { @updating = request.headers["X-Cable-Ready"] == "update" }
+
+    # TODO Extract this into an optional `bullet_train-sentry` package.
+    before_action :set_sentry_context
+
+    skip_before_action :verify_authenticity_token, if: -> { controller_name == "sessions" && action_name == "create" }
+
+    rescue_from CanCan::AccessDenied do |exception|
+      if current_user.nil?
+        respond_to do |format|
+          format.html do
+            session["user_return_to"] = request.path
+            redirect_to [:new, :user, :session], alert: exception.message
+          end
+        end
+      elsif current_user.teams.none?
+        respond_to do |format|
+          format.html { redirect_to [:new, :account, :team], alert: exception.message }
+        end
+      else
+        respond_to do |format|
+          # TODO we do this for now because it ensures `current_team` doesn't remain set in an invalid state.
+          format.html { redirect_to [:account, current_user.teams.first], alert: exception.message }
+        end
+      end
+    end
+  end
+
+  # this is an ugly hack, but it's what is recommended at
+  # https://github.com/plataformatec/devise/wiki/How-To:-Create-custom-layouts
+  def layout_by_resource
+    if devise_controller?
+      "devise"
+    else
+      "public"
+    end
+  end
+
+  def after_sign_in_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def after_sign_up_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def current_team
+    helpers.current_team
+  end
+
+  def current_membership
+    helpers.current_membership
+  end
+
+  def current_locale
+    helpers.current_locale
+  end
+
+  def enforce_invitation_only
+    if invitation_only?
+      unless helpers.invited?
+        redirect_to [:account, :teams], notice: t("teams.notifications.invitation_only")
+      end
+    end
+  end
+
+  def set_locale
+    I18n.locale = [
+      current_user&.locale,
+      current_user&.current_team&.locale,
+      http_accept_language.compatible_language_from(I18n.available_locales),
+      I18n.default_locale.to_s
+    ].compact.find { |potential_locale| I18n.available_locales.include?(potential_locale.to_sym) }
+    yield
+    I18n.locale = I18n.default_locale
+  end
+
+  # Whitelist the account namespace and prevent JavaScript
+  # embedding when passing paths as parameters in links.
+  def only_allow_path(path)
+    return if path.nil?
+    account_namespace_regexp = /^\/account\/*+/
+    scheme = URI.parse(path).scheme
+    return nil unless path.match?(account_namespace_regexp) && scheme != "javascript"
+    path
+  end
+
+  # TODO Extract this into an optional `bullet_train-sentry` package.
+  def set_sentry_context
+    return unless ENV["SENTRY_DSN"]
+
+    Sentry.configure_scope do |scope|
+      scope.set_user(id: current_user.id, email: current_user.email) if current_user
+
+      scope.set_context(
+        "request",
+        {
+          url: request.url,
+          params: params.to_unsafe_h
+        }
+      )
+    end
+  end
+end

data/app/controllers/concerns/devise_current_attributes.rb

@@ -0,0 +1,13 @@
+module DeviseCurrentAttributes
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_current_user
+  end
+
+  def set_current_user
+    if current_user
+      Current.user = current_user
+    end
+  end
+end

data/app/models/concerns/records/base.rb

@@ -0,0 +1,60 @@
+module Records::Base
+  extend ActiveSupport::Concern
+
+  included do
+    if defined?(Webhooks::Outgoing::IssuingModel)
+      include Webhooks::Outgoing::IssuingModel
+    end
+
+    if defined?(ObfuscatesId)
+      include ObfuscatesId
+    end
+
+    if defined?(QuestionMethodsFromScopes)
+      include QuestionMethodsFromScopes
+    end
+
+    include CableReady::Updatable
+    enable_updates
+
+    extend ActiveHash::Associations::ActiveRecordExtensions
+
+    # 🏚 i'd like to deprecate these. they're not descriptive enough.
+    scope :newest, -> { order("created_at DESC") }
+    scope :oldest, -> { order("created_at ASC") }
+
+    scope :newest_created, -> { order("created_at DESC") }
+    scope :oldest_created, -> { order("created_at ASC") }
+    scope :newest_updated, -> { order("updated_at DESC") }
+    scope :oldest_updated, -> { order("updated_at ASC") }
+
+    # Microscope adds useful scopes targeting ActiveRecord `boolean`, `date` and `datetime` attributes.
+    # https://github.com/mirego/microscope
+    acts_as_microscope
+  end
+
+  class_methods do
+    # by default we represent methods by their first string attribute.
+    def label_attribute
+      columns_hash.values.find { |column| column.sql_type_metadata.type == :string }&.name
+    end
+  end
+
+  # this is a template method you can override in activerecord models if we shouldn't just use their first string to
+  # identify them.
+  def label_string
+    if (label_attribute = self.class.label_attribute)
+      send("#{label_attribute}_was")
+    else
+      self.class.name.underscore.split("/").last.titleize
+    end
+  end
+
+  def parent_collection
+    # TODO Try to suggest what the entire method definition should actually be
+    # using parent_key below to do so.
+    model_name = self.class
+    # parent_key = model_name.reflect_on_all_associations(:belongs_to).first.name
+    raise "You're trying to use a feature that requires #{model_name} to have a `collection` method defined that returns the Active Record association that this model belongs to within its parent object."
+  end
+end

data/app/views/account/two_factors/create.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/account/two_factors/destroy.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/layouts/account.html.erb

@@ -0,0 +1 @@
+<%= render "themes/#{current_theme}/layouts/account" %>

data/app/views/layouts/devise.html.erb

@@ -0,0 +1 @@
+<%= render "themes/#{current_theme}/layouts/devise" %>

data/lib/bullet_train/version.rb

@@ -1,3 +1,3 @@
 module BulletTrain
-  VERSION = "1.0.7"
+  VERSION = "1.0.11"
 end

data/lib/bullet_train.rb

@@ -2,5 +2,5 @@ require "bullet_train/version"
 require "bullet_train/engine"
 
 module BulletTrain
-  # Your code goes here...
+  mattr_accessor :routing_concerns, default: []
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.11
 platform: ruby
 authors:
 - Andrew Culver
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-31 00:00:00.000000000 Z
+date: 2022-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -40,13 +40,17 @@ files:
 - app/controllers/account/onboarding/user_details_controller.rb
 - app/controllers/account/onboarding/user_email_controller.rb
 - app/controllers/account/teams_controller.rb
+- app/controllers/account/two_factors_controller.rb
 - app/controllers/account/users_controller.rb
+- app/controllers/concerns/account/controllers/base.rb
 - app/controllers/concerns/account/invitations/controller_base.rb
 - app/controllers/concerns/account/memberships/controller_base.rb
 - app/controllers/concerns/account/onboarding/user_details/controller_base.rb
 - app/controllers/concerns/account/onboarding/user_email/controller_base.rb
 - app/controllers/concerns/account/teams/controller_base.rb
 - app/controllers/concerns/account/users/controller_base.rb
+- app/controllers/concerns/controllers/base.rb
+- app/controllers/concerns/devise_current_attributes.rb
 - app/controllers/concerns/registrations/controller_base.rb
 - app/controllers/concerns/sessions/controller_base.rb
 - app/controllers/registrations_controller.rb
@@ -71,6 +75,7 @@ files:
 - app/mailers/user_mailer.rb
 - app/models/concerns/invitations/base.rb
 - app/models/concerns/memberships/base.rb
+- app/models/concerns/records/base.rb
 - app/models/concerns/teams/base.rb
 - app/models/concerns/users/base.rb
 - app/models/invitation.rb
@@ -109,6 +114,8 @@ files:
 - app/views/account/teams/new.html.erb
 - app/views/account/teams/show.html.erb
 - app/views/account/teams/show.json.jbuilder
+- app/views/account/two_factors/create.js.erb
+- app/views/account/two_factors/destroy.js.erb
 - app/views/account/users/_breadcrumbs.html.erb
 - app/views/account/users/_form.html.erb
 - app/views/account/users/edit.html.erb
@@ -128,6 +135,8 @@ files:
 - app/views/devise/shared/_links.html.erb
 - app/views/devise/shared/_oauth.html.erb
 - app/views/devise/unlocks/new.html.erb
+- app/views/layouts/account.html.erb
+- app/views/layouts/devise.html.erb
 - config/locales/en/devise.en.yml
 - config/locales/en/invitations.en.yml
 - config/locales/en/memberships.en.yml