bullet_train 1.0.7 → 1.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 91587205ff146fede77d497b179accabc819d44eca37b45a073b5e97bf0fdfd0
-  data.tar.gz: ea97e2ea8db1e6a2ce999bc06032777bc35b6d7ba6ef8f1740a408601f4a2bc7
+  metadata.gz: 7c456427f05a6de4ee6550f5b6e0b0631e196774e03375bbf59c5d35a9420755
+  data.tar.gz: c472262b19400507b36cdbad3699136464d2cdec48e1b24c5a5c011a8f5b337c
 SHA512:
-  metadata.gz: 119ac0424011467fd3aeab95aba0213aae4711ea1246288cd38b597149a685e2874e1891371ab680a0a0f3f8e50834a2faa501670379c633c40a62a05ad5bab5
-  data.tar.gz: 2c958dd9a290d69143dd2829018054fb5a28b35d85d3635f311cc1814087fee3ebc83d9c2f7e9dd238a3b527e24b7e251db8d0efc626ac22b082fa980775f6ca
+  metadata.gz: 8197df1a2ad180566d7a998dc0ba290c1c67a660c4c755f0aa6ef11ec8e2f60c97481a102d590b5a4b623e1257536b93c2007f72f0a3143829f5ab5f928fe4e9
+  data.tar.gz: 72ecd65e81e5d69605381baa864370cb003abd6ff7fff44708eefa351f33b7108b9fa9547e9ac1c88ca324a1aef702879dde9a5cd4c83a10f55fe896d36ff75d

data/app/controllers/account/two_factors_controller.rb

@@ -0,0 +1,18 @@
+class Account::TwoFactorsController < Account::ApplicationController
+  before_action :authenticate_user!
+
+  def create
+    @backup_codes = current_user.generate_otp_backup_codes!
+    @user = current_user
+
+    current_user.update(
+      otp_secret: User.generate_otp_secret,
+      otp_required_for_login: true
+    )
+  end
+
+  def destroy
+    @user = current_user
+    current_user.update(otp_required_for_login: false)
+  end
+end

data/app/controllers/concerns/account/controllers/base.rb

@@ -0,0 +1,118 @@
+module Account::Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    include LoadsAndAuthorizesResource
+    include Fields::ControllerSupport
+
+    before_action :set_last_seen_at, if: proc {
+      user_signed_in? && (current_user.last_seen_at.nil? || current_user.last_seen_at < 1.minute.ago)
+    }
+
+    layout "account"
+
+    before_action :authenticate_user!
+    before_action :set_paper_trail_whodunnit
+    before_action :ensure_onboarding_is_complete_and_set_next_step
+  end
+
+  class_methods do
+    # this is a template method called by LoadsAndAuthorizesResource.
+    # it allows that module to understand what namespaces of a controller
+    # are organizing the controllers, and which are organizing the models.
+    def regex_to_remove_controller_namespace
+      /^Account::/
+    end
+  end
+
+  def adding_user_email?
+    is_a?(Account::Onboarding::UserEmailController)
+  end
+
+  def adding_user_details?
+    is_a?(Account::Onboarding::UserDetailsController)
+  end
+
+  def adding_team?
+    return true if request.get? && request.path == new_account_team_path
+    return true if request.post? && request.path == account_teams_path
+    false
+  end
+
+  def switching_teams?
+    return true if request.get? && request.path == account_teams_path
+    false
+  end
+
+  def managing_account?
+    is_a?(Account::UsersController) || self.class.module_parents.include?(Oauth)
+  end
+
+  def accepting_invitation?
+    (params[:controller] == "account/invitations") && (params[:action] == "show" || params[:action] == "accept")
+  end
+
+  def ensure_onboarding_is_complete_and_set_next_step
+    unless ensure_onboarding_is_complete
+      session[:after_onboarding_url] ||= request.url
+    end
+  end
+
+  def ensure_onboarding_is_complete
+    # This is temporary, but if we've gotten this far and `@team` is loaded, we need to ensure current_team is
+    # updated for the checks below. This entire concept of `current_team` is going away soon.
+    current_user.update(current_team: @team) if @team&.persisted?
+
+    # since the onboarding controllers are child classes of this class,
+    # we actually have to check to make sure we're not currently on that
+    # step otherwise we'll end up in an endless redirection loop.
+    if current_user.email_is_oauth_placeholder?
+      if adding_user_email?
+        return true
+      else
+        redirect_to edit_account_onboarding_user_email_path(current_user)
+        return false
+      end
+    end
+
+    # some team-related onboarding steps need to be skipped if we're in the process
+    # of creating a new team.
+    unless adding_team? || accepting_invitation?
+
+      # USER ONBOARDING STUFF
+      # first we make sure the user is properly onboarded.
+      unless current_team.present?
+
+        # don't force the user to create a team if they've already got one.
+        if current_user.teams.any?
+          current_user.update(current_team: current_user.teams.first)
+        else
+          redirect_to new_account_team_path
+          return false
+        end
+      end
+
+      # TEAM ONBOARDING STUFF.
+      # then make sure the team is properly onboarded.
+
+      # since the onboarding controllers are child classes of this class,
+      # we actually have to check to make sure we're not currently on that
+      # step otherwise we'll end up in an endless redirection loop.
+      unless current_user.details_provided?
+        if adding_user_details?
+          return true
+        else
+          redirect_to edit_account_onboarding_user_detail_path(current_user)
+          return false
+        end
+      end
+
+    end
+
+    true
+  end
+
+  def set_last_seen_at
+    current_user.update_attribute(:last_seen_at, Time.current)
+  end
+end

data/app/controllers/concerns/controllers/base.rb

@@ -0,0 +1,119 @@
+module Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    # these are common for authentication workflows.
+    include InvitationOnlyHelper
+    include InvitationsHelper
+
+    include DeviseCurrentAttributes
+
+    around_action :set_locale
+    layout :layout_by_resource
+
+    before_action { @updating = request.headers["X-Cable-Ready"] == "update" }
+
+    # TODO Extract this into an optional `bullet_train-sentry` package.
+    before_action :set_sentry_context
+
+    skip_before_action :verify_authenticity_token, if: -> { controller_name == "sessions" && action_name == "create" }
+
+    rescue_from CanCan::AccessDenied do |exception|
+      if current_user.nil?
+        respond_to do |format|
+          format.html do
+            session["user_return_to"] = request.path
+            redirect_to [:new, :user, :session], alert: exception.message
+          end
+        end
+      elsif current_user.teams.none?
+        respond_to do |format|
+          format.html { redirect_to [:new, :account, :team], alert: exception.message }
+        end
+      else
+        respond_to do |format|
+          # TODO we do this for now because it ensures `current_team` doesn't remain set in an invalid state.
+          format.html { redirect_to [:account, current_user.teams.first], alert: exception.message }
+        end
+      end
+    end
+  end
+
+  # this is an ugly hack, but it's what is recommended at
+  # https://github.com/plataformatec/devise/wiki/How-To:-Create-custom-layouts
+  def layout_by_resource
+    if devise_controller?
+      "devise"
+    else
+      "public"
+    end
+  end
+
+  def after_sign_in_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def after_sign_up_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def current_team
+    helpers.current_team
+  end
+
+  def current_membership
+    helpers.current_membership
+  end
+
+  def current_locale
+    helpers.current_locale
+  end
+
+  def enforce_invitation_only
+    if invitation_only?
+      unless helpers.invited?
+        redirect_to [:account, :teams], notice: t("teams.notifications.invitation_only")
+      end
+    end
+  end
+
+  def set_locale
+    I18n.locale = [
+      current_user&.locale,
+      current_user&.current_team&.locale,
+      http_accept_language.compatible_language_from(I18n.available_locales),
+      I18n.default_locale.to_s
+    ].compact.find { |potential_locale| I18n.available_locales.include?(potential_locale.to_sym) }
+    yield
+    I18n.locale = I18n.default_locale
+  end
+
+  # Whitelist the account namespace and prevent JavaScript
+  # embedding when passing paths as parameters in links.
+  def only_allow_path(path)
+    return if path.nil?
+    account_namespace_regexp = /^\/account\/*+/
+    scheme = URI.parse(path).scheme
+    return nil unless path.match?(account_namespace_regexp) && scheme != "javascript"
+    path
+  end
+
+  # TODO Extract this into an optional `bullet_train-sentry` package.
+  def set_sentry_context
+    return unless ENV["SENTRY_DSN"]
+
+    Sentry.configure_scope do |scope|
+      scope.set_user(id: current_user.id, email: current_user.email) if current_user
+
+      scope.set_context(
+        "request",
+        {
+          url: request.url,
+          params: params.to_unsafe_h
+        }
+      )
+    end
+  end
+end

data/app/controllers/concerns/devise_current_attributes.rb

@@ -0,0 +1,13 @@
+module DeviseCurrentAttributes
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_current_user
+  end
+
+  def set_current_user
+    if current_user
+      Current.user = current_user
+    end
+  end
+end

data/app/views/account/two_factors/create.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/account/two_factors/destroy.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/layouts/account.html.erb

@@ -0,0 +1 @@
+<%= render "themes/#{current_theme}/layouts/account" %>

data/app/views/layouts/devise.html.erb

@@ -0,0 +1 @@
+<%= render "themes/#{current_theme}/layouts/devise" %>

data/lib/bullet_train/version.rb

@@ -1,3 +1,3 @@
 module BulletTrain
-  VERSION = "1.0.7"
+  VERSION = "1.0.8"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.8
 platform: ruby
 authors:
 - Andrew Culver
@@ -40,13 +40,17 @@ files:
 - app/controllers/account/onboarding/user_details_controller.rb
 - app/controllers/account/onboarding/user_email_controller.rb
 - app/controllers/account/teams_controller.rb
+- app/controllers/account/two_factors_controller.rb
 - app/controllers/account/users_controller.rb
+- app/controllers/concerns/account/controllers/base.rb
 - app/controllers/concerns/account/invitations/controller_base.rb
 - app/controllers/concerns/account/memberships/controller_base.rb
 - app/controllers/concerns/account/onboarding/user_details/controller_base.rb
 - app/controllers/concerns/account/onboarding/user_email/controller_base.rb
 - app/controllers/concerns/account/teams/controller_base.rb
 - app/controllers/concerns/account/users/controller_base.rb
+- app/controllers/concerns/controllers/base.rb
+- app/controllers/concerns/devise_current_attributes.rb
 - app/controllers/concerns/registrations/controller_base.rb
 - app/controllers/concerns/sessions/controller_base.rb
 - app/controllers/registrations_controller.rb
@@ -109,6 +113,8 @@ files:
 - app/views/account/teams/new.html.erb
 - app/views/account/teams/show.html.erb
 - app/views/account/teams/show.json.jbuilder
+- app/views/account/two_factors/create.js.erb
+- app/views/account/two_factors/destroy.js.erb
 - app/views/account/users/_breadcrumbs.html.erb
 - app/views/account/users/_form.html.erb
 - app/views/account/users/edit.html.erb
@@ -128,6 +134,8 @@ files:
 - app/views/devise/shared/_links.html.erb
 - app/views/devise/shared/_oauth.html.erb
 - app/views/devise/unlocks/new.html.erb
+- app/views/layouts/account.html.erb
+- app/views/layouts/devise.html.erb
 - config/locales/en/devise.en.yml
 - config/locales/en/invitations.en.yml
 - config/locales/en/memberships.en.yml