card-mod-api_key 0.11.5 → 0.11.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5daaebf767ad08b753f43f8719e8edab3c6e59182881730ff2c2f076cb98b71f
-  data.tar.gz: 4bb4036a442f5661be9d22b000a58c69fe9913936fe6a807aa5a164abcf81ed6
+  metadata.gz: 65037d50899033317101ca09b8e3ae47ea9694161e713f3010ba549972d9382b
+  data.tar.gz: c6ccc6353c51abc65adc90d5ca682b8a03bef2fe95a785e9dcf23aefb4799e26
 SHA512:
-  metadata.gz: fff127e7b01bb657bff22c2f0d79ce9d4ec03787cf2fd49d4922c537c301de0f319f98879fbc873c0bd65209ed2de752a53e19761805fe5db665f33efb65e731
-  data.tar.gz: 4e9d53b8591fa6dee79cd7d91d4c23cbe2c4857d96f8984dad9c83d8c81c6fe0fde900bec8daab44b7c9752f073bb99bafaa4abe1cb7d79d8c6f662b0b2d9f92
+  metadata.gz: 1b4b07798f385a10c682e609a8ff7bf8ccbffe32863a1c8d243ffa0fbdc15e2c33272ea16197b7108f6ec8ede8017931ac8a9b2c8c44264ee90efd6219b1a564
+  data.tar.gz: 5d917ddd48d4c6304b27f498c2e9af4aaec820b9d6d9ef6d7d37e6e60b653d994cdc87bd8b18b6d60afef57d1944c27cf4195d12da2d9c483b21e7eb10797419

data/README.md

@@ -0,0 +1,55 @@
+<!--
+# @title README - mod: API key
+-->
+
+# API key Mod
+Enable Decko users to perform authorized web requests associated with their account
+without a session.
+
+## Cards with codenames
+
+| codename | default name | purpose |
+|:--------:|:------------:|:-------:|
+| :api_key | *api key | key for authenticating/authorizing API usage |
+
+## Sets with code rules
+
+### {Card::Set::Right::ApiKey [account card]+:api_key}
+This is where the API key is stored. By default it is visible to and editable by 
+the account holder and to users with the "Help Desk" role.  
+
+#### Events
+
+| event name | when | purpose |
+|:---------:|:------:|:-------:|
+| generate_api_key | triggered | creates a new, random key |
+| validate_api_key | on save | ensures content is comprised of 20+ alphanumerics (only) |
+
+#### Views
+
+| view name | format | purpose |
+|:---------:|:------:|:-------:|
+| core | HTML | show key to permitted user and provide form to generate new one |
+| generate_button | HTML | button for generating new API Key |
+| token_link | HTML | links to json view returning a JWT token |
+| token | JSON | return a JWT token for rapid authentication |
+
+### {Card::Set::Right::Account [accounted card]+:account}
+
+#### Views
+
+| view name | format | purpose |
+|:---------:|:------:|:-------:|
+| api_key | HTML | nests api_key card |
+
+## Card::Auth
+
+Extends `Card::Auth.signin_with` to accept `api_key: myapikey`
+
+## API Usage
+
+API users can add the api_key param to query strings or to request headers. Or, for 
+faster authentication, they can use their api key to get a JWT token. Card sharks can
+provide a link for this token with the `token_link` view (see above). The token can
+then be passed via the token param. By default tokens last for two days. This can be
+configured in application.rb or environment config files using `config.token_expiry`.

data/config/initializers/api_key.rb

@@ -1 +1,3 @@
+# Adds {Card::Auth::ApiKey} methods to Card::Auth class
+
 Card::Auth.extend Card::Auth::ApiKey

data/set/right/api_key.rb

@@ -1,18 +1,20 @@
 include_set Abstract::AccountField
 
+# triggerable event to generate new API Key
 event :generate_api_key, :prepare_to_validate, trigger: :required do
   generate
 end
 
-event :validate_api_key, :validate do
+event :validate_api_key, :validate, on: :save, changed: :content do
   errors.add :content, t(:api_key_invalid) unless content.match?(/^\w{20,}$/)
   errors.add :content, t(:api_key_taken) if api_key_taken?
 end
 
+# checks availability of API key
 def api_key_taken?
   return false unless (acct = Card::Auth.find_account_by_api_key content)
 
-  acct.id == left_id
+  acct.id != left_id
 end
 
 def history?
@@ -27,6 +29,7 @@ def ok_to_create
   own_account? || super
 end
 
+# @return [True/False] checks whether key matches content
 def authenticate_api_key api_key
   return true unless (error = api_key_validation_error api_key)
 
@@ -65,6 +68,7 @@ end
 
 format :html do
   view :core, unknown: true, template: :haml
+  view(:content, unknown: true) { super() }
 
   %i[titled titled_content].each do |viewname|
     view(viewname, unknown: true) { super() }
@@ -83,4 +87,8 @@ format :html do
       ]
     end
   end
+
+  def input_type
+    :text_field
+  end
 end

data/set/right/api_key/core.haml

@@ -6,6 +6,6 @@
 
       = text_field_tag :current_api_key, card.content, readonly: true
     - else
-      %em No key.
+      %em= t('api_key_no_key')
   .api-key-generate-button
     = render_generate_button

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: card-mod-api_key
 version: !ruby/object:Gem::Version
-  version: 0.11.5
+  version: 0.11.6
 platform: ruby
 authors:
 - Ethan McCutchen
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: card
@@ -18,28 +18,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.101.5
+        version: 1.101.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.101.5
+        version: 1.101.6
 - !ruby/object:Gem::Dependency
   name: card-mod-account
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.5
+        version: 0.11.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.5
+        version: 0.11.6
 description: ''
 email:
 - info@decko.org