card-mod-api_key 0.11.5 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5daaebf767ad08b753f43f8719e8edab3c6e59182881730ff2c2f076cb98b71f
4
- data.tar.gz: 4bb4036a442f5661be9d22b000a58c69fe9913936fe6a807aa5a164abcf81ed6
3
+ metadata.gz: e9822f719c1166831d0eec0ead0b1403845839a4eaade9758686ae47906347fd
4
+ data.tar.gz: 52517786e557d599c767dccb91986056e4df9395ea9fc29483e4830dcdba5a47
5
5
  SHA512:
6
- metadata.gz: fff127e7b01bb657bff22c2f0d79ce9d4ec03787cf2fd49d4922c537c301de0f319f98879fbc873c0bd65209ed2de752a53e19761805fe5db665f33efb65e731
7
- data.tar.gz: 4e9d53b8591fa6dee79cd7d91d4c23cbe2c4857d96f8984dad9c83d8c81c6fe0fde900bec8daab44b7c9752f073bb99bafaa4abe1cb7d79d8c6f662b0b2d9f92
6
+ metadata.gz: 813c5cd3ca3f865eae51c66e8f5d5548cfb7ee0d4c6e2c66212475e03fe8ffdc687e1cad722ca982e1702327845ba7bb077093f4db700f1e17421d4c4d32a40b
7
+ data.tar.gz: c7aa1dd2d13e3e793d91883df8a5a27f7d5bda29117d37b2eb8640596c7b52fff484e2298867fc77b81198957a42964da0c95b3c72fe8328202c64b5d2b65d80
data/README.md CHANGED
@@ -0,0 +1,55 @@
1
+ <!--
2
+ # @title README - mod: API key
3
+ -->
4
+
5
+ # API key Mod
6
+ Enable Decko users to perform authorized web requests associated with their account
7
+ without a session.
8
+
9
+ ## Cards with codenames
10
+
11
+ | codename | default name | purpose |
12
+ |:--------:|:------------:|:-------:|
13
+ | :api_key | *api key | key for authenticating/authorizing API usage |
14
+
15
+ ## Sets with code rules
16
+
17
+ ### {Card::Set::Right::ApiKey [account card]+:api_key}
18
+ This is where the API key is stored. By default it is visible to and editable by
19
+ the account holder and to users with the "Help Desk" role.
20
+
21
+ #### Events
22
+
23
+ | event name | when | purpose |
24
+ |:---------:|:------:|:-------:|
25
+ | generate_api_key | triggered | creates a new, random key |
26
+ | validate_api_key | on save | ensures content is comprised of 20+ alphanumerics (only) |
27
+
28
+ #### Views
29
+
30
+ | view name | format | purpose |
31
+ |:---------:|:------:|:-------:|
32
+ | core | HTML | show key to permitted user and provide form to generate new one |
33
+ | generate_button | HTML | button for generating new API Key |
34
+ | token_link | HTML | links to json view returning a JWT token |
35
+ | token | JSON | return a JWT token for rapid authentication |
36
+
37
+ ### {Card::Set::Right::Account [accounted card]+:account}
38
+
39
+ #### Views
40
+
41
+ | view name | format | purpose |
42
+ |:---------:|:------:|:-------:|
43
+ | api_key | HTML | nests api_key card |
44
+
45
+ ## Card::Auth
46
+
47
+ Extends `Card::Auth.signin_with` to accept `api_key: myapikey`
48
+
49
+ ## API Usage
50
+
51
+ API users can add the api_key param to query strings or to request headers. Or, for
52
+ faster authentication, they can use their api key to get a JWT token. Card sharks can
53
+ provide a link for this token with the `token_link` view (see above). The token can
54
+ then be passed via the token param. By default tokens last for two days. This can be
55
+ configured in application.rb or environment config files using `config.token_expiry`.
@@ -4,11 +4,11 @@ class Card
4
4
  module Auth
5
5
  # methods for setting current account
6
6
  module ApiKey
7
- def signin_with opts={}
8
- if opts[:token]
9
- signin_with_token opts[:token]
10
- elsif opts[:api_key]
11
- signin_with_api_key opts[:api_key]
7
+ def signin_with token: nil, api_key: nil
8
+ if token
9
+ signin_with_token token
10
+ elsif api_key
11
+ signin_with_api_key api_key
12
12
  else
13
13
  signin_with_session
14
14
  end
@@ -0,0 +1,12 @@
1
+ class CardController
2
+ # add support for passing api key through header using X-API-Key
3
+ module ApiKey
4
+ def authenticators
5
+ super.merge api_key: api_key_from_header || params[:api_key]
6
+ end
7
+
8
+ def api_key_from_header
9
+ request.headers["X-API-Key"]
10
+ end
11
+ end
12
+ end
data/set/right/api_key.rb CHANGED
@@ -1,18 +1,20 @@
1
1
  include_set Abstract::AccountField
2
2
 
3
+ # triggerable event to generate new API Key
3
4
  event :generate_api_key, :prepare_to_validate, trigger: :required do
4
5
  generate
5
6
  end
6
7
 
7
- event :validate_api_key, :validate do
8
+ event :validate_api_key, :validate, on: :save, changed: :content do
8
9
  errors.add :content, t(:api_key_invalid) unless content.match?(/^\w{20,}$/)
9
10
  errors.add :content, t(:api_key_taken) if api_key_taken?
10
11
  end
11
12
 
13
+ # checks availability of API key
12
14
  def api_key_taken?
13
15
  return false unless (acct = Card::Auth.find_account_by_api_key content)
14
16
 
15
- acct.id == left_id
17
+ acct.id != left_id
16
18
  end
17
19
 
18
20
  def history?
@@ -27,6 +29,7 @@ def ok_to_create
27
29
  own_account? || super
28
30
  end
29
31
 
32
+ # @return [True/False] checks whether key matches content
30
33
  def authenticate_api_key api_key
31
34
  return true unless (error = api_key_validation_error api_key)
32
35
 
@@ -65,6 +68,7 @@ end
65
68
 
66
69
  format :html do
67
70
  view :core, unknown: true, template: :haml
71
+ view(:content, unknown: true) { super() }
68
72
 
69
73
  %i[titled titled_content].each do |viewname|
70
74
  view(viewname, unknown: true) { super() }
@@ -83,4 +87,8 @@ format :html do
83
87
  ]
84
88
  end
85
89
  end
90
+
91
+ def input_type
92
+ :text_field
93
+ end
86
94
  end
@@ -6,6 +6,6 @@
6
6
 
7
7
  = text_field_tag :current_api_key, card.content, readonly: true
8
8
  - else
9
- %em No key.
9
+ %em= t('api_key_no_key')
10
10
  .api-key-generate-button
11
11
  = render_generate_button
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: card-mod-api_key
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.5
4
+ version: 0.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ethan McCutchen
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2021-05-10 00:00:00.000000000 Z
13
+ date: 2021-08-06 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: card
@@ -18,28 +18,28 @@ dependencies:
18
18
  requirements:
19
19
  - - '='
20
20
  - !ruby/object:Gem::Version
21
- version: 1.101.5
21
+ version: 1.103.0
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  requirements:
26
26
  - - '='
27
27
  - !ruby/object:Gem::Version
28
- version: 1.101.5
28
+ version: 1.103.0
29
29
  - !ruby/object:Gem::Dependency
30
30
  name: card-mod-account
31
31
  requirement: !ruby/object:Gem::Requirement
32
32
  requirements:
33
33
  - - '='
34
34
  - !ruby/object:Gem::Version
35
- version: 0.11.5
35
+ version: 0.13.0
36
36
  type: :runtime
37
37
  prerelease: false
38
38
  version_requirements: !ruby/object:Gem::Requirement
39
39
  requirements:
40
40
  - - '='
41
41
  - !ruby/object:Gem::Version
42
- version: 0.11.5
42
+ version: 0.13.0
43
43
  description: ''
44
44
  email:
45
45
  - info@decko.org
@@ -48,8 +48,8 @@ extensions: []
48
48
  extra_rdoc_files: []
49
49
  files:
50
50
  - README.md
51
- - config/initializers/api_key.rb
52
51
  - lib/card/auth/api_key.rb
52
+ - lib/card_controller/api_key.rb
53
53
  - set/right/account.rb
54
54
  - set/right/api_key.rb
55
55
  - set/right/api_key/core.haml
@@ -78,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
78
78
  - !ruby/object:Gem::Version
79
79
  version: '0'
80
80
  requirements: []
81
- rubygems_version: 3.1.4
81
+ rubygems_version: 3.1.6
82
82
  signing_key:
83
83
  specification_version: 4
84
84
  summary: API Keys and JWT Tokens for Decko
@@ -1 +0,0 @@
1
- Card::Auth.extend Card::Auth::ApiKey