cased-rails 0.3.0 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e5a6f29a653a735c26a9189ff897f080e17222fb4466fbd3bed2bad7c09bc82
-  data.tar.gz: df8009f7e0565fb463d7d898968abc7f76fd99dd7c27c3fafbd0cc121a57da32
+  metadata.gz: 49f90bda9670e4c31103308b7140637c601f769112a8f94873f48b2f8e957a75
+  data.tar.gz: 50788a3192675057b100135a72c8b33b6e263961c181683de574585663a7e494
 SHA512:
-  metadata.gz: 62e55fc3dcd8385135d6303061167a290a1e853325110b2d3d28d274773b67493d7ddec8c18f080f5d57b87ae3a1a400b29e2f404382e5d6cee0399f95644024
-  data.tar.gz: e588a0f6abcdbff9c77b48f84e016458d7666538a41db9a2c2239a4301e2ea87845f266f4ee29c38315d242af731b89accec6486c03936537a7d3fe1744b4c31
+  metadata.gz: 0f960a6c6bbaad726b8efae2dc34bec84c2f8cf45389bcc1785c50f5efc2b463f4b703c1560c1ab1bdd3baf3626cca80f00671050cb134d3d959c3f82ae708ce
+  data.tar.gz: 0dba75ffb963563d4122aa473dbfb0aca765b0fbc5d970eb3876e77a1a05720f7e5bb22a2d0484bd1ae6bf2e96d6d719af43e5d6fefcc54ec7c8e74c157e1256

data/app/assets/config/cased/manifest.js

@@ -0,0 +1,2 @@
+//= link_tree ../../images/cased
+//= link_directory ../../javascripts/cased .js

data/app/assets/javascripts/cased/index.js

@@ -0,0 +1,75 @@
+//= require rails-ujs
+
+let windowReference = null;
+let previousUrl = null;
+let casedCreateSession = null;
+let casedLoggedInContainer = null;
+let casedLoggedOutContainer = null;
+let casedUser = null;
+
+// receiveMessage is the callback that is triggered when an authentication
+// response is received from the new window we opened.
+//
+// We use this callback to update the user information in the UI and show the
+// logged in container.
+const receiveMessage = (event) => {
+  if (!event.isTrusted) {
+    return;
+  }
+
+  const { user } = event.data;
+  casedUser.innerText = user;
+  if (casedCreateSession) {
+    casedCreateSession.submit();
+  } else {
+    casedLoggedInContainer.classList.remove("hidden");
+    casedLoggedOutContainer.classList.add("hidden");
+  }
+};
+
+// openSignInWindow is used to present the Cased sign in window.
+const openSignInWindow = (url) => {
+  window.removeEventListener("message", receiveMessage);
+  const windowFeatures =
+    "toolbar=no, menubar=no, width=600, height=700, top=50, left=200";
+
+  if (windowReference === null || windowReference.closed) {
+    windowReference = window.open(url, "Cased", windowFeatures);
+  } else if (previousUrl !== url) {
+    // If the window is already open and the previous URL was different, we need
+    // to load a new URL and refocus.
+    windowReference = window.open(url, "Cased", windowFeatures);
+    windowReference.focus();
+  } else {
+    windowReference.focus();
+  }
+
+  window.addEventListener("message", (event) => receiveMessage(event), false);
+  previousUrl = url;
+};
+
+window.addEventListener("DOMContentLoaded", (event) => {
+  // Global elements
+  casedCreateSession = document.getElementById("cased-create-session");
+  casedLoggedInContainer = document.getElementById("cased-logged-in");
+  casedLoggedOutContainer = document.getElementById("cased-logged-out");
+  casedUser = document.getElementById("cased-user");
+
+  // Local elements
+  const casedAuthenticate = document.getElementById("cased-authenticate");
+  if (casedAuthenticate) {
+    casedAuthenticate.addEventListener("click", (event) => {
+      event.preventDefault();
+
+      openSignInWindow(event.currentTarget.href);
+    });
+  }
+
+  const casedLogout = document.getElementById("cased-logout");
+  if (casedLogout) {
+    casedLogout.addEventListener("ajax:success", (_event) => {
+      casedLoggedInContainer.classList.add("hidden");
+      casedLoggedOutContainer.classList.remove("hidden");
+    });
+  }
+});

data/app/controllers/cased/authorizations_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Cased
+  class AuthorizationsController < ApplicationController
+    def create
+      self.cased_authorization = params[:token]
+    end
+
+    def destroy
+      self.cased_authorization = nil
+    end
+  end
+end

data/app/controllers/cased/cli/sessions_controller.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Cased
+  module CLI
+    class SessionsController < ApplicationController
+      def show
+        guard_session = Cased::CLI::Session.find(params[:guard_session_id])
+
+        respond_to do |format|
+          format.html do
+            render partial: 'cased/cli/sessions/form', locals: { guard_session: guard_session }
+          end
+
+          format.json do
+            render partial: 'cased/cli/sessions/guard_session', locals: { guard_session: guard_session }
+          end
+        end
+      end
+
+      def cancel
+        guard_session = Cased::CLI::Session.find(params[:guard_session_id])
+        guard_session.cancel
+
+        respond_to do |format|
+          format.html do
+            safe_redirect_back
+          end
+
+          format.json do
+            render partial: 'cased/cli/sessions/guard_session', locals: { guard_session: guard_session }
+          end
+        end
+      end
+
+      private
+
+      def safe_redirect_back(allow_other_host: false, **args)
+        referer = params[:referer]
+        redirect_to_referer = referer && (allow_other_host || url_host_allowed?(referer))
+        redirect_to redirect_to_referer ? referer : guard_fallback_location, **args
+      end
+
+      def url_host_allowed?(url)
+        uri = URI(url.to_s)
+
+        # We're redirecting to a path on app.cased.com, that is okay.
+        return true if uri.host.blank?
+
+        uri.host == request.host
+      rescue ArgumentError, URI::Error
+        false
+      end
+    end
+  end
+end

data/app/helpers/cased_helper.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module CasedHelper
+  # Guarded parameters are the original parameters when the form was first
+  # submitted. These parameters need to be preserved.
+  def guarded_parameters(form)
+    form_params = params.except(:authenticity_token, :controller, :action)
+
+    safe_join render_guarded_parameters(form, form_params.to_unsafe_h)
+  end
+
+  def render_guarded_parameters(form, form_params, prefix = nil)
+    form_params.collect do |key, value|
+      case value
+      when Hash
+        render_guarded_parameters(form, value, key)
+      else
+        name = prefix ? "#{prefix}[#{key}]" : key
+        hidden_field_tag(name, value)
+      end
+    end
+  end
+end

data/app/models/cased/authorization.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module Cased
+  class Authorization
+    class MissingApplicationKey < StandardError
+      MESSAGE = <<~MSG
+        Missing GUARD_APPLICATION_KEY or Cased.config.guard_application_key.
+      MSG
+
+      def initialize
+        super(MESSAGE)
+      end
+    end
+
+    ALGORITHM = 'HS256'
+
+    def self.load!(token)
+      raise MissingApplicationKey if Cased.config.guard_application_key.blank?
+
+      # JWT.decode will raise here if the token has expired or the application
+      # key does not match meaning it has been tampered with.
+      data, = JWT.decode(token, Cased.config.guard_application_key, true, algorithm: ALGORITHM)
+
+      new(
+        user: data.fetch('user'),
+        user_id: data.fetch('user_id'),
+        expires_at: data.fetch('exp'),
+        issuer: data.fetch('iss'),
+        issued_at: data.fetch('iat'),
+      )
+    end
+
+    def self.validate!(token)
+      load!(token)
+    end
+
+    attr_reader :user
+    attr_reader :user_id
+    attr_reader :issued_at
+    attr_reader :expires_at
+    attr_reader :issuer
+
+    def initialize(user:, user_id:, issued_at:, expires_at:, issuer:)
+      @user = user
+      @user_id = user_id
+      @issued_at = Time.at(issued_at)
+      @expires_at = Time.at(expires_at)
+      @issuer = issuer
+    end
+
+    def token
+      user_id
+    end
+
+    def to_s
+      user
+    end
+
+    def to_param
+      user_id
+    end
+  end
+end

data/app/views/cased/authorizations/create.html.erb

@@ -0,0 +1,10 @@
+<script>
+// We need to let the originating window know about the new logged in user.
+// Once the originating window is notified we can close this window.
+if (window.opener) {
+  window.opener.postMessage({
+    user: "<%= cased_authorization.user %>"
+  })
+  window.close()
+}
+</script>

data/app/views/cased/cli/sessions/_form.html.erb

@@ -0,0 +1,15 @@
+<div id="guard-session-container">
+  <% if guard_session.requested? %>
+    <%= render 'cased/cli/sessions/steps/requested', guard_session: guard_session %>
+  <% elsif guard_session.denied? %>
+    <%= render 'cased/cli/sessions/steps/denied', guard_session: guard_session %>
+  <% elsif guard_session.canceled? %>
+    <%= render 'cased/cli/sessions/steps/canceled', guard_session: guard_session %>
+  <% elsif guard_session.timed_out? %>
+    <%= render 'cased/cli/sessions/steps/timed_out', guard_session: guard_session %>
+  <% elsif guard_session.reason_required? %>
+    <%= render 'cased/cli/sessions/steps/reason_required', guard_session: guard_session %>
+  <% else %>
+    <%= render 'cased/cli/sessions/steps/create', guard_session: guard_session %>
+  <% end %>
+</div>

data/app/views/cased/cli/sessions/_guard_session.json.jbuilder

@@ -0,0 +1,27 @@
+json.id guard_session.id
+json.url guard_session.url
+json.api_url guard_session.api_url
+json.state guard_session.state
+json.command guard_session.command
+json.metadata guard_session.metadata
+json.reason guard_session.reason
+json.ip_address guard_session.ip_address
+json.requester do |requester|
+  requester.id guard_session.requester['id']
+  requester.email guard_session.requester['email']
+end
+
+json.responded_at guard_session.responded_at
+json.responder do |responder|
+  responder.id guard_session.responder['id']
+  responder.email guard_session.responder['email']
+end
+
+json.guard_application do |guard_application|
+  guard_application.id guard_session.guard_application['id']
+  guard_application.name guard_session.guard_application['name']
+  guard_application.settings do |settings|
+    settings.message_of_the_day guard_session.guard_application.dig('settings', 'message_of_the_day')
+    settings.reason_required guard_session.guard_application.dig('settings', 'reason_required')
+  end
+end

data/app/views/cased/cli/sessions/new.html.erb

@@ -0,0 +1,24 @@
+<div class="min-h-screen bg-gray-50 flex flex-col justify-center py-12 sm:px-6 lg:px-8">
+  <div class="sm:mx-auto sm:w-full sm:max-w-md">
+    <%= image_tag 'cased/logo.png', class: 'mx-auto h-12 w-auto' %>
+  </div>
+
+  <div class="mt-8 sm:mx-auto sm:w-full sm:max-w-md">
+    <div id="cased-logged-in" class="<%= 'hidden' unless cased_authorization? %>">
+      <div class="bg-white py-8 px-4 shadow sm:rounded-lg sm:px-10">
+        <%= render 'cased/cli/sessions/form', guard_session: current_guard_session %>
+      </div>
+      <div class="text-center py-4 flex justify-center space-x-2">
+        <div>
+          Logged in as <span id="cased-user"><%= cased_authorization %></span>.
+        </div>
+        <%= button_to 'Logout', cased.logout_path, form: { id: 'cased-logout' }, method: :delete, remote: true, class: 'p-0 border-none bg-transparent text-blue-500 shadow-none cursor-pointer' %>
+      </div>
+    </div>
+    <div id="cased-logged-out" class="<%= 'hidden' if cased_authorization? %>">
+      <div class="bg-white py-8 px-4 shadow sm:rounded-lg sm:px-10">
+        <%= link_to 'Sign in to Cased', "#{Cased.config.url}/login/connect/#{Cased.config.guard_application_key}?return_to=#{cased.authorizations_url}", id: 'cased-authenticate', class: 'w-full flex justify-center py-2 px-4 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-gray-600 hover:bg-gray-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-gray-500' %>
+      </div>
+    </div>
+  </div>
+</div>

data/app/views/cased/cli/sessions/steps/_canceled.html.erb

@@ -0,0 +1,17 @@
+<div class="sm:flex sm:items-start">
+  <div class="mx-auto flex-shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
+    <svg class="h-6 w-6 text-red-600" x-description="Heroicon name: outline/exclamation" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true">
+      <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+    </svg>
+  </div>
+  <div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left">
+    <h3 class="text-lg leading-6 font-medium text-gray-900" id="modal-headline">
+      Request Canceled
+    </h3>
+    <div class="mt-2">
+      <p class="text-sm text-gray-500">
+        You canceled the request.
+      </p>
+    </div>
+  </div>
+</div>

data/app/views/cased/cli/sessions/steps/_create.html.erb

@@ -0,0 +1,15 @@
+<%= form_with method: request.request_method_symbol, local: true, id: 'cased-create-session' do |form| %>
+  <%= guarded_parameters form %>
+
+  <div class="flex justify-center">
+    <div>
+      <svg class="animate-spin -ml-1 mr-3 h-6 w-6 text-gray" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+        <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+        <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+      </svg>
+    </div>
+    <div>
+      Loading…
+    </div>
+  </div>
+<% end %>

data/app/views/cased/cli/sessions/steps/_denied.html.erb

@@ -0,0 +1,17 @@
+<div class="sm:flex sm:items-start">
+  <div class="mx-auto flex-shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-red-100 sm:mx-0 sm:h-10 sm:w-10">
+    <svg class="h-6 w-6 text-red-600" x-description="Heroicon name: outline/exclamation" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true">
+      <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+    </svg>
+  </div>
+  <div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left">
+    <h3 class="text-lg leading-6 font-medium text-gray-900" id="modal-headline">
+      Request Denied
+    </h3>
+    <div class="mt-2">
+      <p class="text-sm text-gray-500">
+        <strong><%= guard_session.responder['email'] %></strong> denied your request.
+      </p>
+    </div>
+  </div>
+</div>

data/app/views/cased/cli/sessions/steps/_reason_required.html.erb

@@ -0,0 +1,16 @@
+<%= form_with method: request.request_method_symbol, class: 'space-y-6', local: true, id: 'guard-reason-required-form' do |form| %>
+  <%= guarded_parameters form %>
+
+  <div>
+    <%= form.label 'guard_session[reason]', 'Reason', class: 'block text-sm font-medium text-gray-700' %>
+    <div class="mt-1">
+      <%= form.text_field 'guard_session[reason]', required: true, autocomplete: 'off', placeholder: 'Provide a reason', class: 'appearance-none block w-full px-3 py-2 border border-gray-300 rounded-md shadow-sm placeholder-gray-400 focus:outline-none focus:ring-indigo-500 focus:border-indigo-500 sm:text-sm' %>
+    </div>
+  </div>
+
+  <div>
+    <button type="submit" class="w-full flex justify-center py-2 px-4 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-gray-600 hover:bg-gray-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-gray-500">
+      Submit
+    </button>
+  </div>
+<% end %>

data/app/views/cased/cli/sessions/steps/_requested.html.erb

@@ -0,0 +1,49 @@
+<%= form_with method: request.request_method_symbol, local: true, id: 'guard-session-form' do |form| %>
+  <%= guarded_parameters form %>
+
+  <div class="flex justify-center">
+    <div>
+      <svg class="animate-spin -ml-1 mr-3 h-6 w-6 text-gray" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+        <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+        <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+      </svg>
+    </div>
+    <div>
+      Waiting for approval…
+    </div>
+  </div>
+  <%= form.hidden_field 'guard_session[id]', value: guard_session.id %>
+  <%= form.hidden_field 'guard_session[referer]', value: request.referer %>
+<% end %>
+
+<script>
+  const checkState = () => {
+    fetch("<%= cased.guard_session_url(guard_session, format: :json) %>")
+      .then((response) => response.json())
+      .then((json) => {
+        switch (json.state) {
+          case 'approved':
+            document.getElementById('guard-session-form').submit()
+            break;
+
+          case 'requested':
+            setTimeout(checkState, 1000)
+            break;
+
+          default:
+            refresh()
+            break;
+        }
+      })
+  }
+
+  const refresh = () => {
+    fetch("<%= cased.guard_session_url(guard_session) %>")
+      .then((response) => response.text())
+      .then((html) => {
+        document.getElementById('guard-session-container').innerHTML = html
+      })
+  }
+
+  checkState()
+</script>

data/app/views/cased/cli/sessions/steps/_timed_out.html.erb

@@ -0,0 +1,17 @@
+<div class="sm:flex sm:items-start">
+  <div class="mx-auto flex-shrink-0 flex items-center justify-center h-12 w-12 rounded-full bg-yellow-100 sm:mx-0 sm:h-10 sm:w-10">
+    <svg class="h-6 w-6 text-yellow-600" x-description="Heroicon name: outline/exclamation" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" aria-hidden="true">
+      <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
+    </svg>
+  </div>
+  <div class="mt-3 text-center sm:mt-0 sm:ml-4 sm:text-left">
+    <h3 class="text-lg leading-6 font-medium text-gray-900" id="modal-headline">
+      Request Timed Out
+    </h3>
+    <div class="mt-2">
+      <p class="text-sm text-gray-500">
+        Your request timed out.
+      </p>
+    </div>
+  </div>
+</div>

data/app/views/layouts/cased/cli.html.erb

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Cased</title>
+    <%= csp_meta_tag %>
+    <%= favicon_link_tag 'cased/favicon.ico' %>
+    <%= javascript_include_tag 'cased/index' %>
+    <link href="https://unpkg.com/tailwindcss@^2/dist/tailwind.min.css" rel="stylesheet">
+  </head>
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/config/initializers/inflections.rb

@@ -0,0 +1,3 @@
+ActiveSupport::Inflector.inflections(:en) do |inflect|
+  inflect.acronym 'CLI'
+end

data/config/routes.rb

@@ -0,0 +1,6 @@
+Cased::Rails::Engine.routes.draw do
+  get '/authorizations/callback' => 'cased/authorizations#create', as: :authorizations
+  delete '/logout' => 'cased/authorizations#destroy', as: :logout
+  get '/cli/sessions/:guard_session_id' => 'cased/cli/sessions#show', as: :guard_session
+  post '/cli/sessions/:guard_session_id/cancel' => 'cased/cli/sessions#cancel', as: :cancel_guard_session
+end

data/lib/cased/controller_helpers.rb

@@ -6,10 +6,107 @@ module Cased
 
     included do
       before_action :cased_setup_request_context
+      if respond_to?(:helper_method)
+        helper_method :current_guard_session
+        helper_method :cased_authorization
+        helper_method :cased_authorization?
+      end
     end
 
     private
 
+    def guard_required?
+      true
+    end
+
+    def cased_authorization
+      @cased_authorization ||= begin
+        if cookies[:cased_authorization]
+          Cased::Authorization.load!(cookies[:cased_authorization])
+        end
+      rescue JWT::ExpiredSignature
+        cookies.delete(:cased_authorization)
+        nil
+      end
+    end
+
+    def cased_authorization?
+      cased_authorization.present?
+    end
+
+    def cased_authorization=(token)
+      if token.nil?
+        cookies.delete(:cased_authorization)
+      else
+        Cased::Authorization.validate!(token)
+
+        cookies[:cased_authorization] = token
+      end
+    end
+
+    def current_guard_session
+      @current_guard_session ||= Cased::CLI::Session.new(
+        reason: params.dig(:guard_session, :reason),
+        metadata: guard_session_metadata,
+        authentication: cased_authorization,
+      )
+    end
+
+    def guard_session_approved?
+      guard_session_id = params.dig(:guard_session, :id)
+      return false unless guard_session_id.present?
+
+      session = Cased::CLI::Session.find(guard_session_id)
+      session.approved?
+    end
+
+    def guard
+      # TODO: Cancel previous session if not used
+      return true unless guard_required?
+
+      if guard_session_approved?
+        Cased.context.merge(guard_session: current_guard_session)
+        return true
+      end
+
+      if cased_authorization? && current_guard_session.create && current_guard_session.approved?
+        Cased.context.merge(guard_session: current_guard_session)
+        return true
+      end
+
+      render_guard
+    end
+
+    def guard_fallback_location
+      if respond_to?(:root_path)
+        root_path
+      else
+        '/'
+      end
+    end
+
+    def render_guard
+      respond_to do |format|
+        format.html do
+          render template: 'cased/cli/sessions/new', layout: 'cased/cli'
+        end
+
+        format.json do
+          render json: { error: true }
+        end
+      end
+    end
+
+    def guard_session_metadata
+      {
+        location: request.remote_ip,
+        request_http_method: request.method,
+        request_user_agent: request.headers['User-Agent'],
+        request_url: request.original_url,
+        request_id: request.request_id,
+      }
+    end
+
     def cased_setup_request_context
       Cased.context.merge(cased_initial_request_context)
     end

data/lib/cased/rails.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'cased-ruby'
+require 'cased/rails/config'
 require 'cased/rails/railtie'
 require 'cased/rails/engine'
 require 'cased/model/automatic'

data/lib/cased/rails/config.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Cased
+  module Rails
+    module Config
+      def unfiltered_parameters=(new_unfiltered_parameters)
+        @unfiltered_parameters = Array.wrap(new_unfiltered_parameters)
+      end
+
+      def unfiltered_parameters
+        @unfiltered_parameters ||= [
+          # Database record ID's
+          'id',
+          # Controller actions
+          'action',
+          # Controller names
+          'controller',
+        ].freeze
+      end
+
+      def filter_parameters=(new_filter_parameters)
+        @filter_parameters = new_filter_parameters
+      end
+
+      def filter_parameters?
+        return @filter_parameters if defined?(@filter_parameters)
+
+        @filter_parameters = if ENV['CASED_FILTER_PARAMETERS']
+          parse_bool(ENV['CASED_FILTER_PARAMETERS'])
+        else
+          ::Rails.env.staging? || ::Rails.env.production?
+        end
+      end
+    end
+  end
+end
+
+Cased::Config.prepend(Cased::Rails::Config)

data/lib/cased/rails/railtie.rb

@@ -5,6 +5,19 @@ require 'rails/railtie'
 module Cased
   module Rails
     class Railtie < ::Rails::Railtie
+      initializer 'cased.parameter_filter' do |app|
+        app.config.filter_parameters << proc do |key, value, _original_params|
+          next unless Cased.config.filter_parameters?
+          next if Cased.config.unfiltered_parameters.include?(key) || !value.respond_to?(:replace)
+
+          value.replace(ActiveSupport::ParameterFilter::FILTERED)
+        end
+      end
+
+      initializer 'cased.assets.precompile' do |app|
+        app.config.assets.precompile << 'cased/manifest.js'
+      end
+
       initializer 'cased.include_controller_helpers' do
         ActiveSupport.on_load(:action_controller) do
           require 'cased/controller_helpers'
@@ -43,6 +56,23 @@ module Cased
       # :nocov:
       console do
         Cased.console
+
+        # We only want to start an interactive session if Cased CLI is
+        # configured.
+        next if Cased.config.guard_application_key.blank?
+
+        session = Cased::CLI::InteractiveSession.start(command: "#{Dir.pwd}/bin/rails console")
+        Cased.context.merge(guard_session: session)
+        # If the session does not need its output recorded, we can bypass any
+        # forced exits.
+        next unless session.record_output?
+
+        # If we reach this line inside of the recorded session we don't want to
+        # exit but instead proceed to the `rails console` as usual.
+        #
+        # We don't want to enter the parent `rails console` so we exit right
+        # away as we know the child `rails console` completed successfully.
+        exit unless Cased::CLI::Session.current&.approved?
       end
     end
   end

data/lib/cased/rails/version.rb

@@ -2,6 +2,6 @@
 
 module Cased
   module Rails
-    VERSION = '0.3.0'
+    VERSION = '0.4.3'
   end
 end

data/lib/tasks/cased.rake

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+desc 'Enforce your Cased CLI controls before the Rake task is executed'
+task :guard do
+  next if Cased.config.guard_application_key.blank?
+
+  session = Cased::CLI::InteractiveSession.start
+  next unless session.record_output?
+
+  exit unless Cased::CLI::Session.current&.approved?
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cased-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.3
 platform: ruby
 authors:
 - Garrett Bjerkhoel
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-11 00:00:00.000000000 Z
+date: 2021-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cased-ruby
@@ -16,28 +16,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.4.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: 0.4.3
+- !ruby/object:Gem::Dependency
+  name: jbuilder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.2
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.2
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -103,14 +117,37 @@ extra_rdoc_files: []
 files:
 - README.md
 - Rakefile
+- app/assets/config/cased/manifest.js
+- app/assets/images/cased/favicon.ico
+- app/assets/images/cased/logo.png
+- app/assets/javascripts/cased/index.js
+- app/controllers/cased/authorizations_controller.rb
+- app/controllers/cased/cli/sessions_controller.rb
+- app/helpers/cased_helper.rb
+- app/models/cased/authorization.rb
+- app/views/cased/authorizations/create.html.erb
+- app/views/cased/cli/sessions/_form.html.erb
+- app/views/cased/cli/sessions/_guard_session.json.jbuilder
+- app/views/cased/cli/sessions/new.html.erb
+- app/views/cased/cli/sessions/steps/_canceled.html.erb
+- app/views/cased/cli/sessions/steps/_create.html.erb
+- app/views/cased/cli/sessions/steps/_denied.html.erb
+- app/views/cased/cli/sessions/steps/_reason_required.html.erb
+- app/views/cased/cli/sessions/steps/_requested.html.erb
+- app/views/cased/cli/sessions/steps/_timed_out.html.erb
+- app/views/layouts/cased/cli.html.erb
+- config/initializers/inflections.rb
+- config/routes.rb
 - lib/cased/controller_helpers.rb
 - lib/cased/model/automatic.rb
 - lib/cased/rails.rb
 - lib/cased/rails/active_job.rb
+- lib/cased/rails/config.rb
 - lib/cased/rails/engine.rb
 - lib/cased/rails/model.rb
 - lib/cased/rails/railtie.rb
 - lib/cased/rails/version.rb
+- lib/tasks/cased.rake
 homepage: https://github.com/cased/cased-rails
 licenses:
 - MIT