clickfunnels_auth 0.1.1 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2c7d40b4437b17d3e713cb64d26871233bc05331
-  data.tar.gz: e46057daa4cbc4df9fa92bc31f2ba2acf94a2057
+  metadata.gz: 81a0905a61b72e0495c63c333198902966d4516d
+  data.tar.gz: 41058a5b3a2f4730154f8a248d395a0542b4bd1d
 SHA512:
-  metadata.gz: ed2561f4268f9b15c6f6cd889a55f91277ce6ec7ff57983c4476c0ea4f3ad74d4a9054e87f58582b6c9ae44f8a35412a593bcf9d1dbacf7bd0b1c1ec48533b03
-  data.tar.gz: e44c4309e439c4050cb5f6e94172bb3b4b395c3838907524e2e598afe58a5dd72df5bfb06fb611ff507e6eb54cc460ae22b5cb612c49111c982dda5830993044
+  metadata.gz: 708d811d908a4817e64c10678bc0b8286e2b098fb2a3438e279b5f3f6082167230bf94390c1e8dcbe012e2ffe97da0f021988b53ba15948ca592f3f99672761f
+  data.tar.gz: 40127c474e94845ec8e22ea041ba2c6f34c8efb55592d4944643c1f4fe03eb18a086ac2eebd7452a729afc2dc083e0ebea8c8c3d790729c3e960b4577dfcbeef

data/README.md

@@ -1,12 +1,11 @@
 # ClickfunnelsAuth
 
 A Rails engine that makes it easy to delegate authentication for a Rails site to
-[Clickfunnels](https://github.com/clickfunnels/clickfunnelsr).
-See the [Clickfunnels Donations](https://github.com/clickfunnels_donations)
-project for an example of using this gem.
+[Clickfunnels Login](https://github.com/etison/clickfunnels-login).
+See the [test app](https://github.com/etison/clickfunnels-login-test)
+for an example of using this gem.
 
-This is based on the SoAuth projects. See [http://www.octolabs.com/so-auth](http://www.octolabs.com/so-auth)
-for more details.
+This is based on the SoAuth projects. See [http://www.octolabs.com/so-auth](http://www.octolabs.com/so-auth) for more details.
 
 Usage
 ==============
@@ -75,21 +74,33 @@ Then be sure to run migrations.
 rake db:migrate; rake db:test:prepare
 ```
 
-## Update `ApplicationController`
+## Modify your `User` model
 
-Change your `ApplicationController` to inherit from
-`ClickfunnelsAuth::ApplicationController`. The first line should look like this.
+Add this line:
 
-```ruby
-class ApplicationController < ClickfunnelsAuth::ApplicationController
+```
+include ClickfunnelsAuth::UserHelper
+```
+
+## Generate migrations from this addon
+
+```
+rails clickfunnels_auth_engine:install:migrations
+```
+
+Then run migrations.
+
+```bash
+rake db:migrate; rake db:test:prepare
 ```
 
 ## Protect some stuff in a controller
 
-Use a `before_filter` to protect some controller actions.
+Include the helper and then use a `before_action` to protect some controller actions.
 
 ```ruby
-before_filter :login_required
+include ClickfunnelsAuth::ControllerHelper
+before_action :login_required
 ```
 
 ## OPTIONAL : Change the default port of your new project
@@ -127,3 +138,34 @@ unicorn -p 3001 -c ./config/unicorn.rb
 or whatever.
 
 This project rocks and uses MIT-LICENSE.
+
+
+## Publishing
+We publish this gem on rubygems as it does not have anything private in it.
+
+In general the steps in this RubyGems guild are quite good. https://guides.rubygems.org/publishing/
+
+They are summarized in the following.
+
+### Credentials
+You'll need a to get your email added as an owner to the `clickfunnels_auth` gem
+on rubygems.  Post a note to `product-ops` and somebody will be able to help.
+
+### Building the gem
+Increment the gem version at `lib/rucksack-api/version.rb`, and then run `rake build`, which will create the package under `pkg`
+
+### Pushing the gem to rubygem
+Run the following (with your new version) to push to github:
+
+```
+gem push pkg/clickfunnels_auth-0.1.2.gem
+```
+
+You should see something like:
+```
+Pushing gem to https://rubygems.org...
+Successfully registered gem: clickfunnels_auth (0.1.2)
+```
+
+###  Tag the new version
+Tagging is very simple. Just run git tag -a 0.1.2 -m "Version 0.1.2" and then git push --tags to push them up to GitHub.

data/app/controllers/clickfunnels_auth/application_controller.rb

@@ -1,65 +1,7 @@
 module ClickfunnelsAuth
   class ApplicationController < ActionController::Base
 
-    protect_from_forgery
-
-    #before_filter :check_cookie
-    #def check_cookie
-      #if !cookie_valid?
-        #session[:user_id] = nil
-      #end
-    #end
-
-    def cookie_valid?
-      cookies[:clickfunnels_auth].present? && session[:user_id].present? && cookies[:clickfunnels_auth].to_s == session[:user_id].to_s
-    end
-
-    def login_required
-      if !current_user
-        not_authorized
-      end
-    end
-
-    def not_authorized
-      respond_to do |format|
-        format.html{ auth_redirect }
-        format.json{ head :unauthorized }
-      end
-    end
-
-    def auth_redirect
-      observable_redirect_to "/auth/clickfunnels?origin=#{request.protocol}#{request.host_with_port}#{request.fullpath}"
-    end
-
-    def current_user
-      return nil unless session[:user_id]
-      @current_user ||= User.find_by_id(session[:user_id])
-    end
-
-    def signed_in?
-      current_user.present?
-    end
-
-    helper_method :signed_in?
-    helper_method :current_user
-
-
-
-
-    private
-
-    # These two methods help with testing
-    def integration_test?
-      Rails.env.test? && defined?(Cucumber::Rails)
-    end
-
-    def observable_redirect_to(url)
-      if integration_test?
-        render :text => "If this wasn't an integration test, you'd be redirected to: #{url}"
-      else
-        redirect_to url
-      end
-    end
+    include ClickfunnelsAuth::ControllerHelper
 
   end
 end

data/app/controllers/clickfunnels_auth/user_sessions_controller.rb

@@ -1,9 +1,13 @@
 class ClickfunnelsAuth::UserSessionsController < ClickfunnelsAuth::ApplicationController
-  before_filter :login_required, :only => [ :destroy ]
+  before_action :login_required, :only => [ :destroy ]
 
   # omniauth callback method
   def create
-    omniauth = env['omniauth.auth']
+    omniauth = request.env['omniauth.auth']
+    puts "omniauth ============================================================="
+    pp omniauth
+    puts "======================================================================"
+    puts "expires_at = #{omniauth['credentials']['expires_at']}"
 
     user = User.find_by_id(omniauth['uid'])
     if not user
@@ -15,9 +19,23 @@ class ClickfunnelsAuth::UserSessionsController < ClickfunnelsAuth::ApplicationCo
     user.email = omniauth['info']['name']  if user.respond_to?(:name)
     user.save
 
+    user.access_tokens.destroy_all
+
+    user.access_tokens.create!({
+      token: omniauth['credentials']['token'],
+      refresh_token: omniauth['credentials']['refresh_token'],
+      expires_at: omniauth['credentials']['expires_at'] ? Time.at(omniauth['credentials']['expires_at']) : omniauth['credentials']['expires_at']
+    })
+
     session[:user_id] = user.id
+
+    if block_given?
+      yield omniauth
+    end
+
     flash[:notice] = "Successfully logged in"
-    redirect_to request.env['omniauth.origin'] || root_path
+    #redirect_to request.env['omniauth.origin'] || root_path
+    redirect_to session['origin'] || root_path
   end
 
   # Omniauth failure callback

data/app/controllers/fake_auth/users_controller.rb

@@ -0,0 +1,28 @@
+module FakeAuth
+  class UsersController < ApplicationController
+    def index
+      session[:user_id] = nil
+      @users = User.all.limit(20)
+    end
+
+    def become
+      @user = User.find params[:user_id]
+
+      @user.access_tokens.destroy_all
+
+      @user.access_tokens.create!({
+        token: 'a-fake-auth-token',
+        refresh_token: 'a-fake-auth-refresh-token',
+        expires_at: Time.now + 1.year
+      })
+
+      session[:user_id] = @user.id
+
+      redirect_to root_path
+    end
+
+    def unbecome
+      redirect_to '/fake_auth'
+    end
+  end
+end

data/app/models/clickfunnels_auth/access_token.rb

@@ -0,0 +1,50 @@
+module ClickfunnelsAuth
+  class AccessToken < ActiveRecord::Base
+    self.table_name = "clickfunnels_auth_access_tokens"
+
+    belongs_to :user
+
+    def refresh!
+      new_token = oauth_token.refresh!
+      self.save_token_data(new_token)
+    end
+
+    def save_token_data(token)
+      self.update_attributes({
+        token: token.token,
+        refresh_token: token.refresh_token,
+        expires_at: Time.at(token.expires_at)
+      })
+    end
+
+    def validate_token!
+      user_data = oauth_token.get(ENV['AUTH_PROVIDER_ME_URL']).parsed
+      user_id = user_data['id']
+      puts "we got a user_id = #{user_id}"
+    rescue OAuth2::Error => e
+      puts "caught an error #{e}"
+      puts e.as_json
+      self.destroy
+    end
+
+    def expired?
+      oauth_token.expired?
+    end
+
+    protected
+
+    def oauth_token
+      OAuth2::AccessToken.from_hash(oauth_client, {
+        :token_type=>"bearer",
+        :access_token=>self.token,
+        :refresh_token=>self.refresh_token,
+        :expires_at=>self.expires_at
+      })
+    end
+
+    def oauth_client
+      # TODO : Is there some way we can retrieve this already configured, instead of creating a new one?
+      @oauth_client ||= OAuth2::Client.new(ENV['AUTH_PROVIDER_APPLICATION_ID'], ENV['AUTH_PROVIDER_SECRET'], {site: ENV['AUTH_PROVIDER_URL']})
+    end
+  end
+end

data/app/views/fake_auth/users/index.html.erb

@@ -0,0 +1,8 @@
+<h1>Fake Auth</h1>
+
+<% @users.each do |user| %>
+  <%= form_tag(fake_auth_become_user_path(user.id), method: "post") do %>
+    <%= hidden_field_tag(:user_id, user.id) %>
+    <%= submit_tag("Become #{user.email} (Id: #{user.id})") %>
+  <% end %>
+<% end %>

data/config/routes.rb

@@ -1,8 +1,18 @@
 Rails.application.routes.draw do
+
+  # This needs to come before the other logout link so that our fake_auth one
+  # will take precedence if that setting is activated.
+  if ENV['ENABLE_FAKE_AUTH'] == 'true'
+    get 'fake_auth' => 'fake_auth/users#index'
+    post 'fake_auth/:user_id/become' => 'fake_auth/users#become', :as => :fake_auth_become_user
+    post '/logout', :to => 'fake_auth/users#unbecome'
+  end
+
   # omniauth
   get '/auth/:provider/callback', :to => 'clickfunnels_auth/user_sessions#create'
   get '/auth/failure', :to => 'clickfunnels_auth/user_sessions#failure'
 
   # Custom logout
   post '/logout', :to => 'clickfunnels_auth/user_sessions#destroy'
+
 end

data/db/migrate/20180815183533_create_access_tokens.rb

@@ -0,0 +1,13 @@
+class CreateAccessTokens < ActiveRecord::Migration
+  def change
+    create_table :clickfunnels_auth_access_tokens do |t|
+      t.string :token
+      t.string :refresh_token
+      t.timestamp :expires_at
+      t.bigint :user_id
+
+      t.timestamps
+    end
+    add_index :access_tokens, :user_id
+  end
+end

data/lib/clickfunnels_auth.rb

@@ -1,4 +1,6 @@
 require "clickfunnels_auth/engine"
+require "clickfunnels_auth/controller_helper"
+require "clickfunnels_auth/user_helper"
 require 'omniauth-oauth2'
 require 'omniauth/strategies/clickfunnels'
 

data/lib/clickfunnels_auth/controller_helper.rb

@@ -0,0 +1,109 @@
+module ClickfunnelsAuth
+  module ControllerHelper
+
+    extend ActiveSupport::Concern
+
+    included do
+      protect_from_forgery
+      # TODO : We need to have the mothership set the clickfunnels_login_user cookie
+      #before_action :check_cookie
+      helper_method :signed_in?
+      helper_method :current_user
+    end
+
+    def check_cookie
+      if !cookie_valid?
+        session[:user_id] = nil
+      end
+    end
+
+    def cookie_valid?
+      cookies[:clickfunnels_login_user].present? && session[:user_id].present? && cookies[:clickfunnels_login_user].to_s == session[:user_id].to_s
+    end
+
+    def login_required
+      if !current_user
+        not_authorized
+      end
+    end
+
+    def not_authorized
+      respond_to do |format|
+        format.html{ auth_redirect }
+        format.json{ head :unauthorized }
+      end
+    end
+
+    def is_token_older_than_current_login?(token)
+      return false
+      # TODO : We need to get the mothership setting this and the clickfunnels_login_user cookie
+      if !cookies[:clickfunnels_login_timestamp].present?
+        return true
+      end
+      return token.updated_at < Time.at(cookies[:clickfunnels_login_timestamp].to_i)
+    end
+
+    def auth_redirect
+      origin = "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
+      # Currently Doorkeeper has a bug when the redirct contains query params, so for now
+      # we'll put the origin in the session instead of the redirect url.
+      #observable_redirect_to "/auth/clickfunnels?origin=#{CGI.escape(origin)}"
+      session['origin'] = origin
+      if ENV['ENABLE_FAKE_AUTH'] == 'true'
+        observable_redirect_to "/fake_auth"
+      else
+        observable_redirect_to "/auth/clickfunnels"
+      end
+    end
+
+    def current_user
+      return nil unless session[:user_id]
+      @current_user ||= User.find_by_id(session[:user_id])
+      token = @current_user.access_tokens.first
+      puts "token = #{token}"
+      puts "token.expired? = #{token.try :expired?}"
+      if token.blank?
+        puts "*******************************************************"
+        puts "we had a user, but they did not have a token!"
+        puts "*******************************************************"
+        session[:user_id] = nil
+        return nil
+      elsif token.expired? || is_token_older_than_current_login?(token)
+        begin
+          puts "*******************************************************"
+          puts "aobut to refresh the token!"
+          puts "token.expired? : #{token.expired?}"
+          puts "is_token_older_than_current_login?(token) : #{is_token_older_than_current_login?(token)}"
+          puts "*******************************************************"
+          token.refresh!
+        rescue OAuth2::Error => e
+          puts "caught error #{e}"
+          token.destroy!
+          session[:user_id] = nil
+          return nil
+        end
+      end
+      return @current_user
+    end
+
+    def signed_in?
+      current_user.present?
+    end
+
+    private
+
+    # These two methods help with testing
+    def integration_test?
+      Rails.env.test? && defined?(Cucumber::Rails)
+    end
+
+    def observable_redirect_to(url)
+      if integration_test?
+        render :text => "If this wasn't an integration test, you'd be redirected to: #{url}"
+      else
+        redirect_to url
+      end
+    end
+
+  end
+end

data/lib/clickfunnels_auth/user_helper.rb

@@ -0,0 +1,11 @@
+module ClickfunnelsAuth
+  module UserHelper
+
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :access_tokens, class_name: 'ClickfunnelsAuth::AccessToken'
+    end
+
+  end
+end

data/lib/clickfunnels_auth/version.rb

@@ -1,3 +1,3 @@
 module ClickfunnelsAuth
-  VERSION = "0.1.1"
+  VERSION = "0.1.3"
 end

data/lib/omniauth/strategies/clickfunnels.rb

@@ -4,7 +4,7 @@ module OmniAuth
     class Clickfunnels < OmniAuth::Strategies::OAuth2
 
       CUSTOM_PROVIDER_URL = ENV['AUTH_PROVIDER_URL'] || "http://custom-provider-goes-here"
-      CUSTOM_PROVIDER_ME_URL = ENV['AUTH_PROVIDER_ME_URL'] || "/oauth/me.json"
+      CUSTOM_PROVIDER_ME_URL = ENV['AUTH_PROVIDER_ME_URL'] || "/api/attributes/me.json"
 
       option :client_options, {
         :site =>  CUSTOM_PROVIDER_URL,
@@ -13,13 +13,16 @@ module OmniAuth
       }
 
       uid {
-        raw_info['id'] 
+        raw_info['id']
       }
 
       info do
         {
           :email => raw_info['email'],
-          :admin => raw_info['admin']
+          :admin => raw_info['admin'],
+          :member_level => raw_info['funnelflix_member_level'],
+          :internal_affiliate_id => raw_info['internal_affiliate_id'],
+          :accounts => raw_info['accounts']
         }
       end
 
@@ -35,6 +38,13 @@ module OmniAuth
       def raw_info
         @raw_info ||= access_token.get(CUSTOM_PROVIDER_ME_URL).parsed
       end
+
+      # Omniauth-oauth2 > 1.3 breaks the callback url with extra parameter options
+      # https://github.com/omniauth/omniauth-oauth2/issues/81
+      # and  also https://github.com/omniauth/omniauth-oauth2/commit/26152673224aca5c3e918bcc83075dbb0659717f#commitcomment-13935631
+      def callback_url
+        full_host + script_name + callback_path
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: clickfunnels_auth
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.3
 platform: ruby
 authors:
 - Jeremy Green
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-08 00:00:00.000000000 Z
+date: 2021-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -28,28 +28,28 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.1
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.4.0
 - !ruby/object:Gem::Dependency
@@ -120,10 +120,16 @@ files:
 - Rakefile
 - app/controllers/clickfunnels_auth/application_controller.rb
 - app/controllers/clickfunnels_auth/user_sessions_controller.rb
+- app/controllers/fake_auth/users_controller.rb
+- app/models/clickfunnels_auth/access_token.rb
+- app/views/fake_auth/users/index.html.erb
 - config/cucumber.yml
 - config/routes.rb
+- db/migrate/20180815183533_create_access_tokens.rb
 - lib/clickfunnels_auth.rb
+- lib/clickfunnels_auth/controller_helper.rb
 - lib/clickfunnels_auth/engine.rb
+- lib/clickfunnels_auth/user_helper.rb
 - lib/clickfunnels_auth/version.rb
 - lib/generators/clickfunnels_auth/install/USAGE
 - lib/generators/clickfunnels_auth/install/install_generator.rb
@@ -150,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: A gem that allows a Rails app to be an OAuth client of Clickfunnels.