command_tower 0.3.0

data/lib/command_tower/configuration/application/config.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require "class_composer"
+
+module CommandTower
+  module Configuration
+    module Application
+      class Config
+        include ClassComposer::Generator
+
+        add_composer :app_name,
+          allowed: String,
+          dynamic_default:  ->(_) { CommandTower.default_app_name },
+          desc: "The default name of the application",
+          default_shown: "# Auto Populates to the name of the application"
+
+        add_composer :communication_name,
+          allowed: String,
+          dynamic_default: :app_name,
+          desc: "The name of the application to use in communications like SMS or Email"
+
+        add_composer :url,
+          allowed: String,
+          default: ENV.fetch("command_tower_URL", "http://localhost"),
+          desc: "When composing SSO's or verification URL's, this is the URL for the application"
+
+        add_composer :port,
+          allowed: [String, NilClass],
+          default: ENV.fetch("command_tower_PORT", nil),
+          desc: "When composing SSO's or verification URL's, this is the PORT for the application"
+
+        add_composer :composed_url,
+          allowed: String,
+          dynamic_default: ->(instance) { "#{instance.url}#{ ":#{instance.port}" if instance.port }" },
+          desc: "The fully composed URL including the port number when needed. This Config variable is not needed as it is composed of the `url` and `port` composed values",
+          default_shown: "# Composed String of the URL and PORT. Override this with caution"
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/authorization/config.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "class_composer"
+
+module CommandTower
+  module Configuration
+    module Authorization
+      class Config
+        include ClassComposer::Generator
+
+        add_composer :rbac_default_groups,
+          desc: "The default Group Roles defined by this engine.",
+          allowed: [TrueClass, FalseClass],
+          default: true
+
+        add_composer :rbac_group_path,
+          desc: "If defined, this config points to the users YAML file defining RBAC group roles.",
+          allowed: String,
+          dynamic_default: ->(_) { Rails.root.join("config","rbac_groups.yml").to_s },
+          default_shown: "Rails.root.join(\"config\",\"rbac_groups.yml\")"
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/base.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require "class_composer"
+require "pry"
+
+module CommandTower
+  module Configuration
+    class Base
+    end
+  end
+end

data/lib/command_tower/configuration/config.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require "singleton"
+require "class_composer"
+require "command_tower/configuration/base"
+require "command_tower/configuration/email/config"
+require "command_tower/configuration/jwt/config"
+require "command_tower/configuration/login/config"
+require "command_tower/configuration/otp/config"
+require "command_tower/configuration/username/config"
+require "command_tower/configuration/application/config"
+require "command_tower/configuration/admin/config"
+require "command_tower/configuration/authorization/config"
+require "command_tower/configuration/user/config"
+
+module CommandTower
+  module Configuration
+    class Config < ::CommandTower::Configuration::Base
+      include ClassComposer::Generator
+
+      add_composer :delete_secret_after_invalid,
+        desc: "Remove Secret after it is found as invalid",
+        allowed: [TrueClass, FalseClass],
+        default: true
+
+      add_composer :jwt,
+        desc: "JWT is the basis for Authorization and Authentication for this Engine. HMAC is the only support algorithm",
+        allowed: Configuration::Jwt::Config,
+        default: Configuration::Jwt::Config.new
+
+      add_composer :login,
+        desc: "Definition of Login Strategies.",
+        allowed: Configuration::Login::Config,
+        default: Configuration::Login::Config.new
+
+      add_composer :email,
+        desc: "Email configuration for the app sending Native Rails emails via ActiveMailer. Config changed here will update the Rails Configuration as well",
+        allowed: Configuration::Email::Config,
+        default: Configuration::Email::Config.new
+
+      add_composer :username,
+        desc: "Username configuration for the app",
+        allowed: Configuration::Username::Config,
+        default: Configuration::Username::Config.new
+
+      add_composer :application,
+        desc: "General configurations for the application. Primarily include application specific names, URL's, etc",
+        allowed: Configuration::Application::Config,
+        default: Configuration::Application::Config.new
+
+      # allow shorthand to be used
+      alias_method :app, :application
+
+      add_composer :authorization,
+        desc: "Authorization via rbac configurations",
+        allowed: Configuration::Authorization::Config,
+        default: Configuration::Authorization::Config.new
+
+      add_composer :user,
+        desc: "User configuration for the app. Includes what to display and what attributes can be changed",
+        allowed: Configuration::User::Config,
+        default: Configuration::User::Config.new
+
+      add_composer :admin,
+        desc: "Admin configuration for the app",
+        allowed: Configuration::Admin::Config,
+        default: Configuration::Admin::Config.new
+
+      # To be Deleted
+      add_composer :otp,
+        desc: "One Time Password generation is used for ease in quickly validating a users actions. This is good for short term validation requirements as opposed to UserSecrets",
+        allowed: Configuration::Otp::Config,
+        default: Configuration::Otp::Config.new
+    end
+  end
+end
+

data/lib/command_tower/configuration/email/config.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module CommandTower
+  module Configuration
+    module Email
+      class Config < ::CommandTower::Configuration::Base
+        include ClassComposer::Generator
+
+        ASSIGNMENT = Proc.new do |key, value|
+          hash = Rails.configuration.action_mailer.smtp_settings ||= {}
+          Rails.configuration.action_mailer.smtp_settings = hash.merge({key => value})
+        end
+
+        ACTION_MAILER = Proc.new do |key, value|
+          Rails.configuration.action_mailer.public_send(:"#{key}=", value)
+        end
+
+        add_composer :user_name,
+          desc: "User Name for email. Defaults to ENV['GMAIL_USER_NAME']",
+          allowed: String,
+          default: ENV.fetch("GMAIL_USER_NAME", ""),
+          default_shown: "ENV[\"GMAIL_USER_NAME\"]",
+          &ASSIGNMENT
+
+        add_composer :password,
+          desc: "Password for email. Defaults to ENV['GMAIL_PASSWORD']. For more info on how to get this for GMAIL...https://support.google.com/accounts/answer/185833",
+          allowed: String,
+          default: ENV.fetch("GMAIL_PASSWORD", ""),
+          default_shown: "ENV[\"GMAIL_PASSWORD\"]",
+          &ASSIGNMENT
+
+        add_composer :port,
+          allowed: Integer,
+          default: 587,
+          &ASSIGNMENT
+
+        add_composer :address,
+          desc: "SMTP address for email. Defaults to smtp.gmail.com",
+          allowed: String,
+          default: "smtp.gmail.com",
+          &ASSIGNMENT
+
+        add_composer :authentication,
+          desc: "Authentication type for email",
+          allowed: String,
+          default: "plain",
+          &ASSIGNMENT
+
+        add_composer :enable_starttls_auto,
+          allowed: [TrueClass, FalseClass],
+          default: true,
+          &ASSIGNMENT
+
+        add_composer :delivery_method,
+          allowed: Symbol,
+          default: Rails.env.test? ? :test : :smtp,
+          &ACTION_MAILER
+
+        add_composer :perform_deliveries,
+          allowed: [TrueClass, FalseClass],
+          default: true,
+          &ACTION_MAILER
+
+        add_composer :raise_delivery_errors,
+          allowed: [TrueClass, FalseClass],
+          default: true,
+          &ACTION_MAILER
+
+        def gmail!(
+          from: ENV["GMAIL_USER_NAME"],
+          password: ENV["GMAIL_PASSWORD"],
+          port: 587,
+          address: "smtp.gmail.com",
+          authentication: "plain",
+          enable_starttls_auto: true
+        )
+          method(:from=).call(from)
+          method(:password=).call(password)
+          method(:port=).call(port)
+          method(:address=).call(address)
+          method(:authentication=).call(authentication)
+          method(:enable_starttls_auto=).call(enable_starttls_auto)
+        end
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/jwt/config.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module CommandTower
+  module Configuration
+    module Jwt
+      class Config < ::CommandTower::Configuration::Base
+        include ClassComposer::Generator
+
+        add_composer :ttl,
+          desc: "Default TTL on how long the token is valid for",
+          allowed: ActiveSupport::Duration,
+          default: 7.days
+
+        add_composer :hmac_secret,
+          desc: "HMAC is the only algorithm supported. This is the secret key to encrypt he JWT token",
+          allowed: String,
+          default: ENV.fetch("SECRET_KEY_BASE","Thi$IsASeccretIwi::CH&ang3"),
+          default_shown: "ENV.fetch(\"SECRET_KEY_BASE\",\"Thi$IsASeccretIwi::CH&ang3\")"
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/login/config.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require "command_tower/configuration/login/strategy/plain_text/config"
+
+module CommandTower
+  module Configuration
+    module Login
+      class Config < ::CommandTower::Configuration::Base
+        include ClassComposer::Generator
+
+        add_composer_blocking :plain_text,
+          desc: "Login strategy for plain text authentication via User/Password combination",
+          composer_class: Strategy::PlainText::Config,
+          enable_attr: :enable
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/login/strategy/plain_text/config.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "command_tower/configuration/login/strategy/plain_text/lockable"
+require "command_tower/configuration/login/strategy/plain_text/email_verify"
+
+module CommandTower
+  module Configuration
+    module Login
+      module Strategy
+        module PlainText
+          class Config < ::CommandTower::Configuration::Base
+            include ClassComposer::Generator
+
+            add_composer :enable,
+              desc: "Login Strategy for User/Password. By default, this is enabled",
+              allowed: [FalseClass, TrueClass],
+              default: true
+
+            add_composer_blocking :lockable,
+              desc: "Enable and change Lockable for User/Password Login strategy.",
+              composer_class: Locakable,
+              enable_attr: :enable
+
+            add_composer_blocking :email_verify,
+              desc: "Enable and change Email Verification for User/Password Login strategy.",
+              composer_class: EmailVerify,
+              enable_attr: :enable
+
+            add_composer :password_length_max,
+              desc: "Max Length for Password",
+              allowed: Integer,
+              default: 64
+
+            add_composer :password_length_min,
+              desc: "Min Length for Password",
+              allowed: Integer,
+              default: 8
+
+            add_composer :email_length_max,
+              desc: "Max Length for Email",
+              allowed: Integer,
+              default: 64
+
+            add_composer :email_length_min,
+              desc: "Min Length for Email",
+              allowed: Integer,
+              default: 8
+
+            def enable?
+              enable
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/login/strategy/plain_text/email_verify.rb

@@ -0,0 +1,50 @@
+    # frozen_string_literal: true
+
+module CommandTower
+  module Configuration
+    module Login
+      module Strategy
+        module PlainText
+          class EmailVerify < ::CommandTower::Configuration::Base
+            include ClassComposer::Generator
+
+            add_composer :enable,
+              desc: "Email Verify will help ensure that users emails are valid by requesting a verify code. By default this is enabled",
+              allowed: [FalseClass, TrueClass],
+              default: true
+
+            add_composer :verify_email_required_within,
+              desc: "Strategy allows user to set time before email verification is required. After time has expired, usage of API is no longer valid until email has been verified. Up until this time, the Login Strategy will allow usage of the API. Default time is set to 0 minutes",
+              allowed: ActiveSupport::Duration,
+              default: 0.minutes,
+              validator: -> (val) { val < 10.days },
+              invalid_message: ->(val) { "Provided #{val}. Value must be less than #{10.days}" }
+
+
+            add_composer :verify_code_link_required_within,
+              desc: "When the email verification is sent, how long will that code be valid for. By default, this is set to 10 minutes",
+              allowed: ActiveSupport::Duration,
+              default: 10.minutes,
+              validator: -> (val) { val < 60.minutes },
+              invalid_message: ->(val) { "Provided #{val}. Value must be less than #{60.minutes}" }
+
+
+            add_composer :verify_code_link_valid_for,
+              desc: "When the email verification is sent, how long will that code be valid for. By default, this is set to 10 minutes",
+              allowed: ActiveSupport::Duration,
+              default: 10.minutes,
+              validator: -> (val) { val < 60.minutes },
+              invalid_message: ->(val) { "Provided #{val}. Value must be less than #{60.minutes}" }
+
+            add_composer :verify_code_length,
+              desc: "The length of the verify code sent via email.",
+              allowed: Integer,
+              default: 6,
+              validator: -> (val) { (val <= 10) && (val >= 4) },
+              invalid_message: ->(val) { "Provided #{val}. Value must be less than or equal to 10 and greater than or equal to 4." }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/login/strategy/plain_text/lockable.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module CommandTower
+  module Configuration
+    module Login
+      module Strategy
+        module PlainText
+          class Locakable < ::CommandTower::Configuration::Base
+            include ClassComposer::Generator
+
+            add_composer :enable,
+              desc: "Disabled by default. When enabled, this adds an additional level of support for brute force attacks on User/Password Logins",
+              allowed: [FalseClass, TrueClass],
+              default: false
+
+            add_composer :password_attempts,
+              desc: "Max failed password attempts before additional verification on account is required.",
+              allowed: Integer,
+              default: 10,
+              validator: -> (val) { val >= 0 && val < 50 },
+              invalid_message: ->(val) { "Max password attempts must be >=0 and less than 50. Received #{val}" }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/otp/config.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "class_composer"
+
+module CommandTower
+  module Configuration
+    module Otp
+      class Config
+        include ClassComposer::Generator
+
+        add_composer :default_code_interval,
+          desc: "The length of time a code is good for",
+          allowed: ActiveSupport::Duration,
+          default: 30.seconds,
+          validator: -> (val) { (val <= 5.minutes) && (val >= 30.seconds) }
+
+        add_composer :default_code_length,
+          desc: "The default length of the OTP. Used when one not provided",
+          allowed: Integer,
+          default: 6,
+          validator: -> (val) { (val <= 10) && (val >= 4) },
+          invalid_message: ->(val) { "Provided #{val}. Value must be less than or equal to 10 and greater than or equal to 4." }
+
+        add_composer :secret_code_length,
+          desc: "The size of each users base32 Secret value generated",
+          allowed: Integer,
+          default: 32,
+          validator: -> (val) { (val <= 128) && (val >= 32) },
+          invalid_message: ->(val) { "Provided #{val}. Value must be less than or equal to 128 and greater than or equal to 32." }
+
+        add_composer :backup_code_length,
+          desc: "The length of each backup code for User",
+          allowed: Integer,
+          default: 32,
+          validator: -> (val) { (val <= 64) && (val >= 10) },
+          invalid_message: ->(val) { "Provided #{val}. Value must be less than or equal to 64 and greater than or equal to 20." }
+
+        add_composer :backup_code_count,
+          desc: "The number of backup codes that get generated",
+          allowed: Integer,
+          default: 10,
+          validator: -> (val) { (val <= 10) && (val >= 2) },
+          invalid_message: ->(val) { "Provided #{val}. Value must be less than or equal to 10 and greater than or equal to 2." }
+
+        add_composer :allowed_drift_behind,
+          desc: "Sometimes a user is just a tad slow. This allows a small drift behind to allow codes within drift to be accepted",
+          allowed: ActiveSupport::Duration,
+          default: 15.seconds,
+          validator: -> (val) { (val <= 15.seconds) && (val >= 0.seconds) },
+          invalid_message: ->(val) { "Provided #{val}. Value must be less than or equal to 15.seconds" }
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/user/config.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require "class_composer"
+
+module CommandTower
+  module Configuration
+    module User
+      class Config
+        include ClassComposer::Generator
+
+        ATTRIBUTES_TO_CHANGE = [
+          :email,
+          :first_name,
+          :last_name,
+          :last_known_timezone,
+          :username,
+          :verifier_token,
+        ]
+
+        ATTRIBUTES_TO_SHOW = [
+          *ATTRIBUTES_TO_CHANGE,
+          :id,
+          :roles,
+          :created_at,
+        ]
+
+        ATTRIBUTES_CHANGE_EXECUTE = Proc.new do |key, value|
+          CommandTower::UserAttributes::Modify.assign!
+        end
+
+        ATTRIBUTES_SHOWN_EXECUTE = Proc.new do |key, value|
+          CommandTower::Schema::User.assign!
+        end
+
+        add_composer :additional_attributes_for_change,
+          desc: "On top of the default attributes to change, this adds additional values for the user to change on their account",
+          allowed: Array,
+          default: [],
+          default_shown: "[]"
+
+        add_composer :default_attributes_for_change,
+          desc: "[Not Recommended for change] Default attributes that are allowed to change",
+          allowed: Array,
+          default: ATTRIBUTES_TO_CHANGE,
+          &ATTRIBUTES_CHANGE_EXECUTE
+
+        add_composer :default_attributes,
+          desc: "[Not Recommended for change] Default attributes that are shown to the user",
+          allowed: Array,
+          default_shown: ATTRIBUTES_TO_SHOW,
+          dynamic_default: -> (instance) { (ATTRIBUTES_TO_SHOW + instance.additional_attributes_for_change).uniq },
+          &ATTRIBUTES_SHOWN_EXECUTE
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/username/check.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require "class_composer"
+
+module CommandTower
+  module Configuration
+    module Username
+      class Check
+      include ClassComposer::Generator
+
+        add_composer :enable,
+          desc: "Enable Controller method for checking Real time username availability",
+          allowed: [FalseClass, TrueClass],
+          default: true
+
+        add_composer :local_cache,
+          desc: "Local Cache store. Instantiated before fork",
+          allowed: [ActiveSupport::Cache::MemoryStore, ActiveSupport::Cache::FileStore],
+          default: ActiveSupport::Cache::MemoryStore.new
+
+        add_composer :local_cache_ttl,
+          desc: "TTL on local cache data before data is invalidated and upstream is queried",
+          allowed: ActiveSupport::Duration,
+          default_shown: "1.minutes",
+          default: 1.minute,
+          validator: -> (val) { val < 60.minutes },
+          invalid_message: ->(val) { "Provided #{val}. Value must be less than #{60.minutes}" }
+      end
+    end
+  end
+end

data/lib/command_tower/configuration/username/config.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require "class_composer"
+require "command_tower/configuration/username/check"
+
+module CommandTower::Configuration
+  module Username
+    class Config
+      include ClassComposer::Generator
+
+      DEFAULT_MAX_LENGTH = 32
+      DEFAULT_MIN_LENGTH = 4
+
+      add_composer_blocking :realtime_username_check,
+        desc: "Adds components to check if the username is available in real time",
+        composer_class: Check,
+        enable_attr: :enable
+
+      add_composer :username_length_min,
+        desc: "Min Length for Username",
+        allowed: Integer,
+        default: DEFAULT_MIN_LENGTH
+
+      add_composer :username_length_max,
+        desc: "Max Length for Username",
+        allowed: Integer,
+        default: DEFAULT_MAX_LENGTH
+
+      add_composer :username_regex,
+        desc: "Regex for username.",
+        allowed: Regexp,
+        default: /\A\w{#{DEFAULT_MIN_LENGTH},#{DEFAULT_MAX_LENGTH}}\z/,
+        default_shown: "Regexp.new(\"/\A\w{#{DEFAULT_MIN_LENGTH},#{DEFAULT_MAX_LENGTH}}\z/\")"
+
+      add_composer :username_failure_message,
+        desc: "Max Length for Username",
+        allowed: String,
+        default: "Username length must be between #{DEFAULT_MIN_LENGTH} and #{DEFAULT_MAX_LENGTH}. Must contain only letters and/or numbers"
+    end
+  end
+end

data/lib/command_tower/engine.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "command_tower/authorization"
+require "command_tower/schema"
+
+module CommandTower
+  class Engine < ::Rails::Engine
+    isolate_namespace CommandTower
+
+    # Run after Rails loads the initializes and environment files
+    # Ensures User has already set their desired config before we lock this down
+    config.after_initialize do
+      db_rake_task = defined?(Rake) && (Rake.application.top_level_tasks.any? { |task| task =~ /db:/ } rescue nil)
+      if db_rake_task
+        # Because we call the Database during configuration setup,
+        # We want to skip calling the DB during a DB migration
+      else
+        # ensure defaults are instantiated and all variables are assigned
+        CommandTower.config.class_composer_assign_defaults!(children: true)
+
+        unless Rails.env.test?
+          # Now that we can confirm all variables are defined, freeze all objects an their children
+          CommandTower.config.class_composer_freeze_objects!(behavior: :raise, children: true)
+        end
+      end
+    end
+
+
+    ####
+    # Bug: @matt-taylor
+    # RBAC code memoizes the controller object into a class variable
+    # In development when code changes, all classes get reloaded
+    # Inherently, this causes the `object_id` of the class to change
+    # This means the memoized class is no longer equal to the newly reloaded class
+    # NOTE: This is only a problem on reload! in development. Not an issue in Production
+    # Once this is fixed, it can go into a regular initializer and does not need to get re-computed on each reload
+    ###
+    # Potential solution:
+    # => Don't store the object as the comparison key
+    # => Or...When doing comparisons, convert everything to a string for comparison
+    #    Changes to names should be infrequent/should have a full app restart
+
+    # Add all RBAC based role definitions prior to fork/loading
+    # Load once use forever
+    config.to_prepare do
+      CommandTower::Authorization::Role.roles_reset!
+      CommandTower::Authorization::Entity.entities_reset!
+      CommandTower::Authorization.mapped_controllers_reset!
+
+      CommandTower::Authorization.default_defined!
+    end
+  end
+end

data/lib/command_tower/error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module CommandTower
+  class Error < StandardError; end
+end