decidim-ub 0.1.0

data/config/assets.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+base_path = File.expand_path("..", __dir__)
+
+Decidim::Webpacker.register_path("#{base_path}/app/packs")
+Decidim::Webpacker.register_entrypoints(
+  decidim_ub: "#{base_path}/app/packs/entrypoints/decidim_ub.js"
+)

data/config/i18n-tasks.yml

@@ -0,0 +1,7 @@
+---
+
+base_locale: en
+locales:
+  - ca
+  - en
+  - es

data/config/locales/ca.yml

@@ -0,0 +1,31 @@
+---
+ca:
+  decidim:
+    authorization_handlers:
+      ub_ant:
+        explanation: Verifica't com a antic alumne
+        name: Antic alumne (ANT)
+      ub_est:
+        explanation: Verifica't com a alumne
+        name: Alumne (EST)
+      ub_pas:
+        explanation: Verifica't com a personal administratiu/servicis
+        name: Personal administratiu/servicis (PTGAS)
+      ub_pdi:
+        explanation: Verifica't com a professor
+        name: Professor (PDI)
+      ub_pex:
+        explanation: Verifica't com a personal extern
+        name: Personal extern (PEX)
+    ub:
+      errors:
+        missing_role: No tens aquest rol
+    verifications:
+      authorizations:
+        first_login:
+          actions:
+            ub_ant: Verifica't com a antic almumne (ANT)
+            ub_est: Verifica't com a alumne (EST)
+            ub_pas: Verifica't com a personal administració/serveis (PTGAS)
+            ub_pdi: Verifica't com a professor (PDI)
+            ub_pex: Verifica't com a personal extern (PEX)

data/config/locales/en.yml

@@ -0,0 +1,31 @@
+---
+en:
+  decidim:
+    authorization_handlers:
+      ub_ant:
+        explanation: Get verified as an old student
+        name: Old student (ANT)
+      ub_est:
+        explanation: Get verified as a student
+        name: Student (EST)
+      ub_pas:
+        explanation: Get verified as an administrative/services personal
+        name: Administrative/services personal (PTGAS)
+      ub_pdi:
+        explanation: Get verified as a teacher
+        name: Teacher (PDI)
+      ub_pex:
+        explanation: Get verified as an external personal
+        name: External personal (PEX)
+    ub:
+      errors:
+        missing_role: You don't have this role
+    verifications:
+      authorizations:
+        first_login:
+          actions:
+            ub_ant: Verify you are an old student (ANT)
+            ub_est: Verify you are a student (EST)
+            ub_pas: Verify you are an administrative/services personal (PTGAS)
+            ub_pdi: Verify you are a teacher (PDI)
+            ub_pex: Verify you are an external personal (PEX)

data/config/locales/es.yml

@@ -0,0 +1,31 @@
+---
+es:
+  decidim:
+    authorization_handlers:
+      ub_ant:
+        explanation: Verifícate como antiguo estudiante
+        name: Antiguo estudiante (ANT)
+      ub_est:
+        explanation: Verifícate como estudiante
+        name: Estudiante (EST)
+      ub_pas:
+        explanation: Verifícate como personal administrativo/servicios
+        name: Personal administrativo/servicios (PTGAS)
+      ub_pdi:
+        explanation: Verifícate como profesor
+        name: Profesor (PDI)
+      ub_pex:
+        explanation: Verifícate como personal externo
+        name: Personal externo (PEX)
+    ub:
+      errors:
+        missing_role: No tienes este rol
+    verifications:
+      authorizations:
+        first_login:
+          actions:
+            ub_ant: Verifícate como antiguo estudiante (ANT)
+            ub_est: Verifícate como estudiante (EST)
+            ub_pas: Verifícate como personal administrativo/servicios (PTGAS)
+            ub_pdi: Verifícate como profesor (PDI)
+            ub_pex: Verifícate como personal externo (PEX)

data/db/migrate/20240709154301_add_ub_roles_to_users.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddUbRolesToUsers < ActiveRecord::Migration[6.0]
+  def change
+    add_column :decidim_users, :ub_roles, :jsonb, default: []
+  end
+end

data/lib/decidim/ub/engine.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "omniauth/strategies/ub"
+
+module Decidim
+  module Ub
+    # This is the engine that runs on the public interface of ub.
+    class Engine < ::Rails::Engine
+      isolate_namespace Decidim::Ub
+
+      config.to_prepare do
+        Decidim::OmniauthHelper.include(Decidim::Ub::OmniauthHelperOverride)
+        Decidim::User.include(Decidim::Ub::UserOverride)
+      end
+
+      initializer "decidim_ub.omniauth" do
+        next unless Decidim::Ub.omniauth && Decidim::Ub.omniauth[:client_id]
+
+        # Decidim use the secrets configuration to decide whether to show the omniauth provider
+        Rails.application.secrets[:omniauth][Decidim::Ub::OMNIAUTH_PROVIDER_NAME.to_sym] = Decidim::Ub.omniauth
+
+        Rails.application.config.middleware.use OmniAuth::Builder do
+          provider Decidim::Ub::OMNIAUTH_PROVIDER_NAME,
+                   client_id: Decidim::Ub.omniauth[:client_id],
+                   client_secret: Decidim::Ub.omniauth[:client_secret],
+                   client_options: {
+                     site: Decidim::Ub.omniauth[:site],
+                     authorize_url: Decidim::Ub.omniauth[:authorize_url],
+                     token_url: Decidim::Ub.omniauth[:token_url]
+                   }
+        end
+      end
+
+      initializer "decidim_ub.webpacker.assets_path" do
+        Decidim.register_assets_path File.expand_path("app/packs", root)
+      end
+
+      initializer "decidim_ub.authorizations" do
+        Decidim::Ub.authorizations.each do |name|
+          Decidim::Verifications.register_workflow(name.to_sym) do |workflow|
+            workflow.form = "Decidim::Ub::Verifications::#{name.camelize}"
+          end
+        end
+      end
+
+      initializer "decidim_ub.user_sync" do
+        ActiveSupport::Notifications.subscribe "decidim.user.omniauth_registration" do |_name, data|
+          Decidim::Ub::OmniauthUserSyncJob.perform_later(data) if data[:provider] == Decidim::Ub::OMNIAUTH_PROVIDER_NAME
+        end
+
+        ActiveSupport::Notifications.subscribe "decidim.ub.user.updated" do |_name, data|
+          Decidim::Ub::AutoVerificationJob.perform_later(data)
+        end
+      end
+    end
+  end
+end

data/lib/decidim/ub/test/factories.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "decidim/core/test/factories"

data/lib/decidim/ub/version.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Decidim
+  # This holds the decidim-meetings version.
+  module Ub
+    VERSION = "0.1.0"
+    DECIDIM_VERSION = "~> 0.28.0"
+    COMPAT_DECIDIM_VERSION = [">= 0.28.0", "< 0.29"].freeze
+  end
+end

data/lib/decidim/ub.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "decidim/ub/engine"
+
+module Decidim
+  module Ub
+    include ActiveSupport::Configurable
+
+    OMNIAUTH_PROVIDER_NAME = "ub"
+    ROLES = %w(EST PAS PDI PEX ANT).freeze
+
+    class << self
+      def roles_to_auth_name(roles)
+        roles.map { |role| "ub_#{role.downcase}" }
+      end
+    end
+
+    config_accessor :omniauth do
+      {
+        enabled: ENV["UB_CLIENT_ID"].present?,
+        icon_path: ENV.fetch("UB_ICON", "media/images/ub_logo.svg"),
+        client_id: ENV["UB_CLIENT_ID"].presence,
+        client_secret: ENV["UB_CLIENT_SECRET"].presence,
+        site: ENV["UB_SITE"].presence,
+        authorize_url: ENV["UB_AUTHORIZE_URL"].presence,
+        token_url: ENV["UB_TOKEN_URL"].presence
+      }
+    end
+
+    config_accessor :authorizations do
+      roles_to_auth_name(ROLES).freeze
+    end
+
+    class Error < StandardError; end
+  end
+end

data/lib/generators/decidim/app_templates/test/initializer.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+Decidim::Ub.configure do |config|
+  config.omniauth = {
+    client_id: "test-client-id",
+    client_secret: "test-client-secret",
+    site: "https://test.example.org",
+    authorize_url: "/authorize",
+    token_url: "/token"
+  }
+end

data/lib/omniauth/strategies/ub.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "omniauth-oauth2"
+
+module OmniAuth
+  module Strategies
+    class Ub < OmniAuth::Strategies::OAuth2
+      REGEXP_SANITIZER = /[<>?%&^*#@()\[\]=+:;"{}\\|]/
+
+      option :name, "ub"
+      option :token_options, %w(client_id client_secret)
+
+      uid do
+        raw_info.dig("employeenumber", 0)
+      end
+
+      info do
+        {
+          name: raw_info.dig("cn", 0).gsub(REGEXP_SANITIZER, ""),
+          nickname: Decidim::UserBaseEntity.nicknamize(raw_info.dig("uidnet", 0)),
+          email: raw_info.dig("mail", 0),
+          roles: raw_info["colect2"] || []
+        }
+      end
+
+      def callback_url
+        full_host + callback_path
+      end
+
+      def raw_info
+        @raw_info ||= begin
+          connection = Faraday.new(url: options.client_options[:site], ssl: { verify: true }) do |conn|
+            conn.headers["Authorization"] = "#{access_token.response.parsed.token_type} #{access_token.token}"
+          end
+          response = connection.get("/api/adas/oauth2/tokendata")
+          raise Error, "Unable to fetch the user information" unless response.success?
+
+          JSON.parse(response.body).to_h
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/ub.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "omniauth/strategies/ub"

metadata

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: decidim-ub
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Francisco Bolívar
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-07-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: decidim-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.29'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.29'
+- !ruby/object:Gem::Dependency
+  name: decidim-dev
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.29'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.29'
+description: A Decidim module to sync UB users who connect to the platform.
+email:
+- francisco.bolivar@nazaries.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE-AGPLv3.txt
+- README.md
+- Rakefile
+- app/commands/decidim/ub/sync_user.rb
+- app/controllers/concerns/decidim/devise_authentication_methods.rb
+- app/forms/decidim/ub/verifications/ub.rb
+- app/forms/decidim/ub/verifications/ub_ant.rb
+- app/forms/decidim/ub/verifications/ub_est.rb
+- app/forms/decidim/ub/verifications/ub_pas.rb
+- app/forms/decidim/ub/verifications/ub_pdi.rb
+- app/forms/decidim/ub/verifications/ub_pex.rb
+- app/helpers/decidim/ub/omniauth_helper_override.rb
+- app/jobs/decidim/ub/auto_verification_job.rb
+- app/jobs/decidim/ub/omniauth_user_sync_job.rb
+- app/models/concerns/decidim/ub/user_override.rb
+- app/packs/entrypoints/decidim_ub.js
+- app/packs/images/ub_logo.svg
+- config/assets.rb
+- config/i18n-tasks.yml
+- config/locales/ca.yml
+- config/locales/en.yml
+- config/locales/es.yml
+- db/migrate/20240709154301_add_ub_roles_to_users.rb
+- lib/decidim/ub.rb
+- lib/decidim/ub/engine.rb
+- lib/decidim/ub/test/factories.rb
+- lib/decidim/ub/version.rb
+- lib/generators/decidim/app_templates/test/initializer.rb
+- lib/omniauth/strategies/ub.rb
+- lib/omniauth/ub.rb
+homepage: https://decidim.org
+licenses:
+- AGPL-3.0
+metadata:
+  bug_tracker_uri: https://github.com/decidim/decidim/issues
+  documentation_uri: https://docs.decidim.org/
+  funding_uri: https://opencollective.com/decidim
+  homepage_uri: https://decidim.org
+  source_code_uri: https://github.com/decidim/decidim
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.14
+signing_key:
+specification_version: 4
+summary: A decidim ub module
+test_files: []