devise_g5_authenticatable 1.0.1.rc.1 → 1.0.2.rc.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45dc10e0dd1ef0be75f7ecdd379f5501a71baa5008fac90337b466fefdaf40b2
-  data.tar.gz: 86e4f6bf860a0b547783ef30f417cc0c09d5bae31ce090ac3d6726a0dc626a75
+  metadata.gz: ad0eee25a4da3d85235fb21e4e0faae07e09debedf49e94fb7a02935936842c8
+  data.tar.gz: 98401d80d28e50845b8617362ee778ba0d62fb1c6f2b11840470d3ed808b7f5c
 SHA512:
-  metadata.gz: b2a62a4b3973950c351ed21392625e0ee15c96e8ca40d9b6bc7b1281fd197507fde1c349eed58184ff5d06f1697f5e5494670db6231ef866fc1e42d7fde418ca
-  data.tar.gz: d1c83f2985b31f9ef51019d64a42872c7ea772a66b100667e83aac1b8b66f985f9a4a9a6e325f5ad5b2440ca21e147fcf8bf28b435335de6c7357e35ad88db6b
+  metadata.gz: 2482e59fdd4ea7835a75f6c096d85d6fd51b4b207b7cb1cb856944da96ee687f7e49ace5b5d02c0beecb956c560e0ad2083768c3362ca57eb0aa0bbbc83db116
+  data.tar.gz: 3c7c5cea38df574c91065854aa7774c39d75cf581c3ab1635737e890a12095b90af08b371bba352f2c5ada5b71257ca0787409d1ca7580e62e50cd61b7de91a7

data/Gemfile

@@ -16,6 +16,7 @@ group :test, :development do
   gem 'appraisal'
   gem 'pry-byebug'
   gem 'rspec-rails', '~> 3.6'
+  gem 'rb-readline'
 end
 
 group :test do

data/app/controllers/devise_g5_authenticatable/sessions_controller.rb

@@ -14,8 +14,11 @@ module DeviseG5Authenticatable
     end
 
     def create
-      self.resource = resource_class.find_and_update_for_g5_oauth(auth_data)
-      resource ? sign_in_resource : register_resource
+      if authorized?
+        sign_in_or_register
+      else
+        redirect_to(restricted_application_redirect_url)
+      end
     end
 
     def destroy
@@ -26,6 +29,23 @@ module DeviseG5Authenticatable
 
     protected
 
+    def authorized?
+      accessible_applications.map(&:url).include?(request.base_url) || accessible_applications.map(&:url).include?('global')
+    end
+
+    def accessible_applications
+      auth_data.extra.raw_info.accessible_applications
+    end
+
+    def restricted_application_redirect_url
+      auth_data.extra.raw_info.restricted_application_redirect_url
+    end
+
+    def sign_in_or_register
+      self.resource = resource_class.find_and_update_for_g5_oauth(auth_data)
+      resource ? sign_in_resource : register_resource
+    end
+
     def auth_data
       @auth_data ||= request.env['omniauth.auth']
       session['omniauth.auth'] = @auth_data

data/lib/devise_g5_authenticatable/models/g5_authenticatable.rb

@@ -127,7 +127,7 @@ module Devise
         private
 
         def without_auth_callback
-          skip_callback :save, :before, :auth_user, raise: false
+          skip_callback :save, :before, :auth_user
           yield
           set_callback :save, :before, :auth_user
         end

data/lib/devise_g5_authenticatable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeviseG5Authenticatable
-  VERSION = '1.0.1.rc.1'
+  VERSION = '1.0.2.rc.1'
 end

data/spec/controllers/sessions_controller_spec.rb

@@ -41,7 +41,13 @@ RSpec.describe DeviseG5Authenticatable::SessionsController do
         uid: '45',
         info: { name: 'Foo Bar',
                 email: 'foo@bar.com' },
-        credentials: { token: 'abc123' }
+        credentials: { token: 'abc123' },
+        extra: {
+          raw_info: {
+            accessible_applications: [{ url: 'global' }],
+            restricted_application_redirect_url: 'https://imc.com'
+          }
+        }
       )
     end
     before { request.env['omniauth.auth'] = auth_hash }
@@ -148,6 +154,52 @@ RSpec.describe DeviseG5Authenticatable::SessionsController do
         end
       end
     end
+
+    context 'when user does not have access to application' do
+      let(:auth_hash) do
+        OmniAuth::AuthHash.new(
+          provider: 'g5',
+          uid: '45',
+          info: { name: 'Foo Bar',
+                  email: 'foo@bar.com' },
+          credentials: { token: 'abc123' },
+          extra: {
+            raw_info: {
+              accessible_applications: [],
+              restricted_application_redirect_url: 'https://imc.com'
+            }
+          }
+        )
+      end
+
+      let(:model) do
+        stub_model(model_class,
+                   provider: auth_hash.provider,
+                   uid: auth_hash.uid,
+                   email: auth_hash.email,
+                   g5_access_token: auth_hash.credentials.token,
+                   save!: true,
+                   update_g5_credentials: true,
+                   email_changed?: false)
+      end
+
+      before do
+        allow(model_class).to receive(:find_and_update_for_g5_oauth)
+          .and_return(model)
+      end
+
+      let(:model_class) { User }
+      let(:scope) { :user }
+
+      it 'should redirect the user to the restricted_application_redirect_url' do
+        create_session
+        expect(subject).to redirect_to(auth_hash.extra.raw_info.restricted_application_redirect_url)
+      end
+
+      it 'should not sign in a user' do
+        expect { create_session }.to_not change { controller.current_user }
+      end
+    end
   end
 
   describe '#destroy' do

data/spec/support/user_omniauth_methods.rb

@@ -6,7 +6,13 @@ module UserOmniauthMethods
       uid: user.uid,
       provider: 'g5',
       info: { email: user.email },
-      credentials: { token: user.g5_access_token }
+      credentials: { token: user.g5_access_token },
+      extra: {
+        raw_info: {
+          accessible_applications: [{ url: 'global' }],
+          restricted_application_redirect_url: 'https://imc.com'
+        }
+      }
     }.merge(options))
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_g5_authenticatable
 version: !ruby/object:Gem::Version
-  version: 1.0.1.rc.1
+  version: 1.0.2.rc.1
 platform: ruby
 authors:
 - Maeve Revels
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-06 00:00:00.000000000 Z
+date: 2019-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -206,7 +206,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.8
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Devise extension for the G5 Auth service