dscf-core 0.1.2 → 0.1.3

data/app/models/concerns/dscf/core/user_authenticatable.rb

@@ -0,0 +1,58 @@
+module Dscf
+  module Core
+    module UserAuthenticatable
+      extend ActiveSupport::Concern
+
+      included do
+        has_secure_password
+
+        validates :email, uniqueness: true, allow_blank: true
+        validates :phone, uniqueness: true, allow_blank: true
+        validate :email_or_phone_present
+
+        has_many :refresh_tokens, dependent: :destroy, class_name: "Dscf::Core::RefreshToken"
+      end
+
+      def authenticate_with_password(password)
+        authenticate(password)
+      end
+
+      def generate_auth_tokens(request)
+        AuthService.generate_auth_tokens(self, request)
+      end
+
+      def valid_for_authentication?
+        active? && !locked?
+      end
+
+      def active?
+        true # Override in specific models if needed
+      end
+
+      def locked?
+        false # Override in specific models if needed
+      end
+
+      def track_device(request)
+        # Track device information for security
+        {
+          user_agent: request.user_agent,
+          ip_address: request.remote_ip,
+          device_id: request.params[:device_id]
+        }
+      end
+
+      def revoke_all_tokens
+        AuthService.revoke_all_user_tokens(self)
+      end
+
+      private
+
+      def email_or_phone_present
+        return unless email.blank? && phone.blank?
+
+        errors.add(:base, "Either email or phone must be provided")
+      end
+    end
+  end
+end

data/app/models/dscf/core/refresh_token.rb

@@ -0,0 +1,36 @@
+module Dscf
+  module Core
+    class RefreshToken < ApplicationRecord
+      belongs_to :user, class_name: "Dscf::Core::User"
+
+      validates :refresh_token, presence: true, uniqueness: true
+      validates :expires_at, presence: true
+      validates :user_id, presence: true
+
+      # scopes for querying tokens
+      scope :active, -> { where("expires_at > ?", Time.current) }
+      scope :for_device, ->(device) { where(device: device) }
+
+      # generate token and set expiry on creation
+      before_validation :set_token_and_expiry, on: :create
+
+      def expired?
+        expires_at < Time.current
+      end
+
+      def set_token_and_expiry
+        self.refresh_token ||= SecureRandom.hex(32)
+        self.expires_at ||= 30.days.from_now
+      end
+
+      def self.generate(user, request)
+        create(
+          user: user,
+          device: request.params[:device_id] || "unknown",
+          ip_address: request.remote_ip,
+          user_agent: request.user_agent
+        )
+      end
+    end
+  end
+end

data/app/models/dscf/core/user.rb

@@ -1,10 +1,7 @@
 module Dscf
   module Core
     class User < ApplicationRecord
-      has_secure_password
-
-      validates :email, presence: true, uniqueness: true
-      validates :phone, presence: true, uniqueness: true
+      include UserAuthenticatable
 
       has_many :user_roles, class_name: "Dscf::Core::UserRole"
       has_many :roles, through: :user_roles, class_name: "Dscf::Core::Role"
@@ -12,6 +9,16 @@ module Dscf
       has_many :addresses, dependent: :destroy, class_name: "Dscf::Core::Address"
       has_many :documents, as: :documentable, dependent: :destroy, class_name: "Dscf::Core::Document"
       has_one :user_profile, dependent: :destroy, class_name: "Dscf::Core::UserProfile"
+
+      accepts_nested_attributes_for :user_profile
+
+      before_create :set_default_temp_password
+
+      private
+
+      def set_default_temp_password
+        self.temp_password = false if temp_password.nil?
+      end
     end
   end
 end

data/app/models/dscf/core/user_profile.rb

@@ -7,6 +7,25 @@ module Dscf
       validates :last_name, presence: true
       validates :watchlist_hit, inclusion: {in: [true, false]}
       validates :verification_status, presence: true
+
+      enum :gender, {
+        male: 0,
+        female: 1
+      }
+
+      enum :pep_status, {
+        no_exposure: 0,
+        low: 1,
+        medium: 2,
+        high: 3
+      }
+
+      enum :verification_status, {
+        pending: 0,
+        verified: 1,
+        rejected: 2,
+        under_review: 3
+      }
     end
   end
 end

data/app/services/dscf/core/auth_service.rb

@@ -0,0 +1,75 @@
+require "ostruct"
+
+module Dscf
+  module Core
+    class AuthService
+      class << self
+        def authenticate_user(email_or_phone, password)
+          user = find_user_by_email_or_phone(email_or_phone)
+          return nil unless user&.authenticate(password)
+
+          user
+        end
+
+        def generate_auth_tokens(user, request)
+          access_token = TokenService.issue(TokenService.access_token_payload(user))
+          refresh_token = create_refresh_token(user, request)
+
+          {
+            access_token: access_token,
+            refresh_token: refresh_token,
+            user: user
+          }
+        end
+
+        def refresh_access_token(refresh_token_value, request)
+          refresh_token = RefreshToken.active.find_by(refresh_token: refresh_token_value)
+          return nil unless refresh_token
+
+          # Validate device and IP for security
+          if refresh_token.ip_address != request.remote_ip
+            refresh_token.destroy
+            raise AuthenticationError, "Token compromised - IP address changed"
+          end
+
+          user = refresh_token.user
+          access_token = TokenService.issue(TokenService.access_token_payload(user))
+
+          {
+            access_token: access_token,
+            user: user
+          }
+        end
+
+        def revoke_refresh_token(token_value)
+          RefreshToken.find_by(refresh_token: token_value)&.destroy
+        end
+
+        def revoke_all_user_tokens(user)
+          user.refresh_tokens.destroy_all
+        end
+
+        private
+
+        def find_user_by_email_or_phone(email_or_phone)
+          if email_or_phone.include?("@")
+            User.find_by(email: email_or_phone)
+          else
+            User.find_by(phone: email_or_phone)
+          end
+        end
+
+        def create_refresh_token(user, request)
+          # Create a simple struct-like object for the refresh token generation
+          request_data = OpenStruct.new(
+            params: {device_id: request.params[:device_id]},
+            remote_ip: request.remote_ip,
+            user_agent: request.user_agent
+          )
+
+          RefreshToken.generate(user, request_data)
+        end
+      end
+    end
+  end
+end

data/app/services/dscf/core/token_service.rb

@@ -0,0 +1,55 @@
+require "jwt"
+
+module Dscf
+  module Core
+    class TokenService
+      class << self
+        def issue(payload, expires_in: 15.minutes)
+          payload = payload.merge(exp: Time.current.to_i + expires_in.to_i)
+          ::JWT.encode(payload, key, "HS256")
+        end
+
+        def decode(token)
+          return nil if token.blank?
+
+          begin
+            decoded = ::JWT.decode(token, key, true, algorithm: "HS256")
+            decoded.first
+          rescue ::JWT::ExpiredSignature
+            raise AuthenticationError, "Token has expired"
+          rescue ::JWT::DecodeError
+            raise AuthenticationError, "Invalid token"
+          end
+        end
+
+        def refresh_token_payload(user, device: nil, ip_address: nil)
+          {
+            user_id: user.id,
+            identifier: user.email || user.phone,
+            device: device,
+            ip_address: ip_address,
+            type: "refresh"
+          }
+        end
+
+        def access_token_payload(user)
+          {
+            user_id: user.id,
+            identifier: user.email || user.phone,
+            type: "access"
+          }
+        end
+
+        def key
+          @key ||= ENV.fetch("JWT_SECRET_KEY", nil) ||
+                   if Rails.env.test?
+                     "test_jwt_secret_key_for_testing_purposes_only_12345678901234567890"
+                   else
+                     Rails.application.credentials.secret_key_base
+                   end ||
+                   "fallback_secret_key_for_development_only_12345678901234567890"
+        end
+      end
+    end
+  end
+end

data/config/initializers/jwt.rb

@@ -0,0 +1,23 @@
+# JWT Configuration
+JWT_CONFIG = {
+  algorithm: "HS256",
+  access_token_expiry: 15.minutes,
+  refresh_token_expiry: 30.days,
+  issuer: "dscf-core",
+  audience: "dscf-api"
+}.freeze
+
+# JWT Secret Key Configuration
+# Priority: ENV["JWT_SECRET_KEY"] > Rails credentials > Rails secret_key_base
+JWT_SECRET_KEY = ENV.fetch("JWT_SECRET_KEY") do
+  if Rails.env.test?
+    "test_jwt_secret_key_for_testing_purposes_only_12345678901234567890"
+  else
+    Rails.application.credentials.secret_key_base
+  end
+end
+
+# # Validate JWT configuration on startup
+# Rails.application.config.after_initialize do
+#   raise "JWT_SECRET_KEY must be set and at least 32 characters long" unless JWT_SECRET_KEY.present? && JWT_SECRET_KEY.length >= 32
+# end

data/config/initializers/ransack.rb

@@ -0,0 +1,4 @@
+Ransack.configure do |config|
+  config.ignore_unknown_conditions = false
+
+end

data/config/locales/en.yml

@@ -0,0 +1,23 @@
+en:
+  auth:
+    success:
+      login: "Login successful."
+      signup: "Account created successfully. Please log in to continue."
+      logout: "Logged out successfully."
+      me: "Profile fetched successfully."
+      refresh: "Token refreshed successfully."
+    errors:
+      invalid_credentials: "Invalid credentials."
+      missing_email_or_phone: "Either email or phone must be provided."
+      signup_failed: "Failed to create account."
+      invalid_token: "Invalid refresh token."
+
+  role:
+    success:
+      show: "Role details retrieved successfully"
+      create: "Role created successfully"
+      update: "Role updated successfully"
+    errors:
+      create: "Failed to create role"
+      update: "Failed to update role"
+      show: "Role not found"

data/config/routes.rb

@@ -1,2 +1,7 @@
 Dscf::Core::Engine.routes.draw do
+  post "auth/login", to: "auth#login"
+  post "auth/logout", to: "auth#logout"
+  post "auth/signup", to: "auth#signup"
+  post "auth/refresh", to: "auth#refresh"
+  get "auth/me", to: "auth#me"
 end

data/db/migrate/20250822092031_create_dscf_core_user_profiles.rb

@@ -5,7 +5,7 @@ class CreateDscfCoreUserProfiles < ActiveRecord::Migration[8.0]
       t.string :first_name, null: false
       t.string :middle_name
       t.string :last_name, null: false
-      t.string :gender
+      t.integer :gender
       t.string :nationality
       t.date :date_of_birth
       t.string :place_of_birth
@@ -15,10 +15,10 @@ class CreateDscfCoreUserProfiles < ActiveRecord::Migration[8.0]
       t.string :employer_name
       t.decimal :avg_monthly_income, precision: 18, scale: 2
       t.decimal :avg_annual_income, precision: 18, scale: 2
-      t.string :pep_status
+      t.integer :pep_status
       t.decimal :risk_score, precision: 5, scale: 2
       t.boolean :watchlist_hit, null: false
-      t.string :verification_status, null: false
+      t.integer :verification_status, null: false, default: 0
 
       t.timestamps
     end

data/db/migrate/20250824114725_create_dscf_core_refresh_tokens.rb

@@ -0,0 +1,15 @@
+class CreateDscfCoreRefreshTokens < ActiveRecord::Migration[8.0]
+  def change
+    create_table :dscf_core_refresh_tokens do |t|
+      t.references :user, null: false, foreign_key: {to_table: :dscf_core_users}
+      t.string :refresh_token, null: false
+      t.datetime :expires_at, null: false
+      t.string :device
+      t.string :ip_address
+      t.string :user_agent
+
+      t.timestamps
+    end
+    add_index :dscf_core_refresh_tokens, :refresh_token, unique: true
+  end
+end

data/db/migrate/20250824191957_change_pep_status_to_integer_in_user_profiles.rb

@@ -0,0 +1,5 @@
+class ChangePepStatusToIntegerInUserProfiles < ActiveRecord::Migration[8.0]
+  def change
+    change_column :dscf_core_user_profiles, :pep_status, :integer
+  end
+end

data/db/migrate/20250824200927_make_email_and_phone_optional_for_users.rb

@@ -0,0 +1,6 @@
+class MakeEmailAndPhoneOptionalForUsers < ActiveRecord::Migration[8.0]
+  def change
+    change_column_null :dscf_core_users, :email, true
+    change_column_null :dscf_core_users, :phone, true
+  end
+end

data/db/migrate/20250825192113_add_defaults_to_user_profiles.rb

@@ -0,0 +1,6 @@
+class AddDefaultsToUserProfiles < ActiveRecord::Migration[8.0]
+  def change
+    change_column_default :dscf_core_user_profiles, :watchlist_hit, false
+    change_column_default :dscf_core_user_profiles, :verification_status, 0 # pending
+  end
+end

data/lib/dscf/core/version.rb

@@ -1,5 +1,5 @@
 module Dscf
   module Core
-    VERSION = "0.1.2".freeze
+    VERSION = "0.1.3".freeze
   end
 end

data/lib/dscf/core.rb

@@ -1,5 +1,7 @@
 require "dscf/core/version"
 require "dscf/core/engine"
+require "ransack"
+require "active_model_serializers"
 
 module Dscf
   module Core

data/spec/factories/dscf/core/refresh_tokens.rb

@@ -0,0 +1,25 @@
+FactoryBot.define do
+  factory :refresh_token, class: "Dscf::Core::RefreshToken" do
+    association :user, factory: :user
+    refresh_token { SecureRandom.hex(32) }
+    expires_at { 30.days.from_now }
+    device { Faker::Device.model_name }
+    ip_address { Faker::Internet.ip_v4_address }
+    user_agent { Faker::Internet.user_agent }
+  end
+
+  # Factory for expired tokens
+  factory :expired_refresh_token, parent: :refresh_token do
+    expires_at { 1.day.ago }
+  end
+
+  # Factory for tokens without automatic generation
+  factory :manual_refresh_token, parent: :refresh_token do
+    refresh_token { nil }
+    expires_at { nil }
+
+    after(:build) do |token|
+      token.instance_variable_set(:@skip_before_validation, true)
+    end
+  end
+end

data/spec/factories/dscf/core/user_profiles.rb

@@ -4,7 +4,7 @@ FactoryBot.define do
     first_name { Faker::Name.first_name }
     middle_name { Faker::Name.middle_name }
     last_name { Faker::Name.last_name }
-    gender { %w[Male Female Other].sample }
+    gender { %w[male female].sample }
     nationality { Faker::Address.country }
     date_of_birth { Faker::Date.birthday(min_age: 18, max_age: 65) }
     place_of_birth { Faker::Address.city }
@@ -14,9 +14,9 @@ FactoryBot.define do
     employer_name { Faker::Company.name }
     avg_monthly_income { Faker::Number.decimal(l_digits: 5, r_digits: 2) }
     avg_annual_income { Faker::Number.decimal(l_digits: 6, r_digits: 2) }
-    pep_status { %w[None Low Medium High].sample }
+    pep_status { [0, 1, 2, 3].sample }
     risk_score { Faker::Number.decimal(l_digits: 1, r_digits: 2) }
-    watchlist_hit { Faker::Boolean.boolean }
-    verification_status { %w[Pending Verified Rejected].sample }
+    watchlist_hit { false }
+    verification_status { 0 }
   end
 end