duodealer_app 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/app/controllers/duodealer_app/callback_controller.rb +10 -10
- data/app/controllers/duodealer_app/sessions_controller.rb +23 -23
- data/app/controllers/duodealer_app/webhooks_controller.rb +1 -1
- data/lib/duodealer_app/controller_concerns/login_protection.rb +29 -29
- data/lib/duodealer_app/controller_concerns/webhook_verification.rb +2 -2
- data/lib/duodealer_app/jobs/scripttags_manager_job.rb +3 -3
- data/lib/duodealer_app/jobs/webhooks_manager_job.rb +2 -2
- data/lib/duodealer_app/version.rb +1 -1
- data/lib/generators/duodealer_app/install/templates/duodealer_provider.rb +0 -2
- data/lib/generators/duodealer_app/rotate_duodealer_token_job/templates/rotate_duodealer_token_job.rb +7 -7
- metadata +2 -18
- data/app/controllers/concerns/duodealer_app/authenticated.rb-e +0 -15
- data/app/controllers/duodealer_app/authenticated_controller.rb-e +0 -9
- data/app/controllers/duodealer_app/callback_controller.rb-e +0 -104
- data/app/controllers/duodealer_app/extension_verification_controller.rb-e +0 -19
- data/app/controllers/duodealer_app/sessions_controller.rb-e +0 -159
- data/app/controllers/duodealer_app/webhooks_controller.rb-e +0 -37
- data/app/views/duodealer_app/partials/_button_styles.html.erb-e +0 -104
- data/app/views/duodealer_app/partials/_card_styles.html.erb-e +0 -33
- data/app/views/duodealer_app/partials/_empty_state_styles.html.erb-e +0 -129
- data/app/views/duodealer_app/partials/_layout_styles.html.erb-e +0 -167
- data/app/views/duodealer_app/partials/_typography_styles.html.erb-e +0 -35
- data/app/views/duodealer_app/sessions/enable_cookies.html.erb-e +0 -75
- data/app/views/duodealer_app/sessions/new.html.erb-e +0 -123
- data/app/views/duodealer_app/sessions/request_storage_access.html.erb-e +0 -68
- data/app/views/duodealer_app/sessions/top_level_interaction.html.erb-e +0 -64
- data/app/views/duodealer_app/shared/redirect.html.erb-e +0 -23
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a2269bcddcbaf2ec4b28af339d18939f72c087eeb238612d5ffafd30c1911f7f
|
|
4
|
+
data.tar.gz: 9837fe7b93b11dda135fab7e9913cebe4388ccd23f48c4182309a3e9839f17cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 390073fdc0a5321ec2f11c5535237e23299f3718bb9f38d786370a46367e73ae292154721cfcebbf23bec93e72b360b249427f9c988f5f9e16468a8b5444a3d9
|
|
7
|
+
data.tar.gz: 8c230c87bbcc2e07d9c95c980c6444f604a5eca30172359776fc49870d75230c52641baf40578c670f4495da9323924463f7bb46b844ae85b26536dfceb9d521
|
data/README.md
CHANGED
|
@@ -155,7 +155,7 @@ Mounting the Engine will provide the basic routes to authenticating a shop with
|
|
|
155
155
|
|--------|-------------------------------|------------------------------|
|
|
156
156
|
|GET |'/login' |Login |
|
|
157
157
|
|POST |'/login' |Login |
|
|
158
|
-
|GET |'/auth/duodealer/callback'
|
|
158
|
+
|GET |'/auth/duodealer/callback' |Authenticate Callback |
|
|
159
159
|
|GET |'/logout' |Logout |
|
|
160
160
|
|POST |'/webhooks/:type' |Webhook Callback |
|
|
161
161
|
|
|
@@ -294,7 +294,7 @@ Duo Dealer's API is versioned, and you can [read about that process in the Duo D
|
|
|
294
294
|
|
|
295
295
|
Since duodealer_app gem version 1.11.0, the included duodealer_api gem has also been updated to allow you to easily set and switch what version of the Duo Dealer API you want your app or service to use, as well as surface warnings to Rails apps about [deprecated endpoints, GraphQL fields and more](https://duodealer.dev/concepts/about-apis/versioning#deprecation-practices).
|
|
296
296
|
|
|
297
|
-
See the [duodealer_api gem README](https://
|
|
297
|
+
See the [duodealer_api gem README](https://gitlab.com/duodealer/duodealer_api/) for more details.
|
|
298
298
|
|
|
299
299
|
WebhooksManager
|
|
300
300
|
---------------
|
|
@@ -7,7 +7,7 @@ module DuodealerApp
|
|
|
7
7
|
|
|
8
8
|
def callback
|
|
9
9
|
if auth_hash
|
|
10
|
-
|
|
10
|
+
login_account
|
|
11
11
|
install_webhooks
|
|
12
12
|
install_scripttags
|
|
13
13
|
perform_after_authenticate_job
|
|
@@ -15,12 +15,12 @@ module DuodealerApp
|
|
|
15
15
|
redirect_to return_address
|
|
16
16
|
else
|
|
17
17
|
flash[:error] = I18n.t("could_not_log_in")
|
|
18
|
-
redirect_to(
|
|
18
|
+
redirect_to(login_url_with_optional_account)
|
|
19
19
|
end
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
private
|
|
23
|
-
def
|
|
23
|
+
def login_account
|
|
24
24
|
reset_session_options
|
|
25
25
|
set_duodealer_session
|
|
26
26
|
end
|
|
@@ -29,7 +29,7 @@ module DuodealerApp
|
|
|
29
29
|
request.env["omniauth.auth"]
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
def
|
|
32
|
+
def account_name
|
|
33
33
|
auth_hash.uid
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -50,12 +50,12 @@ module DuodealerApp
|
|
|
50
50
|
|
|
51
51
|
def set_duodealer_session
|
|
52
52
|
session_store = DuodealerAPI::Session.new(
|
|
53
|
-
domain:
|
|
53
|
+
domain: account_name,
|
|
54
54
|
token: token,
|
|
55
55
|
api_version: DuodealerApp.configuration.api_version
|
|
56
56
|
)
|
|
57
57
|
session[:duodealer] = DuodealerApp::SessionRepository.store(session_store, user: associated_user)
|
|
58
|
-
session[:duodealer_domain] =
|
|
58
|
+
session[:duodealer_domain] = account_name
|
|
59
59
|
session[:duodealer_user] = associated_user
|
|
60
60
|
|
|
61
61
|
if DuodealerApp.configuration.per_user_tokens?
|
|
@@ -70,7 +70,7 @@ module DuodealerApp
|
|
|
70
70
|
return unless DuodealerApp.configuration.has_webhooks?
|
|
71
71
|
|
|
72
72
|
WebhooksManager.queue(
|
|
73
|
-
|
|
73
|
+
account_name,
|
|
74
74
|
token,
|
|
75
75
|
DuodealerApp.configuration.webhooks
|
|
76
76
|
)
|
|
@@ -80,7 +80,7 @@ module DuodealerApp
|
|
|
80
80
|
return unless DuodealerApp.configuration.has_scripttags?
|
|
81
81
|
|
|
82
82
|
ScripttagsManager.queue(
|
|
83
|
-
|
|
83
|
+
account_name,
|
|
84
84
|
token,
|
|
85
85
|
DuodealerApp.configuration.scripttags
|
|
86
86
|
)
|
|
@@ -95,9 +95,9 @@ module DuodealerApp
|
|
|
95
95
|
job = job.constantize if job.is_a?(String)
|
|
96
96
|
|
|
97
97
|
if config[:inline] == true
|
|
98
|
-
job.perform_now(
|
|
98
|
+
job.perform_now(account_domain: session[:duodealer_domain])
|
|
99
99
|
else
|
|
100
|
-
job.perform_later(
|
|
100
|
+
job.perform_later(account_domain: session[:duodealer_domain])
|
|
101
101
|
end
|
|
102
102
|
end
|
|
103
103
|
end
|
|
@@ -10,7 +10,7 @@ module DuodealerApp
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def new
|
|
13
|
-
authenticate if
|
|
13
|
+
authenticate if sanitized_account_name.present?
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def create
|
|
@@ -18,16 +18,16 @@ module DuodealerApp
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def enable_cookies
|
|
21
|
-
return unless
|
|
21
|
+
return unless validate_account
|
|
22
22
|
|
|
23
23
|
render(:enable_cookies, layout: false, locals: {
|
|
24
24
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
25
|
-
|
|
25
|
+
account: sanitized_account_name,
|
|
26
26
|
return_to: params[:return_to]
|
|
27
27
|
),
|
|
28
|
-
has_storage_access_url:
|
|
28
|
+
has_storage_access_url: login_url_with_optional_account(top_level: true),
|
|
29
29
|
app_target_url: granted_storage_access_path(
|
|
30
|
-
|
|
30
|
+
account: sanitized_account_name,
|
|
31
31
|
return_to: params[:return_to]
|
|
32
32
|
),
|
|
33
33
|
current_duodealer_domain: current_duodealer_domain
|
|
@@ -35,30 +35,30 @@ module DuodealerApp
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
def top_level_interaction
|
|
38
|
-
@url =
|
|
39
|
-
|
|
38
|
+
@url = login_url_with_optional_account(top_level: true)
|
|
39
|
+
validate_account
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def granted_storage_access
|
|
43
|
-
return unless
|
|
43
|
+
return unless validate_account
|
|
44
44
|
|
|
45
45
|
session["duodealer.granted_storage_access"] = true
|
|
46
46
|
|
|
47
47
|
copy_return_to_param_to_session
|
|
48
48
|
|
|
49
|
-
redirect_to(return_address_with_params({
|
|
49
|
+
redirect_to(return_address_with_params({ account: @account }))
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def destroy
|
|
53
53
|
reset_session
|
|
54
54
|
flash[:notice] = I18n.t(".logged_out")
|
|
55
|
-
redirect_to(
|
|
55
|
+
redirect_to(login_url_with_optional_account)
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
private
|
|
59
59
|
def authenticate
|
|
60
|
-
return
|
|
61
|
-
session["duodealer.omniauth_params"] = {
|
|
60
|
+
return render_invalid_account_error if sanitized_account_name.blank?
|
|
61
|
+
session["duodealer.omniauth_params"] = { account: sanitized_account_name }
|
|
62
62
|
|
|
63
63
|
copy_return_to_param_to_session
|
|
64
64
|
|
|
@@ -89,10 +89,10 @@ module DuodealerApp
|
|
|
89
89
|
end
|
|
90
90
|
end
|
|
91
91
|
|
|
92
|
-
def
|
|
93
|
-
@
|
|
94
|
-
unless @
|
|
95
|
-
|
|
92
|
+
def validate_account
|
|
93
|
+
@account = sanitized_account_name
|
|
94
|
+
unless @account
|
|
95
|
+
render_invalid_account_error
|
|
96
96
|
return false
|
|
97
97
|
end
|
|
98
98
|
|
|
@@ -103,14 +103,14 @@ module DuodealerApp
|
|
|
103
103
|
session[:return_to] = params[:return_to] if params[:return_to]
|
|
104
104
|
end
|
|
105
105
|
|
|
106
|
-
def
|
|
107
|
-
flash[:error] = I18n.t("
|
|
106
|
+
def render_invalid_account_error
|
|
107
|
+
flash[:error] = I18n.t("invalid_account_url")
|
|
108
108
|
redirect_to return_address
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
def enable_cookie_access
|
|
112
112
|
fullpage_redirect_to(enable_cookies_path(
|
|
113
|
-
|
|
113
|
+
account: sanitized_account_name,
|
|
114
114
|
return_to: session[:return_to]
|
|
115
115
|
))
|
|
116
116
|
end
|
|
@@ -120,7 +120,7 @@ module DuodealerApp
|
|
|
120
120
|
end
|
|
121
121
|
|
|
122
122
|
def authenticate_at_top_level
|
|
123
|
-
fullpage_redirect_to(
|
|
123
|
+
fullpage_redirect_to(login_url_with_optional_account(top_level: true))
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
def authenticate_in_context?
|
|
@@ -143,12 +143,12 @@ module DuodealerApp
|
|
|
143
143
|
layout: false,
|
|
144
144
|
locals: {
|
|
145
145
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
146
|
-
|
|
146
|
+
account: sanitized_account_name,
|
|
147
147
|
return_to: session[:return_to]
|
|
148
148
|
),
|
|
149
|
-
has_storage_access_url:
|
|
149
|
+
has_storage_access_url: login_url_with_optional_account(top_level: true),
|
|
150
150
|
app_target_url: granted_storage_access_path(
|
|
151
|
-
|
|
151
|
+
account: sanitized_account_name,
|
|
152
152
|
return_to: session[:return_to]
|
|
153
153
|
),
|
|
154
154
|
current_duodealer_domain: current_duodealer_domain
|
|
@@ -8,7 +8,7 @@ module DuodealerApp
|
|
|
8
8
|
|
|
9
9
|
def receive
|
|
10
10
|
params.permit!
|
|
11
|
-
job_args = {
|
|
11
|
+
job_args = { account_domain: account_domain, webhook: webhook_params.to_h }
|
|
12
12
|
webhook_job_klass.perform_later(job_args)
|
|
13
13
|
head :no_content
|
|
14
14
|
end
|
|
@@ -15,28 +15,28 @@ module DuodealerApp
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def duodealer_session
|
|
18
|
-
return redirect_to_login unless
|
|
18
|
+
return redirect_to_login unless account_session
|
|
19
19
|
clear_top_level_oauth_cookie
|
|
20
20
|
|
|
21
21
|
begin
|
|
22
|
-
DuodealerAPI::Base.activate_session(
|
|
22
|
+
DuodealerAPI::Base.activate_session(account_session)
|
|
23
23
|
yield
|
|
24
24
|
ensure
|
|
25
25
|
DuodealerAPI::Base.clear_session
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def
|
|
29
|
+
def account_session
|
|
30
30
|
if DuodealerApp.configuration.per_user_tokens?
|
|
31
31
|
return unless session[:duodealer_user]
|
|
32
|
-
@
|
|
32
|
+
@account_session ||= DuodealerApp::SessionRepository.retrieve(session[:duodealer_user]["id"])
|
|
33
33
|
else
|
|
34
34
|
return unless session[:duodealer]
|
|
35
|
-
@
|
|
35
|
+
@account_session ||= DuodealerApp::SessionRepository.retrieve(session[:duodealer])
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
def
|
|
39
|
+
def login_again_if_different_user_or_account
|
|
40
40
|
if DuodealerApp.configuration.per_user_tokens?
|
|
41
41
|
valid_session_data = session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
|
|
42
42
|
sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
|
|
@@ -46,12 +46,12 @@ module DuodealerApp
|
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
if
|
|
49
|
+
if account_session && params[:account] && params[:account].is_a?(String) && (account_session.domain != params[:account])
|
|
50
50
|
clear_session = true
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
if clear_session
|
|
54
|
-
|
|
54
|
+
clear_account_session
|
|
55
55
|
redirect_to_login
|
|
56
56
|
end
|
|
57
57
|
end
|
|
@@ -70,23 +70,23 @@ module DuodealerApp
|
|
|
70
70
|
query = "#{referer.query}&#{sanitized_params.to_query}"
|
|
71
71
|
end
|
|
72
72
|
session[:return_to] = "#{path}?#{query}"
|
|
73
|
-
redirect_to(
|
|
73
|
+
redirect_to(login_url_with_optional_account)
|
|
74
74
|
end
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
def close_session
|
|
78
|
-
|
|
79
|
-
redirect_to(
|
|
78
|
+
clear_account_session
|
|
79
|
+
redirect_to(login_url_with_optional_account)
|
|
80
80
|
end
|
|
81
81
|
|
|
82
|
-
def
|
|
82
|
+
def clear_account_session
|
|
83
83
|
session[:duodealer] = nil
|
|
84
84
|
session[:duodealer_domain] = nil
|
|
85
85
|
session[:duodealer_user] = nil
|
|
86
86
|
session[:user_session] = nil
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
-
def
|
|
89
|
+
def login_url_with_optional_account(top_level: false)
|
|
90
90
|
url = DuodealerApp.configuration.login_url
|
|
91
91
|
|
|
92
92
|
query_params = login_url_params(top_level: top_level)
|
|
@@ -97,7 +97,7 @@ module DuodealerApp
|
|
|
97
97
|
|
|
98
98
|
def login_url_params(top_level:)
|
|
99
99
|
query_params = {}
|
|
100
|
-
query_params[:
|
|
100
|
+
query_params[:account] = sanitized_params[:account] if params[:account].present?
|
|
101
101
|
|
|
102
102
|
return_to = session[:return_to] || params[:return_to]
|
|
103
103
|
|
|
@@ -105,10 +105,10 @@ module DuodealerApp
|
|
|
105
105
|
query_params[:return_to] = return_to
|
|
106
106
|
end
|
|
107
107
|
|
|
108
|
-
|
|
108
|
+
has_referer_account_name = referer_sanitized_account_name.present?
|
|
109
109
|
|
|
110
|
-
if
|
|
111
|
-
query_params[:
|
|
110
|
+
if has_referer_account_name
|
|
111
|
+
query_params[:account] ||= referer_sanitized_account_name
|
|
112
112
|
end
|
|
113
113
|
|
|
114
114
|
query_params[:top_level] = true if top_level
|
|
@@ -116,7 +116,7 @@ module DuodealerApp
|
|
|
116
116
|
end
|
|
117
117
|
|
|
118
118
|
def return_to_param_required?
|
|
119
|
-
native_params = %i[
|
|
119
|
+
native_params = %i[account hmac timestamp locale protocol return_to]
|
|
120
120
|
request.path != "/" || sanitized_params.except(*native_params).any?
|
|
121
121
|
end
|
|
122
122
|
|
|
@@ -129,36 +129,36 @@ module DuodealerApp
|
|
|
129
129
|
end
|
|
130
130
|
|
|
131
131
|
def current_duodealer_domain
|
|
132
|
-
duodealer_domain =
|
|
132
|
+
duodealer_domain = sanitized_account_name || session[:duodealer_domain]
|
|
133
133
|
return duodealer_domain if duodealer_domain.present?
|
|
134
134
|
|
|
135
135
|
raise DuodealerDomainNotFound
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
-
def
|
|
139
|
-
@
|
|
138
|
+
def sanitized_account_name
|
|
139
|
+
@sanitized_account_name ||= sanitize_account_param(params)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
|
-
def
|
|
142
|
+
def referer_sanitized_account_name
|
|
143
143
|
return if request.referer.blank?
|
|
144
144
|
|
|
145
|
-
@
|
|
145
|
+
@referer_sanitized_account_name ||= begin
|
|
146
146
|
referer_uri = URI(request.referer)
|
|
147
147
|
query_params = Rack::Utils.parse_query(referer_uri.query)
|
|
148
148
|
|
|
149
|
-
|
|
149
|
+
sanitize_account_param(query_params.with_indifferent_access)
|
|
150
150
|
end
|
|
151
151
|
end
|
|
152
152
|
|
|
153
|
-
def
|
|
154
|
-
return if params[:
|
|
155
|
-
DuodealerApp::Utils.
|
|
153
|
+
def sanitize_account_param(params)
|
|
154
|
+
return if params[:account].blank?
|
|
155
|
+
DuodealerApp::Utils.sanitize_account_domain(params[:account])
|
|
156
156
|
end
|
|
157
157
|
|
|
158
158
|
def sanitized_params
|
|
159
159
|
request.query_parameters.clone.tap do |query_params|
|
|
160
|
-
if params[:
|
|
161
|
-
query_params[:
|
|
160
|
+
if params[:account].is_a?(String)
|
|
161
|
+
query_params[:account] = sanitize_account_param(params)
|
|
162
162
|
end
|
|
163
163
|
end
|
|
164
164
|
end
|
|
@@ -6,10 +6,10 @@ module DuodealerApp
|
|
|
6
6
|
DuodealerApp.configuration.scripttags_manager_queue_name
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
def perform(
|
|
9
|
+
def perform(account_domain:, account_token:, scripttags:)
|
|
10
10
|
api_version = DuodealerApp.configuration.api_version
|
|
11
|
-
DuodealerAPI::Session.temp(domain:
|
|
12
|
-
manager = ScripttagsManager.new(scripttags,
|
|
11
|
+
DuodealerAPI::Session.temp(domain: account_domain, token: account_token, api_version: api_version) do
|
|
12
|
+
manager = ScripttagsManager.new(scripttags, account_domain)
|
|
13
13
|
manager.create_scripttags
|
|
14
14
|
end
|
|
15
15
|
end
|
|
@@ -6,9 +6,9 @@ module DuodealerApp
|
|
|
6
6
|
DuodealerApp.configuration.webhooks_manager_queue_name
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
-
def perform(
|
|
9
|
+
def perform(account_domain:, account_token:, webhooks:)
|
|
10
10
|
api_version = DuodealerApp.configuration.api_version
|
|
11
|
-
DuodealerAPI::Session.temp(domain:
|
|
11
|
+
DuodealerAPI::Session.temp(domain: account_domain, token: account_token, api_version: api_version) do
|
|
12
12
|
manager = WebhooksManager.new(webhooks)
|
|
13
13
|
manager.create_webhooks
|
|
14
14
|
end
|