forest_liana 5.3.2 → 6.0.0.pre.beta.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ec0228713b3a5f0f943dcd9901d9d866ce2d5df36b452faaa8f163aed2b17aa
-  data.tar.gz: 152af3bfde151e934042b8629c28c77a1fe1ea0a648fd41857fec5cbe9179e03
+  metadata.gz: 3ea2912357a0fabb3b4c6527d848f9b728d2394c83155cd77314e54f66c1d8e2
+  data.tar.gz: 69863c89f2668cb142f54ddc5a9fcc1c473417cef56fc307765e53a686572bd3
 SHA512:
-  metadata.gz: 7062153dfd912d67d91893d27d89d48f7aeba6a1de21ab442a91e1dc51d0f30369c406b700ed7b9f25fd4d69039172a118894af96f29be713e90543eadb66a18
-  data.tar.gz: 40ed811e8dda8166ee0573377f195ba4e8ee70c2446ffcaad8c4901bf372e0442ae419252fb30e4242f65231433b3e9b7afbedb587c297dfe445c72bfdf237b3
+  metadata.gz: 11e36ad5a50676182d85029fe634e2874328c537bff2679e5a99661393e5d23c84fa3e30c165c376c06c0e8bc013beffc8d0b2497408276322a0811de8fbf222
+  data.tar.gz: 3bb4aec7204cced667652ac92f1aef9e4897d282a578408603c2fd98b7b37079565ea39d58ef1d26ee4f62af545c41bd2e56666df4d0335f7b53a455c705f17a

data/app/controllers/forest_liana/actions_controller.rb

@@ -53,7 +53,14 @@ module ForestLiana
       end
 
       # Apply result on fields (transform the object back to an array), preserve order.
-      fields = action.fields.map { |field| result[field[:field]] }
+      fields = action.fields.map do |field|
+        updated_field = result[field[:field]]
+        # Reset `value` when not present in `enums` (which means `enums` has changed).
+        if updated_field[:enums].is_a?(Array) && !updated_field[:enums].include?(updated_field[:value])
+          updated_field[:value] = nil
+        end
+        updated_field
+      end
 
       render serializer: nil, json: { fields: fields}, status: :ok
     end

data/app/controllers/forest_liana/application_controller.rb

@@ -3,8 +3,6 @@ require 'csv'
 
 module ForestLiana
   class ApplicationController < ForestLiana::BaseController
-    REGEX_COOKIE_SESSION_TOKEN = /forest_session_token=([^;]*)/;
-
     def self.papertrail?
       Object.const_get('PaperTrail::Version').is_a?(Class) rescue false
     end
@@ -64,7 +62,7 @@ module ForestLiana
             token = request.headers['Authorization'].split.second
           # NOTICE: Necessary for downloads authentication.
           elsif request.headers['cookie']
-            match = REGEX_COOKIE_SESSION_TOKEN.match(request.headers['cookie'])
+            match = ForestLiana::Token::REGEX_COOKIE_SESSION_TOKEN.match(request.headers['cookie'])
             token = match[1] if match && match[1]
           end
 
@@ -97,10 +95,6 @@ module ForestLiana
       end
     end
 
-    def route_not_found
-      head :not_found
-    end
-
     def internal_server_error
       head :internal_server_error
     end

data/app/controllers/forest_liana/authentication_controller.rb

@@ -0,0 +1,122 @@
+require 'uri'
+require 'json'
+
+module ForestLiana
+  class AuthenticationController < ForestLiana::BaseController
+    START_AUTHENTICATION_ROUTE = 'authentication'
+    CALLBACK_AUTHENTICATION_ROUTE = 'authentication/callback'
+    LOGOUT_ROUTE = 'authentication/logout';
+    PUBLIC_ROUTES = [
+      "/#{START_AUTHENTICATION_ROUTE}",
+      "/#{CALLBACK_AUTHENTICATION_ROUTE}",
+      "/#{LOGOUT_ROUTE}",
+    ]
+
+    def initialize
+      @authentication_service = ForestLiana::Authentication.new()
+    end
+  
+    def get_callback_url
+        URI.join(ForestLiana.application_url, "/forest/#{CALLBACK_AUTHENTICATION_ROUTE}").to_s
+    rescue => error
+      raise "application_url is not valid or not defined" if error.is_a?(ArgumentError)
+    end
+
+    def get_and_check_rendering_id
+      if !params.has_key?('renderingId')
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:MISSING_RENDERING_ID]
+      end
+
+      rendering_id = params[:renderingId]
+      
+      if !(rendering_id.instance_of?(String) || rendering_id.instance_of?(Numeric)) || (rendering_id.instance_of?(Numeric) && rendering_id.nan?)
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_RENDERING_ID]
+      end
+
+      return rendering_id.to_i
+    end
+
+    def start_authentication 
+      begin
+        rendering_id = get_and_check_rendering_id()
+        callback_url = get_callback_url()
+
+        result = @authentication_service.start_authentication(
+          callback_url,
+          { 'renderingId' => rendering_id },
+        )
+
+        redirect_to(result['authorization_url'])
+      rescue => error
+        render json: { errors: [{ status: 500, detail: error.message }] },
+          status: :internal_server_error, serializer: nil
+      end
+    end
+
+    def authentication_callback
+      begin
+        callback_url = get_callback_url()
+
+        token = @authentication_service.verify_code_and_generate_token(
+          callback_url,
+          params,
+        )
+    
+        response.set_cookie(
+          'forest_session_token',
+          {
+            value: token,
+            httponly: true,
+            secure: true,
+            expires: ForestLiana::Token.expiration_in_days,
+            samesite: 'none',
+            path: '/'
+          },
+        )
+
+        response_body = {
+          tokenData: JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
+        }
+
+        # The token is sent decoded, because we don't want to share the whole, signed token
+        # that is used to authenticate people
+        # but the token itself contains interesting values, such as its expiration date
+        response_body[:token] = token if !ForestLiana.application_url.start_with?('https://')
+
+        render json: response_body, status: 200
+
+      rescue => error
+        render json: { errors: [{ status: 500, detail: error.message }] },
+          status: :internal_server_error, serializer: nil
+      end
+    end
+
+    def logout
+      begin
+        if cookies.has_key?(:forest_session_token)
+          forest_session_token = cookies[:forest_session_token]
+          
+          if forest_session_token
+            response.set_cookie(
+              'forest_session_token',
+              {
+                value: forest_session_token,
+                httponly: true,
+                secure: true,
+                expires: Time.at(0),
+                samesite: 'none',
+                path: '/'
+              },
+            )
+          end
+        end
+
+        render json: {}, status: 204
+      rescue => error
+        render json: { errors: [{ status: 500, detail: error.message }] },
+        status: :internal_server_error, serializer: nil
+      end
+    end
+
+  end
+end

data/app/controllers/forest_liana/base_controller.rb

@@ -4,6 +4,10 @@ module ForestLiana
     wrap_parameters false
     before_action :reject_unauthorized_ip
 
+    def route_not_found
+      head :not_found
+    end
+
     private
 
     def reject_unauthorized_ip

data/app/controllers/forest_liana/resources_controller.rb

@@ -16,18 +16,15 @@ module ForestLiana
     def index
       begin
         if request.format == 'csv'
-          checker = ForestLiana::PermissionsChecker.new(@resource, 'export', @rendering_id)
-          return head :forbidden unless checker.is_authorized?
-        elsif params.has_key?(:searchToEdit)
-          checker = ForestLiana::PermissionsChecker.new(@resource, 'searchToEdit', @rendering_id)
+          checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user_id: forest_user['id'])
           return head :forbidden unless checker.is_authorized?
         else
           checker = ForestLiana::PermissionsChecker.new(
             @resource,
-            'list',
+            'browseEnabled',
             @rendering_id,
-            nil,
-            get_collection_list_permission_info(forest_user, request)
+            user_id: forest_user['id'],
+            collection_list_parameters: get_collection_list_permission_info(forest_user, request)
           )
           return head :forbidden unless checker.is_authorized?
         end
@@ -59,10 +56,10 @@ module ForestLiana
       begin
         checker = ForestLiana::PermissionsChecker.new(
           @resource,
-          'list',
+          'browseEnabled',
           @rendering_id,
-          nil,
-          get_collection_list_permission_info(forest_user, request)
+          user_id: forest_user['id'],
+          collection_list_parameters: get_collection_list_permission_info(forest_user, request)
         )
         return head :forbidden unless checker.is_authorized?
 
@@ -89,7 +86,7 @@ module ForestLiana
 
     def show
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'show', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
 
         getter = ForestLiana::ResourceGetter.new(@resource, params)
@@ -104,7 +101,7 @@ module ForestLiana
 
     def create
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'create', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
 
         creator = ForestLiana::ResourceCreator.new(@resource, params)
@@ -127,7 +124,7 @@ module ForestLiana
 
     def update
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'update', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
 
         updater = ForestLiana::ResourceUpdater.new(@resource, params)
@@ -149,7 +146,7 @@ module ForestLiana
     end
 
     def destroy
-      checker = ForestLiana::PermissionsChecker.new(@resource, 'delete', @rendering_id)
+      checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
       return head :forbidden unless checker.is_authorized?
 
       @resource.destroy(params[:id]) if @resource.exists?(params[:id])
@@ -161,7 +158,7 @@ module ForestLiana
     end
 
     def destroy_bulk
-      checker = ForestLiana::PermissionsChecker.new(@resource, 'delete', @rendering_id)
+      checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
       return head :forbidden unless checker.is_authorized?
 
       ids = ForestLiana::ResourcesGetter.get_ids_from_request(params)
@@ -245,8 +242,8 @@ module ForestLiana
       @collection ||= ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
     end
 
-    # NOTICE: Return a formatted object containing the request condition filters and 
-    #         the user id used by the scope validator class to validate if scope is 
+    # NOTICE: Return a formatted object containing the request condition filters and
+    #         the user id used by the scope validator class to validate if scope is
     #         in request
     def get_collection_list_permission_info(user, collection_list_request)
       {

data/app/controllers/forest_liana/router.rb

@@ -7,7 +7,7 @@ class ForestLiana::Router
     if resource.nil?
       FOREST_LOGGER.error "Routing error: Resource not found for collection #{collection_name}."
       FOREST_LOGGER.error "If this is a Smart Collection, please ensure your Smart Collection routes are defined before the mounted ForestLiana::Engine?"
-      ForestLiana::ApplicationController.action(:route_not_found).call(env)
+      ForestLiana::BaseController.action(:route_not_found).call(env)
     else
       begin
         component_prefix = ForestLiana.component_prefix(resource)
@@ -40,7 +40,7 @@ class ForestLiana::Router
         controller.action(action.to_sym).call(env)
       rescue NoMethodError => exception
         FOREST_LOGGER.error "Routing error: #{exception}\n#{exception.backtrace.join("\n\t")}"
-        ForestLiana::ApplicationController.action(:route_not_found).call(env)
+        ForestLiana::BaseController.action(:route_not_found).call(env)
       end
     end
   end

data/app/controllers/forest_liana/sessions_controller.rb

@@ -85,7 +85,7 @@ module ForestLiana
         # NOTICE: Set a cookie to ensure secure authentication using export feature.
         # NOTICE: The token is empty at first authentication step if the 2FA option is active.
         if reponse_data[:token]
-          response.set_cookie("forest_session_token", { value: reponse_data[:token], expires: (Time.current + 14.days) })
+          response.set_cookie("forest_session_token", { value: reponse_data[:token], expires: (ForestLiana::Token.expiration_in_days) })
         end
 
         render(json: reponse_data, serializer: nil)

data/app/controllers/forest_liana/smart_actions_controller.rb

@@ -19,14 +19,15 @@ module ForestLiana
 
     def check_permission_for_smart_route
       begin
-        
+
         smart_action_request = get_smart_action_request
         if !smart_action_request.nil? && smart_action_request.has_key?(:smart_action_id)
           checker = ForestLiana::PermissionsChecker.new(
             find_resource(smart_action_request[:collection_name]),
             'actions',
             @rendering_id,
-            get_smart_action_permission_info(forest_user, smart_action_request)
+            user_id: forest_user['id'],
+            smart_action_request_info: get_smart_action_request_info
           )
           return head :forbidden unless checker.is_authorized?
         else
@@ -54,10 +55,14 @@ module ForestLiana
       end
     end
 
-    def get_smart_action_permission_info(user, smart_action_request)
+    # smart action permissions are retrieved from the action's endpoint and http_method
+    def get_smart_action_request_info
+      endpoint = request.fullpath
+      # Trim starting '/'
+      endpoint[0] = '' if endpoint[0] == '/'
       {
-        user_id: user['id'],
-        action_id: smart_action_request[:smart_action_id],
+        endpoint: endpoint,
+        http_method: request.request_method
       }
     end
   end

data/app/controllers/forest_liana/stats_controller.rb

@@ -6,11 +6,11 @@ module ForestLiana
       before_action :find_resource, except: [:get_with_live_query]
     end
 
-    CHART_TYPE_VALUE = 'Value';
-    CHART_TYPE_PIE = 'Pie';
-    CHART_TYPE_LINE = 'Line';
-    CHART_TYPE_LEADERBOARD = 'Leaderboard';
-    CHART_TYPE_OBJECTIVE = 'Objective';
+    CHART_TYPE_VALUE = 'Value'
+    CHART_TYPE_PIE = 'Pie'
+    CHART_TYPE_LINE = 'Line'
+    CHART_TYPE_LEADERBOARD = 'Leaderboard'
+    CHART_TYPE_OBJECTIVE = 'Objective'
 
     def get
       case params[:type]

data/app/helpers/forest_liana/adapter_helper.rb

@@ -10,7 +10,7 @@ module ForestLiana
 
     def self.cast_boolean(value)
       if ['MySQL', 'SQLite'].include?(ActiveRecord::Base.connection.adapter_name)
-        value === 'true' ? 1 : 0;
+        value === 'true' ? 1 : 0
       else
         value
       end

data/app/serializers/forest_liana/schema_serializer.rb

@@ -52,7 +52,7 @@ class ForestLiana::SchemaSerializer
           @included << format_child_content('segments', segment_id, segment)
         end
       else
-        collection_serialized[:attributes][attribute.to_sym] = value;
+        collection_serialized[:attributes][attribute.to_sym] = value
       end
     end
 
@@ -75,7 +75,7 @@ class ForestLiana::SchemaSerializer
     }
 
     object.each do |attribute, value|
-      child_serialized[:attributes][attribute.to_sym] = value;
+      child_serialized[:attributes][attribute.to_sym] = value
     end
 
     child_serialized

data/app/services/forest_liana/apimap_sorter.rb

@@ -61,7 +61,7 @@ module ForestLiana
     def perform
       begin
         @apimap = reorder_keys_basic(@apimap)
-        sort_array_of_objects(@apimap['data']);
+        sort_array_of_objects(@apimap['data'])
         @apimap['data'].map! do |collection|
           collection = reorder_keys_child(collection)
           collection['attributes'] = reorder_collection_attributes(collection['attributes'])

data/app/services/forest_liana/authentication.rb

@@ -0,0 +1,59 @@
+module ForestLiana
+  class Authentication
+    def start_authentication(redirect_url, state)
+      client = ForestLiana::OidcClientManager.get_client_for_callback_url(redirect_url)
+
+      authorization_url = client.authorization_uri({
+        scope: 'openid email profile',
+        state: state.to_s,
+      })
+  
+      { 'authorization_url' => authorization_url }
+    end
+
+    def verify_code_and_generate_token(redirect_url, params) 
+      client = ForestLiana::OidcClientManager.get_client_for_callback_url(redirect_url)
+
+      rendering_id = parse_state(params['state'])
+      client.authorization_code = params['code']
+
+      if Rails.env.development? || Rails.env.test?
+        OpenIDConnect.http_config do |config|
+          config.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
+      end
+      access_token_instance = client.access_token! 'none'
+
+      user = ForestLiana::AuthorizationGetter.authenticate(
+        rendering_id,
+        true,
+        { :forest_token => access_token_instance.instance_variable_get(:@access_token) },
+        nil,
+      )
+
+      return ForestLiana::Token.create_token(user, rendering_id)
+    end
+
+    private
+    def parse_state(state)
+      unless state
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_STATE_MISSING]
+      end
+
+      rendering_id = nil
+
+      begin
+        parsed_state = JSON.parse(state.gsub("'",'"').gsub('=>',':'))
+        rendering_id = parsed_state["renderingId"].to_s
+      rescue
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_STATE_FORMAT]
+      end
+
+      if rendering_id.nil?
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_STATE_RENDERING_ID]
+      end
+
+      return rendering_id
+    end
+  end
+end