forest_liana 8.0.14 → 8.0.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/forest_liana/application_controller.rb +1 -0
- data/app/controllers/forest_liana/authentication_controller.rb +17 -0
- data/app/services/forest_liana/ability/fetch.rb +5 -13
- data/app/services/forest_liana/ability/permission.rb +1 -1
- data/app/services/forest_liana/authentication.rb +0 -2
- data/config/initializers/errors.rb +11 -0
- data/lib/forest_liana/version.rb +1 -1
- data/spec/requests/authentications_spec.rb +55 -33
- data/spec/services/forest_liana/ability/permission_spec.rb +11 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d66f322c9f51d6beebaa2eb338b8f568f7d12bc781d71c4b47a8c2c3e6503c73
|
|
4
|
+
data.tar.gz: 37db17c392bac96b35c43595c03ef702e840ae40e420538151d36edc2a347c68
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9466f6b82dc0ffbfae007bfc0024e5b831172dacdffcf00e51c58a8ca2333dbbefb165227a3d36b704954b1cdb75ecdfb9a5f2605840572220e612226e6cb39d
|
|
7
|
+
data.tar.gz: 5c313811aead7c0617d1e5d5d9c424f66e56b0482a46dc8354a1714b59f61490a728cc1cacb9224553110b0577b68712ba62366e8b214d6c7bddb2daffde4c7d
|
|
@@ -4,6 +4,7 @@ require 'csv'
|
|
|
4
4
|
module ForestLiana
|
|
5
5
|
class ApplicationController < ForestLiana::BaseController
|
|
6
6
|
rescue_from ForestLiana::Ability::Exceptions::AccessDenied, with: :render_error
|
|
7
|
+
rescue_from ForestLiana::Errors::HTTP403Error, with: :render_error
|
|
7
8
|
rescue_from ForestLiana::Errors::HTTP422Error, with: :render_error
|
|
8
9
|
|
|
9
10
|
def self.papertrail?
|
|
@@ -39,6 +39,8 @@ module ForestLiana
|
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
def authentication_callback
|
|
42
|
+
return authentication_exception if params.key?(:error)
|
|
43
|
+
|
|
42
44
|
begin
|
|
43
45
|
token = @authentication_service.verify_code_and_generate_token(params)
|
|
44
46
|
|
|
@@ -55,6 +57,21 @@ module ForestLiana
|
|
|
55
57
|
end
|
|
56
58
|
end
|
|
57
59
|
|
|
60
|
+
def authentication_exception
|
|
61
|
+
begin
|
|
62
|
+
raise ForestLiana::Errors::AuthenticationOpenIdClientException.new(params[:error], params[:error_description], params[:state])
|
|
63
|
+
rescue => error
|
|
64
|
+
FOREST_REPORTER.report error
|
|
65
|
+
FOREST_LOGGER.error "AuthenticationOpenIdClientException: #{error.error_description}"
|
|
66
|
+
|
|
67
|
+
render json: {
|
|
68
|
+
error: error.error,
|
|
69
|
+
error_description: error.error_description,
|
|
70
|
+
state: error.state
|
|
71
|
+
}, status: :unauthorized
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
|
|
58
75
|
def logout
|
|
59
76
|
begin
|
|
60
77
|
if cookies.has_key?(:forest_session_token)
|
|
@@ -2,20 +2,12 @@ module ForestLiana
|
|
|
2
2
|
module Ability
|
|
3
3
|
module Fetch
|
|
4
4
|
def get_permissions(route)
|
|
5
|
-
|
|
6
|
-
response = ForestLiana::ForestApiRequester.get(route)
|
|
5
|
+
response = ForestLiana::ForestApiRequester.get(route)
|
|
7
6
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
end
|
|
13
|
-
rescue => exception
|
|
14
|
-
FOREST_REPORTER.report exception
|
|
15
|
-
FOREST_LOGGER.error 'Cannot retrieve the permissions from the Forest server.'
|
|
16
|
-
FOREST_LOGGER.error 'Which was caused by:'
|
|
17
|
-
ForestLiana::Errors::ExceptionHelper.recursively_print(exception, margin: ' ', is_error: true)
|
|
18
|
-
nil
|
|
7
|
+
if response.is_a?(Net::HTTPOK)
|
|
8
|
+
JSON.parse(response.body)
|
|
9
|
+
else
|
|
10
|
+
raise ForestLiana::Errors::HTTP403Error.new("Permission could not be retrieved")
|
|
19
11
|
end
|
|
20
12
|
end
|
|
21
13
|
end
|
|
@@ -6,7 +6,7 @@ module ForestLiana
|
|
|
6
6
|
module Permission
|
|
7
7
|
include Fetch
|
|
8
8
|
|
|
9
|
-
TTL = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] ||
|
|
9
|
+
TTL = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 900).to_i.second
|
|
10
10
|
|
|
11
11
|
def is_crud_authorized?(action, user, collection)
|
|
12
12
|
return true unless has_permission_system?
|
|
@@ -30,6 +30,17 @@ module ForestLiana
|
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
class AuthenticationOpenIdClientException < StandardError
|
|
34
|
+
attr_reader :error, :error_description, :state
|
|
35
|
+
|
|
36
|
+
def initialize(error, error_description, state)
|
|
37
|
+
super(error_description)
|
|
38
|
+
@error = error
|
|
39
|
+
@error_description = error_description
|
|
40
|
+
@state = state
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
33
44
|
class ExpectedError < StandardError
|
|
34
45
|
attr_reader :error_code, :status, :message, :name
|
|
35
46
|
|
data/lib/forest_liana/version.rb
CHANGED
|
@@ -44,44 +44,66 @@ describe "Authentications", type: :request do
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
describe "GET /authentication/callback" do
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
get ForestLiana::Engine.routes.url_helpers.authentication_callback_path + "?code=THE-CODE&state=#{CGI::escape('{"renderingId":42}')}"
|
|
56
|
-
end
|
|
47
|
+
context 'when the response is a 200' do
|
|
48
|
+
before() do
|
|
49
|
+
response = '{"data":{"id":666,"attributes":{"first_name":"Alice","last_name":"Doe","email":"alice@forestadmin.com","teams":[1,2,3],"role":"Test","tags":[{"key":"city","value":"Paris"}]}}}'
|
|
50
|
+
allow(ForestLiana::ForestApiRequester).to receive(:get).with(
|
|
51
|
+
"/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query => {} }
|
|
52
|
+
).and_return(
|
|
53
|
+
instance_double(HTTParty::Response, :body => response, :code => 200)
|
|
54
|
+
)
|
|
57
55
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
end
|
|
56
|
+
get ForestLiana::Engine.routes.url_helpers.authentication_callback_path + "?code=THE-CODE&state=#{CGI::escape('{"renderingId":42}')}"
|
|
57
|
+
end
|
|
61
58
|
|
|
62
|
-
|
|
63
|
-
|
|
59
|
+
it "should respond with a 200 code" do
|
|
60
|
+
expect(response).to have_http_status(200)
|
|
61
|
+
end
|
|
64
62
|
|
|
65
|
-
|
|
66
|
-
|
|
63
|
+
it "should return a valid authentication token" do
|
|
64
|
+
body = JSON.parse(response.body, :symbolize_names => true);
|
|
67
65
|
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
"email" => 'alice@forestadmin.com',
|
|
71
|
-
"rendering_id" => "42",
|
|
72
|
-
"first_name" => 'Alice',
|
|
73
|
-
"last_name" => 'Doe',
|
|
74
|
-
"team" => 1,
|
|
75
|
-
"role" => "Test",
|
|
76
|
-
}
|
|
66
|
+
token = body[:token]
|
|
67
|
+
decoded = JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
|
|
77
68
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
69
|
+
expected_token_data = {
|
|
70
|
+
"id" => 666,
|
|
71
|
+
"email" => 'alice@forestadmin.com',
|
|
72
|
+
"rendering_id" => "42",
|
|
73
|
+
"first_name" => 'Alice',
|
|
74
|
+
"last_name" => 'Doe',
|
|
75
|
+
"team" => 1,
|
|
76
|
+
"role" => "Test",
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
expect(decoded).to include(expected_token_data)
|
|
80
|
+
tags = decoded['tags']
|
|
81
|
+
expect(tags.length).to eq(1)
|
|
82
|
+
expect(tags[0]['key']).to eq("city")
|
|
83
|
+
expect(tags[0]['value']).to eq("Paris")
|
|
84
|
+
expect(body).to eq({ token: token, tokenData: decoded.deep_symbolize_keys! })
|
|
85
|
+
expect(response).to have_http_status(200)
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
context 'when the response is not a 200' do
|
|
90
|
+
before() do
|
|
91
|
+
get ForestLiana::Engine.routes.url_helpers.authentication_callback_path,
|
|
92
|
+
params: {
|
|
93
|
+
error: 'TrialBlockedError',
|
|
94
|
+
error_description: 'Your free trial has ended. We hope you enjoyed your experience with Forest Admin.',
|
|
95
|
+
state: '{"renderingId":100}'
|
|
96
|
+
},
|
|
97
|
+
headers: {
|
|
98
|
+
'Accept' => 'application/json',
|
|
99
|
+
'Content-Type' => 'application/json',
|
|
100
|
+
}
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
it "should respond with a 401 code" do
|
|
104
|
+
expect(response).to have_http_status(401)
|
|
105
|
+
expect(response.body).to eq('{"error":"TrialBlockedError","error_description":"Your free trial has ended. We hope you enjoyed your experience with Forest Admin.","state":"{\"renderingId\":100}"}')
|
|
106
|
+
end
|
|
85
107
|
end
|
|
86
108
|
end
|
|
87
109
|
|
|
@@ -327,6 +327,17 @@ module ForestLiana
|
|
|
327
327
|
expect {dummy_class.is_smart_action_authorized?(user, String, parameters, '/forest/actions/my_action', 'POST')}.to raise_error(ForestLiana::Errors::ExpectedError, 'The collection String doesn\'t exist')
|
|
328
328
|
end
|
|
329
329
|
end
|
|
330
|
+
|
|
331
|
+
describe 'when the server doesn\'t return an success response' do
|
|
332
|
+
before do
|
|
333
|
+
Rails.cache.clear
|
|
334
|
+
end
|
|
335
|
+
|
|
336
|
+
it 'should return an exception' do
|
|
337
|
+
allow(ForestLiana::ForestApiRequester).to receive(:get).and_return(instance_double(HTTParty::Response, code: 500, body: nil))
|
|
338
|
+
expect { dummy_class.is_crud_authorized?('browse', user, Island.first) }.to raise_error(ForestLiana::Errors::HTTP403Error, 'Permission could not be retrieved')
|
|
339
|
+
end
|
|
340
|
+
end
|
|
330
341
|
end
|
|
331
342
|
end
|
|
332
343
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: forest_liana
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.0.
|
|
4
|
+
version: 8.0.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sandro Munda
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|