haveapi 0.19.3 → 0.21.0

data/lib/haveapi/actions/default.rb

@@ -7,7 +7,7 @@ module HaveAPI
       class Index < Action
         route ''
         http_method :get
-        aliases %i(list)
+        aliases %i[list]
 
         meta(:global) do
           input do
@@ -26,32 +26,30 @@ module HaveAPI
         end
 
         # Return the total count of items.
-        def count
-
-        end
+        def count; end
       end
 
       class Create < Action
         route ''
         http_method :post
-        aliases %i(new)
+        aliases %i[new]
       end
 
       class Show < Action
-        route ->(r){ r.singular ? '' : '{%{resource}_id}' }
+        route ->(r) { r.singular ? '' : '{%{resource}_id}' }
         http_method :get
-        aliases %i(find)
+        aliases %i[find]
       end
 
       class Update < Action
-        route ->(r){ r.singular ? '' : '{%{resource}_id}' }
+        route ->(r) { r.singular ? '' : '{%{resource}_id}' }
         http_method :put
       end
 
       class Delete < Action
-        route ->(r){ r.singular ? '' : '{%{resource}_id}' }
+        route ->(r) { r.singular ? '' : '{%{resource}_id}' }
         http_method :delete
-        aliases %i(destroy)
+        aliases %i[destroy]
       end
     end
   end

data/lib/haveapi/api.rb

@@ -1,6 +1,7 @@
 module HaveAPI
   # Return a list of all resources or yield them if block is given.
-  def self.resources(module_name) # yields: resource
+  # @yieldparam [Resource] resource
+  def self.resources(module_name)
     ret = []
 
     module_name.constants.select do |c|

data/lib/haveapi/authentication/base.rb

@@ -14,6 +14,7 @@ module HaveAPI
       end
 
       def self.inherited(subclass)
+        super
         subclass.send(:instance_variable_set, '@auth_method', @auth_method)
       end
 
@@ -30,8 +31,7 @@ module HaveAPI
       # Register custom path handlers in sinatra
       # @param sinatra [Sinatra::Base]
       # @param prefix [String]
-      def register_routes(sinatra, prefix)
-      end
+      def register_routes(sinatra, prefix); end
 
       # @return [Module, nil]
       def resource_module
@@ -40,9 +40,7 @@ module HaveAPI
 
       # Reimplement this method in your authentication provider.
       # `request` is passed directly from Sinatra.
-      def authenticate(request)
-
-      end
+      def authenticate(request); end
 
       # Reimplement to describe provider.
       def describe
@@ -50,10 +48,9 @@ module HaveAPI
       end
 
       protected
-      # Called during API mount.
-      def setup
 
-      end
+      # Called during API mount.
+      def setup; end
 
       # Immediately return from authentication chain.
       # User is not allowed to authenticate.

data/lib/haveapi/authentication/basic/provider.rb

@@ -36,17 +36,16 @@ module HaveAPI::Authentication
 
       def describe
         {
-          description: "Authentication using HTTP basic. Username and password is passed "+
-                       "via HTTP header. Its use is forbidden from web browsers."
+          description: 'Authentication using HTTP basic. Username and password is passed ' \
+                       'via HTTP header. Its use is forbidden from web browsers.'
         }
       end
 
       protected
+
       # Reimplement this method. It has to return an authenticated
       # user or nil.
-      def find_user(request, username, password)
-
-      end
+      def find_user(request, username, password); end
     end
   end
 end

data/lib/haveapi/authentication/chain.rb

@@ -15,10 +15,10 @@ module HaveAPI::Authentication
         @chain[v] && @chain[v].each { |p| register_provider(v, p) }
       end
 
-      if @chain[:all]
-        @chain[:all].each do |p|
-          @instances.each_key { |v| register_provider(v, p) }
-        end
+      return unless @chain[:all]
+
+      @chain[:all].each do |p|
+        @instances.each_key { |v| register_provider(v, p) }
       end
 
       # @chain.each do |p|
@@ -56,12 +56,12 @@ module HaveAPI::Authentication
       @instances[context.version].each do |provider|
         ret[provider.name] = provider.describe
 
-        if provider.resource_module
-          ret[provider.name][:resources] = {}
+        next unless provider.resource_module
+
+        ret[provider.name][:resources] = {}
 
-          @server.routes[context.version][:authentication][provider.name][:resources].each do |r, children|
-            ret[provider.name][:resources][r.resource_name.underscore.to_sym] = r.describe(children, context)
-          end
+        @server.routes[context.version][:authentication][provider.name][:resources].each do |r, children|
+          ret[provider.name][:resources][r.resource_name.underscore.to_sym] = r.describe(children, context)
         end
       end
 
@@ -95,20 +95,22 @@ module HaveAPI::Authentication
     end
 
     protected
+
     def register_provider(v, p)
       instance = p.new(@server, v)
       @instances[v] << instance
 
       @server.add_auth_routes(v, instance, prefix: instance.name.to_s)
 
-      if resource_module = instance.resource_module
-        @server.add_auth_module(
-          v,
-          instance.name,
-          resource_module,
-          prefix: instance.name.to_s,
-        )
-      end
+      resource_module = instance.resource_module
+      return if resource_module.nil?
+
+      @server.add_auth_module(
+        v,
+        instance.name,
+        resource_module,
+        prefix: instance.name.to_s
+      )
     end
   end
 end

data/lib/haveapi/authentication/oauth2/config.rb

@@ -28,9 +28,7 @@ module HaveAPI::Authentication
       # @param oauth2_response [Rack::OAuth2::Server::Authorize::Response]
       # @param client [Client]
       # @return [AuthResult, nil]
-      def handle_get_authorize(sinatra_handler:, sinatra_request:, sinatra_params:, oauth2_request:, oauth2_response:, client:)
-
-      end
+      def handle_get_authorize(sinatra_handler:, sinatra_request:, sinatra_params:, oauth2_request:, oauth2_response:, client:); end
 
       # Handle POST authorize requests
       #
@@ -48,9 +46,7 @@ module HaveAPI::Authentication
       # @param oauth2_response [Rack::OAuth2::Server::Authorize::Response]
       # @param client [Client]
       # @return [AuthResult, nil]
-      def handle_post_authorize(sinatra_handler:, sinatra_request:, sinatra_params:, oauth2_request:, oauth2_response:, client:)
-
-      end
+      def handle_post_authorize(sinatra_handler:, sinatra_request:, sinatra_params:, oauth2_request:, oauth2_response:, client:); end
 
       # Get oauth2 authorization code
       #
@@ -60,9 +56,7 @@ module HaveAPI::Authentication
       #
       # @param auth_res [AuthResult] value returned by {#handle_post_authorize}
       # @return [String]
-      def get_authorization_code(auth_res)
-
-      end
+      def get_authorization_code(auth_res); end
 
       # Get access token, its expiration date and optionally a refresh token
       #
@@ -73,9 +67,7 @@ module HaveAPI::Authentication
       # @param authorization [Authorization]
       # @param sinatra_request [Sinatra::Request]
       # @return [Array] access token, expiration date and optional refresh token
-      def get_tokens(authorization, sinatra_request)
-
-      end
+      def get_tokens(authorization, sinatra_request); end
 
       # Refresh access token and optionally generate new refresh token
       #
@@ -85,9 +77,7 @@ module HaveAPI::Authentication
       # @param authorization [Authorization]
       # @param sinatra_request [Sinatra::Request]
       # @return [Array] access token, expiration date and optional refresh token
-      def refresh_tokens(authorization, sinatra_request)
-
-      end
+      def refresh_tokens(authorization, sinatra_request); end
 
       # Revoke access or refresh token
       #
@@ -98,40 +88,30 @@ module HaveAPI::Authentication
       # @param token [String]
       # @param token_type_hint [nil, 'access_token', 'refresh_token']
       # @return [:revoked, :unsupported]
-      def handle_post_revoke(sinatra_request, token, token_type_hint: nil)
-
-      end
+      def handle_post_revoke(sinatra_request, token, token_type_hint: nil); end
 
       # Find client by ID
       # @param client_id [String]
       # @return [Client, nil]
-      def find_client_by_id(client_id)
-
-      end
+      def find_client_by_id(client_id); end
 
       # Find authorization by code
       # @param client [Client]
       # @param code [String]
       # @return [Authorization, nil]
-      def find_authorization_by_code(client, code)
-
-      end
+      def find_authorization_by_code(client, code); end
 
       # Find authorization by refresh token
       # @param client [Client]
       # @param refresh_token [String]
       # @return [Authorization, nil]
-      def find_authorization_by_refresh_token(client, refresh_token)
-
-      end
+      def find_authorization_by_refresh_token(client, refresh_token); end
 
       # Find user by the bearer token sent in HTTP header or as a query parameter
       # @param sinatra_request [Sinatra::Request]
       # @param access_token [String]
       # @return [Object, nil] user
-      def find_user_by_access_token(request, access_token)
-
-      end
+      def find_user_by_access_token(request, access_token); end
 
       # Base URL of the authorization server, including protocol
       #
@@ -173,13 +153,13 @@ module HaveAPI::Authentication
           response_type: req.response_type,
           redirect_uri: req.redirect_uri,
           scope: req.scope.join(' '),
-          state: req.state,
+          state: req.state
         }
 
         if req.code_challenge.present? && req.code_challenge_method.present?
           ret.update(
             code_challenge: req.code_challenge,
-            code_challenge_method: req.code_challenge_method,
+            code_challenge_method: req.code_challenge_method
           )
         end
 

data/lib/haveapi/authentication/oauth2/provider.rb

@@ -116,7 +116,7 @@ module HaveAPI::Authentication
         tokens = [
           request['access_token'],
           token_from_authorization_header(request),
-          token_from_haveapi_header(request),
+          token_from_haveapi_header(request)
         ].compact
 
         token =
@@ -126,7 +126,7 @@ module HaveAPI::Authentication
           when 1
             tokens.first
           else
-            fail 'Too many oauth2 tokens'
+            raise 'Too many oauth2 tokens'
           end
 
         token && config.find_user_by_access_token(request, token)
@@ -135,11 +135,9 @@ module HaveAPI::Authentication
       def token_from_authorization_header(request)
         auth_header = Rack::Auth::AbstractRequest.new(request.env)
 
-        if auth_header.provided? && !auth_header.parts.first.nil? && auth_header.scheme.to_s == 'bearer'
-          auth_header.params
-        else
-          nil
-        end
+        return unless auth_header.provided? && !auth_header.parts.first.nil? && auth_header.scheme.to_s == 'bearer'
+
+        auth_header.params
       end
 
       def token_from_haveapi_header(request)
@@ -171,7 +169,7 @@ module HaveAPI::Authentication
           token_url: @token_url,
           token_path: @token_path,
           revoke_url: @revoke_url,
-          revoke_path: @revoke_path,
+          revoke_path: @revoke_path
         }
       end
 
@@ -189,14 +187,11 @@ module HaveAPI::Authentication
               sinatra_params: handler.params,
               oauth2_request: req,
               oauth2_response: res,
-              client:,
+              client:
             )
 
-            if auth_res.nil?
-              # Authentication failed
-              req.access_denied!
-            elsif auth_res.cancel
-              # Cancel the process
+            if auth_res.nil? || auth_res.cancel
+              # Authentication failed / cancel requested
               req.access_denied!
             elsif auth_res.authenticated && auth_res.complete
               # Authentication was successful
@@ -216,7 +211,7 @@ module HaveAPI::Authentication
               sinatra_params: handler.params,
               oauth2_request: req,
               oauth2_response: res,
-              client:,
+              client:
             )
 
             if auth_res.nil?
@@ -256,25 +251,19 @@ module HaveAPI::Authentication
               if authorization.code_challenge && authorization.code_challenge_method
                 req.verify_code_verifier!(
                   authorization.code_challenge,
-                  authorization.code_challenge_method.to_sym,
+                  authorization.code_challenge_method.to_sym
                 )
               end
 
               access_token, expires_at, refresh_token = config.get_tokens(authorization, handler.request)
 
               bearer_token = Rack::OAuth2::AccessToken::Bearer.new(
-                access_token: access_token,
-                expires_in: expires_at - Time.now,
+                access_token:,
+                expires_in: expires_at - Time.now
               )
               bearer_token.refresh_token = refresh_token if refresh_token
               bearer_token
 
-            when :password
-              req.unsupported_grant_type!
-
-            when :client_credentials
-              req.unsupported_grant_type!
-
             when :refresh_token
               authorization = config.find_authorization_by_refresh_token(client, req.refresh_token)
 
@@ -285,24 +274,24 @@ module HaveAPI::Authentication
               access_token, expires_at, refresh_token = config.refresh_tokens(authorization, handler.request)
 
               bearer_token = Rack::OAuth2::AccessToken::Bearer.new(
-                access_token: access_token,
-                expires_in: expires_at - Time.now,
+                access_token:,
+                expires_in: expires_at - Time.now
               )
               bearer_token.refresh_token = refresh_token if refresh_token
               bearer_token
 
-            else
+            else # :password, :client_credentials
               req.unsupported_grant_type!
             end
         end
       end
 
       def revoke_endpoint(handler)
-        RevokeEndpoint.new do |req, res|
+        RevokeEndpoint.new do |req, _res|
           ret = config.handle_post_revoke(
             handler.request,
             req.token,
-            token_type_hint: req.token_type_hint,
+            token_type_hint: req.token_type_hint
           )
 
           case ret
@@ -317,8 +306,9 @@ module HaveAPI::Authentication
       end
 
       private
+
       def header_to_env(header)
-        "HTTP_#{header.upcase.gsub(/\-/, '_')}"
+        "HTTP_#{header.upcase.gsub('-', '_')}"
       end
     end
   end

data/lib/haveapi/authentication/oauth2/revoke_endpoint.rb

@@ -23,13 +23,12 @@ module HaveAPI::Authentication
           raise Rack::OAuth2::Server::Abstract::BadRequest.new(
             :unsupported_token_type,
             description,
-            options,
+            options
           )
         end
       end
 
       class Response < Rack::OAuth2::Server::Abstract::Response
-
       end
     end
   end

data/lib/haveapi/authentication/token/action_config.rb

@@ -38,15 +38,17 @@ module HaveAPI::Authentication
       end
 
       private
+
       def check!(name)
-        fail "#{name} cannot be configured" unless @opts[name]
+        raise "#{name} cannot be configured" unless @opts[name]
+
         true
       end
 
       def with_defaults(opts)
-        Hash[%i(input handle).map do |v|
+        %i[input handle].to_h do |v|
           [v, opts.has_key?(v) ? opts[v] : true]
-        end]
+        end
       end
     end
   end

data/lib/haveapi/authentication/token/config.rb

@@ -18,7 +18,7 @@ module HaveAPI::Authentication
           end
         end
 
-        %i(renew revoke).each do |name|
+        %i[renew revoke].each do |name|
           # Configuration method
           define_method(name) do |&block|
             var = :"@#{name}"
@@ -70,6 +70,8 @@ module HaveAPI::Authentication
         end
 
         def inherited(subclass)
+          super
+
           # Default request
           subclass.request do
             input do
@@ -84,7 +86,7 @@ module HaveAPI::Authentication
           end
 
           # Default renew and revoke
-          %i(renew revoke).each do |name|
+          %i[renew revoke].each do |name|
             subclass.send(name) do
               handle do
                 raise NotImplementedError
@@ -108,9 +110,7 @@ module HaveAPI::Authentication
       # @param request [Sinatra::Request]
       # @param token [String]
       # @return [Object, nil]
-      def find_user_by_token(request, token)
-
-      end
+      def find_user_by_token(request, token); end
     end
   end
 end

data/lib/haveapi/authentication/token/provider.rb

@@ -6,8 +6,7 @@ module HaveAPI::Authentication
   module Token
     # Exception that has to be raised when generated token already exists.
     # Provider will catch it and generate another token.
-    class TokenExists < Exception
-
+    class TokenExists < StandardError
     end
 
     # Provider for token authentication.
@@ -140,6 +139,7 @@ module HaveAPI::Authentication
 
       def resource_module
         return @module if @module
+
         provider = self
 
         @module = Module.new do
@@ -166,18 +166,14 @@ module HaveAPI::Authentication
         {
           http_header: config.class.http_header,
           query_parameter: config.class.query_parameter,
-          description: "The client authenticates with credentials, usually "+
-                       "username and password, and gets a token. "+
-                       "From this point, the credentials can be forgotten and "+
-                       "the token is used instead. Tokens can have different lifetimes, "+
-                       "can be renewed and revoked. The token is passed either via HTTP "+
-                       "header or query parameter."
+          description: 'The client authenticates with credentials, usually username and password, and gets a token. From this point, the credentials can be forgotten and the token is used instead. Tokens can have different lifetimes, can be renewed and revoked. The token is passed either via HTTP header or query parameter.'
         }
       end
 
       private
+
       def header_to_env
-        "HTTP_#{config.class.http_header.upcase.gsub(/\-/, '_')}"
+        "HTTP_#{config.class.http_header.upcase.gsub('-', '_')}"
       end
 
       def token_resource
@@ -194,21 +190,21 @@ module HaveAPI::Authentication
             http_method :post
 
             input(:hash) do
-              if block = provider.config.class.request.input
+              if (block = provider.config.class.request.input)
                 instance_exec(&block)
               end
 
               string :lifetime, label: 'Lifetime', required: true,
-                      choices: %i(fixed renewable_manual renewable_auto permanent),
-                      desc: <<END
-fixed - the token has a fixed validity period, it cannot be renewed
-renewable_manual - the token can be renewed, but it must be done manually via renew action
-renewable_auto - the token is renewed automatically to now+interval every time it is used
-permanent - the token will be valid forever, unless deleted
-END
+                                choices: %i[fixed renewable_manual renewable_auto permanent],
+                                desc: <<~END
+                                  fixed - the token has a fixed validity period, it cannot be renewed
+                                  renewable_manual - the token can be renewed, but it must be done manually via renew action
+                                  renewable_auto - the token is renewed automatically to now+interval every time it is used
+                                  permanent - the token will be valid forever, unless deleted
+                                END
               integer :interval, label: 'Interval',
-                      desc: 'How long will requested token be valid, in seconds.',
-                      default: 60*5, fill: true
+                                 desc: 'How long will requested token be valid, in seconds.',
+                                 default: 60 * 5, fill: true
             end
 
             output(:hash) do
@@ -227,9 +223,9 @@ END
 
               begin
                 result = config.class.request.handle.call(ActionRequest.new(
-                  request: request,
-                  input: input,
-                ), ActionResult.new)
+                                                            request:,
+                                                            input:
+                                                          ), ActionResult.new)
               rescue HaveAPI::AuthenticationError => e
                 error(e.message)
               end
@@ -242,7 +238,7 @@ END
                 token: result.token,
                 valid_to: result.valid_to,
                 complete: result.complete?,
-                next_action: result.next_action,
+                next_action: result.next_action
               }
             end
           end
@@ -258,10 +254,10 @@ END
             def exec
               provider = self.class.resource.token_instance
               result = provider.config.class.revoke.handle.call(ActionRequest.new(
-                request: request,
-                user: current_user,
-                token: provider.token(request),
-              ), ActionResult.new)
+                                                                  request:,
+                                                                  user: current_user,
+                                                                  token: provider.token(request)
+                                                                ), ActionResult.new)
 
               if result.ok?
                 ok
@@ -286,13 +282,13 @@ END
             def exec
               provider = self.class.resource.token_instance
               result = provider.config.renew_token(ActionRequest.new(
-                request: request,
-                user: current_user,
-                token: provider.token(request),
-              ), ActionResult.new)
+                                                     request:,
+                                                     user: current_user,
+                                                     token: provider.token(request)
+                                                   ), ActionResult.new)
 
               if result.ok?
-                {valid_to: result.valid_to}
+                { valid_to: result.valid_to }
               else
                 error(result.error || 'renew failed')
               end
@@ -323,10 +319,10 @@ END
               define_method(:exec) do
                 begin
                   result = config.handle.call(ActionRequest.new(
-                    request: request,
-                    input: input,
-                    token: input[:token],
-                  ), ActionResult.new)
+                                                request:,
+                                                input:,
+                                                token: input[:token]
+                                              ), ActionResult.new)
                 rescue HaveAPI::AuthenticationError => e
                   error(e.message)
                 end
@@ -339,7 +335,7 @@ END
                   token: result.token,
                   valid_to: result.valid_to,
                   complete: result.complete?,
-                  next_action: result.next_action,
+                  next_action: result.next_action
                 }
               end
             end