his_emr_user_management 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 352525399bd80965fc1bef10187afb7e950cb8d53a37df41e9449a5871417e89
+  data.tar.gz: 7cbad475132102e2ea911b0423fd663a2ad471d8fb051ca74d751df77d327b19
+SHA512:
+  metadata.gz: 49c60961414b77897b9793a16ba6d47b9ab16d4ba9bb46cf1160b85fc7b1b05eafaf32e51f9abe2a47c8b53bb957801eaedcc16023462156353b6c3eb855be0d
+  data.tar.gz: d5bb8e23e4575fccfcd0876b1e60e91919026c2dfa005cdb27833a0a8bc9bdc100647ebcc5163dfc7fde7e6a4ffc9531d9a8e150068f8ce977af3974cd6dfd45

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 Fredrick Chiyenda
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+# UserManagement
+Short description and motivation.
+This gem provides generic functionality for EMRs user management to integrate with an LDAP server via the Single sign on Service (sss) just by plugging it into your application(s).
+
+## Usage
+How to use my plugin.
+
+The plugin needs to be mounted into your application and the api's it exposes will be available via the mounted point.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'user_management', :git => 'https://github.com/EGPAFMalawiHIS/emr_usermanagement_engine.git', :branch => 'main'
+```
+
+Add this line to your routes.rb file:
+```ruby
+mount UserManagement::Engine, at: "/api/v1"
+```
+
+Create a file config/settings.yml and add the following structure:
+
+```yaml
+secret_key: ""
+duplicate_precision: 90
+gateway_key: 'usermanagement'
+sss_url: localhost:3001
+```
+-- Generate a key and put it on the secret_key value and update the other key as necessary use command 'rake secret'
+
+Add the following code to your application_controller.rb
+```ruby
+before_action :authorized_user
+
+  def authorized_user
+    token = request.headers[:Authorization]
+    response = JSON.parse(UserManagement::ApplicationController.authorized(token))
+    return render json: {status: 403, message: 'User not authorised or token expired'} if response['status'] == 403
+    return render json: {status: 401, message: 'Invalid username or password'} if response['status'] == 401
+  end
+```
+
+And then execute:
+```bash
+$ bundle i
+```
+In Rails.root of your application execute:
+```ruby
+bin/rails user_management:install:migrations
+```
+```ruby
+bin/rails db:migrate
+```
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'UserManagement'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/user_management/application_controller.rb

@@ -0,0 +1,39 @@
+module UserManagement
+  SETTINGS = YAML.load_file("#{Rails.root}/config/settings.yml")
+  class ApplicationController < ActionController::API
+
+    # protect_from_forgery with: :exception
+
+    def encode_token(payload)
+        payload[:exp] = 8.hours.from_now.to_i
+        JWT.encode(payload, SETTINGS['secret_key'])
+    end
+
+    def self.decode_token(token)
+        begin
+            token = token.split(' ')[1]
+            JWT.decode(token, SETTINGS['secret_key'], true, algorithm: 'HS256')
+        rescue JWT::DecodeError
+            nil
+        end
+    end
+
+    def self.logged_in_user(token)
+        decoded_token = decode_token(token)[0].symbolize_keys rescue return
+        if decoded_token
+          user_id = decoded_token[:user_id]
+          @user = User.find(user_id) if decoded_token[:exp] > Time.now.to_i
+        end
+    end
+
+    def self.logged_in?(token)
+        !!logged_in_user(token)
+    end
+
+    def self.authorized(token)
+        return render json: {message: 'Token not provided',status: 403}.symbolize_keys unless token
+        return render json: { message: 'Please log in', status: 403 }.symbolize_keys unless logged_in?(token)
+        render json: {status: 200, message: 'Authorised User'}
+    end
+  end
+end

data/app/controllers/user_management/authentication_controller.rb

@@ -0,0 +1,67 @@
+require_dependency "user_management/application_controller"
+
+module UserManagement
+  class AuthenticationController < ApplicationController
+        require 'rest-client'
+        before_action :authorized, only: [:auto_login]
+
+        def create
+            #Contact sss
+            @user = User.find_by(username: params[:username])
+            begin
+                response = JSON.parse(RestClient.post("#{SETTINGS['sss_url']}/authenticate",{'username' => params[:username],'password' => params[:password]}.to_json, {content_type: :json, accept: :json}))
+            rescue => e
+                return authenticate_locally
+            end
+            response.symbolize_keys!
+            if response[:isValid] ==  true
+                if @user.blank?
+                  ActiveRecord::Base.transaction do
+                    #Remove hard coding
+                    person = Person.create!(first_name: (response[:first_name] || 'N/A'),surname: (response[:last_name] || 'N/A'), sex: (response[:gender] || 'N'))
+                    user = User.create!(username: params[:username], email: 'test@example.com', person_id:person.id, password:params[:password],password_confirmation: params[:password_confirmation])
+                    @user = User.find_by(username: params[:username])
+                  end
+                else
+                  ActiveRecord::Base.transaction do
+                    #Remove hard coding
+                    Person.find_by(person_id: @user.person_id).update(first_name: (response[:first_name] || 'N/A'),surname: (response[:last_name] || 'N'), sex: (response[:gender] || 'N'))
+                    @user.update!(email: 'test@example.com', password:params[:password],password_confirmation: params[:password_confirmation])
+                  end
+                end
+                authenticate_locally
+            elsif response[:isValid] ==  false
+              if @user
+                ActiveRecord::Base.connection.execute("UPDATE user set password='password',password_digest='digest' WHERE user_id = #{@user.id}") unless @user
+                render json: {error: "Invalid username or password", status: 403}, status: :forbidden
+              else
+                authenticate_locally
+              end
+            elsif response['error']
+              authenticate_locally
+            end
+        end
+
+        def authenticate_locally
+          if @user && (@user.authenticate(params[:password]) rescue false)
+             token = encode_token({user_id: @user.id, kid: SETTINGS['gateway_key']})
+             person = Person.find(@user.person_id)
+             render json: {
+                            "access_token":token,
+                            "token_type":"bearer",
+                            "expires_in":28800,
+                            "username": @user.username,
+                            "firstname": person.first_name,
+                            "surname": person.surname,
+                            "gender": person.sex
+                          }
+          else
+             render json: {error: "Invalid username or password",status: 401}, status: :unauthorized
+          end
+        end
+
+        def auto_login
+            render json: @user
+        end
+    end
+end

data/app/controllers/user_management/users_controller.rb

@@ -0,0 +1,92 @@
+require_dependency "user_management/application_controller"
+
+module UserManagement
+  class UsersController < ApplicationController
+            def index
+                render json: User.all ,status: 200
+            end
+            def create
+                person = Person.create(first_name: params[:first_name],surname: params[:surname], sex: params[:sex])
+                user = User.new(username: params[:username], email: params[:email], person_id:person.id, password:params[:password],password_confirmation: params[:password_confirmation])
+                if user.save
+                    render json: user, status: :created
+                else
+                    render json: user.error, status: :unprocessable_entity
+                end
+            end
+
+            def show
+                user = User.find(params[:id]) rescue nil
+                if user.nil?
+                    render json: {message: 'No user with id #{params[:id]}'}, status: :no_content
+                else
+                    render json: user, status: 200
+                end
+            end
+
+            def update
+                user = User.find(params[:id]) rescue nil
+                person = Person.find(user.person_id)
+                if user.nil?
+                    render json: {message: 'No user with id #{params[:id]}'}, status: :no_content
+                else
+                    params.keys.each do |key|
+                        next if ["username","email","password"].exclude?(key)
+                        user[key] = params[key]
+                    end
+
+                    params.keys.each do |key|
+                        next if ["first_name","surname","sex"].exclude?(key)
+                        person[key] = params[key]
+                    end
+
+                    if user.save && person.save
+                        render json: user, status: 200
+                    else
+                        render json: user.error, status: :unprocessable_entity
+                    end
+                end
+            end
+
+            def destroy
+                user = User.find(params[:id])
+                if user.destroy!
+                    render json: {message: 'Record Deleted'}, status: :no_content
+
+                else
+                    render json: user.error, status: :unprocessable_entity
+                end
+            end
+
+            def add_privilege
+                user = User.find(params[:id]) rescue nil
+                if user.nil?
+                    render json: {message: 'No user with id #{params[:id]}'}, status: :no_content
+                else
+                    privilege_id = Privilege.where(name: params[:name]).first.id
+                    user_privilege = UserPrivilege.new(user_id: user.id, privilege_id: privilege_id, active: 1 )
+                    if user_privilege.save
+                        render json: user_privilege, status: :created
+                    else
+                        render json: user_privilege.error, status: :unprocessable_entity
+                    end
+                end
+            end
+
+            def delete_privilege
+                user = User.find(params[:id]) rescue nil
+                privilege_id = Privilege.where(name: params[:name]).first.id
+                user_privilege = UserPrivilege.where(user_id: user.id, privilege_id: privilege_id, active: 1 ).first rescue nil
+                if user.nil? || user_privilege.nil?
+                    render json: {message: 'No user or privilege with id #{params[:id]}'}, status: :no_content
+                else
+                    user_privilege.active = 1
+                    if user_privilege.save
+                        render json: user_privilege, status: :accepted
+                    else
+                        render json: user_privilege.error, status: :unprocessable_entity
+                    end
+                end
+            end
+  end
+end

data/app/jobs/user_management/application_job.rb

@@ -0,0 +1,4 @@
+module UserManagement
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/user_management/application_mailer.rb

@@ -0,0 +1,6 @@
+module UserManagement
+  class ApplicationMailer < ActionMailer::Base
+    default from: 'from@example.com'
+    layout 'mailer'
+  end
+end

data/app/models/user_management/application_record.rb

@@ -0,0 +1,5 @@
+module UserManagement
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/user_management/person.rb

@@ -0,0 +1,7 @@
+module UserManagement
+  class Person < ApplicationRecord
+    validates :first_name , presence: true
+    validates :surname , presence: true
+    validates :sex , presence: true
+  end
+end

data/app/models/user_management/privilege.rb

@@ -0,0 +1,6 @@
+module UserManagement
+  class Privilege < ApplicationRecord
+    validates :name, presence: true
+    validates :description, presence: true
+  end
+end

data/app/models/user_management/user.rb

@@ -0,0 +1,8 @@
+module UserManagement
+  class User < ApplicationRecord
+    has_secure_password
+    validates :username, presence: true,uniqueness: true
+    validates :email, presence: true
+    validates :person_id, presence: true
+  end
+end

data/app/models/user_management/user_privilege.rb

@@ -0,0 +1,6 @@
+module UserManagement
+  class UserPrivilege < ApplicationRecord
+    validates :user_id, presence: true
+    validates :privilege_id, presence: true
+  end
+end

data/config/routes.rb

@@ -0,0 +1,10 @@
+UserManagement::Engine.routes.draw do
+  resources :users do
+    member do
+      put     '/add_privilege' => 'users#add_privilege'
+      delete  '/delete_privilege' => 'users#delete_privilege'
+    end
+  end
+  post '/token', to: 'authentication#create'
+  resources :authentication
+ end

data/config/settings.yml.example

@@ -0,0 +1,4 @@
+secret_key: "745840cc554aed7519acb760ae3b05f850c74d076ca21ff15891f9dfaddad69426b23090637e17645baee710964245780ebb6e59606b97bb8764959acb40a853"
+duplicate_precision: 90
+gateway_key: 'usermanagement'
+sss_url: localhost:3001

data/db/migrate/20210613151258_create_user_management_people.rb

@@ -0,0 +1,16 @@
+class CreateUserManagementPeople < ActiveRecord::Migration[5.2]
+  def change
+    create_table :user_management_people, id: false, if_not_exists: true do |t|
+      t.integer :person_id, null: false, primary_key: true
+      t.string :national_id
+      t.string :first_name, null: false
+      t.string :surname, null: false
+      t.string :other_name
+      t.date :birthdate
+      t.string :sex, limit: 1
+      t.integer :phone_number
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20210613152557_create_user_management_privileges.rb

@@ -0,0 +1,10 @@
+class CreateUserManagementPrivileges < ActiveRecord::Migration[5.2]
+  def change
+    create_table :user_management_privileges do |t|
+      t.string :name, null: false
+      t.text :description, null: false
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20210613152630_create_user_management_users.rb

@@ -0,0 +1,14 @@
+class CreateUserManagementUsers < ActiveRecord::Migration[5.2]
+  def change
+    create_table  :user_management_users, id: false do |t|
+      t.integer   :user_id, null: false, primary_key: true
+      t.string    :username, null: false
+      t.string    :email
+      t.string    :password
+      t.string    :password_digest
+      t.integer   :person_id, null: false
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20210613152744_create_user_management_user_privileges.rb

@@ -0,0 +1,12 @@
+class CreateUserManagementUserPrivileges < ActiveRecord::Migration[5.2]
+  def change
+    create_table :user_management_user_privileges, id: false do |t|
+      t.integer :user_privilege_id, null: false, primary_key: true
+      t.integer :user_id, null: false
+      t.integer :privilege_id, null: false
+      t.boolean :active, null: false
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20210614023528_add_foreign_key_contraints.rb

@@ -0,0 +1,5 @@
+class AddForeignKeyContraints < ActiveRecord::Migration[5.2]
+  def change
+    add_foreign_key :user_management_user_privileges, :user_management_users, column: :user_id, primary_key: :user_id
+  end
+end

data/lib/tasks/user_management_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :user_management do
+#   # Task goes here
+# end

data/lib/user_management/engine.rb

@@ -0,0 +1,11 @@
+module UserManagement
+  class Engine < ::Rails::Engine
+    isolate_namespace UserManagement
+    config.generators.api_only = true
+
+    require 'rubygems'
+    require 'rest-client'
+    require 'bcrypt'
+    require 'jwt'
+  end
+end

data/lib/user_management/version.rb

@@ -0,0 +1,3 @@
+module UserManagement
+  VERSION = '0.1.0'
+end

data/lib/user_management.rb

@@ -0,0 +1,5 @@
+require "user_management/engine"
+
+module UserManagement
+  # Your code goes here...
+end

metadata

@@ -0,0 +1,138 @@
+--- !ruby/object:Gem::Specification
+name: his_emr_user_management
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Fredrick Chiyenda
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-01-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Description of UserManagement.
+email:
+- fchiyenda@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/user_management/application_controller.rb
+- app/controllers/user_management/authentication_controller.rb
+- app/controllers/user_management/users_controller.rb
+- app/jobs/user_management/application_job.rb
+- app/mailers/user_management/application_mailer.rb
+- app/models/user_management/application_record.rb
+- app/models/user_management/person.rb
+- app/models/user_management/privilege.rb
+- app/models/user_management/user.rb
+- app/models/user_management/user_privilege.rb
+- config/routes.rb
+- config/settings.yml.example
+- db/migrate/20210613151258_create_user_management_people.rb
+- db/migrate/20210613152557_create_user_management_privileges.rb
+- db/migrate/20210613152630_create_user_management_users.rb
+- db/migrate/20210613152744_create_user_management_user_privileges.rb
+- db/migrate/20210614023528_add_foreign_key_contraints.rb
+- lib/tasks/user_management_tasks.rake
+- lib/user_management.rb
+- lib/user_management/engine.rb
+- lib/user_management/version.rb
+homepage: https://github.com/EGPAFMalawiHIS/emr_usermanagement_engine
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/EGPAFMalawiHIS/emr_usermanagement_engine
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.5
+signing_key: 
+specification_version: 4
+summary: Summary of UserManagement.
+test_files: []