its-ruby-auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a2d670bdf42a04cb6b6b9928917281e084b4b2ef13f291efffa60dc7531fe686
+  data.tar.gz: a500635f8e9e46767a332bb283b9176f6c64813274148126f72d36e242ac1829
+SHA512:
+  metadata.gz: f8e5f05820d44873bca31f056b60336d84f8ca93cfc481f8e0ca89d4950f3bcd99d308b5bd25e24f9fb03c5ec5d6debadd95b7c152fb154b390c293b64a7e841
+  data.tar.gz: f24402f2ebc10bab4dd75e4c4e5d5d61295bda7abf8d3d30ab699c1e97d4d130d3356b70a3f30c64497b538e676c6405593931665cbc3db24221c77c1539db5f

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2021 TODO: Write your name
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# Ibrain::Auth
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ibrain-auth'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install ibrain-auth
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'bundler/setup'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'

data/app/controllers/ibrain/social_callbacks_controller.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class Ibrain::SocialCallbacksController < Devise::OmniauthCallbacksController
+  include ActionController::Helpers
+  include Ibrain::Core::ControllerHelpers::Response
+  include ActionController::MimeResponds
+
+  def instagram
+    generic_callback( 'instagram' )
+  end
+
+  def facebook
+    generic_callback( 'facebook' )
+  end
+
+  def twitter
+    generic_callback( 'twitter' )
+  end
+
+  def google_oauth2
+    generic_callback( 'google_oauth2' )
+  end
+
+  def apple
+    generic_callback( 'apple' )
+  end
+
+  def line
+    generic_callback( 'line' )
+  end
+
+  def create
+    user = line_repo.find_or_initialize!
+
+    render_json_ok(user, nil)
+  end
+
+  def new_user_session(*args)
+    new_session(*args)
+  end
+
+  private
+
+  def repo
+    AuthRepository.new(resource, params)
+  end
+
+  def line_repo
+    LineRepository.new(resource, request.env['omniauth.auth'])
+  end
+
+  def apple_repo
+    AppleRepository.new(resource, request.env['omniauth.auth'])
+  end
+
+  def generic_callback( provider )
+  end
+end

data/app/graphql/ibrain/mutations/auth_mutation.rb

@@ -0,0 +1,218 @@
+# frozen_string_literal: true
+
+module Ibrain::Mutations
+  class AuthMutation < Ibrain::Mutations::BaseMutation
+    include ActionController::Helpers
+    include Devise::Controllers::ScopedViews
+    include Devise::Controllers::Helpers
+
+    helpers = %w(resource scope_name resource_name signed_in_resource
+                 resource_class resource_params devise_mapping)
+
+    helper_method(*helpers)
+
+    def ready?(args)
+      @params = ActionController::Parameters.new(
+        args.to_h.with_indifferent_access.transform_keys(&:underscore)
+      )
+
+      @auth_resource = load_resource
+      true
+    end
+
+    # Override prefixes to consider the scoped view.
+    # Notice we need to check for the request due to a bug in
+    # Action Controller tests that forces _prefixes to be
+    # loaded before even having a request object.
+    #
+    # This method should be public as it is in ActionPack
+    # itself. Changing its visibility may break other gems.
+    def _prefixes # :nodoc:
+      @_prefixes ||= if self.class.scoped_views? && request && devise_mapping
+        ["#{devise_mapping.scoped_path}/#{controller_name}"] + super
+      else
+        super
+      end
+    end
+
+    protected
+
+    attr_reader :auth_resource
+
+    def auth_headers(headers, user, scope: nil, aud: nil)
+      scope ||= Devise::Mapping.find_scope!(user)
+      aud ||= headers[Warden::JWTAuth.config.aud_header]
+
+      token, payload = Warden::JWTAuth::UserEncoder.new.call(
+        user, scope, aud
+      )
+
+      [token, payload.try(:fetch, 'jti')]
+    rescue StandardError => e
+      Ibrain::Logger.error(e.message)
+
+      []
+    end
+
+    # Gets the actual resource stored in the instance variable
+    def resource
+      instance_variable_get(:"@#{resource_name}")
+    end
+
+    # Proxy to devise map name
+    def resource_name
+      devise_mapping.name
+    end
+    alias :scope_name :resource_name
+
+    # Proxy to devise map class
+    def resource_class
+      devise_mapping.to
+    end
+
+    # Returns a signed in resource from session (if one exists)
+    def signed_in_resource
+      warden.authenticate(scope: resource_name)
+    end
+
+    # Attempt to find the mapped route for devise based on request path
+    def devise_mapping
+      @devise_mapping ||= request.env["devise.mapping"]
+    end
+
+    # Returns real navigational formats which are supported by Rails
+    def navigational_formats
+      @navigational_formats ||= Devise.navigational_formats.select { |format| Mime::EXTENSION_LOOKUP[format.to_s] }
+    end
+
+    def unknown_action!(msg)
+      logger&.debug "[Devise] #{msg}"
+      raise AbstractController::ActionNotFound, msg
+    end
+
+    # Sets the resource creating an instance variable
+    def resource=(new_resource)
+      instance_variable_set(:"@#{resource_name}", new_resource)
+    end
+
+    # Helper for use in before_actions where no authentication is required.
+    #
+    # Example:
+    #   before_action :require_no_authentication, only: :new
+    def require_no_authentication
+      assert_is_devise_resource!
+      return unless is_navigational_format?
+
+      no_input = devise_mapping.no_input_strategies
+
+      authenticated = if no_input.present?
+        args = no_input.dup.push scope: resource_name
+        warden.authenticate?(*args)
+      else
+        warden.authenticated?(resource_name)
+      end
+
+      if authenticated && resource = warden.user(resource_name)
+        set_flash_message(:alert, 'already_authenticated', scope: 'devise.failure')
+        redirect_to after_sign_in_path_for(resource)
+      end
+    end
+
+    # Helper for use after calling send_*_instructions methods on a resource.
+    # If we are in paranoid mode, we always act as if the resource was valid
+    # and instructions were sent.
+    def successfully_sent?(resource)
+      notice = if Devise.paranoid
+        resource.errors.clear
+        :send_paranoid_instructions
+      elsif resource.errors.empty?
+        :send_instructions
+      end
+
+      if notice
+        set_flash_message! :notice, notice
+        true
+      end
+    end
+
+    # Sets the flash message with :key, using I18n. By default you are able
+    # to set up your messages using specific resource scope, and if no message is
+    # found we look to the default scope. Set the "now" options key to a true
+    # value to populate the flash.now hash in lieu of the default flash hash (so
+    # the flash message will be available to the current action instead of the
+    # next action).
+    # Example (i18n locale file):
+    #
+    #   en:
+    #     devise:
+    #       passwords:
+    #         #default_scope_messages - only if resource_scope is not found
+    #         user:
+    #           #resource_scope_messages
+    #
+    # Please refer to README or en.yml locale file to check what messages are
+    # available.
+    def set_flash_message(key, kind, options = {})
+      message = find_message(kind, options)
+      if options[:now]
+        flash.now[key] = message if message.present?
+      elsif message.present?
+        flash[key] = message
+      end
+    end
+
+    # Sets flash message if is_flashing_format? equals true
+    def set_flash_message!(key, kind, options = {})
+      if is_flashing_format?
+        set_flash_message(key, kind, options)
+      end
+    end
+
+    # Sets minimum password length to show to user
+    def set_minimum_password_length
+      if devise_mapping.validatable?
+        @minimum_password_length = resource_class.password_length.min
+      end
+    end
+
+    def devise_i18n_options(options)
+      options
+    end
+
+    # Get message for given
+    def find_message(kind, options = {})
+      options[:scope] ||= translation_scope
+      options[:default] = Array(options[:default]).unshift(kind.to_sym)
+      options[:resource_name] = resource_name
+      options = devise_i18n_options(options)
+      I18n.t("#{options[:resource_name]}.#{kind}", **options)
+    end
+
+    # Controllers inheriting DeviseController are advised to override this
+    # method so that other controllers inheriting from them would use
+    # existing translations.
+    def translation_scope
+      "devise.#{controller_name}"
+    end
+
+    def clean_up_passwords(object)
+      object.clean_up_passwords if object.respond_to?(:clean_up_passwords)
+    end
+
+    def respond_with_navigational(*args, &block)
+      respond_with(*args) do |format|
+        format.any(*navigational_formats, &block)
+      end
+    end
+
+    def resource_params
+      params.fetch(resource_name, {})
+    end
+
+    def repo; end
+    def load_resource; end
+    def normalize_parameters; end
+
+    ActiveSupport.run_load_hooks(:devise_controller, self)
+  end
+end

data/app/graphql/ibrain/mutations/generate_firebase_token_mutation.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Ibrain::Mutations
+  class GenerateFirebaseTokenMutation < AuthMutation
+    field :result, Boolean, null: true
+    field :token, String, null: true
+
+    argument :attributes, ::Ibrain::Types::Input::GenerateFirebaseTokenInput, required: true
+
+    def resolve(_args)
+      token = repo.generate_custom_token!
+
+      graphql_returning(token)
+    end
+
+    private
+
+    def normalize_parameters
+      attribute_params.permit(:code, :redirect_uri, :access_token)
+    rescue StandardError
+      ActionController::Parameters.new({})
+    end
+
+    def repo
+      ::FirebaseRepository.new(nil, normalize_parameters)
+    end
+
+    def graphql_returning(token)
+      OpenStruct.new(
+        token: token,
+        result: true
+      )
+    end
+  end
+end

data/app/graphql/ibrain/mutations/sign_in_mutation.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Ibrain::Mutations
+  class SignInMutation < AuthMutation
+    field :user, Types::Objects::UserType, null: true
+    field :token, String, null: true
+    field :result, Boolean, null: true
+
+    argument :attributes, Ibrain::Auth::Config.sign_in_input, required: true
+    argument :device_token, String, description: 'Device token for notification', required: false
+
+    def resolve(_args)
+      raise ActionController::InvalidAuthenticityToken, I18n.t('ibrain.errors.account.incorrect') if auth_resource.blank?
+
+      if !auth_resource.try(:can_skip_confirmation?) && !auth_resource.try(:confirmed?)
+        raise ActionController::InvalidAuthenticityToken, I18n.t('ibrain.errors.account.not_verified')
+      end
+
+      auth_resource.skip_confirmation! unless auth_resource.try(:confirmed?)
+      sign_in(resource_name, auth_resource)
+      @current_user = warden.authenticate!(auth_options)
+
+      if !current_user.try(:is_activated?) && Ibrain::Config.is_require_activated_account
+        raise ActionController::InvalidAuthenticityToken, I18n.t('ibrain.errors.account.is_deactivated')
+      end
+
+      # warden.set_user(current_user)
+      current_user.jwt_token, jti = auth_headers(request, auth_resource)
+      current_user.jti = jti
+      current_user.save!
+
+      if params[:device_token].present?
+        device_token = current_user.device_tokens.find_by(token: params[:device_token])
+        current_user.device_tokens.create!({ token: params[:device_token] }) if device_token.blank?
+      end
+
+      context[:current_user] = current_user
+
+      graphql_returning(
+        user_signed_in?,
+        user_signed_in? ? current_user : nil,
+        current_user.try(:jwt_token)
+      )
+    end
+
+    private
+
+    def load_resource
+      repo.sign_in
+    end
+
+    def repo
+      ::AuthRepository.new(nil, normalize_parameters)
+    end
+
+    def normalize_parameters
+      attribute_params
+    rescue StandardError
+      ActionController::Parameters.new({})
+    end
+
+    def auth_options
+      { scope: resource_name }
+    end
+
+    def graphql_returning(result, user = nil, token = nil)
+      OpenStruct.new(
+        user: user,
+        token: token,
+        result: result
+      )
+    end
+  end
+end

data/app/graphql/ibrain/mutations/sign_out_mutation.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Ibrain::Mutations
+  class SignOutMutation < AuthMutation
+    field :result, Boolean, null: true
+
+    def resolve
+      current_user.jti = nil
+      sign_out if current_user.save
+
+      current_user.device_tokens.delete_all unless user_signed_in?
+
+      OpenStruct.new(result: !user_signed_in?)
+    end
+  end
+end

data/app/graphql/ibrain/mutations/sign_up_mutation.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Ibrain::Mutations
+  class SignUpMutation < AuthMutation
+    field :is_verified, Boolean, null: true
+    field :result, Boolean, null: true
+
+    argument :attributes, Ibrain::Auth::Config.sign_up_input, required: true
+    argument :device_token, String, description: 'Device token for notificaiton', required: false
+
+    def resolve(_args)
+      # TODO: define logic inside repository
+      return graphql_returning(false, false) if auth_resource.blank?
+
+      sign_in(resource_name, auth_resource)
+      @current_user = warden.authenticate!(auth_options)
+
+      warden.set_user(current_user)
+      current_user.jwt_token, jti = auth_headers(request, auth_resource)
+
+      current_user.jti = jti
+      current_user.save!
+
+      if params[:device_token].present?
+        device_token = current_user.device_tokens.find_by(token: params[:device_token])
+
+        current_user.device_tokens.create!({ token: params[:device_token] }) if device_token.blank?
+      end
+
+      context[:current_user] = current_user
+      graphql_returning
+    end
+
+    private
+
+    def load_resource
+      repo.create
+    end
+
+    def repo
+      ::AuthRepository.new(nil, normalize_parameters)
+    end
+
+    def normalize_parameters
+      attribute_params
+    rescue StandardError
+      ActionController::Parameters.new({})
+    end
+
+    def auth_options
+      { scope: resource_name }
+    end
+
+    def graphql_returning
+      OpenStruct.new(
+        result: current_user.present?,
+        is_verified: false
+      )
+    end
+  end
+end

data/app/graphql/ibrain/mutations/social_sign_in_mutation.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Ibrain::Mutations
+  class SocialSignInMutation < AuthMutation
+    field :user, Types::Objects::UserType, null: true
+    field :token, String, null: true
+    field :result, Boolean, null: true
+
+    argument :attributes, Ibrain::Auth::Config.social_sign_in_input, required: true
+    argument :device_token, String, description: 'Device token for notification', required: false
+
+    def resolve(_args)
+      return graphql_returning(false) if auth_resource.blank?
+
+      auth_resource.skip_confirmation! unless auth_resource.try(:confirmed?)
+      sign_in(resource_name, auth_resource)
+      @current_user = warden.authenticate!(auth_options)
+
+      if !current_user.try(:is_activated?) && Ibrain::Config.is_require_activated_account
+        raise ActionController::InvalidAuthenticityToken, I18n.t('ibrain.errors.account.is_deactivated')
+      end
+
+      # warden.set_user(current_user)
+      current_user.jwt_token, jti = auth_headers(request, auth_resource)
+      current_user.jti = jti
+      current_user.save!
+
+      if params[:device_token].present?
+        device_token = current_user.device_tokens.find_by(token: params[:device_token])
+
+        current_user.device_tokens.create!({ token: params[:device_token] }) if device_token.blank?
+      end
+
+      context[:current_user] = current_user
+
+      graphql_returning(
+        user_signed_in?,
+        user_signed_in? ? current_user : nil,
+        current_user.try(:jwt_token)
+      )
+    end
+
+    private
+
+    def load_resource
+      repo.sign_in
+    end
+
+    def repo
+      ::AuthRepository.new(nil, normalize_parameters)
+    end
+
+    def normalize_parameters
+      attribute_params
+    rescue StandardError
+      ActionController::Parameters.new({})
+    end
+
+    def auth_options
+      { scope: resource_name }
+    end
+
+    def graphql_returning(result, user = nil, token = nil)
+      OpenStruct.new(
+        user: user,
+        token: token,
+        result: result
+      )
+    end
+  end
+end

data/app/graphql/ibrain/types/input/generate_firebase_token_input.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Ibrain
+  module Types
+    module Input
+      class GenerateFirebaseTokenInput < Ibrain::Types::BaseInputObject
+        argument :code, String, required: false
+        argument :redirect_uri, String, required: false
+        argument :access_token, String, required: false
+      end
+    end
+  end
+end

data/app/graphql/ibrain/types/input/sign_in_input.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Ibrain
+  module Types
+    module Input
+      class SignInInput < Ibrain::Types::BaseInputObject
+        argument :username, String, required: true
+        argument :password, String, required: true
+      end
+    end
+  end
+end

data/app/graphql/ibrain/types/input/sign_up_input.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Ibrain
+  module Types
+    module Input
+      class SignUpInput < Ibrain::Types::BaseInputObject
+        argument :first_name, String, required: false
+        argument :last_name, String, required: false
+        argument :email, String, required: false
+        argument :phone, String, required: false
+        argument :job_id, ID, required: false
+        argument :address, String, required: false
+        argument :password, String, required: false
+      end
+    end
+  end
+end

data/app/graphql/ibrain/types/input/social_login_input.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Ibrain
+  module Types
+    module Input
+      class SocialLoginInput < Ibrain::Types::BaseInputObject
+        argument :id_token, String, required: true
+      end
+    end
+  end
+end

data/app/graphql/ibrain/types/input/social_sign_in_input.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Ibrain
+  module Types
+    module Input
+      class SocialSignInInput < Ibrain::Types::BaseInputObject
+        argument :id_token, String, description: 'Id Token from firebase', required: true
+      end
+    end
+  end
+end