lesli_shield 0.1.0

data/app/controllers/lesli_shield/application_controller.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/lesli_shield/dashboard/components_controller.rb

@@ -0,0 +1,60 @@
+module LesliShield
+  class Dashboard::ComponentsController < ApplicationController
+    before_action :set_dashboard_component, only: %i[ show edit update destroy ]
+
+    # GET /dashboard/components
+    def index
+      @dashboard_components = Dashboard::Component.all
+    end
+
+    # GET /dashboard/components/1
+    def show
+    end
+
+    # GET /dashboard/components/new
+    def new
+      @dashboard_component = Dashboard::Component.new
+    end
+
+    # GET /dashboard/components/1/edit
+    def edit
+    end
+
+    # POST /dashboard/components
+    def create
+      @dashboard_component = Dashboard::Component.new(dashboard_component_params)
+
+      if @dashboard_component.save
+        redirect_to @dashboard_component, notice: "Component was successfully created."
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    # PATCH/PUT /dashboard/components/1
+    def update
+      if @dashboard_component.update(dashboard_component_params)
+        redirect_to @dashboard_component, notice: "Component was successfully updated.", status: :see_other
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /dashboard/components/1
+    def destroy
+      @dashboard_component.destroy
+      redirect_to dashboard_components_url, notice: "Component was successfully destroyed.", status: :see_other
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_dashboard_component
+        @dashboard_component = Dashboard::Component.find(params[:id])
+      end
+
+      # Only allow a list of trusted parameters through.
+      def dashboard_component_params
+        params.fetch(:dashboard_component, {})
+      end
+  end
+end

data/app/controllers/lesli_shield/dashboards_controller.rb

@@ -0,0 +1,4 @@
+module LesliShield
+    class DashboardsController < Lesli::Shared::DashboardsController
+    end
+end

data/app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+class Users::ConfirmationsController < Devise::ConfirmationsController
+
+    def show
+
+        # delete all previus messages
+        flash.clear
+
+        # get the confirmation token sent through get params
+        token = params[:confirmation_token]
+
+        # validate that token were sent
+        if token.blank?
+            return flash[:danger] = I18n.t("core.users/confirmations.messages_warning_invalid_token")
+        end
+
+        # check if token belongs to a unconfirmed user
+        user = Lesli::User.find_by(:confirmation_token => token, :confirmed_at => nil)
+
+        # validate that user were found
+        if user.blank?
+            return flash[:danger] = I18n.t("core.users/confirmations.messages_warning_invalid_token")
+        end
+
+        # register a log with a validation atempt for the user
+        log = user.logs.create({ description: "confirmation_atempt_successful" })
+
+        registration_operator = Lesli::UserRegistrationOperator.new(user)
+
+        # confirm the user
+        registration_operator.confirm
+
+        # let the user knows that the confirmation is done
+        flash[:success] = I18n.t("core.users/confirmations.messages_success_email_updated")
+        
+        # if new account, launch account onboarding in another thread, 
+        # so the user can continue with the registration process
+        registration_operator.create_account if user.account.blank?
+        #Thread.new { registration_operator.create_account } if user.account.blank?
+
+    end
+
+    
+    # @controller_action_param :email [String] The registered user email
+    # @return [Json] Json that contains wheter the email confirmation was sent or not. 
+    #     If it is not successful, it returs an error message
+    # @description Resends a email confirmation an already registered user
+    # @example
+    #     # Executing this controller's action from javascript's frontend
+    #     let email = 'john.doe@email.com';
+    #     let data = {
+    #         user: {
+    #             email: email
+    #         }
+    #     };
+    #     this.http.post('127.0.0.1/conformation', data);
+    def create
+        super do |resource|
+            if successfully_sent?(resource)
+                return respond_with_successful
+            else
+                return respond_with_error(resource.errors.full_messages.to_sentence)
+            end
+        end
+    end
+end

data/app/controllers/users/omniauth_callbacks_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  # You should configure your model like this:
+  # devise :omniauthable, omniauth_providers: [:twitter]
+
+  # You should also create an action method in this controller like this:
+  # def twitter
+  # end
+
+  # More info at:
+  # https://github.com/heartcombo/devise#omniauth
+
+  # GET|POST /resource/auth/twitter
+  # def passthru
+  #   super
+  # end
+
+  # GET|POST /users/auth/twitter/callback
+  # def failure
+  #   super
+  # end
+
+  # protected
+
+  # The path used when OmniAuth fails
+  # def after_omniauth_failure_path_for(scope)
+  #   super(scope)
+  # end
+end

data/app/controllers/users/passwords_controller.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+class Users::PasswordsController < Devise::PasswordsController
+
+    # Sends an email with a token, so the user can reset their password
+    def create
+
+        if params[:user].blank?
+            #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
+            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
+        end
+
+        if params[:user][:email].blank?
+            #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
+            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
+        end
+
+        user = Lesli::User.find_by(:email => params[:user][:email])
+
+        if user.blank?
+            # Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email", {
+            #     email: (params[:user][:email] || "")
+            # })
+            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
+        end
+
+        unless user.active
+            # user.logs.create({title: "password_creation_failed", description: "user_not_active"})
+            # Account::Activity.log("core", "/password/create", "password_creation_failed", "user_not_active")
+            return respond_with_error(I18n.t("core.users/passwords.messages_danger_inactive_user"))
+        end
+
+        token = user.generate_password_reset_token
+
+        #user.logs.create({ title: "password_creation_successful" })
+
+        begin
+            Lesli::DeviseMailer.reset_password_instructions(user, token).deliver_now
+            respond_with_successful
+        rescue => exception
+            #Honeybadger.notify(exception)
+            respond_with_error(exception.message)
+        end
+    end
+
+    def update
+        super do |resource|
+
+            # check if password update was ok
+            if resource.errors.empty?
+
+                # reset password expiration due the user just updated his password
+                if resource.has_expired_password?
+                    resource.update(password_expiration_at: nil)
+                end
+
+                resource.logs.create(title: "password_reset_successful")
+
+                return respond_with_successful
+
+            else
+
+                resource.logs.create(title: "password_reset_error") if resource.id
+
+                return respond_with_error(resource.errors.full_messages.to_sentence)
+
+            end
+
+        end
+    end
+end

data/app/controllers/users/registrations_controller.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+class Users::RegistrationsController < Devise::RegistrationsController
+    before_action :configure_sign_up_params, only: [:create]
+    # before_action :configure_account_update_params, only: [:update]
+
+    # GET /resource/sign_up
+    # def new
+    #   super
+    # end
+
+    def create
+
+        # # Check if instance allow multi-account
+        # if !Rails.application.config.lesli.dig(:security, :allow_registration)
+        #     respond_with_error(I18n.t("core.users/registrations.messages_error_registration_not_allowed"))
+        #     return
+        # end
+
+        # # Validate user is unique
+        # if ::User.with_deleted.find_by(email: sign_up_params["email"])
+        #     return respond_with_error(I18n.t("core.users/registrations.messages_info_user_already_exists"))
+        # end
+
+        # build new user
+        user = build_resource(sign_up_params)
+
+        # run password complexity validations
+        #user_validator = UsersValidator.new(user).password_complexity(sign_up_params[:password])
+
+        # return if there are errors with the complexity validations
+        # unless user_validator.valid?
+        #     return respond_with_error("password_complexity_error", password_complexity.failures)
+        # end
+
+        # persist new user
+        if user.save
+            respond_with_successful()
+        else
+            respond_with_error(user.errors.full_messages.to_sentence)
+        end
+    end
+
+    # GET /resource/edit
+    # def edit
+    #   super
+    # end
+
+    # PUT /resource
+    # def update
+    #   super
+    # end
+
+    # DELETE /resource
+    # def destroy
+    #   super
+    # end
+
+    # GET /resource/cancel
+    # Forces the session data which is usually expired after sign
+    # in to be expired now. This is useful if the user wants to
+    # cancel oauth signing in/up in the middle of the process,
+    # removing all OAuth session data.
+    # def cancel
+    #   super
+    # end
+
+    protected
+
+    # If you have extra params to permit, append them to the sanitizer.
+    # def configure_account_update_params
+    #   devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
+    # end
+
+    # If you have extra params to permit, append them to the sanitizer.
+    def configure_sign_up_params
+        devise_parameter_sanitizer.permit(:sign_up, keys: [
+            :email, 
+            :password, 
+            :password_confirmation
+        ])
+    end
+
+    # The path used after sign up.
+    # def after_sign_up_path_for(resource)
+    #   super(resource)
+    # end
+
+    # The path used after sign up for inactive accounts.
+    # def after_inactive_sign_up_path_for(resource)
+    #   super(resource)
+    # end
+
+    # def sign_up_params
+    #     params.permit(:sign_up, keys: [
+    #         :email, 
+    #         :password, 
+    #         :password_confirmation
+    #     ])
+    # end
+
+    def sign_up_params
+        params.permit(:sign_up, 
+            :email, 
+            :password, 
+            :password_confirmation
+        )
+    end
+end

data/app/controllers/users/sessions_controller.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+class Users::SessionsController < Devise::SessionsController
+
+    # Creates a new session for the user and allows them access to the platform
+    def create
+
+        # search for a existing user 
+        user = Lesli::User.find_for_database_authentication(email: sign_in_params[:email])
+
+        # respond with a no valid credentials generic error if not valid user found
+        unless user
+            # Lesli::Account::Activity.log("core", "/session/create", "session_creation_failed", "no_valid_email", {
+            #     email: (sign_in_params[:email] || "")
+            # }) 
+            return respond_with_error(I18n.t("core.users/sessions.invalid_credentials"))
+        end
+
+        # save a invalid credentials log for the requested user
+        log = user.logs.new({ title: "session_creation_atempt" })
+
+        # check password validation
+        unless user.valid_password?(sign_in_params[:password])
+
+            # save a invalid credentials log for the requested user
+            log.update({
+                title: "session_creation_failed",
+                description: "invalid_credentials"
+            })
+
+            # respond with a no valid credentials generic error if not valid user found
+            return respond_with_error(I18n.t("core.users/sessions.invalid_credentials"))
+
+        end
+
+        # check if user meet requirements to create a new session
+        Lesli::UsersValidator.new(user).valid? do |valid, failures|
+
+            # if user do not meet requirements to login
+            unless valid
+
+                log.update({
+                    title: "session_creation_failed",
+                    description: failures.join(", ")
+                })
+
+                # return and respond with the reasons user is not able to login
+                return respond_with_error(failures.join(", "))
+
+            end
+
+        end
+
+
+        # remember the user (not enabled by default)
+        # remember_me(user) if sign_in_params[:remember_me] == '1'
+
+
+        # create a new session for the user
+        current_session = Lesli::UserSessionService.new(user)
+        .create(get_user_agent(false), request.remote_ip)
+
+        # make session id globally available
+        session[:user_session_id] = current_session[:id]
+
+        # create a new multi factor authentication service instance for the current user 
+        #mfa_service = User::MfaService.new(user, log)
+
+        # generate a new mfa for the current session (if enabled)
+        #mfa_service.generate do |success|
+            # mfa was successfully generated, return the user to the mfa page
+            # return respond_with_successful({ default_path: "mfa" }) if success
+        #end 
+
+        # do a user login
+        sign_in(:user, user)
+
+        # respond successful and send the path user should go
+        #respond_with_successful({ default_path: user.has_role_with_default_path?() })
+        respond_with_successful({ default_path: Lesli.config.path_after_login || "/" })
+
+    end
+
+    private 
+
+    # @return [Parameters] Allowed parameters for the discussion
+    # @description Sanitizes the parameters received from an HTTP call to only allow the specified ones.
+    #     Allowed params are _:email_, _:password_.
+    # @example
+    #     supose params contains {
+    #         "user": {
+    #             "id": 5,
+    #             "email": "john.smith@email.com",
+    #             "password": "my_password_123"
+    #         }
+    #     }
+    #     allowed_params = sign_in_params
+    #     puts allowed_params
+    #     will remove the _id_ field and only print {
+    #         "user": {
+    #             "email": "john.smith@email.com",
+    #             "password": "my_password_123"
+    #         }
+    #     }
+    def sign_in_params
+        params.fetch(:user, {}).permit(:email, :password)
+    end
+
+end

data/app/controllers/users/unlocks_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class Users::UnlocksController < Devise::UnlocksController
+  # GET /resource/unlock/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/unlock
+  # def create
+  #   super
+  # end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after sending unlock password instructions
+  # def after_sending_unlock_instructions_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after unlocking the resource
+  # def after_unlock_path_for(resource)
+  #   super(resource)
+  # end
+end

data/app/helpers/lesli_shield/application_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module ApplicationHelper
+  end
+end

data/app/helpers/lesli_shield/dashboards_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module DashboardsHelper
+  end
+end

data/app/jobs/lesli_shield/application_job.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/mailers/lesli_shield/application_mailer.rb

@@ -0,0 +1,6 @@
+module LesliShield
+  class ApplicationMailer < ActionMailer::Base
+    default from: "from@example.com"
+    layout "mailer"
+  end
+end

data/app/models/lesli_shield/application_record.rb

@@ -0,0 +1,5 @@
+module LesliShield
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/lesli_shield/dashboard/component.rb

@@ -0,0 +1,18 @@
+module LesliShield
+    class Dashboard::Component < ApplicationRecord
+
+        belongs_to :dashboard, inverse_of: :components
+
+        def self.component_ids
+            ["audit-users", "audit-roles"]
+        end
+        # components_ids: {
+        #     list_new_tickets: "list_new_tickets",
+        #     list_my_tickets: "list_my_tickets",
+        #     list_unassigned_tickets: "list_unassigned_tickets",
+        #     chart_tickets_by_type: "chart_tickets_by_type",
+        #     chart_tickets_by_category: "chart_tickets_by_category",
+        #     hours_worked: "hours_worked"
+        # }
+    end
+end

data/app/models/lesli_shield/dashboard.rb

@@ -0,0 +1,31 @@
+module LesliShield
+    class Dashboard < Lesli::Shared::Dashboard
+        self.table_name = "lesli_shield_dashboards"
+        belongs_to :account
+
+        has_many :components, inverse_of: :dashboard, autosave: true, dependent: :destroy
+        accepts_nested_attributes_for :components, allow_destroy: true
+
+        def self.initialize_account(account)
+            self.create!(
+                account: account,
+                name: "Audit Default Dashboard",
+                default: true,
+                main: false,
+                components_attributes: [{
+                    name: "Total users",
+                    component_id: "audit-users",
+                    layout: 3,
+                    query_configuration: {},
+                    custom_configuration: {}
+                }, {
+                    name: "Roles",
+                    component_id: "audit-roles",
+                    layout: 3,
+                    query_configuration: {},
+                    custom_configuration: {}
+                }]
+            )
+        end
+    end
+end

data/app/views/devise/confirmations/new.html.erb

@@ -0,0 +1,2 @@
+<h2>Resend confirmation instructions</h2>
+