RubyGems - linked_rails-auth - Versions diffs - 0.0.1 - Mend

linked_rails-auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

data/README.md ADDED Viewed

@@ -0,0 +1,28 @@
+# LinkedRails::Auth
+Short description and motivation.
+## Usage
+How to use my plugin.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'linked_rails-auth'
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install linked_rails-auth
+```
+## Contributing
+Contribution directions go here.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'LinkedRails::Auth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+load 'rails/tasks/statistics.rake'
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+task default: :test

data/app/actions/linked_rails/auth/access_token_action_list.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokenActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.access_token_class
+      end
+      has_singular_create_action(
+        type: [Vocab.ontola['Create::Auth::AccessToken'], Vocab.schema.CreateAction],
+        url: -> { LinkedRails.iri(path: '/login') }
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/confirmation_action_list.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.confirmation_class
+      end
+      has_singular_create_action(
+        form: -> { resource.class.try(:form_class) },
+        type: [Vocab.ontola['Create::Auth::Confirmation'], Vocab.schema.CreateAction]
+      )
+      has_singular_update_action(form: -> { nil })
+    end
+  end
+end

data/app/actions/linked_rails/auth/otp_attempt_action_list.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpAttemptActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.otp_attempt_class
+      end
+      has_singular_create_action(type: Vocab.schema[:CreateAction])
+    end
+  end
+end

data/app/actions/linked_rails/auth/otp_secret_action_list.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpSecretActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.otp_secret_class
+      end
+      has_singular_create_action(
+        type: Vocab.schema[:CreateAction],
+        url: lambda {
+          LinkedRails.iri(
+            path: 'u/otp_secret',
+            query: {session: resource.encoded_session}.compact.to_param.presence
+          )
+        },
+        root_relative_iri: lambda {
+          RDF::URI(
+            path: '/u/otp_secret/new',
+            query: {session: resource.encoded_session}.compact.to_param.presence
+          )
+        }
+      )
+      has_singular_destroy_action(
+        description: -> { I18n.t('actions.otp_secrets.destroy.description', name: resource.owner.display_name) }
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/password_action_list.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class PasswordActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.password_class
+      end
+      has_singular_create_action(
+        type: [Vocab.ontola['Create::Auth::Password'], Vocab.schema.CreateAction]
+      )
+      has_singular_update_action(
+        label: nil,
+        root_relative_iri: lambda {
+          RDF::URI(
+            path: '/u/password/edit',
+            query: {reset_password_token: resource.reset_password_token}.compact.to_param.presence
+          )
+        }
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/registration_action_list.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class RegistrationActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.registration_class
+      end
+      has_singular_create_action(
+        root_relative_iri: '/u/registration/new'
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/session_action_list.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class SessionActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.session_class
+      end
+      has_singular_create_action(
+        root_relative_iri: lambda {
+          uri = resource.root_relative_iri.dup
+          uri.path ||= ''
+          uri.path += '/new'
+          uri.query = {redirect_url: resource.redirect_url}.compact.to_param.presence
+          uri.to_s
+        },
+        type: [Vocab.ontola['Create::Auth::Session'], Vocab.schema.CreateAction]
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/unlock_action_list.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class UnlockActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.unlock_class
+      end
+      has_singular_create_action(
+        form: -> { resource.class.try(:form_class) }
+      )
+      has_singular_update_action
+    end
+  end
+end

data/app/controllers/linked_rails/auth/access_tokens_controller.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokensController < Doorkeeper::TokensController # rubocop:disable Metrics/ClassLength
+      def create
+        headers.merge!(authorize_response.headers)
+        create_success_effects if authorize_response.status == :ok
+        render json: authorize_response.body, status: authorize_response.status
+      rescue Doorkeeper::Errors::DoorkeeperError => e
+        handle_token_exception(e)
+      end
+      private
+      def create_success_effects
+        if enter_otp? && !strategy.is_a?(Doorkeeper::Request::RefreshToken)
+          redirect_to_otp_attempt
+        elsif !otp_activated? && otp_setup_required? && !strategy.is_a?(Doorkeeper::Request::RefreshToken)
+          redirect_to_otp_secret
+        else
+          handle_new_token
+        end
+      end
+      def enter_otp?
+        otp_activated?
+      end
+      def handle_new_token
+        update_oauth_token(authorize_response.token)
+        response.headers['Location'] = redirect_url_param if redirect_url_param
+      end
+      def handle_token_exception(exception)
+        active_response_block do
+          case active_response_type
+          when :json
+            handle_token_exception_json(exception)
+          else
+            respond_with_invalid_resource(resource: token_with_errors(exception))
+          end
+        end
+      end
+      def handle_token_exception_json(exception) # rubocop:disable Metrics/AbcSize
+        error = get_error_response_from_exception(exception)
+        headers.merge!(error.headers)
+        Bugsnag.notify(exception)
+        Rails.logger.info(error.body.merge(class: exception.class.name).to_json)
+        self.response_body = error.body.merge(class: exception.class.name).to_json
+        self.status = error.status
+      end
+      def otp_activated?
+        @otp_activated ||= LinkedRails.otp_secret_class.activated?(authorize_response.token.resource_owner_id)
+      end
+      def otp_attempt_form_iri
+        LinkedRails.iri(path: 'u/otp_attempt/new', query: {session: session_param}.to_param)
+      end
+      def otp_secret_form_iri
+        LinkedRails.iri(path: 'u/otp_secret/new', query: {session: session_param}.to_param)
+      end
+      def otp_setup_required?
+        false
+      end
+      def redirect_to_otp_attempt
+        response.headers['Location'] = otp_attempt_form_iri.to_s
+        @authorize_response = Doorkeeper::OAuth::TokenResponse.new(Doorkeeper::AccessToken.new)
+      end
+      def redirect_to_otp_secret
+        response.headers['Location'] = otp_secret_form_iri.to_s
+        @authorize_response = Doorkeeper::OAuth::TokenResponse.new(Doorkeeper::AccessToken.new)
+      end
+      def session_param
+        sign_payload(
+          exp: 10.minutes.from_now.to_i,
+          user_id: authorize_response.token.resource_owner_id,
+          redirect_uri: redirect_url_param
+        )
+      end
+      def sign_payload(payload)
+        JWT.encode(
+          payload,
+          Doorkeeper::JWT.configuration.secret_key,
+          Doorkeeper::JWT.configuration.encryption_method.to_s.upcase
+        )
+      end
+      def raise_login_error(request) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        raise(
+          if LinkedRails.user_class.find_by(email: request.params[:user][:email]).nil?
+            LinkedRails::Auth::Errors::UnknownEmail.new
+          elsif request.env['warden'].message == :invalid
+            LinkedRails::Auth::Errors::WrongPassword.new
+          elsif request.env['warden'].message == :not_found_in_database
+            LinkedRails::Auth::Errors::WrongPassword.new
+          else
+            "unhandled login state #{request.env['warden'].message}"
+          end
+        )
+      end
+      def redirect_url_param
+        params[:access_token].try(:[], :redirect_url) || params[:redirect_url]
+      end
+      def token_with_errors(exception)
+        token_with_errors = AccessToken.new
+        field = [LinkedRails::Auth::Errors::WrongPassword].include?(exception.class) ? :password : :email
+        token_with_errors.errors.add(field, exception.message)
+        token_with_errors
+      end
+      class << self
+        def controller_class
+          LinkedRails.access_token_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/confirmations_controller.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationsController < Devise::ConfirmationsController
+      active_response :show, :update
+      private
+      def after_confirmation_path_for(_resource_name, _resource)
+        if current_user.guest?
+          LinkedRails.iri(path: '/u/session/new').path
+        else
+          LinkedRails.iri.path
+        end
+      end
+      def after_resending_confirmation_instructions_path_for(_resource_name)
+        LinkedRails.iri(path: '/u/session/new').path
+      end
+      def already_confirmed_notice
+        I18n.t('errors.messages.already_confirmed')
+      end
+      def create_failure_message
+        current_resource!.errors.full_messages.join("\n")
+      end
+      def create_execute
+        @current_resource = resource_class.send_confirmation_instructions(resource_params)
+        successfully_sent?(current_resource!)
+      end
+      def create_success_location
+        after_resending_confirmation_instructions_path_for(resource_name)
+      end
+      def create_success_message
+        find_message(:send_instructions)
+      end
+      def original_token
+        @original_token ||= params[:confirmation_token]
+      end
+      def resource_params
+        params.fetch(resource_name, nil) ||
+          params.fetch(controller_name.singularize, {})
+      end
+      def show_success
+        return super unless current_resource!.confirmed?
+        add_exec_action_header(response.headers, ontola_redirect_action(current_resource!.redirect_url))
+        add_exec_action_header(response.headers, ontola_snackbar_action(already_confirmed_notice))
+        super
+      end
+      def update_execute
+        current_resource!.confirm!
+      end
+      def update_failure
+        respond_with_redirect(
+          location: after_confirmation_path_for(resource_name, current_resource!),
+          notice: user_by_token.errors.full_messages.first
+        )
+      end
+      def update_success
+        respond_with_redirect(
+          location: after_confirmation_path_for(resource_name, current_resource!),
+          notice: find_message(:confirmed)
+        )
+      end
+      class << self
+        def controller_class
+          LinkedRails.confirmation_class
+        end
+      end
+    end
+  end
+end