RubyGems - linked_rails-auth - Versions diffs - 0.0.1 - Mend

linked_rails-auth 0.0.1

Files changed (76) hide show

data/README.md ADDED Viewed

@@ -0,0 +1,28 @@
+# LinkedRails::Auth
+Short description and motivation.
+## Usage
+How to use my plugin.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'linked_rails-auth'
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install linked_rails-auth
+```
+## Contributing
+Contribution directions go here.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'LinkedRails::Auth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+load 'rails/tasks/statistics.rake'
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+task default: :test

data/app/actions/linked_rails/auth/access_token_action_list.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokenActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.access_token_class
+      end
+      has_singular_create_action(
+        type: [Vocab.ontola['Create::Auth::AccessToken'], Vocab.schema.CreateAction],
+        url: -> { LinkedRails.iri(path: '/login') }
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/confirmation_action_list.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.confirmation_class
+      end
+      has_singular_create_action(
+        form: -> { resource.class.try(:form_class) },
+        type: [Vocab.ontola['Create::Auth::Confirmation'], Vocab.schema.CreateAction]
+      )
+      has_singular_update_action(form: -> { nil })
+    end
+  end
+end

data/app/actions/linked_rails/auth/otp_attempt_action_list.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpAttemptActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.otp_attempt_class
+      end
+      has_singular_create_action(type: Vocab.schema[:CreateAction])
+    end
+  end
+end

data/app/actions/linked_rails/auth/otp_secret_action_list.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpSecretActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.otp_secret_class
+      end
+      has_singular_create_action(
+        type: Vocab.schema[:CreateAction],
+        url: lambda {
+          LinkedRails.iri(
+            path: 'u/otp_secret',
+            query: {session: resource.encoded_session}.compact.to_param.presence
+          )
+        },
+        root_relative_iri: lambda {
+          RDF::URI(
+            path: '/u/otp_secret/new',
+            query: {session: resource.encoded_session}.compact.to_param.presence
+          )
+        }
+      )
+      has_singular_destroy_action(
+        description: -> { I18n.t('actions.otp_secrets.destroy.description', name: resource.owner.display_name) }
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/password_action_list.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class PasswordActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.password_class
+      end
+      has_singular_create_action(
+        type: [Vocab.ontola['Create::Auth::Password'], Vocab.schema.CreateAction]
+      )
+      has_singular_update_action(
+        label: nil,
+        root_relative_iri: lambda {
+          RDF::URI(
+            path: '/u/password/edit',
+            query: {reset_password_token: resource.reset_password_token}.compact.to_param.presence
+          )
+        }
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/registration_action_list.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class RegistrationActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.registration_class
+      end
+      has_singular_create_action(
+        root_relative_iri: '/u/registration/new'
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/session_action_list.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class SessionActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.session_class
+      end
+      has_singular_create_action(
+        root_relative_iri: lambda {
+          uri = resource.root_relative_iri.dup
+          uri.path ||= ''
+          uri.path += '/new'
+          uri.query = {redirect_url: resource.redirect_url}.compact.to_param.presence
+          uri.to_s
+        },
+        type: [Vocab.ontola['Create::Auth::Session'], Vocab.schema.CreateAction]
+      )
+    end
+  end
+end

data/app/actions/linked_rails/auth/unlock_action_list.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class UnlockActionList < LinkedRails.action_list_parent_class
+      def self.actionable_class
+        LinkedRails.unlock_class
+      end
+      has_singular_create_action(
+        form: -> { resource.class.try(:form_class) }
+      )
+      has_singular_update_action
+    end
+  end
+end

data/app/controllers/linked_rails/auth/access_tokens_controller.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokensController < Doorkeeper::TokensController # rubocop:disable Metrics/ClassLength
+      def create
+        headers.merge!(authorize_response.headers)
+        create_success_effects if authorize_response.status == :ok
+        render json: authorize_response.body, status: authorize_response.status
+      rescue Doorkeeper::Errors::DoorkeeperError => e
+        handle_token_exception(e)
+      end
+      private
+      def create_success_effects
+        if enter_otp? && !strategy.is_a?(Doorkeeper::Request::RefreshToken)
+          redirect_to_otp_attempt
+        elsif !otp_activated? && otp_setup_required? && !strategy.is_a?(Doorkeeper::Request::RefreshToken)
+          redirect_to_otp_secret
+        else
+          handle_new_token
+        end
+      end
+      def enter_otp?
+        otp_activated?
+      end
+      def handle_new_token
+        update_oauth_token(authorize_response.token)
+        response.headers['Location'] = redirect_url_param if redirect_url_param
+      end
+      def handle_token_exception(exception)
+        active_response_block do
+          case active_response_type
+          when :json
+            handle_token_exception_json(exception)
+          else
+            respond_with_invalid_resource(resource: token_with_errors(exception))
+          end
+        end
+      end
+      def handle_token_exception_json(exception) # rubocop:disable Metrics/AbcSize
+        error = get_error_response_from_exception(exception)
+        headers.merge!(error.headers)
+        Bugsnag.notify(exception)
+        Rails.logger.info(error.body.merge(class: exception.class.name).to_json)
+        self.response_body = error.body.merge(class: exception.class.name).to_json
+        self.status = error.status
+      end
+      def otp_activated?
+        @otp_activated ||= LinkedRails.otp_secret_class.activated?(authorize_response.token.resource_owner_id)
+      end
+      def otp_attempt_form_iri
+        LinkedRails.iri(path: 'u/otp_attempt/new', query: {session: session_param}.to_param)
+      end
+      def otp_secret_form_iri
+        LinkedRails.iri(path: 'u/otp_secret/new', query: {session: session_param}.to_param)
+      end
+      def otp_setup_required?
+        false
+      end
+      def redirect_to_otp_attempt
+        response.headers['Location'] = otp_attempt_form_iri.to_s
+        @authorize_response = Doorkeeper::OAuth::TokenResponse.new(Doorkeeper::AccessToken.new)
+      end
+      def redirect_to_otp_secret
+        response.headers['Location'] = otp_secret_form_iri.to_s
+        @authorize_response = Doorkeeper::OAuth::TokenResponse.new(Doorkeeper::AccessToken.new)
+      end
+      def session_param
+        sign_payload(
+          exp: 10.minutes.from_now.to_i,
+          user_id: authorize_response.token.resource_owner_id,
+          redirect_uri: redirect_url_param
+        )
+      end
+      def sign_payload(payload)
+        JWT.encode(
+          payload,
+          Doorkeeper::JWT.configuration.secret_key,
+          Doorkeeper::JWT.configuration.encryption_method.to_s.upcase
+        )
+      end
+      def raise_login_error(request) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        raise(
+          if LinkedRails.user_class.find_by(email: request.params[:user][:email]).nil?
+            LinkedRails::Auth::Errors::UnknownEmail.new
+          elsif request.env['warden'].message == :invalid
+            LinkedRails::Auth::Errors::WrongPassword.new
+          elsif request.env['warden'].message == :not_found_in_database
+            LinkedRails::Auth::Errors::WrongPassword.new
+          else
+            "unhandled login state #{request.env['warden'].message}"
+          end
+        )
+      end
+      def redirect_url_param
+        params[:access_token].try(:[], :redirect_url) || params[:redirect_url]
+      end
+      def token_with_errors(exception)
+        token_with_errors = AccessToken.new
+        field = [LinkedRails::Auth::Errors::WrongPassword].include?(exception.class) ? :password : :email
+        token_with_errors.errors.add(field, exception.message)
+        token_with_errors
+      end
+      class << self
+        def controller_class
+          LinkedRails.access_token_class
+        end
+      end
+    end
+  end
+end

data/app/controllers/linked_rails/auth/confirmations_controller.rb ADDED Viewed

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationsController < Devise::ConfirmationsController
+      active_response :show, :update
+      private
+      def after_confirmation_path_for(_resource_name, _resource)
+        if current_user.guest?
+          LinkedRails.iri(path: '/u/session/new').path
+        else
+          LinkedRails.iri.path
+        end
+      end
+      def after_resending_confirmation_instructions_path_for(_resource_name)
+        LinkedRails.iri(path: '/u/session/new').path
+      end
+      def already_confirmed_notice
+        I18n.t('errors.messages.already_confirmed')
+      end
+      def create_failure_message
+        current_resource!.errors.full_messages.join("\n")
+      end
+      def create_execute
+        @current_resource = resource_class.send_confirmation_instructions(resource_params)
+        successfully_sent?(current_resource!)
+      end
+      def create_success_location
+        after_resending_confirmation_instructions_path_for(resource_name)
+      end
+      def create_success_message
+        find_message(:send_instructions)
+      end
+      def original_token
+        @original_token ||= params[:confirmation_token]
+      end
+      def resource_params
+        params.fetch(resource_name, nil) ||
+          params.fetch(controller_name.singularize, {})
+      end
+      def show_success
+        return super unless current_resource!.confirmed?
+        add_exec_action_header(response.headers, ontola_redirect_action(current_resource!.redirect_url))
+        add_exec_action_header(response.headers, ontola_snackbar_action(already_confirmed_notice))
+        super
+      end
+      def update_execute
+        current_resource!.confirm!
+      end
+      def update_failure
+        respond_with_redirect(
+          location: after_confirmation_path_for(resource_name, current_resource!),
+          notice: user_by_token.errors.full_messages.first
+        )
+      end
+      def update_success
+        respond_with_redirect(
+          location: after_confirmation_path_for(resource_name, current_resource!),
+          notice: find_message(:confirmed)
+        )
+      end
+      class << self
+        def controller_class
+          LinkedRails.confirmation_class
+        end
+      end
+    end
+  end
+end