linked_rails-auth 0.0.1

data/app/models/linked_rails/auth/confirmation.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class Confirmation < LinkedRails::Resource
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Updatable
+      enhance LinkedRails::Enhancements::Singularable
+      attr_accessor :confirmation_token, :email, :user, :password_token
+      alias root_relative_iri root_relative_singular_iri
+
+      def anonymous_iri?
+        confirmation_token.blank?
+      end
+
+      def confirm!
+        owner!.confirm
+      end
+
+      delegate :confirmed?, to: :owner!
+
+      def singular_iri_opts
+        {confirmation_token: confirmation_token}
+      end
+
+      def redirect_url
+        LinkedRails.iri
+      end
+
+      def owner!
+        owner || raise(ActiveRecord::RecordNotFound)
+      end
+
+      class << self
+        def action_list
+          LinkedRails.confirmation_action_list_class
+        end
+
+        def form_class
+          LinkedRails.confirmation_form_class
+        end
+
+        def iri_namespace
+          Vocab.ontola
+        end
+
+        def singular_iri_template
+          @singular_iri_template ||= URITemplate.new("/#{singular_route_key}{?confirmation_token}")
+        end
+
+        def requested_singular_resource(params, _user_context)
+          return new unless params.key?(:confirmation_token)
+
+          user_by_token = LinkedRails.user_class.find_by(confirmation_token: params[:confirmation_token])
+          return if user_by_token.blank?
+
+          new(
+            confirmation_token: params[:confirmation_token],
+            user: user_by_token
+          )
+        end
+
+        def singular_route_key
+          'u/confirmation'
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/guest_user.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class GuestUser
+      include ActiveModel::Model
+      include LinkedRails::Model
+      attr_writer :id
+
+      def email; end
+
+      def guest?
+        true
+      end
+
+      def id
+        @id ||= SecureRandom.hex
+      end
+
+      def iri_opts
+        {id: id}
+      end
+
+      def self.iri
+        Vocab.ontola[:GuestUser]
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/otp_attempt.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class OtpAttempt < OtpBase
+      def raise_on_persisting(_opts = {})
+        raise "#{self.class.name} should not be persisted"
+      end
+      ActiveRecord::Persistence.instance_methods.each do |method|
+        alias_method method, :raise_on_persisting unless method.to_s.include?('?')
+      end
+
+      alias root_relative_iri root_relative_singular_iri
+
+      def save
+        validate_otp_attempt
+
+        errors.empty?
+      end
+
+      class << self
+        def form_class
+          LinkedRails.otp_attempt_form_class
+        end
+
+        def singular_route_key
+          'u/otp_attempt'
+        end
+
+        def requested_singular_resource(params, user_context)
+          owner = owner_for_otp(params, user_context)
+          return if owner.blank?
+
+          attempt = LinkedRails.otp_attempt_class.find_by(owner: owner) || LinkedRails.otp_attempt_class.new
+          attempt.encoded_session = params[:session]
+          attempt
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/otp_base.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class OtpBase < ApplicationRecord
+      self.table_name = 'otp_secrets'
+      self.abstract_class = true
+
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Singularable
+
+      extend OtpHelper
+      include OtpHelper
+
+      has_one_time_password
+      belongs_to :owner, class_name: LinkedRails.otp_owner_class.to_s
+      validates :owner, presence: true
+
+      attr_accessor :encoded_session, :otp_attempt
+
+      private
+
+      def decoded_session
+        @decoded_session ||= session_from_param(encoded_session)
+      end
+
+      def singular_iri_opts
+        {session: encoded_session}
+      end
+
+      def validate_otp_attempt
+        return if persisted? && authenticate_otp(otp_attempt, drift: LinkedRails::Auth.otp_drift)
+
+        errors.add(:otp_attempt, I18n.t('messages.otp_secrets.invalid'))
+      end
+
+      class << self
+        def iri_template
+          @iri_template ||= URITemplate.new("/#{route_key}{/id}{?session}{#fragment}")
+        end
+
+        def singular_iri_template
+          @singular_iri_template ||= URITemplate.new("{/parent_iri*}/#{singular_route_key}{?session}{#fragment}")
+        end
+
+        def owner_for_otp(params, user_context)
+          if params.key?(:session)
+            owner_from_session(params[:session])
+          else
+            user_context unless user_context.guest?
+          end
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/otp_secret.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require 'rqrcode'
+
+module LinkedRails
+  module Auth
+    class OtpSecret < OtpBase
+      enhance LinkedRails::Enhancements::Destroyable
+
+      validate :validate_otp_attempt, on: %i[update]
+
+      def image
+        return if active? || !persisted?
+
+        @image ||=
+          LinkedRails::MediaObject.new(
+            content_url: data_url,
+            content_type: 'image/png',
+            iri: LinkedRails.iri(path: root_relative_iri, fragment: 'image')
+          )
+      end
+
+      def iri_opts
+        {id: id}
+      end
+
+      def redirect_url
+        decoded_session['redirect_uri'] || LinkedRails.iri.to_s
+      end
+
+      private
+
+      def data_url
+        [
+          'data:image/svg+xml;base64,',
+          RQRCode::QRCode.new(provisioning_uri(owner.email, issuer: issuer)).as_svg(module_size: 4).to_s
+        ].pack('A*m').delete("\n")
+      end
+
+      def issuer
+        return issuer_name if Rails.env.production?
+
+        "#{issuer_name} #{Rails.env}"
+      end
+
+      def issuer_name
+        Rails.application.railtie_name.chomp('_application').humanize
+      end
+
+      class << self
+        def activated?(owner_id)
+          LinkedRails.otp_secret_class.exists?(
+            owner_id: owner_id,
+            active: true
+          )
+        end
+
+        def form_class
+          LinkedRails.otp_secret_form_class
+        end
+
+        def preview_includes
+          %i[image]
+        end
+
+        def requested_singular_resource(params, user_context)
+          owner = owner_for_otp(params, user_context)
+          return if owner.blank?
+
+          secret = LinkedRails.otp_secret_class.find_or_create_by!(owner: owner)
+          secret.encoded_session = params[:session]
+          secret
+        rescue ActiveRecord::RecordNotUnique
+          requested_singular_resource(params, user_context)
+        end
+
+        def requested_single_resource(params, _user_context)
+          LinkedRails.otp_secret_class.find_by(id: params[:id])
+        end
+
+        def route_key
+          'u/otp_secrets'
+        end
+
+        def singular_route_key
+          'u/otp_secret'
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/password.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class Password < LinkedRails::Resource
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Updatable
+      enhance LinkedRails::Enhancements::Singularable
+      attr_accessor :email, :password, :password_confirmation, :user, :reset_password_token
+      alias root_relative_iri root_relative_singular_iri
+
+      class << self
+        def action_list
+          LinkedRails.password_action_list_class
+        end
+
+        def decrypt_token(token)
+          Devise.token_generator.digest(self, :reset_password_token, token)
+        end
+
+        def form_class
+          LinkedRails.password_form_class
+        end
+
+        def iri_namespace
+          Vocab.ontola
+        end
+
+        def requested_singular_resource(params, _user_context)
+          reset_password_token = decrypt_token(params[:reset_password_token])
+          user_by_token ||= LinkedRails.user_class.find_by(reset_password_token: reset_password_token)
+          return new(reset_password_token: params[:reset_password_token]) if user_by_token.blank?
+
+          new(
+            reset_password_token: params[:reset_password_token],
+            user: user_by_token
+          )
+        end
+
+        def singular_route_key
+          'u/password'
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/registration.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class Registration < LinkedRails.user_class
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Singularable
+
+      attr_accessor :redirect_url
+
+      class << self
+        def action_list
+          LinkedRails.registration_action_list_class
+        end
+
+        def form_class
+          LinkedRails.registration_form_class
+        end
+
+        def iri_namespace
+          Vocab.ontola
+        end
+
+        def iri_template
+          LinkedRails.user_class.iri_template
+        end
+
+        def requested_singular_resource(_params, user_context)
+          build_new(user_context: user_context)
+        end
+
+        def singular_route_key
+          'u/registration'
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/session.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class Session < LinkedRails::Resource
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Destroyable
+      enhance LinkedRails::Enhancements::Singularable
+      alias root_relative_iri root_relative_singular_iri
+
+      attr_accessor :email, :redirect_url
+
+      def singular_iri_opts
+        {redirect_url: redirect_url}
+      end
+
+      class << self
+        def action_list
+          LinkedRails.session_action_list_class
+        end
+
+        def form_class
+          LinkedRails.session_form_class
+        end
+
+        def iri_namespace
+          Vocab.ontola
+        end
+
+        def singular_iri_template
+          @singular_iri_template ||= URITemplate.new("/#{singular_route_key}{?redirect_url}")
+        end
+        alias iri_template singular_iri_template
+
+        def requested_singular_resource(params, _user_context)
+          new(redirect_url: params[:redirect_url])
+        end
+
+        def singular_route_key
+          'u/session'
+        end
+      end
+    end
+  end
+end

data/app/models/linked_rails/auth/unlock.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module LinkedRails
+  module Auth
+    class Unlock < LinkedRails::Resource
+      enhance LinkedRails::Enhancements::Actionable
+      enhance LinkedRails::Enhancements::Creatable
+      enhance LinkedRails::Enhancements::Updatable, except: %i[Serializer]
+      enhance LinkedRails::Enhancements::Singularable
+      attr_accessor :email, :unlock_token, :user
+      alias root_relative_iri root_relative_singular_iri
+
+      def anonymous_iri?
+        unlock_token.blank?
+      end
+
+      def singular_iri_opts
+        {unlock_token: unlock_token}
+      end
+
+      class << self
+        def action_list
+          LinkedRails.unlock_action_list_class
+        end
+
+        def decrypt_token(token)
+          Devise.token_generator.digest(self, :unlock_token, token)
+        end
+
+        def form_class
+          LinkedRails.unlock_form_class
+        end
+
+        def iri_namespace
+          Vocab.ontola
+        end
+
+        def singular_iri_template
+          @singular_iri_template ||= URITemplate.new("/#{singular_route_key}{?unlock_token}")
+        end
+
+        def singular_route_key
+          'u/unlock'
+        end
+
+        def requested_singular_resource(params, _user_context)
+          token = decrypt_token(token)
+          user_by_token ||= LinkedRails.user_class.find_by(unlock_token: token)
+          return new(unlock_token: params[:unlock_token]) if user_by_token.blank?
+
+          new(
+            unlock_token: params[:unlock_token],
+            user: user_by_token
+          )
+        end
+      end
+    end
+  end
+end