RubyGems - linked_rails-auth - Versions diffs - 0.0.1 - Mend

linked_rails-auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

data/app/policies/linked_rails/auth/access_token_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokenPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email password redirect_url]
+      def create?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/confirmation_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email]
+      def create?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/otp_attempt_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpAttemptPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[otp_attempt]
+      def show?
+        user_context.guest?
+      end
+      def create?
+        user_context.guest? && record.active?
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/otp_secret_policy.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpSecretPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[otp_attempt]
+      def show?
+        user_context.guest? || current_user? || administrate_otp?
+      end
+      def create?
+        return forbid_with_message(I18n.t('messages.otp_secrets.already_exists')) if user_context.otp_active?
+        user_context.guest? || current_user?
+      end
+      def destroy?
+        raise(ActiveRecord::RecordNotFound) unless administrate_otp? || current_user?
+        return forbid_with_message(I18n.t('messages.otp_secrets.not_activated')) unless record.active?
+        current_user? || administrate_otp?
+      end
+      private
+      def current_user?
+        record.owner_id == user_context.id
+      end
+      def administrate_otp?
+        false
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/password_policy.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class PasswordPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[password password_confirmation reset_password_token],
+                        has_properties: {reset_password_token: true}
+      permit_attributes %i[email], has_properties: {reset_password_token: false}
+      def create?
+        true
+      end
+      def update?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/registration_policy.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class RegistrationPolicy < Pundit::PolicyFinder.new(LinkedRails.user_class).policy || LinkedRails.policy_parent_class
+      permit_attributes %i[email password password_confirmation redirect_url]
+      def create?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/session_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class SessionPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email redirect_url]
+      def create?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/unlock_policy.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class UnlockPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email]
+      def create?
+        true
+      end
+      def update?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/serializers/linked_rails/auth/access_token_serializer.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokenSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :password, predicate: Vocab.ontola[:password], datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/confirmation_serializer.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/otp_attempt_serializer.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpAttemptSerializer < LinkedRails.serializer_parent_class
+      attribute :otp_attempt,
+                predicate: LinkedRails.app_ns[:otp],
+                datatype: RDF::XSD[:integer],
+                if: method(:never)
+    end
+  end
+end

data/app/serializers/linked_rails/auth/otp_secret_serializer.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpSecretSerializer < LinkedRails.serializer_parent_class
+      attribute :otp_attempt,
+                predicate: LinkedRails.app_ns[:otp],
+                datatype: RDF::XSD[:integer],
+                if: method(:never)
+      attribute :active, predicate: LinkedRails.app_ns[:otpActive]
+      has_one :image, predicate: Vocab.schema.image
+    end
+  end
+end

data/app/serializers/linked_rails/auth/password_serializer.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class PasswordSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :password,
+                predicate: Vocab.ontola[:password],
+                datatype: Vocab.ontola['datatype/password'],
+                if: method(:never)
+      attribute :password_confirmation,
+                predicate: Vocab.ontola[:passwordConfirmation],
+                datatype: Vocab.ontola['datatype/password'],
+                if: method(:never)
+      attribute :reset_password_token, predicate: Vocab.ontola[:resetPasswordToken], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/registration_serializer.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class RegistrationSerializer < RDF::Serializers.serializer_for(LinkedRails.user_class) || LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :password, predicate: Vocab.ontola[:password], datatype: RDF::XSD[:string]
+      attribute :password_confirmation, predicate: Vocab.ontola[:passwordConfirmation], datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/session_serializer.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class SessionSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/unlock_serializer.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class UnlockSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+    end
+  end
+end

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+Rails.application.routes.draw do
+end

data/lib/generators/linked_rails/auth/install_generator.rb ADDED Viewed

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+require "rails/generators"
+require "rails/generators/active_record"
+module LinkedRails
+  module Auth
+    class InstallGenerator < ::Rails::Generators::Base
+      include ::Rails::Generators::Migration
+      source_root File.expand_path("templates", __dir__)
+      desc "Installs LinkedRails Auth."
+      def install
+        template "doorkeeper_jwt_initializer.rb", "config/initializers/doorkeeper_jwt.rb"
+        template "locales.yml", "config/locales/linked_rails_auth.en.yml"
+        route "use_linked_rails_auth"
+        migration_template(
+          "migration.rb.erb",
+          "db/migrate/install_linked_rails_auth.rb",
+          migration_version: migration_version
+        )
+        update_user_model
+        insert_doorkeeper
+        create_doorkeeper_app
+        readme "README"
+      end
+      private
+      def create_doorkeeper_app
+        if Doorkeeper::Application.any?
+          Rails.logger.info('Skipping Doorkeeper app creation, already exists')
+          return
+        end
+        client_id = ask('Enter the client_id of your doorkeeper app', default: 'client_id')
+        client_secret = ask('Enter the client_secret of your doorkeeper app', default: 'client_secret')
+        client_token = ask('Enter the client_token of your doorkeeper app. Leave empty to create new.')
+        libro_app = Doorkeeper::Application.find_or_initialize_by(uid: client_id) do |app|
+          app.name = 'Libro'
+          app.redirect_uri = 'http://example.com/'
+          app.scopes = 'guest user'
+          app.secret = client_secret
+        end
+        libro_app.save!(validate: false)
+        # rubocop:disable Rails/SkipsModelValidations
+        libro_app.update_columns(uid: client_id, secret: client_secret)
+        # rubocop:enable Rails/SkipsModelValidations
+        ActiveRecord::Base.connection.try(:reset_pk_sequence!, Doorkeeper::Application.table_name)
+        token = Doorkeeper::AccessToken.find_or_create_for(
+          application: libro_app,
+          scopes: 'service',
+          expires_in: 10.years.to_i,
+          resource_owner: nil,
+          use_refresh_token: true
+        )
+        if client_token.present?
+          token.update(token: client_token)
+        else
+          Rails.logger.info("Generated client token: #{token.token}")
+        end
+      end
+      def insert_doorkeeper
+        file = 'config/initializers/doorkeeper.rb'
+        data = "api_only\n"\
+          "base_controller 'ApplicationController'\n"\
+          "base_metal_controller 'ApplicationController'\n"
+        inject_into_file file, optimize_indentation(data, 2), after: "orm :active_record\n", verbose: false
+        uncomment_lines file, "access_token_generator '::Doorkeeper::JWT'"
+        uncomment_lines file, 'use_refresh_token'
+        replace_doorkeeper_line(
+          '# default_scopes  :public',
+          'default_scopes  :guest'
+        )
+        replace_doorkeeper_line(
+          '# optional_scopes :write, :update',
+          'optional_scopes  :user'
+        )
+        replace_doorkeeper_line(
+          '# grant_flows %w[authorization_code client_credentials]',
+          'grant_flows %w[client_credentials authorization_code password]'
+        )
+        replace_doorkeeper_line("resource_owner_authenticator do\n(.*?)end\n", authentication, true)
+      end
+      def authentication
+        <<-FOO
+  resource_owner_authenticator do
+    if doorkeeper_token&.acceptable?('user')
+      User.find_by(id: doorkeeper_token.resource_owner_id)
+    elsif doorkeeper_token&.acceptable?('guest') && doorkeeper_token_payload['user']
+      LinkedRails.guest_user_class.new(id: doorkeeper_token.resource_owner_id)
+    end
+  end
+  resource_owner_from_credentials do
+    request.params[:user] = request.params[:access_token] || {}
+    request.params[:user][:email] ||= (request.params[:username] || request.params[:email])&.downcase
+    request.params[:user][:password] ||= request.params[:token] || request.params[:password]
+    request.env['devise.allow_params_authentication'] = true
+    user =
+      if request.params[:scope] == 'guest'
+        LinkedRails.guest_user_class.new
+      else
+        request.env['warden'].authenticate(scope: :user, store: false)
+      end
+    raise_login_error(request) if user.blank?
+    request.env['warden'].logout
+    user
+  end
+      FOO
+      end
+      def inject_controller_include
+        sentinel = /LinkedRails::Controller\n/m
+        in_root do
+          inject_into_file(
+            "app/controllers/application_controller.rb",
+            optimize_indentation('include LinkedRails::Auth::AuthHelper', 2),
+            after: sentinel
+          )
+        end
+      end
+      def migration_version
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+      def replace_doorkeeper_line(old, new, multi_line_sentinel = false)
+        sentinel = multi_line_sentinel ? /^(\s*)#{old}/m : /^(\s*)#[[:blank:]]*(.*#{old})/
+        gsub_file('config/initializers/doorkeeper.rb', sentinel, new)
+      end
+      def update_user_model
+        file = 'app/models/user.rb'
+        no_guest = "\ndef guest?\n  false\nend"
+        inject_into_file file, optimize_indentation(no_guest, 2), after: ":recoverable, :rememberable, :validatable\n", verbose: false
+      end
+      class << self
+        def next_migration_number(dirname)
+          ActiveRecord::Generators::Base.next_migration_number(dirname)
+        end
+      end
+    end
+  end
+end