RubyGems - linked_rails-auth - Versions diffs - 0.0.1 - Mend

linked_rails-auth 0.0.1

Files changed (76) hide show

data/app/policies/linked_rails/auth/access_token_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokenPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email password redirect_url]
+      def create?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/confirmation_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email]
+      def create?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/otp_attempt_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpAttemptPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[otp_attempt]
+      def show?
+        user_context.guest?
+      end
+      def create?
+        user_context.guest? && record.active?
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/otp_secret_policy.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpSecretPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[otp_attempt]
+      def show?
+        user_context.guest? || current_user? || administrate_otp?
+      end
+      def create?
+        return forbid_with_message(I18n.t('messages.otp_secrets.already_exists')) if user_context.otp_active?
+        user_context.guest? || current_user?
+      end
+      def destroy?
+        raise(ActiveRecord::RecordNotFound) unless administrate_otp? || current_user?
+        return forbid_with_message(I18n.t('messages.otp_secrets.not_activated')) unless record.active?
+        current_user? || administrate_otp?
+      end
+      private
+      def current_user?
+        record.owner_id == user_context.id
+      end
+      def administrate_otp?
+        false
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/password_policy.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class PasswordPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[password password_confirmation reset_password_token],
+                        has_properties: {reset_password_token: true}
+      permit_attributes %i[email], has_properties: {reset_password_token: false}
+      def create?
+        true
+      end
+      def update?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/registration_policy.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class RegistrationPolicy < Pundit::PolicyFinder.new(LinkedRails.user_class).policy || LinkedRails.policy_parent_class
+      permit_attributes %i[email password password_confirmation redirect_url]
+      def create?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/session_policy.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class SessionPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email redirect_url]
+      def create?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/policies/linked_rails/auth/unlock_policy.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class UnlockPolicy < LinkedRails.policy_parent_class
+      permit_attributes %i[email]
+      def create?
+        true
+      end
+      def update?
+        true
+      end
+      def show?
+        true
+      end
+    end
+  end
+end

data/app/serializers/linked_rails/auth/access_token_serializer.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class AccessTokenSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :password, predicate: Vocab.ontola[:password], datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/confirmation_serializer.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class ConfirmationSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/otp_attempt_serializer.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpAttemptSerializer < LinkedRails.serializer_parent_class
+      attribute :otp_attempt,
+                predicate: LinkedRails.app_ns[:otp],
+                datatype: RDF::XSD[:integer],
+                if: method(:never)
+    end
+  end
+end

data/app/serializers/linked_rails/auth/otp_secret_serializer.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class OtpSecretSerializer < LinkedRails.serializer_parent_class
+      attribute :otp_attempt,
+                predicate: LinkedRails.app_ns[:otp],
+                datatype: RDF::XSD[:integer],
+                if: method(:never)
+      attribute :active, predicate: LinkedRails.app_ns[:otpActive]
+      has_one :image, predicate: Vocab.schema.image
+    end
+  end
+end

data/app/serializers/linked_rails/auth/password_serializer.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class PasswordSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :password,
+                predicate: Vocab.ontola[:password],
+                datatype: Vocab.ontola['datatype/password'],
+                if: method(:never)
+      attribute :password_confirmation,
+                predicate: Vocab.ontola[:passwordConfirmation],
+                datatype: Vocab.ontola['datatype/password'],
+                if: method(:never)
+      attribute :reset_password_token, predicate: Vocab.ontola[:resetPasswordToken], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/registration_serializer.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class RegistrationSerializer < RDF::Serializers.serializer_for(LinkedRails.user_class) || LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :password, predicate: Vocab.ontola[:password], datatype: RDF::XSD[:string]
+      attribute :password_confirmation, predicate: Vocab.ontola[:passwordConfirmation], datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/session_serializer.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class SessionSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+      attribute :redirect_url, predicate: Vocab.ontola[:redirectUrl], datatype: RDF::XSD[:string]
+    end
+  end
+end

data/app/serializers/linked_rails/auth/unlock_serializer.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module LinkedRails
+  module Auth
+    class UnlockSerializer < LinkedRails.serializer_parent_class
+      attribute :email, predicate: Vocab.schema.email, datatype: RDF::XSD[:string]
+    end
+  end
+end

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+Rails.application.routes.draw do
+end

data/lib/generators/linked_rails/auth/install_generator.rb ADDED Viewed

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+require "rails/generators"
+require "rails/generators/active_record"
+module LinkedRails
+  module Auth
+    class InstallGenerator < ::Rails::Generators::Base
+      include ::Rails::Generators::Migration
+      source_root File.expand_path("templates", __dir__)
+      desc "Installs LinkedRails Auth."
+      def install
+        template "doorkeeper_jwt_initializer.rb", "config/initializers/doorkeeper_jwt.rb"
+        template "locales.yml", "config/locales/linked_rails_auth.en.yml"
+        route "use_linked_rails_auth"
+        migration_template(
+          "migration.rb.erb",
+          "db/migrate/install_linked_rails_auth.rb",
+          migration_version: migration_version
+        )
+        update_user_model
+        insert_doorkeeper
+        create_doorkeeper_app
+        readme "README"
+      end
+      private
+      def create_doorkeeper_app
+        if Doorkeeper::Application.any?
+          Rails.logger.info('Skipping Doorkeeper app creation, already exists')
+          return
+        end
+        client_id = ask('Enter the client_id of your doorkeeper app', default: 'client_id')
+        client_secret = ask('Enter the client_secret of your doorkeeper app', default: 'client_secret')
+        client_token = ask('Enter the client_token of your doorkeeper app. Leave empty to create new.')
+        libro_app = Doorkeeper::Application.find_or_initialize_by(uid: client_id) do |app|
+          app.name = 'Libro'
+          app.redirect_uri = 'http://example.com/'
+          app.scopes = 'guest user'
+          app.secret = client_secret
+        end
+        libro_app.save!(validate: false)
+        # rubocop:disable Rails/SkipsModelValidations
+        libro_app.update_columns(uid: client_id, secret: client_secret)
+        # rubocop:enable Rails/SkipsModelValidations
+        ActiveRecord::Base.connection.try(:reset_pk_sequence!, Doorkeeper::Application.table_name)
+        token = Doorkeeper::AccessToken.find_or_create_for(
+          application: libro_app,
+          scopes: 'service',
+          expires_in: 10.years.to_i,
+          resource_owner: nil,
+          use_refresh_token: true
+        )
+        if client_token.present?
+          token.update(token: client_token)
+        else
+          Rails.logger.info("Generated client token: #{token.token}")
+        end
+      end
+      def insert_doorkeeper
+        file = 'config/initializers/doorkeeper.rb'
+        data = "api_only\n"\
+          "base_controller 'ApplicationController'\n"\
+          "base_metal_controller 'ApplicationController'\n"
+        inject_into_file file, optimize_indentation(data, 2), after: "orm :active_record\n", verbose: false
+        uncomment_lines file, "access_token_generator '::Doorkeeper::JWT'"
+        uncomment_lines file, 'use_refresh_token'
+        replace_doorkeeper_line(
+          '# default_scopes  :public',
+          'default_scopes  :guest'
+        )
+        replace_doorkeeper_line(
+          '# optional_scopes :write, :update',
+          'optional_scopes  :user'
+        )
+        replace_doorkeeper_line(
+          '# grant_flows %w[authorization_code client_credentials]',
+          'grant_flows %w[client_credentials authorization_code password]'
+        )
+        replace_doorkeeper_line("resource_owner_authenticator do\n(.*?)end\n", authentication, true)
+      end
+      def authentication
+        <<-FOO
+  resource_owner_authenticator do
+    if doorkeeper_token&.acceptable?('user')
+      User.find_by(id: doorkeeper_token.resource_owner_id)
+    elsif doorkeeper_token&.acceptable?('guest') && doorkeeper_token_payload['user']
+      LinkedRails.guest_user_class.new(id: doorkeeper_token.resource_owner_id)
+    end
+  end
+  resource_owner_from_credentials do
+    request.params[:user] = request.params[:access_token] || {}
+    request.params[:user][:email] ||= (request.params[:username] || request.params[:email])&.downcase
+    request.params[:user][:password] ||= request.params[:token] || request.params[:password]
+    request.env['devise.allow_params_authentication'] = true
+    user =
+      if request.params[:scope] == 'guest'
+        LinkedRails.guest_user_class.new
+      else
+        request.env['warden'].authenticate(scope: :user, store: false)
+      end
+    raise_login_error(request) if user.blank?
+    request.env['warden'].logout
+    user
+  end
+      FOO
+      end
+      def inject_controller_include
+        sentinel = /LinkedRails::Controller\n/m
+        in_root do
+          inject_into_file(
+            "app/controllers/application_controller.rb",
+            optimize_indentation('include LinkedRails::Auth::AuthHelper', 2),
+            after: sentinel
+          )
+        end
+      end
+      def migration_version
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+      def replace_doorkeeper_line(old, new, multi_line_sentinel = false)
+        sentinel = multi_line_sentinel ? /^(\s*)#{old}/m : /^(\s*)#[[:blank:]]*(.*#{old})/
+        gsub_file('config/initializers/doorkeeper.rb', sentinel, new)
+      end
+      def update_user_model
+        file = 'app/models/user.rb'
+        no_guest = "\ndef guest?\n  false\nend"
+        inject_into_file file, optimize_indentation(no_guest, 2), after: ":recoverable, :rememberable, :validatable\n", verbose: false
+      end
+      class << self
+        def next_migration_number(dirname)
+          ActiveRecord::Generators::Base.next_migration_number(dirname)
+        end
+      end
+    end
+  end
+end