mks_auth 1.0.0 → 1.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7a19971c004cdf2626990b271aad7b31cf7e34b8
-  data.tar.gz: 8f8fab8db2e21550287d3587812aa474b3993c91
+SHA256:
+  metadata.gz: 5590e2d6e2c98a65a832f1e5f3c3beb256cd1e1f846bca64ef132c432ae80f3d
+  data.tar.gz: c1a790ddd59aae3fb9624a44b16ee25e2b4029500ca860a92c731de8241f318c
 SHA512:
-  metadata.gz: ed68674e71fbe258b766159790b33e6d1204587659678ab82c495218176c172fd6574169292c62efd6c94e9f727a88388f3b9d0ef106462c181d6146dda3092e
-  data.tar.gz: eac9332b341c7ab51e78b7d118cdc649ca9fba7571fbd600a03a726d6de1c7a72e3bc82182289a67303c20ef1cbc6f1fee57a61cdfe56d301747aad18fd3c44e
+  metadata.gz: edad0f50206b24ec1db4e35453a6ba2b97d7aadef53f395741b5821126480f990f29c43fa9073e37d3f28a101db8ba7fdba9ad324a0c9a991e9642d98ce0fe10
+  data.tar.gz: 8a5e2300f6b06eddfa4e84a574a41ff3d817611cac724ede34dbb693e9f7995da85a36c653a3dcc15f41edc2b4dcc762a54c41b02b8e1ae7f856881430b543ee

data/app/controllers/mks/auth/application_controller.rb

@@ -1,24 +1,50 @@
+require 'mks/auth/token_auth'
+
 module Mks
   module Auth
-    class ApplicationController < ActionController::Base
-      include AccessHelper
-      include ApplicationHelper
+    class ApplicationController < ActionController::API
+      before_action :authenticate
+
+      def logged_in?
+        !current_user.nil?
+      end
+
+      def current_user
+        return unless auth_present?
+        user = User.find(auth['id'])
+        @current_user ||= user if user
+      end
+
+      def current_user_id
+        auth['id']
+      end
+
+      def app_code
+        Rails.application.config.app_code
+      end
 
       private
 
-      def confirm_logged_in
-        if session[:user_id]
-          true
-        else
-          redirect_to '/'
-          false
-        end
+      def authenticate
+        render json: { error: 'Unauthorized' }, status: 401 unless logged_in?
+      end
+
+      def token
+        request.env['HTTP_AUTHORIZATION'].scan(/Bearer (.*)$/).flatten.last
       end
 
-      protected
+      def auth
+        TokenAuth.decode(token)
+      end
+
+      def auth_present?
+        bearer = request.env.fetch('HTTP_AUTHORIZATION', '').scan(/Bearer/).flatten.first
+        !bearer.nil?
+      end
 
-      def verified_request?
-        super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
+      def app_module
+        code = Rails.configuration.app_code
+        ApplicationModule.find_by(code: code)
       end
     end
   end

data/app/controllers/mks/auth/application_modules_controller.rb

@@ -1,5 +1,3 @@
-require_dependency 'mks/auth/application_controller'
-
 module Mks
   module Auth
     class ApplicationModulesController < ApplicationController

data/app/controllers/mks/auth/menus_controller.rb

@@ -0,0 +1,29 @@
+module Mks
+  module Auth
+    class MenusController < ApplicationController
+      before_action :set_user, only: [:menus]
+
+      def menus
+        roles = @user.roles.joins(:application_module)
+                     .where('mks_auth_application_modules.code = ?', params[:app_module])
+        menus = []
+        menu_list = roles.inject([]) { |items, r| items += r.menus }.uniq
+        parents = menu_list.select { |menu| menu.parent.nil? }
+        parents.each do |parent|
+          children = (menu_list.select { |menu| menu.parent == parent }).uniq
+                                                                        .map { |menu|
+                         { 'text': menu.text, 'location': menu.location, 'iconCls': menu.icon_cls }
+                       }
+          menus << { 'text': parent.text, 'className': parent.class_name, 'iconCls': parent.icon_cls, children: children }
+        end
+        render json: { success: true, data: menus }
+      end
+
+      private
+
+      def set_user
+        @user = User.find(params[:id])
+      end
+    end
+  end
+end

data/app/controllers/mks/auth/user_roles_controller.rb

@@ -1,52 +1,62 @@
-require_dependency 'mks/auth/application_controller'
-
 module Mks
   module Auth
     class UserRolesController < ApplicationController
-      # before_action :confirm_logged_in
+      before_action :set_role, only: %i[users]
+      before_action :set_user, only: %i[assigned_roles assign_roles]
 
       # GET /user_roles
       def index
-        @user_roles = UserRole.all.order(:name)
-        response = { success: true, data: @user_roles }
+        user_roles = UserRole.joins(:application_module)
+                             .where("mks_auth_application_modules.code = '#{app_code}'")
+                             .order(:name)
+        response = { success: true, data: user_roles }
         render json: response
       end
 
-      def get_assigned_roles
-        user = User.find(params[:user_id])
-        user_roles = UserRole.all.order(:name)
-        data = []
-        user_roles.each do |user_role|
-          item = {id: user_role.id, name: user_role.name}
-          if user.roles.include? user_role
-            item[:selected] = true
-          else
-            item[:selected] = false
-          end
-          data << item
-        end
-        response = { success: true, data: data }
+      def users
+        response = { success: true, data: @role.users }
         render json: response
       end
 
-      def assign_roles
-        user = User.find(params[:user_id])
-        roles = params[:roles]
+      def assigned_roles
+        selected = @user.roles.map { |ur| { id: ur.id, name: ur.name, selected: true }}
+        ids = @user.roles.map(&:id)
+        user_roles = UserRole.joins(:application_module)
+                             .where("mks_auth_application_modules.code = '#{app_code}'")
+                             .where.not('mks_auth_user_roles.id IN (?)', ids)
+
+        not_selected = user_roles.map { |ur| { id: ur.id, name: ur.name, selected: false }}
+        data = (selected + not_selected).sort_by{ |r| r[:name] }
 
-        roles.each do |role|
-          user_role = UserRole.find role[:id]
-          if role[:selected]
-            user.roles << user_role
-          else
-            user.roles.destroy user_role
-          end
-        end
+        response = { success: true, data: data }
+        render json: response
+      end
 
-        user.save
+      # A method which assigns selected roles to a user.
+      # This method expects that only selected roles
+      # (i.e. roles with `selected` attribute set to true).
+      # It removes all other roles and assigns those selected
+      # roles to the user.
+      def assign_roles
+        selected_roles = params[:roles]&.map { |r| r[:id] }
+        user_roles = UserRole.where(id: selected_roles)
+        @user.roles.destroy_all
+        @user.roles = user_roles
 
         response = { success: true, message: 'Role assignment successful!' }
         render json: response
       end
+
+
+      private
+
+      def set_role
+        @role = UserRole.find(params[:id])
+      end
+
+      def set_user
+        @user = User.find(params[:id])
+      end
     end
   end
 end

data/app/controllers/mks/auth/users_controller.rb

@@ -1,58 +1,75 @@
-require_dependency 'mks/auth/application_controller'
-
 module Mks
   module Auth
     class UsersController < ApplicationController
-      before_action :set_user, only: [:update]
+      skip_before_action :authenticate, raise: false, only: %i[login]
+      before_action :set_user, only: %i[update user_roles save_selected_roles]
 
       def index
-        @users = User.where(application_module_id: app_module.id)
+        @users = ApplicationModule.find_by(code: params[:app_module]).users
         response = { success: true, data: @users }
         render json: response
       end
 
       def roles
-        user = User.find(session[:user_id])
-        data = user.roles.map { |role| {id: role.id, name: role.name} }
-        response = {success: true, data: data}
+        user = User.find(params[:id])
+        data = user.roles
+        response = { success: true, data: data }
         render json: response
       end
 
-      def fetch_by_role
-        r = params[:role]
-        role = UserRole.find_by(name: r)
-        unless role
-          raise 'Role not found'
-        end
-        response = { success: true, data: role.users }
-        render json: response
+      # A method to fetch all roles, with roles of
+      # a user marked as selected
+      def user_roles
+        all_roles = UserRole.joins(:application_module).where(mks_auth_application_modules: { code: app_code })
+        roles = all_roles.map { |r| { id: r.id, name: r.name, selected: @user.roles.include?(r) } }
+        render json: roles
+      end
+
+      def save_selected_roles
+        @user.roles.delete_all
+        selected = save_selected_roles_params['roles'].select { |r| r['selected'] }.map{ |r| r['id'] }
+        roles = UserRole.where(id: selected)
+        @user.roles << roles
+        render json: { success: true }
       end
 
       def create
         @user = User.new(user_params)
+        app_module = ApplicationModule.find_by(code: params[:app_module])
         @user.application_module_id = app_module.id
         if @user.save
           response = { success: true, message: 'User saved successfully' }
-          render json: response
         else
           errors = Mks::Common::Util.error_messages @user, 'User'
           response = { success: false, errors: errors }
-          render json: response
         end
+        render json: response
       end
 
       def update
         if @user.update(user_params)
           response = { success: true, message: 'User updated successfully' }
-          render json: response
         else
           errors = Mks::Common::Util.error_messages @user, 'User'
           response = { success: false, errors: errors }
-          render json: response
+        end
+        render json: response
+      end
+
+      def login
+        user = User.find_by(email: auth_params[:email])
+        if user.authenticate(auth_params[:password]) &&
+           user.has_module(auth_params[:app_module])
+
+          jwt = TokenAuth.issue(user.to_token_payload)
+          render json: { jwt: jwt }
+        else
+          render json: {}, status: 400
         end
       end
 
       private
+
       # Use callbacks to share common setup or constraints between actions.
       def set_user
         @user = User.find(params[:id])
@@ -60,7 +77,15 @@ module Mks
 
       # Never trust parameters from the scary internet, only allow the white list through.
       def user_params
-        params.require(:user).permit(:first_name, :last_name, :email, :password)
+        params.require(:user).permit(:first_name, :last_name, :email, :password, :app_module)
+      end
+
+      def auth_params
+        params.require(:auth).permit(:email, :password, :app_module)
+      end
+
+      def save_selected_roles_params
+        params.permit(roles: %i[id selected])
       end
     end
   end

data/app/models/mks/auth/application_module.rb

@@ -1,12 +1,12 @@
 module Mks
   module Auth
+    # A model class to represent applications / modules
     class ApplicationModule < ApplicationRecord
-      #self.table_name = 'mks_application_modules'
-
       validates :code, presence: true
       validates :code, presence: true, uniqueness: true
 
-      has_many :users, class_name: 'Mks::Auth::User'
+      has_and_belongs_to_many :users, class_name: 'Mks::Auth::User',
+                                      join_table: 'mks_auth_users_application_modules'
       has_many :menus, class_name: 'Mks::Auth::Menu'
     end
   end

data/app/models/mks/auth/menu.rb

@@ -1,12 +1,12 @@
 module Mks
   module Auth
+    # A model class to represent menu items of a module
     class Menu < ApplicationRecord
-      # self.table_name = 'mks_menus'
-
       belongs_to :application_module, class_name: 'Mks::Auth::ApplicationModule'
       belongs_to :parent, class_name: 'Mks::Auth::Menu', optional: true
-      has_many :children, class_name: 'Mks::Auth::Menu', :foreign_key => 'parent_id'
-      has_and_belongs_to_many :roles, class_name: 'Mks::Auth::UserRole', :join_table => :mks_auth_menus_user_roles
+      has_many :children, class_name: 'Mks::Auth::Menu', foreign_key: 'parent_id'
+      has_and_belongs_to_many :roles, class_name: 'Mks::Auth::UserRole',
+                                      join_table: 'mks_auth_menus_user_roles'
     end
   end
-end
+end

data/app/models/mks/auth/user.rb

@@ -1,24 +1,42 @@
+# frozen_string_literal: true
+
 module Mks
   module Auth
+    # A model class to represent users of the system
     class User < ApplicationRecord
-      # self.table_name = 'mks_users'
-
-      belongs_to :application_module, class_name: 'Mks::Auth::ApplicationModule'
-      has_and_belongs_to_many :roles, class_name: 'Mks::Auth::UserRole', join_table: :mks_auth_users_user_roles
+      has_and_belongs_to_many :application_modules,
+                              class_name: 'Mks::Auth::ApplicationModule',
+                              join_table: 'mks_auth_users_application_modules'
+      has_and_belongs_to_many :roles, class_name: 'Mks::Auth::UserRole',
+                                      join_table: 'mks_auth_users_user_roles'
       has_secure_password
 
       before_save { email.downcase! }
 
       VALID_EMAIL_REGEX = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
-      validates :first_name, presence: true, length: {maximum: 30}
-      validates :last_name, presence: true, length: {maximum: 30}
-      validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: {case_sensitive: false}
+      validates :first_name, presence: true, length: { maximum: 30 }
+      validates :last_name, presence: true, length: { maximum: 30 }
+      validates :email, presence: true, format: { with: VALID_EMAIL_REGEX }, uniqueness: { case_sensitive: false }
       validates :password, length: { minimum: 6 }
       validates :active, presence: true
 
       def full_name
         "#{first_name} #{last_name}"
       end
+
+      def role_names
+        roles.map(&:name)
+      end
+
+      def to_token_payload
+        { id: id, email: email, name: full_name, roles: role_names }
+      end
+
+      def has_module(code)
+        app_module = ApplicationModule.find_by(code: code)
+        roles = self.roles.select { |ur| ur.application_module == app_module }
+        roles.count.positive?
+      end
     end
   end
-end
+end

data/app/models/mks/auth/user_role.rb

@@ -1,11 +1,12 @@
 module Mks
   module Auth
+    # A model to represent various roles of users in the system
     class UserRole < ApplicationRecord
-       # self.table_name = 'mks_user_roles'
-
       validates :name, presence: true, uniqueness: true
-      has_and_belongs_to_many :users, :join_table => :mks_auth_users_user_roles
-      has_and_belongs_to_many :menus, :join_table => :mks_auth_menus_user_roles
+
+      belongs_to :application_module
+      has_and_belongs_to_many :users, join_table: 'mks_auth_users_user_roles'
+      has_and_belongs_to_many :menus, join_table: 'mks_auth_menus_user_roles'
     end
   end
-end
+end

data/config/routes.rb

@@ -1,32 +1,31 @@
-Mks::Auth::Engine.routes.draw do
-  get '/csrf_token', to: 'access#csrf_token'
-
-  get '/attempt_login', to: 'access#attempt_login'
-
-  get '/logout', to: 'access#logout'
+# frozen_string_literal: true
 
-  get '/menu', to: 'access#menu'
-
-  get '/check_login', to: 'access#check_login'
+Mks::Auth::Engine.routes.draw do
 
-  post '/login', to: 'access#attempt_login'
+  post '/login', controller: :users, action: :login
 
   resources :application_modules
 
-  # get '/users', to: 'users#index'
+  resources :users, except: %i[new edit show destroy]
+
+  resources :users do
+    member do
+      get 'roles', controller: :users, action: :roles
+      get 'menus', controller: :menus, action: :menus
+      get 'user_roles', controller: :users, action: :user_roles
+      post 'user_roles', controller: :users, action: :save_selected_roles
+    end
+  end
 
-  resources :users, except: [:new, :edit, :show, :destroy]
 
-  get '/users/roles', controller: :users, action: :roles
 
-  get '/users/fetch_by_role', to: 'users#fetch_by_role'
 
-  # get '/user_roles', to: 'user_roles#index'
+  resources :user_roles, except: %i[new edit show destroy]
 
-  resources :user_roles, except: [:new, :edit, :show, :destroy]
+  get '/user_roles/:id/users', controller: :user_roles, action: :users
 
-  post '/assign_roles', to: 'user_roles#assign_roles'
+  post '/users/:id/assign_roles', controller: :user_roles, action: :assign_roles
 
-  get '/assigned_roles/:user_id', to: 'user_roles#get_assigned_roles'
+  get '/users/:id/assigned_roles', controller: :user_roles, action: :assigned_roles
 
 end

data/db/migrate/20161029065810_create_mks_auth_application_modules.rb

@@ -1,4 +1,4 @@
-class CreateMksAuthApplicationModules < ActiveRecord::Migration[5.0]
+class CreateMksAuthApplicationModules < ActiveRecord::Migration[5.2]
   def change
     create_table :mks_auth_application_modules do |t|
       t.string :code, unique: true, null: false

data/db/migrate/20161029065959_create_mks_auth_users.rb

@@ -1,16 +1,13 @@
-class CreateMksAuthUsers < ActiveRecord::Migration[5.0]
+class CreateMksAuthUsers < ActiveRecord::Migration[5.2]
   def change
     create_table :mks_auth_users do |t|
       t.string :first_name, null: false
       t.string :last_name, null: false
       t.string :email, null: false
       t.boolean :active, null: false, default: true
-      t.references :application_module, index: true
       t.string :password_digest
 
       t.timestamps
     end
-
-    add_foreign_key :mks_auth_users, :mks_auth_application_modules, :column => :application_module_id
   end
 end

data/db/migrate/20161029070807_create_mks_auth_user_roles.rb

@@ -1,9 +1,10 @@
-class CreateMksAuthUserRoles < ActiveRecord::Migration[5.0]
+class CreateMksAuthUserRoles < ActiveRecord::Migration[5.2]
   def change
     create_table :mks_auth_user_roles do |t|
       t.string :name, null: false
-
+      t.references :application_module, index: true
       t.timestamps
     end
+    add_foreign_key :mks_auth_user_roles, :mks_auth_application_modules, column: :application_module_id
   end
 end

data/db/migrate/20161029071047_create_mks_users_user_roles.rb

@@ -1,11 +1,11 @@
-class CreateMksUsersUserRoles < ActiveRecord::Migration[5.0]
+class CreateMksUsersUserRoles < ActiveRecord::Migration[5.2]
   def change
     create_table :mks_auth_users_user_roles, id: false do |t|
       t.references :user, index: false
       t.references :user_role, index: false
     end
-    add_index :mks_auth_users_user_roles, [:user_id, :user_role_id]
-    add_foreign_key :mks_auth_users_user_roles, :mks_auth_users, :column => :user_id
-    add_foreign_key :mks_auth_users_user_roles, :mks_auth_user_roles, :column => :user_role_id
+    add_index :mks_auth_users_user_roles, %i[user_id user_role_id]
+    add_foreign_key :mks_auth_users_user_roles, :mks_auth_users, column: :user_id
+    add_foreign_key :mks_auth_users_user_roles, :mks_auth_user_roles, column: :user_role_id
   end
 end

data/db/migrate/20161029072256_create_mks_auth_menus.rb

@@ -1,4 +1,4 @@
-class CreateMksAuthMenus < ActiveRecord::Migration[5.0]
+class CreateMksAuthMenus < ActiveRecord::Migration[5.2]
   def change
     create_table :mks_auth_menus do |t|
       t.string :text, null: false
@@ -11,7 +11,7 @@ class CreateMksAuthMenus < ActiveRecord::Migration[5.0]
       t.timestamps
     end
 
-    add_foreign_key :mks_auth_menus, :mks_auth_menus, :column => :parent_id
-    add_foreign_key :mks_auth_menus, :mks_auth_application_modules, :column => :application_module_id
+    add_foreign_key :mks_auth_menus, :mks_auth_menus, column: :parent_id
+    add_foreign_key :mks_auth_menus, :mks_auth_application_modules, column: :application_module_id
   end
 end

data/db/migrate/20161029074023_create_mks_menus_user_roles.rb

@@ -1,11 +1,11 @@
-class CreateMksMenusUserRoles < ActiveRecord::Migration[5.0]
+class CreateMksMenusUserRoles < ActiveRecord::Migration[5.2]
   def change
     create_table :mks_auth_menus_user_roles do |t|
       t.references :menu, index: false
       t.references :user_role, index: false
     end
     add_index :mks_auth_menus_user_roles, [:menu_id, :user_role_id]
-    add_foreign_key :mks_auth_menus_user_roles, :mks_auth_menus, :column => :menu_id
-    add_foreign_key :mks_auth_menus_user_roles, :mks_auth_user_roles, :column => :user_role_id
+    add_foreign_key :mks_auth_menus_user_roles, :mks_auth_menus, column: :menu_id
+    add_foreign_key :mks_auth_menus_user_roles, :mks_auth_user_roles, column: :user_role_id
   end
 end

data/db/migrate/20180201104912_create_mks_users_application_modules.rb

@@ -0,0 +1,12 @@
+class CreateMksUsersApplicationModules < ActiveRecord::Migration[5.2]
+  def change
+    create_table :mks_auth_users_application_modules, id: false do |t|
+      t.references :user, index: false
+      t.references :application_module, index: false
+    end
+
+    add_index :mks_auth_users_application_modules, %i[user_id application_module_id], name: 'am_on_users_indx'
+    add_foreign_key :mks_auth_users_application_modules, :mks_auth_users, column: :user_id
+    add_foreign_key :mks_auth_users_application_modules, :mks_auth_application_modules, column: :application_module_id
+  end
+end

data/lib/mks/auth/engine.rb

@@ -4,25 +4,18 @@ module Mks
       isolate_namespace Mks::Auth
 
       initializer :append_migrations do |app|
-        unless app.root.to_s.match root.to_s
-          if app.config.app_code == 'PSH'
-            config.paths['db/migrate'].expanded.each do |expanded_path|
-              app.config.paths['db/migrate'] << expanded_path
-            end
+        unless app.root.to_s.match? root.to_s
+          config.paths['db/migrate'].expanded.each do |expanded_path|
+            app.config.paths['db/migrate'] << expanded_path
           end
         end
       end
 
-      initializer 'mks_auth.factories', :after => 'factory_girl.set_factory_paths' do
-        FactoryGirl.definition_file_paths << File.expand_path('../../../../spec/factories', __FILE__) if defined?(FactoryGirl)
-      end
-
       config.generators do |g|
-        g.test_framework :rspec, :fixture => false
-        g.fixture_replacement :factory_girl, :dir => 'spec/factories'
+        g.test_framework :rspec, fixture: false
         g.assets false
         g.helper false
       end
     end
   end
-end
+end

data/lib/mks/auth/token_auth.rb

@@ -0,0 +1,19 @@
+require 'jwt'
+
+module Mks
+  module Auth
+    class TokenAuth
+      def self.issue(payload)
+        JWT.encode(payload, auth_secret, 'HS256')
+      end
+
+      def self.decode(token)
+        JWT.decode(token, auth_secret, true, algorithm: 'HS256').first
+      end
+
+      def self.auth_secret
+        Rails.application.config.auth_secret
+      end
+    end
+  end
+end

data/lib/mks/auth/version.rb

@@ -1,5 +1,5 @@
 module Mks
   module Auth
-    VERSION = '1.0.0'
+    VERSION = '1.0.4'.freeze
   end
 end

data/lib/mks_auth.rb

@@ -1,2 +1,3 @@
 require 'mks/auth'
 require 'mks/auth/engine'
+require 'mks/auth/token_auth'