mno-enterprise-api 2.0.0

data/config/initializers/devise_extension.rb

@@ -0,0 +1,9 @@
+require 'devise_extension'
+
+Devise.setup do |config|
+  # ==> Security Extension
+  # Configure security extension for devise
+
+  # Should the password expire (e.g 3.months)
+  config.expire_password_after = false
+end

data/config/initializers/devise_log.rb

@@ -0,0 +1,12 @@
+Warden::Manager.after_authentication do |user, auth, opts|
+  MnoEnterprise::EventLogger.info('user_login', user.id, "User login", user.email, user) if user
+end
+
+Warden::Manager.before_logout do |user, auth, opts|
+  # Determine whether it's a sign out or timeout
+  if auth.env['PATH_INFO'] =~ %r{^/auth/users/sign_out.json$}
+    MnoEnterprise::EventLogger.info('user_logout', user.id, "User logout", user.email, user) if user
+  else
+    MnoEnterprise::EventLogger.info('user_timeout', user.id, "User session expired", user.email, user) if user
+  end
+end

data/config/initializers/health_check.rb

@@ -0,0 +1,35 @@
+HealthCheck::Engine.routes_manually_defined = true
+
+HealthCheck.setup do |config|
+
+  # Text output upon success
+  config.success = 'success'
+
+  # Timeout in seconds used when checking smtp server
+  config.smtp_timeout = 30.0
+
+  # http status code used when plain text error message is output
+  # Set to 200 if you want your want to distinguish between partial (text does not include success) and
+  # total failure of rails application (http status of 500 etc)
+
+  config.http_status_for_error_text = 500
+
+  # http status code used when an error object is output (json or xml)
+  # Set to 200 if you want your want to distinguish between partial (healthy property == false) and
+  # total failure of rails application (http status of 500 etc)
+
+  config.http_status_for_error_object = 500
+
+  # You can customize which checks happen on a standard health check
+  config.standard_checks = [ 'database', 'migrations', 'custom' ]
+
+  # You can set what tests are run with the 'full' or 'all' parameter
+  config.full_checks = ['database', 'migrations', 'cache', 'custom']
+
+  # Add one or more custom checks that return a blank string if ok, or an error message if there is an error
+  config.add_custom_check do
+    # any code that returns blank on success and non blank string upon failure
+    MnoEnterprise::HealthCheck.perform_mno_hub_check
+  end
+
+end

data/config/initializers/main_app_version.rb

@@ -0,0 +1,6 @@
+# Set the application version from the VERSION file in the root folder
+version_file = "#{Rails.root}/BUILD_NUMBER"
+git_version = `git rev-parse --short HEAD`.chomp.presence rescue nil
+build_number = File.new(version_file).read.chomp if File.exists?(version_file)
+
+MnoEnterprise::APP_VERSION = [build_number, git_version].compact.join('-')

data/config/routes.rb

@@ -0,0 +1,152 @@
+MnoEnterprise::Engine.routes.draw do
+  # Generic routes
+  get '/launch/:id', to: 'pages#launch', constraints: {id: /[\w\-\.:]+/}
+  get '/loading/:id', to: 'pages#loading', constraints: {id: /[\w\-\.]+/}
+  get '/app_access_unauthorized', to: 'pages#app_access_unauthorized'
+  get '/billing_details_required', to: 'pages#billing_details_required'
+  get '/app_logout', to: 'pages#app_logout'
+
+  # Health Status
+  get '/ping', to: 'status#ping'
+  get '/version', to: 'status#version'
+  get 'health_check(/:checks)(.:format)', to: '/health_check/health_check#index'
+
+  # App Provisioning
+  resources :provision, only: [:new, :create]
+
+  # Organization Invites
+  resources :org_invites, only: [:show]
+
+  resources :deletion_requests, only: [:show] do
+    member do
+      patch :freeze_account
+      patch :checkout
+      put :terminate_account
+    end
+  end
+
+
+  get "/impersonate/user/:user_id", to: "impersonate#create", as: :impersonate_user
+  delete "/impersonate/revert", to: "impersonate#destroy", as: :revert_impersonate_user
+
+
+  #============================================================
+  # Devise/User Configuration
+  #============================================================
+  # Main devise configuration
+  devise_for :users, {
+      class_name: "MnoEnterprise::User",
+      module: :devise,
+      path_prefix: 'auth',
+      controllers: {
+          confirmations: "mno_enterprise/auth/confirmations",
+          #omniauth_callbacks: "auth/omniauth_callbacks",
+          passwords: "mno_enterprise/auth/passwords",
+          registrations: "mno_enterprise/auth/registrations",
+          sessions: "mno_enterprise/auth/sessions",
+          unlocks: "mno_enterprise/auth/unlocks"
+      }
+  }
+
+  # Additional devise routes
+  # TODO: routing specs
+  devise_scope :user do
+    get "/auth/users/confirmation/lounge", to: "auth/confirmations#lounge", as: :user_confirmation_lounge
+    patch "/auth/users/confirmation/finalize", to: "auth/confirmations#finalize", as: :user_confirmation_finalize
+    patch "/auth/users/confirmation", to: "auth/confirmations#update"
+  end
+
+  #============================================================
+  # Webhooks
+  #============================================================
+  namespace :webhook do
+    # OAuth Management
+    resources :oauth, only: [], constraints: {id: /[\w\-\.:]+/}, controller: "o_auth" do
+      member do
+        get :authorize
+        get :callback
+        get :disconnect
+        get :sync
+      end
+    end
+  end
+
+  #============================================================
+  # JPI V1
+  #============================================================
+  namespace :jpi do
+    namespace :v1 do
+      resources :marketplace, only: [:index, :show]
+      resource :current_user, only: [:show, :update] do
+        put :update_password
+        #post :deletion_request, action: :create_deletion_request
+        #delete :deletion_request, action: :cancel_deletion_request
+      end
+
+      resources :organizations, only: [:index, :show, :create, :update, :destroy] do
+        member do
+          put :update_billing
+          put :invite_members
+          put :update_member
+          put :remove_member
+        end
+
+        # AppInstances
+        resources :app_instances, only: [:index, :destroy], shallow: true
+
+        # Teams
+        resources :teams, only: [:index, :show, :create, :update, :destroy], shallow: true do
+          member do
+            put :add_users
+            put :remove_users
+          end
+        end
+
+        resources :app_instances_sync, only: [:create, :index]
+      end
+
+      resources :deletion_requests, only: [:show, :create, :destroy] do
+        member do
+          put :resend
+        end
+      end
+
+      namespace :impac do
+        resources :dashboards, only: [:index, :show, :create, :update, :destroy] do
+          resources :widgets, shallow: true, only: [:create, :destroy, :update]
+          resources :kpis, shallow: true, only: [:create, :destroy, :update]
+        end
+      end
+
+
+      #============================================================
+      # Admin
+      #============================================================
+      namespace :admin, defaults: {format: 'json'} do
+        resources :audit_events, only: [:index]
+        resources :users, only: [:index, :show, :destroy, :update, :create]
+        resources :organizations, only: [:index, :show] do
+          collection do
+            get :in_arrears
+          end
+        end
+        resources :tenant_invoices, only: [:index, :show]
+        resources :invoices, only: [:index, :show] do
+          collection do
+            get :current_billing_amount
+            get :last_invoicing_amount
+            get :outstanding_amount
+            get :last_commission_amount
+            get :last_portfolio_amount
+          end
+        end
+        resources :cloud_apps, only: [:index, :update] do
+          member do
+            put :regenerate_api_key
+            put :refresh_metadata
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mno-enterprise-api.rb

@@ -0,0 +1 @@
+require 'mno_enterprise/api'

data/lib/mno_enterprise/api.rb

@@ -0,0 +1,14 @@
+require 'action_view' # To fix "uninitialized constant Haml::ActionView"
+require 'jbuilder'
+require 'haml'
+
+require 'mno_enterprise/core'
+
+module MaestranoEnterprise
+  module Api
+    require 'mno_enterprise/api/engine'
+  end
+end
+
+# Needs Rails::Engine to be loaded
+require 'health_check'

data/lib/mno_enterprise/api/engine.rb

@@ -0,0 +1,9 @@
+module MnoEnterprise
+  module Api
+    class Engine < ::Rails::Engine
+      isolate_namespace MnoEnterprise
+      # To be able to load lib/mno_enterprise/concerns/...
+      config.autoload_paths += Dir["#{config.root}/lib/**/"]
+    end
+  end
+end

data/lib/mno_enterprise/concerns/controllers/deletion_requests_controller.rb

@@ -0,0 +1,108 @@
+# TODO: extract the request check to filter or block?
+module MnoEnterprise::Concerns::Controllers::DeletionRequestsController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    before_filter :authenticate_user!
+    before_filter :redirect_to_lounge_if_unconfirmed
+    before_filter :set_meta
+
+    def set_meta
+      @meta[:title] = "Account Termination"
+      @meta[:description] = "Account Termination"
+    end
+  end
+
+  #==================================================================
+  # Class methods
+  #==================================================================
+  module ClassMethods
+    # def some_class_method
+    #   'some text'
+    # end
+  end
+
+  #==================================================================
+  # Instance methods
+  #================================================================
+  # GET /deletion_requests/1
+  def show
+    # authorize! :manage_billing, current_user.organizations.find(@invoice.organization_id)
+    @deletion_request = current_user.deletion_request
+
+    respond_to do |format|
+      # Check that the user has a deletion_request in progress
+      # and that the token provided (params[:id]) matches the
+      # deletion_request token
+      if @deletion_request.present? && @deletion_request.token == params[:id]
+
+        # Contextual assignments
+        if ['account_frozen', 'account_checked_out'].include?(@deletion_request.status)
+          # @final_invoices = current_user.final_invoices
+          @final_invoices = []
+        end
+
+        format.html
+        format.json { render json: @deletion_request }
+      else
+        format.html { redirect_to main_app.root_path, alert: 'This deletion request is invalid or expired' }
+        format.json { head :bad_request }
+      end
+    end
+  end
+
+  # PATCH /deletion_requests/1/freeze_account
+  def freeze_account
+    @deletion_request = current_user.deletion_request
+
+    respond_to do |format|
+      # Check that the user has a deletion_request in progress
+      # and that the token provided (params[:id]) matches the
+      # deletion_request token
+      if @deletion_request.present? && @deletion_request.token == params[:id]
+        # Check that the deletion_request has the right status
+        if @deletion_request.status == 'pending'
+          @deletion_request.freeze_account!
+          format.html { redirect_to @deletion_request, notice: 'Your account has been frozen' }
+        else
+          format.html { redirect_to @deletion_request, alert: 'Invalid action' }
+        end
+      else
+        format.html { redirect_to main_app.root_path, alert: 'This deletion request is invalid or expired' }
+        format.json { head :bad_request }
+      end
+    end
+  end
+
+  # PATCH /deletion_requests/1/checkout
+  def checkout
+    @deletion_request = current_user.deletion_request
+
+    respond_to do |format|
+      # Check that the user has a deletion_request in progress
+      # and that the token provided (params[:id]) matches the
+      # deletion_request token
+      if @deletion_request.present? && @deletion_request.token == params[:id]
+        # Check that the deletion_request has the right status
+        if @deletion_request.status == 'account_frozen'
+          # TODO:
+          #   Attempt to update the credit cards first
+          #   Finally Perform the checkout
+          @deletion_request.status = 'account_checked_out'
+          @deletion_request.save
+          format.html { redirect_to @deletion_request, notice: 'Checkout has been performed successfully' }
+        else
+          format.html { redirect_to @deletion_request, alert: 'Invalid action' }
+        end
+      else
+        format.html { redirect_to main_app.root_path, alert: 'This deletion request is invalid or expired' }
+      end
+    end
+  end
+
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/admin/base_resource_controller.rb

@@ -0,0 +1,34 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::Admin::BaseResourceController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    ADMIN_CACHE_DURATION = 12.hours
+
+    before_filter :check_authorization
+  end
+
+  protected
+
+  def timestamp
+    @timestamp ||= (params[:timestamp] || 0).to_i
+  end
+
+  def parent_organization
+    @parent_organization ||= current_user.organizations.to_a.find { |o| o.id.to_s == params[:organization_id].to_s }
+  end
+
+  # Check current user is logged in
+  # Check organization is valid if specified
+  def check_authorization
+    if current_user && current_user.admin_role.present?
+      return true
+    end
+    render nothing: true, status: :unauthorized
+    false
+  end
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/current_users_controller.rb

@@ -0,0 +1,58 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    before_filter :authenticate_user!, only: [:update, :update_password]
+    respond_to :json
+  end
+
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /mnoe/jpi/v1/current_user
+  def show
+    @user = current_user || MnoEnterprise::User.new
+  end
+
+  # PUT /mnoe/jpi/v1/current_user
+  def update
+    @user = current_user
+
+    @user.assign_attributes(user_params)
+    changes = @user.changes
+    if @user.update(user_params)
+      MnoEnterprise::EventLogger.info('user_update', current_user.id, "User update", changes, @user)
+      render :show
+    else
+      render json: @user.errors, status: :bad_request
+    end
+  end
+
+  # PUT /mnoe/jpi/v1/current_user/update_password
+  def update_password
+    @user = current_user
+
+    if @user.update(password_params.merge(current_password_required: true))
+      MnoEnterprise::EventLogger.info('user_update_password', current_user.id, "User password change", @user.email, @user)
+      sign_in @user, bypass: true
+      render :show
+    else
+      render json: @user.errors, status: :bad_request
+    end
+  end
+    
+  private
+    def user_params
+      params.require(:user).permit(:name, :surname, :email, :company, :settings, :phone, :website, :phone_country_code, :current_password, :password, :password_confirmation)
+    end
+
+    def password_params
+      params.require(:user).permit(:current_password, :password, :password_confirmation)
+    end
+end