model_driven_api 2.2.9 → 2.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c52d5fb636dc5d7e3641c28b51a3456b8420ac9f91dcc2843a52d1b2ac14c9f1
-  data.tar.gz: 3611f35e1a6f99f545c8cd40136a0ae3a4b7ff7ddd5d904c8d9cd1ba19eab786
+  metadata.gz: b3732e187808e98168a540463302b48f5c790b636ec3058d8fe1d1368fe8d00c
+  data.tar.gz: e3cc94ae51641832ad46712014fd5519937d1d2533e1c8866e1fd04a9372f57a
 SHA512:
-  metadata.gz: 57ee0c2b9c2505f6eb7c827c0c24fa8a10e3af9d07400d8ed8226be3a4d7a5caffc524052ab80ef3ba555b6119da555918135e1c376027cff83067fd9264d69b
-  data.tar.gz: 744eb2730193c381c31f023f3f095499f89725c0d40e932ed012f2593a4488a8a64a4fb3a6f69a336266b9648c9b72b1707a64a04966c8adb09161b0ab86c465
+  metadata.gz: 3cb118e13b3362bd98396a5cf639ba3de1f8e5e161c36e21f04f9bbfacb7c722a985aef6baf5a249fe12fc6ba4572c62277905cdeb148c4b42742abf069b0726
+  data.tar.gz: 3dddb43d8f95f6203523ef3d770867682179e5d8abc04838bd42ef5809c91b1f458093c799ddee7d3758a008560f6802315b90fce0d9b83b71ff3272849cdea5

data/README.md

@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
 
 ## TODO
 
-* Add a Trust management for API consumers, to have some low level interactions happen between API client and server done without the need for giving a USERNAME and a PASSWORD.
+* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
 
 ## References
 Thanks to all these people for ideas:

data/app/commands/authenticate_user.rb

@@ -1,7 +1,7 @@
 class AuthenticateUser
     class AccessDenied < StandardError
-        def message
-            "AuthenticationError"
+        def message more = "AuthenticationError"
+            more
         end
     end
     prepend SimpleCommand

data/app/controllers/api/v2/application_controller.rb

@@ -21,7 +21,7 @@ class Api::V2::ApplicationController < ActionController::API
 
         # Normal Index Action with Ransack querying
         @q = (@model.column_names.include?("user_id") ? @model.where(user_id: current_user.id) : @model).ransack(@query.presence|| params[:q])
-        @records_all = @q.result(distinct: true)
+        @records_all = @q.result # (distinct: true) Removing, but I'm not sure, with it I cannot sort in postgres for associated records (throws an exception on misuse of sort with distinct)
         page = (@page.presence || params[:page])
         per = (@per.presence || params[:per])
         pages_info = (@pages_info.presence || params[:pages_info])
@@ -107,15 +107,34 @@ class Api::V2::ApplicationController < ActionController::API
             # call an unwanted method in the AR Model.
             resource = "custom_action_#{params[:do]}"
             raise NoMethodError unless @model.respond_to?(resource)
-            return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            # return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            return true, MultiJson.dump(@model.send(resource, params))
         end
         # if it's here there is no custom action in the request querystring
         return false
     end
+
+    def class_exists?(class_name)
+        klass = Module.const_get(class_name)
+        return klass.is_a?(Class)
+    rescue NameError
+        return false
+    end
     
     def authenticate_request
-        @current_user = AuthorizeApiRequest.call(request.headers).result
-        return unauthenticated! unless @current_user
+        # puts request.headers.inspect
+        @current_user = nil
+        # puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
+        Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
+            # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}" 
+            check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
+        end
+        return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
+        
+        # This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
+        check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
+        return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
+        
         current_user = @current_user
         params[:current_user_id] = @current_user.id
         # Now every time the user fires off a successful GET request, 
@@ -147,6 +166,14 @@ class Api::V2::ApplicationController < ActionController::API
         return not_found! if (!@model.new.is_a? ActiveRecord::Base rescue false)
     end
 
+    def check_authorization cmd
+        if cmd.success?
+            @current_user = cmd.result 
+        else
+            @auth_errors = cmd.errors
+        end
+    end
+
     # Nullifying strong params for API
     def params
         request.parameters

data/lib/model_driven_api/version.rb

@@ -1,3 +1,3 @@
 module ModelDrivenApi
-  VERSION = '2.2.9'
+  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`}"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: model_driven_api
 version: !ruby/object:Gem::Version
-  version: 2.2.9
+  version: 2.3.4
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-26 00:00:00.000000000 Z
+date: 2021-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore_backend_commons