RubyGems - model_driven_api - Versions diffs - 2.3.1 → 2.3.6 - Mend

model_driven_api 2.3.1 → 2.3.6

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +1 -1
data/app/commands/authenticate_user.rb +2 -2
data/app/controllers/api/v2/application_controller.rb +30 -4
data/lib/concerns/api_exception_management.rb +10 -8
data/lib/model_driven_api/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3acc4504dc5bf9c20c0057659e911095eaad75d7b63d03b5632d8e02b847525f
-  data.tar.gz: 3227192e26753f9160424739c3182bb08f503ccb2650e23291fea8894f15566d
+  metadata.gz: 4f077fe5622ad57731dec49be396e6a30cd59d643a56c959f7ada5d7b1515302
+  data.tar.gz: dd18358e8de2ed6813383ee84910b35557207c6de2f31b7244c8a222e382c8f3
 SHA512:
-  metadata.gz: c059a8c693d2605dab964bb2aa0e159975afb172aba8885bdd0bd0fc4208fa2535ecb7fb857e694de1a74cf7f1169c0a8d617098d926d9b28a07aced9d9902d0
-  data.tar.gz: 677f5956846a1b6a9304491acde68d2c1988d5ddd81bd8d830a67224b11dad63619c9133e2bf3eef1597c8b0798bbe9036a1994344b183ca61979e00a577769e
+  metadata.gz: f6a0cac8c48611a3e78f0f6fd9e6a1ce6dcb99d82d54170803cf42f638cddd7fb6a5ee3bfc0edf6c3900a0d7627e4c6936f011c1e91fb6522599a844677577d4
+  data.tar.gz: 046ca81694a0051a68368b52a7808ffc961c28a4d336dc5e92fcebfe4e4ec7370bd54b8dc4e0c40a0f2f9c179ae0f8ea2adfae509c0394086dc357e6c97a1213

data/README.md CHANGED Viewed

@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
 ## TODO
-* Add a Trust management for API consumers, to have some low level interactions happen between API client and server done without the need for giving a USERNAME and a PASSWORD.
+* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
 ## References
 Thanks to all these people for ideas:

data/app/commands/authenticate_user.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class AuthenticateUser
     class AccessDenied < StandardError
-        def message
-            "AuthenticationError"
+        def message more = "AuthenticationError"
+            more
         end
     end
     prepend SimpleCommand

data/app/controllers/api/v2/application_controller.rb CHANGED Viewed

@@ -21,7 +21,7 @@ class Api::V2::ApplicationController < ActionController::API
         # Normal Index Action with Ransack querying
         @q = (@model.column_names.include?("user_id") ? @model.where(user_id: current_user.id) : @model).ransack(@query.presence|| params[:q])
-        @records_all = @q.result(distinct: true)
+        @records_all = @q.result # (distinct: true) Removing, but I'm not sure, with it I cannot sort in postgres for associated records (throws an exception on misuse of sort with distinct)
         page = (@page.presence || params[:page])
         per = (@per.presence || params[:per])
         pages_info = (@pages_info.presence || params[:pages_info])
@@ -107,15 +107,33 @@ class Api::V2::ApplicationController < ActionController::API
             # call an unwanted method in the AR Model.
             resource = "custom_action_#{params[:do]}"
             raise NoMethodError unless @model.respond_to?(resource)
-            return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            # return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            return true, MultiJson.dump(@model.send(resource, params))
         end
         # if it's here there is no custom action in the request querystring
         return false
     end
+    def class_exists?(class_name)
+        klass = Module.const_get(class_name)
+        return klass.is_a?(Class)
+    rescue NameError
+        return false
+    end
     def authenticate_request
-        @current_user = AuthorizeApiRequest.call(request.headers).result
-        return unauthenticated! unless @current_user
+        # puts request.headers.inspect
+        @current_user = nil
+        # puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
+        Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
+            # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
+            check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
+        end
+        # This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
+        check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
+        return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
         current_user = @current_user
         params[:current_user_id] = @current_user.id
         # Now every time the user fires off a successful GET request,
@@ -147,6 +165,14 @@ class Api::V2::ApplicationController < ActionController::API
         return not_found! if (!@model.new.is_a? ActiveRecord::Base rescue false)
     end
+    def check_authorization cmd
+        if cmd.success?
+            @current_user = cmd.result
+        else
+            @auth_errors = cmd.errors
+        end
+    end
     # Nullifying strong params for API
     def params
         request.parameters

data/lib/concerns/api_exception_management.rb CHANGED Viewed

@@ -2,13 +2,15 @@ module ApiExceptionManagement
     extend ActiveSupport::Concern
     included do
-        rescue_from NoMethodError, with: :not_found!
-        rescue_from CanCan::AccessDenied, with: :unauthorized!
-        rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
-        rescue_from ActionController::RoutingError, with: :not_found!
-        rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
-        rescue_from ActiveRecord::RecordInvalid, with: :invalid!
-        rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+        if Rails.env.production?
+            rescue_from NoMethodError, with: :not_found!
+            rescue_from CanCan::AccessDenied, with: :unauthorized!
+            rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
+            rescue_from ActionController::RoutingError, with: :not_found!
+            rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
+            rescue_from ActiveRecord::RecordInvalid, with: :invalid!
+            rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+        end
         def unauthenticated! exception = AuthenticateUser::AccessDenied.new
             response.headers['WWW-Authenticate'] = "Token realm=Application"
@@ -33,7 +35,7 @@ module ApiExceptionManagement
         def api_error(status: 500, errors: [])
             # puts errors.full_messages if !Rails.env.production? && errors.respond_to?(:full_messages)
-            head status && return if errors.empty?
+            head status && return if errors.blank?
             # For retrocompatibility, I try to send back only strings, as errors
             errors_response = if errors.respond_to?(:full_messages)

data/lib/model_driven_api/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ModelDrivenApi
-  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`}"
+  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`.chomp}"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: model_driven_api
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 2.3.6
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-03 00:00:00.000000000 Z
+date: 2021-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore_backend_commons