RubyGems - model_driven_api - Versions diffs - 2.3.2 → 2.3.7 - Mend

model_driven_api 2.3.2 → 2.3.7

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +1 -1
data/app/commands/authenticate_user.rb +2 -2
data/app/controllers/api/v2/application_controller.rb +29 -3
data/app/controllers/api/v2/info_controller.rb +1 -1
data/lib/concerns/api_exception_management.rb +10 -8
data/lib/model_driven_api/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 938ca4a7652e660ccfcc3bbd4bc3b522244b0f95ba9ed423c9e48d62cb0c276d
-  data.tar.gz: 16e5aff46739a2f62476dda71243e46043d6f5a3e091412fb0a6acc6b4816d77
+  metadata.gz: ec88dcaf27ab5abca89f8db87d1293237950dc1879565048b4fbb3d2901b7ac3
+  data.tar.gz: 643513f277c72318ac7b3ffb9ef2e165258113f093611e29442e24a0aa5d553d
 SHA512:
-  metadata.gz: aa54e6a67fee44ee822eb42ad813653778ac54ae71361422d4325c86926dbde3618deffc57a8c000d3f7b9d03dc0056dbaea553abc72c4a6fac08fa294e12d9a
-  data.tar.gz: 2f719b6e61b8ad5ee976d7a889fe83189e75951ce028f8aced76da08155f4b97bb2901f9e94a92bf825f4daa8b425d6495d35d1983b98467738a0247e64b14ad
+  metadata.gz: 76eccc737ca72f10b10b7b0ae265560f41c53950c423faa8c78fece2097e502c1fe477809720e17acff7bdf796d1a5d186d8710d7fe099d3da6e12f987a2fb88
+  data.tar.gz: 4a9052111ab66b72e8639fa2d567bb4cfd99b565fa304fc17e2e80d8eb1d3627a526f3a2f7fcc8cc5229f4816bb578085cc06a6eef85028f603fb10538e51699

data/README.md CHANGED Viewed

@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
 ## TODO
-* Add a Trust management for API consumers, to have some low level interactions happen between API client and server done without the need for giving a USERNAME and a PASSWORD.
+* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
 ## References
 Thanks to all these people for ideas:

data/app/commands/authenticate_user.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class AuthenticateUser
     class AccessDenied < StandardError
-        def message
-            "AuthenticationError"
+        def message more = "AuthenticationError"
+            more
         end
     end
     prepend SimpleCommand

data/app/controllers/api/v2/application_controller.rb CHANGED Viewed

@@ -107,15 +107,33 @@ class Api::V2::ApplicationController < ActionController::API
             # call an unwanted method in the AR Model.
             resource = "custom_action_#{params[:do]}"
             raise NoMethodError unless @model.respond_to?(resource)
-            return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            # return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            return true, MultiJson.dump(@model.send(resource, params))
         end
         # if it's here there is no custom action in the request querystring
         return false
     end
+    def class_exists?(class_name)
+        klass = Module.const_get(class_name)
+        return klass.is_a?(Class)
+    rescue NameError
+        return false
+    end
     def authenticate_request
-        @current_user = AuthorizeApiRequest.call(request.headers).result
-        return unauthenticated! unless @current_user
+        # puts request.headers.inspect
+        @current_user = nil
+        # puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
+        Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
+            # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
+            check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
+        end
+        # This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
+        check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
+        return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
         current_user = @current_user
         params[:current_user_id] = @current_user.id
         # Now every time the user fires off a successful GET request,
@@ -147,6 +165,14 @@ class Api::V2::ApplicationController < ActionController::API
         return not_found! if (!@model.new.is_a? ActiveRecord::Base rescue false)
     end
+    def check_authorization cmd
+        if cmd.success?
+            @current_user = cmd.result
+        else
+            @auth_errors = cmd.errors
+        end
+    end
     # Nullifying strong params for API
     def params
         request.parameters

data/app/controllers/api/v2/info_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ class Api::V2::InfoController < Api::V2::ApplicationController
   # api :GET, '/api/v2/info/version', "Just prints the APPVERSION."
   def version
-    render json: { version: ModelDrivenApi::VERSION }.to_json, status: 200
+    render json: { version: "TODO: Find a Way to Dynamically Obtain It" }.to_json, status: 200
   end
   # api :GET, '/api/v2/info/roles'

data/lib/concerns/api_exception_management.rb CHANGED Viewed

@@ -2,13 +2,15 @@ module ApiExceptionManagement
     extend ActiveSupport::Concern
     included do
-        rescue_from NoMethodError, with: :not_found!
-        rescue_from CanCan::AccessDenied, with: :unauthorized!
-        rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
-        rescue_from ActionController::RoutingError, with: :not_found!
-        rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
-        rescue_from ActiveRecord::RecordInvalid, with: :invalid!
-        rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+        if Rails.env.production?
+            rescue_from NoMethodError, with: :not_found!
+            rescue_from CanCan::AccessDenied, with: :unauthorized!
+            rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
+            rescue_from ActionController::RoutingError, with: :not_found!
+            rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
+            rescue_from ActiveRecord::RecordInvalid, with: :invalid!
+            rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+        end
         def unauthenticated! exception = AuthenticateUser::AccessDenied.new
             response.headers['WWW-Authenticate'] = "Token realm=Application"
@@ -33,7 +35,7 @@ module ApiExceptionManagement
         def api_error(status: 500, errors: [])
             # puts errors.full_messages if !Rails.env.production? && errors.respond_to?(:full_messages)
-            head status && return if errors.empty?
+            head status && return if errors.blank?
             # For retrocompatibility, I try to send back only strings, as errors
             errors_response = if errors.respond_to?(:full_messages)

data/lib/model_driven_api/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ModelDrivenApi
-  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`}"
+  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`.chomp}"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: model_driven_api
 version: !ruby/object:Gem::Version
-  version: 2.3.2
+  version: 2.3.7
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-11 00:00:00.000000000 Z
+date: 2021-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore_backend_commons