RubyGems - model_driven_api - Versions diffs - 2.3.2 → 2.3.7 - Mend

model_driven_api 2.3.2 → 2.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +1 -1
data/app/commands/authenticate_user.rb +2 -2
data/app/controllers/api/v2/application_controller.rb +29 -3
data/app/controllers/api/v2/info_controller.rb +1 -1
data/lib/concerns/api_exception_management.rb +10 -8
data/lib/model_driven_api/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 938ca4a7652e660ccfcc3bbd4bc3b522244b0f95ba9ed423c9e48d62cb0c276d
-  data.tar.gz: 16e5aff46739a2f62476dda71243e46043d6f5a3e091412fb0a6acc6b4816d77
+  metadata.gz: ec88dcaf27ab5abca89f8db87d1293237950dc1879565048b4fbb3d2901b7ac3
+  data.tar.gz: 643513f277c72318ac7b3ffb9ef2e165258113f093611e29442e24a0aa5d553d
 SHA512:
-  metadata.gz: aa54e6a67fee44ee822eb42ad813653778ac54ae71361422d4325c86926dbde3618deffc57a8c000d3f7b9d03dc0056dbaea553abc72c4a6fac08fa294e12d9a
-  data.tar.gz: 2f719b6e61b8ad5ee976d7a889fe83189e75951ce028f8aced76da08155f4b97bb2901f9e94a92bf825f4daa8b425d6495d35d1983b98467738a0247e64b14ad
+  metadata.gz: 76eccc737ca72f10b10b7b0ae265560f41c53950c423faa8c78fece2097e502c1fe477809720e17acff7bdf796d1a5d186d8710d7fe099d3da6e12f987a2fb88
+  data.tar.gz: 4a9052111ab66b72e8639fa2d567bb4cfd99b565fa304fc17e2e80d8eb1d3627a526f3a2f7fcc8cc5229f4816bb578085cc06a6eef85028f603fb10538e51699

data/README.md CHANGED Viewed

@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
 ## TODO
-* Add a Trust management for API consumers, to have some low level interactions happen between API client and server done without the need for giving a USERNAME and a PASSWORD.
+* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
 ## References
 Thanks to all these people for ideas:

data/app/commands/authenticate_user.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class AuthenticateUser
     class AccessDenied < StandardError
-        def message
-            "AuthenticationError"
+        def message more = "AuthenticationError"
+            more
         end
     end
     prepend SimpleCommand

data/app/controllers/api/v2/application_controller.rb CHANGED Viewed

@@ -107,15 +107,33 @@ class Api::V2::ApplicationController < ActionController::API
             # call an unwanted method in the AR Model.
             resource = "custom_action_#{params[:do]}"
             raise NoMethodError unless @model.respond_to?(resource)
-            return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            # return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
+            return true, MultiJson.dump(@model.send(resource, params))
         end
         # if it's here there is no custom action in the request querystring
         return false
     end
+    def class_exists?(class_name)
+        klass = Module.const_get(class_name)
+        return klass.is_a?(Class)
+    rescue NameError
+        return false
+    end
     def authenticate_request
-        @current_user = AuthorizeApiRequest.call(request.headers).result
-        return unauthenticated! unless @current_user
+        # puts request.headers.inspect
+        @current_user = nil
+        # puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
+        Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
+            # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
+            check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
+        end
+        # This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
+        check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
+        return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
         current_user = @current_user
         params[:current_user_id] = @current_user.id
         # Now every time the user fires off a successful GET request,
@@ -147,6 +165,14 @@ class Api::V2::ApplicationController < ActionController::API
         return not_found! if (!@model.new.is_a? ActiveRecord::Base rescue false)
     end
+    def check_authorization cmd
+        if cmd.success?
+            @current_user = cmd.result
+        else
+            @auth_errors = cmd.errors
+        end
+    end
     # Nullifying strong params for API
     def params
         request.parameters

data/app/controllers/api/v2/info_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ class Api::V2::InfoController < Api::V2::ApplicationController
   # api :GET, '/api/v2/info/version', "Just prints the APPVERSION."
   def version
-    render json: { version: ModelDrivenApi::VERSION }.to_json, status: 200
+    render json: { version: "TODO: Find a Way to Dynamically Obtain It" }.to_json, status: 200
   end
   # api :GET, '/api/v2/info/roles'

data/lib/concerns/api_exception_management.rb CHANGED Viewed

@@ -2,13 +2,15 @@ module ApiExceptionManagement
     extend ActiveSupport::Concern
     included do
-        rescue_from NoMethodError, with: :not_found!
-        rescue_from CanCan::AccessDenied, with: :unauthorized!
-        rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
-        rescue_from ActionController::RoutingError, with: :not_found!
-        rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
-        rescue_from ActiveRecord::RecordInvalid, with: :invalid!
-        rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+        if Rails.env.production?
+            rescue_from NoMethodError, with: :not_found!
+            rescue_from CanCan::AccessDenied, with: :unauthorized!
+            rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
+            rescue_from ActionController::RoutingError, with: :not_found!
+            rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
+            rescue_from ActiveRecord::RecordInvalid, with: :invalid!
+            rescue_from ActiveRecord::RecordNotFound, with: :not_found!
+        end
         def unauthenticated! exception = AuthenticateUser::AccessDenied.new
             response.headers['WWW-Authenticate'] = "Token realm=Application"
@@ -33,7 +35,7 @@ module ApiExceptionManagement
         def api_error(status: 500, errors: [])
             # puts errors.full_messages if !Rails.env.production? && errors.respond_to?(:full_messages)
-            head status && return if errors.empty?
+            head status && return if errors.blank?
             # For retrocompatibility, I try to send back only strings, as errors
             errors_response = if errors.respond_to?(:full_messages)

data/lib/model_driven_api/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ModelDrivenApi
-  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`}"
+  VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`.chomp}"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: model_driven_api
 version: !ruby/object:Gem::Version
-  version: 2.3.2
+  version: 2.3.7
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-11 00:00:00.000000000 Z
+date: 2021-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thecore_backend_commons