model_driven_api 2.3.3 → 2.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/app/controllers/api/v2/application_controller.rb +4 -3
  4. data/app/controllers/api/v2/info_controller.rb +1 -1
  5. data/config/initializers/time_with_zone.rb +8 -0
  6. data/lib/concerns/api_exception_management.rb +10 -8
  7. data/lib/model_driven_api/version.rb +1 -1
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c77b61d75c5b926929f9a65ae9694e918b2c36d7be0fa3bb0f5a9a5fd8909b29
4
- data.tar.gz: 979cb2cff870f9f41e457efb5ec4bd328dab62224b36c85adcfdcd596ad6058e
3
+ metadata.gz: b8eeb8407dddfe99afa98093d2c16b193572843694616f7b27249c3661390b16
4
+ data.tar.gz: 31287c2fb6cb36353e76652e470e6d3c58ad4d4140c08a90e3b633ab98324a91
5
5
  SHA512:
6
- metadata.gz: 1f7433104bcb521f99e9bb7940695047f2ff8d72e9471dc9ddaf0f8f3de876b0c5e7ed061f834959228e06cfd8b8465cbf85b8bd54a209778e8cac102697b094
7
- data.tar.gz: 3401e9d58984dcb9c28bc356254b832a322aad20d0eef59e5e8dbba1520654fbbfbbdd125415e1c06039f9e2c62f8a0a2034dbf85726f6015c1e9ecec0d7949f
6
+ metadata.gz: 519231f4c1073ffe54c3800ade34ee21cbcee27bfa8e568b66521808458a9def469679a01ca82222056ea69cbd314eb5a8a5bac979ba8801ea7ee7b926e2835c
7
+ data.tar.gz: 4ed7f93269ce8bf37104a36cb3b71c5de52f45d7ce6623eee6ffdcb2b95fd86c53b043ff5bf2e2692a784a9d079dfe0b787e9bb228486a4d4854faf4c7a03529
data/README.md CHANGED
@@ -422,7 +422,7 @@ Once loaded the tests inside the insomnia application, please right click on the
422
422
 
423
423
  ## TODO
424
424
 
425
- * Add a Trust management for API consumers, to have some low level interactions happen between API client and server done without the need for giving a USERNAME and a PASSWORD.
425
+ * Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
426
426
 
427
427
  ## References
428
428
  Thanks to all these people for ideas:
data/app/controllers/api/v2/application_controller.rb CHANGED
@@ -107,7 +107,8 @@ class Api::V2::ApplicationController < ActionController::API
107
107
  # call an unwanted method in the AR Model.
108
108
  resource = "custom_action_#{params[:do]}"
109
109
  raise NoMethodError unless @model.respond_to?(resource)
110
- return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
110
+ # return true, MultiJson.dump(params[:id].blank? ? @model.send(resource, params) : @model.send(resource, params[:id].to_i, params))
111
+ return true, MultiJson.dump(@model.send(resource, params))
111
112
  end
112
113
  # if it's here there is no custom action in the request querystring
113
114
  return false
@@ -123,11 +124,11 @@ class Api::V2::ApplicationController < ActionController::API
123
124
  def authenticate_request
124
125
  # puts request.headers.inspect
125
126
  @current_user = nil
127
+ # puts "Are there wbehooks headers to check for? #{Settings.ns(:security).allowed_authorization_headers}"
126
128
  Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
127
- # puts request.headers[header.underscore.dasherize]
129
+ # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
128
130
  check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
129
131
  end
130
- return unauthenticated!(OpenStruct.new({message: @auth_errors})) unless @current_user
131
132
 
132
133
  # This is the default one, if the header doesn't have a valid form for one of the other Auth methods, then use this Auth Class
133
134
  check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
data/app/controllers/api/v2/info_controller.rb CHANGED
@@ -6,7 +6,7 @@ class Api::V2::InfoController < Api::V2::ApplicationController
6
6
 
7
7
  # api :GET, '/api/v2/info/version', "Just prints the APPVERSION."
8
8
  def version
9
- render json: { version: ModelDrivenApi::VERSION }.to_json, status: 200
9
+ render json: { version: "TODO: Find a Way to Dynamically Obtain It" }.to_json, status: 200
10
10
  end
11
11
 
12
12
  # api :GET, '/api/v2/info/roles'
data/config/initializers/time_with_zone.rb ADDED
@@ -0,0 +1,8 @@
1
+ # Turns API calls to always UTC, leaving the APP the freedom to use local timezone
2
+ module ActiveSupport
3
+ class TimeWithZone
4
+ def as_json(options = nil)
5
+ utc
6
+ end
7
+ end
8
+ end
data/lib/concerns/api_exception_management.rb CHANGED
@@ -2,13 +2,15 @@ module ApiExceptionManagement
2
2
  extend ActiveSupport::Concern
3
3
 
4
4
  included do
5
- rescue_from NoMethodError, with: :not_found!
6
- rescue_from CanCan::AccessDenied, with: :unauthorized!
7
- rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
8
- rescue_from ActionController::RoutingError, with: :not_found!
9
- rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
10
- rescue_from ActiveRecord::RecordInvalid, with: :invalid!
11
- rescue_from ActiveRecord::RecordNotFound, with: :not_found!
5
+ if Rails.env.production?
6
+ rescue_from NoMethodError, with: :not_found!
7
+ rescue_from CanCan::AccessDenied, with: :unauthorized!
8
+ rescue_from AuthenticateUser::AccessDenied, with: :unauthenticated!
9
+ rescue_from ActionController::RoutingError, with: :not_found!
10
+ rescue_from ActiveModel::ForbiddenAttributesError, with: :fivehundred!
11
+ rescue_from ActiveRecord::RecordInvalid, with: :invalid!
12
+ rescue_from ActiveRecord::RecordNotFound, with: :not_found!
13
+ end
12
14
 
13
15
  def unauthenticated! exception = AuthenticateUser::AccessDenied.new
14
16
  response.headers['WWW-Authenticate'] = "Token realm=Application"
@@ -33,7 +35,7 @@ module ApiExceptionManagement
33
35
 
34
36
  def api_error(status: 500, errors: [])
35
37
  # puts errors.full_messages if !Rails.env.production? && errors.respond_to?(:full_messages)
36
- head status && return if errors.empty?
38
+ head status && return if errors.blank?
37
39
 
38
40
  # For retrocompatibility, I try to send back only strings, as errors
39
41
  errors_response = if errors.respond_to?(:full_messages)
data/lib/model_driven_api/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ModelDrivenApi
2
- VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`}"
2
+ VERSION = "#{`git describe --tags $(git rev-list --tags --max-count=1)`.chomp}"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: model_driven_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.3
4
+ version: 2.3.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gabriele Tassoni
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-09 00:00:00.000000000 Z
11
+ date: 2021-03-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thecore_backend_commons
@@ -142,6 +142,7 @@ files:
142
142
  - config/initializers/after_initialize_for_model_driven_api.rb
143
143
  - config/initializers/cors_api_thecore.rb
144
144
  - config/initializers/knock.rb
145
+ - config/initializers/time_with_zone.rb
145
146
  - config/initializers/wrap_parameters.rb
146
147
  - config/routes.rb
147
148
  - lib/concerns/api_exception_management.rb