model_driven_api 2.4.0 → 2.4.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 83d29c7872f8a719a67efea2d255348bf1d45b59cfed6729a8eba63cd58a3679
4
- data.tar.gz: 0d351060548decf558e0d7332ca4c580729070d80ddfd94c7656da1cb45e815f
3
+ metadata.gz: fe7f4f3089407a7bdb2a1f4174c9c134599fbe2a3ffd7c4bd1fa8d45424fabfe
4
+ data.tar.gz: 1a863a98f07a3311782c8b6d4c8123ba6318ffa1476a056f35ed62fd75b25f3c
5
5
  SHA512:
6
- metadata.gz: fd8488a506791ee0394b4f148c8df23a47728603cc9e56ed2de894ff74cd8ed3bb701e3077c9ba2c512cb83478373448c7d34552eefd5995f64c1a5fcd43ad40
7
- data.tar.gz: 7afcfeb678f4c9d7609468e8e8fad1c5b59a54c41164c2598e201409cd49024be8d6b5f2dea08d1e58778d1905f410f1a826cea278b9b3e251ab850d853690ca
6
+ metadata.gz: 79cf4fd763c17311165ada17fa4067f9151914e62aaa494eb9661dfbe5c41a7d2248c92caf1803518c430eba6d1dd77692a4148db3a18b681618775a51151f59
7
+ data.tar.gz: 38b734d317dbb08b3b7bfce009b5636e38d1647cfd3bf40dea78703dfec89356fe09bcdbd2013a096b4c06a9456c10a9bc5419b512d125a757d1e588e77fab52
data/README.md CHANGED
@@ -140,6 +140,14 @@ Once the JWT has been retrieved, the **Authenticated Request**s must use it in a
140
140
 
141
141
  ```
142
142
  Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1OTA3NzQyMzR9.Z-1yECp55VD560UcB7gIhgVWJNjn8HUerG5s4TVSRko
143
+ ```
144
+
145
+ #### Token Refresh
146
+
147
+ If issued during the token validity period, this will just return a new JWT to be used during following API request.
148
+
149
+ ```bash
150
+ :GET http://localhost:3000/api/v2/info/heartbeat
143
151
  ```
144
152
 
145
153
  ### CRUD Actions
@@ -299,7 +307,7 @@ Something like this can be retrieved:
299
307
  By issuing this GET request:
300
308
 
301
309
  ```bash
302
- GET http://localhost:3000/api/v2/info/roles
310
+ GET http://localhost:3000/api/v2/info/schema
303
311
  ```
304
312
 
305
313
  You will get something like:
@@ -22,7 +22,7 @@ class AuthenticateUser
22
22
  # The token is created and the api_user exists => Invalidating all the previous tokens
23
23
  # Since this is a new login and I don't care from where it comes, new logins always
24
24
  # Invalidate older tokens
25
- UsedToken.where(user_id: api_user.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
25
+ UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
26
26
  return {jwt: result, user: current_u}
27
27
  end
28
28
  nil
@@ -36,7 +36,7 @@ class AuthenticateUser
36
36
  if !email.blank? && !password.blank?
37
37
  user = User.find_by(email: email)
38
38
  # Verify the password.
39
- raise AccessDenied if user.blank? && user.authenticate(password).blank?
39
+ user = nil if user.blank? || user.authenticate(password).blank?
40
40
  elsif !access_token.blank?
41
41
  user = User.find_by(access_token: access_token)
42
42
  end
@@ -0,0 +1,31 @@
1
+ class AuthorizeMachine2Machine
2
+ prepend SimpleCommand
3
+
4
+ def initialize(headers = {})
5
+ @headers = headers
6
+ end
7
+
8
+ def call
9
+ api_user
10
+ end
11
+
12
+ private
13
+
14
+ attr_reader :headers
15
+
16
+ def api_user
17
+ token = http_auth_header
18
+ user = User.find_by(access_token: token) unless token.blank?
19
+ @api_user = user if user
20
+ @api_user || errors.add(:token, "Invalid token") && nil
21
+ end
22
+
23
+ def http_auth_header
24
+ if headers['Authorization'].present?
25
+ return headers['Authorization'].split(' ').last
26
+ else
27
+ errors.add(:token, "Missing token")
28
+ end
29
+ nil
30
+ end
31
+ end
@@ -84,7 +84,8 @@ class Api::V2::ApplicationController < ActionController::API
84
84
  return render json: result, status: 200 if status == true
85
85
 
86
86
  # Normal Update Action
87
- @record.update_attributes!(@body)
87
+ # Raisl 6 vs Rails 6.1
88
+ @record.respond_to?('update_attributes!') ? @record.update_attributes!(@body) : @record.update!(@body)
88
89
  render json: @record.to_json(json_attrs), status: 200
89
90
  end
90
91
 
@@ -130,8 +131,8 @@ class Api::V2::ApplicationController < ActionController::API
130
131
  def authenticate_request
131
132
  @current_user = nil
132
133
  Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
133
- # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
134
- check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
134
+ # puts "Found header #{header}: #{request.headers[header]}"
135
+ check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
135
136
  end
136
137
 
137
138
  check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
@@ -73,4 +73,9 @@ class Api::V2::InfoController < Api::V2::ApplicationController
73
73
  end
74
74
  render json: pivot.to_json, status: 200
75
75
  end
76
+
77
+ def settings
78
+ render json: ThecoreSettings::Setting.pluck(:ns, :key, :raw).inject({}){|result, array| (result[array.first] ||= {})[array.second] = array.third; result }.to_json, status: 200
79
+ end
80
+
76
81
  end
data/config/routes.rb CHANGED
@@ -13,6 +13,7 @@ Rails.application.routes.draw do
13
13
  get :schema
14
14
  get :dsl
15
15
  get :heartbeat
16
+ get :settings
16
17
  end
17
18
 
18
19
  post "authenticate" => "authentication#authenticate"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: model_driven_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.0
4
+ version: 2.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gabriele Tassoni
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-28 00:00:00.000000000 Z
11
+ date: 2022-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thecore_backend_commons
@@ -123,7 +123,7 @@ dependencies:
123
123
  - !ruby/object:Gem::Version
124
124
  version: '1.2'
125
125
  description: Ruby on Rails REST APIs built by convention using the DB schema as the
126
- foundation.
126
+ foundation, please see README for mode of use.
127
127
  email:
128
128
  - gabriele.tassoni@gmail.com
129
129
  executables: []
@@ -135,6 +135,7 @@ files:
135
135
  - Rakefile
136
136
  - app/commands/authenticate_user.rb
137
137
  - app/commands/authorize_api_request.rb
138
+ - app/commands/authorize_machine_2_machine.rb
138
139
  - app/controllers/api/v2/application_controller.rb
139
140
  - app/controllers/api/v2/authentication_controller.rb
140
141
  - app/controllers/api/v2/info_controller.rb