model_driven_api 2.4.3 → 2.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f587fb3dc87ca59c5a9cfa3bd03137481b64bb691d69324b956a68f43316018
4
- data.tar.gz: 92ad2b21cd10fceab0c7b0d5439048a9d01fdfa8f8d8c64046c1e451279666d2
3
+ metadata.gz: fe7f4f3089407a7bdb2a1f4174c9c134599fbe2a3ffd7c4bd1fa8d45424fabfe
4
+ data.tar.gz: 1a863a98f07a3311782c8b6d4c8123ba6318ffa1476a056f35ed62fd75b25f3c
5
5
  SHA512:
6
- metadata.gz: 74e867b8007e9d8234321cb569e4e2d5505dc2347ba563a9e71dfc1e8a7ff30a3eea4264c6e79c51a5b3e74d8a70b1b220064530c6dfa9962dc05fba57066440
7
- data.tar.gz: 8bcf5ae78e32f788fd62ec66df1b3d46614b47b74c59e0a9d05f72d9efa8cf8fbc2996f67f23a9d1428e700203d54ae1a1af12957c051e49f3378bda7e5e7733
6
+ metadata.gz: 79cf4fd763c17311165ada17fa4067f9151914e62aaa494eb9661dfbe5c41a7d2248c92caf1803518c430eba6d1dd77692a4148db3a18b681618775a51151f59
7
+ data.tar.gz: 38b734d317dbb08b3b7bfce009b5636e38d1647cfd3bf40dea78703dfec89356fe09bcdbd2013a096b4c06a9456c10a9bc5419b512d125a757d1e588e77fab52
@@ -22,7 +22,7 @@ class AuthenticateUser
22
22
  # The token is created and the api_user exists => Invalidating all the previous tokens
23
23
  # Since this is a new login and I don't care from where it comes, new logins always
24
24
  # Invalidate older tokens
25
- UsedToken.where(user_id: api_user.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
25
+ UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
26
26
  return {jwt: result, user: current_u}
27
27
  end
28
28
  nil
@@ -36,7 +36,7 @@ class AuthenticateUser
36
36
  if !email.blank? && !password.blank?
37
37
  user = User.find_by(email: email)
38
38
  # Verify the password.
39
- raise AccessDenied if user.blank? && user.authenticate(password).blank?
39
+ user = nil if user.blank? || user.authenticate(password).blank?
40
40
  elsif !access_token.blank?
41
41
  user = User.find_by(access_token: access_token)
42
42
  end
@@ -0,0 +1,31 @@
1
+ class AuthorizeMachine2Machine
2
+ prepend SimpleCommand
3
+
4
+ def initialize(headers = {})
5
+ @headers = headers
6
+ end
7
+
8
+ def call
9
+ api_user
10
+ end
11
+
12
+ private
13
+
14
+ attr_reader :headers
15
+
16
+ def api_user
17
+ token = http_auth_header
18
+ user = User.find_by(access_token: token) unless token.blank?
19
+ @api_user = user if user
20
+ @api_user || errors.add(:token, "Invalid token") && nil
21
+ end
22
+
23
+ def http_auth_header
24
+ if headers['Authorization'].present?
25
+ return headers['Authorization'].split(' ').last
26
+ else
27
+ errors.add(:token, "Missing token")
28
+ end
29
+ nil
30
+ end
31
+ end
@@ -131,8 +131,8 @@ class Api::V2::ApplicationController < ActionController::API
131
131
  def authenticate_request
132
132
  @current_user = nil
133
133
  Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
134
- # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
135
- check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
134
+ # puts "Found header #{header}: #{request.headers[header]}"
135
+ check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
136
136
  end
137
137
 
138
138
  check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: model_driven_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.3
4
+ version: 2.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gabriele Tassoni
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-25 00:00:00.000000000 Z
11
+ date: 2022-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thecore_backend_commons
@@ -135,6 +135,7 @@ files:
135
135
  - Rakefile
136
136
  - app/commands/authenticate_user.rb
137
137
  - app/commands/authorize_api_request.rb
138
+ - app/commands/authorize_machine_2_machine.rb
138
139
  - app/controllers/api/v2/application_controller.rb
139
140
  - app/controllers/api/v2/authentication_controller.rb
140
141
  - app/controllers/api/v2/info_controller.rb