model_driven_api 2.4.3 → 2.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fe7f4f3089407a7bdb2a1f4174c9c134599fbe2a3ffd7c4bd1fa8d45424fabfe
|
|
4
|
+
data.tar.gz: 1a863a98f07a3311782c8b6d4c8123ba6318ffa1476a056f35ed62fd75b25f3c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 79cf4fd763c17311165ada17fa4067f9151914e62aaa494eb9661dfbe5c41a7d2248c92caf1803518c430eba6d1dd77692a4148db3a18b681618775a51151f59
|
|
7
|
+
data.tar.gz: 38b734d317dbb08b3b7bfce009b5636e38d1647cfd3bf40dea78703dfec89356fe09bcdbd2013a096b4c06a9456c10a9bc5419b512d125a757d1e588e77fab52
|
|
@@ -22,7 +22,7 @@ class AuthenticateUser
|
|
|
22
22
|
# The token is created and the api_user exists => Invalidating all the previous tokens
|
|
23
23
|
# Since this is a new login and I don't care from where it comes, new logins always
|
|
24
24
|
# Invalidate older tokens
|
|
25
|
-
UsedToken.where(user_id:
|
|
25
|
+
UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
|
|
26
26
|
return {jwt: result, user: current_u}
|
|
27
27
|
end
|
|
28
28
|
nil
|
|
@@ -36,7 +36,7 @@ class AuthenticateUser
|
|
|
36
36
|
if !email.blank? && !password.blank?
|
|
37
37
|
user = User.find_by(email: email)
|
|
38
38
|
# Verify the password.
|
|
39
|
-
|
|
39
|
+
user = nil if user.blank? || user.authenticate(password).blank?
|
|
40
40
|
elsif !access_token.blank?
|
|
41
41
|
user = User.find_by(access_token: access_token)
|
|
42
42
|
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
class AuthorizeMachine2Machine
|
|
2
|
+
prepend SimpleCommand
|
|
3
|
+
|
|
4
|
+
def initialize(headers = {})
|
|
5
|
+
@headers = headers
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def call
|
|
9
|
+
api_user
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
attr_reader :headers
|
|
15
|
+
|
|
16
|
+
def api_user
|
|
17
|
+
token = http_auth_header
|
|
18
|
+
user = User.find_by(access_token: token) unless token.blank?
|
|
19
|
+
@api_user = user if user
|
|
20
|
+
@api_user || errors.add(:token, "Invalid token") && nil
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def http_auth_header
|
|
24
|
+
if headers['Authorization'].present?
|
|
25
|
+
return headers['Authorization'].split(' ').last
|
|
26
|
+
else
|
|
27
|
+
errors.add(:token, "Missing token")
|
|
28
|
+
end
|
|
29
|
+
nil
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -131,8 +131,8 @@ class Api::V2::ApplicationController < ActionController::API
|
|
|
131
131
|
def authenticate_request
|
|
132
132
|
@current_user = nil
|
|
133
133
|
Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
|
|
134
|
-
# puts "Found header #{header}: #{request.headers[header
|
|
135
|
-
check_authorization("Authorize#{header}".constantize.call(request.headers
|
|
134
|
+
# puts "Found header #{header}: #{request.headers[header]}"
|
|
135
|
+
check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
|
|
136
136
|
end
|
|
137
137
|
|
|
138
138
|
check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.4.
|
|
4
|
+
version: 2.4.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-02-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|
|
@@ -135,6 +135,7 @@ files:
|
|
|
135
135
|
- Rakefile
|
|
136
136
|
- app/commands/authenticate_user.rb
|
|
137
137
|
- app/commands/authorize_api_request.rb
|
|
138
|
+
- app/commands/authorize_machine_2_machine.rb
|
|
138
139
|
- app/controllers/api/v2/application_controller.rb
|
|
139
140
|
- app/controllers/api/v2/authentication_controller.rb
|
|
140
141
|
- app/controllers/api/v2/info_controller.rb
|