model_driven_api 2.4.3 → 2.4.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f587fb3dc87ca59c5a9cfa3bd03137481b64bb691d69324b956a68f43316018
4
- data.tar.gz: 92ad2b21cd10fceab0c7b0d5439048a9d01fdfa8f8d8c64046c1e451279666d2
3
+ metadata.gz: fe7f4f3089407a7bdb2a1f4174c9c134599fbe2a3ffd7c4bd1fa8d45424fabfe
4
+ data.tar.gz: 1a863a98f07a3311782c8b6d4c8123ba6318ffa1476a056f35ed62fd75b25f3c
5
5
  SHA512:
6
- metadata.gz: 74e867b8007e9d8234321cb569e4e2d5505dc2347ba563a9e71dfc1e8a7ff30a3eea4264c6e79c51a5b3e74d8a70b1b220064530c6dfa9962dc05fba57066440
7
- data.tar.gz: 8bcf5ae78e32f788fd62ec66df1b3d46614b47b74c59e0a9d05f72d9efa8cf8fbc2996f67f23a9d1428e700203d54ae1a1af12957c051e49f3378bda7e5e7733
6
+ metadata.gz: 79cf4fd763c17311165ada17fa4067f9151914e62aaa494eb9661dfbe5c41a7d2248c92caf1803518c430eba6d1dd77692a4148db3a18b681618775a51151f59
7
+ data.tar.gz: 38b734d317dbb08b3b7bfce009b5636e38d1647cfd3bf40dea78703dfec89356fe09bcdbd2013a096b4c06a9456c10a9bc5419b512d125a757d1e588e77fab52
@@ -22,7 +22,7 @@ class AuthenticateUser
22
22
  # The token is created and the api_user exists => Invalidating all the previous tokens
23
23
  # Since this is a new login and I don't care from where it comes, new logins always
24
24
  # Invalidate older tokens
25
- UsedToken.where(user_id: api_user.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
25
+ UsedToken.where(user_id: current_u.id).update(is_valid: false) if ENV["ALLOW_MULTISESSIONS"] == "false"
26
26
  return {jwt: result, user: current_u}
27
27
  end
28
28
  nil
@@ -36,7 +36,7 @@ class AuthenticateUser
36
36
  if !email.blank? && !password.blank?
37
37
  user = User.find_by(email: email)
38
38
  # Verify the password.
39
- raise AccessDenied if user.blank? && user.authenticate(password).blank?
39
+ user = nil if user.blank? || user.authenticate(password).blank?
40
40
  elsif !access_token.blank?
41
41
  user = User.find_by(access_token: access_token)
42
42
  end
@@ -0,0 +1,31 @@
1
+ class AuthorizeMachine2Machine
2
+ prepend SimpleCommand
3
+
4
+ def initialize(headers = {})
5
+ @headers = headers
6
+ end
7
+
8
+ def call
9
+ api_user
10
+ end
11
+
12
+ private
13
+
14
+ attr_reader :headers
15
+
16
+ def api_user
17
+ token = http_auth_header
18
+ user = User.find_by(access_token: token) unless token.blank?
19
+ @api_user = user if user
20
+ @api_user || errors.add(:token, "Invalid token") && nil
21
+ end
22
+
23
+ def http_auth_header
24
+ if headers['Authorization'].present?
25
+ return headers['Authorization'].split(' ').last
26
+ else
27
+ errors.add(:token, "Missing token")
28
+ end
29
+ nil
30
+ end
31
+ end
@@ -131,8 +131,8 @@ class Api::V2::ApplicationController < ActionController::API
131
131
  def authenticate_request
132
132
  @current_user = nil
133
133
  Settings.ns(:security).allowed_authorization_headers.split(",").each do |header|
134
- # puts "Found header #{header}: #{request.headers[header.underscore.dasherize]}"
135
- check_authorization("Authorize#{header}".constantize.call(request.headers, request.raw_post)) if request.headers[header.underscore.dasherize]
134
+ # puts "Found header #{header}: #{request.headers[header]}"
135
+ check_authorization("Authorize#{header}".constantize.call(request.headers)) # if request.headers[header]
136
136
  end
137
137
 
138
138
  check_authorization AuthorizeApiRequest.call(request.headers) unless @current_user
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: model_driven_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.3
4
+ version: 2.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gabriele Tassoni
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-25 00:00:00.000000000 Z
11
+ date: 2022-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thecore_backend_commons
@@ -135,6 +135,7 @@ files:
135
135
  - Rakefile
136
136
  - app/commands/authenticate_user.rb
137
137
  - app/commands/authorize_api_request.rb
138
+ - app/commands/authorize_machine_2_machine.rb
138
139
  - app/controllers/api/v2/application_controller.rb
139
140
  - app/controllers/api/v2/authentication_controller.rb
140
141
  - app/controllers/api/v2/info_controller.rb