model_driven_api 3.0.5 → 3.0.7
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1822139deff80353dbae231afd40ed1397d7d4cf52da33e7bfc2d1c037cee751
|
|
4
|
+
data.tar.gz: 1545317f8c87c9446a3f6cce825468e7bab53754a6031e012c9b2c16f4850bea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61f7ee38ad2620dcecbc23e00508a5238c7402408fa10a7f5a8925e3939d030b2cb68f330acaab36497cd9ea329bc20da5f6df1327ea4b2986e4ed350ac7d8c4
|
|
7
|
+
data.tar.gz: 9e7b861687ee4e4e798f2fc0d95f925aa06e0d4349d579eb6b6a194a2177bc7d902f9ca630d24fa797b1cfb75a3627e6895a54bf15a792698cfacaa7a3b7fb56
|
data/README.md
CHANGED
|
@@ -480,8 +480,6 @@ Once loaded the tests inside the insomnia application, please right click on the
|
|
|
480
480
|
|
|
481
481
|
## TODO
|
|
482
482
|
|
|
483
|
-
* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
|
|
484
|
-
|
|
485
483
|
## References
|
|
486
484
|
Thanks to all these people for ideas:
|
|
487
485
|
|
|
@@ -11,8 +11,6 @@ class AuthenticateUser
|
|
|
11
11
|
if !first_arg[:email].blank? && !first_arg[:password].blank?
|
|
12
12
|
@email = first_arg[:email]
|
|
13
13
|
@password = first_arg[:password]
|
|
14
|
-
elsif !first_arg[:access_token].blank?
|
|
15
|
-
@access_token = first_arg[:access_token]
|
|
16
14
|
end
|
|
17
15
|
end
|
|
18
16
|
|
|
@@ -30,15 +28,13 @@ class AuthenticateUser
|
|
|
30
28
|
|
|
31
29
|
private
|
|
32
30
|
|
|
33
|
-
attr_accessor :email, :password
|
|
31
|
+
attr_accessor :email, :password
|
|
34
32
|
|
|
35
33
|
def api_user
|
|
36
34
|
if !email.blank? && !password.blank?
|
|
37
35
|
user = User.find_by(email: email)
|
|
38
36
|
# Verify the password.
|
|
39
37
|
user = nil if user.blank? || user.authenticate(password).blank?
|
|
40
|
-
elsif !access_token.blank?
|
|
41
|
-
user = User.find_by(access_token: access_token)
|
|
42
38
|
end
|
|
43
39
|
|
|
44
40
|
raise AccessDenied unless user.present?
|
|
@@ -2,7 +2,7 @@ class Api::V2::AuthenticationController < ActionController::API
|
|
|
2
2
|
include ::ApiExceptionManagement
|
|
3
3
|
|
|
4
4
|
def authenticate
|
|
5
|
-
command =
|
|
5
|
+
command = AuthenticateUser.call(email: params[:auth][:email], password: params[:auth][:password])
|
|
6
6
|
|
|
7
7
|
if command.success?
|
|
8
8
|
response.headers['Token'] = command.result[:jwt]
|
|
@@ -1,21 +1,14 @@
|
|
|
1
|
-
# config/initializers/cors.rb
|
|
2
|
-
# Rails.application.config.middleware.insert_before 0, Rack::Cors do
|
|
3
|
-
# allow do
|
|
4
|
-
# origins '*'
|
|
5
|
-
# resource '*',
|
|
6
|
-
# headers: %w(Token),
|
|
7
|
-
# methods: :any,
|
|
8
|
-
# expose: %w(Token),
|
|
9
|
-
# max_age: 600
|
|
10
|
-
# end
|
|
11
|
-
# end
|
|
12
|
-
|
|
13
1
|
puts "Loading CORS"
|
|
2
|
+
# config/initializers/cors_api_thecore.rb
|
|
14
3
|
Rails.application.config.middleware.insert_before 0, Rack::Cors do
|
|
15
|
-
# Allow Everything
|
|
16
|
-
# Please override to your specific security needs in the actual application
|
|
4
|
+
# # Allow Everything
|
|
5
|
+
# # Please override to your specific security needs in the actual application
|
|
17
6
|
allow do
|
|
18
7
|
origins '*'
|
|
19
|
-
resource '*',
|
|
8
|
+
resource '*',
|
|
9
|
+
headers: %w(app lang enc-data user-data session-id x-requested-with content-type origin authorization accept client-security-token Accept Authorization Cache-Control Content-Type DNT If-Modified-Since Keep-Alive Origin User-Agent X-Requested-With Token),
|
|
10
|
+
methods: [:get, :post, :put, :patch, :delete, :options, :head],
|
|
11
|
+
expose: %w(authorization Authorization Content-Length Token),
|
|
12
|
+
max_age: 600
|
|
20
13
|
end
|
|
21
|
-
end
|
|
14
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-03-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|
|
@@ -121,7 +121,6 @@ files:
|
|
|
121
121
|
- Rakefile
|
|
122
122
|
- app/commands/authenticate_user.rb
|
|
123
123
|
- app/commands/authorize_api_request.rb
|
|
124
|
-
- app/commands/authorize_machine_2_machine.rb
|
|
125
124
|
- app/controllers/api/v2/application_controller.rb
|
|
126
125
|
- app/controllers/api/v2/authentication_controller.rb
|
|
127
126
|
- app/controllers/api/v2/info_controller.rb
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
class AuthorizeMachine2Machine
|
|
2
|
-
prepend SimpleCommand
|
|
3
|
-
|
|
4
|
-
def initialize(headers = {})
|
|
5
|
-
@headers = headers
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
def call
|
|
9
|
-
api_user
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
private
|
|
13
|
-
|
|
14
|
-
attr_reader :headers
|
|
15
|
-
|
|
16
|
-
def api_user
|
|
17
|
-
token = http_auth_header
|
|
18
|
-
user = User.find_by(access_token: token) unless token.blank?
|
|
19
|
-
@api_user = user if user
|
|
20
|
-
@api_user || errors.add(:token, "Invalid token") && nil
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def http_auth_header
|
|
24
|
-
if headers['Authorization'].present?
|
|
25
|
-
return headers['Authorization'].split(' ').last
|
|
26
|
-
else
|
|
27
|
-
errors.add(:token, "Missing token")
|
|
28
|
-
end
|
|
29
|
-
nil
|
|
30
|
-
end
|
|
31
|
-
end
|