model_driven_api 3.0.5 → 3.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1822139deff80353dbae231afd40ed1397d7d4cf52da33e7bfc2d1c037cee751
|
|
4
|
+
data.tar.gz: 1545317f8c87c9446a3f6cce825468e7bab53754a6031e012c9b2c16f4850bea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61f7ee38ad2620dcecbc23e00508a5238c7402408fa10a7f5a8925e3939d030b2cb68f330acaab36497cd9ea329bc20da5f6df1327ea4b2986e4ed350ac7d8c4
|
|
7
|
+
data.tar.gz: 9e7b861687ee4e4e798f2fc0d95f925aa06e0d4349d579eb6b6a194a2177bc7d902f9ca630d24fa797b1cfb75a3627e6895a54bf15a792698cfacaa7a3b7fb56
|
data/README.md
CHANGED
|
@@ -480,8 +480,6 @@ Once loaded the tests inside the insomnia application, please right click on the
|
|
|
480
480
|
|
|
481
481
|
## TODO
|
|
482
482
|
|
|
483
|
-
* Document the new feature (from version 2.3.3) to add Authentication methods which override the JWT described above. Useful for Webhooks and machine2machine trusted dialogues.
|
|
484
|
-
|
|
485
483
|
## References
|
|
486
484
|
Thanks to all these people for ideas:
|
|
487
485
|
|
|
@@ -11,8 +11,6 @@ class AuthenticateUser
|
|
|
11
11
|
if !first_arg[:email].blank? && !first_arg[:password].blank?
|
|
12
12
|
@email = first_arg[:email]
|
|
13
13
|
@password = first_arg[:password]
|
|
14
|
-
elsif !first_arg[:access_token].blank?
|
|
15
|
-
@access_token = first_arg[:access_token]
|
|
16
14
|
end
|
|
17
15
|
end
|
|
18
16
|
|
|
@@ -30,15 +28,13 @@ class AuthenticateUser
|
|
|
30
28
|
|
|
31
29
|
private
|
|
32
30
|
|
|
33
|
-
attr_accessor :email, :password
|
|
31
|
+
attr_accessor :email, :password
|
|
34
32
|
|
|
35
33
|
def api_user
|
|
36
34
|
if !email.blank? && !password.blank?
|
|
37
35
|
user = User.find_by(email: email)
|
|
38
36
|
# Verify the password.
|
|
39
37
|
user = nil if user.blank? || user.authenticate(password).blank?
|
|
40
|
-
elsif !access_token.blank?
|
|
41
|
-
user = User.find_by(access_token: access_token)
|
|
42
38
|
end
|
|
43
39
|
|
|
44
40
|
raise AccessDenied unless user.present?
|
|
@@ -2,7 +2,7 @@ class Api::V2::AuthenticationController < ActionController::API
|
|
|
2
2
|
include ::ApiExceptionManagement
|
|
3
3
|
|
|
4
4
|
def authenticate
|
|
5
|
-
command =
|
|
5
|
+
command = AuthenticateUser.call(email: params[:auth][:email], password: params[:auth][:password])
|
|
6
6
|
|
|
7
7
|
if command.success?
|
|
8
8
|
response.headers['Token'] = command.result[:jwt]
|
|
@@ -1,21 +1,14 @@
|
|
|
1
|
-
# config/initializers/cors.rb
|
|
2
|
-
# Rails.application.config.middleware.insert_before 0, Rack::Cors do
|
|
3
|
-
# allow do
|
|
4
|
-
# origins '*'
|
|
5
|
-
# resource '*',
|
|
6
|
-
# headers: %w(Token),
|
|
7
|
-
# methods: :any,
|
|
8
|
-
# expose: %w(Token),
|
|
9
|
-
# max_age: 600
|
|
10
|
-
# end
|
|
11
|
-
# end
|
|
12
|
-
|
|
13
1
|
puts "Loading CORS"
|
|
2
|
+
# config/initializers/cors_api_thecore.rb
|
|
14
3
|
Rails.application.config.middleware.insert_before 0, Rack::Cors do
|
|
15
|
-
# Allow Everything
|
|
16
|
-
# Please override to your specific security needs in the actual application
|
|
4
|
+
# # Allow Everything
|
|
5
|
+
# # Please override to your specific security needs in the actual application
|
|
17
6
|
allow do
|
|
18
7
|
origins '*'
|
|
19
|
-
resource '*',
|
|
8
|
+
resource '*',
|
|
9
|
+
headers: %w(app lang enc-data user-data session-id x-requested-with content-type origin authorization accept client-security-token Accept Authorization Cache-Control Content-Type DNT If-Modified-Since Keep-Alive Origin User-Agent X-Requested-With Token),
|
|
10
|
+
methods: [:get, :post, :put, :patch, :delete, :options, :head],
|
|
11
|
+
expose: %w(authorization Authorization Content-Length Token),
|
|
12
|
+
max_age: 600
|
|
20
13
|
end
|
|
21
|
-
end
|
|
14
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: model_driven_api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gabriele Tassoni
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-03-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thecore_backend_commons
|
|
@@ -121,7 +121,6 @@ files:
|
|
|
121
121
|
- Rakefile
|
|
122
122
|
- app/commands/authenticate_user.rb
|
|
123
123
|
- app/commands/authorize_api_request.rb
|
|
124
|
-
- app/commands/authorize_machine_2_machine.rb
|
|
125
124
|
- app/controllers/api/v2/application_controller.rb
|
|
126
125
|
- app/controllers/api/v2/authentication_controller.rb
|
|
127
126
|
- app/controllers/api/v2/info_controller.rb
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
class AuthorizeMachine2Machine
|
|
2
|
-
prepend SimpleCommand
|
|
3
|
-
|
|
4
|
-
def initialize(headers = {})
|
|
5
|
-
@headers = headers
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
def call
|
|
9
|
-
api_user
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
private
|
|
13
|
-
|
|
14
|
-
attr_reader :headers
|
|
15
|
-
|
|
16
|
-
def api_user
|
|
17
|
-
token = http_auth_header
|
|
18
|
-
user = User.find_by(access_token: token) unless token.blank?
|
|
19
|
-
@api_user = user if user
|
|
20
|
-
@api_user || errors.add(:token, "Invalid token") && nil
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def http_auth_header
|
|
24
|
-
if headers['Authorization'].present?
|
|
25
|
-
return headers['Authorization'].split(' ').last
|
|
26
|
-
else
|
|
27
|
-
errors.add(:token, "Missing token")
|
|
28
|
-
end
|
|
29
|
-
nil
|
|
30
|
-
end
|
|
31
|
-
end
|