mumuki-laboratory 5.10.0 → 5.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5fa7aa2c319aee6bd932340664e1ed91d87d3dcee8f9b8f429301a7e02b2526
-  data.tar.gz: d12b201ddb14ba04dfbe233d5e57fcec1b57260c85a622243ed03de1226550d2
+  metadata.gz: 42dc9471f1a0a74ace505a73db807a18852b0347f79059953eb5c46a2756fc73
+  data.tar.gz: e03f2a3eb2f5037cbe01d12847cd0c9bf200ce8d6c5729f7c20536837f09f8c3
 SHA512:
-  metadata.gz: d5cc2dcc2980e75f1446a5f9b8c315efd3030e0ce90084edf406cb1303442d91870515d82d13051229458fe34c2bd60ce2e5a7560462188d806bd7b39cbc0bde
-  data.tar.gz: 013b96fa9769ba74eba05dd26822872f35acc05e9e60f93b88cdf0c5d81bab5822dc025bb9f73d90168774e7aa6d3b61f6d0f2cd7a677376ae17a78b9187114a
+  metadata.gz: 2e36aac69358d75f9eceb7058c5fcbf38041acdc8be060aa0703bffab770175277a3b5b6bb669ce19118ce0c7b3cf95c9034584476e907d604e38a9eb583d2ce
+  data.tar.gz: e10e71a29c00f626bf47a5e2ab008bee671638bc57e8b633e9af62025e4edd330fb550014084e7f173f85ef1b5e64613da3465d6b2e65fc111ec4e158e383344

data/app/assets/stylesheets/application/modules/_console.scss

@@ -31,7 +31,7 @@ div.console div.jquery-console-focus span.jquery-console-cursor {
 
 div.console div.jquery-console-message-error {
   color: #d62c1a;
-  font-family: sans-serif;
+  font-family: monospace;
   font-weight: bold;
   padding: 0.1em;
 }

data/app/controllers/api/base_controller.rb

@@ -4,7 +4,7 @@ module Api
 
     protect_from_forgery with: :null_session
 
-    include WithApiErrors
+    include Mumuki::Laboratory::Controllers::DynamicErrors
     include WithAuthorization
     include Mumuki::Laboratory::Controllers::CurrentOrganization
 

data/app/models/api_client.rb

@@ -9,12 +9,12 @@ class ApiClient < ApplicationRecord
   before_create :set_encoded_token!
 
   def verify!
-    raise 'Invalid Api Client' if Mumukit::Auth::Token.decode(token).uid != user.uid
+    self.class.invalid_token! 'Invalid Api Client' if Mumukit::Auth::Token.decode(token).uid != user.uid
   end
 
   def self.verify_token!(token)
     client = find_by token: token
-    raise 'No Api Client found for Token' unless client
+    invalid_token! 'No Api Client found for Token' unless client
     client.verify!
   end
 
@@ -24,4 +24,8 @@ class ApiClient < ApplicationRecord
     self.token = Mumukit::Auth::Token.encode user.uid, {}
   end
 
+  def self.invalid_token!(message)
+    raise Mumukit::Auth::InvalidTokenError, message
+  end
+
 end

data/lib/mumuki/laboratory/controllers/dynamic_errors.rb

@@ -8,37 +8,62 @@ module Mumuki::Laboratory::Controllers::DynamicErrors
     end
     rescue_from ActiveRecord::RecordNotFound, with: :not_found
     rescue_from Mumukit::Auth::UnauthorizedAccessError, with: :forbidden
+    rescue_from Mumukit::Auth::InvalidTokenError, with: :unauthorized
     rescue_from Mumuki::Laboratory::NotFoundError, with: :not_found
     rescue_from Mumuki::Laboratory::ForbiddenError, with: :forbidden
     rescue_from Mumuki::Laboratory::UnauthorizedError, with: :unauthorized
     rescue_from Mumuki::Laboratory::GoneError, with: :gone
     rescue_from Mumuki::Laboratory::BlockedForumError, with: :blocked_forum
+    rescue_from ActiveRecord::RecordInvalid, with: :bad_record
+  end
+
+  def bad_record(exception)
+    # bad records can only be produced thourgh API
+    render_api_errors exception.record.errors, 400
   end
 
   def not_found
-    render 'errors/not_found', status: 404, formats: [:html]
+    render_error 'not_found', 404, formats: [:html]
   end
 
   def internal_server_error(exception)
     Rails.logger.error "Internal server error: #{exception} \n#{exception.backtrace.join("\n")}"
-    render 'errors/internal_server_error', status: 500
+    render_error 'internal_server_error', 500
   end
 
-  def unauthorized
-    render 'errors/unauthorized', status: 401
+  def unauthorized(exception)
+    render_error 'unauthorized', 401, error_message: exception.message
   end
 
   def forbidden
-    Rails.logger.info "Access to organization #{Organization.current} was forbidden to user #{current_user} with permissions #{current_user.permissions}"
-    render 'errors/forbidden', status: 403, locals: { explanation: :forbidden_explanation }
+    message = "Access to organization #{Organization.current} was forbidden to user #{current_user.uid} with permissions #{current_user.permissions.to_json}"
+    Rails.logger.info message
+    render_error 'forbidden', 403, locals: { explanation: :forbidden_explanation }, error_message: message
   end
 
   def blocked_forum
-    render 'errors/forbidden', status: 403, locals: { explanation: :blocked_forum_explanation }
+    render_error 'forbidden', 403, locals: { explanation: :blocked_forum_explanation }
   end
 
   def gone
-    render 'errors/gone', status: 410
+    render_error 'gone', 410
+  end
+
+  def render_error(template, status, options={})
+    if Mumukit::Platform.organization_mapping.path_under_namespace? request.path, 'api'
+      render_api_errors [options[:error_message] || template.gsub('_', ' ')], status
+    else
+      render_app_errors template, options.merge(status: status).except(:error_message)
+    end
   end
 
+  private
+
+  def render_app_errors(template, options)
+    render "errors/#{template}", options
+  end
+
+  def render_api_errors(errors, status)
+    render json: { errors: errors }, status: status
+  end
 end

data/lib/mumuki/laboratory/mumukit/platform.rb

@@ -18,6 +18,14 @@ class Mumuki::Laboratory::Engine < ::Rails::Engine
   config.i18n.available_locales = Mumukit::Platform::Locale.supported
 end
 
+module Mumukit::Platform::OrganizationMapping::Subdomain
+  class << self
+    def path_under_namespace?(path, namespace)
+      path.start_with? "/#{namespace}/"
+    end
+  end
+end
+
 module Mumukit::Platform::OrganizationMapping::Path
   class << self
     alias __organization_name__ organization_name
@@ -30,5 +38,9 @@ module Mumukit::Platform::OrganizationMapping::Path
         name
       end
     end
+
+    def path_under_namespace?(path, namespace)
+      path.start_with? "/#{Mumukit::Platform.current_organization_name}/#{namespace}/"
+    end
   end
 end

data/lib/mumuki/laboratory/version.rb

@@ -1,5 +1,5 @@
 module Mumuki
   module Laboratory
-    VERSION = '5.10.0'
+    VERSION = '5.10.1'
   end
 end

data/spec/controllers/api_clients_controller.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe ApiClientsController, type: :controller, organization_workspace: :base do
-  before { @request.env["HTTP_AUTHORIZATION"] = api_client.token }
+  before { set_api_client! api_client }
   let(:api_client) { create :api_client }
   let(:api_client_json) do
     {description: 'foo',

data/spec/controllers/courses_api_controller_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Api::CoursesController, type: :controller, organization_workspace: :base do
-  before { set_api_client! }
+  before { set_api_client! api_client }
   let(:api_client) { create :api_client }
   let(:course_json) do
     {slug: 'test/bar',

data/spec/controllers/organizations_api_controller_spec.rb

@@ -6,18 +6,22 @@ describe Api::OrganizationsController, type: :controller, organization_workspace
   end
 
   describe 'unauthenticated request' do
-    it { expect { get :index }.to raise_error 'missing authorization header' }
+    before { get :index }
+    it { expect(response.body).to json_eq errors: ['missing authorization header'] }
+    it { check_status! 401 }
   end
 
-  describe 'unauthenticated request' do
-    before { @request.env["HTTP_AUTHORIZATION"] = 'foo' }
-    it { expect { get :index }.to raise_error 'No Api Client found for Token' }
+  describe 'invalid authenticated request' do
+    before { set_token! 'foo' }
+    before { get :index }
+    it { expect(response.body).to json_eq errors: ['No Api Client found for Token'] }
+    it { check_status! 401 }
   end
 
   describe 'authenticated request' do
     let(:book) { create :book }
 
-    before { set_api_client! }
+    before { set_api_client! api_client }
 
     describe 'GET' do
       let!(:public_organization) { create :organization, name: 'public' }
@@ -33,7 +37,7 @@ describe Api::OrganizationsController, type: :controller, organization_workspace
 
           it { check_status! 200 }
 
-          it { expect(body[:organizations].map { |it| it[:name] }).to contain_exactly(*%w(base public dot.org private another_private)) }
+          it { expect(body[:organizations].map { |it| it[:name] }).to contain_exactly 'base', 'public', 'dot.org', 'private', 'another_private' }
         end
         context 'with non-wildcard permissions' do
           before { get :index }
@@ -42,7 +46,7 @@ describe Api::OrganizationsController, type: :controller, organization_workspace
 
           it { check_status! 200 }
 
-          it { expect(body[:organizations].map { |it| it[:name] }).to eq %w(public private) }
+          it { expect(body[:organizations].map { |it| it[:name] }).to contain_exactly 'public', 'private' }
         end
       end
 

data/spec/controllers/students_api_controller_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 [:student, :teacher].each do |role|
 
   describe "Api::#{role.capitalize}sController".constantize, type: :controller, organization_workspace: :base do
-    before { set_api_client! }
+    before { set_api_client! api_client }
     let(:api_client) { create :api_client, grant: 'anorganization/*' }
     let(:json) { {
         first_name: 'Agustin',

data/spec/controllers/users_api_controller_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Api::UsersController, type: :controller, organization_workspace: :base do
-  before { set_api_client! }
+  before { set_api_client! api_client }
   let(:api_client) { create :api_client }
   let(:user_json) do
     {

data/spec/features/not_found_private_flow_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+feature 'not found on app', organization_workspace: :base do
+  before { set_subdomain_host! Organization.base.name }
+  before { Organization.base.switch! }
+
+  let(:owner) { create(:user, permissions: {owner: '*'}) }
+  let(:student_api_client) { create :api_client, role: :student, grant: 'central/*' }
+  let(:owner_api_client) { create :api_client, role: :owner, grant: '*' }
+
+  scenario 'app without authentication' do
+    visit '/nonexistentroute'
+
+    expect(page).to have_text 'You are not allowed to see this content'
+  end
+
+  scenario 'app with authentication' do
+    set_current_user! owner
+
+    visit '/nonexistentroute'
+
+    expect(page).to have_text 'You may have mistyped the address or the page may have moved'
+  end
+
+  scenario 'api without authorization' do
+    Capybara.current_session.driver.header 'Authorization', "Bearer #{student_api_client.token}"
+
+    visit '/api/nonexistentroute'
+
+    expect(page.text).to json_eq errors: [
+      'Access to organization base' +
+      ' was forbidden to user foo+1@bar.com' +
+      ' with permissions {"student":"central/*","teacher":"","headmaster":"","janitor":"","owner":""}']
+  end
+
+  scenario 'api with authentication' do
+    Capybara.current_session.driver.header 'Authorization', "Bearer #{owner_api_client.token}"
+
+    visit '/api/nonexistentroute'
+
+    expect(page.text).to json_eq errors: ['not found']
+  end
+end

data/spec/spec_helper.rb

@@ -57,8 +57,12 @@ Mumukit::Auth.configure do |c|
   c.clients.default = {id: 'test-client', secret: 'thisIsATestSecret'}
 end
 
-def set_api_client!
-  @request.env["HTTP_AUTHORIZATION"] = api_client.token
+def set_token!(token)
+  @request.env["HTTP_AUTHORIZATION"] = token
+end
+
+def set_api_client!(api_client)
+  set_token! api_client.token
 end
 
 def reindex_organization!(organization)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumuki-laboratory
 version: !ruby/object:Gem::Version
-  version: 5.10.0
+  version: 5.10.1
 platform: ruby
 authors:
 - Franco Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-24 00:00:00.000000000 Z
+date: 2018-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -333,7 +333,6 @@ files:
 - app/controllers/concerns/on_base_organization_only.rb
 - app/controllers/concerns/organizations_controller_template.rb
 - app/controllers/concerns/users_controller_template.rb
-- app/controllers/concerns/with_api_errors.rb
 - app/controllers/concerns/with_authorization.rb
 - app/controllers/concerns/with_errors_filter.rb
 - app/controllers/discussions_controller.rb
@@ -960,7 +959,8 @@ files:
 - spec/features/links_flow_spec.rb
 - spec/features/login_flow_spec.rb
 - spec/features/menu_bar_spec.rb
-- spec/features/not_found_flow_spec.rb
+- spec/features/not_found_private_flow_spec.rb
+- spec/features/not_found_public_flow_spec.rb
 - spec/features/profile_flow_spec.rb
 - spec/features/progressive_tips_spec.rb
 - spec/features/standard_flow_spec.rb
@@ -1148,7 +1148,8 @@ test_files:
 - spec/features/links_flow_spec.rb
 - spec/features/login_flow_spec.rb
 - spec/features/menu_bar_spec.rb
-- spec/features/not_found_flow_spec.rb
+- spec/features/not_found_private_flow_spec.rb
+- spec/features/not_found_public_flow_spec.rb
 - spec/features/profile_flow_spec.rb
 - spec/features/progressive_tips_spec.rb
 - spec/features/standard_flow_spec.rb

data/app/controllers/concerns/with_api_errors.rb

@@ -1,37 +0,0 @@
-module WithApiErrors
-  # TODO we should extend DynamiceErrors
-  extend ActiveSupport::Concern
-
-  included do
-    unless Rails.application.config.consider_all_requests_local
-      rescue_from ActionController::RoutingError, with: :not_found!
-    end
-
-    rescue_from ActiveRecord::RecordNotFound, with: :not_found!
-    rescue_from Mumukit::Auth::UnauthorizedAccessError, with: :forbidden!
-    rescue_from ActiveRecord::RecordInvalid, with: :bad_record!
-  end
-
-  private
-
-  def bad_record!(e)
-    render_errors! e.record.errors, 400
-  end
-
-  def not_found!(e)
-    render_error! e, 404
-  end
-
-  def forbidden!(e)
-    render_error! e, 403
-  end
-
-  def render_error!(e, status)
-    render_errors! [e.message], status
-  end
-
-  def render_errors!(errors, status)
-    summary = { errors: errors }
-    render json: summary, status: status
-  end
-end