mumukit-login 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a3ee9172809ea39874cd16d18c98a2b180d645fb
-  data.tar.gz: d9abbc2b9dbc329c2e2e402330880c759fa12f07
+  metadata.gz: e9469b5574895337bee449aca6ffb6a5be57ee70
+  data.tar.gz: f2bc55e4e42e7c7d0b8925400b8ceb16387acd1b
 SHA512:
-  metadata.gz: d1860be5880a0f25c6e408f8b8e60efaaae81eafd1d38e2a671368f4754a3bb574b79f31b196228aef83d8ba456370a6230aa717cafc7c1ef7bb9ab939cbb35c
-  data.tar.gz: fcc2e6f167b9235d77b7120ccfcebf713285897e65007d7819a959402d855ca2ca5d14fe7f8373e22ab41dbd76d7e586c901f558639f964a9cdcb5186a93dfc7
+  metadata.gz: cc7eaf5d94e79e2bb5a1f76659507e9e43bcb44c9b35536e1c1ae340a6503d025b267b3023168b1273a05c92b3d83ff434052d1b6d364203e97236c207808c59
+  data.tar.gz: 8e7c0fdb09272ddff505c397fc37b65ebffa1e1d45d390970a88a88ca21f9f66c0f8ac3e5c752cf67c32cb87e4184e09631e4d364afa22fe49301f01b8169ddf

data/lib/mumukit/login.rb

@@ -34,6 +34,7 @@ module Mumukit::Login
 end
 
 require_relative './login/controller'
+require_relative './login/current_user_store'
 require_relative './login/form'
 require_relative './login/framework'
 require_relative './login/origin_redirector'

data/lib/mumukit/login/controller.rb

@@ -4,6 +4,14 @@ class Mumukit::Login::Controller
     @native = native
   end
 
+  def current_user_store
+    if env['HTTP_AUTHORIZATION']
+      Mumukit::Login::JWTCurrentUserStore.new self
+    else
+      Mumukit::Login::SessionCurrentUserStore.new self
+    end
+  end
+
   def env
     @framework.env @native
   end
@@ -16,14 +24,14 @@ class Mumukit::Login::Controller
     @framework.render_html!(html, @native)
   end
 
-  def request
-    Rack::Request.new(env)
-  end
-
   def url_for(path)
     URI.join(request.base_url, path).to_s
   end
 
+  def request
+    Rack::Request.new(env)
+  end
+
   def session
     request.session
   end

data/lib/mumukit/login/current_user_store.rb

@@ -0,0 +1,44 @@
+class Mumukit::Login::SessionCurrentUserStore
+  def initialize(controller)
+    @controller = controller
+  end
+
+  def get_uid
+    @controller.session[:user_uid]
+  end
+
+  def clear!
+    @controller.session[:user_uid] = nil
+  end
+
+  def set!(uid, values)
+    @controller.session[:user_uid] = uid
+    values.each { |k, v| @controller.session[k] = v }
+  end
+end
+
+class Mumukit::Login::JWTCurrentUserStore
+  def initialize(controller)
+    @controller = controller
+  end
+
+  def get_uid
+    token.uid
+  end
+
+  def clear!
+    raise 'JWT tokens are read-only'
+  end
+
+  def set!(*)
+    raise 'JWT tokens are read-only'
+  end
+
+  def token
+    @token ||= Mumukit::Auth::Token.decode_header(authorization_header).tap(&:verify_client!)
+  end
+
+  def authorization_header
+    @controller.env['HTTP_AUTHORIZATION']
+  end
+end

data/lib/mumukit/login/framework.rb

@@ -1,4 +1,5 @@
 module Mumukit::Login::Framework
 end
 
-require_relative './framework/rails'
+require_relative './framework/rails'
+require_relative './framework/sinatra'

data/lib/mumukit/login/framework/rails.rb

@@ -23,16 +23,22 @@ module Mumukit::Login::Framework::Rails
   #
   def self.configure_login_routes!(rails_router)
     rails_router.controller :login do
-      rails_router.match 'auth/:provider/callback' => :callback, via: [:get, :post], as: 'auth_callback'
-      rails_router.get 'auth/failure' => :failure
-      rails_router.get 'logout' => :destroy
-      rails_router.get 'login' => :login
+      rails_router.match 'auth/:provider/callback' => :callback_current_user, via: [:get, :post]
+      rails_router.get 'auth/failure' => :login_failure
+      rails_router.get 'logout' => :logout_current_user
+      rails_router.get 'login' => :login_current_user
     end
   end
 
   def self.configure_login_controller!(controller_class)
     controller_class.class_eval do
       include Mumukit::Login::LoginControllerHelpers
+
+      %w(callback_current_user login_failure logout_current_user login_current_user).each do |method|
+        define_method method do
+          self.send "#{method}!"
+        end
+      end
     end
   end
 
@@ -44,6 +50,7 @@ module Mumukit::Login::Framework::Rails
     Mumukit::Login.config.provider.configure_rails_forgery_protection!(controller_class)
     controller_class.class_eval do
       include Mumukit::Login::AuthenticationHelpers
+      include Mumukit::Login::AuthorizationHelpers
 
       helper_method :current_user,
                     :current_user?,

data/lib/mumukit/login/framework/sinatra.rb

@@ -0,0 +1,39 @@
+module Mumukit::Login::Framework::Sinatra
+
+  def self.env(sinatra_handler)
+    sinatra_handler.request.env
+  end
+
+  def self.redirect!(path, sinatra_handler)
+    sinatra_handler.redirect path
+  end
+
+  def self.render_html!(content, sinatra_handler)
+    content
+  end
+
+  def self.configure_login_routes!(sinatra_module)
+    sinatra_module.instance_eval do
+      auth_callback = proc { callback_current_user! }
+      get '/auth/:provider/callback', &auth_callback
+      post '/auth/:provider/callback', &auth_callback
+      get('/auth/failure') { login_failure! }
+      get('/logout') { logout_current_user! }
+      get('/login') { login_current_user! }
+    end
+  end
+
+
+  def self.configure_login_controller!(sinatra_helpers)
+    sinatra_helpers.instance_eval do
+      include Mumukit::Login::LoginControllerHelpers
+    end
+  end
+
+  def self.configure_controller!(sinatra_helpers)
+    sinatra_helpers.instance_eval do
+      include Mumukit::Login::AuthenticationHelpers
+      include Mumukit::Login::AuthorizationHelpers
+    end
+  end
+end

data/lib/mumukit/login/helpers.rb

@@ -1,2 +1,4 @@
 require_relative './helpers/authentication_helpers'
-require_relative './helpers/login_controller_helpers'
+require_relative './helpers/authorization_helpers'
+require_relative './helpers/login_controller_helpers'
+require_relative './helpers/user_permissions_helpers'

data/lib/mumukit/login/helpers/authentication_helpers.rb

@@ -16,7 +16,7 @@ module Mumukit::Login::AuthenticationHelpers
 
   # default
   def current_user_uid
-    mumukit_controller.session[:user_uid]
+    mumukit_controller.current_user_store.get_uid
   end
 
   # default

data/lib/mumukit/login/helpers/authorization_helpers.rb

@@ -0,0 +1,15 @@
+module Mumukit::Login::AuthorizationHelpers
+  def authorize!(role)
+    if current_user?
+      current_user.protect! role, authorization_slug
+    else
+      authenticate!
+    end
+  end
+
+  def has_permission?(role)
+    current_user.has_permission? role, authorization_slug
+  end
+
+  required :authorization_slug
+end

data/lib/mumukit/login/helpers/login_controller_helpers.rb

@@ -1,31 +1,37 @@
 module Mumukit::Login::LoginControllerHelpers
 
-  def login
+  def login_current_user!
     origin_redirector.save_location!
-    login_provider.request_authentication! mumukit_controller, login_settings
+    if current_user?
+      origin_redirector.redirect!
+    else
+      login_provider.request_authentication! mumukit_controller, login_settings
+    end
   end
 
-  def callback
-    profile = Mumukit::Login::Profile.from_omniauth(env['omniauth.auth'])
+  def callback_current_user!
+    profile = Mumukit::Login::Profile.from_omniauth(mumukit_controller.env['omniauth.auth'])
     user = Mumukit::Login.config.user_class.for_profile profile
-    save_session_user_uid! user
+    save_current_user_session! user
     origin_redirector.redirect!
   end
 
-  def destroy
-    destroy_session_user_uid!
+  def logout_current_user!
+    destroy_current_user_session!
     mumukit_controller.redirect! login_provider.logout_redirection_path
   end
 
   private
 
   # default
-  def destroy_session_user_uid!
-    mumukit_controller.session[:user_uid] = nil
+  def destroy_current_user_session!
+    mumukit_controller.current_user_store.clear!
   end
 
   # default
-  def save_session_user_uid!(user)
-    mumukit_controller.session[:user_uid] = user.uid
+  def save_current_user_session!(user)
+    mumukit_controller.current_user_store.set! user.uid,
+                                               user_name: user.name,
+                                               user_image_url: user.image_url
   end
-end
+end

data/lib/mumukit/login/helpers/user_permissions_helpers.rb

@@ -0,0 +1,13 @@
+module Mumukit::Login::UserPermissionsHelpers
+  delegate :has_role?,
+           :add_permission!,
+           :remove_permission!,
+           :has_permission?,
+           :has_permission_delegation?,
+           :protect!,
+           :protect_delegation!, to: :permissions
+
+  def merge_permissions!(new_permissions)
+    self.permissions = permissions.merge(new_permissions)
+  end
+end

data/lib/mumukit/login/origin_redirector.rb

@@ -16,6 +16,6 @@ class Mumukit::Login::OriginRedirector
   private
 
   def origin
-    @controller.request.params['origin']
+    @controller.request.params['origin'] || '/'
   end
 end

data/lib/mumukit/login/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Login
-    VERSION = "0.1.0"
+    VERSION = "1.0.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-login
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
@@ -173,12 +173,16 @@ extra_rdoc_files: []
 files:
 - lib/mumukit/login.rb
 - lib/mumukit/login/controller.rb
+- lib/mumukit/login/current_user_store.rb
 - lib/mumukit/login/form.rb
 - lib/mumukit/login/framework.rb
 - lib/mumukit/login/framework/rails.rb
+- lib/mumukit/login/framework/sinatra.rb
 - lib/mumukit/login/helpers.rb
 - lib/mumukit/login/helpers/authentication_helpers.rb
+- lib/mumukit/login/helpers/authorization_helpers.rb
 - lib/mumukit/login/helpers/login_controller_helpers.rb
+- lib/mumukit/login/helpers/user_permissions_helpers.rb
 - lib/mumukit/login/origin_redirector.rb
 - lib/mumukit/login/profile.rb
 - lib/mumukit/login/provider.rb