oauth_im 0.8.2 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c32ade2f9c543728b3946076d1f8cad2566f06f4959c20b7c67613b6c296240
-  data.tar.gz: ad6148ef5c4bed447ee4468ef03825a5802b9df3f3a0dd096bda20f4024b803a
+  metadata.gz: caff412768b7a6411078d84704899ce468379841ca548fc9271ec5e44a0bbc26
+  data.tar.gz: ca77658308ba2d2a432a9ed6f8fa23a0b59bce783804bc9298e10cf53fa6a89b
 SHA512:
-  metadata.gz: 4824f3121b1ee2e24c0f706041c0295335a9efd35317442c5e1c857836224b88713ee61d1d1ae0694d01acd8559ef363ad44047393bb2b00128af96a97b60603
-  data.tar.gz: 656cbad5b4111347e5b0f277fcb99d9ac794fc8defccc1d49cb0637d1971d21f900315ab731f6d3eec16b9606f4b2de2902028d8a6bb8ddc13630a74aa261b78
+  metadata.gz: 6efbc2ea50fc30a26166b86c9abc9bb927c82faa70f6a693101b8761d4e10c8e071ca2cc14e726e0e1c3cecd08ae71cb2e2734de67278e383b84ece88401878a
+  data.tar.gz: afc164c6542ca85cd3206451cead14ebe4fca9293d0d819cd544ed7347ba7ed8eacf4dd9a85045b69a046a44871380871b934aeaeb34e42c14baf24879863c38

data/README.md

@@ -17,49 +17,9 @@ $ bundle
 ```
 
 ## Configuration
-Once the gem is installed, add an initializer. Here is an example:
-
-```ruby
-# config/initializers/oauth_im.rb
-module OauthIm
-  configure do |config|
-    #####################################
-    # these routes are local to the app #
-    #####################################
-    config.authorize_url  = ENV.fetch 'FUSION_AUTH_AUTHORIZE_URL', DEFAULT_AUTHORIZE_URL
-    config.callback_route = ENV.fetch 'FUSION_CALLBACK_ROUTE',     DEFAULT_CALLBACK_ROUTE
-    config.token_url      = ENV.fetch 'FUSION_AUTH_TOKEN_URL',     DEFAULT_TOKEN_URL
-
-    ##############################################
-    # identity provider url (e.g., fusion auth): #
-    ##############################################
-    config.idp_url        = ENV.fetch 'FUSION_AUTH_IDP_URL',       DEFAULT_IDP_URL
-
-    ################################################
-    # Issuer domain: find on FA tenant General tab #
-    ################################################
-    config.iss_domain     = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN',    DEFAULT_ISS_DOMAIN
-
-    ####################################
-    # find on FA application OAuth tab #
-    ####################################
-    config.client_id      = ENV['FUSION_AUTH_CLIENT_ID']
-    config.client_secret  = ENV['FUSION_AUTH_CLIENT_SECRET']
-
-    ####################################################################################
-    # 1. Find signing key name on the app details pane. (See RSA v. HMAC screenshots.) #
-    # 2. Look up the key (by name) under Key Master tab under Settings:                #
-    #    https://illustrativemath-dev.fusionauth.io/admin/key/                         #
-    # 3. The key should be either HMAC or RSA.                                         #
-    #   - If HMAC, view the Secret under Details. You will need to click to reveal.    #
-    #   - If RSA, copy the PEM encoded public key as-is.                               #
-    # Note: You don't need both keys --- TokenDecoder will use the one available.      #
-    ####################################################################################
-    config.hmac           = ENV['FUSION_AUTH_HMAC']
-    config.rsa_public     = ENV['FUSION_AUTH_RSA_PUBLIC]
-  end
-end
-```
+Once the gem is installed, add an initializer.  The [iiab
+app](https://github.com/illustrativemathematics/iiab/blob/master/config/initializers/oauth_im.rb)
+provides an example.
 
 ### Environment
 
@@ -179,6 +139,14 @@ After many false starts, this repo includes two (seemingly functional) github wo
 
 ## Version History
 
+### 0.8.3
+* Consolidate all OAuth (FusionAuth) functionality
+  * the register app can now include this gem for OAuth to create users
+  * IIAB can include this gem to authenticate users
+  * IIAB can include this gem to determine user privileges
+* Relax Rails version constraint in Gemfile
+  * necessary in order for register app to use gem
+
 ### 0.8.2
 * README
 

data/app/controllers/concerns/oauth_im/authenticable.rb

@@ -11,25 +11,23 @@ module OauthIm
 
     private
 
+    delegate :email, :email_verified?,
+             :user_privileges,
+             to: :user_client,
+             allow_nil: true
+
     def authenticated?
       AppContext.authenticated_for_specs? ||
         (AppContext.provide_authentication? && logged_in?)
     end
 
-    def email
-      @email ||= jwt_token['email']
-    end
-
     def user_jwt
-      @user_jwt ||= session[:user_jwt] || {}
-    end
-
-    def jwt_token
-      @jwt_token ||= user_jwt['value']&.first || {}
+      @user_jwt ||= session[:user_jwt]
     end
 
-    def email_verified?
-      jwt_token.present? && jwt_token['email_verified'].present?
+    def user_client
+      @user_client ||= OauthIm::Client.for(user_jwt: user_jwt) if
+        user_jwt.present?
     end
 
     def current_user

data/app/controllers/oauth_im/client_controller.rb

@@ -15,7 +15,7 @@ module OauthIm
 
     def logout
       reset_session
-      redirect_to logout_url
+      redirect_to oauth_client.logout_url
     end
 
     def local_login
@@ -34,11 +34,10 @@ module OauthIm
 
     private
 
-    delegate :logout_url, :user_jwt,
-             to: :oauth_client
+    delegate :user_jwt, to: :oauth_client
 
     def oauth_client
-      @oauth_client ||= OauthIm::Client.new request: request
+      @oauth_client ||= OauthIm::Client.for request: request
     end
 
     def local_login_userinfo

data/app/services/oauth_im/client.rb

@@ -2,75 +2,16 @@
 
 module OauthIm
   class Client
-    attr_reader :request
-
-    def initialize(request:)
-      @request = request
-    end
-
-    def login_url
-      @login_url ||= auth_code.authorize_url
-    end
-
-    def logout_url
-      @logout_url ||= "#{idp_url}/oauth2/logout" \
-                      "?post_logout_redirect_uri=#{return_to_url}" \
-                      "&client_id=#{client_id}"
-    end
-
-    def user_jwt
-      @user_jwt ||= { value: decoded_token, httponly: httponly? }
-    end
-
-    private
-
-    delegate :host_with_port, :params, to: :request
-    delegate :configuration, to: OauthIm
-    delegate :authorize_url, :token_url, :idp_url, :client_id, :client_secret,
-             to: :configuration
-    delegate :auth_code, to: :oauth_client
-
-    def httponly?
-      true
-    end
-
-    def return_to_url
-      @return_to_url ||= params.fetch :return_to
-    end
-
-    def redirect_url
-      @redirect_url ||=
-        Engine.routes.url_helpers.callback_url callback_url_params
-    end
-
-    def callback_url_params
-      @callback_url_params ||= { host: host_with_port,
-                                 protocol: protocol }.freeze
-    end
-
-    def protocol
-      @protocol ||= Rails.env.production? ? :https : :http
-    end
-
-    def decoded_token
-      @decoded_token ||= TokenDecoder.new(access_token, oauth_client.id).decode
-    end
-
-    def access_token
-      @access_token ||= response_hash[:access_token]
-    end
-
-    def oauth_client
-      @oauth_client ||= ::OAuth2::Client.new client_id,
-                                             client_secret,
-                                             authorize_url: authorize_url,
-                                             site: idp_url,
-                                             token_url: token_url,
-                                             redirect_uri: redirect_url
-    end
-
-    def response_hash
-      @response_hash ||= auth_code.get_token(params[:code]).to_hash
+    def self.for(request: nil, user_jwt: nil, secure_id: nil)
+      if request.present?
+        RequestClient.new request: request
+      elsif user_jwt.present?
+        UserClient.new user_jwt: user_jwt
+      elsif secure_id.present?
+        RegistrationClient.new secure_id: secure_id
+      else
+        raise ArgumentError
+      end
     end
   end
 end

data/app/services/oauth_im/idp_client.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'fusionauth/fusionauth_client'
+
+module OauthIm
+  class IdpClient
+    private
+
+    delegate :configuration, to: OauthIm
+    delegate :api_key, :idp_url, to: :configuration
+
+    def client
+      @client ||= ::FusionAuth::FusionAuthClient.new api_key, idp_url
+    end
+  end
+end

data/app/services/oauth_im/registration_client.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module OauthIm
+  class RegistrationClient < IdpClient
+    attr_reader :secure_id
+
+    def initialize(secure_id:)
+      @secure_id = secure_id
+      super()
+    end
+
+    def register(submission_params:)
+      client.register secure_id, submission_params
+    end
+  end
+end

data/app/services/oauth_im/request_client.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module OauthIm
+  class RequestClient
+    attr_reader :request
+
+    def initialize(request:)
+      @request = request
+    end
+
+    def login_url
+      @login_url ||= auth_code.authorize_url
+    end
+
+    def logout_url
+      @logout_url ||= "#{idp_url}/oauth2/logout" \
+                      "?post_logout_redirect_uri=#{return_to_url}" \
+                      "&client_id=#{client_id}"
+    end
+
+    def user_jwt
+      @user_jwt ||= { value: decoded_token, httponly: httponly? }
+    end
+
+    private
+
+    delegate :host_with_port, :params, to: :request
+    delegate :configuration, to: OauthIm
+    delegate :authorize_url, :token_url, :idp_url, :client_id, :client_secret,
+             to: :configuration
+    delegate :auth_code, to: :oauth_client
+
+    def httponly?
+      true
+    end
+
+    def return_to_url
+      @return_to_url ||= params.fetch :return_to
+    end
+
+    def redirect_url
+      @redirect_url ||=
+        Engine.routes.url_helpers.callback_url callback_url_params
+    end
+
+    def callback_url_params
+      @callback_url_params ||= { host: host_with_port,
+                                 protocol: protocol }.freeze
+    end
+
+    def protocol
+      @protocol ||= Rails.env.production? ? :https : :http
+    end
+
+    def decoded_token
+      @decoded_token ||= TokenDecoder.new(access_token, oauth_client.id).decode
+    end
+
+    def access_token
+      @access_token ||= response_hash[:access_token]
+    end
+
+    def oauth_client
+      @oauth_client ||= ::OAuth2::Client.new client_id,
+                                             client_secret,
+                                             authorize_url: authorize_url,
+                                             site: idp_url,
+                                             token_url: token_url,
+                                             redirect_uri: redirect_url
+    end
+
+    def response_hash
+      @response_hash ||= auth_code.get_token(params[:code]).to_hash
+    end
+  end
+end

data/app/services/oauth_im/user_client.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'fusionauth/fusionauth_client'
+
+module OauthIm
+  class UserClient < IdpClient
+    attr_reader :user_jwt
+
+    def initialize(user_jwt:)
+      @user_jwt = user_jwt&.with_indifferent_access
+      super()
+    end
+
+    def email
+      @email ||= jwt_token[:email]
+    end
+
+    def email_verified?
+      email.present?
+    end
+
+    def user_privileges
+      @user_privileges ||= data[:privileges] || []
+    end
+
+    private
+
+    def user_data
+      @user_data ||= user[:registrations]&.first || {}
+    end
+
+    def data
+      @data ||= user_data[:data] || {}
+    end
+
+    def success_response
+      @success_response ||= client_response&.success_response || {}
+    end
+
+    def user
+      @user ||= success_response[:user] || {}
+    end
+
+    # https://www.rubydoc.info/gems/fusionauth_client/1.32.1/FusionAuth/FusionAuthClient#retrieve_user-instance_method
+    def client_response
+      @client_response ||= client.retrieve_user user_id
+    end
+
+    def jwt_token
+      @jwt_token ||= user_jwt[:value]&.first&.with_indifferent_access || {}
+    end
+
+    def user_id
+      @user_id ||= jwt_token[:sub]
+    end
+  end
+end

data/config/initializers/app_context.rb

@@ -17,15 +17,13 @@ module AppContext
     @authenticated_for_specs if Rails.env.test? && provide_authentication?
   end
 
-  def self.authenticate_for_specs(spec_user: nil, privileged: false)
+  def self.authenticate_for_specs(spec_user: nil)
     return unless provide_authentication?
     raise 'Use only in test environment!!' unless Rails.env.test?
 
     @authenticated_for_specs = true
     @spec_user               = spec_user
-    @privileged              = privileged
     yield
-    @privileged              = false
     @spec_user               = nil
     @authenticated_for_specs = false
   end

data/lib/oauth_im/configuration.rb

@@ -7,6 +7,7 @@
 module OauthIm
   CONFIGURABLE_FIELDS =
     %i[
+      api_key
       authorize_url
       callback_route
       token_url

data/lib/oauth_im/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OauthIm
-  VERSION = '0.8.2'
+  VERSION = '0.9.0'
 end

data/lib/oauth_im.rb

@@ -9,11 +9,16 @@ require 'oauth_im/engine'
 require 'oauth_im/configuration'
 
 module OauthIm
-  DEFAULT_AUTHORIZE_URL  = '/oauth2/authorize'
-  DEFAULT_CALLBACK_ROUTE = 'callback'
-  DEFAULT_TOKEN_URL      = '/oauth2/token'
-  DEFAULT_IDP_URL        = 'https://illustrativemath-dev.fusionauth.io'
-  DEFAULT_ISS_DOMAIN     = 'illustrativemathematics.org'
+  DEFAULT_AUTH_AUTHORIZE_URL  = '/oauth2/authorize'
+  DEFAULT_AUTH_CALLBACK_ROUTE = 'callback'
+  DEFAULT_AUTH_TOKEN_URL      = '/oauth2/token'
+  DEFAULT_AUTH_IDP_URL        = 'https://illustrativemath-dev.fusionauth.io'
+  DEFAULT_AUTH_ISS_DOMAIN     = 'illustrativemathematics.org'
+  DEFAULT_AUTH_API_KEY        = nil
+  DEFAULT_AUTH_CLIENT_ID      = nil
+  DEFAULT_AUTH_CLIENT_SECRET  = nil
+  DEFAULT_AUTH_HMAC           = nil
+  DEFAULT_AUTH_RSA_PUBLIC     = nil
 
   class << self
     attr_reader :configuration
@@ -29,6 +34,6 @@ module OauthIm
   end
 
   def self.callback_route
-    configuration&.callback_route || DEFAULT_CALLBACK_ROUTE
+    configuration&.callback_route || DEFAULT_AUTH_CALLBACK_ROUTE
   end
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: oauth_im
 version: !ruby/object:Gem::Version
-  version: 0.8.2
+  version: 0.9.0
 platform: ruby
 authors:
 - Eric Connally
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-06-08 00:00:00.000000000 Z
+date: 2022-06-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: fusionauth_client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.32.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.32.1
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -42,14 +56,14 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 5.pre.2.pre.stable
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 5.pre.2.pre.stable
 - !ruby/object:Gem::Dependency
@@ -126,7 +140,11 @@ files:
 - app/controllers/oauth_im/client_controller.rb
 - app/helpers/oauth_im/application_helper.rb
 - app/services/oauth_im/client.rb
+- app/services/oauth_im/idp_client.rb
+- app/services/oauth_im/registration_client.rb
+- app/services/oauth_im/request_client.rb
 - app/services/oauth_im/token_decoder.rb
+- app/services/oauth_im/user_client.rb
 - app/views/layouts/oauth_im/application.html.erb
 - config/initializers/app_context.rb
 - config/routes.rb