obscured-doorman 0.4.0

data/lib/obscured-doorman/loggable.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    # Contains logging behavior.
+    module Loggable
+      # Get the logger.
+      #
+      # @note Will try to grab Rails' logger first before creating a new logger
+      #   with stdout.
+      #
+      # @example Get the logger.
+      #   Loggable.logger
+      #
+      # @return [ Logger ] The logger.
+      def logger
+        return @logger if defined?(@logger)
+
+        @logger = default_logger
+      end
+
+      # Set the logger.
+      #
+      # @example Set the logger.
+      #   Loggable.logger = Logger.new($stdout)
+      #
+      # @param [ Logger ] logger The logger to set.
+      #
+      # @return [ Logger ] The new logger.
+      def logger=(logger)
+        @logger = logger
+      end
+
+      private
+
+      # Gets the default Mongoid logger - stdout.
+      #
+      # @api private
+      #
+      # @example Get the default logger.
+      #   Loggable.default_logger
+      #
+      # @return [ Logger ] The default logger.
+      def default_logger
+        logger = Logger.new($stdout)
+        logger.level = Doorman.configuration.log_level
+        logger
+      end
+    end
+  end
+end

data/lib/obscured-doorman/mailer.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    class Mailer
+      def initialize(opts = {})
+        @to = opts[:to]
+        @from = "doorman@#{Doorman.configuration.smtp_domain}"
+        @subject = opts[:subject]
+
+        @text = opts[:text]
+        @html = opts[:html]
+      end
+
+      def deliver!
+        Doorman.logger.debug "Sending mail to #{@to}, from: #{@from}, with subject: #{@subject} and text #{@text}"
+        mail = Mail.new(to: @to, from: @from, subject: @subject) do
+          delivery_method :smtp,
+                          address: Doorman.configuration.smtp_server,
+                          port: Doorman.configuration.smtp_port,
+                          domain: Doorman.configuration.smtp_domain,
+                          enable_starttls_auto: true,
+                          authentication: :plain,
+                          user_name: Doorman.configuration.smtp_username,
+                          password: Doorman.configuration.smtp_password
+        end
+
+        unless @text.blank?
+          text_part = Mail::Part.new(body: @text)
+          mail.text_part = text_part
+        end
+
+        unless @html.blank?
+          html_part = Mail::Part.new(body: @html) do
+            content_type 'text/html; charset=utf-8'
+          end
+          mail.html_part = html_part
+        end
+
+        mail.deliver
+      rescue => e
+        Doorman.logger.error e
+      end
+    end
+  end
+end

data/lib/obscured-doorman/messages.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    MESSAGES = {
+      auth_required: 'You must be logged in to view this page.',
+      signup_disabled: 'Registration is disabled, contact team member for creation of account!',
+      signup_success: 'You have signed up successfully. A confirmation email has been sent to you.',
+      confirm_no_user: 'Invalid confirmation URL. Please make sure you have the correct link from the email, and are not already confirmed.',
+      confirm_success: 'You have successfully confirmed your account. Please log in.',
+      # Auto login upon confirmation?
+      login_bad_credentials: 'Invalid Login and Password. Please try again.',
+      login_not_confirmed: 'You must confirm your account before you can log in. Please click the confirmation link sent to you.',
+      # Note: resend confirmation link?
+      logout_success: 'You have been logged out.',
+      forgot_no_user: 'There is no user with that Username or Email. Please try again.',
+      forgot_success: 'An email with instructions to reset your password has been sent to you.',
+      reset_no_user: 'Invalid reset URL. Please make sure you have the correct link from the email, and have already reset the password.',
+      reset_system_user: 'Your trying to reset the password of a system user, unfortunate for you, this action is not allowed',
+      reset_unmatched_passwords: 'Password and confirmation do not match. Please try again.',
+      reset_success: 'Your password has been reset.',
+      # Registration
+      register_account_exists: 'Account already registered.',
+      # Token
+      token_used: 'The token has already been used, request a new token and try again.',
+      token_expired: 'The token has expired, request a new token and try again.',
+      token_not_found: 'The token was not found, request a new token and try again.'
+    }.freeze
+  end
+end

data/lib/obscured-doorman/models/token.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    class Token
+      include Mongoid::Document
+      include Mongoid::Timestamps
+
+      store_in database: Doorman.configuration.db_name,
+               client: Doorman.configuration.db_client,
+               collection: 'tokens'
+
+      field :type, type: Symbol
+      field :token, type: String
+      field :expires_at, type: DateTime, default: -> { DateTime.now + 2.hours }
+      field :used_at, type: DateTime
+      field :user_id, type: BSON::ObjectId
+
+      belongs_to :user, autosave: true, class_name: 'Obscured::Doorman::User', inverse_of: 'tokens'
+
+      index({ expires_at: 1 }, background: true, expire_after_seconds: 172_800)
+      index({ used_at: 1 }, background: true, expire_after_seconds: 345_600)
+
+      class << self
+        def make(opts)
+          raise Doorman::Error.new(:already_exists, what: 'Token does already exists!') if Token.where(user: opts[:user], type: opts[:type]).exists?
+
+          token = new
+          token.user = opts[:user]
+          token.type = opts[:type]
+          token.token = opts[:token]
+          token.expires_at = opts[:expires] if opts[:expires]
+          token
+        end
+
+        def make!(opts)
+          token = make(opts)
+          token.save
+          token
+        end
+      end
+
+      def use!
+        self.used_at = DateTime.now
+        save
+      end
+
+      def usable?
+        used_at.nil? && expires_at > DateTime.now
+      end
+
+      def used?
+        !used_at.nil?
+      end
+    end
+  end
+end

data/lib/obscured-doorman/models/user.rb

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+
+require 'obscured-timeline'
+
+module Obscured
+  module Doorman
+    class User
+      include Mongoid::Document
+      include Mongoid::Timestamps
+      include Mongoid::Timeline::Tracker
+
+      store_in database: Doorman.configuration.db_name,
+               client: Doorman.configuration.db_client,
+               collection: 'users'
+
+      field :username, type: String
+      field :password, type: String
+      field :salt, type: String
+      field :first_name, type: String
+      field :last_name, type: String
+      field :mobile, type: String
+      field :role, type: Symbol, default: Doorman::Roles::ADMIN
+      field :confirmed, type: Boolean, default: false
+
+      has_many :tokens, autosave: true, class_name: 'Obscured::Doorman::Token', foreign_key: 'user_id'
+
+      index({ username: 1 }, background: true)
+
+      after_initialize :set_salt
+
+      alias email username
+
+      attr_accessor :confirmed
+
+      class << self
+        def make(opts)
+          raise Doorman::Error.new(:already_exists, what: 'User does already exists!') if User.where(username: opts[:username]).exists?
+
+          user = new
+          user.username = opts[:username]
+          user.set_password(opts[:password])
+          user.first_name = opts[:first_name] unless opts[:first_name].nil?
+          user.last_name = opts[:last_name] unless opts[:last_name].nil?
+          user.mobile = opts[:mobile] unless opts[:mobile].nil?
+          user.role = opts[:role] unless opts[:role].nil?
+          user.confirmed = opts[:confirmed] unless opts[:confirmed].nil?
+          user.add_event(type: :account, message: 'Account created', producer: opts[:producer].nil? ? user.username : opts[:producer])
+          user
+        end
+
+        def make!(opts)
+          user = make(opts)
+          user.save
+          user
+        end
+
+        def authenticate(username, password)
+          user = where(username: username).first
+          return user if user&.authenticated?(password)
+
+          nil
+        end
+
+        def registered?(username)
+          where(username: username).exists?
+        end
+      end
+
+      def name
+        "#{first_name} #{last_name}"
+      end
+
+      def name=(arguments)
+        self.first_name = arguments[:first_name]
+        self.last_name = arguments[:last_name]
+      end
+
+      def set_password(password)
+        self.password = BCrypt::Password.create(password)
+      end
+
+      def authenticated?(password)
+        (BCrypt::Password.new(self.password) == password)
+      end
+      alias password? authenticated?
+
+      def remember_me!
+        add_event(type: :remember, message: 'Account set to be remembered upon login', producer: username)
+        token = tokens.build(
+          type: :remember,
+          token: SecureRandom.uuid,
+          expires_at: (DateTime.now + Doorman.configuration.remember_for.days)
+        )
+        save
+        token
+      end
+
+      def forget_me!
+        add_event(type: :remember, message: 'Account set not to be remembered upon login', producer: username)
+        tokens.where(type: :remember).destroy
+      end
+
+      def confirm
+        add_event(type: :confirm, message: 'Confirmation token created', producer: username)
+        tokens.where(type: :confirm).destroy
+        token = tokens.build(
+          type: :confirm,
+          token: SecureRandom.uuid,
+          expires_at: (DateTime.now + 14.days)
+        )
+        save
+        token
+      end
+
+      def confirm!
+        add_event(type: :confirmation, message: 'Account was successfully confirmed', producer: username)
+        self.confirmed = true
+        tokens.where(type: :confirm).destroy
+        save
+      end
+
+      def forgot_password!
+        add_event(type: :password, message: 'Reset password procedure has been started', producer: username)
+        tokens.where(type: :password).destroy
+        token = tokens.build(
+          user: self,
+          type: :password,
+          token: SecureRandom.uuid,
+          expires_at: (DateTime.now + 2.hours)
+        )
+        save
+        token
+      end
+
+      def remembered_password!
+        add_event(type: :password, message: 'Reset password procedure has been cancelled since successful login was achieved', producer: username)
+        tokens.where(type: :password).destroy
+      end
+
+      def reset_password!(password, token)
+        token = tokens.find_by(token: token)
+        if token && token.type.eql?(:password)
+          set_password(password)
+          add_event(type: :password, message: 'Password was successfully reset', producer: username)
+          return save
+        end
+        false
+      end
+
+      protected
+
+      def set_salt
+        return unless salt.nil? || salt.empty?
+
+        secret = Digest::SHA1.hexdigest("--#{username}--")
+        self.salt = Digest::SHA1.hexdigest("--#{Time.now.utc}--#{secret}--")
+      end
+    end
+  end
+end

data/lib/obscured-doorman/providers/base/configuration.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Obscured
+  module Doorman
+    module Providers
+      class BaseConfiguration
+        def self.config_option(name)
+          define_method(name) do
+            read_value(name)
+          end
+
+          define_method("#{name}=") do |value|
+            set_value(name, value)
+          end
+        end
+
+        # Name of the authentication provider
+        config_option :provider
+        # Enables/disables the provider
+        config_option :enabled
+
+        # Provider client id
+        config_option :client_id
+        # Provider client secret
+        config_option :client_secret
+        # Provider scopes
+        config_option :scopes
+
+        # Provider authentication endpoint
+        config_option :authorize_url
+        # Provider token endpoint
+        config_option :token_url
+        # Provider login endpoint
+        config_option :login_url
+        # Provider redirect endpoint
+        config_option :redirect_url
+
+        # Authentication domains to login
+        config_option :domains
+        # Authentication token
+        config_option :token
+
+        attr_reader :defaults
+
+        def [](key)
+          read_value(key)
+        end
+
+        def []=(key, value)
+          set_value(key, value)
+        end
+
+        private
+
+        def read_value(name)
+          if @config_values.key?(name)
+            @config_values[name]
+          else
+            @defaults.send(name)
+          end
+        end
+
+        def set_value(name, value)
+          @config_values[name] = value
+        end
+      end
+    end
+  end
+end

data/lib/obscured-doorman/providers/bitbucket.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require File.expand_path('bitbucket/configuration', __dir__)
+require File.expand_path('bitbucket/messages', __dir__)
+require File.expand_path('bitbucket/access_token', __dir__)
+require File.expand_path('bitbucket/strategy', __dir__)
+
+module Obscured
+  module Doorman
+    module Providers
+      module Bitbucket
+        class << self
+          # Configuration Object (instance of Obscured::Doorman::Providers::Bitbucket::Configuration)
+          attr_writer :configuration
+
+          def setup
+            yield(configuration)
+          end
+
+          def configuration
+            @configuration ||= Bitbucket::Configuration.new
+          end
+
+          def default_configuration
+            configuration.defaults
+          end
+        end
+
+        def self.registered(app)
+          app.helpers Doorman::Base::Helpers
+          app.helpers Doorman::Helpers
+
+          Warden::Strategies.add(:bitbucket, Bitbucket::Strategy)
+
+          app.get '/doorman/oauth2/bitbucket' do
+            redirect("#{Bitbucket.configuration[:authorize_url]}?client_id=#{Bitbucket.configuration[:client_id]}&response_type=code&scopes=#{Bitbucket.configuration[:scopes]}")
+          end
+
+          app.get '/doorman/oauth2/bitbucket/callback/?' do
+            response = RestClient::Request.new(
+              method: :post,
+              url: Bitbucket.configuration[:token_url],
+              user: Bitbucket.configuration[:client_id],
+              password: Bitbucket.configuration[:client_secret],
+              payload: "code=#{params[:code]}&grant_type=authorization_code&scope=#{Bitbucket.configuration[:scopes]}",
+              headers: { Accept: 'application/json' }
+            ).execute
+
+            json = JSON.parse(response.body)
+            token = Bitbucket::AccessToken.new(
+              access_token: json['access_token'],
+              refresh_token: json['refresh_token'],
+              scopes: json['scopes'],
+              expires_in: json['expires_in']
+            )
+
+            emails = RestClient.get 'https://api.bitbucket.org/2.0/user/emails', Authorization: "Bearer #{token.access_token}"
+            emails = JSON.parse(emails.body)
+            token.emails = emails.values[1].map { |e| e['email'] }
+            Bitbucket.configuration[:token] = token
+
+            # Authenticate with :bitbucket strategy
+            warden.authenticate!(:bitbucket)
+          rescue RestClient::ExceptionWithResponse => e
+            message = JSON.parse(e.response)
+            Doorman.logger.error e
+            notify :error, "#{message['error_description']} (#{message['error']})"
+            redirect(Doorman.configuration.paths[:login])
+          ensure
+            # Notify if there are any messages from Warden.
+            notify :error, warden.message unless warden.message.blank?
+
+            redirect(Doorman.configuration.use_referrer && session[:return_to] ? session.delete(:return_to) : Doorman.configuration.paths[:success])
+          end
+        end
+      end
+    end
+  end
+end