openstax_accounts 4.1.1 → 5.0.0

data/app/routines/openstax/accounts/sync_groups.rb

@@ -17,42 +17,38 @@ module OpenStax
       
       def exec(options={})
 
-        begin
-          OpenStax::Accounts.syncing = true
+        return if OpenStax::Accounts.configuration.enable_stubbing?
 
-          return if OpenStax::Accounts.configuration.enable_stubbing?
+        response = OpenStax::Accounts::Api.get_application_group_updates
 
-          response = OpenStax::Accounts.get_application_group_updates
+        app_groups = []
+        app_groups_rep = OpenStax::Accounts::Api::V1::ApplicationGroupsRepresenter
+                           .new(app_groups)
+        app_groups_rep.from_json(response.body)
 
-          app_groups = []
-          app_groups_rep = OpenStax::Accounts::Api::V1::ApplicationGroupsRepresenter
-                             .new(app_groups)
-          app_groups_rep.from_json(response.body)
+        return if app_groups.empty?
 
-          return if app_groups.empty?
+        updated_app_groups = []
+        app_groups.each do |app_group|
+          group = OpenStax::Accounts::Group.where(
+            :openstax_uid => app_group.group.openstax_uid
+          ).first || app_group.group
+          group.syncing = true
 
-          updated_app_groups = []
-          app_groups.each do |app_group|
-            group = OpenStax::Accounts::Group.where(
-                      :openstax_uid => app_group.group.openstax_uid).first || app_group.group
-
-            if group != app_group.group
-              SYNC_ATTRIBUTES.each do |attribute|
-                group.send("#{attribute}=", app_group.group.send(attribute))
-              end
+          if group != app_group.group
+            SYNC_ATTRIBUTES.each do |attribute|
+              group.send("#{attribute}=", app_group.group.send(attribute))
             end
-
-            next unless group.save
-
-            updated_app_groups << {group_id: group.openstax_uid,
-                                   read_updates: app_group.unread_updates}
           end
 
-          OpenStax::Accounts.mark_group_updates_as_read(updated_app_groups)
-        ensure
-          OpenStax::Accounts.syncing = false
+          next unless group.save
+
+          updated_app_groups << {group_id: group.openstax_uid,
+                                 read_updates: app_group.unread_updates}
         end
 
+        OpenStax::Accounts::Api.mark_group_updates_as_read(updated_app_groups)
+
       end
 
     end

data/lib/openstax/accounts/action_controller/base.rb

@@ -0,0 +1,61 @@
+module OpenStax
+  module Accounts
+    module ActionController
+      module Base
+
+        def self.included(base)
+          base.helper_method :current_user, :signed_in?
+        end
+
+        # Returns the current user
+        def current_user
+          current_user_manager.current_user
+        end
+
+        # Returns the current account
+        def current_account
+          current_user_manager.current_account
+        end
+
+        # Returns true iff there is a user signed in
+        def signed_in?
+          current_user_manager.signed_in?
+        end
+
+        # Signs in the given account or user
+        def sign_in(user)
+          current_user_manager.sign_in(user)
+        end
+
+        # Signs out the current account and user
+        def sign_out!
+          current_user_manager.sign_out!
+        end
+
+        protected
+
+        def current_user_manager
+          @current_user_manager ||= \
+            OpenStax::Accounts::CurrentUserManager.new(request, session, cookies)
+        end
+
+        def authenticate_user!
+          account = current_account
+
+          return if account && !account.is_anonymous?
+
+          store_url key: :accounts_return_to, strategies: [:session]
+
+          respond_to do |format|
+            format.html { redirect_to openstax_accounts.login_url }
+            format.json { head(:forbidden) }
+          end
+        end
+
+      end
+    end
+  end
+end
+
+::ActionController::Base.send :include,
+                              OpenStax::Accounts::ActionController::Base

data/lib/openstax/accounts/api.rb

@@ -0,0 +1,270 @@
+module OpenStax
+  module Accounts
+    module Api
+
+      DEFAULT_API_VERSION = :v1
+
+      # Executes an OpenStax Accounts API request,
+      # using the given HTTP method, API path and request options.
+      # Any options accepted by OAuth2 requests can be used, such as
+      # :params, :body, :headers, etc, plus the :access_token option, which can
+      # be used to manually specify an OAuth access token.
+      # On failure, it can throw Faraday::ConnectionFailed for connection errors
+      # or OAuth2::Error if Accounts returns an HTTP 400 error,
+      # such as 422 Unprocessable Entity.
+      # On success, returns an OAuth2::Response object.
+      def self.request(http_method, path, options = {})
+        version = options.delete(:api_version) || DEFAULT_API_VERSION
+        unless version.blank?
+          options[:headers] ||= {}
+          options[:headers].merge!({
+            'Accept' => "application/vnd.accounts.openstax.#{version.to_s}"
+          })
+        end
+
+        token_string = options.delete(:access_token)
+        token = token_string.blank? ? client.client_credentials.get_token :
+                  OAuth2::AccessToken.new(client, token_string)
+
+        accounts_url = OpenStax::Accounts.configuration.openstax_accounts_url
+        url = URI.join(accounts_url, 'api/', path)
+
+        token.request(http_method, url, options)
+      end
+
+      # Performs an API request using the given account's access token
+      def self.request_for_account(account, http_method, path, options = {})
+        request(http_method, path,
+                options.merge(access_token: account.access_token))
+      end
+
+      # Performs an account search in the Accounts server.
+      # Results are limited to 10 accounts maximum.
+      # Takes a query parameter and an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.search_accounts(query, options = {})
+        request(:get, 'users', options.merge(params: {:q => query}))
+      end
+
+      # Updates a user account in the Accounts server.
+      # The account is determined by the OAuth access token.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.update_account(account, options = {})
+        request_for_account(
+          account, :put, 'user', options.merge(
+            body: account.attributes.slice('username', 'first_name',
+                                           'last_name', 'full_name',
+                                           'title').to_json
+          )
+        )
+      end
+
+      # Performs an account search in the Accounts server.
+      # Results are limited to accounts that have used the current app.
+      # Takes a query parameter and an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.search_application_accounts(query, options = {})
+        request(:get, 'application_users', options.merge(params: {:q => query}))
+      end
+
+      # Retrieves information about accounts that have been
+      # recently updated.
+      # Results are limited to accounts that have used the current app.
+      # Takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.get_application_account_updates(options = {})
+        request(:get, 'application_users/updates', options)
+      end
+
+      # Marks account updates as "read".
+      # The application_users parameter is an array of hashes.
+      # Each hash has 2 required fields: 'id', which should contain the
+      # application_user's id, and 'read_updates', which should contain
+      # the last received value of unread_updates for that application_user.
+      # Can only be called for application_users that belong to the current app.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.mark_account_updates_as_read(application_users, options = {})
+        request(:put, 'application_users/updated', options.merge(
+          body: application_users.to_json
+        ))
+      end
+
+      # Retrieves information about groups that have been
+      # recently updated.
+      # Results are limited to groups that users of the current app
+      # have access to.
+      # Takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.get_application_group_updates(options = {})
+        request(:get, 'application_groups/updates', options)
+      end
+
+      # Marks group updates as "read".
+      # The application_groups parameter is an array of hashes.
+      # Each hash has 2 required fields: 'id', which should contain the
+      # application_group's id, and 'read_updates', which should contain
+      # the last received value of unread_updates for that application_group.
+      # Can only be called for application_groups that belong to the current app.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.mark_group_updates_as_read(application_groups, options = {})
+        request(:put, 'application_groups/updated', options.merge(
+          body: application_groups.to_json
+        ))
+      end
+
+      # Creates a group in the Accounts server.
+      # The given account will be the owner of the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns a hash containing the group attributes
+      def self.create_group(account, group, options = {})
+        response = ActiveSupport::JSON.decode(
+          request_for_account(account, :post, 'groups', options.merge(
+            body: group.attributes.slice('name', 'is_public').to_json
+          )).body
+        )
+        group.openstax_uid = response['id']
+        response
+      end
+
+      # Updates a group in the Accounts server.
+      # The given account must own the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.update_group(account, group, options = {})
+        request_for_account(account, :put, "groups/#{group.openstax_uid}",
+          options.merge(
+            body: group.attributes.slice('name', 'is_public').to_json
+          )
+        )
+      end
+
+      # Deletes a group from the Accounts server.
+      # The given account must own the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.destroy_group(account, group, options = {})
+        request_for_account(account, :delete,
+                            "groups/#{group.openstax_uid}", options)
+      end
+
+      # Creates a group_member in the Accounts server.
+      # The given account must own the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.create_group_member(account, group_member, options = {})
+        request_for_account(
+          account,
+          :post,
+          "groups/#{group_member.group_id}/members/#{group_member.user_id}",
+          options
+        )
+      end
+
+      # Deletes a group_member from the Accounts server.
+      # The given account must own the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.destroy_group_member(account, group_member, options = {})
+        request_for_account(
+          account,
+          :delete,
+          "groups/#{group_member.group_id}/members/#{group_member.user_id}",
+          options
+        )
+      end
+
+      # Creates a group_owner in the Accounts server.
+      # The given account must own the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.create_group_owner(account, group_owner, options = {})
+        request_for_account(
+          account,
+          :post,
+          "groups/#{group_owner.group_id}/owners/#{group_owner.user_id}",
+          options
+        )
+      end
+
+      # Deletes a group_owner from the Accounts server.
+      # The given account must own the group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.destroy_group_owner(account, group_owner, options = {})
+        request_for_account(
+          account,
+          :delete,
+          "groups/#{group_owner.group_id}/owners/#{group_owner.user_id}",
+          options
+        )
+      end
+
+      # Creates a group_nesting in the Accounts server.
+      # The given account must own both groups.
+      # Also takes an an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.create_group_nesting(account, group_nesting, options = {})
+        request_for_account(
+          account,
+          :post,
+          "groups/#{group_nesting.container_group_id}/nestings/#{
+                    group_nesting.member_group_id}",
+                 options)
+      end
+
+      # Deletes a group_nesting from the Accounts server.
+      # The given account must own either group.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.destroy_group_nesting(account, group_nesting, options = {})
+        request_for_account(
+          account,
+          :delete,
+          "groups/#{group_nesting.container_group_id}/nestings/#{
+                    group_nesting.member_group_id}",
+          options
+        )
+      end
+
+      # Creates a temporary user in Accounts.
+      # Also takes an options hash.
+      # On failure, throws an Exception, just like the request method.
+      # On success, returns an OAuth2::Response object.
+      def self.create_temp_account(attributes, options = {})
+        request(:post, "user/find-or-create", options.merge(
+          body: attributes.to_json
+        ))
+      end
+
+      protected
+
+      def self.client
+        @client ||= OAuth2::Client.new(
+          OpenStax::Accounts.configuration.openstax_application_id,
+          OpenStax::Accounts.configuration.openstax_application_secret,
+          :site => OpenStax::Accounts.configuration.openstax_accounts_url
+        )
+      end
+
+    end
+  end
+end

data/lib/openstax/accounts/configuration.rb

@@ -0,0 +1,77 @@
+module OpenStax
+  module Accounts
+    class Configuration
+      # openstax_accounts_url
+      # Base URL for OpenStax Accounts
+      attr_reader :openstax_accounts_url
+
+      # openstax_application_id
+      # OAuth client_id received from OpenStax Accounts
+      attr_accessor :openstax_application_id
+
+      # openstax_application_secret
+      # OAuth client_secret received from OpenStax Accounts
+      attr_accessor :openstax_application_secret
+
+      # enable_stubbing
+      # Set to true if you want this engine to fake all
+      # interaction with the accounts site.
+      attr_accessor :enable_stubbing
+
+      # logout_via
+      # HTTP method to accept for logout requests
+      attr_accessor :logout_via
+
+      attr_accessor :default_errors_partial
+      attr_accessor :default_errors_html_id
+      attr_accessor :default_errors_added_trigger
+
+      # security_transgression_exception
+      # Class to be used for security transgression exceptions
+      attr_accessor :security_transgression_exception
+
+      # account_user_mapper
+      # This class teaches the gem how to convert between accounts and users
+      # See the "account_user_mapper" discussion in the README
+      attr_accessor :account_user_mapper
+
+      # min_search_characters
+      # The minimum number of characters that can be used
+      # as a query in a call to the AccountsSearch handler
+      # If less are used, the handler will return an error instead
+      attr_accessor :min_search_characters
+
+      # max_search_items
+      # The maximum number of accounts that can be returned
+      # in a call to the AccountsSearch handler
+      # If more would be returned, the result will be empty instead
+      attr_accessor :max_search_items
+
+      def openstax_accounts_url=(url)
+        url.gsub!(/https|http/,'https') if !(url =~ /localhost/)
+        url = url + "/" if url[url.size-1] != '/'
+        @openstax_accounts_url = url
+      end
+
+      def initialize
+        @openstax_application_id = 'SET ME!'
+        @openstax_application_secret = 'SET ME!'
+        @openstax_accounts_url = 'https://accounts.openstax.org/'
+        @enable_stubbing = true
+        @logout_via = :get
+        @default_errors_partial = 'openstax/accounts/shared/attention'
+        @default_errors_html_id = 'openstax-accounts-attention'
+        @default_errors_added_trigger = 'openstax-accounts-errors-added'
+        @security_transgression_exception = SecurityTransgression
+        @account_user_mapper = OpenStax::Accounts::DefaultAccountUserMapper
+        @min_search_characters = 3
+        @max_search_items = 10
+        super
+      end
+
+      def enable_stubbing?
+        !Rails.env.production? && enable_stubbing
+      end
+    end
+  end
+end