RubyGems - punk - Versions diffs - 0.1.4 → 0.2.0 - Mend

punk 0.1.4 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (143) hide show

checksums.yaml +4 -4
data/.editorconfig +9 -0
data/.github/workflows/test.yml +26 -1
data/.rdoc_options +23 -0
data/.rgignore +1 -0
data/.rspec +2 -0
data/Gemfile +5 -6
data/Gemfile.lock +16 -29
data/README.md +1 -1
data/VERSION +1 -1
data/app/migrations/001_lets_punk.rb +3 -0
data/app/routes/hello.rb +4 -0
data/env/.gitignore +3 -0
data/env/spec/test.sh +3 -0
data/lib/punk/actions/.keep +0 -0
data/lib/punk/actions/groups/list.rb +24 -0
data/lib/punk/actions/sessions/clear.rb +21 -0
data/lib/punk/actions/sessions/create.rb +64 -0
data/lib/punk/actions/sessions/list.rb +18 -0
data/lib/punk/actions/sessions/verify.rb +24 -0
data/lib/punk/actions/tenants/list.rb +18 -0
data/lib/punk/actions/users/list_group.rb +18 -0
data/lib/punk/actions/users/list_tenant.rb +18 -0
data/lib/punk/actions/users/show.rb +18 -0
data/lib/punk/commands/list.rb +12 -6
data/lib/punk/config/defaults.json +3 -0
data/lib/punk/config/schema.json +3 -0
data/lib/punk/core/app.rb +4 -6
data/lib/punk/core/commander.rb +7 -4
data/lib/punk/core/exec.rb +2 -0
data/lib/punk/core/load.rb +0 -1
data/lib/punk/framework/command.rb +5 -1
data/lib/punk/framework/plugins/validation.rb +0 -14
data/lib/punk/helpers/loggable.rb +1 -1
data/lib/punk/migrations/001_punk.rb +103 -0
data/lib/punk/models/.keep +0 -0
data/lib/punk/models/group.rb +20 -0
data/lib/punk/models/group_user_metadata.rb +17 -0
data/lib/punk/models/identity.rb +29 -0
data/lib/punk/models/session.rb +89 -0
data/lib/punk/models/tenant.rb +19 -0
data/lib/punk/models/tenant_user_metadata.rb +17 -0
data/lib/punk/models/user.rb +31 -0
data/lib/punk/routes/groups.rb +31 -0
data/lib/punk/routes/plivo.rb +4 -0
data/lib/punk/routes/sessions.rb +108 -0
data/lib/punk/routes/swagger.rb +9 -0
data/lib/punk/routes/tenants.rb +29 -0
data/lib/punk/routes/users.rb +36 -0
data/lib/punk/services/.keep +0 -0
data/lib/punk/services/challenge_claim.rb +46 -0
data/lib/punk/services/create_identities.rb +25 -0
data/lib/punk/services/generate_swagger.rb +25 -0
data/lib/punk/services/prove_claim.rb +29 -0
data/lib/punk/services/secret.rb +9 -0
data/lib/punk/templates/groups/list.jbuilder +7 -0
data/lib/punk/templates/plivo.slim +16 -0
data/lib/punk/templates/sessions/list.jbuilder +6 -0
data/lib/punk/templates/sessions/pending.jbuilder +4 -0
data/lib/punk/templates/tenants/list.jbuilder +7 -0
data/lib/punk/templates/tenants/list.slim +8 -0
data/lib/punk/templates/users/list.jbuilder +7 -0
data/lib/punk/templates/users/list.rcsv +4 -0
data/lib/punk/templates/users/show.jbuilder +5 -0
data/lib/punk/views/groups/list.rb +22 -0
data/lib/punk/views/plivo_store.rb +15 -0
data/lib/punk/views/sessions/list.rb +22 -0
data/lib/punk/views/sessions/pending.rb +28 -0
data/lib/punk/views/tenants/list.rb +22 -0
data/lib/punk/views/users/list.rb +22 -0
data/lib/punk/views/users/show.rb +22 -0
data/lib/punk/workers/.keep +0 -0
data/lib/punk/workers/expire_sessions.rb +9 -0
data/lib/punk/workers/geocode_session_worker.rb +48 -0
data/lib/punk/workers/identify_session_worker.rb +45 -0
data/lib/punk/workers/secret.rb +18 -0
data/lib/punk/workers/send_email_worker.rb +51 -0
data/lib/punk/workers/send_sms_worker.rb +40 -0
data/punk.gemspec +140 -14
data/schema.psql +345 -0
data/spec/actions/groups/punk/list_groups_action_spec.rb +36 -0
data/spec/actions/sessions/punk/clear_session_action_spec.rb +29 -0
data/spec/actions/sessions/punk/create_session_action_spec.rb +33 -0
data/spec/actions/sessions/punk/list_sessions_action_spec.rb +26 -0
data/spec/actions/sessions/punk/verify_session_action_spec.rb +59 -0
data/spec/actions/tenants/punk/list_tenants_action_spec.rb +25 -0
data/spec/actions/users/punk/list_group_users_action_spec.rb +26 -0
data/spec/actions/users/punk/list_tenant_users_action_spec.rb +26 -0
data/spec/factories/group.rb +12 -0
data/spec/factories/group_user_metadata.rb +10 -0
data/spec/factories/identity.rb +19 -0
data/spec/factories/session.rb +12 -0
data/spec/factories/tenant.rb +10 -0
data/spec/factories/tenant_user_metadata.rb +10 -0
data/spec/factories/user.rb +12 -0
data/spec/lib/commands/auth_spec.rb +11 -0
data/spec/lib/commands/generate_spec.rb +7 -0
data/spec/lib/commands/http_spec.rb +23 -0
data/spec/lib/commands/list_spec.rb +7 -0
data/spec/lib/commands/swagger_spec.rb +7 -0
data/spec/lib/engine/punk_env_spec.rb +13 -0
data/spec/lib/engine/punk_exec_spec.rb +9 -0
data/spec/lib/engine/punk_init_spec.rb +9 -0
data/spec/lib/engine/punk_store_spec.rb +10 -0
data/spec/lib/punk.env +7 -0
data/spec/models/punk/group_spec.rb +50 -0
data/spec/models/punk/group_user_metadata_spec.rb +61 -0
data/spec/models/punk/identity_spec.rb +61 -0
data/spec/models/punk/session_spec.rb +156 -0
data/spec/models/punk/tenant_spec.rb +51 -0
data/spec/models/punk/tenant_user_metadata_spec.rb +61 -0
data/spec/models/punk/user_spec.rb +115 -0
data/spec/routes/groups/get_groups_spec.rb +33 -0
data/spec/routes/plivo/get_plivo_spec.rb +11 -0
data/spec/routes/sessions/delete_session_spec.rb +11 -0
data/spec/routes/sessions/get_sessions_spec.rb +30 -0
data/spec/routes/sessions/patch_session_spec.rb +11 -0
data/spec/routes/sessions/post_session_spec.rb +11 -0
data/spec/routes/swagger/get_swagger_spec.rb +12 -0
data/spec/routes/tenants/get_tenants_spec.rb +31 -0
data/spec/routes/users/get_users_spec.rb +60 -0
data/spec/services/punk/challenge_claim_service_spec.rb +7 -0
data/spec/services/punk/create_identities_service_spec.rb +14 -0
data/spec/services/punk/generate_swagger_service_spec.rb +7 -0
data/spec/services/punk/prove_claim_service_spec.rb +7 -0
data/spec/services/punk/secret_service_spec.rb +7 -0
data/spec/spec_helper.rb +122 -0
data/spec/vcr_cassettes/PUNK_GeocodeSessionWorker/updates_the_session_data.yml +57 -0
data/spec/vcr_cassettes/PUNK_IdentifySessionWorker/updates_the_session_data.yml +112 -0
data/spec/views/punk/plivo_store_spec.rb +7 -0
data/spec/views/sessions/punk/list_sessions_view_spec.rb +7 -0
data/spec/views/sessions/punk/pending_session_view_spec.rb +7 -0
data/spec/views/tenants/punk/list_tenants_view_spec.rb +7 -0
data/spec/views/users/punk/list_groups_view_spec.rb +7 -0
data/spec/views/users/punk/list_users_view_spec.rb +7 -0
data/spec/workers/punk/expire_sessions_worker_spec.rb +31 -0
data/spec/workers/punk/geocode_session_worker_spec.rb +14 -0
data/spec/workers/punk/identify_session_worker_spec.rb +15 -0
data/spec/workers/punk/secret_worker_spec.rb +20 -0
data/spec/workers/punk/send_email_worker_spec.rb +46 -0
data/spec/workers/punk/send_sms_worker_spec.rb +33 -0
metadata +148 -11
data/lib/punk/views/all.rb +0 -4

data/lib/punk/models/session.rb ADDED

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+module PUNK
+  # @model
+  # @property slug(required) [string] a unique identifier for the session while it is being challenged
+  # @property message(required) [string] a message to be displayed to the user to let them know what to do
+  class Session < PUNK::Model
+    alias to_s state
+    many_to_one :identity
+    one_through_one :user, join_table: :identities, left_key: :id, left_primary_key: :identity_id
+    symbolize :state
+    aasm :state do
+      state :created, initial: true
+      state :pending
+      state :active
+      state :expired
+      state :deleted
+      event :challenge do
+        transitions from: :created, to: :pending, guard: :current?
+      end
+      event :verify, after: :erase do
+        transitions from: :pending, to: :active, guard: :current?
+      end
+      event :timeout, after: :erase do
+        transitions from: [:created, :pending, :active], to: :expired
+      end
+      event :clear, after: :erase do
+        transitions from: :active, to: :deleted
+      end
+    end
+    dataset_module do
+      def created
+        where(state: 'created')
+      end
+      def pending
+        where(state: 'pending')
+      end
+      def active
+        where(state: 'active')
+      end
+      def expired
+        where(state: 'expired')
+      end
+      def deleted
+        where(state: 'deleted')
+      end
+      def expiring
+        where { Sequel.&({ state: ['created', 'pending'] }, (created_at < 5.minutes.ago)) }.or { Sequel.&({ state: 'active' }, ((updated_at < 1.month.ago) | (created_at < 1.year.ago))) }
+      end
+    end
+    def validate
+      validates_presence :identity
+      validates_includes [:created, :pending, :active, :expired, :deleted], :state
+      validates_integer :attempt_count
+      validates_includes [0, 1, 2, 3], :attempt_count
+    end
+    def current?
+      !timeout?
+    end
+    def timeout?
+      timeout! if (created? || pending?) && created_at < 5.minutes.ago || active? && (updated_at < 1.month.ago || created_at < 1.year.ago)
+      expired?
+    end
+    def erase
+      update(slug: nil, salt: nil, hash: nil)
+    end
+    def increment_attempts
+      update(attempt_count: attempt_count + 1)
+    end
+  end
+end

data/lib/punk/models/tenant.rb ADDED

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module PUNK
+  # @model
+  # @property id(required) [string] a unique identifier for the tenant
+  # @property name(required) [string] the name of the tenant
+  # @property icon(required) [string] an image URL
+  class Tenant < PUNK::Model
+    alias to_s name
+    many_to_many :users
+    one_to_many :groups
+    def validate
+      validates_presence :name
+      validates_url :icon, allow_blank: true
+    end
+  end
+end

data/lib/punk/models/tenant_user_metadata.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module PUNK
+  class TenantUserMetadata < PUNK::Model(:tenants_users)
+    many_to_one :tenant
+    many_to_one :user
+    def validate
+      validates_presence :tenant
+      validates_presence :user
+    end
+    def to_s
+      "#{tenant_id}|#{user_id}"
+    end
+  end
+end

data/lib/punk/models/user.rb ADDED

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module PUNK
+  # @model
+  # @property id(required) [string] a unique identifier for the user
+  # @property name(required) [string] the name of the user
+  # @property icon(required) [string] an image URL
+  class User < Model
+    alias to_s name
+    many_to_many :tenants
+    many_to_many :groups
+    one_to_many :identities
+    many_through_many :sessions, through: [[:identities, :user_id, :id], [:sessions, :identity_id, :id]]
+    def validate
+      validates_presence :name
+      validates_url :icon, allow_blank: true
+      validates_presence :email if phone.blank?
+      validates_presence :phone if email.blank?
+      validates_email :email, allow_blank: true
+      validates_phone :phone, allow_blank: true
+      validates_unique :email, allow_blank: true
+      validates_unique :phone, allow_blank: true
+    end
+    def active_sessions
+      sessions_dataset.where(Sequel.lit('"sessions"."state"') => 'active')
+    end
+  end
+end

data/lib/punk/routes/groups.rb ADDED

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+# @resource Groups
+#
+# Each tenant can have many groups.
+PUNK.route('groups') do
+  require_session!
+  require_tenant!
+  # Retrieve the list of groups visible to the authenticated user for a specific tenant.
+  # @path [GET] /groups
+  # @parameter tenant_id(required) [string] An email address or mobile phone number.
+  # @response [Array<Group>] 200 List of groups
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "Cool Group",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You must specify a tenant.",
+  #     "errors": ["Cannot find tenant"]
+  #   }
+  #
+  # route: GET /groups
+  get do
+    perform PUNK::ListGroupsAction, user: current_user, tenant: current_tenant
+  end
+end

data/lib/punk/routes/plivo.rb ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+# route: GET /plivo
+PUNK.route('plivo') { present PUNK::PlivoStore }

data/lib/punk/routes/sessions.rb ADDED

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+# @resource Sessions
+#
+# Handle the authentication flow.
+PUNK.route('sessions') do
+  # Challenge the claim of someone having a particular email address or phone number.
+  # @path [POST] /sessions
+  # @parameter claim(required) [string] An email address or mobile phone number.
+  # @response [Session] 201 Pending session created
+  # @response [Error] 400 Invalid claim, or the user is already authenticated
+  # @method post
+  # @example 201
+  #   {
+  #     "slug": "deadbeef-1234-5678-abcd-000000000000",
+  #     "message": "A code has been sent to your email address."
+  #   }
+  # @example 400
+  #   {
+  #     "message": "Validation failed",
+  #     "errors": ["Claim is not an email or phone."]
+  #   }
+  #
+  # route: POST /sessions
+  post do
+    require_anonymous!
+    perform PUNK::CreateSessionAction, args.merge(remote_addr: request.ip || PUNK::Session.default_values[:remote_addr].to_s, user_agent: request.env['HTTP_USER_AGENT'] || PUNK::Session.default_values[:user_agent])
+  end
+  # route: GET /sessions/current
+  on "current" do
+    require_session!
+    get do
+      perform PUNK::ShowUserAction, user: current_user
+    end
+  end
+  # route: PATCH /sessions/:slug
+  on :id do |slug|
+    require_anonymous!
+    user_session = PUNK::Session.find(slug: slug)
+    # Verify a pending session by providing proof of access to the email address or phone number.
+    # @path [PATCH] /sessions/{slug}
+    # @parameter secret(required) [string] The verification code sent by email or sms.
+    # @response [Info] 200 Session verified and cookie created
+    # @response [Error] 400 Invalid secret
+    # @method patch
+    # @example 200
+    #   {
+    #     "message": "You are now logged in."
+    #   }
+    # @example 400
+    #   {
+    #     "message": "Validation failed",
+    #     "errors": ["Secret does not match."]
+    #   }
+    patch do
+      view = perform PUNK::VerifySessionAction, args.merge(session: user_session)
+      request.session[:session_id] = user_session.id if user_session&.active?
+      view
+    end
+  end
+  # Allow the current user to access their active sessions.
+  # @path [GET] /sessions
+  # @response [Array<Session>] 200 List of sessions
+  # @response [Error] 401 The user was not authenticated
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "client": {...}
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "you are not authenticated.",
+  #     "errors": ["cannot find session"]
+  #   }
+  #
+  # route: GET /tenants
+  get do
+    require_session!
+    perform PUNK::ListSessionsAction, user: current_user
+  end
+  # Allow the current user to logout.
+  # @path [DELETE] /sessions
+  # @response [Info] 200 Session destroyed and cookie cleared
+  # @response [Error] 401 The user was not authenticated
+  # @method destroy
+  # @example 200
+  #   {
+  #     "message": "You have logged out."
+  #   }
+  # @example 401
+  #   {
+  #     "message": "You are not authenticated.",
+  #     "errors": ["No session exists"]
+  #   }
+  #
+  # route: DELETE /sessions
+  delete do
+    require_session!
+    view = perform PUNK::ClearSessionAction, session: current_session
+    clear_session if current_session&.deleted?
+    view
+  end
+end

data/lib/punk/routes/swagger.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+# route: GET /swagger.json
+PUNK.route('swagger') do
+  result = PUNK::GenerateSwaggerService.run.result
+  response.status = 200
+  response['Content-Type'] = 'application/json'
+  result
+end

data/lib/punk/routes/tenants.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+# @resource Tenants
+#
+# All resources in the system are relative to a particular tenant application.
+PUNK.route('tenants') do
+  require_session!
+  # Retrieve the list of tenants visible to the authenticated user.
+  # @path [GET] /tenants
+  # @response [Array<Tenant>] 200 List of tenants
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "Cool Tenant",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You are not authenticated.",
+  #     "errors": ["Cannot find session"]
+  #   }
+  #
+  # route: GET /tenants
+  get do
+    perform PUNK::ListTenantsAction, user: current_user
+  end
+end

data/lib/punk/routes/users.rb ADDED

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+# @resource Users
+#
+# Users can belong to many tenants and many groups.
+PUNK.route('users') do
+  require_session!
+  require_tenant!
+  # Retrieve the list of users visible to the authenticated user for a specific tenant or group.
+  # @path [GET] /users
+  # @parameter tenant_id(required) [string] The ID of a tenant visible to the authenticated user.
+  # @parameter group_id [string] The ID of a group that belongs to the tenant.
+  # @response [Array<User>] 200 List of users
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "John Smith",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You must specify a tenant.",
+  #     "errors": ["Cannot find tenant"]
+  #   }
+  #
+  # route: GET /users
+  get do
+    if args[:group_id]
+      perform PUNK::ListGroupUsersAction, group: current_user.groups_dataset[tenant: current_tenant, id: args[:group_id]]
+    else
+      perform PUNK::ListTenantUsersAction, tenant: current_tenant
+    end
+  end
+end

data/lib/punk/services/.keep ADDED

File without changes

data/lib/punk/services/challenge_claim.rb ADDED

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require 'rbnacl'
+module PUNK
+  class ChallengeClaimService < Service
+    args :session
+    def validate
+      validates_not_null :session
+      validates_not_empty :session
+      return if session.blank?
+      validates_type Session, :session
+      validates_state :session, :created
+      validates_event :session, :challenge
+    end
+    def process
+      secret = SecretService.run.result
+      salt = RbNaCl::Random.random_bytes(RbNaCl::PasswordHash::SCrypt::SALTBYTES)
+      hash = RbNaCl::PasswordHash.scrypt(secret, salt, 1_048_576, 16_777_216)
+      session.update(salt: salt, hash: hash)
+      session.challenge!
+      identity = session.identity
+      case identity.claim_type
+      when :email
+        SendEmailWorker.perform_async(
+          from: 'GroupFire Accounts <noreply@groupfire.com>',
+          to: identity.claim,
+          subject: '[GroupFire] Verification Code',
+          template: 'verify',
+          tags: [:auth],
+          variables: {
+            name: identity.user&.name || 'New User',
+            secret: secret
+          }
+        )
+      when :phone
+        SendSmsWorker.perform_async(
+          to: identity.claim,
+          body: "Your GroupFire verification code is: #{secret}."
+        )
+      end
+    end
+  end
+end

data/lib/punk/services/create_identities.rb ADDED

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module PUNK
+  class CreateIdentitiesService < Service
+    def process
+      User.each do |user|
+        if user.email.present?
+          Identity.find_or_create(claim: user.email) do |i|
+            i.claim_type = :email
+            i.user = user
+          end
+        end
+        if user.phone.present?
+          Identity.find_or_create(claim: user.phone) do |i|
+            i.claim_type = :phone
+            i.user = user
+          end
+        end
+      rescue Sequel::ValidationFailed => e
+        logger.warn e.message
+      end
+      nil
+    end
+  end
+end