softwear-lib 1.4.3 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 256a4d3e54b1b08a88522296a9061ddb43e25306
-  data.tar.gz: 237c618746df70c045a9031fb7edcf8fca8423f5
+  metadata.gz: 07abbcd1086c6337273c1b6536c2f3ada2c817ca
+  data.tar.gz: afbd2b01e668364fd40d18e5f047a2297a824083
 SHA512:
-  metadata.gz: 57f27e815f6aa1068ddad8ea29bb0db911dae1a066b7427302699810857bb55b50129a71bd52189c08ec9240044aeaed1260383e09c32b2d3f40655d0385d3b2
-  data.tar.gz: 938338e81ee0c14780c375bba27033411405754fee92293a7d81e338db7f7dd2a603da9a2aea456079595c532845302c3c6de89ab065ffac9a0a2294233aea12
+  metadata.gz: 44716bcb3a8898364f4092328fc8c59217eb834768678204395dc469316d1b0b28ce27437f6df7ec650b7d15ecf5075ac004f4697d312611b2b77d16f97bee7f
+  data.tar.gz: 4d54bb27f4ece39a7132503fa59759eca15fc39c337d8d1f16f513cad1367d7bf5a10f5a6cd631432af9b612fb122c1e3c02886c2c0074a94f35b31a74da6bad

data/lib/softwear/auth/belongs_to_user.rb

@@ -0,0 +1,32 @@
+module Softwear
+  module Auth
+    module BelongsToUser
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def belongs_to_user_called(name, options = {})
+          foreign_key = "#{name}_id"
+
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            def #{name}
+              @#{name} ||= User.find(#{name}_id)
+            end
+
+            def #{name}=(new)
+              self.#{foreign_key} = new.id
+              @#{name} = new
+            end
+          RUBY
+        end
+
+        def belongs_to_user
+          belongs_to_user_called(:user)
+        end
+      end
+
+      included do
+        extend ClassMethods
+      end
+    end
+  end
+end

data/lib/softwear/auth/controller.rb

@@ -0,0 +1,39 @@
+module Softwear
+  module Auth
+    class Controller < ApplicationController
+      skip_before_filter :authenticate_user!, only: [:set_session_token, :clear_query_cache]
+
+      # ====================
+      # Comes from an img tag on softwear-hub to let an authorized app know that
+      # a user has signed in.
+      # ====================
+      def set_session_token
+        encrypted_token = params[:token]
+        redirect_to Figaro.env.softwear_hub_url and return if encrypted_token.blank?
+
+        Rails.logger.info "RECEIVED ENCRYPTED TOKEN: #{encrypted_token}"
+
+        decipher = OpenSSL::Cipher::AES.new(256, :CBC)
+        decipher.decrypt
+        decipher.key = Figaro.env.token_cipher_key
+        decipher.iv  = Figaro.env.token_cipher_iv
+
+        session[:user_token] = decipher.update(Base64.urlsafe_decode64(encrypted_token)) + decipher.final
+
+        render inline: 'Done'
+      end
+
+      # ====================
+      # Comes from an img tag on softwear-hub when there has been a change to user
+      # attributes or roles and the cache should be cleared.
+      # ====================
+      def clear_query_cache
+        Softwear::Auth::Model.descendants.each do |user|
+          user.query_cache.clear
+        end
+
+        render inline: 'Done'
+      end
+    end
+  end
+end

data/lib/softwear/auth/helper.rb

@@ -0,0 +1,27 @@
+module Softwear
+  module Auth
+    module Helper
+      def profile_picture_of(user = nil, options = {})
+        options[:class] ||= ''
+        options[:class] += ' media-object img-circle profile-pic'
+        options[:alt] ||= "#{user.try(:full_name) || '(Unknown)'}'s Avatar"
+        options[:title] ||= user.try(:full_name) || 'Someone'
+
+        image_tag user.try(:profile_picture_url) || 'avatar/masarie.jpg', options
+      end
+
+      def auth_server_error_banner
+        return unless Softwear::Auth::Model.auth_server_down?
+
+        content_tag :div, class: 'alert alert-danger' do
+          content_tag :strong do
+            (Softwear::Auth::Model.auth_server_went_down_at || Time.now).strftime(
+              "WARNING: The authentication server is unreachable as of %I:%M%p. "\
+              "Some site features might not function properly."
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/softwear/auth/model.rb

@@ -0,0 +1,408 @@
+module Softwear
+  module Auth
+    class Model
+      include ActiveModel::Model
+      include ActiveModel::Conversion
+
+      class AccessDeniedError < StandardError
+      end
+      class InvalidCommandError < StandardError
+      end
+      class AuthServerError < StandardError
+      end
+      class AuthServerDown < StandardError
+      end
+
+      # ============================= CLASS METHODS ======================
+      class << self
+        attr_writer :query_cache
+        attr_accessor :total_query_cache
+        attr_writer :query_cache_expiry
+        alias_method :expire_query_cache_every, :query_cache_expiry=
+        attr_accessor :auth_server_went_down_at
+        attr_accessor :sent_auth_server_down_email
+        attr_accessor :time_before_down_email
+        alias_method :email_when_down_after, :time_before_down_email=
+
+        # ====================
+        # Returns true if the authentication server was unreachable for the previous query.
+        # ====================
+        def auth_server_down?
+          !!auth_server_went_down_at
+        end
+
+        # ====================
+        # The query cache takes message keys (such as "get 12") with response values straight from
+        # the server. So yes, this will cache error responses.
+        # You can clear this with <User Class>.query_cache.clear or <User Class>.query_cache = nil
+        # ====================
+        def query_cache
+          @query_cache ||= ThreadSafe::Cache.new
+        end
+
+        def query_cache_expiry
+          @query_cache_expiry || Figaro.env.query_cache_expiry.try(:to_f) || 1.hour
+        end
+
+        # ===================
+        # Override this in your subclasses! The mailer should have auth_server_down(time) and
+        # auth_server_up(time)
+        # ===================
+        def auth_server_down_mailer
+          # override me
+        end
+
+        # ======================================
+        def primary_key
+          :id
+        end
+
+        def base_class
+          self
+        end
+
+        def relation_delegate_class(*)
+          self
+        end
+
+        def unscoped
+          self
+        end
+
+        def new(*args)
+          if args.size == 3
+            assoc_class = args[2].owner.class.name
+            assoc_name = args[2].reflection.name
+            raise "Unsupported user association: #{assoc_class}##{assoc_name}. If this is a belongs_to "\
+                  "association, you may have #{assoc_class} include Softwear::Auth::BelongsToUser and call "\
+                  "`belongs_to_user_called :#{assoc_name}' instead of the traditional rails method."
+          else
+            super
+          end
+        end
+        # ======================================
+
+        # ====================
+        # Not a fully featured has_many - must specify foreign_key if the association doesn't match
+        # the model name.
+        # ====================
+        def has_many(assoc, options = {})
+          assoc = assoc.to_s
+
+          class_name  = options[:class_name]  || assoc.singularize.camelize
+          foreign_key = options[:foreign_key] || 'user_id'
+
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            def #{assoc}
+              #{class_name}.where(#{foreign_key}: id)
+            end
+          RUBY
+        end
+
+        def arel_table
+          @arel_table ||= Arel::Table.new(model_name.plural, self)
+        end
+
+        # ====================
+        # This is only used to record how long it takes to perform queries for development.
+        # ====================
+        def record(before, after, type, body)
+          ms = (after - before) * 1000
+          # The garbage in this string gives us the bold and color
+          Rails.logger.info "  \033[1m\033[33m#{type} (#{'%.1f' % ms}ms)\033[0m #{body}"
+        end
+
+        # ====================
+        # Host of the auth server, from 'auth_server_endpoint' env variable.
+        # Defaults to localhost.
+        # ====================
+        def auth_server_host
+          endpoint = Figaro.env.auth_server_endpoint
+          if endpoint.blank?
+            'localhost'
+          elsif endpoint.include?(':')
+            endpoint.split(':').first
+          else
+            endpoint
+          end
+        end
+
+        # ====================
+        # Port of the auth server, from 'auth_server_endpoint' env variable.
+        # Defaults to 2900.
+        # ====================
+        def auth_server_port
+          endpoint = Figaro.env.auth_server_endpoint
+          if endpoint.try(:include?, ':')
+            endpoint.split(':').last
+          else
+            2900
+          end
+        end
+
+        def default_socket
+          @default_socket ||= TCPSocket.open(auth_server_host, auth_server_port)
+        end
+
+        # ====================
+        # Bare minimum query function - sends a message and returns the response, and
+        # handles a broken socket. #query and #force_query call this function.
+        # ====================
+        def raw_query(message)
+          begin
+            default_socket.puts message
+
+          rescue Errno::EPIPE => e
+            @default_socket = TCPSocket.open(auth_server_host, auth_server_port)
+            @default_socket.puts message
+          end
+
+          return default_socket.gets.chomp
+
+        rescue Errno::ECONNREFUSED => e
+          raise AuthServerDown, "Unable to connect to the authentication server."
+        end
+
+        # ====================
+        # Expires the query cache, setting a new expiration time as well as merging
+        # with the previous query cache, in case of an auth server outage.
+        # ====================
+        def expire_query_cache
+          before = Time.now
+          if total_query_cache
+            query_cache.each_pair do |key, value|
+              total_query_cache[key] = value
+            end
+          else
+            self.total_query_cache = query_cache.clone
+          end
+
+          query_cache.clear
+          query_cache['_expire_at'] = (query_cache_expiry || 1.hour).from_now
+          after = Time.now
+
+          record(before, after, "Authentication Expire Cache", "")
+        end
+
+        # ====================
+        # Queries the authentication server only if there isn't a cached response.
+        # Also keeps track of whether or not the server is reachable, and sends emails
+        # when the server goes down and back up.
+        # ====================
+        def query(message)
+          before = Time.now
+
+          expire_at = query_cache['_expire_at']
+          expire_query_cache if expire_at.blank? || Time.now > expire_at
+
+          if cached_response = query_cache[message]
+            response = cached_response
+            action = "Authentication Cache"
+          else
+            begin
+              response = raw_query(message)
+              action = "Authentication Query"
+              query_cache[message] = response
+
+              if auth_server_went_down_at
+                self.auth_server_went_down_at = nil
+
+                if sent_auth_server_down_email
+                  self.sent_auth_server_down_email = false
+                  if (mailer = auth_server_down_mailer) && mailer.respond_to?(:auth_server_up)
+                    mailer.auth_server_up(Time.now).deliver_now
+                  end
+                end
+              end
+
+            rescue AuthServerError => e
+              raise unless total_query_cache
+
+              old_response = total_query_cache[message]
+              if old_response
+                response = old_response
+                action = "Authentication Cache (due to error)"
+                Rails.logger.error "AUTHENTICATION: The authentication server encountered an error. "\
+                                   "You should probably check the auth server's logs. "\
+                                   "A cached response was used."
+              else
+                raise
+              end
+
+            rescue AuthServerDown => e
+              if auth_server_went_down_at.nil?
+                self.auth_server_went_down_at = Time.now
+                expire_query_cache
+
+              elsif auth_server_went_down_at > (time_before_down_email || 5.minutes).ago
+                unless sent_auth_server_down_email
+                  self.sent_auth_server_down_email = true
+
+                  if (mailer = auth_server_down_mailer) && mailer.respond_to?(:auth_server_down)
+                    mailer.auth_server_down(auth_server_went_down_at).deliver_now
+                  end
+                end
+              end
+
+              old_response = total_query_cache[message]
+              if old_response
+                response = old_response
+                action = "Authentication Cache (server down)"
+              else
+                raise AuthServerDown, "An uncached query was attempted, and the authentication server is down."
+              end
+            end
+          end
+          after = Time.now
+
+          record(before, after, action, message)
+          response
+        end
+
+        # ====================
+        # Runs a query through the server without error or cache checking.
+        # ====================
+        def force_query(message)
+          before = Time.now
+          response = raw_query(message)
+          after = Time.now
+
+          record(before, after, "Authentication Query (forced)", message)
+          response
+        end
+
+        # ====================
+        # Expects a response string returned from #query and raises an error for the
+        # following cases:
+        #
+        # - Access denied                       (AccessDeniedError)
+        # - Invalid command (bad query message) (InvalidCommandError)
+        # - Error on auth server's side         (AuthServerError)
+        # ====================
+        def validate_response(response_string)
+          case response_string
+          when 'denied'  then raise AccessDeniedError,   "Denied"
+          when 'invalid' then raise InvalidCommandError, "Invalid command"
+          when 'sorry'
+            expire_query_cache
+            raise AuthServerError, "Authentication server encountered an error"
+          else
+            response_string
+          end
+        end
+
+        # ====================
+        # Finds a user with the given ID
+        # ====================
+        def find(target_id)
+          json = validate_response query "get #{target_id}"
+
+          if json == 'nosuchuser'
+            nil
+          else
+            object = new(JSON.parse(json))
+            object.instance_variable_set(:@persisted, true)
+            object
+          end
+        end
+
+        # ====================
+        # Returns an array of all registered users
+        # ====================
+        def all
+          json = validate_response query "all"
+
+          objects = JSON.parse(json).map(&method(:new))
+          objects.each { |u| u.instance_variable_set(:@persisted, true) }
+          objects
+        end
+
+        # ====================
+        # Given a valid signin token:
+        #   Returns the authenticated user for the given token
+        # Given an invalid signin token:
+        #   Returns false
+        # ====================
+        def auth(token)
+          response = validate_response query "auth #{Figaro.env.hub_app_name} #{token}"
+
+          return false unless response =~ /^yes .+$/
+
+          _yes, json = response.split(' ', 2)
+          object = new(JSON.parse(json))
+          object.instance_variable_set(:@persisted, true)
+          object
+        end
+
+        # ====================
+        # Overridable logger method used when recording query benchmarks
+        # ====================
+        def logger
+          Rails.logger
+        end
+      end
+
+      # ============================= INSTANCE METHODS ======================
+
+      REMOTE_ATTRIBUTES = [
+        :id, :email, :first_name, :last_name,
+        :profile_picture_url
+      ]
+      REMOTE_ATTRIBUTES.each(&method(:attr_accessor))
+
+      attr_reader :persisted
+      alias_method :persisted?, :persisted
+
+      # ====================
+      # Various class methods accessible on instances
+      def query(*a)
+        self.class.query(*a)
+      end
+      def raw_query(*a)
+        self.class.raw_query(*a)
+      end
+      def force_query(*a)
+        self.class.force_query(*a)
+      end
+      def logger
+        self.class.logger
+      end
+      # ====================
+
+      def initialize(attributes = {})
+        update_attributes(attributes)
+      end
+
+      def update_attributes(attributes={})
+        return if attributes.blank?
+        attributes = attributes.with_indifferent_access
+
+        REMOTE_ATTRIBUTES.each do |attr|
+          instance_variable_set("@#{attr}", attributes[attr])
+        end
+      end
+
+      def to_json
+        {
+          id:         @id,
+          email:      @email,
+          first_name: @first_name,
+          last_name:  @last_name
+        }
+          .to_json
+      end
+
+      def reload
+        json = validate_response query "get #{id}"
+
+        update_attributes(JSON.parse(json))
+        @persisted = true
+        self
+      end
+
+      def full_name
+        "#{@first_name} #{@last_name}"
+      end
+    end
+  end
+end

data/lib/softwear/lib.rb

@@ -2,6 +2,11 @@ require "softwear/lib/version"
 require "softwear/lib/spec"
 require "softwear/lib/api_controller"
 
+require "softwear/lib/controller_authentication"
+require "softwear/auth/helper"
+require "softwear/auth/model"
+require "softwear/auth/belongs_to_user"
+
 module Softwear
   module Lib
     GEMFILE_OPENER = "# === BEGIN SOFTWEAR LIB GEMS === #"

data/lib/softwear/lib/authentication.rb

@@ -0,0 +1,103 @@
+module Softwear
+  module Lib
+    module ControllerAuthentication
+      extend ActiveSupport::Concern
+
+      class NotSignedInError < StandardError
+      end
+
+      included do
+        rescue_from NotSignedInError, with: :user_not_signed_in
+        rescue_from Softwear::Auth::Model::AuthServerDown, with: :auth_server_down
+
+        helper_method :current_user
+        helper_method :user_signed_in?
+
+        helper_method :destroy_user_session_path
+        helper_method :users_path
+        helper_method :user_path
+        helper_method :edit_user_path
+      end
+
+      def user_class
+        if Softwear::Auth::Model.descendants.size > 1
+          raise "More than one descendent of Softwear::Auth::Model is not supported."
+        elsif Softwear::Auth::Model.descendants.size == 0
+          raise "Please define a user model that extends Softwear::Auth::Model."
+        end
+        Softwear::Auth::Model.descendants.first
+      end
+
+      # ====================
+      # Action called when a NotSignedInError is raised.
+      # ====================
+      def user_not_signed_in
+        redirect_to Figaro.env.softwear_hub_url + "/users/sign_in?#{{return_to: request.original_url}.to_param}"
+      end
+
+      # ====================
+      # Action called when a NotSignedInError is raised.
+      # ====================
+      def auth_server_down(error)
+        respond_to do |format|
+          format.html do
+            render inline: \
+              "<h1>#{error.message}</h1><div>Not all site functions will work until the problem is resolved. "\
+              "<a href='javascripr' onclick='history.go(-1);return false;' class='btn btn-default'>Go back.</a></div>"
+          end
+
+          format.js do
+            render inline: "alert(\"#{error.message.gsub('"', '\"')}\");"
+          end
+        end
+      end
+
+      # ====================
+      # Drop this into a before_filter to require a user be signed in on every request -
+      # just like in Devise.
+      # ====================
+      def authenticate_user!
+        token = session[:user_token]
+
+        if token.blank?
+          raise NotSignedInError, "No token"
+        end
+
+        if user = user_class.auth(token)
+          @current_user = user
+        else
+          session[:user_token] = nil
+          raise NotSignedInError, "Invalid token"
+        end
+      end
+
+      def current_user
+        @current_user
+      end
+
+      def user_signed_in?
+        !@current_user.nil?
+      end
+
+      # -- url uelpers --
+
+      def destroy_user_session_path
+        Figaro.env.softwear_hub_url + "/users/sign_out"
+      end
+
+      def user_path(user)
+        user_id = user.is_a?(user_class) ? user.id : user
+        Figaro.env.softwear_hub_url + "/users/#{user_id}"
+      end
+
+      def edit_user_path(user)
+        user_id = user.is_a?(user_class) ? user.id : user
+        Figaro.env.softwear_hub_url + "/users/#{user_id}/edit"
+      end
+
+      def users_path
+        Figaro.env.softwear_hub_url + "/users"
+      end
+    end
+  end
+end

data/lib/softwear/lib/controller_authentication.rb

@@ -0,0 +1,103 @@
+module Softwear
+  module Lib
+    module ControllerAuthentication
+      extend ActiveSupport::Concern
+
+      class NotSignedInError < StandardError
+      end
+
+      included do
+        rescue_from NotSignedInError, with: :user_not_signed_in
+        rescue_from Softwear::Auth::Model::AuthServerDown, with: :auth_server_down
+
+        helper_method :current_user
+        helper_method :user_signed_in?
+
+        helper_method :destroy_user_session_path
+        helper_method :users_path
+        helper_method :user_path
+        helper_method :edit_user_path
+      end
+
+      def user_class
+        if Softwear::Auth::Model.descendants.size > 1
+          raise "More than one descendent of Softwear::Auth::Model is not supported."
+        elsif Softwear::Auth::Model.descendants.size == 0
+          raise "Please define a user model that extends Softwear::Auth::Model."
+        end
+        Softwear::Auth::Model.descendants.first
+      end
+
+      # ====================
+      # Action called when a NotSignedInError is raised.
+      # ====================
+      def user_not_signed_in
+        redirect_to Figaro.env.softwear_hub_url + "/users/sign_in?#{{return_to: request.original_url}.to_param}"
+      end
+
+      # ====================
+      # Action called when a NotSignedInError is raised.
+      # ====================
+      def auth_server_down(error)
+        respond_to do |format|
+          format.html do
+            render inline: \
+              "<h1>#{error.message}</h1><div>Not all site functions will work until the problem is resolved. "\
+              "<a href='javascripr' onclick='history.go(-1);return false;' class='btn btn-default'>Go back.</a></div>"
+          end
+
+          format.js do
+            render inline: "alert(\"#{error.message.gsub('"', '\"')}\");"
+          end
+        end
+      end
+
+      # ====================
+      # Drop this into a before_filter to require a user be signed in on every request -
+      # just like in Devise.
+      # ====================
+      def authenticate_user!
+        token = session[:user_token]
+
+        if token.blank?
+          raise NotSignedInError, "No token"
+        end
+
+        if user = user_class.auth(token)
+          @current_user = user
+        else
+          session[:user_token] = nil
+          raise NotSignedInError, "Invalid token"
+        end
+      end
+
+      def current_user
+        @current_user
+      end
+
+      def user_signed_in?
+        !@current_user.nil?
+      end
+
+      # -- url uelpers --
+
+      def destroy_user_session_path
+        Figaro.env.softwear_hub_url + "/users/sign_out"
+      end
+
+      def user_path(user)
+        user_id = user.is_a?(user_class) ? user.id : user
+        Figaro.env.softwear_hub_url + "/users/#{user_id}"
+      end
+
+      def edit_user_path(user)
+        user_id = user.is_a?(user_class) ? user.id : user
+        Figaro.env.softwear_hub_url + "/users/#{user_id}/edit"
+      end
+
+      def users_path
+        Figaro.env.softwear_hub_url + "/users"
+      end
+    end
+  end
+end

data/lib/softwear/lib/version.rb

@@ -1,5 +1,5 @@
 module Softwear
   module Lib
-    VERSION = "1.4.3"
+    VERSION = "1.5.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: softwear-lib
 version: !ruby/object:Gem::Version
-  version: 1.4.3
+  version: 1.5.0
 platform: ruby
 authors:
 - Nigel Baillie
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-15 00:00:00.000000000 Z
+date: 2016-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -83,8 +83,14 @@ files:
 - Rakefile
 - bin/softwear
 - bin/softwear-deploy
+- lib/softwear/auth/belongs_to_user.rb
+- lib/softwear/auth/controller.rb
+- lib/softwear/auth/helper.rb
+- lib/softwear/auth/model.rb
 - lib/softwear/lib.rb
 - lib/softwear/lib/api_controller.rb
+- lib/softwear/lib/authentication.rb
+- lib/softwear/lib/controller_authentication.rb
 - lib/softwear/lib/spec.rb
 - lib/softwear/lib/version.rb
 - softwear-lib.gemspec