solidus_jwt 0.1.0 → 1.2.0

data/lib/solidus_jwt/devise_strategies/refresh_token.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module SolidusJwt
+  module DeviseStrategies
+    class RefreshToken < Base
+      def authenticate!
+        return fail!(:invalid) if resource.nil? || resource.user.nil?
+
+        block = proc do
+          # If we honor then mark the refresh token as stale for one time use
+          # rubocop:disable Rails/SkipsModelValidations
+          resource.honor? && resource.update_columns(active: false)
+          # rubocop:enable Rails/SkipsModelValidations
+        end
+
+        if resource.user.valid_for_authentication?(&block)
+          return success!(resource.user)
+        end
+
+        fail!(:invalid)
+      end
+
+      private
+
+      def resource
+        @resource ||= SolidusJwt::Token.find_by(auth_hash)
+      end
+
+      def auth_hash
+        { auth_type: :refresh, token: refresh_token }
+      end
+
+      def refresh_token
+        params[:refresh_token]
+      end
+
+      def valid_grant_type?
+        grant_type == 'refresh_token'
+      end
+
+      def valid_params?
+        refresh_token.present?
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:solidus_jwt_refresh_token, SolidusJwt::DeviseStrategies::RefreshToken)

data/lib/solidus_jwt/distributor/devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SolidusJwt
   module Distributor
     module Devise
@@ -5,7 +7,7 @@ module SolidusJwt
         # Send back json web token in redirect header
         if try_spree_current_user
           response.headers['X-SPREE-TOKEN'] = try_spree_current_user.
-            generate_jwt_token(expires_in: SolidusJwt::Config.jwt_expiration)
+                                              generate_jwt_token(expires_in: SolidusJwt::Config.jwt_expiration)
         end
 
         super

data/lib/solidus_jwt/engine.rb

@@ -1,22 +1,18 @@
+# frozen_string_literal: true
+
+require 'spree/core'
+
 module SolidusJwt
   class Engine < Rails::Engine
-    require 'spree/core'
-    isolate_namespace Spree
+    include SolidusSupport::EngineExtensions
+
+    isolate_namespace ::Spree
+
     engine_name 'solidus_jwt'
 
     # use rspec for tests
     config.generators do |g|
       g.test_framework :rspec
     end
-
-    def self.activate
-      decorator_pattern = File.join(__dir__, '../../app/**/*_decorator*.rb')
-
-      Dir.glob(decorator_pattern) do |c|
-        Rails.configuration.cache_classes ? require(c) : load(c)
-      end
-    end
-
-    config.to_prepare(&method(:activate).to_proc)
   end
 end

data/lib/solidus_jwt/factories.rb

@@ -1,6 +1,19 @@
+# frozen_string_literal: true
+
 FactoryBot.define do
   # Define your Spree extensions Factories within this file to enable applications, and other extensions to use and override them.
   #
   # Example adding this to your spec_helper will load these Factories for use:
   # require 'solidus_jwt/factories'
+  factory :token, class: SolidusJwt::Token do
+    association :user
+
+    trait :expired do
+      created_at { 1.year.ago }
+    end
+
+    trait :inactive do
+      active { false }
+    end
+  end
 end

data/lib/solidus_jwt/preferences.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spree/preferences/configuration'
 
 module SolidusJwt
@@ -34,6 +36,12 @@ module SolidusJwt
     #
     preference :jwt_options, :hash, default: { only: %i[email first_name id last_name] }
 
+    # @!attribute [rw] refresh_expriation
+    #   @return [String] How long until the refresh token expires in seconds
+    #   (default: +2592000+)
+    #
+    preference :refresh_expiration, :integer, default: 2_592_000
+
     ##
     # Get the secret token to encrypt json web tokens with.
     # @return [String] The secret used to encrypt json web tokens

data/lib/solidus_jwt/version.rb

@@ -1,11 +1,5 @@
-module SolidusJwt
-  MAJOR = 0
-  MINOR = 1
-  PATCH = 0
-  PRERELEASE = nil
+# frozen_string_literal: true
 
-  def self.version
-    version = [MAJOR, MINOR, PATCH].join('.')
-    [version, PRERELEASE].compact.join('.')
-  end
+module SolidusJwt
+  VERSION = '1.2.0'
 end

data/solidus_jwt.gemspec

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require_relative 'lib/solidus_jwt/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'solidus_jwt'
+  s.version     = SolidusJwt::VERSION
+  s.summary     = 'Add Json Web Tokens to Solidus API'
+  s.description = 'Add Json Web Tokens to Solidus API'
+  s.license     = 'BSD-3-Clause'
+
+  s.author    = 'Taylor Scott'
+  s.email     = 't.skukx@gmail.com'
+  s.homepage  = 'https://github.com/skukx/solidus_jwt'
+
+  s.metadata['homepage_uri'] = s.homepage
+  s.metadata['source_code_uri'] = s.homepage
+
+  s.required_ruby_version = Gem::Requirement.new('~> 2.4')
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  files = Dir.chdir(__dir__) { `git ls-files -z`.split("\x0") }
+
+  s.files = files.grep_v(%r{^(test|spec|features)/})
+  s.test_files = files.grep(%r{^(test|spec|features)/})
+  s.bindir = "exe"
+  s.executables = files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency 'jwt'
+  s.add_dependency 'solidus_auth_devise'
+  s.add_dependency 'solidus_core', ['>= 2.0.0', '< 3']
+  s.add_dependency 'solidus_support', '~> 0.5.0'
+
+  s.add_development_dependency 'byebug'
+  s.add_development_dependency 'solidus_dev_support'
+end

data/spec/lib/solidus_jwt/config_spec.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusJwt::Config do
+  it { is_expected.to be_kind_of SolidusJwt::Preferences }
+end

data/spec/lib/solidus_jwt/devise_strategies/password_spec.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'spree/testing_support/factories/user_factory'
+
+RSpec.describe SolidusJwt::DeviseStrategies::Password do
+  let(:request) { instance_double('ActionController::Request') }
+  let(:strategy) { described_class.new(nil, :spree_user) }
+
+  let(:params) do
+    {
+      username: user.email,
+      password: password,
+      grant_type: 'password'
+    }
+  end
+
+  let(:headers) { {} }
+  let(:user) { FactoryBot.create(:user, password: password) }
+  let(:password) { 'secret' }
+
+  before do
+    allow(request).to receive(:headers).and_return(:headers)
+
+    allow(strategy).to receive(:request).and_return(request)
+    allow(strategy).to receive(:params).and_return(params)
+  end
+
+  describe '#valid?' do
+    subject { strategy.valid? }
+
+    it { is_expected.to be true }
+
+    context 'when username is missing' do
+      before { params.delete(:username) }
+
+      it { is_expected.to be false }
+    end
+
+    context 'when password is missing' do
+      before { params.delete(:password) }
+
+      it { is_expected.to be false }
+    end
+
+    context 'when grant_type is not password' do
+      before { params[:grant_type] = 'invalid' }
+
+      it { is_expected.to be false }
+    end
+  end
+
+  describe '#authenticate!' do
+    subject { strategy.authenticate! }
+
+    it { is_expected.to be :success }
+
+    context 'when auth is invalid' do
+      let(:params) do
+        {
+          username: user.email,
+          password: 'invalid',
+          grant_type: password
+        }
+      end
+
+      it { is_expected.to be :failure }
+    end
+
+    context 'when user is not valid for authentication' do
+      before do
+        allow_any_instance_of(Spree::User).to receive(:valid_for_authentication?).and_return(false) # rubocop:disable RSpec/AnyInstance
+      end
+
+      it { is_expected.to be :failure }
+    end
+  end
+end

data/spec/lib/solidus_jwt/devise_strategies/refresh_token_spec.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'spree/testing_support/factories/user_factory'
+
+RSpec.describe SolidusJwt::DeviseStrategies::RefreshToken do
+  let(:request) { instance_double('ActionController::Request') }
+  let(:strategy) { described_class.new(nil, :spree_user) }
+
+  let(:params) do
+    {
+      refresh_token: token.token,
+      grant_type: 'refresh_token'
+    }
+  end
+
+  let(:headers) { {} }
+  let(:user) { FactoryBot.create(:user, password: password) }
+  let(:password) { 'secret' }
+  let(:token) { user.auth_tokens.create! }
+
+  before do
+    allow(request).to receive(:headers).and_return(:headers)
+
+    allow(strategy).to receive(:request).and_return(request)
+    allow(strategy).to receive(:params).and_return(params)
+  end
+
+  describe '#valid?' do
+    subject { strategy.valid? }
+
+    it { is_expected.to be true }
+
+    context 'when refresh_token is missing' do
+      before { params.delete(:refresh_token) }
+
+      it { is_expected.to be false }
+    end
+
+    context 'when grant_type is not refresh_token' do
+      before { params[:grant_type] = 'invalid' }
+
+      it { is_expected.to be false }
+    end
+  end
+
+  describe '#authenticate!' do
+    subject { strategy.authenticate! }
+
+    it { is_expected.to be :success }
+
+    context 'when token is not honorable' do
+      before do
+        allow_any_instance_of(SolidusJwt::Token).to receive(:honor?).and_return false # rubocop:disable RSpec/AnyInstance
+      end
+
+      it { is_expected.to be :failure }
+    end
+
+    context 'when user is not valid for authentication' do
+      before do
+        allow_any_instance_of(Spree::User).to receive(:valid_for_authentication?).and_return(false) # rubocop:disable RSpec/AnyInstance
+      end
+
+      it { is_expected.to be :failure }
+    end
+
+    context 'when token is used more than once' do
+      before { strategy.authenticate! }
+
+      it { is_expected.to be :failure }
+    end
+  end
+end

data/spec/lib/solidus_jwt/preferences_spec.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusJwt::Preferences do
+  let(:instance) { described_class.new }
+
+  it { is_expected.to be_kind_of(Spree::Preferences::Configuration) }
+
+  describe '#jwt_secret' do
+    subject { instance.jwt_secret }
+
+    it { is_expected.to eql Rails.application.secret_key_base }
+  end
+
+  describe '#allow_spree_api_key' do
+    subject { instance.allow_spree_api_key }
+
+    it { is_expected.to be true }
+  end
+
+  describe '#jwt_algorithm' do
+    subject { instance.jwt_algorithm }
+
+    it { is_expected.to eql 'HS256' }
+  end
+
+  describe '#jwt_expiration' do
+    subject { instance.jwt_expiration }
+
+    it { is_expected.to be 3600 }
+  end
+
+  describe '#jwt_options' do
+    subject { instance.jwt_options }
+
+    it { is_expected.to be_kind_of Hash }
+  end
+end

data/spec/lib/solidus_jwt_spec.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusJwt do
+  include_examples 'Decodeable Examples'
+  include_examples 'Encodeable Examples'
+end

data/spec/models/solidus_jwt/token_spec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SolidusJwt::Token, type: :model do
+  subject { instance }
+
+  let(:instance) { FactoryBot.create(:token) }
+
+  it { is_expected.to be_valid }
+  it { is_expected.to be_active }
+  it { is_expected.not_to be_expired }
+
+  context 'when token is nil' do
+    let(:instance) { FactoryBot.build(:token, token: nil) }
+
+    it 'generates one automatically' do
+      expect(instance.token).to be_nil
+      instance.save
+      expect(instance.token).to be_present
+    end
+  end
+
+  describe '.honor?' do
+    subject { described_class.honor?(token) }
+
+    let(:token) { instance.token }
+
+    it { is_expected.to be true }
+
+    context 'when token is inactive' do
+      let(:instance) { FactoryBot.create(:token, :inactive) }
+
+      it { is_expected.to be false }
+    end
+
+    context 'when token is expired' do
+      let(:instance) { FactoryBot.create(:token, :expired) }
+
+      it { is_expected.to be false }
+    end
+  end
+end