solidus_jwt 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 56581878cbe327640f9c05d72e030cbeeb0fc4c5c70d6d5d5d0a78a82fad388b
-  data.tar.gz: fd8f5ca391a04a4cc5ab3cd53f1b626533fe3e040b238cd2a8c5fb25372874fa
+  metadata.gz: 0f3f9ec2c12488185b2ee9bff66409693f0d92ab52bde2adb67cc47df182a82a
+  data.tar.gz: a77951e23f7d2352c5a2dde5a2742997f38bfb8e07ac31f1ae4f8be7b6bfc12c
 SHA512:
-  metadata.gz: 64a7e377baa923773260008a9940f6fb87239849ad0271dddab69479c74cf991b78f02c775362501dc1aefef4daca52aa01697db7b1ce5583d18fc0a074709f9
-  data.tar.gz: 8c8dac8527c305d66d52cff3bad1bc6875746f5297493213d3db68f4ce72bcfa5b9ed6f8e95e7c5b787e402317d8cee1486ad78981b4e5768b156da9b816a1c7
+  metadata.gz: '058c6e5d8bcc54fa1b623b68ab46848f9e9ffb6feee2e97f048c1047ed6a5c11ce78990aef67b6432d051471e718c09ef00b30717b0419edd88d95cbf0ca8412'
+  data.tar.gz: 95993510aecd67280bc85dc283798edae88d9c8388c1997190f8420d2ea4351d6e88273d7f5236449df52ff035e276725c924a5a835144c10dc458146bbe6bb3

data/.circleci/config.yml

@@ -0,0 +1,35 @@
+version: 2.1
+
+orbs:
+  # Always take the latest version of the orb, this allows us to
+  # run specs against Solidus supported versions only without the need
+  # to change this configuration every time a Solidus version is released
+  # or goes EOL.
+  solidusio_extensions: solidusio/extensions@volatile
+
+jobs:
+  run-specs-with-postgres:
+    executor: solidusio_extensions/postgres
+    steps:
+      - solidusio_extensions/run-tests
+  run-specs-with-mysql:
+    executor: solidusio_extensions/mysql
+    steps:
+      - solidusio_extensions/run-tests
+
+workflows:
+  "Run specs on supported Solidus versions":
+    jobs:
+      - run-specs-with-postgres
+      - run-specs-with-mysql
+  "Weekly run specs against master":
+    triggers:
+      - schedule:
+          cron: "0 0 * * 4" # every Thursday
+          filters:
+            branches:
+              only:
+                - master
+    jobs:
+      - run-specs-with-postgres
+      - run-specs-with-mysql

data/.gem_release.yml

@@ -0,0 +1,5 @@
+bump:
+  recurse: false
+  file: 'lib/solidus_jwt/version.rb'
+  message: Bump SolidusJwt to %{version}
+  branch: true

data/.github/CODEOWNERS

@@ -0,0 +1,4 @@
+##
+# Default Code Owner
+##
+* @skukx

data/.github/stale.yml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+\#*
+*~
+.#*
+.DS_Store
+.idea
+.project
+.sass-cache
+coverage
+Gemfile.lock
+tmp
+nbproject
+pkg
+*.swp
+spec/dummy
+spec/examples.txt
+
+sandbox/
+.byebug_history

data/.rspec

@@ -0,0 +1 @@
+--color

data/.rubocop.yml

@@ -0,0 +1,33 @@
+require:
+  - solidus_dev_support/rubocop
+
+AllCops:
+  Exclude:
+    - sandbox/**/*
+    - spec/dummy/**/*
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Naming/PredicateName:
+  Exclude:
+    - app/decorators/solidus_kits/spree/stock/availability_validator_decorator.rb
+
+Metrics/LineLength:
+  Enabled: false
+
+Rails/SkipsModelValidations:
+  Exclude:
+    - 'spec/**/*'
+
+RSpec/BeforeAfterAll:
+  Enabled: false
+
+RSpec/ContextWording:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/NestedGroups:
+  Enabled: false

data/.ruby-gemset

@@ -0,0 +1 @@
+solidus_jwt

data/.ruby-version

@@ -0,0 +1 @@
+2.6.5

data/Gemfile

@@ -0,0 +1,31 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem 'solidus', github: 'solidusio/solidus', branch: branch
+
+# Needed to help Bundler figure out how to resolve dependencies,
+# otherwise it takes forever to resolve them.
+# See https://github.com/bundler/bundler/issues/6677
+gem 'rails', '>0.a'
+
+# Provides basic authentication functionality for testing parts of your engine
+gem 'solidus_auth_devise'
+
+case ENV['DB']
+when 'mysql'
+  gem 'mysql2'
+when 'postgresql'
+  gem 'pg'
+else
+  gem 'sqlite3'
+end
+
+gemspec
+
+# Use a local Gemfile to include development dependencies that might not be
+# relevant for the project or for other contributors, e.g. pry-byebug.
+#
+# We use `send` instead of calling `eval_gemfile` to work around an issue with
+# how Dependabot parses projects: https://github.com/dependabot/dependabot-core/issues/1658.
+send(:eval_gemfile, 'Gemfile-local') if File.exist? 'Gemfile-local'

data/Rakefile

@@ -1,30 +1,6 @@
-require 'bundler'
+# frozen_string_literal: true
 
-Bundler::GemHelper.install_tasks
+require 'solidus_dev_support/rake_tasks'
+SolidusDevSupport::RakeTasks.install
 
-begin
-  require 'spree/testing_support/extension_rake'
-  require 'rubocop/rake_task'
-  require 'rspec/core/rake_task'
-
-  RSpec::Core::RakeTask.new(:spec)
-
-  RuboCop::RakeTask.new
-
-  task default: %i(first_run rubocop spec)
-rescue LoadError
-  # no rspec available
-end
-
-task :first_run do
-  if Dir['spec/dummy'].empty?
-    Rake::Task[:test_app].invoke
-    Dir.chdir('../../')
-  end
-end
-
-desc 'Generates a dummy app for testing'
-task :test_app do
-  ENV['LIB_NAME'] = 'solidus_jwt'
-  Rake::Task['extension:test_app'].invoke
-end
+task default: 'extension:specs'

data/_config.yml

@@ -0,0 +1 @@
+theme: jekyll-theme-cayman

data/app/controllers/spree/api/oauths_controller.rb

@@ -4,19 +4,26 @@ module Spree
       skip_before_action :authenticate_user
 
       def token
-        if user = try_authenticate_user
-          render_token_for(user)
+        result = catch(:warden) do
+          try_authenticate_user
+        end
+
+        case result
+        when Spree::User
+          render json: token_response_json(result)
+        when Hash
+          render status: :unauthorized, json: { error: I18n.t(result[:message], scope: 'devise.failure') }
         else
-          render status: 401, json: { error: 'invalid username or password' }
+          render status: :unauthorized, json: { error: I18n.t(:invalid_credentials, scope: 'solidus_jwt') }
         end
       end
 
       private
 
-      def render_token_for(user)
+      def token_response_json(user)
         expires_in = SolidusJwt::Config.jwt_expiration
 
-        render json: {
+        {
           token_type: 'bearer',
           access_token: user.generate_jwt(expires_in: expires_in),
           expires_in: expires_in,

data/app/decorators/solidus_jwt/spree/api/base_controller_decorator.rb

@@ -0,0 +1,39 @@
+module SolidusJwt
+  module Spree
+    module Api
+      module BaseControllerDecorator
+        def self.prepended(base)
+          base.rescue_from JWT::DecodeError do
+            render "spree/api/errors/invalid_api_key", status: :unauthorized
+          end
+        end
+
+        ##
+        # Overrides Solidus
+        # @see https://github.com/solidusio/solidus/blob/master/api/app/controllers/spree/api/base_controller.rb
+        #
+        def load_user
+          return super if json_web_token.blank?
+
+          # rubocop:disable Naming/MemoizedInstanceVariableName
+          @current_api_user ||= ::Spree.user_class.find_by(id: json_web_token['id'])
+          # rubocop:enable Naming/MemoizedInstanceVariableName
+        end
+
+        def json_web_token
+          @json_web_token ||= SolidusJwt.decode(api_key).first
+        rescue JWT::DecodeError
+          # Allow spree to try and authenticate if we still allow it. Otherwise
+          # raise an error
+          return if SolidusJwt::Config.allow_spree_api_key
+
+          raise
+        end
+
+        if SolidusSupport.api_available?
+          ::Spree::Api::BaseController.prepend self
+        end
+      end
+    end
+  end
+end

data/app/decorators/solidus_jwt/spree/user_decorator.rb

@@ -0,0 +1,36 @@
+module SolidusJwt
+  module Spree
+    module UserDecorator
+      def self.prepended(base)
+        base.has_many :auth_tokens, class_name: 'SolidusJwt::Token'
+      end
+
+      ##
+      # Generate a json web token
+      # @see https://github.com/jwt/ruby-jwt
+      # @return [String]
+      #
+      def generate_jwt(expires_in: nil)
+        SolidusJwt.encode(payload: as_jwt_payload, expires_in: expires_in)
+      end
+      alias generate_jwt_token generate_jwt
+
+      ##
+      # Serializes user attributes to hash and applies
+      # the sub jwt claim.
+      #
+      # @return [Hash] The payload for json web token
+      #
+      def as_jwt_payload
+        options = SolidusJwt::Config.jwt_options
+        claims = { sub: id }
+
+        as_json(options)
+          .merge(claims)
+          .as_json
+      end
+
+      ::Spree.user_class.prepend self
+    end
+  end
+end

data/app/models/solidus_jwt/base_record.rb

@@ -0,0 +1,11 @@
+module SolidusJwt
+  base_class = defined?(::ApplicationRecord) ? ::ApplicationRecord : ActiveRecord::Base
+
+  class BaseRecord < base_class
+    self.abstract_class = true
+
+    def self.table_name_prefix
+      'solidus_jwt_'
+    end
+  end
+end

data/app/models/solidus_jwt/token.rb

@@ -1,9 +1,11 @@
 module SolidusJwt
-  class Token < ApplicationRecord
+  class Token < BaseRecord
     attr_readonly :token
-    enum auth_type: %i[refresh_token access_token]
+    enum auth_type: { refresh_token: 0, access_token: 1 }
 
-    belongs_to :user, class_name: Spree::UserClassHandle.new
+    # rubocop:disable Rails/ReflectionClassName
+    belongs_to :user, class_name: ::Spree::UserClassHandle.new
+    # rubocop:enable Rails/ReflectionClassName
 
     scope :non_expired, -> {
       where(
@@ -12,7 +14,7 @@ module SolidusJwt
       )
     }
 
-    enum auth_type: %i[refresh access]
+    enum auth_type: { refresh: 0, access: 1 }
 
     validates :token, presence: true
 
@@ -24,9 +26,11 @@ module SolidusJwt
     # Set all  non expired refresh tokens to inactive
     #
     def self.invalidate(user)
+      # rubocop:disable Rails/SkipsModelValidations
       non_expired.
         where(user_id: user.to_param).
         update_all(active: false)
+      # rubocop:enable Rails/SkipsModelValidations
     end
 
     ##
@@ -37,10 +41,19 @@ module SolidusJwt
       non_expired.where(active: true).find_by(token: token).present?
     end
 
+    ##
+    # Whether the token should be honored.
+    # @return [Boolean] Will be true if the token is active and not expired.
+    #   Otherwise false.
     def honor?
       active? && !expired?
     end
 
+    ##
+    # Whether the token is expired
+    # @return [Boolean] If the token is older than the configured refresh
+    #   expiration amount then will be true. Otherwise false.
+    #
     def expired?
       created_at < SolidusJwt::Config.refresh_expiration.seconds.ago
     end

data/bin/console

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "solidus_jwt"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+$LOAD_PATH.unshift(*Dir["#{__dir__}/../app/*"])
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/rails

@@ -0,0 +1,18 @@
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+app_root = 'sandbox'
+
+unless File.exist? "#{app_root}/bin/rails"
+  warn 'Creating the sandbox app...'
+  Dir.chdir "#{__dir__}/.." do
+    system "#{__dir__}/sandbox" or begin # rubocop:disable Style/AndOr
+      warn 'Automatic creation of the sandbox app failed'
+      exit 1
+    end
+  end
+end
+
+Dir.chdir app_root
+exec 'bin/rails', *ARGV

data/bin/sandbox

@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+set -e
+
+case "$DB" in
+postgres|postgresql)
+  RAILSDB="postgresql"
+  ;;
+mysql)
+  RAILSDB="mysql"
+  ;;
+sqlite|'')
+  RAILSDB="sqlite3"
+  ;;
+*)
+  echo "Invalid DB specified: $DB"
+  exit 1
+  ;;
+esac
+
+if [ ! -z $SOLIDUS_BRANCH ]
+then
+  BRANCH=$SOLIDUS_BRANCH
+else
+  BRANCH="master"
+fi
+
+extension_name="solidus_jwt"
+
+# Stay away from the bundler env of the containing extension.
+function unbundled {
+  ruby -rbundler -e'b = proc {system *ARGV}; Bundler.respond_to?(:with_unbundled_env) ? Bundler.with_unbundled_env(&b) : Bundler.with_clean_env(&b)' -- $@
+}
+
+rm -rf ./sandbox
+unbundled bundle exec rails new sandbox --database="$RAILSDB" \
+  --skip-bundle \
+  --skip-git \
+  --skip-keeps \
+  --skip-rc \
+  --skip-spring \
+  --skip-test \
+  --skip-javascript
+
+if [ ! -d "sandbox" ]; then
+  echo 'sandbox rails application failed'
+  exit 1
+fi
+
+cd ./sandbox
+cat <<RUBY >> Gemfile
+gem 'solidus', github: 'solidusio/solidus', branch: '$BRANCH'
+gem 'solidus_auth_devise', '>= 2.1.0'
+gem 'rails-i18n'
+gem 'solidus_i18n'
+gem '$extension_name', path: '..'
+group :test, :development do
+  platforms :mri do
+    gem 'pry-byebug'
+  end
+end
+RUBY
+
+unbundled bundle install --gemfile Gemfile
+
+unbundled bundle exec rake db:drop db:create
+
+unbundled bundle exec rails generate spree:install \
+  --auto-accept \
+  --user_class=Spree::User \
+  --enforce_available_locales=true \
+  $@
+
+unbundled bundle exec rails generate solidus:auth:install
+
+echo
+echo "🚀 Sandbox app successfully created for $extension_name!"
+echo "🚀 Using $RAILSDB and Solidus $BRANCH"
+echo "🚀 Use 'export DB=[postgres|mysql|sqlite]' to control the DB adapter"
+echo "🚀 Use 'export SOLIDUS_BRANCH=<BRANCH-NAME>' to control the Solidus version"
+echo "🚀 This app is intended for test purposes."