spree_cm_commissioner 2.9.1.pre.pre2 → 2.9.1.pre.pre3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 44f0714e8ec1fab5074038112f26db55308feffc75b103ccda9e9d5d5d38409a
4
- data.tar.gz: 7f963001ae3a8de9f3f829d03eb83f6a2d310cf5a28ddafc477473e1b2fa9678
3
+ metadata.gz: 84c27f4187a23acbe9422e5b33cba6cca077dee5fe7a5e879acd3a5d06ee20c9
4
+ data.tar.gz: e46311b9f88d5a32ddb2272506e99dc1aee786acf800163a833134d942705bc1
5
5
  SHA512:
6
- metadata.gz: 2afbdbb418fbdca1c4ebfb9c6327a5fb0394663b87881e3ce56950c1aca7e4a1467708c6249ad2bab098564349d432187866966b6704e662ca87b34966466760
7
- data.tar.gz: 569d3213e604558bf4d17134aa51fd8cb2e854780f141187a6bff0af167070fe4c53b5f9eda404f4c38c47659aa79fed702ad1f801dc61d9d62d9ceb775e4480
6
+ metadata.gz: f679ac4607b2c7a6b01d6151605cd7339ff57ad721bb18708cff888362b4c19bb9b7f9847016b3e1f93fd0ce31a74635eb6635de83f6764b89873fc44aeb8d2e
7
+ data.tar.gz: 0705c2ddb0b22a1bd2581645cfe18f2488b7aaf827ba90873130c782ac253fd95a50aa9795f982b863fc401744eb8654bc4c225caebec1af08965bab8144c72f
data/Gemfile.lock CHANGED
@@ -34,7 +34,7 @@ GIT
34
34
  PATH
35
35
  remote: .
36
36
  specs:
37
- spree_cm_commissioner (2.9.1.pre.pre2)
37
+ spree_cm_commissioner (2.9.1.pre.pre3)
38
38
  activerecord-multi-tenant
39
39
  activerecord_json_validator (~> 2.1, >= 2.1.3)
40
40
  aws-sdk-cloudfront
@@ -15,8 +15,7 @@ module Spree
15
15
  context = SpreeCmCommissioner::AccountLinkage.call(
16
16
  user: spree_current_user,
17
17
  id_token: params[:id_token],
18
- fb_access_token: params[:fb_access_token],
19
- fb_jwt: params[:fb_jwt]
18
+ fb_access_token: params[:fb_access_token]
20
19
  )
21
20
 
22
21
  if context.success?
@@ -7,9 +7,22 @@ module SpreeCmCommissioner
7
7
  base.include SpreeCmCommissioner::OrderConcern
8
8
  base.include SpreeCmCommissioner::TurnstileProtectable
9
9
 
10
- base.before_action -> { verify_turnstile! }, only: %i[advance create_payment]
10
+ base.before_action :set_load_test_bypass_current
11
+ base.before_action -> { verify_turnstile! }, only: %i[create_payment]
11
12
  end
12
13
 
14
+ private
15
+
16
+ def set_load_test_bypass_current
17
+ key = ENV.fetch('LOAD_TEST_BYPASS_KEY', nil)
18
+ return if key.blank?
19
+
20
+ provided = request.headers.fetch('X-Request-Verify', nil).to_s
21
+ SpreeCmCommissioner::Current.load_test_bypass = ActiveSupport::SecurityUtils.secure_compare(provided, key)
22
+ end
23
+
24
+ public
25
+
13
26
  # Override Spree's default behavior:
14
27
  # By default, Spree raises an error if `complete` is called on a completed or confirmed order.
15
28
  # We want to allow this call to succeed, so the API can be used both to:
@@ -1,7 +1,7 @@
1
1
  module SpreeCmCommissioner
2
2
  class AccountLinkage
3
3
  include Interactor
4
- delegate :id_token, :fb_access_token, :fb_jwt, :user, to: :context
4
+ delegate :id_token, :fb_access_token, :user, to: :context
5
5
 
6
6
  # id_token:, user:
7
7
  def call
@@ -10,8 +10,6 @@ module SpreeCmCommissioner
10
10
  handle_id_token
11
11
  elsif fb_access_token.present?
12
12
  handle_fb_access_token
13
- elsif fb_jwt.present?
14
- handle_fb_jwt
15
13
  else
16
14
  context.fail!(message: 'missing_social_token')
17
15
  end
@@ -39,16 +37,6 @@ module SpreeCmCommissioner
39
37
  end
40
38
  end
41
39
 
42
- def handle_fb_jwt
43
- facebook_context = FetchFacebookUserDataFromJwt.call(fb_jwt: fb_jwt)
44
-
45
- if facebook_context.success?
46
- build_user_identify_provider(facebook_context.provider)
47
- else
48
- context.fail!(message: facebook_context.message)
49
- end
50
- end
51
-
52
40
  # {
53
41
  # provider_name: provider_name,
54
42
  # email: email,
@@ -5,7 +5,6 @@ module SpreeCmCommissioner
5
5
  # :fb_access_token, :tenant_id (optional)
6
6
  def call
7
7
  context.fail!(message: 'fb_access_token_missing') unless fb_access_token
8
- context.fail!(message: checker.message) if checker.failure?
9
8
 
10
9
  context.user = if checker.user.nil?
11
10
  register_user
@@ -0,0 +1,8 @@
1
+ module SpreeCmCommissioner
2
+ class Current < ActiveSupport::CurrentAttributes
3
+ # Set to true for the duration of a load-test request so that rate-limiting
4
+ # services deeper in the call chain (e.g. InventoryHolds::ValidateLimits) can
5
+ # skip their checks without needing the request object threaded through them.
6
+ attribute :load_test_bypass
7
+ end
8
+ end
@@ -3,15 +3,13 @@ module SpreeCmCommissioner
3
3
  params do
4
4
  optional(:id_token).maybe(:string)
5
5
  optional(:fb_access_token).maybe(:string)
6
- optional(:fb_jwt).maybe(:string)
7
6
  end
8
7
 
9
- rule(:id_token, :fb_access_token, :fb_jwt) do
8
+ rule(:id_token, :fb_access_token) do
10
9
  idt = values[:id_token]
11
10
  fbt = values[:fb_access_token]
12
- fbj = values[:fb_jwt]
13
11
 
14
- key(:base).failure('id_token_or_fb_access_token_required') if blank_or_empty?(idt) && blank_or_empty?(fbt) && blank_or_empty?(fbj)
12
+ key(:base).failure('id_token_or_fb_access_token_required') if blank_or_empty?(idt) && blank_or_empty?(fbt)
15
13
  end
16
14
 
17
15
  private
@@ -15,7 +15,7 @@ module SpreeCmCommissioner
15
15
  # Validates all inventory hold limits for the given order
16
16
  def call(order:)
17
17
  validate_user_hold_limits!(order) if order.user.present?
18
- validate_ip_rate_limit!(order)
18
+ validate_ip_rate_limit!(order) unless SpreeCmCommissioner::Current.load_test_bypass
19
19
  validate_cooldown!(order)
20
20
 
21
21
  success(nil)
@@ -4,7 +4,6 @@ module SpreeCmCommissioner
4
4
  # :username, :password
5
5
  # :id_token
6
6
  # :fb_access_token
7
- # :fb_jwt
8
7
  # :telegram_init_data, :tg_bot
9
8
  # :session_id
10
9
 
@@ -43,9 +42,6 @@ module SpreeCmCommissioner
43
42
  when 'facebook_auth'
44
43
  options = { fb_access_token: params[:fb_access_token], tenant_id: tenant_id }
45
44
  SpreeCmCommissioner::UserFbTokenAuthenticator.call(options)
46
- when 'facebook_jwt_auth'
47
- options = { fb_jwt: params[:fb_jwt], tenant_id: tenant_id }
48
- SpreeCmCommissioner::UserFbJwtAuthenticator.call(options)
49
45
  when 'telegram_web_app_auth'
50
46
  options = { telegram_init_data: params[:telegram_init_data], telegram_bot_username: params[:tg_bot] }
51
47
  SpreeCmCommissioner::UserTelegramWebAppAuthenticator.call(options)
@@ -59,7 +55,6 @@ module SpreeCmCommissioner
59
55
  return 'login_auth' if params.key?(:username) && params.key?(:password)
60
56
  return 'social_auth' if params.key?(:id_token)
61
57
  return 'facebook_auth' if params.key?(:fb_access_token)
62
- return 'facebook_jwt_auth' if params.key?(:fb_jwt)
63
58
  return 'telegram_web_app_auth' if params.key?(:telegram_init_data) && params.key?(:tg_bot)
64
59
  return 'vattanac_bank_web_app_auth' if params.key?(:session_id)
65
60
 
@@ -1,5 +1,5 @@
1
1
  module SpreeCmCommissioner
2
- VERSION = '2.9.1.pre.pre2'.freeze
2
+ VERSION = '2.9.1.pre.pre3'.freeze
3
3
 
4
4
  module_function
5
5
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_cm_commissioner
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.9.1.pre.pre2
4
+ version: 2.9.1.pre.pre3
5
5
  platform: ruby
6
6
  authors:
7
7
  - You
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2026-07-06 00:00:00.000000000 Z
11
+ date: 2026-07-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: spree
@@ -1243,7 +1243,6 @@ files:
1243
1243
  - app/interactors/spree_cm_commissioner/event_qr_generator.rb
1244
1244
  - app/interactors/spree_cm_commissioner/existing_account_checker.rb
1245
1245
  - app/interactors/spree_cm_commissioner/fetch_facebook_user_data.rb
1246
- - app/interactors/spree_cm_commissioner/fetch_facebook_user_data_from_jwt.rb
1247
1246
  - app/interactors/spree_cm_commissioner/firebase_email_fetcher.rb
1248
1247
  - app/interactors/spree_cm_commissioner/firebase_email_fetcher_cron_executor.rb
1249
1248
  - app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb
@@ -1320,8 +1319,6 @@ files:
1320
1319
  - app/interactors/spree_cm_commissioner/user_contact_updater.rb
1321
1320
  - app/interactors/spree_cm_commissioner/user_device_token_deregister.rb
1322
1321
  - app/interactors/spree_cm_commissioner/user_device_token_register.rb
1323
- - app/interactors/spree_cm_commissioner/user_fb_jwt_authenticator.rb
1324
- - app/interactors/spree_cm_commissioner/user_fb_jwt_checker.rb
1325
1322
  - app/interactors/spree_cm_commissioner/user_fb_token_authenticator.rb
1326
1323
  - app/interactors/spree_cm_commissioner/user_fb_token_checker.rb
1327
1324
  - app/interactors/spree_cm_commissioner/user_forgotten_password_updater.rb
@@ -1515,6 +1512,7 @@ files:
1515
1512
  - app/models/spree_cm_commissioner/configuration.rb
1516
1513
  - app/models/spree_cm_commissioner/crew_invite.rb
1517
1514
  - app/models/spree_cm_commissioner/crew_invite_link.rb
1515
+ - app/models/spree_cm_commissioner/current.rb
1518
1516
  - app/models/spree_cm_commissioner/customer.rb
1519
1517
  - app/models/spree_cm_commissioner/customer_notification.rb
1520
1518
  - app/models/spree_cm_commissioner/customer_promotion_rule.rb
@@ -1,90 +0,0 @@
1
- module SpreeCmCommissioner
2
- class FetchFacebookUserDataFromJwt < BaseInteractor
3
- JWKS_URL = 'https://limited.facebook.com/.well-known/oauth/openid/jwks/'.freeze
4
- EXPECTED_ISSUER = 'https://www.facebook.com'.freeze
5
-
6
- delegate :fb_jwt, to: :context
7
-
8
- def call
9
- context.fail!(message: 'fb_jwt_missing') if fb_jwt.blank?
10
-
11
- claim = decode_jwt
12
-
13
- context.provider = {
14
- identity_type: SpreeCmCommissioner::UserIdentityProvider.identity_types[:facebook],
15
- sub: claim['sub'],
16
- name: claim['name'],
17
- email: nil, # Facebook Limited Login JWT does not include email
18
- first_name: claim['given_name'],
19
- last_name: claim['family_name'],
20
- picture: claim['picture']
21
- }
22
- end
23
-
24
- private
25
-
26
- def decode_jwt
27
- result = JWT.decode(fb_jwt, nil, true, algorithms: ['RS256']) do |header|
28
- kid = header['kid']
29
- jwk_data = find_jwk(fetch_jwks, kid) || find_jwk(refresh_jwks, kid)
30
- context.fail!(message: 'invalid_facebook_jwt_kid') unless jwk_data
31
- public_key_from_jwk(jwk_data)
32
- end
33
-
34
- claim = result[0]
35
- context.fail!(message: 'invalid_facebook_issuer') if claim['iss'] != EXPECTED_ISSUER
36
- claim
37
- rescue JWT::ExpiredSignature
38
- context.fail!(message: 'fb_jwt_expired')
39
- rescue JWT::DecodeError => e
40
- context.fail!(message: e.message)
41
- end
42
-
43
- def find_jwk(jwks, kid)
44
- jwks['keys'].find { |k| k['kid'] == kid }
45
- end
46
-
47
- def public_key_from_jwk(jwk_data)
48
- n = OpenSSL::BN.new(Base64.urlsafe_decode64(jwk_data['n']), 2)
49
- e = OpenSSL::BN.new(Base64.urlsafe_decode64(jwk_data['e']), 2)
50
-
51
- pkcs1 = OpenSSL::ASN1::Sequence([
52
- OpenSSL::ASN1::Integer(n),
53
- OpenSSL::ASN1::Integer(e)
54
- ]
55
- )
56
-
57
- spki = OpenSSL::ASN1::Sequence([
58
- OpenSSL::ASN1::Sequence([
59
- OpenSSL::ASN1::ObjectId('rsaEncryption'),
60
- OpenSSL::ASN1::Null(nil)
61
- ]
62
- ),
63
- OpenSSL::ASN1::BitString(pkcs1.to_der)
64
- ]
65
- )
66
-
67
- OpenSSL::PKey::RSA.new(spki.to_der)
68
- end
69
-
70
- def refresh_jwks
71
- Rails.cache.delete('facebook-limited-jwks')
72
- fetch_jwks
73
- end
74
-
75
- def fetch_jwks
76
- Rails.cache.fetch('facebook-limited-jwks', expires_in: 1.hour) do
77
- url = URI(JWKS_URL)
78
- http = Net::HTTP.new(url.host, url.port)
79
- http.use_ssl = true
80
- http.open_timeout = 5
81
- http.read_timeout = 10
82
- response = http.get(url.request_uri)
83
- JSON.parse(response.body)
84
- end
85
- rescue StandardError => e
86
- CmAppLogger.error("Facebook JWKS fetch error: #{e.message}")
87
- context.fail!(message: 'facebook_jwks_fetch_error')
88
- end
89
- end
90
- end
@@ -1,37 +0,0 @@
1
- module SpreeCmCommissioner
2
- class UserFbJwtAuthenticator < BaseInteractor
3
- delegate :fb_jwt, :tenant_id, to: :context
4
-
5
- # :fb_jwt, :tenant_id (optional)
6
- def call
7
- context.fail!(message: 'fb_jwt_missing') unless fb_jwt
8
- context.fail!(message: checker.message) if checker.failure?
9
-
10
- context.user = if checker.user.nil?
11
- register_user
12
- else
13
- checker.user
14
- end
15
-
16
- context.fail!(message: 'account_temporarily_deleted') if context.user.soft_deleted?
17
- end
18
-
19
- private
20
-
21
- def checker
22
- @checker ||= SpreeCmCommissioner::UserFbJwtChecker.call(
23
- fb_jwt: fb_jwt,
24
- tenant_id: tenant_id
25
- )
26
- end
27
-
28
- def register_user
29
- register_context = SpreeCmCommissioner::UserRegistrationWithFbToken.call(
30
- provider: checker.provider,
31
- tenant_id: tenant_id
32
- )
33
-
34
- register_context.user
35
- end
36
- end
37
- end
@@ -1,20 +0,0 @@
1
- module SpreeCmCommissioner
2
- class UserFbJwtChecker < BaseInteractor
3
- delegate :tenant_id, :fb_jwt, to: :context
4
-
5
- def call
6
- fb_data = SpreeCmCommissioner::FetchFacebookUserDataFromJwt.call(fb_jwt: fb_jwt)
7
- context.fail!(message: fb_data.message) if fb_data.failure?
8
-
9
- context.provider = fb_data.provider
10
-
11
- identity_checker = SpreeCmCommissioner::UserIdentityChecker.call(
12
- identity_type: context.provider[:identity_type],
13
- sub: context.provider[:sub],
14
- tenant_id: tenant_id
15
- )
16
-
17
- context.user = identity_checker.success? ? identity_checker.user : nil
18
- end
19
- end
20
- end