stormpath-rails 1.1.2.beta → 2.0.0

data/app/controllers/stormpath/rails/forgot_password/create_controller.rb

@@ -0,0 +1,37 @@
+module Stormpath
+  module Rails
+    module ForgotPassword
+      class CreateController < Stormpath::Rails::BaseController
+        def call
+          begin
+            SendPasswordResetEmail.new(params[:email]).call
+            respond_with_success
+          rescue SendPasswordResetEmail::UnexistingEmailError
+            respond_with_success
+          rescue SendPasswordResetEmail::NoEmailError => error
+            respond_with_error(error)
+          end
+        end
+
+        private
+
+        def respond_with_success
+          respond_to do |format|
+            format.html { redirect_to stormpath_config.web.forgot_password.next_uri }
+            format.json { render nothing: true, status: 200 }
+          end
+        end
+
+        def respond_with_error(error)
+          respond_to do |format|
+            format.json { render json: { status: 400, message: error.message }, status: 400 }
+            format.html do
+              flash.now[:error] = error.message
+              render stormpath_config.web.forgot_password.view
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/forgot_password/new_controller.rb

@@ -0,0 +1,14 @@
+module Stormpath
+  module Rails
+    module ForgotPassword
+      class NewController < Stormpath::Rails::BaseController
+        def call
+          respond_to do |format|
+            format.json { render nothing: true, status: 404 }
+            format.html { render stormpath_config.web.forgot_password.view }
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/login/create_controller.rb

@@ -0,0 +1,60 @@
+module Stormpath
+  module Rails
+    module Login
+      class CreateController < BaseController
+        before_action :require_no_authentication!
+
+        def call
+          begin
+            form.save!
+            set_cookies
+            respond_with_success
+          rescue Stormpath::Error, LoginForm::FormError => error
+            respond_with_error(error)
+          end
+        end
+
+        private
+
+        def form
+          @form ||= LoginForm.new(params[:login], params[:password])
+        end
+
+        def respond_with_success
+          respond_to do |format|
+            format.html { redirect_to login_redirect_route, notice: 'Successfully signed in' }
+            format.json { render json: serialized_account }
+          end
+        end
+
+        def respond_with_error(error)
+          respond_to do |format|
+            format.html do
+              flash.now[:error] = error.message
+              render stormpath_config.web.login.view
+            end
+            format.json do
+              render json: { status: error.status, message: error.message }, status: error.status
+            end
+          end
+        end
+
+        def set_cookies
+          TokenCookieSetter.call(cookies, form.authentication_result)
+        end
+
+        def serialized_account
+          AccountSerializer.to_h(form.authentication_result.account)
+        end
+
+        def login_redirect_route
+          if params[:next]
+            URI(params[:next]).path
+          else
+            stormpath_config.web.login.next_uri
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/login/new_controller.rb

@@ -0,0 +1,20 @@
+module Stormpath
+  module Rails
+    module Login
+      class NewController < BaseController
+        before_action :require_no_authentication!
+
+        def call
+          if stormpath_config.web.id_site.enabled
+            redirect_to id_site_login_url
+          else
+            respond_to do |format|
+              format.json { render json: LoginNewSerializer.to_h }
+              format.html { render stormpath_config.web.login.view }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/logout/create_controller.rb

@@ -0,0 +1,61 @@
+module Stormpath
+  module Rails
+    module Logout
+      class CreateController < BaseController
+        BEARER_PATTERN = /^Bearer /
+
+        def call
+          if bearer_authorization_header?
+            DeleteAccessToken.call(bearer_access_token)
+          else
+            delete_tokens
+            delete_cookies
+          end
+          respond_with_success
+        end
+
+        private
+
+        def bearer_access_token
+          authorization_header.gsub(BEARER_PATTERN, '')
+        end
+
+        def bearer_authorization_header?
+          authorization_header =~ BEARER_PATTERN
+        end
+
+        def authorization_header
+          request.headers['Authorization']
+        end
+
+        def delete_tokens
+          DeleteAccessToken.call(cookies[access_token_cookie_name])
+          DeleteRefreshToken.call(cookies[refresh_token_cookie_name])
+        end
+
+        def delete_cookies
+          cookies.delete(access_token_cookie_name)
+          cookies.delete(refresh_token_cookie_name)
+        end
+
+        def access_token_cookie_name
+          stormpath_config.web.access_token_cookie.name
+        end
+
+        def refresh_token_cookie_name
+          stormpath_config.web.refresh_token_cookie.name
+        end
+
+        def respond_with_success
+          respond_to do |format|
+            format.html do
+              flash[:notice] = 'You have been logged out successfully.'
+              redirect_to stormpath_config.web.logout.next_uri
+            end
+            format.json { render nothing: true, status: 200 }
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/oauth2/create_controller.rb

@@ -0,0 +1,82 @@
+module Stormpath
+  module Rails
+    module Oauth2
+      class CreateController < BaseController
+        UnsupportedGrantType = Class.new(StandardError)
+
+        def call
+          response.headers['Cache-Control'] = 'no-store'
+          response.headers['Pragma'] = 'no-cache'
+
+          case grant_type
+          when 'client_credentials'
+            handle_client_credentials_grant
+          when 'password'
+            handle_password_grant
+          when 'refresh_token'
+            handle_refresh_token_grant
+          else
+            raise UnsupportedGrantType if grant_type.present?
+            render json: { error: :invalid_request }, status: 400
+          end
+        rescue UnsupportedGrantType
+          render json: { error: :unsupported_grant_type }, status: 400
+        end
+
+        private
+
+        def grant_type
+          params[:grant_type]
+        end
+
+        def handle_client_credentials_grant
+          raise UnsupportedGrantType unless stormpath_config.web.oauth2.client_credentials.enabled
+          begin
+            auth_result = ClientCredentialsAuthentication.new(request.headers['Authorization']).save!
+            render json: auth_result_json(auth_result).except(:refresh_token)
+          rescue ClientCredentialsAuthentication::FormError, Stormpath::Error => error
+            render json: {
+              error: :invalid_client,
+              message: error.message
+            }, status: 401
+          end
+        end
+
+        def handle_password_grant
+          raise UnsupportedGrantType unless stormpath_config.web.oauth2.password.enabled
+          begin
+            auth_result = LoginForm.new(params[:username], params[:password]).save!
+            render json: auth_result_json(auth_result)
+          rescue LoginForm::FormError, Stormpath::Error => error
+            render json: {
+              error: :invalid_request,
+              message: error.message
+            }, status: error.status
+          end
+        end
+
+        def handle_refresh_token_grant
+          raise UnsupportedGrantType unless stormpath_config.web.oauth2.password.enabled
+          begin
+            auth_result = RefreshTokenAuthentication.new(params[:refresh_token]).save!
+            render json: auth_result_json(auth_result)
+          rescue RefreshTokenAuthentication::FormError, Stormpath::Error => error
+            render json: {
+              error: :invalid_grant,
+              message: error.message
+            }, status: error.status
+          end
+        end
+
+        def auth_result_json(auth_result)
+          {
+            access_token: auth_result.access_token,
+            expires_in: auth_result.expires_in,
+            refresh_token: auth_result.refresh_token,
+            token_type: auth_result.token_type
+          }
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/oauth2/new_controller.rb

@@ -0,0 +1,11 @@
+module Stormpath
+  module Rails
+    module Oauth2
+      class NewController < BaseController
+        def call
+          render status: 405, nothing: true
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/profile/show_controller.rb

@@ -0,0 +1,15 @@
+module Stormpath
+  module Rails
+    module Profile
+      class ShowController < BaseController
+        before_action :require_authentication!
+
+        def call
+          response.headers['Cache-Control'] = 'no-cache, no-store'
+          response.headers['Pragma'] = 'no-cache'
+          render json: ProfileSerializer.to_h(current_account)
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/register/create_controller.rb

@@ -0,0 +1,86 @@
+module Stormpath
+  module Rails
+    module Register
+      class CreateController < BaseController
+        def call
+          form.save!
+          login_the_account if auto_login_enabled?
+          respond_with_success
+        rescue RegistrationForm::FormError => error
+          respond_with_error(error)
+        end
+
+        private
+
+        def respond_with_success
+          respond_to do |format|
+            format.html { redirect_to success_redirect_route }
+            format.json { render json: serialized_account }
+          end
+        end
+
+        def success_redirect_route
+          if email_verification_enabled?
+            success_with_email_verification_redirect_route
+          elsif auto_login_enabled?
+            success_with_auto_login_redirect_route
+          else
+            default_success_redirect_route
+          end
+        end
+
+        def success_with_email_verification_redirect_route
+          "#{stormpath_config.web.login.uri}?status=unverified"
+        end
+
+        def success_with_auto_login_redirect_route
+          stormpath_config.web.register.next_uri
+        end
+
+        def default_success_redirect_route
+          "#{stormpath_config.web.login.uri}?status=created"
+        end
+
+        def respond_with_error(error)
+          respond_to do |format|
+            format.json { respond_with_json_error(error) }
+            format.html { respond_with_html_error(error) }
+          end
+        end
+
+        def respond_with_json_error(error)
+          render json: { status: error.status, message: error.message }, status: error.status
+        end
+
+        def respond_with_html_error(error)
+          flash.now[:error] = error.message
+          render stormpath_config.web.register.view
+        end
+
+        def auto_login_enabled?
+          stormpath_config.web.register.auto_login
+        end
+
+        def email_verification_enabled?
+          form.account.status == 'UNVERIFIED'
+        end
+
+        def serialized_account
+          AccountSerializer.to_h(form.account)
+        end
+
+        def login_the_account
+          AccountLogin.call(cookies, form.email, form.password)
+        end
+
+        def form
+          @form ||= RegistrationForm.new(params.except(*excluded_root_params))
+        end
+
+        def excluded_root_params
+          [:controller, :action, :format, :create, :utf8, :button, :authenticity_token]
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/register/new_controller.rb

@@ -0,0 +1,20 @@
+module Stormpath
+  module Rails
+    module Register
+      class NewController < BaseController
+        def call
+          if stormpath_config.web.id_site.enabled
+            redirect_to id_site_register_url
+          elsif signed_in?
+            redirect_to root_path
+          else
+            respond_to do |format|
+              format.json { render json: RegistrationFormSerializer.to_h }
+              format.html { render stormpath_config.web.register.view }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/verify_email/create_controller.rb

@@ -0,0 +1,37 @@
+module Stormpath
+  module Rails
+    module VerifyEmail
+      class CreateController < BaseController
+        def call
+          begin
+            ResendEmailVerification.new(params[:email]).call
+            respond_with_success
+          rescue ResendEmailVerification::UnexistingEmailError
+            respond_with_success
+          rescue ResendEmailVerification::NoEmailError => error
+            respond_with_error(error)
+          end
+        end
+
+        private
+
+        def respond_with_success
+          respond_to do |format|
+            format.html { redirect_to "#{stormpath_config.web.login.uri}?status=unverified" }
+            format.json { render nothing: true }
+          end
+        end
+
+        def respond_with_error(error)
+          respond_to do |format|
+            format.json { render json: { status: 400, message: error.message }, status: 400 }
+            format.html do
+              flash.now[:error] = error.message
+              render stormpath_config.web.verify_email.view
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/stormpath/rails/verify_email/show_controller.rb

@@ -0,0 +1,51 @@
+module Stormpath
+  module Rails
+    module VerifyEmail
+      class ShowController < BaseController
+        def call
+          begin
+            account = VerifyEmailToken.new(params[:sptoken]).call
+            login_the_account(account) if stormpath_config.web.register.auto_login
+            respond_with_success
+          rescue InvalidSptokenError, NoSptokenError => error
+            respond_to_error(error)
+          end
+        end
+
+        private
+
+        def login_the_account(account)
+          AccountLoginWithStormpathToken.new(
+            cookies, account,
+            Stormpath::Rails::Client.application,
+            Stormpath::Rails::Client.client.data_store.api_key
+          ).call
+        end
+
+        def respond_with_success
+          respond_to do |format|
+            format.html { redirect_to success_redirect_route }
+            format.json { render nothing: true, status: 200 }
+          end
+        end
+
+        def success_redirect_route
+          if stormpath_config.web.register.auto_login
+            stormpath_config.web.register.next_uri
+          else
+            stormpath_config.web.verify_email.next_uri
+          end
+        end
+
+        def respond_to_error(error)
+          respond_to do |format|
+            format.html { render stormpath_config.web.verify_email.view }
+            format.json do
+              render json: { status: error.status, message: error.message }, status: error.status
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/forms/stormpath/rails/login_form.rb

@@ -0,0 +1,60 @@
+module Stormpath
+  module Rails
+    class LoginForm
+      attr_accessor :login, :password
+      attr_accessor :authentication_result
+
+      def initialize(login, password)
+        @login = login
+        @password = password
+        validate_login_presence
+        validate_password_presence
+      end
+
+      class FormError < ArgumentError
+        def status
+          400
+        end
+      end
+
+      # def save
+      #   return false if invalid?
+      #   result = Client.authenticate_oauth(password_grant_request)
+      #
+      #   if result.success?
+      #     self.authentication_result = result.authentication_result
+      #   else
+      #     errors.add(:base, result.error_message) && false
+      #   end
+      # end
+
+      def save!
+        self.authentication_result = application.authenticate_oauth(password_grant_request)
+      end
+
+      private
+
+      def validate_login_presence
+        return if login.present?
+        raise FormError, "#{form_fields_config.login.label} can't be blank"
+      end
+
+      def validate_password_presence
+        return if password.present?
+        raise FormError, "#{form_fields_config.password.label} can't be blank"
+      end
+
+      def form_fields_config
+        Stormpath::Rails.config.web.login.form.fields
+      end
+
+      def password_grant_request
+        Stormpath::Oauth::PasswordGrantRequest.new(login, password)
+      end
+
+      def application
+        Stormpath::Rails::Client.application
+      end
+    end
+  end
+end

data/app/forms/stormpath/rails/registration_form.rb

@@ -0,0 +1,106 @@
+module Stormpath
+  module Rails
+    class RegistrationForm
+      include ActiveModel::Model
+      attr_accessor(*RegistrationFormFields.enabled_field_names)
+      attr_accessor :account
+
+      validate :validate_presence_of_required_attributes
+      validate :validate_password_repeated_twice_matches?
+
+      class FormError < ArgumentError
+        def status
+          400
+        end
+      end
+
+      class ArbitraryDataSubmitted < FormError
+      end
+
+      def initialize(params = {})
+        custom_data_params = params[:customData] || {}
+        params = params.except(:customData).merge(custom_data_params)
+        params = params.stringify_keys.transform_keys(&:underscore).symbolize_keys
+
+        arbitrary_param_names = params.keys - RegistrationFormFields.enabled_field_names
+
+        if arbitrary_param_names.any?
+          raise ArbitraryDataSubmitted, "Can't submit arbitrary data: #{arbitrary_param_names.join(', ')}"
+        end
+
+        super(params)
+      end
+
+      def save
+        return false if invalid?
+
+        begin
+          self.account = Stormpath::Rails::Client.application.accounts.create(
+            Stormpath::Resource::Account.new(stormpath_registration_params)
+          )
+        rescue Stormpath::Error => error
+          errors.add(:base, error.message) && false
+        end
+      end
+
+      def save!
+        return true if save
+        raise(FormError, errors.full_messages.first)
+      end
+
+      private
+
+      def validate_presence_of_required_attributes
+        RegistrationFormFields.required_fields.each do |required_field, properties|
+          if send(required_field).blank?
+            errors.add(:base, "#{properties[:label]} is required.")
+          end
+        end
+      end
+
+      def validate_password_repeated_twice_matches?
+        return unless RegistrationFormFields.confirm_password_enabled?
+        return if password == confirm_password
+        errors.add(:base, 'Passwords do not match')
+      end
+
+      def stormpath_registration_params
+        predefined_registration_params.merge(custom_data: custom_registration_params)
+      end
+
+      def predefined_registration_params
+        {}.tap do |hash|
+          RegistrationFormFields.predefined_enabled_field_names.each do |field_name|
+            hash[field_name] = send(field_name)
+          end
+          fill_in_given_name(hash)
+          fill_in_surname(hash)
+        end
+      end
+
+      def custom_registration_params
+        {}.tap do |hash|
+          RegistrationFormFields.custom_enabled_field_names.each do |field_name|
+            hash[field_name] = send(field_name)
+          end
+        end
+      end
+
+      def fill_in_given_name(hash)
+        if RegistrationFormFields.given_name_disabled?
+          hash[:given_name] = 'UNKNOWN'
+        elsif RegistrationFormFields.given_name_not_required? && given_name.blank?
+          hash[:given_name] = 'UNKNOWN'
+        end
+      end
+
+      def fill_in_surname(hash)
+        if RegistrationFormFields.surname_disabled?
+          hash[:surname] = 'UNKNOWN'
+        elsif RegistrationFormFields.surname_not_required? && surname.blank?
+          hash[:surname] = 'UNKNOWN'
+        end
+      end
+    end
+  end
+end