RubyGems - stormpath-rails - Versions diffs - 1.1.2.beta → 2.0.0 - Mend

stormpath-rails 1.1.2.beta → 2.0.0

Files changed (130) hide show

data/app/forms/stormpath/rails/registration_form_fields.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Stormpath
+  module Rails
+    class RegistrationFormFields
+      PREDEFINED_FIELD_NAMES = [
+        :given_name,
+        :middle_name,
+        :surname,
+        :username,
+        :email,
+        :password,
+        :confirm_password
+      ].freeze
+      class << self
+        def required_field_names
+          required_fields.keys
+        end
+        def enabled_field_names
+          enabled_fields.keys
+        end
+        def predefined_enabled_field_names
+          enabled_field_names & PREDEFINED_FIELD_NAMES
+        end
+        def custom_enabled_field_names
+          enabled_field_names - PREDEFINED_FIELD_NAMES
+        end
+        def required_fields
+          enabled_fields
+            .select  { |_field, properties| properties[:required] }
+        end
+        def enabled_fields
+          register_form_fields
+            .select  { |_field, properties| properties[:enabled] }
+        end
+        def confirm_password_enabled?
+          form_fields_config.confirm_password.enabled
+        end
+        def register_form_fields
+          form_fields_config.to_h
+        end
+        def given_name_disabled?
+          !form_fields_config.given_name.enabled
+        end
+        def given_name_not_required?
+          !form_fields_config.given_name.required
+        end
+        def surname_disabled?
+          !form_fields_config.surname.enabled
+        end
+        def surname_not_required?
+          !form_fields_config.surname.required
+        end
+        def form_fields_config
+          Stormpath::Rails.config.web.register.form.fields
+        end
+      end
+    end
+  end
+end

data/app/helpers/social_helper.rb CHANGED Viewed

@@ -1,6 +1,7 @@
+# Legacy but will be used when social logins start.
 module SocialHelper
   def box_class
-    facebook_login_enabled? ? 'small col-sm-8' : 'large col-sm-12'
+    facebook_login_enabled? ? 'small col-sm-8' : 'large col-sm-12'
   end
   def label_class

data/app/serializers/stormpath/rails/account_serializer.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Stormpath
+  module Rails
+    class AccountSerializer
+      attr_reader :account
+      def self.to_h(account)
+        new(account).to_h
+      end
+      def initialize(account)
+        @account = account
+      end
+      def to_h
+        {
+          account: {
+            href: account.href,
+            username: account.username,
+            modifiedAt: account.modified_at,
+            status: account.status,
+            createdAt: account.created_at,
+            email: account.email,
+            middleName: account.middle_name,
+            surname: account.surname,
+            givenName: account.given_name,
+            fullName: account.full_name
+          }
+        }
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/form_serializer.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Stormpath
+  module Rails
+    class FormSerializer
+      def self.to_h
+        new.to_h
+      end
+      def to_h
+        {
+          form: {
+            fields: form_fields
+          },
+          accountStores: []
+        }
+      end
+      private
+      def config
+        raise NotImplementedError
+      end
+      def form_fields
+        config
+          .form
+          .fields
+          .to_h
+          .select  { |_field, properties| properties[:enabled] && properties[:visible] }
+          .each    { |_field, properties| properties.delete(:enabled) }
+          .each    { |_field, properties| properties.delete(:visible) }
+          .deep_transform_keys { |key| key.to_s.camelize(:lower).to_sym }
+          .sort_by { |field, _properties| config.form.field_order.index(field.to_s) || Float::INFINITY }
+          .map     { |field, properties| properties.merge(name: field) }
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/login_new_serializer.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Stormpath
+  module Rails
+    class LoginNewSerializer < FormSerializer
+      private
+      def config
+        Stormpath::Rails.config.web.login
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/profile_serializer.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Stormpath
+  module Rails
+    class ProfileSerializer
+      attr_reader :account_href
+      def self.to_h(account)
+        new(account).to_h
+      end
+      def initialize(account)
+        @account_href = account.href
+      end
+      def to_h
+        @to_h ||= AccountSerializer.to_h(account).deep_merge(account: expanded_resources_hash)
+      end
+      private
+      def expansions
+        Stormpath::Rails
+          .config
+          .web
+          .me
+          .expand
+          .to_h
+          .select { |_relation, should_expand| should_expand == true }
+          .keys
+      end
+      def expansion_resource
+        Stormpath::Resource::Expansion.new(*expansions)
+      end
+      def expanded_resources_hash
+        {}.tap do |hash|
+          expansions.each do |expansion|
+            expanded_resource = account.send(expansion)
+            expansion_name = expansion.to_s.camelize(:lower).to_sym
+            hash[expansion_name] = if expanded_resource.is_a?(Stormpath::Resource::Collection)
+                                     expanded_resource.map do |single_resource|
+                                       properties_serializer(single_resource)
+                                     end
+                                   else
+                                     properties_serializer(expanded_resource)
+                                   end
+          end
+        end
+      end
+      def properties_serializer(resource)
+        resource.send(:materialize)
+        properties = resource.properties
+        if resource.is_a?(Stormpath::Resource::CustomData)
+          properties
+        else
+          properties.delete_if { |_key, value| value.is_a?(Hash) }
+          properties.transform_keys do |key|
+            key.to_s.camelize(:lower).to_sym
+          end
+        end
+      end
+      def account
+        @account ||= Stormpath::Rails::Client.client.accounts.get(account_href, expansion_resource)
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/registration_form_serializer.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Stormpath
+  module Rails
+    class RegistrationFormSerializer < FormSerializer
+      private
+      def config
+        Stormpath::Rails.config.web.register
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_from_access_token/local_account_resolution.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module Stormpath
+  module Rails
+    class AccountFromAccessToken
+      class LocalAccountResolution
+        attr_reader :access_token
+        def initialize(access_token)
+          @access_token = access_token
+          @application = Client.application
+          validate_jwt
+        end
+        def account
+          Stormpath::Rails::Client.client.accounts.get(account_href)
+        end
+        private
+        def account_href
+          jwt_data.first['sub']
+        end
+        def jwt_data
+          begin
+            @jwt_data ||= JWT.decode(access_token, ENV['STORMPATH_API_KEY_SECRET'])
+          rescue JWT::ExpiredSignature
+            raise Stormpath::Oauth::Error, :jwt_expired
+          end
+        end
+        def validate_jwt
+          validate_jwt_is_an_access_token
+          validate_jwt_has_a_valid_issuer
+        end
+        def validate_jwt_has_a_valid_issuer
+          return if jwt_data.first['iss'] == Stormpath::Rails::Client.application.href
+          raise DifferentIssuerError
+        end
+        def validate_jwt_is_an_access_token
+          return if jwt_data.second['stt'] == 'access'
+          raise AuthenticationWithRefreshTokenAttemptError
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_from_access_token/stormpath_account_resolution.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module Stormpath
+  module Rails
+    class AccountFromAccessToken
+      class StormpathAccountResolution
+        attr_reader :access_token, :application
+        def initialize(access_token)
+          @access_token = access_token
+          @application = Client.application
+          validate_jwt_is_access_token
+        end
+        def account
+          Stormpath::Oauth::VerifyAccessToken.new(application).verify(access_token).account
+        end
+        def validate_jwt_is_access_token
+          raise AuthenticationWithRefreshTokenAttemptError if jwt_data.second['stt'] != 'access'
+        end
+        def jwt_data
+          @jwt_data ||= JWT.decode(access_token, ENV['STORMPATH_API_KEY_SECRET'])
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_from_access_token.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Stormpath
+  module Rails
+    class AccountFromAccessToken
+      attr_reader :access_token
+      NoAccessToken = Class.new(ArgumentError)
+      AuthenticationWithRefreshTokenAttemptError = Class.new(ArgumentError)
+      DifferentIssuerError = Class.new(ArgumentError)
+      def initialize(access_token)
+        raise(NoAccessToken) if access_token.nil?
+        @access_token = access_token
+      end
+      def account
+        @account ||= resolution_class.new(access_token).account
+      end
+      private
+      def resolution_class
+        case Stormpath::Rails.config.web.oauth2.password.validation_strategy.to_sym
+        when :local
+          LocalAccountResolution
+        when :stormpath
+          StormpathAccountResolution
+        else
+          raise ArgumentError, 'Invalid validation strategy'
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_login.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Stormpath
+  module Rails
+    class AccountLogin
+      attr_reader :cookie_jar, :login, :password
+      def self.call(cookie_jar, login, password)
+        new(cookie_jar, login, password).call
+      end
+      def initialize(cookie_jar, login, password)
+        @cookie_jar = cookie_jar
+        @login      = login
+        @password   = password
+      end
+      def call
+        form.save!
+        TokenCookieSetter.call(cookie_jar, form.authentication_result)
+      end
+      private
+      def form
+        @form ||= LoginForm.new(login, password)
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_login_with_stormpath_token.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Stormpath
+  module Rails
+    class AccountLoginWithStormpathToken
+      def self.call(cookie_jar, account, application, api_key)
+        new(cookie_jar, account, application, api_key).call
+      end
+      def initialize(cookie_jar, account, application, api_key)
+        @cookie_jar   = cookie_jar
+        @account      = account
+        @application  = application
+        @api_key      = api_key
+      end
+      def call
+        TokenCookieSetter.call(cookie_jar, authentication_result)
+      end
+      private
+      attr_reader :cookie_jar, :account, :application, :api_key
+      def authentication_result
+        @authentication_result ||= application.authenticate_oauth(stormpath_grant_request)
+      end
+      def stormpath_grant_request
+        Stormpath::Oauth::StormpathGrantRequest.new(account, application, api_key)
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/client_credentials_authentication.rb ADDED Viewed

@@ -0,0 +1,40 @@
+module Stormpath
+  module Rails
+    class ClientCredentialsAuthentication
+      include ActiveModel::Model
+      BASIC_PATTERN = /^Basic /
+      attr_accessor :api_key_id, :api_key_secret
+      class FormError < ArgumentError
+        def status
+          401
+        end
+      end
+      def initialize(authorization_header)
+        raise FormError if authorization_header !~ BASIC_PATTERN
+        self.api_key_id, self.api_key_secret = Base64.decode64(
+          authorization_header.gsub(BASIC_PATTERN, '')
+        ).split(':')
+      end
+      validates :api_key_id, presence: true
+      validates :api_key_secret, presence: true
+      def save!
+        raise(FormError, errors.full_messages.first) if invalid?
+        Client.application.authenticate_oauth(client_credentials_grant_request)
+      end
+      private
+      def client_credentials_grant_request
+        Stormpath::Oauth::ClientCredentialsGrantRequest.new(
+          api_key_id,
+          api_key_secret
+        )
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication/from_basic_auth.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      class FromBasicAuth
+        attr_reader :authorization_header
+        def initialize(authorization_header)
+          @authorization_header = authorization_header
+        end
+        def authenticate!
+          raise UnauthenticatedRequest if fetched_api_key.nil?
+          raise UnauthenticatedRequest if fetched_api_key.secret != api_key_secret
+          fetched_api_key.account
+        end
+        private
+        def fetched_api_key
+          @fetched_api_key ||= Client.application.api_keys.search(id: api_key_id).first
+        end
+        def api_key_id
+          decoded_authorization_header.first
+        end
+        def api_key_secret
+          decoded_authorization_header.last
+        end
+        def decoded_authorization_header
+          @decoded_authorization_header ||= begin
+            api_key_and_secret = Base64.decode64(basic_authorization_header).split(':')
+            raise UnauthenticatedRequest if api_key_and_secret.count != 2
+            api_key_and_secret
+          end
+        end
+        def basic_authorization_header
+          authorization_header.gsub(BASIC_PATTERN, '')
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication/from_bearer_auth.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      class FromBearerAuth
+        attr_reader :authorization_header
+        RESCUE_CLASSES = [
+          Stormpath::Oauth::Error,
+          JWT::DecodeError,
+          AccountFromAccessToken::AuthenticationWithRefreshTokenAttemptError,
+          AccountFromAccessToken::DifferentIssuerError
+        ].freeze
+        def initialize(authorization_header)
+          @authorization_header = authorization_header
+        end
+        def authenticate!
+          begin
+            AccountFromAccessToken.new(bearer_access_token).account
+          rescue *RESCUE_CLASSES
+            raise UnauthenticatedRequest
+          end
+        end
+        private
+        def bearer_access_token
+          authorization_header.gsub(BEARER_PATTERN, '')
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication/from_cookies.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      class FromCookies
+        OAUTH_ERROR_CODE_RANGE = (10_000...10_100)
+        attr_reader :cookies
+        def initialize(cookies)
+          @cookies = cookies
+        end
+        def authenticate!
+          begin
+            AccountFromAccessToken.new(access_token_cookie).account
+          rescue AccountFromAccessToken::NoAccessToken, Stormpath::Oauth::Error, JWT::DecodeError
+            delete_access_token_cookie
+            fetch_account_from_refresh_token
+          rescue Stormpath::Error => error
+            raise unless OAUTH_ERROR_CODE_RANGE.include?(error.code)
+            delete_access_token_cookie
+            fetch_account_from_refresh_token
+          rescue AccountFromAccessToken::AuthenticationWithRefreshTokenAttemptError, AccountFromAccessToken::DifferentIssuerError
+            delete_access_token_cookie
+            delete_refresh_token_cookie
+            raise UnauthenticatedRequest
+          end
+        end
+        private
+        def fetch_account_from_refresh_token
+          raise(UnauthenticatedRequest) if refresh_token_cookie.blank?
+          begin
+            result = RefreshTokenAuthentication.new(refresh_token_cookie).save!
+            TokenCookieSetter.new(cookies, result).call
+            AccountFromAccessToken.new(result.access_token).account
+          rescue Stormpath::Error => error
+            raise unless OAUTH_ERROR_CODE_RANGE.include?(error.code)
+            delete_refresh_token_cookie
+            raise UnauthenticatedRequest
+          end
+        end
+        def access_token_cookie
+          cookies[ACCESS_TOKEN_COOKIE_NAME]
+        end
+        def refresh_token_cookie
+          cookies[REFRESH_TOKEN_COOKIE_NAME]
+        end
+        def access_token_cookie=(value)
+          cookies[ACCESS_TOKEN_COOKIE_NAME] = value
+        end
+        def refresh_token_cookie=(value)
+          cookies[REFRESH_TOKEN_COOKIE_NAME] = value
+        end
+        def delete_access_token_cookie
+          cookies.delete(ACCESS_TOKEN_COOKIE_NAME)
+        end
+        def delete_refresh_token_cookie
+          cookies.delete(REFRESH_TOKEN_COOKIE_NAME)
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      UnauthenticatedRequest = Class.new(StandardError)
+      BEARER_PATTERN = /^Bearer /
+      BASIC_PATTERN = /^Basic /
+      ACCESS_TOKEN_COOKIE_NAME  = Stormpath::Rails.config.web.access_token_cookie.name
+      REFRESH_TOKEN_COOKIE_NAME = Stormpath::Rails.config.web.refresh_token_cookie.name
+      attr_reader :cookies, :authorization_header
+      def initialize(cookies, authorization_header)
+        @cookies = cookies
+        @authorization_header = authorization_header
+      end
+      def authenticate!
+        if any_auth_cookie_present?
+          FromCookies.new(cookies).authenticate!
+        elsif bearer_authorization_header?
+          FromBearerAuth.new(authorization_header).authenticate!
+        elsif basic_authorization_header?
+          FromBasicAuth.new(authorization_header).authenticate!
+        else
+          raise UnauthenticatedRequest
+        end
+      end
+      private
+      def bearer_authorization_header?
+        authorization_header =~ BEARER_PATTERN
+      end
+      def any_auth_cookie_present?
+        cookies[ACCESS_TOKEN_COOKIE_NAME] || cookies[REFRESH_TOKEN_COOKIE_NAME]
+      end
+      def basic_authorization_header?
+        authorization_header =~ BASIC_PATTERN
+      end
+    end
+  end
+end