RubyGems - stormpath-rails - Versions diffs - 1.1.2.beta → 2.0.0 - Mend

stormpath-rails 1.1.2.beta → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

data/app/forms/stormpath/rails/registration_form_fields.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Stormpath
+  module Rails
+    class RegistrationFormFields
+      PREDEFINED_FIELD_NAMES = [
+        :given_name,
+        :middle_name,
+        :surname,
+        :username,
+        :email,
+        :password,
+        :confirm_password
+      ].freeze
+      class << self
+        def required_field_names
+          required_fields.keys
+        end
+        def enabled_field_names
+          enabled_fields.keys
+        end
+        def predefined_enabled_field_names
+          enabled_field_names & PREDEFINED_FIELD_NAMES
+        end
+        def custom_enabled_field_names
+          enabled_field_names - PREDEFINED_FIELD_NAMES
+        end
+        def required_fields
+          enabled_fields
+            .select  { |_field, properties| properties[:required] }
+        end
+        def enabled_fields
+          register_form_fields
+            .select  { |_field, properties| properties[:enabled] }
+        end
+        def confirm_password_enabled?
+          form_fields_config.confirm_password.enabled
+        end
+        def register_form_fields
+          form_fields_config.to_h
+        end
+        def given_name_disabled?
+          !form_fields_config.given_name.enabled
+        end
+        def given_name_not_required?
+          !form_fields_config.given_name.required
+        end
+        def surname_disabled?
+          !form_fields_config.surname.enabled
+        end
+        def surname_not_required?
+          !form_fields_config.surname.required
+        end
+        def form_fields_config
+          Stormpath::Rails.config.web.register.form.fields
+        end
+      end
+    end
+  end
+end

data/app/helpers/social_helper.rb CHANGED Viewed

@@ -1,6 +1,7 @@
+# Legacy but will be used when social logins start.
 module SocialHelper
   def box_class
-    facebook_login_enabled? ? 'small col-sm-8' : 'large col-sm-12'
+    facebook_login_enabled? ? 'small col-sm-8' : 'large col-sm-12'
   end
   def label_class

data/app/serializers/stormpath/rails/account_serializer.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Stormpath
+  module Rails
+    class AccountSerializer
+      attr_reader :account
+      def self.to_h(account)
+        new(account).to_h
+      end
+      def initialize(account)
+        @account = account
+      end
+      def to_h
+        {
+          account: {
+            href: account.href,
+            username: account.username,
+            modifiedAt: account.modified_at,
+            status: account.status,
+            createdAt: account.created_at,
+            email: account.email,
+            middleName: account.middle_name,
+            surname: account.surname,
+            givenName: account.given_name,
+            fullName: account.full_name
+          }
+        }
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/form_serializer.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Stormpath
+  module Rails
+    class FormSerializer
+      def self.to_h
+        new.to_h
+      end
+      def to_h
+        {
+          form: {
+            fields: form_fields
+          },
+          accountStores: []
+        }
+      end
+      private
+      def config
+        raise NotImplementedError
+      end
+      def form_fields
+        config
+          .form
+          .fields
+          .to_h
+          .select  { |_field, properties| properties[:enabled] && properties[:visible] }
+          .each    { |_field, properties| properties.delete(:enabled) }
+          .each    { |_field, properties| properties.delete(:visible) }
+          .deep_transform_keys { |key| key.to_s.camelize(:lower).to_sym }
+          .sort_by { |field, _properties| config.form.field_order.index(field.to_s) || Float::INFINITY }
+          .map     { |field, properties| properties.merge(name: field) }
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/login_new_serializer.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Stormpath
+  module Rails
+    class LoginNewSerializer < FormSerializer
+      private
+      def config
+        Stormpath::Rails.config.web.login
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/profile_serializer.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Stormpath
+  module Rails
+    class ProfileSerializer
+      attr_reader :account_href
+      def self.to_h(account)
+        new(account).to_h
+      end
+      def initialize(account)
+        @account_href = account.href
+      end
+      def to_h
+        @to_h ||= AccountSerializer.to_h(account).deep_merge(account: expanded_resources_hash)
+      end
+      private
+      def expansions
+        Stormpath::Rails
+          .config
+          .web
+          .me
+          .expand
+          .to_h
+          .select { |_relation, should_expand| should_expand == true }
+          .keys
+      end
+      def expansion_resource
+        Stormpath::Resource::Expansion.new(*expansions)
+      end
+      def expanded_resources_hash
+        {}.tap do |hash|
+          expansions.each do |expansion|
+            expanded_resource = account.send(expansion)
+            expansion_name = expansion.to_s.camelize(:lower).to_sym
+            hash[expansion_name] = if expanded_resource.is_a?(Stormpath::Resource::Collection)
+                                     expanded_resource.map do |single_resource|
+                                       properties_serializer(single_resource)
+                                     end
+                                   else
+                                     properties_serializer(expanded_resource)
+                                   end
+          end
+        end
+      end
+      def properties_serializer(resource)
+        resource.send(:materialize)
+        properties = resource.properties
+        if resource.is_a?(Stormpath::Resource::CustomData)
+          properties
+        else
+          properties.delete_if { |_key, value| value.is_a?(Hash) }
+          properties.transform_keys do |key|
+            key.to_s.camelize(:lower).to_sym
+          end
+        end
+      end
+      def account
+        @account ||= Stormpath::Rails::Client.client.accounts.get(account_href, expansion_resource)
+      end
+    end
+  end
+end

data/app/serializers/stormpath/rails/registration_form_serializer.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Stormpath
+  module Rails
+    class RegistrationFormSerializer < FormSerializer
+      private
+      def config
+        Stormpath::Rails.config.web.register
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_from_access_token/local_account_resolution.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module Stormpath
+  module Rails
+    class AccountFromAccessToken
+      class LocalAccountResolution
+        attr_reader :access_token
+        def initialize(access_token)
+          @access_token = access_token
+          @application = Client.application
+          validate_jwt
+        end
+        def account
+          Stormpath::Rails::Client.client.accounts.get(account_href)
+        end
+        private
+        def account_href
+          jwt_data.first['sub']
+        end
+        def jwt_data
+          begin
+            @jwt_data ||= JWT.decode(access_token, ENV['STORMPATH_API_KEY_SECRET'])
+          rescue JWT::ExpiredSignature
+            raise Stormpath::Oauth::Error, :jwt_expired
+          end
+        end
+        def validate_jwt
+          validate_jwt_is_an_access_token
+          validate_jwt_has_a_valid_issuer
+        end
+        def validate_jwt_has_a_valid_issuer
+          return if jwt_data.first['iss'] == Stormpath::Rails::Client.application.href
+          raise DifferentIssuerError
+        end
+        def validate_jwt_is_an_access_token
+          return if jwt_data.second['stt'] == 'access'
+          raise AuthenticationWithRefreshTokenAttemptError
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_from_access_token/stormpath_account_resolution.rb ADDED Viewed

@@ -0,0 +1,27 @@
+module Stormpath
+  module Rails
+    class AccountFromAccessToken
+      class StormpathAccountResolution
+        attr_reader :access_token, :application
+        def initialize(access_token)
+          @access_token = access_token
+          @application = Client.application
+          validate_jwt_is_access_token
+        end
+        def account
+          Stormpath::Oauth::VerifyAccessToken.new(application).verify(access_token).account
+        end
+        def validate_jwt_is_access_token
+          raise AuthenticationWithRefreshTokenAttemptError if jwt_data.second['stt'] != 'access'
+        end
+        def jwt_data
+          @jwt_data ||= JWT.decode(access_token, ENV['STORMPATH_API_KEY_SECRET'])
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_from_access_token.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Stormpath
+  module Rails
+    class AccountFromAccessToken
+      attr_reader :access_token
+      NoAccessToken = Class.new(ArgumentError)
+      AuthenticationWithRefreshTokenAttemptError = Class.new(ArgumentError)
+      DifferentIssuerError = Class.new(ArgumentError)
+      def initialize(access_token)
+        raise(NoAccessToken) if access_token.nil?
+        @access_token = access_token
+      end
+      def account
+        @account ||= resolution_class.new(access_token).account
+      end
+      private
+      def resolution_class
+        case Stormpath::Rails.config.web.oauth2.password.validation_strategy.to_sym
+        when :local
+          LocalAccountResolution
+        when :stormpath
+          StormpathAccountResolution
+        else
+          raise ArgumentError, 'Invalid validation strategy'
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_login.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Stormpath
+  module Rails
+    class AccountLogin
+      attr_reader :cookie_jar, :login, :password
+      def self.call(cookie_jar, login, password)
+        new(cookie_jar, login, password).call
+      end
+      def initialize(cookie_jar, login, password)
+        @cookie_jar = cookie_jar
+        @login      = login
+        @password   = password
+      end
+      def call
+        form.save!
+        TokenCookieSetter.call(cookie_jar, form.authentication_result)
+      end
+      private
+      def form
+        @form ||= LoginForm.new(login, password)
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/account_login_with_stormpath_token.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Stormpath
+  module Rails
+    class AccountLoginWithStormpathToken
+      def self.call(cookie_jar, account, application, api_key)
+        new(cookie_jar, account, application, api_key).call
+      end
+      def initialize(cookie_jar, account, application, api_key)
+        @cookie_jar   = cookie_jar
+        @account      = account
+        @application  = application
+        @api_key      = api_key
+      end
+      def call
+        TokenCookieSetter.call(cookie_jar, authentication_result)
+      end
+      private
+      attr_reader :cookie_jar, :account, :application, :api_key
+      def authentication_result
+        @authentication_result ||= application.authenticate_oauth(stormpath_grant_request)
+      end
+      def stormpath_grant_request
+        Stormpath::Oauth::StormpathGrantRequest.new(account, application, api_key)
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/client_credentials_authentication.rb ADDED Viewed

@@ -0,0 +1,40 @@
+module Stormpath
+  module Rails
+    class ClientCredentialsAuthentication
+      include ActiveModel::Model
+      BASIC_PATTERN = /^Basic /
+      attr_accessor :api_key_id, :api_key_secret
+      class FormError < ArgumentError
+        def status
+          401
+        end
+      end
+      def initialize(authorization_header)
+        raise FormError if authorization_header !~ BASIC_PATTERN
+        self.api_key_id, self.api_key_secret = Base64.decode64(
+          authorization_header.gsub(BASIC_PATTERN, '')
+        ).split(':')
+      end
+      validates :api_key_id, presence: true
+      validates :api_key_secret, presence: true
+      def save!
+        raise(FormError, errors.full_messages.first) if invalid?
+        Client.application.authenticate_oauth(client_credentials_grant_request)
+      end
+      private
+      def client_credentials_grant_request
+        Stormpath::Oauth::ClientCredentialsGrantRequest.new(
+          api_key_id,
+          api_key_secret
+        )
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication/from_basic_auth.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      class FromBasicAuth
+        attr_reader :authorization_header
+        def initialize(authorization_header)
+          @authorization_header = authorization_header
+        end
+        def authenticate!
+          raise UnauthenticatedRequest if fetched_api_key.nil?
+          raise UnauthenticatedRequest if fetched_api_key.secret != api_key_secret
+          fetched_api_key.account
+        end
+        private
+        def fetched_api_key
+          @fetched_api_key ||= Client.application.api_keys.search(id: api_key_id).first
+        end
+        def api_key_id
+          decoded_authorization_header.first
+        end
+        def api_key_secret
+          decoded_authorization_header.last
+        end
+        def decoded_authorization_header
+          @decoded_authorization_header ||= begin
+            api_key_and_secret = Base64.decode64(basic_authorization_header).split(':')
+            raise UnauthenticatedRequest if api_key_and_secret.count != 2
+            api_key_and_secret
+          end
+        end
+        def basic_authorization_header
+          authorization_header.gsub(BASIC_PATTERN, '')
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication/from_bearer_auth.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      class FromBearerAuth
+        attr_reader :authorization_header
+        RESCUE_CLASSES = [
+          Stormpath::Oauth::Error,
+          JWT::DecodeError,
+          AccountFromAccessToken::AuthenticationWithRefreshTokenAttemptError,
+          AccountFromAccessToken::DifferentIssuerError
+        ].freeze
+        def initialize(authorization_header)
+          @authorization_header = authorization_header
+        end
+        def authenticate!
+          begin
+            AccountFromAccessToken.new(bearer_access_token).account
+          rescue *RESCUE_CLASSES
+            raise UnauthenticatedRequest
+          end
+        end
+        private
+        def bearer_access_token
+          authorization_header.gsub(BEARER_PATTERN, '')
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication/from_cookies.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      class FromCookies
+        OAUTH_ERROR_CODE_RANGE = (10_000...10_100)
+        attr_reader :cookies
+        def initialize(cookies)
+          @cookies = cookies
+        end
+        def authenticate!
+          begin
+            AccountFromAccessToken.new(access_token_cookie).account
+          rescue AccountFromAccessToken::NoAccessToken, Stormpath::Oauth::Error, JWT::DecodeError
+            delete_access_token_cookie
+            fetch_account_from_refresh_token
+          rescue Stormpath::Error => error
+            raise unless OAUTH_ERROR_CODE_RANGE.include?(error.code)
+            delete_access_token_cookie
+            fetch_account_from_refresh_token
+          rescue AccountFromAccessToken::AuthenticationWithRefreshTokenAttemptError, AccountFromAccessToken::DifferentIssuerError
+            delete_access_token_cookie
+            delete_refresh_token_cookie
+            raise UnauthenticatedRequest
+          end
+        end
+        private
+        def fetch_account_from_refresh_token
+          raise(UnauthenticatedRequest) if refresh_token_cookie.blank?
+          begin
+            result = RefreshTokenAuthentication.new(refresh_token_cookie).save!
+            TokenCookieSetter.new(cookies, result).call
+            AccountFromAccessToken.new(result.access_token).account
+          rescue Stormpath::Error => error
+            raise unless OAUTH_ERROR_CODE_RANGE.include?(error.code)
+            delete_refresh_token_cookie
+            raise UnauthenticatedRequest
+          end
+        end
+        def access_token_cookie
+          cookies[ACCESS_TOKEN_COOKIE_NAME]
+        end
+        def refresh_token_cookie
+          cookies[REFRESH_TOKEN_COOKIE_NAME]
+        end
+        def access_token_cookie=(value)
+          cookies[ACCESS_TOKEN_COOKIE_NAME] = value
+        end
+        def refresh_token_cookie=(value)
+          cookies[REFRESH_TOKEN_COOKIE_NAME] = value
+        end
+        def delete_access_token_cookie
+          cookies.delete(ACCESS_TOKEN_COOKIE_NAME)
+        end
+        def delete_refresh_token_cookie
+          cookies.delete(REFRESH_TOKEN_COOKIE_NAME)
+        end
+      end
+    end
+  end
+end

data/app/services/stormpath/rails/controller_authentication.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module Stormpath
+  module Rails
+    class ControllerAuthentication
+      UnauthenticatedRequest = Class.new(StandardError)
+      BEARER_PATTERN = /^Bearer /
+      BASIC_PATTERN = /^Basic /
+      ACCESS_TOKEN_COOKIE_NAME  = Stormpath::Rails.config.web.access_token_cookie.name
+      REFRESH_TOKEN_COOKIE_NAME = Stormpath::Rails.config.web.refresh_token_cookie.name
+      attr_reader :cookies, :authorization_header
+      def initialize(cookies, authorization_header)
+        @cookies = cookies
+        @authorization_header = authorization_header
+      end
+      def authenticate!
+        if any_auth_cookie_present?
+          FromCookies.new(cookies).authenticate!
+        elsif bearer_authorization_header?
+          FromBearerAuth.new(authorization_header).authenticate!
+        elsif basic_authorization_header?
+          FromBasicAuth.new(authorization_header).authenticate!
+        else
+          raise UnauthenticatedRequest
+        end
+      end
+      private
+      def bearer_authorization_header?
+        authorization_header =~ BEARER_PATTERN
+      end
+      def any_auth_cookie_present?
+        cookies[ACCESS_TOKEN_COOKIE_NAME] || cookies[REFRESH_TOKEN_COOKIE_NAME]
+      end
+      def basic_authorization_header?
+        authorization_header =~ BASIC_PATTERN
+      end
+    end
+  end
+end