stormpath-rails 1.1.2.beta → 2.0.0

data/lib/generators/stormpath/install/install_generator.rb

@@ -8,7 +8,7 @@ module Stormpath
       source_root File.expand_path('../templates', __FILE__)
 
       def create_stormpath_configuration_file
-        copy_file 'stormpath.rb', 'config/initializers/stormpath.rb'
+        copy_file 'default_config.yml', 'config/stormpath.yml'
       end
 
       def inject_stormpath_into_application_controller
@@ -18,97 +18,6 @@ module Stormpath
           "  include Stormpath::Rails::Controller\n"
         )
       end
-
-      def create_user_model
-        if File.exist?(destination_root + '/app/models/user.rb')
-          inject_into_file(
-            'app/models/user.rb',
-            "include Stormpath::Rails::User\n\n",
-            after: "class User < ActiveRecord::Base\n"
-          )
-        else
-          copy_file 'user.rb', 'app/models/user.rb'
-        end
-      end
-
-      def create_stormpath_migration
-        if user_table_exists?
-          create_add_columns_migration
-        else
-          copy_migration 'create_users.rb'
-        end
-      end
-
-      private
-
-      def create_add_columns_migration
-        return unless migration_needed?
-
-        config = {
-          new_columns: new_columns,
-          new_indexes: new_indexes
-        }
-
-        copy_migration('add_stormpath_to_users.rb', config)
-      end
-
-      def migration_needed?
-        new_columns.any? || new_indexes.any?
-      end
-
-      def new_columns
-        @new_columns ||= {
-          email: 't.string :email, null: false',
-          given_name: 't.string :given_name, null: false',
-          surname: 't.string :surname, null: false'
-        }.reject { |column| existing_users_columns.include?(column.to_s) }
-      end
-
-      def new_indexes
-        @new_indexes ||= {
-          index_users_on_email: 'add_index :users, :email'
-        }.reject { |index| existing_users_indexes.include?(index.to_s) }
-      end
-
-      def user_table_exists?
-        ActiveRecord::Base.connection.table_exists?(:users)
-      end
-
-      def copy_migration(migration_name, config = {})
-        return if migration_exists?(migration_name)
-        migration_template(
-          "db/migrate/#{migration_name}",
-          "db/migrate/#{migration_name}",
-          config
-        )
-      end
-
-      def migration_exists?(name)
-        existing_migrations.include?(name)
-      end
-
-      def existing_migrations
-        @existing_migrations ||= Dir.glob('db/migrate/*.rb').map do |file|
-          migration_name_without_timestamp(file)
-        end
-      end
-
-      def migration_name_without_timestamp(file)
-        file.sub(%r{^.*(db/migrate/)(?:\d+_)?}, '')
-      end
-
-      # for generating a timestamp when using `create_migration`
-      def self.next_migration_number(dir)
-        ActiveRecord::Generators::Base.next_migration_number(dir)
-      end
-
-      def existing_users_columns
-        ActiveRecord::Base.connection.columns(:users).map(&:name)
-      end
-
-      def existing_users_indexes
-        ActiveRecord::Base.connection.indexes(:users).map(&:name)
-      end
     end
   end
 end

data/lib/generators/stormpath/install/templates/default_config.yml

@@ -0,0 +1,229 @@
+stormpath:
+  application:
+    href: null
+    name: null
+
+  web:
+    basePath: null
+
+    oauth2:
+      enabled: true
+      uri: "/oauth/token"
+      client_credentials:
+        enabled: true
+        accessToken:
+          ttl: 3600 # seconds
+      password:
+        enabled: true
+        validationStrategy: "local"
+
+    accessTokenCookie:
+      name: "access_token"
+      httpOnly: true
+
+      # See cookie-authentication.md for explanation of
+      # how `null` values behave for these properties.
+      secure: null
+      path: null
+      domain: null
+
+    refreshTokenCookie:
+      name: "refresh_token"
+      httpOnly: true
+
+      # See cookie-authentication.md for explanation of
+      # how `null` values behave for these properties.
+      secure: null
+      path: null
+      domain: null
+
+    # By default the Stormpath integration will respond to JSON and HTML
+    # requests.  If a requested type is not in this list, the Stormpath
+    # integration should pass on the request, and allow the developer or base
+    # framework to handle the response.
+    #
+    # If the request does not specify an Accept header, or the preferred content
+    # type is */*, the Stormpath integration will respond with the first type in
+    # this list.
+    produces:
+      - application/json
+      - text/html
+
+    register:
+      enabled: true
+      uri: "/register"
+      nextUri: "/"
+      autoLogin: false
+      form:
+        fields:
+          givenName:
+            enabled: true
+            visible: true
+            label: "First Name"
+            placeholder: "First Name"
+            required: true
+            type: "text"
+          middleName:
+            enabled: false
+            visible: true
+            label: "Middle Name"
+            placeholder: "Middle Name"
+            required: true
+            type: "text"
+          surname:
+            enabled: true
+            visible: true
+            label: "Last Name"
+            placeholder: "Last Name"
+            required: true
+            type: "text"
+          username:
+            enabled: false
+            visible: true
+            label: "Username"
+            placeholder: "Username"
+            required: true
+            type: "text"
+          email:
+            enabled: true
+            visible: true
+            label: "Email"
+            placeholder: "Email"
+            required: true
+            type: "email"
+          password:
+            enabled: true
+            visible: true
+            label: "Password"
+            placeholder: "Password"
+            required: true
+            type: "password"
+          confirmPassword:
+            enabled: false
+            visible: true
+            label: "Confirm Password"
+            placeholder: "Confirm Password"
+            required: true
+            type: "password"
+        fieldOrder:
+          - "username"
+          - "givenName"
+          - "middleName"
+          - "surname"
+          - "email"
+          - "password"
+          - "confirmPassword"
+      view: "stormpath/rails/register/new"
+
+    # Unless verifyEmail.enabled is specifically set to false, the email
+    # verification feature must be automatically enabled if the default account
+    # store for the defined Stormpath application has the email verification
+    # workflow enabled.
+    verifyEmail:
+      enabled: null
+      uri: "/verify"
+      nextUri: "/login?status=verified"
+      view: "stormpath/rails/verify_email/new"
+
+    login:
+      enabled: true
+      uri: "/login"
+      nextUri: "/"
+      view: "stormpath/rails/login/new"
+      form:
+        fields:
+          login:
+            enabled: true
+            visible: true
+            label: "Username or Email"
+            placeholder: "Username or Email"
+            required: true
+            type: "text"
+          password:
+            enabled: true
+            visible: true
+            label: "Password"
+            placeholder: "Password"
+            required: true
+            type: "password"
+        fieldOrder:
+          - "login"
+          - "password"
+
+    logout:
+      enabled: true
+      uri: "/logout"
+      nextUri: "/"
+
+    # Unless forgotPassword.enabled is explicitly set to false, this feature
+    # will be automatically enabled if the default account store for the defined
+    # Stormpath application has the password reset workflow enabled.
+    forgotPassword:
+      enabled: null
+      uri: "/forgot"
+      view: "stormpath/rails/forgot_password/new"
+      nextUri: "/login?status=forgot"
+
+    # Unless changePassword.enabled is explicitly set to false, this feature
+    # will be automatically enabled if the default account store for the defined
+    # Stormpath application has the password reset workflow enabled.
+    changePassword:
+      enabled: null
+      autoLogin: false
+      uri: "/change"
+      nextUri: "/login?status=reset"
+      view: "stormpath/rails/change_password/new"
+      errorUri: "/forgot?status=invalid_sptoken"
+
+    # If idSite.enabled is true, the user should be redirected to ID site for
+    # login, registration, and password reset.  They should also be redirected
+    # through ID Site on logout.
+    idSite:
+      enabled: false
+      loginUri: ""
+      forgotUri: "/#/forgot"
+      registerUri: "/#/register"
+
+    # A callback so Stormpath can pass information to the web application. This is
+    # currently being used for ID Site, but may be used in the future for SAML,
+    # Stormpath handled social login, webhooks, and other messages from Stormpath.
+    callback:
+      enabled: true
+      uri: "/stormpathCallback"
+
+    # Social login configuration.  This defines the callback URIs for OAuth
+    # flows, and the scope that is requested of each provider.  Some providers
+    # want space-separated scopes, some want comma-separated.  As such, these
+    # string values should be passed directly, as defined.
+    #
+    # These settings have no affect if the application does not have an account
+    # store for the given provider.
+    social:
+      facebook:
+        uri: "/callbacks/facebook"
+        scope: "email"
+      github:
+        uri: "/callbacks/github"
+        scope: "user:email"
+      google:
+        uri: "/callbacks/google"
+        scope: "email profile"
+      linkedin:
+        uri: "/callbacks/linkedin"
+        scope: "r_basicprofile r_emailaddress"
+
+    # The /me route is for front-end applications, it returns a JSON object with
+    # the current user object.  The developer can opt-in to expanding account
+    # resources on this enpdoint.
+    me:
+      enabled: true
+      uri: "/me"
+      expand:
+        apiKeys: false
+        applications: false
+        customData: false
+        directory: false
+        groupMemberships: false
+        groups: false
+        providerData: false
+        tenant: false

data/lib/generators/stormpath/views/views_generator.rb

@@ -14,7 +14,7 @@ module Stormpath
       private
 
       def views
-        files_within_root('.', 'app/views/**/*.*')
+        files_within_root('.', 'app/views/stormpath/rails/**/*.*')
       end
 
       def files_within_root(prefix, glob)
@@ -26,4 +26,4 @@ module Stormpath
       end
     end
   end
-end
+end

data/lib/stormpath/rails/client.rb

@@ -5,46 +5,6 @@ module Stormpath
         attr_accessor :connection
       end
 
-      def self.create_stormpath_account(user)
-        begin
-          result = application.accounts.create build_account(user)
-        rescue Stormpath::Error => error
-          result = error.message
-        end
-
-        AccountStatus.new(result)
-      end
-
-      def self.authenticate(user)
-        begin
-          result = application.authenticate_account build_username_password_request(user)
-        rescue Stormpath::Error => error
-          result = error.message
-        end
-
-        AuthenticationStatus.new(result)
-      end
-
-      def self.reset_password(email)
-        begin
-          result = application.send_password_reset_email email
-        rescue Stormpath::Error => error
-          result = error.message
-        end
-
-        AccountStatus.new(result)
-      end
-
-      def self.verify_email_token(token)
-        begin
-          result = client.accounts.verify_email_token token
-        rescue Stormpath::Error => error
-          result = error.message
-        end
-
-        AccountStatus.new(result)
-      end
-
       def self.handle_id_site_callback(url)
         response = application.handle_id_site_callback(url)
         client.accounts.get response.account_href
@@ -54,59 +14,22 @@ module Stormpath
         application.create_id_site_url callback_uri: options[:callback_uri], path: options[:path]
       end
 
-      def self.account_params(user)
-        account_params = user.attributes.select do |k, v|
-          %W[given_name surname email username password].include?(k) && !v.nil?
-        end
-
-        account_params.merge!("password" => user.password) unless user.password.blank?
-      end
-
-      def self.update_password(account, password)
-        begin
-          account = client.accounts.get account
-          account.password = password
-          result = account.save
-        rescue Stormpath::Error => error
-          result = error.message
-        end
-
-        AccountStatus.new(result)
-      end
-      
       def self.create_omniauth_user(provider, access_token)
         request = Stormpath::Provider::AccountRequest.new(provider, :access_token, access_token)
         application.get_provider_account(request)
-      end 
+      end
 
       def self.application
-        self.client.applications.get Stormpath::Rails.config.application.href
+        client.applications.get Stormpath::Rails.config.application.href
       end
 
       def self.client
-        self.connection ||= Stormpath::Client.new(client_options)
-      end
-
-      def self.client_options
-        if Stormpath::Rails.config.api_key.file_location_provided?
-          Hash.new.tap { |options| options[:api_key_file_location] = Stormpath::Rails.config.api_key.file }
-        else
-          Hash.new.tap do |options| 
-            options[:api_key] = {}
-            options[:api_key][:id] = Stormpath::Rails.config.api_key.id
-            options[:api_key][:secret] = Stormpath::Rails.config.api_key.secret
-          end
-        end
-      end
-
-      private
-
-      def self.build_username_password_request(user)
-        Stormpath::Authentication::UsernamePasswordRequest.new user.email, user.password
-      end
-
-      def self.build_account(user)
-        Stormpath::Resource::Account.new account_params(user)
+        self.connection ||= Stormpath::Client.new(
+          api_key: {
+            id: ENV['STORMPATH_API_KEY_ID'],
+            secret: ENV['STORMPATH_API_KEY_SECRET']
+          }
+        )
       end
     end
   end

data/lib/stormpath/rails/config/account_store_verification.rb

@@ -0,0 +1,45 @@
+module Stormpath
+  module Rails
+    module Config
+      class AccountStoreVerification
+        attr_reader :app, :register_is_enabled
+
+        def initialize(app_href, register_is_enabled)
+          @app = Stormpath::Rails::Client.client.applications.get(app_href)
+          @register_is_enabled = register_is_enabled
+        end
+
+        def call
+          verify_there_are_any_account_store_mappings
+          verify_there_is_a_default_account_store if register_is_enabled
+        end
+
+        private
+
+        def verify_there_are_any_account_store_mappings
+          return if app_has_account_store_mappings?
+          raise(
+            InvalidConfiguration,
+            'No account stores are mapped to the specified application. Account stores are required for login and registration.'
+          )
+        end
+
+        def verify_there_is_a_default_account_store
+          return if app_has_default_account_store_mapping?
+          raise(
+            InvalidConfiguration,
+            'No default account store is mapped to the specified application. A default account store is required for registration.'
+          )
+        end
+
+        def app_has_account_store_mappings?
+          app.account_store_mappings.any?
+        end
+
+        def app_has_default_account_store_mapping?
+          app.default_account_store_mapping.present?
+        end
+      end
+    end
+  end
+end

data/lib/stormpath/rails/config/application_resolution.rb

@@ -0,0 +1,76 @@
+module Stormpath
+  module Rails
+    module Config
+      class ApplicationResolution
+        attr_reader :href, :name
+
+        AUTOMATIC_RESOLUTION_ERROR_MESSAGE =
+          'Could not automatically resolve a Stormpath Application. '\
+          'Please specify your Stormpath Application in your configuration.'.freeze
+
+        def initialize(href, name)
+          @href = href
+          @name = name
+        end
+
+        def app
+          if href.present?
+            app_from_href
+          elsif name.present?
+            app_from_name
+          else
+            automatic_resolution
+          end
+        end
+
+        private
+
+        def automatic_resolution
+          if client_has_exactly_two_applications?
+            client_applications.find { |app| app.name != 'Stormpath' }
+          else
+            raise(InvalidConfiguration, AUTOMATIC_RESOLUTION_ERROR_MESSAGE)
+          end
+        end
+
+        def client_has_exactly_two_applications?
+          client_applications.count == 2
+        end
+
+        def client_applications
+          Stormpath::Rails::Client.client.applications
+        end
+
+        def app_from_href
+          verify_application_href
+          begin
+            Stormpath::Rails::Client.client.applications.get(href)
+          rescue Stormpath::Error => error
+            raise if error.status != 404
+            raise(
+              InvalidConfiguration,
+              "The provided application could not be found. The provided application href was: #{href}"
+            )
+          end
+        end
+
+        def verify_application_href
+          if href && href !~ /applications/
+            raise(
+              InvalidConfiguration,
+              "#{href} is not a valid Stormpath Application href."
+            )
+          end
+        end
+
+        def app_from_name
+          application = Stormpath::Rails::Client.client.applications.search(name: name).first
+          application || raise(
+            InvalidConfiguration,
+            "The provided application could not be found. The provided application name was: #{name}"
+          )
+        end
+      end
+    end
+  end
+end

data/lib/stormpath/rails/config/dynamic_configuration.rb

@@ -0,0 +1,50 @@
+module Stormpath
+  module Rails
+    module Config
+      class DynamicConfiguration
+        attr_reader :static_config
+
+        def initialize(static_config)
+          @static_config = static_config
+          proccess_account_store_verification
+        end
+
+        def app
+          @app ||= Config::ApplicationResolution.new(
+            static_config.stormpath.application.href,
+            static_config.stormpath.application.name
+          ).app
+        end
+
+        def forgot_password_enabled?
+          return false if static_config.stormpath.web.forgot_password.enabled == false
+          password_reset_enabled?
+        end
+
+        def change_password_enabled?
+          return false if static_config.stormpath.web.change_password.enabled == false
+          password_reset_enabled?
+        end
+
+        private
+
+        def password_reset_enabled?
+          return false if default_account_store.nil?
+          default_account_store.password_policy.reset_email_status == 'ENABLED'
+        end
+
+        def default_account_store
+          @default_account_store ||=
+            app.default_account_store_mapping && app.default_account_store_mapping.account_store
+        end
+
+        def proccess_account_store_verification
+          AccountStoreVerification.new(
+            app.href,
+            static_config.stormpath.web.register.enabled
+          ).call
+        end
+      end
+    end
+  end
+end

data/lib/stormpath/rails/config/read_file.rb

@@ -0,0 +1,35 @@
+module Stormpath
+  module Rails
+    module Config
+      class ReadFile
+        attr_reader :file_path
+
+        def initialize(file_path)
+          @file_path = file_path
+        end
+
+        def hash
+          @hash ||= snakecased_hash
+        end
+
+        private
+
+        def snakecased_hash
+          camelized_hash.deep_transform_keys(&:underscore)
+        end
+
+        def camelized_hash
+          YAML.load(evaluated_file)
+        end
+
+        def evaluated_file
+          ERB.new(file).result(binding)
+        end
+
+        def file
+          File.read(file_path)
+        end
+      end
+    end
+  end
+end