trainmaster 0.1.0

data/app/helpers/trainmaster/sessions_helper.rb

@@ -0,0 +1,4 @@
+module Trainmaster
+  module SessionsHelper
+  end
+end

data/app/helpers/trainmaster/users_helper.rb

@@ -0,0 +1,4 @@
+module Trainmaster
+  module UsersHelper
+  end
+end

data/app/jobs/trainmaster/sessions_cleanup_job.rb

@@ -0,0 +1,13 @@
+module Trainmaster
+  class SessionsCleanupJob < ActiveJob::Base
+    queue_as :default
+
+    def perform(*args)
+      # Do something later
+      args.each do |uuid|
+        session = Session.find_by_uuid(uuid)
+        session.destroy()
+      end
+    end
+  end
+end

data/app/mailers/application_mailer.rb

@@ -0,0 +1,4 @@
+class ApplicationMailer < ActionMailer::Base
+  default from: Trainmaster::MAILER_EMAIL
+  layout 'mailer'
+end

data/app/mailers/trainmaster/user_mailer.rb

@@ -0,0 +1,14 @@
+module Trainmaster
+  class UserMailer < ApplicationMailer
+
+    def email_verification(user)
+      @user = user
+      mail(to: @user.username, subject: "[trainmaster] Email Confirmation")
+    end
+
+    def password_reset(user)
+      @user = user
+      mail(to: @user.username, subject: "[trainmaster] Password Reset")
+    end
+  end
+end

data/app/models/trainmaster/session.rb

@@ -0,0 +1,56 @@
+module Trainmaster
+  class Session < ActiveRecord::Base
+    include Repia::Support::UUIDModel
+
+    # Does not act as paranoid since session objects will be frequently
+    # created.
+
+    belongs_to :user, foreign_key: "user_uuid", primary_key: "uuid"
+    validates :user, presence: true
+
+    ##
+    # Creates a session object. The attributes must include user. The secret
+    # to the JWT is generated here and is unique to the session being
+    # created. Since the JWT includes the session id, the secret can be
+    # retrieved.
+    #
+    def initialize(attributes = {})
+      seconds = attributes.delete(:seconds) || (24 * 3600 * 14)
+      super
+      self.uuid = UUIDTools::UUID.timestamp_create().to_s
+      iat = Time.now.to_i
+      payload = {
+        user_uuid: self.user.uuid,
+        session_uuid: self.uuid,
+        role: self.user.role,
+        iat: iat,
+        exp: iat + seconds
+      }
+      self.secret = UUIDTools::UUID.random_create
+      self.token = JWT.encode(payload, self.secret, 'HS256')
+    end
+
+    ##
+    # Determines if the session has expired or not.
+    #
+    def expired?
+      begin
+        JWT.decode self.token, nil, false
+      rescue JWT::ExpiredSignature
+        return true
+      end
+      return false
+    end
+
+    ##
+    # Returns the role of the session user.
+    #
+    def role
+      if !instance_variable_defined?(:@role)
+        @role = user.role
+      end
+      return @role
+    end
+
+  end
+end

data/app/models/trainmaster/user.rb

@@ -0,0 +1,77 @@
+module Trainmaster
+  class User < ActiveRecord::Base
+    include Repia::Support::UUIDModel
+    acts_as_paranoid
+    has_secure_password validations: false
+
+    validates :username, uniqueness: true,
+              format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i,
+                        on: [:create, :update] }, allow_nil: true
+    validates :password, confirmation: true
+    validate :valid_user
+    before_save :default_role
+
+    alias_attribute :email, :username
+
+    ##
+    # This method validates if the user object is valid. A user is valid if
+    # username and password exist OR oauth integration exists.
+    #
+    def valid_user
+      if (self.username.blank? || self.password_digest.blank?) &&
+          (self.oauth_provider.blank? || self.oauth_uid.blank?)
+        errors.add(:username, " and password OR oauth must be specified")
+      end
+    end
+
+    ##
+    # Create a user from oauth.
+    #
+    def self.from_omniauth_hash(auth_hash)
+      params = {
+        oauth_provider: auth_hash.provider,
+        oauth_uid: auth_hash.uid
+      }
+      where(params).first_or_initialize(attributes={}) do |user|
+        user.oauth_provider = auth_hash.provider
+        user.oauth_uid = auth_hash.uid
+        user.oauth_name = auth_hash.info.name
+        user.oauth_token = auth_hash.credentials.token
+        user.oauth_expires_at = Time.at(auth_hash.credentials.expires_at)
+        user.verified = true
+        user.save!
+      end
+    end
+
+    ##
+    # Initializes the user. User is not verified initially. The user has one
+    # hour to get verified. After that, a PATCH request must be made to
+    # re-issue the verification token.
+    #
+    def initialize(attributes = {})
+      attributes[:api_key] = SecureRandom.hex(32)
+      super
+    end
+
+    ##
+    # Sets the default the role for the user if not set.
+    #
+    def default_role
+      self.role ||= Roles::USER
+    end
+
+    ##
+    # This method will generate a reset token that lasts for an hour.
+    #
+    def issue_token(kind)
+      session = Session.new(user: self, seconds: 3600)
+      session.save
+      if kind == :reset_token
+        self.reset_token = session.token
+      elsif kind == :verification_token
+        self.verification_token = session.token
+      end
+    end
+
+  end
+end

data/app/views/layouts/mailer.html.erb

@@ -0,0 +1,5 @@
+<html>
+  <body>
+    <%= yield %>
+  </body>
+</html>

data/app/views/layouts/mailer.text.erb

@@ -0,0 +1 @@
+<%= yield %>

data/app/views/layouts/trainmaster/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Trainmaster</title>
+  <%= stylesheet_link_tag    "trainmaster/application", media: "all" %>
+  <%= javascript_include_tag "trainmaster/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/app/views/trainmaster/user_mailer/email_verification.html.erb

@@ -0,0 +1,12 @@
+<p>Dear <%= @user.username %>,</p>
+
+<p>Please confirm your account with trainmaster by making a PATCH request
+on the current user with a provided verification token. For example,
+<pre>http PATCH /users/current token=<%= @user.verification_token %>
+verified=true</pre> will confirm the account. Here is the verification
+token:</p>
+
+<pre><%= @user.verification_token %></pre>
+
+<p>Thank you for using trainmaster</p>
+<p><b>trainmaster</b></p>

data/app/views/trainmaster/user_mailer/email_verification.text.erb

@@ -0,0 +1,13 @@
+Dear <%= @user.username %>,
+
+Please confirm your account with trainmaster by making a PATCH request
+on the current user with a provided verification token. For example,
+
+http PATCH /users/current token=<%= @user.verification_token %> verified=true
+
+will confirm the account. Here is the verification token:
+
+<%= @user.verification_token %>
+
+Thank you for using trainmaster,
+trainmaster

data/app/views/trainmaster/user_mailer/password_reset.html.erb

@@ -0,0 +1,14 @@
+<p>Dear <%= @user.username %>,</p>
+
+<p>You have requested to reset your password. Here are the user UUID and
+reset token. Make a PATCH request on the UUID with the reset token to set a
+new password. For instance, <pre>http PATCH /users/current token=<%=
+@user.reset_token %> password=reallysecret
+password_confirmation=reallysecret</pre> will set the password to
+<pre>reallysecret</pre> for the user to whom the reset token was issued.
+Here is the reset token:</p>
+
+<pre><%= @user.reset_token %></pre>
+
+<p>Good luck! :)</p>
+<p><b>trainmaster</b></p>

data/app/views/trainmaster/user_mailer/password_reset.text.erb

@@ -0,0 +1,15 @@
+Dear <%= @user.username %>,
+
+You have requested to reset your password. Here are the user UUID and reset
+token. Make a PATCH request on the UUID with the reset token to set a new
+password. For instance, 
+
+http PATCH /users/current token=...  password=reallysecret password_confirmation=reallysecret
+
+will set the password to "reallysecret" (without quotes) for the user to
+whom the reset token was issued.
+
+Here is the reset token: @user.reset_token
+
+Good luck! :)
+trainmaster

data/config/routes.rb

@@ -0,0 +1,10 @@
+Trainmaster::Engine.routes.draw do
+  resources :sessions
+  match 'sessions(/:id)' => 'sessions#options', via: [:options]
+
+  resources :users
+  match 'users(/:id)' => 'users#options', via: [:options]
+
+  get 'auth/:provider/callback', to: 'sessions#create'
+  # get 'auth/failure', to: 'session#create'
+end

data/db/migrate/20161120020344_create_trainmaster_users.rb

@@ -0,0 +1,23 @@
+class CreateTrainmasterUsers < ActiveRecord::Migration[5.0]
+  def change
+    create_table :trainmaster_users, id: false, force: :cascade do |t|
+      t.string :uuid, primary_key: true, null: false
+      t.string :username
+      t.string :password_digest
+      t.integer :role
+      t.string :reset_token
+      t.string :verification_token
+      t.boolean :verified, default: false
+      t.string :type
+      t.string :api_key, index: true
+      t.string :oauth_provider
+      t.string :oauth_uid
+      t.string :oauth_name
+      t.string :oauth_token
+      t.string :oauth_expires_at
+      t.datetime :deleted_at, index: true
+      t.timestamps null: false
+    end
+    add_index "trainmaster_users", ["oauth_provider", "oauth_uid"], name: "index_trainmaster_users_on_oauth_provider_and_oauth_uid"
+  end
+end

data/db/migrate/20161120020722_create_trainmaster_sessions.rb

@@ -0,0 +1,11 @@
+class CreateTrainmasterSessions < ActiveRecord::Migration[5.0]
+  def change
+    create_table :trainmaster_sessions, id: false, force: :cascade do |t|
+      t.string :uuid, primary_key: true, null: false
+      t.string :user_uuid, null: false
+      t.string :token, null: false
+      t.string :secret, null: false
+      t.timestamps null: false
+    end
+  end
+end

data/lib/tasks/trainmaster_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :trainmaster do
+#   # Task goes here
+# end

data/lib/trainmaster.rb

@@ -0,0 +1,10 @@
+require "trainmaster/engine"
+require "trainmaster/cache"
+require "trainmaster/roles"
+
+module Trainmaster
+
+  # App MUST monkey patch this constant
+  MAILER_EMAIL = "no-reply@trainmaster.com"
+
+end

data/lib/trainmaster/cache.rb

@@ -0,0 +1,28 @@
+
+module Trainmaster
+
+  ##
+  # Use this module to read from and write to cache so prefix is
+  # consistently enforced.
+  #
+  module Cache
+    CACHE_VERSION = "0.0.1"
+
+    def self.cache_key(key)
+      if key.is_a? Hash
+        key["_version"] = CACHE_VERSION
+        return key
+      else
+        return {key: key, _version: CACHE_VERSION}
+      end
+    end
+
+    def self.get(key)
+      return Rails.cache.fetch(cache_key(key))
+    end
+
+    def self.set(key, value)
+      Rails.cache.write(cache_key(key), value)
+    end
+  end
+end

data/lib/trainmaster/engine.rb

@@ -0,0 +1,9 @@
+Gem.loaded_specs['trainmaster'].dependencies.each do |d|
+ require d.name
+end
+
+module Trainmaster
+  class Engine < ::Rails::Engine
+    isolate_namespace Trainmaster
+  end
+end

data/lib/trainmaster/roles.rb

@@ -0,0 +1,12 @@
+
+module Trainmaster
+
+  # Fixed set of roles.
+  module Roles
+    PUBLIC = 0
+    USER = 10
+    ADMIN = 100
+    OWNER = 1000
+  end
+
+end

data/lib/trainmaster/version.rb

@@ -0,0 +1,3 @@
+module Trainmaster
+  VERSION = "0.1.0"
+end

data/test/controllers/trainmaster/application_controller_test.rb

@@ -0,0 +1,106 @@
+require 'test_helper'
+
+module Trainmaster
+
+  class TestsController < ApplicationController
+    def index
+      render json: {}, status: 200
+    end
+  end
+
+  class TestsControllerTest < ActionController::TestCase
+    setup do
+      Rails.cache.clear
+      @session = trainmaster_sessions(:one)
+      @token = @session.token
+      @admin_session = trainmaster_sessions(:admin_one)
+      @admin_token = @admin_session.token
+      @api_key = trainmaster_users(:one).api_key
+      @admin_api_key = trainmaster_users(:admin_one).api_key
+      # Rails.application.routes.draw do
+      Trainmaster::Engine.routes.draw do
+        match "tests" => "tests#index", via: [:get]
+      end
+      @routes = Engine.routes
+    end
+
+    teardown do
+      Trainmaster::Engine.routes.draw do
+        resources :sessions
+        match 'sessions(/:id)' => 'sessions#options', via: [:options]
+
+        resources :users
+        match 'users(/:id)' => 'users#options', via: [:options]
+      end
+    end
+
+    test "require only token" do
+      class ::Trainmaster::TestsController < ApplicationController
+        reset_callbacks :process_action
+        before_action :require_token, only: [:index]
+      end
+      get :index, params: { token: @token }
+      assert_response :success
+      get :index
+      assert_response 401
+    end
+
+    test "require only admin token" do
+      class ::Trainmaster::TestsController < ApplicationController
+        reset_callbacks :process_action
+        before_action :require_admin_token, only: [:index]
+      end
+      get :index, params: { token: @admin_token }
+      assert_response :success
+      Cache.set({kind: :session, token: @token}, @session)
+      get :index, params: { token: @token }
+      assert_response 401
+    end
+
+    test "accept only token" do
+      class ::Trainmaster::TestsController < ApplicationController
+        reset_callbacks :process_action
+        before_action :accept_token, only: [:index]
+      end
+      get :index, params: { token: @token }
+      assert_response :success
+      get :index
+      assert_response :success
+    end
+
+    test "require only api key" do
+      class ::Trainmaster::TestsController < ApplicationController
+        reset_callbacks :process_action
+        before_action :require_api_key, only: [:index]
+      end
+      get :index, params: { api_key: @api_key }
+      assert_response :success
+      get :index, params: { token: @token }
+      assert_response 401
+      get :index
+      assert_response 401
+    end
+
+    test "require only admin api key" do
+      class ::Trainmaster::TestsController < ApplicationController
+        reset_callbacks :process_action
+        before_action :require_admin_api_key, only: [:index]
+      end
+      get :index, params: { api_key: @admin_api_key }
+      assert_response :success
+      get :index, params: { api_key: @api_key }
+      assert_response 401
+    end
+
+    test "accept only api key" do
+      class ::Trainmaster::TestsController < ApplicationController
+        reset_callbacks :process_action
+        before_action :accept_api_key, only: [:index]
+      end
+      get :index, params: { api_key: @api_key }
+      assert_response :success
+      get :index
+      assert_response :success
+    end
+  end
+end