ucb_rails_user 4.0.7 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a8118f9d0b261b1ad04181b2fa0211c30535bedb47b75b1438275b6ef7c5af0
-  data.tar.gz: 7eee880cef304680125f21beaffeab8a6c95525beda0bfdb750920ab4c996f2e
+  metadata.gz: 69d322a97e81f8ca73eeaf2ed27dda97091f9cb60adca63840880c40098cc835
+  data.tar.gz: 9ee6320543f525fe409fe221ab4462c118be3cd72ed08b248661057eae882767
 SHA512:
-  metadata.gz: 9567b7aa7b943fd70cfe138345d191a84d36a92455e1eb0b6d1d472eb1bc17d09beea6c854804a7e8facea817ed8e2616ece9e27df6dda10bf95fc51e88911b8
-  data.tar.gz: 7e074a6ae931a175285882810cede02a0e83d0322d1c50302d2139df7e9230af1891e8015df91e59132cb27071e4e479b30bc1b0cacb1786b93452c2612e4e30
+  metadata.gz: b4ee1dc80e260cedd5e5cfbcb7c7de1cb493a158225926ab586bd8dbfa33ac86ca9f1dbfc213da91b11128fa59a15663a68aedca5a4aa8a118f748484afd99db
+  data.tar.gz: 54a0492f88ea47ca8a6d09a72408e046bf945618a8ad2967fdf675ed52ff89ab49f4a884dcc91805785f30eb533ddc3d257beabe8eacb8c40c243d2ba89f4c54

data/README.md

@@ -105,6 +105,20 @@ For example, if the admin screens for your app are under the `/backend` path rat
 resources :users, controller: "ucb_rails_user/users", path: "backend/users", as: :backend_users
 ```
 
+## Session Managers
+
+Authentication during login is handled by UCB's central auth system and this gem uses the [omniauth-cas](https://github.com/dlindahl/omniauth-cas) to manage the handshake. Once that is completed, we're handed the LDAP uid of the authenticated user, and, by default, this gem will attempt to pull the user's employee data and create or update a `User` record for them in the local database.
+
+This behavior can be customized by writing your own user session manager. There are two steps to do this:
+
+   1. Create a subclass of [`UcbRailsUser::UserSessionManager::Base`](https://github.com/ucb-ist-eas/ucb_rails_user/blob/main/app/models/ucb_rails_user/user_session_manager/base.rb). At a minimum you need to implement a `login` method that accepts the user's LDAP uid and returns a `User` instance (or raises an error if the process fails), and a `current_user` method that returns the `User` instance for the currently-logged-in user. [Several implementations](https://github.com/ucb-ist-eas/ucb_rails_user/tree/main/app/models/ucb_rails_user/user_session_manager) are included so you can look to these to base yours off of.
+
+   1. Open `config/initializers/ucb_rails_user.rb` in your host app and change the `user_session_manager` config setting to the class your custom implementation:
+
+```
+    config.user_session_manager = "MyApp::MyCustomUserSessionManager"
+```
+
 ## User Impersonation
 
 The impersonation feature allows admins to be logged in as a different user in the system. This is useful when trying to diagnose data-specific problems, as the admin can see exactly what the user sees.

data/app/assets/javascripts/ucb_rails_user/ucb_rails_user.js

@@ -32,7 +32,7 @@ var addDatatablesToUsersTable = function () {
     }],
   })
   var addNewHtml = '&nbsp;&nbsp;<a href="/admin/users/new" class="btn btn-primary">Add New</a>'
-  $('#DataTables_Table_0_filter').append(addNewHtml)
+  $('.ucb-rails-users-table-wrapper #DataTables_Table_0_filter').append(addNewHtml)
 }
 
 var resetImpersonateButton = function() {

data/app/models/ucb_rails_user/impersonation.rb

@@ -1,8 +1,8 @@
 class UcbRailsUser::Impersonation < ApplicationRecord
   include UcbRailsUser::Concerns::ImpersonationConcerns
 
-  # Don't add anything more here - any logic for the User class should go into
-  # UserConcerns. This will make it much easier for host apps to customize
+  # Don't add anything more here - any logic for the Impersonation class should go into
+  # ImpersonationConcerns. This will make it much easier for host apps to customize
   # behavior if they need to
   # http://guides.rubyonrails.org/engines.html#implementing-decorator-pattern-using-activesupport-concern
 

data/app/models/ucb_rails_user/user_session_manager/in_uc_path_add_to_users_table.rb

@@ -0,0 +1,39 @@
+# Session manager that attempts to pull the user record from UCPath, and
+# falls back to LDAP if needed
+
+module UcbRailsUser
+  module UserSessionManager
+
+    class InUcPathAddToUsersTable < ActiveInUserTable
+      def login(uid)
+        self.uid = uid
+
+        # try UCPath first
+        user = safely_load_user_from_api do
+          UcbRailsUser::UserUcPathService.create_or_update_user_from_ldap_uid(self.uid)
+        end
+
+        # if that doesn't work, try LDAP
+        user ||= safely_load_user_from_api do
+          UcbRailsUser::UserLdapService.create_or_update_user_from_entry(people_ou_entry)
+        end
+
+        user&.tap do |u|
+          u&.touch(:last_login_at)
+        end
+      end
+
+      private
+
+      def safely_load_user_from_api(&block)
+        begin
+          user = block.call
+        rescue StandardError
+          user = nil
+        end
+        user
+      end
+    end
+
+  end
+end

data/app/models/ucb_rails_user/user_uc_path_service.rb

@@ -0,0 +1,97 @@
+require "faraday"
+
+class UcbRailsUser::UserUcPathService
+
+  class << self
+
+    def create_or_update_user_from_ldap_uid(ldap_uid)
+      ucpath_entry = ucpath_client.fetch_employee_data(ldap_uid)
+      return nil unless ucpath_entry.present?
+
+      User.find_or_initialize_by(ldap_uid: ldap_uid).tap do |user|
+        name_entry = parse_name(ucpath_entry)
+        user.first_name = name_entry["givenName"]
+        user.last_name = name_entry["familyName"]
+        user.employee_id = ucpath_entry["identifiers"]&.detect do |id|
+          id["type"] == "hr-employee-id"
+        end&.fetch("id")
+        user.email = parse_email(ucpath_entry)
+        user.inactive_flag = false # any way to pull this from the API?
+        user.save!
+      end
+    end
+
+    def parse_name(entry)
+      return nil unless entry.present?
+      find_name_by_type(entry["names"], "PRF") ||
+        find_name_by_type(entry["names"], "PRI")
+    end
+
+    def find_name_by_type(names, type)
+      names&.detect do |n|
+        n.dig("type", "code") == type
+      end
+    end
+
+    def parse_email(entry)
+      email_entry =
+        entry["emails"]&.detect do |email|
+          email["primary"] == true
+        end
+      email_entry ||= entry["emails"]&.first # if there's no primary email, grab whatever we can
+      email_entry&.fetch("emailAddress")
+    end
+
+    def ucpath_client
+      UcPathClient.new
+    end
+
+  end
+
+  class UcPathClient
+    attr_reader :app_id, :app_key, :endpoint
+
+    def initialize
+      credentials =
+        Rails.application.credentials.ucpath || Rails.application.credentials.hcm
+      @app_id  = credentials&.fetch(:app_id)
+      @app_key = credentials&.fetch(:app_key)
+      @endpoint = credentials&.fetch(:endpoint)
+    end
+
+    def fetch_employee_data(ldap_uid)
+      if [app_id, app_key, endpoint].any?(&:blank?)
+        Rails.logger.warn missing_api_values_message
+        return nil
+      end
+
+      response =
+        Faraday.get("#{endpoint}/employees/#{ldap_uid}") do |req|
+          req.params["id-type"] = "campus-uid"
+          req.headers["Accept"] = "application/json"
+          req.headers["app_id"] = app_id
+          req.headers["app_key"] = app_key
+        end
+      parse_response(response)&.first
+    end
+
+    private
+
+    def parse_response(response)
+      return nil if !response.success? || response.body.empty?
+      JSON.parse(response.body)&.fetch("response")
+    end
+
+    def missing_api_values_message
+      <<~END_MSG.strip
+        It looks like you're trying to use the preferred user name feature of
+        ucb_rails_user, but the host app has not provided all of the expected
+        credentials to access the UCPath API.
+        To resolve this, add an "hcm" section to the Rails credentials file of
+        the host app, and provide values for app_id, app_key, and endpoint.
+      END_MSG
+    end
+  end
+
+end
+

data/app/views/ucb_rails_user/users/index.html.haml

@@ -2,7 +2,7 @@
   %h1
     Users
 
-.table-responsive
+.table-responsive.ucb-rails-users-table-wrapper
   %table.table.table-striped.table-bordered.table-hover.ucb-rails-users-table
     %thead
       %tr

data/lib/ucb_rails_user/version.rb

@@ -1,3 +1,3 @@
 module UcbRailsUser
-  VERSION = '4.0.7'
+  VERSION = '4.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ucb_rails_user
 version: !ruby/object:Gem::Version
-  version: 4.0.7
+  version: 4.1.0
 platform: ruby
 authors:
 - Steve Downey
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-14 00:00:00.000000000 Z
+date: 2022-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -19,14 +19,34 @@ dependencies:
     requirements:
     - - ">"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: sprockets-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: haml
   requirement: !ruby/object:Gem::Requirement
@@ -126,53 +146,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: puma
+  name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.3'
-  type: :development
+        version: '1.0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.3'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: puma
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '5.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
-    - - "<"
+        version: '5.6'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.5'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: factory_bot_rails
   requirement: !ruby/object:Gem::Requirement
@@ -308,8 +336,10 @@ files:
 - app/models/ucb_rails_user/user_session_manager/base.rb
 - app/models/ucb_rails_user/user_session_manager/in_people_ou.rb
 - app/models/ucb_rails_user/user_session_manager/in_people_ou_add_to_users_table.rb
+- app/models/ucb_rails_user/user_session_manager/in_uc_path_add_to_users_table.rb
 - app/models/ucb_rails_user/user_session_manager/ldap_person_user_wrapper.rb
 - app/models/ucb_rails_user/user_session_manager/test_session_manager.rb
+- app/models/ucb_rails_user/user_uc_path_service.rb
 - app/models/user.rb
 - app/views/ucb_rails_user/home/logged_in.html.haml
 - app/views/ucb_rails_user/home/not_logged_in.html.haml
@@ -356,7 +386,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Rails engine for UCB user accounts