wordjelly-auth 0.0.1

data/app/controllers/auth/concerns/otp_concern.rb

@@ -0,0 +1,251 @@
+module Auth::Concerns::OtpConcern
+	extend ActiveSupport::Concern
+
+	included do 
+		include Auth::Concerns::DeviseConcern
+	    ##refer to auth/applicationcontroller for the not_found def, and its rescue block.
+	    before_filter :do_before_request
+	    before_filter :initialize_vars
+	    before_filter :check_recaptcha, only: [:send_sms_otp,:verify_otp]
+	    
+	end
+
+	def initialize_vars
+	  	##deep symbolize the incoming params after passing through permitted params.
+	  	
+	  	@resource_params = permitted_params.deep_symbolize_keys
+	  	
+	  	##if the resource is defined, assign the class and the symbol for use further in the file
+	  	##eg: resource is provided in the route as : users, so 
+	  	##@resource_class => User
+	  	##@resource_symbol =>  :user
+
+	  	if collection = @resource_params[:resource]
+	  		##check that the resource exists in the auth_configuration
+	  		if Auth.configuration.auth_resources[collection.singularize.capitalize]
+	  			@resource_class = collection.singularize.capitalize.constantize
+	  			@resource_symbol = collection.singularize.to_sym
+	  					
+	  			
+	  			##this is either the provided email(in case of forgot_password form, we pass in the additional_login_param under the email key itself.#ref auth/modals/forgot_password_content.html.erb)
+	  			if @resource_params[@resource_symbol]
+				  	@additional_login_param = @resource_params[@resource_symbol][:email] || @resource_params[@resource_symbol][:additional_login_param]
+				  	
+				  	
+
+				  	##the otp provided by the user, only used in the verify_otp action.
+				  	@otp = @resource_params[@resource_symbol][:otp]
+				  	
+				  	##the resource_id of the user, only used in the short_polling endpoint.
+				  	@resource_id = @resource_params[@resource_symbol][:_id]
+				  	
+	  			end
+
+	  		else
+	  			##have to have some way of showing these errors.
+	  			not_found("provided resource not found in app")
+	  		end
+	  	else
+	  		not_found("no resource collection provided")
+	  	end
+	  	
+	  	##the intent , passed into the send_sms_otp endpoint, and thereafter added to the verify_otp_path, in the new_otp_input.html.erb
+	  	##set as default to empty so that it doesnt screw up in the partials, screaming undefined.
+	  	@intent = @resource_params[:intent] or ""
+	  	
+	  	
+	  	##the default response status, can be changed in the action depending on individual situations.
+	  	@response_status = 200
+	end
+
+  	##CALLED WHEN THE USER HAS ENTERED HIS MOBILE NUMBER, SO THAT HE GETS ANOTHER OTP
+  	def send_sms_otp
+	  	##IF THERE IS AN INTENT,THEN WE MUST HAVE A CONFIRMED ACCOUNT.
+	  	##OTHERWISE WE DONT NEED THAT.
+	  	##WHY?
+	  	##because : suppose that we are calling send_sms_otp from the forgot_password / unlocks controller -> then we have to ensure that the account has been verified.
+	  	##otherwise we cannot send otp's to non-verified phone numbers to do things like reset_passwords / unlock 
+	  	##on the other hand in case there is no intent, like in case of resend_otp -> then we can only check if we have an account with this mobile number or not, no need to check for verification.
+	  	conditions = @intent.blank? ? {:additional_login_param => @additional_login_param} : {:additional_login_param => @additional_login_param, :additional_login_param_status => 2}
+	  
+	  	if @additional_login_param.nil?
+	  		@status = 422
+	  		resource = @resource_class.new
+	  		resource.errors.add(:additional_login_param,"Additional login param not provided")
+	  	elsif resource = @resource_class.where(conditions).first
+	  		#resource.intent_token = Devise.friendly_token if !@intent.blank?
+	  		#resource.save
+	  		resource.m_client = self.m_client
+	 		resource.set_client_authentication
+	  		resource.send_sms_otp
+	  	elsif resource = @resource_class.new
+	  		@status = 422
+	  		resource.errors.add(:additional_login_param,"Could not find a resource with that additional login param")
+	  	end 
+	  	@auth_user = resource
+	  	respond_to do |format|
+			format.json {render json: resource.to_json({:otp_verification => true}), status: @status}
+			format.js   {render :partial => "auth/confirmations/new_otp_input.js.erb", locals: {resource: resource, intent: @intent}}
+			format.html {render 'auth/confirmations/enter_otp.html.erb'}
+		end
+  	end
+
+  	## this is only used for the modal based things
+  	## has no role otherwise.
+  	##CALLED WHEN WE WANT TO SHOW THE USER A MODAL TO RE-ENTER HIS MOBILE NUMBER SO THAT WE CAN AGAIN SEND AN OTP TO IT.
+  	def resend_sms_otp
+  		resource = @resource_class.new
+  		respond_to do |format|
+		  format.json {render json: resource.to_json, status: @status}
+		  format.js   {render "auth/confirmations/_resend_otp.js.erb", locals: {resource: resource, intent: @intent}}
+		end
+  	end
+
+	##CALLED WHEN THE USER ENTERS THE OTP SENT ON HIS MOBILE
+	##VERIFIES THE OTP WITH THE THIRD PARTY API.
+	def verify_otp
+	  	if resource = @resource_class.where(:additional_login_param => @additional_login_param).first 
+	  		resource.m_client = self.m_client
+	 		resource.set_client_authentication
+	 		
+	  		##there are no errors, so we proceed with verification.
+	  		if otp_error = resource.check_otp_errors
+	  			@status = 422
+	  			resource.errors.add(:additional_login_param,otp_error)
+	  		else
+	  			resource.verify_sms_otp(@otp)
+	  			## just setting so that it is available on the resource object.
+	  			resource.otp = @otp
+	  		end
+	  	else
+	  		resource = @resource_class.new
+	  		resource.errors.add(:additional_login_param,"Not Found")
+	  		@status = 400
+	  	end
+	  	@auth_user = resource
+	  	respond_to do |format|
+  		  format.json {render json: resource.as_json({:otp_verification => true}), status: @status}
+  		  format.js   {render :partial => "auth/confirmations/verify_otp.js.erb", locals: {resource: resource, intent: @intent, otp: @otp}}
+  		  format.html {render "auth/confirmations/get_otp_status.html.erb"}
+  		end
+	end
+
+
+  	##SHORT-POLLING ENDPOINT TO DETERMINE IF THE OTP WAS VALID.
+  	##CALLED IN THE POST-VERIFICATION PAGE.
+  	##error returns for this def are different, because it is requested using json from the verify_otp.js.erb partial
+  	##as a result, in case there is an error in the controller action itslef below(eg. wherever there is a 422/400), then the following happens.
+  	##spinner.js
+  	##//catches any non 200/201 status and interprets it as an error
+  	##//thereafter directly show_error_modal is called.
+  	##//i could have written logic specific for otp_verification_result, by checking if it is there in the request_url, but did not do so, because otp is not always going to be in the engine, so otp should not be hardcoded anywhere.
+  	##//the error lands up being shown inside show_error_modal, by means of json parsing the incoming string, and showing json[:errors] as the error message.
+  	##on the other hand, if there is any othe rtype of error in the before_filter initialize_vars, then that raises a not_found and is handled by rendering a json response with errors, and a 422 so again it is handled by spinner as above.
+  	def otp_verification_result
+
+  		## a message to display on the website after the otp is successfully verified in case of forgot_password or unlock_account.
+	  	intent_verification_message = nil
+	  	res_verified = false
+	  	##first check the errors
+	  	
+
+	  	if resource = @resource_class.where(:additional_login_param => @additional_login_param, :otp => @otp).first
+	  		
+	  		if otp_error = resource.check_otp_errors
+	  			@status = 422
+		  		resource.errors.add(:additional_login_param,otp_error)
+	  		else
+	  			resource.m_client = self.m_client
+	 			resource.set_client_authentication	
+			  	if resource.additional_login_param_confirmed? 
+				  	puts "resource additional login param is confirmed."
+				  	puts "intent is: #{@intent}"
+				  	if @intent == "reset_password"
+				  		
+				  		##protected method so had to do this.
+				  		if resource.confirmed? && !resource.	pending_reconfirmation?
+				  			resource.class.send_reset_password_instructions(resource.attributes)
+				  			
+				  			intent_verification_message = "An email has been sent to your email account, with instructions on resetting your password" if resource.errors.empty?
+				  			
+
+				  			
+				  			##if successfull_sent ->
+				  			##else
+				  			## here error is added anyway to resource.
+				  			##end
+				  			##we want to send the reset password instructions, but using the email.
+				  		else
+				  			
+				  			resource.errors.add(:additional_login_param,"you do not have a confirmed email account set for this account, you cannot recover the password.")
+				  			
+				  			@status = 400
+				  		end
+				  		#raw_token = resource.send(:set_reset_password_token)
+				  		#intent_url = send("edit_#{@resource_symbol.to_s}_password_path",{:reset_password_token => raw_token})
+				  	elsif @intent == "unlock_account"
+				  		##here normally would be resource.unlock.
+				  		##code from https://github.com/plataformatec/devise/blob/master/lib/devise/models/lockable.rb#send_unlock_instructions
+				  		#puts "came to unlocks."
+				  		
+				  		#raw, enc = Devise.token_generator.generate(@resource.class, :unlock_token)
+	        			#@resource.unlock_token = enc
+	        			#@resource.save(validate: false)
+						
+
+
+						if resource.confirmed? && !resource.	pending_reconfirmation?
+
+							resource.send_unlock_instructions 
+
+							intent_verification_message = "An email has been sent to your email account, with instructions on unlocking your account" if resource.errors.empty?
+						else
+							
+
+	        				resource.errors.add(:additional_login_param,"cannot send unlock instructions because you dont have a confirmed email address.")
+
+	        		    end
+				  				        			
+	        			#intent_url = send("#{@resource_symbol.to_s}_unlock_path",{:unlock_token => raw})
+				  	end
+				  	##make the intent token nil, it can be used only thus once.
+				  	
+			  	end
+			end
+		else
+			resource = @resource_class.new
+			@status = 422
+			puts "came here."
+			resource.errors.add(:additional_login_param,"Either otp or additional login param is incorrect, try resend otp")
+		end
+
+		#puts @resource.attributes.to_s
+		@auth_user = resource
+	  	respond_to do |format|
+	  	  format.json {render json: {:intent_verification_message => intent_verification_message, :errors => resource.errors.full_messages, :resource => resource.as_json({:otp_verification => true}), :verified => (resource.additional_login_param_confirmed? && resource.errors.empty?)}, status: @status}
+	  	  format.html {render "auth/confirmations/otp_status_result.html.erb"}
+	  	end
+ 	end
+
+
+
+	def permitted_params
+	  	if action_name == "resend_sms_otp"
+	  		##the resource_collection_path => pluralized downcased model name eg. users
+	  		params.permit(:intent,:resource,:api_key,:current_app_id)
+	  	else
+	  		##post_verification_intent => "reset_password" OR "unlock"
+	  		##had to add email here because in the passwords form, and the unlocks form, we have to serve either additional_login_param or email, so in order to make it work with the existing devise controllers decided to keep the param coming in as email, and sending errors back also on the email attribute,[all this is only relevant to the send_sms_otp action]
+	  		##it will take all the models provided in the authentication_keys in the Auth configuration file.
+	  		filters = []
+	  		Auth.configuration.auth_resources.keys.each do |model|
+	  			filters << {model.downcase.to_sym => [:additional_login_param, :otp, :email, :_id]}
+	  		end
+	  		filters << [:intent, :resource,:api_key,:current_app_id]
+	  		filters << "g-recaptcha-response".to_sym
+	  		params.permit(filters)
+	  	end
+	end	
+
+
+end

data/app/controllers/auth/concerns/shopping/cart_controller_concern.rb

@@ -0,0 +1,105 @@
+module Auth::Concerns::Shopping::CartControllerConcern
+
+  extend ActiveSupport::Concern
+
+  included do
+    
+  end
+
+  ##if an id is provided in the permitted params then tries to find that in the database, and makes a new cart item out of it.
+  #if no id is provided then creates a new cart_item from the permitted params, but excluding the id key.
+  #if a collection i.e plural resources is present in the permitted_params and its also there in our auth resources, then create a resource class and resource symbol out of it and assign resource as in the comments.
+  def initialize_vars
+    
+    instantiate_shopping_classes
+   
+    @auth_shopping_cart_params = permitted_params.fetch(:cart,{})
+    
+    @auth_shopping_cart = params[:id] ? @auth_shopping_cart_class.find_self(params[:id],current_signed_in_resource) : @auth_shopping_cart_class.new(@auth_shopping_cart_params)
+        
+  end
+
+  ##override the as_json for cart_item, to show errors if there are any, otherwise just the id.
+  def show
+    
+    not_found if @auth_shopping_cart.nil?
+    @auth_shopping_cart.prepare_cart
+    @auth_shopping_cart_items = @auth_shopping_cart.cart_items
+    
+    respond_with @auth_shopping_cart
+  end
+
+  ##responds with an array of the created cart items.
+  ##resource id is set only during create, never during update.
+  def create
+    check_for_create(@auth_shopping_cart)
+    @auth_shopping_cart = add_owner_and_signed_in_resource(@auth_shopping_cart)
+   
+    @auth_shopping_cart.save
+    @auth_shopping_cart.prepare_cart
+    respond_with @auth_shopping_cart
+  end
+
+  ## always returns an empty array.
+  def update
+    check_for_update(@auth_shopping_cart)
+    
+    @auth_shopping_cart.assign_attributes(@auth_shopping_cart_params)
+    
+    @auth_shopping_cart = add_owner_and_signed_in_resource(@auth_shopping_cart)
+
+    puts 'the auth shopping cart signed in resource is:' 
+    puts @auth_shopping_cart.signed_in_resource
+
+    @auth_shopping_cart.save
+    @auth_shopping_cart.prepare_cart
+    respond_with @auth_shopping_cart
+  end
+
+  ##will respond with nothing, or an array of cart_items that were removed, or whatever errors they have for not remvoing them.
+  def destroy    
+    check_for_destroy(@auth_shopping_cart)
+    @auth_shopping_cart.prepare_cart
+    @auth_shopping_cart.destroy
+    respond_with @auth_shopping_cart
+  end
+
+  ## returns all the carts of the user.
+  ## basically all his orders.
+  def index
+    @auth_shopping_carts = @auth_shopping_cart_class.where(:resource_id => lookup_resource.id.to_s)
+    respond_with @auth_shopping_carts
+  end
+
+  def new
+
+  end
+
+  def edit
+
+  end
+
+
+  ############################################################
+  ##
+  ##
+  ## GIVEN product ids, first create cart items, then  CREATE CART
+  ##
+  ## USED FROM THE DISCOUNT_OBJECT_SHOW PAGE
+  ##
+  ############################################################
+
+  def bulk_create
+    ## first create cart items.
+    ## this will bypass the controller and create problems.
+  end
+
+
+  private
+
+  ##override this def in your controller, and add attributes to transaction:[], each of the attributes in the transaction key will be cycled through, and if those fields exist on the cart_item, then they will be set.
+  def permitted_params
+    params.permit({cart: [:discount_id,:name, :notes, {:add_cart_item_ids => []},{:remove_cart_item_ids => []}]},:id)
+  end
+
+end

data/app/controllers/auth/concerns/shopping/cart_item_controller_concern.rb

@@ -0,0 +1,150 @@
+module Auth::Concerns::Shopping::CartItemControllerConcern
+
+  extend ActiveSupport::Concern
+
+  included do
+      
+    ## to be able to initialize a cart item from a product
+    ## inside the create_multiple def.
+    include Auth::Shopping::Products::ProductsHelper
+
+  end
+
+  
+
+  ##if an id is provided in the permitted params then tries to find that in the database, and makes a new cart item out of it.
+  #if no id is provided then creates a new cart_item from the permitted params, but excluding the id key.
+  #if a collection i.e plural resources is present in the permitted_params and its also there in our auth resources, then create a resource class and resource symbol out of it and assign resource as in the comments.
+  def initialize_vars
+    instantiate_shopping_classes
+
+    @auth_shopping_discount_object_params = permitted_params.fetch(:discount,{})
+
+    
+    if !@auth_shopping_discount_object_params.blank?
+
+    @auth_shopping_discount = params[:id] ? @auth_shopping_discount_class.find(params[:id]) : @auth_shopping_discount_class.new(@auth_shopping_discount_object_params)
+    
+    end
+
+    @auth_shopping_cart_item_params = permitted_params.fetch(:cart_item,{})
+    @auth_shopping_cart_item = params[:id] ? @auth_shopping_cart_item_class.find_self(params[:id],current_signed_in_resource) : @auth_shopping_cart_item_class.new(@auth_shopping_cart_item_params)
+    
+  end
+
+
+  ##expects the product id, resource_id is the logged in resource, and quantity 
+  def create
+    ##ensure that the cart item is new
+   
+    check_for_create(@auth_shopping_cart_item)
+    @auth_shopping_cart_item = add_owner_and_signed_in_resource(@auth_shopping_cart_item)
+     
+    @auth_shopping_cart_item.save
+
+    respond_with @auth_shopping_cart_item
+  end
+
+  ##only permits the quantity to be changed, transaction id is internally assigned and can never be changed by the external world.
+  def update
+    check_for_update(@auth_shopping_cart_item)
+    @auth_shopping_cart_item.assign_attributes(@auth_shopping_cart_item_params)
+    @auth_shopping_cart_item = add_owner_and_signed_in_resource(@auth_shopping_cart_item)  
+    @auth_shopping_cart_item.save
+    puts @auth_shopping_cart_item.errors.full_messages.to_s
+    respond_with @auth_shopping_cart_item
+  end
+
+  def show
+    not_found if @auth_shopping_cart_item.nil?
+    respond_with @auth_shopping_cart_item 
+  end
+
+  ##should show those cart items which do not have a parent_id.
+  ##since these are the pending cart items.
+  ##all remaining cart items have already been assigned to carts
+  def index
+    @auth_shopping_cart_items = @auth_shopping_cart_item_class.find_cart_items({:resource => lookup_resource}).page 1
+    respond_with @auth_shopping_cart_items
+  end
+
+
+  ##can be removed.
+  ##responds with 204, and empty response body, if all is ok.
+  def destroy
+    not_found if @auth_shopping_cart_item.nil?
+    puts "the accepted is:"
+    puts @auth_shopping_cart_item.accepted.to_s
+    @auth_shopping_cart_item.destroy
+    respond_with @auth_shopping_cart_item
+  end
+
+  ############################################################
+  ##
+  ##
+  ## BULK ITEM CREATE.
+  ## This is utilized to create multiple cart items, first , 
+  ## then redirects to create a cart, with those cart items.
+  ##
+  ##
+  ############################################################
+  def create_multiple
+    #puts "came to create multiple."
+    #puts "params are:"
+    #puts params.to_s
+    @auth_shopping_cart_items = []
+    @auth_shopping_cart = @auth_shopping_cart_class.new(:add_cart_item_ids => [], :remove_cart_item_ids => [])
+    #puts "auth shopping discount is:"
+    #puts @auth_shopping_discount.to_s
+    @auth_shopping_cart.discount_id = @auth_shopping_discount.id.to_s
+    
+
+    #puts "is it is a new record"
+    #puts @auth_shopping_discount.new_record?
+    unless @auth_shopping_discount.new_record?
+      @auth_shopping_discount.product_ids.each do |product_id|
+        
+        if product = @auth_shopping_product_class.find(product_id)
+         
+          cart_item = create_cart_item_from_product(product)
+          cart_item = add_owner_and_signed_in_resource(cart_item)  
+          
+          if cart_item.save == true
+            @auth_shopping_cart_items << cart_item
+            @auth_shopping_cart.add_cart_item_ids << cart_item.id.to_s
+          else
+            puts "the errors trying to save the item"
+            puts cart_item.errors.full_messages.to_s
+          end
+        end
+        
+      end
+    else
+
+    end
+    
+     
+
+  end
+
+  ## this permitted params is overridden in the dummy app, and as a result throws unpermitted parameters for the daughter app parameters, even though they are subsequently permitted, since super is called first.
+  def permitted_params
+
+    
+    if action_name.to_s == "update" && !current_signed_in_resource.is_admin?
+
+      
+      params.permit({cart_item: [:discount_code,:quantity]},:id)
+
+    elsif action_name.to_s == "create_multiple"
+      params.permit({discount: [:id, {:product_ids => []}]})
+    else
+
+      params.permit({cart_item: [:product_id,:discount_code,:quantity]},:id)
+
+    end
+
+
+  end
+
+end