zaikio-oauth_client 0.11.0 → 0.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3caeb6fd8b46df684ae2ead61a41965d33d0c8447576ca3dd4472e035917732
-  data.tar.gz: 7efeeb1977f82515ac60e41dfeec76a2e03867cead09e4e7bdee225f9e2d7051
+  metadata.gz: 0ff245bb6a309f304b580e81ad30acc9a91916919697b2df717fdb884d3e4a25
+  data.tar.gz: c8db756a72615d02de42a58804e23b597f095e709506a6055008a8682cc72bbd
 SHA512:
-  metadata.gz: 49c66d7cee9b78180b46f5f75318e9cdab0e0ea04cf7bf349c09990ac337dc367e32fcf15f70a3728fa524a53ea3a5771e0c436b9902d4f7a023ad72a0b21adb
-  data.tar.gz: b82883c6b3b85dabe9759266bd5c5f4b338bb9917c3bd60696412e4651a23c45e73e296a600258aa7072ad5c417dd728742afecdba8a5f14b66a673ff836e0f4
+  metadata.gz: 45d03fc98118ae5c283139628d0b8b9eaf1dd9a5ddcf22a02f1a57d8052365190907627831992976d8607329e404a021516403000b54ee072fbd9bc155bb9a89
+  data.tar.gz: 6ecae0a7e65289cad9c6691dcdaf3179694db40df26cedefe93cecaf7b16b999617f7931cbbc112116744e418b333c787b4b5e426baf6f6db0591ff6a399e6e7

data/README.md

@@ -36,32 +36,34 @@ mount Zaikio::OAuthClient::Engine => "/zaikio"
 
 ```rb
 # config/initializers/zaikio_oauth_client.rb
-Zaikio::OAuthClient.configure do |config|
-  config.environment = :sandbox
-
-  config.register_client :warehouse do |warehouse|
-    warehouse.client_id       = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
-    warehouse.client_secret   = "ShiKTnHqEf3M8nyHQPyZgbz7"
-    warehouse.default_scopes  = %w[directory.person.r]
-
-    warehouse.register_organization_connection do |org|
-      org.default_scopes = %w[directory.organization.r]
+Rails.application.reloader.to_prepare do
+  Zaikio::OAuthClient.configure do |config|
+    config.environment = :sandbox
+
+    config.register_client :warehouse do |warehouse|
+      warehouse.client_id       = "52022d7a-7ba2-41ed-8890-97d88e6472f6"
+      warehouse.client_secret   = "ShiKTnHqEf3M8nyHQPyZgbz7"
+      warehouse.default_scopes  = %w[directory.person.r]
+
+      warehouse.register_organization_connection do |org|
+        org.default_scopes = %w[directory.organization.r]
+      end
     end
-  end
 
-  config.register_client :warehouse_goods_call_of do |warehouse_goods_call_of|
-    warehouse_goods_call_of.client_id       = "12345-7ba2-41ed-8890-97d88e6472f6"
-    warehouse_goods_call_of.client_secret   = "secret"
-    warehouse_goods_call_of.default_scopes  = %w[directory.person.r]
+    config.register_client :warehouse_goods_call_of do |warehouse_goods_call_of|
+      warehouse_goods_call_of.client_id       = "12345-7ba2-41ed-8890-97d88e6472f6"
+      warehouse_goods_call_of.client_secret   = "secret"
+      warehouse_goods_call_of.default_scopes  = %w[directory.person.r]
 
-    warehouse_goods_call_of.register_organization_connection do |org|
-      org.default_scopes = %w[directory.organization.r]
+      warehouse_goods_call_of.register_organization_connection do |org|
+        org.default_scopes = %w[directory.organization.r]
+      end
     end
-  end
 
-  config.around_auth do |access_token, block|
-    Zaikio::Hub.with_token(access_token.token) do
-      block.call(access_token)
+    config.around_auth do |access_token, block|
+      Zaikio::Hub.with_token(access_token.token) do
+        block.call(access_token)
+      end
     end
   end
 end
@@ -133,12 +135,12 @@ redirect_to zaikio_oauth_client.new_subscription_path(plan: "free")
 
 #### Session handling
 
-The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
+The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `session[:zaikio_person_id]`.
 
 If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
 
 ```ruby
-Current.user ||= Zaikio::Hub::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
+Current.user ||= Zaikio::Hub::Models::Person.find_by(id: session[:zaikio_person_id])
 ````
 
 You can then use `Current.user` anywhere.
@@ -172,7 +174,7 @@ Additionally you can also specify your own redirect handlers in your `Applicatio
 ```rb
 class ApplicationController < ActionController::Base
   def after_approve_path_for(access_token, origin)
-    cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
+    session[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
 
     # Sync data on login
     Zaikio::Hub.with_token(access_token.token) do
@@ -183,7 +185,7 @@ class ApplicationController < ActionController::Base
   end
 
   def after_destroy_path_for(access_token_id)
-    cookies.delete :zaikio_person_id
+    reset_session
 
     main_app.root_path
   end
@@ -239,6 +241,21 @@ class MyControllerTest < ActionDispatch::IntegrationTest
 end
 ```
 
+For system tests (e.g. with a separate browser instance), there's a special helper:
+
+```rb
+class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  include Zaikio::OAuthClient::SystemTestHelper
+
+  test "does request" do
+    person = people(:my_person)
+    logged_in_as(person)
+
+    visit "/"
+  end
+end
+```
+
 #### Authenticated requests
 
 Now further requests to the Directory API or to other Zaikio APIs should be made. For this purpose the OAuthClient provides a helper method `with_auth` that automatically fetches an access token from the database, requests a refresh token or creates a new access token via client credentials flow.

data/Rakefile

@@ -35,9 +35,7 @@ require 'rubocop/rake_task'
 
 namespace :test do
   desc 'Runs RuboCop on specified directories'
-  RuboCop::RakeTask.new(:rubocop) do |task|
-    task.fail_on_error = false
-  end
+  RuboCop::RakeTask.new(:rubocop)
 end
 
 Rake::Task[:test].enhance ['test:rubocop']

data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb

@@ -3,8 +3,7 @@ module Zaikio
     class SubscriptionsController < ConnectionsController
       def new
         opts = params.permit(:client_name, :state, :plan, :organization_id)
-        opts[:redirect_with_error] = 1
-        opts[:state] ||= cookies.encrypted[:state] = SecureRandom.urlsafe_base64(32)
+        opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
 
         plan            = opts.delete(:plan)
         organization_id = opts.delete(:organization_id)

data/app/models/zaikio/access_token.rb

@@ -5,7 +5,7 @@ module Zaikio
   class AccessToken < ApplicationRecord
     self.table_name = "zaikio_access_tokens"
 
-    def self.build_from_access_token(access_token, requested_scopes: nil) # rubocop:disable Metrics/AbcSize
+    def self.build_from_access_token(access_token, requested_scopes: nil)
       payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
       scopes = access_token.params["scope"].split(",")
       new(
@@ -37,7 +37,7 @@ module Zaikio
       where("expires_at <= :now AND created_at > :created_at_max",
             now: Time.current,
             created_at_max: Time.current - refresh_token_valid_for)
-        .where("refresh_token IS NOT NULL")
+        .where.not(refresh_token: nil)
         .where.not(id: Zaikio::JWTAuth.revoked_token_ids)
     }
     scope :by_bearer, lambda { |bearer_id:, requested_scopes: [], bearer_type: "Person"|

data/lib/zaikio/oauth_client.rb

@@ -49,7 +49,7 @@ module Zaikio
                          get_access_token(**options_or_access_token)
                        end
 
-        return unless block_given?
+        return unless block
 
         if configuration.around_auth_block
           configuration.around_auth_block.call(access_token, block)
@@ -82,7 +82,7 @@ module Zaikio
 
       # Finds the best usable access token. Note that this token may have expired and
       # would require refreshing.
-      def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
+      def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)  # rubocop:disable Metrics/MethodLength
         configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
           "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
 
@@ -117,9 +117,9 @@ module Zaikio
 
       def get_plain_scopes(scopes)
         regex = /^((Org|Per)\.)?(.*)$/
-        scopes.map do |scope|
+        scopes.filter_map do |scope|
           (regex.match(scope) || [])[3]
-        end.compact
+        end
       end
 
       private

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -4,10 +4,10 @@ module Zaikio
       extend ActiveSupport::Concern
 
       def new
-        opts = params.permit(:client_name, :show_signup, :force_login, :state)
-        opts[:redirect_with_error] = 1
+        opts = params.permit(:client_name, :show_signup, :prompt, :force_login, :state, :lang)
+        opts[:lang] ||= I18n.locale if defined?(I18n)
         client_name = opts.delete(:client_name)
-        opts[:state] ||= cookies.encrypted[:state] = SecureRandom.urlsafe_base64(32)
+        opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
 
         redirect_to oauth_client.auth_code.authorize_url(
           redirect_uri: approve_url(client_name),
@@ -16,7 +16,7 @@ module Zaikio
         )
       end
 
-      def approve
+      def approve  # rubocop:disable Metrics/MethodLength,Metrics/AbcSize
         if params[:error].present?
           redirect_to send(
             respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
@@ -25,7 +25,7 @@ module Zaikio
           ) and return
         end
 
-        if cookies.encrypted[:state].present? && params[:state] != cookies.encrypted[:state]
+        if session[:state].present? && params[:state] != session[:state]
           return redirect_to send(
             respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
             "invalid_state"
@@ -34,10 +34,10 @@ module Zaikio
 
         access_token = create_access_token
 
-        origin = cookies.encrypted[:origin]
-        cookies.delete :origin
+        origin = session[:origin]
+        session.delete(:origin)
 
-        cookies.encrypted[:zaikio_access_token_id] = access_token.id unless access_token.organization?
+        session[:zaikio_access_token_id] = access_token.id unless access_token.organization?
 
         redirect_to send(
           respond_to?(:after_approve_path_for) ? :after_approve_path_for : :default_after_approve_path_for,
@@ -46,9 +46,9 @@ module Zaikio
       end
 
       def destroy
-        access_token_id = cookies.encrypted[:zaikio_access_token_id]
-        cookies.delete :zaikio_access_token_id
-        cookies.delete :state
+        access_token_id = session[:zaikio_access_token_id]
+        session.delete(:zaikio_access_token_id)
+        session.delete(:origin)
 
         redirect_to send(
           respond_to?(:after_destroy_path_for) ? :after_destroy_path_for : :default_after_destroy_path_for,
@@ -95,13 +95,13 @@ module Zaikio
       end
 
       def default_after_approve_path_for(access_token, origin)
-        cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
+        session[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
 
         origin || main_app.root_path
       end
 
       def default_after_destroy_path_for(_access_token_id)
-        cookies.delete :zaikio_person_id
+        session.delete(:origin)
 
         main_app.root_path
       end

data/lib/zaikio/oauth_client/client_configuration.rb

@@ -20,7 +20,7 @@ module Zaikio
           client_secret,
           authorize_url: "oauth/authorize",
           token_url: "oauth/access_token",
-          connection_opts: { headers: { "Accept": "application/json" } },
+          connection_opts: { headers: { Accept: "application/json" } },
           site: Zaikio::OAuthClient.configuration.host
         )
 

data/lib/zaikio/oauth_client/system_test_helper.rb

@@ -0,0 +1,18 @@
+require_relative "./test_helper"
+
+module Zaikio
+  module OAuthClient
+    module SystemTestHelper
+      include ::Zaikio::OAuthClient::TestHelper
+
+      def set_session(key, value)
+        visit "/zaikio/oauth_client/test_helper/session?#{{ key: key, id: value }.to_query}"
+      end
+
+      def get_session(key)
+        visit "/zaikio/oauth_client/test_helper/get_session?#{{ key: key }.to_query}"
+        page.text
+      end
+    end
+  end
+end

data/lib/zaikio/oauth_client/test_helper.rb

@@ -3,13 +3,48 @@ module Zaikio
     module TestHelper
       extend ActiveSupport::Concern
 
-      def logged_in_as(person)
-        # We need to manually encrypt the value since the tests cookie jar does not
-        # support encrypted or signed cookies
-        encrypted_cookies = ActionDispatch::Request.new(Rails.application.env_config.deep_dup).cookie_jar
-        encrypted_cookies.encrypted[:zaikio_person_id] = person.id
+      class TestSessionController < ActionController::Base # rubocop:disable Rails/ApplicationController
+        def show
+          if session[params[:key]].nil?
+            head :no_content
+          else
+            render plain: session[params[:key]]
+          end
+        end
+
+        def create
+          session[params[:key]] = params[:id]
+
+          head :ok
+        end
+      end
+
+      included do
+        # This is needed as it is not possible to set sesison values in an ActionDispatch::IntegrationTest
+        # This creates a dummy controller to set the session
+        Rails.application.routes.disable_clear_and_finalize = true # Keep existing routes
+        Rails.application.routes.draw do
+          get "/zaikio/oauth_client/test_helper/get_session", to: "zaikio/oauth_client/test_helper/test_session#show"
+          get "/zaikio/oauth_client/test_helper/session", to: "zaikio/oauth_client/test_helper/test_session#create"
+        end
+      end
 
-        cookies["zaikio_person_id"] = encrypted_cookies["zaikio_person_id"]
+      def get_session(key)
+        get "/zaikio/oauth_client/test_helper/get_session", params: { key: key }
+
+        if response.status == 204
+          nil
+        else
+          response.body
+        end
+      end
+
+      def set_session(key, value)
+        get "/zaikio/oauth_client/test_helper/session", params: { id: value, key: key }
+      end
+
+      def logged_in_as(person)
+        set_session(:zaikio_person_id, person.id)
       end
     end
   end

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.11.0".freeze
+    VERSION = "0.14.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.14.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-19 00:00:00.000000000 Z
+date: 2021-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -86,20 +86,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: '0.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: '0.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -164,13 +164,14 @@ files:
 - lib/zaikio/oauth_client/configuration.rb
 - lib/zaikio/oauth_client/engine.rb
 - lib/zaikio/oauth_client/error.rb
+- lib/zaikio/oauth_client/system_test_helper.rb
 - lib/zaikio/oauth_client/test_helper.rb
 - lib/zaikio/oauth_client/version.rb
 homepage: https://github.com/zaikio/zaikio-oauth_client
 licenses:
 - MIT
 metadata:
-  changelog_uri: https://github.com/zaikio/zaikio-oauth_client/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/zaikio/zaikio-oauth_client/blob/main/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: