zaikio-oauth_client 0.8.0 → 0.11.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72f0e0de7e7d6ffc5b63c74cc85d4a6891d7e938273b1cf661a7fe52d4ac3068
-  data.tar.gz: 3999e67bb374120c7f2fd08c7bb25414a45b616f7386b417f85164a4e65251ef
+  metadata.gz: d95701c627108f46f90ac430b28138c8c1ae33dbe8307a6453250255e42b4244
+  data.tar.gz: b5ee3c7b5a0fd691fbe6382f2c5b17b3a9000384db7f5ceb91271f893c943e22
 SHA512:
-  metadata.gz: 8196826c87334d5b762671c5fb723229f879da4c462deba8d1459754036d0328cf14f9fb8cbf10e8e67a55bf79dc9b9065523aa12ae46924eed574067d318270
-  data.tar.gz: a25db277b09d543b3f7ecee82a2cfab5b16d4163c2e5be80dc3881935c87622f3e458a02f05ef243adf8db9202d1651eda2267d9531a441006bd8151f284fb45
+  metadata.gz: d1ff6dba884c261c27c698680ae077ed9995bb0754198eec53ff31dffd66c86b29fa522d924f65357cc99e18653f047530fabd0c46001d0ddaebbfc310692663
+  data.tar.gz: 2e5b2231a0a34b788e803755b77891be4df996b20a41d91d8bf8956a2f2980e17337ba9a680f59b90bc519b54b6e1efc0bc44a58b72873ded8a0edc335d111f9

data/README.md

@@ -118,6 +118,19 @@ redirect_to zaikio_oauth_client.new_session_path(force_login: true)
 redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
 ```
 
+You can also send them to the [Subscription Redirect
+flow](https://docs.zaikio.com/api/directory/guides/subscriptions/redirect-flow/), which
+behaves & redirects back like a regular Organization flow except it additionally sets up a
+subscription for the organization:
+
+```ruby
+# Require them to select a plan themselves...
+redirect_to zaikio_oauth_client.new_subscription_path
+
+# Or preselect a plan for them
+redirect_to zaikio_oauth_client.new_subscription_path(plan: "free")
+```
+
 #### Session handling
 
 The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
@@ -174,6 +187,11 @@ class ApplicationController < ActionController::Base
 
     main_app.root_path
   end
+
+  def error_path_for(error_code, description: nil)
+    # Handle error
+    main_app.root_path
+  end
 end
 ```
 
@@ -254,7 +272,7 @@ To release a new version of the gem:
 - Update the version in `lib/zaikio/oauth_client/version.rb`
 - Update `CHANGELOG.md` to include the new version and its release date
 - Commit and push your changes
-- Create a [new release on GitHub](https://github.com/zaikio/zaikio-directory-models/releases/new)
+- Create a [new release on GitHub](https://github.com/zaikio/zaikio-oauth_client/releases/new)
 - CircleCI will build the Gem package and push it Rubygems for you
 
 ## License

data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb

@@ -0,0 +1,28 @@
+module Zaikio
+  module OAuthClient
+    class SubscriptionsController < ConnectionsController
+      def new
+        opts = params.permit(:client_name, :state, :plan, :organization_id)
+        opts[:redirect_with_error] = 1
+        opts[:state] ||= cookies.encrypted[:state] = SecureRandom.urlsafe_base64(32)
+
+        plan            = opts.delete(:plan)
+        organization_id = opts.delete(:organization_id)
+
+        subscription_scope = if organization_id.present?
+                               "Org/#{organization_id}.subscription_create"
+                             else
+                               "Org.subscription_create"
+                             end
+
+        subscription_scope << ".#{plan}" if plan.present?
+
+        redirect_to oauth_client.auth_code.authorize_url(
+          redirect_uri: approve_url(opts.delete(:client_name)),
+          scope: subscription_scope,
+          **opts
+        )
+      end
+    end
+  end
+end

data/app/models/zaikio/access_token.rb

@@ -88,6 +88,8 @@ module Zaikio
     rescue OAuth2::Error => e
       raise unless e.code == "invalid_grant"
 
+      destroy
+
       nil
     end
   end

data/config/locales/de.yml

@@ -0,0 +1,4 @@
+de:
+  zaikio:
+    oauth_client:
+      error_occured: "Beim Login ist ein Fehler aufgetreten: %{error} %{description}. Bitte versuche es nochmal."

data/config/locales/en.yml

@@ -1,6 +1,7 @@
 en:
   zaikio:
+    oauth_client:
+      error_occured: "An error occurred during login: %{error} %{description}. Please try again."
     forms:
       optional: Optional
       learn_more: Learn more
-

data/config/routes.rb

@@ -1,15 +1,17 @@
 Zaikio::OAuthClient::Engine.routes.draw do
-  sessions_controller = Zaikio::OAuthClient.configuration.sessions_controller_name
-  connections_controller = Zaikio::OAuthClient.configuration.connections_controller_name
+  config = Zaikio::OAuthClient.configuration
 
-  # People
-  get "(/:client_name)/sessions/new", action: :new, controller: sessions_controller, as: :new_session
-  get "(/:client_name)/sessions/approve", action: :approve, controller: sessions_controller, as: :approve_session
-  delete "(/:client_name)/session", action: :destroy, controller: sessions_controller, as: :session
+  scope path: "(/:client_name)" do
+    # People
+    get "/sessions/new",     action: :new,     controller: config.sessions_controller_name, as: :new_session
+    get "/sessions/approve", action: :approve, controller: config.sessions_controller_name, as: :approve_session
+    delete "/session",       action: :destroy, controller: config.sessions_controller_name, as: :session
 
-  # Organizations
-  get "(/:client_name)/connections/new", action: :new,
-                                         controller: connections_controller, as: :new_connection
-  get "(/:client_name)/connections/approve", action: :approve,
-                                             controller: connections_controller, as: :approve_connection
+    # Organizations
+    get "/connections/new",     action: :new,     controller: config.connections_controller_name, as: :new_connection
+    get "/connections/approve", action: :approve, controller: config.connections_controller_name, as: :approve_connection
+
+    # Subscriptions
+    get "/subscriptions/new", action: :new, controller: config.subscriptions_controller_name, as: :new_subscription
+  end
 end

data/lib/zaikio/oauth_client.rb

@@ -1,5 +1,6 @@
 require "oauth2"
 
+require "zaikio/oauth_client/error"
 require "zaikio/oauth_client/engine"
 require "zaikio/oauth_client/configuration"
 require "zaikio/oauth_client/authenticatable"
@@ -82,14 +83,25 @@ module Zaikio
       # Finds the best usable access token. Note that this token may have expired and
       # would require refreshing.
       def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
-        Zaikio::AccessToken
-          .where(audience: client_name)
-          .usable(
-            bearer_type: bearer_type,
-            bearer_id: bearer_id,
-            requested_scopes: requested_scopes
-          )
-          .first
+        configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
+          "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
+
+        fetch_access_token = lambda {
+          Zaikio::AccessToken
+            .where(audience: client_name)
+            .usable(
+              bearer_type: bearer_type,
+              bearer_id: bearer_id,
+              requested_scopes: requested_scopes
+            )
+            .first
+        }
+
+        if configuration.logger.respond_to?(:silence)
+          configuration.logger.silence { fetch_access_token.call }
+        else
+          fetch_access_token.call
+        end
       end
 
       def fetch_new_token(client_config:, bearer_type:, bearer_id:, scopes:)

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -5,7 +5,9 @@ module Zaikio
 
       def new
         opts = params.permit(:client_name, :show_signup, :force_login, :state)
+        opts[:redirect_with_error] = 1
         client_name = opts.delete(:client_name)
+        opts[:state] ||= cookies.encrypted[:state] = SecureRandom.urlsafe_base64(32)
 
         redirect_to oauth_client.auth_code.authorize_url(
           redirect_uri: approve_url(client_name),
@@ -15,6 +17,21 @@ module Zaikio
       end
 
       def approve
+        if params[:error].present?
+          redirect_to send(
+            respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
+            params[:error],
+            description: params[:error_description]
+          ) and return
+        end
+
+        if cookies.encrypted[:state].present? && params[:state] != cookies.encrypted[:state]
+          return redirect_to send(
+            respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
+            "invalid_state"
+          )
+        end
+
         access_token = create_access_token
 
         origin = cookies.encrypted[:origin]
@@ -31,6 +48,7 @@ module Zaikio
       def destroy
         access_token_id = cookies.encrypted[:zaikio_access_token_id]
         cookies.delete :zaikio_access_token_id
+        cookies.delete :state
 
         redirect_to send(
           respond_to?(:after_destroy_path_for) ? :after_destroy_path_for : :default_after_destroy_path_for,
@@ -87,6 +105,16 @@ module Zaikio
 
         main_app.root_path
       end
+
+      def default_error_path_for(error_code, description: nil)
+        raise Zaikio::OAuthClient::InvalidScopesError, description if error_code == "invalid_scope"
+
+        unless error_code == "access_denied"
+          flash[:alert] = I18n.t("zaikio.oauth_client.error_occured", error: error_code, description: description)
+        end
+
+        main_app.root_path
+      end
     end
   end
 end

data/lib/zaikio/oauth_client/configuration.rb

@@ -13,19 +13,25 @@ module Zaikio
       }.freeze
 
       attr_accessor :host
-      attr_writer :logger
       attr_reader :client_configurations, :environment, :around_auth_block,
-                  :sessions_controller_name, :connections_controller_name
+                  :sessions_controller_name, :connections_controller_name, :subscriptions_controller_name
 
       def initialize
         @client_configurations = {}
         @around_auth_block = nil
         @sessions_controller_name = "sessions"
         @connections_controller_name = "connections"
+        @subscriptions_controller_name = "subscriptions"
+        Zaikio::AccessToken.logger = logger
       end
 
       def logger
-        @logger ||= Logger.new($stdout)
+        @logger ||= ActiveSupport::Logger.new($stdout)
+      end
+
+      def logger=(logger)
+        @logger = logger
+        Zaikio::AccessToken.logger = @logger
       end
 
       def register_client(name)
@@ -58,6 +64,10 @@ module Zaikio
         @connections_controller_name = "/#{name}"
       end
 
+      def subscriptions_controller_name=(name)
+        @subscriptions_controller_name = "/#{name}"
+      end
+
       private
 
       def host_for(environment)

data/lib/zaikio/oauth_client/error.rb

@@ -0,0 +1,5 @@
+module Zaikio
+  module OAuthClient
+    class InvalidScopesError < StandardError; end
+  end
+end

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.8.0".freeze
+    VERSION = "0.11.1".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.11.1
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-30 00:00:00.000000000 Z
+date: 2021-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -84,22 +84,16 @@ dependencies:
   name: zaikio-jwt_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -144,11 +138,13 @@ files:
 - Rakefile
 - app/controllers/zaikio/oauth_client/connections_controller.rb
 - app/controllers/zaikio/oauth_client/sessions_controller.rb
+- app/controllers/zaikio/oauth_client/subscriptions_controller.rb
 - app/helpers/zaikio/application_helper.rb
 - app/jobs/zaikio/application_job.rb
 - app/jobs/zaikio/cleanup_access_tokens_job.rb
 - app/models/zaikio/access_token.rb
 - config/initializers/inflections.rb
+- config/locales/de.yml
 - config/locales/en.yml
 - config/routes.rb
 - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
@@ -161,6 +157,7 @@ files:
 - lib/zaikio/oauth_client/client_configuration.rb
 - lib/zaikio/oauth_client/configuration.rb
 - lib/zaikio/oauth_client/engine.rb
+- lib/zaikio/oauth_client/error.rb
 - lib/zaikio/oauth_client/test_helper.rb
 - lib/zaikio/oauth_client/version.rb
 homepage: https://github.com/zaikio/zaikio-oauth_client