zaikio-oauth_client 0.8.1 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32791412d8324e894c609e9ba73c1bc2fabb756117b91d81012d208730dfd5c2
-  data.tar.gz: a1af7430748c3bce9e0d8058de85edcbdf0e2ecc3b568b389184e13b8945753d
+  metadata.gz: 2e007c62cd36b1b00aa8e542958bb5d627b5ca417ffc6559f45de3868e79149a
+  data.tar.gz: 9977c82c5f734d93b05269a7e9fb30e6fe6df1b15a291d680a48fa38bea079a8
 SHA512:
-  metadata.gz: 6a33fdbb048a31fb157b006606ecbebbe69ac7950e17a25e1c3817f02485b15d8e7726c10fc8277ca57b6ea0a4781264d3055f188a0883613b053605e9a990a6
-  data.tar.gz: 6e404b985ce76339e9edf1612b2db4d0d686c9b75f67ae8f4ff131c80e806a5911a223681d2abbbbbf03b72c3e155c66a891e45a696da403cdac095c2b1513f2
+  metadata.gz: eeb3f43dc40d4cabeb1f585864ff76c716243e6d0336164b0e3b98c7e2e41bdbd25ffdeaeeeb4b7ee1ccefe20cf1f458bd0af62e1cb2238af3ad258ad6cf4804
+  data.tar.gz: e3b47a58b780c92ed0b8a9c5ae0df7011026feed340204e8deb80a88ca2562b4a220cd59c8d5907982488001b6738d5c0eb0ba2495771c0de2a0310f44de42bd

data/README.md

@@ -118,14 +118,27 @@ redirect_to zaikio_oauth_client.new_session_path(force_login: true)
 redirect_to zaikio_oauth_client.new_session_path(state: "something-my-app-uses")
 ```
 
+You can also send them to the [Subscription Redirect
+flow](https://docs.zaikio.com/api/directory/guides/subscriptions/redirect-flow/), which
+behaves & redirects back like a regular Organization flow except it additionally sets up a
+subscription for the organization:
+
+```ruby
+# Require them to select a plan themselves...
+redirect_to zaikio_oauth_client.new_subscription_path
+
+# Or preselect a plan for them
+redirect_to zaikio_oauth_client.new_subscription_path(plan: "free")
+```
+
 #### Session handling
 
-The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `cookies.encrypted[:zaikio_person_id]`.
+The Zaikio gem engine will set a cookie for the user after a successful OAuth flow: `session[:zaikio_person_id]`.
 
 If you are using for example `Zaikio::Hub::Models`, you can use this snippet to set the current user:
 
 ```ruby
-Current.user ||= Zaikio::Hub::Models::Person.find_by(id: cookies.encrypted[:zaikio_person_id])
+Current.user ||= Zaikio::Hub::Models::Person.find_by(id: session[:zaikio_person_id])
 ````
 
 You can then use `Current.user` anywhere.
@@ -159,7 +172,7 @@ Additionally you can also specify your own redirect handlers in your `Applicatio
 ```rb
 class ApplicationController < ActionController::Base
   def after_approve_path_for(access_token, origin)
-    cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
+    session[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
 
     # Sync data on login
     Zaikio::Hub.with_token(access_token.token) do
@@ -170,8 +183,13 @@ class ApplicationController < ActionController::Base
   end
 
   def after_destroy_path_for(access_token_id)
-    cookies.delete :zaikio_person_id
+    reset_session
+
+    main_app.root_path
+  end
 
+  def error_path_for(error_code, description: nil)
+    # Handle error
     main_app.root_path
   end
 end
@@ -254,7 +272,7 @@ To release a new version of the gem:
 - Update the version in `lib/zaikio/oauth_client/version.rb`
 - Update `CHANGELOG.md` to include the new version and its release date
 - Commit and push your changes
-- Create a [new release on GitHub](https://github.com/zaikio/zaikio-directory-models/releases/new)
+- Create a [new release on GitHub](https://github.com/zaikio/zaikio-oauth_client/releases/new)
 - CircleCI will build the Gem package and push it Rubygems for you
 
 ## License

data/app/controllers/zaikio/oauth_client/subscriptions_controller.rb

@@ -0,0 +1,28 @@
+module Zaikio
+  module OAuthClient
+    class SubscriptionsController < ConnectionsController
+      def new
+        opts = params.permit(:client_name, :state, :plan, :organization_id)
+        opts[:redirect_with_error] = 1
+        opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
+
+        plan            = opts.delete(:plan)
+        organization_id = opts.delete(:organization_id)
+
+        subscription_scope = if organization_id.present?
+                               "Org/#{organization_id}.subscription_create"
+                             else
+                               "Org.subscription_create"
+                             end
+
+        subscription_scope << ".#{plan}" if plan.present?
+
+        redirect_to oauth_client.auth_code.authorize_url(
+          redirect_uri: approve_url(opts.delete(:client_name)),
+          scope: subscription_scope,
+          **opts
+        )
+      end
+    end
+  end
+end

data/config/locales/de.yml

@@ -0,0 +1,4 @@
+de:
+  zaikio:
+    oauth_client:
+      error_occured: "Beim Login ist ein Fehler aufgetreten: %{error} %{description}. Bitte versuche es nochmal."

data/config/locales/en.yml

@@ -1,6 +1,7 @@
 en:
   zaikio:
+    oauth_client:
+      error_occured: "An error occurred during login: %{error} %{description}. Please try again."
     forms:
       optional: Optional
       learn_more: Learn more
-

data/config/routes.rb

@@ -1,15 +1,17 @@
 Zaikio::OAuthClient::Engine.routes.draw do
-  sessions_controller = Zaikio::OAuthClient.configuration.sessions_controller_name
-  connections_controller = Zaikio::OAuthClient.configuration.connections_controller_name
+  config = Zaikio::OAuthClient.configuration
 
-  # People
-  get "(/:client_name)/sessions/new", action: :new, controller: sessions_controller, as: :new_session
-  get "(/:client_name)/sessions/approve", action: :approve, controller: sessions_controller, as: :approve_session
-  delete "(/:client_name)/session", action: :destroy, controller: sessions_controller, as: :session
+  scope path: "(/:client_name)" do
+    # People
+    get "/sessions/new",     action: :new,     controller: config.sessions_controller_name, as: :new_session
+    get "/sessions/approve", action: :approve, controller: config.sessions_controller_name, as: :approve_session
+    delete "/session",       action: :destroy, controller: config.sessions_controller_name, as: :session
 
-  # Organizations
-  get "(/:client_name)/connections/new", action: :new,
-                                         controller: connections_controller, as: :new_connection
-  get "(/:client_name)/connections/approve", action: :approve,
-                                             controller: connections_controller, as: :approve_connection
+    # Organizations
+    get "/connections/new",     action: :new,     controller: config.connections_controller_name, as: :new_connection
+    get "/connections/approve", action: :approve, controller: config.connections_controller_name, as: :approve_connection
+
+    # Subscriptions
+    get "/subscriptions/new", action: :new, controller: config.subscriptions_controller_name, as: :new_subscription
+  end
 end

data/lib/zaikio/oauth_client.rb

@@ -1,5 +1,6 @@
 require "oauth2"
 
+require "zaikio/oauth_client/error"
 require "zaikio/oauth_client/engine"
 require "zaikio/oauth_client/configuration"
 require "zaikio/oauth_client/authenticatable"
@@ -82,14 +83,25 @@ module Zaikio
       # Finds the best usable access token. Note that this token may have expired and
       # would require refreshing.
       def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
-        Zaikio::AccessToken
-          .where(audience: client_name)
-          .usable(
-            bearer_type: bearer_type,
-            bearer_id: bearer_id,
-            requested_scopes: requested_scopes
-          )
-          .first
+        configuration.logger.debug "Try to fetch token for client_name: #{client_name}, "\
+          "bearer #{bearer_type}/#{bearer_id}, requested_scopes: #{requested_scopes}"
+
+        fetch_access_token = lambda {
+          Zaikio::AccessToken
+            .where(audience: client_name)
+            .usable(
+              bearer_type: bearer_type,
+              bearer_id: bearer_id,
+              requested_scopes: requested_scopes
+            )
+            .first
+        }
+
+        if configuration.logger.respond_to?(:silence)
+          configuration.logger.silence { fetch_access_token.call }
+        else
+          fetch_access_token.call
+        end
       end
 
       def fetch_new_token(client_config:, bearer_type:, bearer_id:, scopes:)

data/lib/zaikio/oauth_client/authenticatable.rb

@@ -5,7 +5,9 @@ module Zaikio
 
       def new
         opts = params.permit(:client_name, :show_signup, :force_login, :state)
+        opts[:redirect_with_error] = 1
         client_name = opts.delete(:client_name)
+        opts[:state] ||= session[:state] = SecureRandom.urlsafe_base64(32)
 
         redirect_to oauth_client.auth_code.authorize_url(
           redirect_uri: approve_url(client_name),
@@ -15,12 +17,27 @@ module Zaikio
       end
 
       def approve
+        if params[:error].present?
+          redirect_to send(
+            respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
+            params[:error],
+            description: params[:error_description]
+          ) and return
+        end
+
+        if session[:state].present? && params[:state] != session[:state]
+          return redirect_to send(
+            respond_to?(:error_path_for) ? :error_path_for : :default_error_path_for,
+            "invalid_state"
+          )
+        end
+
         access_token = create_access_token
 
-        origin = cookies.encrypted[:origin]
-        cookies.delete :origin
+        origin = session[:origin]
+        session.delete(:origin)
 
-        cookies.encrypted[:zaikio_access_token_id] = access_token.id unless access_token.organization?
+        session[:zaikio_access_token_id] = access_token.id unless access_token.organization?
 
         redirect_to send(
           respond_to?(:after_approve_path_for) ? :after_approve_path_for : :default_after_approve_path_for,
@@ -29,8 +46,9 @@ module Zaikio
       end
 
       def destroy
-        access_token_id = cookies.encrypted[:zaikio_access_token_id]
-        cookies.delete :zaikio_access_token_id
+        access_token_id = session[:zaikio_access_token_id]
+        session.delete(:zaikio_access_token_id)
+        session.delete(:origin)
 
         redirect_to send(
           respond_to?(:after_destroy_path_for) ? :after_destroy_path_for : :default_after_destroy_path_for,
@@ -77,13 +95,23 @@ module Zaikio
       end
 
       def default_after_approve_path_for(access_token, origin)
-        cookies.encrypted[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
+        session[:zaikio_person_id] = access_token.bearer_id unless access_token.organization?
 
         origin || main_app.root_path
       end
 
       def default_after_destroy_path_for(_access_token_id)
-        cookies.delete :zaikio_person_id
+        session.delete(:origin)
+
+        main_app.root_path
+      end
+
+      def default_error_path_for(error_code, description: nil)
+        raise Zaikio::OAuthClient::InvalidScopesError, description if error_code == "invalid_scope"
+
+        unless error_code == "access_denied"
+          flash[:alert] = I18n.t("zaikio.oauth_client.error_occured", error: error_code, description: description)
+        end
 
         main_app.root_path
       end

data/lib/zaikio/oauth_client/configuration.rb

@@ -13,19 +13,25 @@ module Zaikio
       }.freeze
 
       attr_accessor :host
-      attr_writer :logger
       attr_reader :client_configurations, :environment, :around_auth_block,
-                  :sessions_controller_name, :connections_controller_name
+                  :sessions_controller_name, :connections_controller_name, :subscriptions_controller_name
 
       def initialize
         @client_configurations = {}
         @around_auth_block = nil
         @sessions_controller_name = "sessions"
         @connections_controller_name = "connections"
+        @subscriptions_controller_name = "subscriptions"
+        Zaikio::AccessToken.logger = logger
       end
 
       def logger
-        @logger ||= Logger.new($stdout)
+        @logger ||= ActiveSupport::Logger.new($stdout)
+      end
+
+      def logger=(logger)
+        @logger = logger
+        Zaikio::AccessToken.logger = @logger
       end
 
       def register_client(name)
@@ -58,6 +64,10 @@ module Zaikio
         @connections_controller_name = "/#{name}"
       end
 
+      def subscriptions_controller_name=(name)
+        @subscriptions_controller_name = "/#{name}"
+      end
+
       private
 
       def host_for(environment)

data/lib/zaikio/oauth_client/error.rb

@@ -0,0 +1,5 @@
+module Zaikio
+  module OAuthClient
+    class InvalidScopesError < StandardError; end
+  end
+end

data/lib/zaikio/oauth_client/test_helper.rb

@@ -3,13 +3,48 @@ module Zaikio
     module TestHelper
       extend ActiveSupport::Concern
 
-      def logged_in_as(person)
-        # We need to manually encrypt the value since the tests cookie jar does not
-        # support encrypted or signed cookies
-        encrypted_cookies = ActionDispatch::Request.new(Rails.application.env_config.deep_dup).cookie_jar
-        encrypted_cookies.encrypted[:zaikio_person_id] = person.id
+      class TestSessionController < ActionController::Base
+        def show
+          if session[params[:key]].nil?
+            head :no_content
+          else
+            render plain: session[params[:key]]
+          end
+        end
+
+        def create
+          session[params[:key]] = params[:id]
+
+          head :ok
+        end
+      end
+
+      included do
+        # This is needed as it is not possible to set sesison values in an ActionDispatch::IntegrationTest
+        # This creates a dummy controller to set the session
+        Rails.application.routes.disable_clear_and_finalize = true # Keep existing routes
+        Rails.application.routes.draw do
+          get "/zaikio/oauth_client/test_helper/get_session", to: "zaikio/oauth_client/test_helper/test_session#show"
+          get "/zaikio/oauth_client/test_helper/session", to: "zaikio/oauth_client/test_helper/test_session#create"
+        end
+      end
 
-        cookies["zaikio_person_id"] = encrypted_cookies["zaikio_person_id"]
+      def get_session(key)
+        get "/zaikio/oauth_client/test_helper/get_session", params: { key: key }
+
+        if response.status == 204
+          nil
+        else
+          response.body
+        end
+      end
+
+      def set_session(key, value)
+        get "/zaikio/oauth_client/test_helper/session", params: { id: value, key: key }
+      end
+
+      def logged_in_as(person)
+        set_session(:zaikio_person_id, person.id)
       end
     end
   end

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.8.1".freeze
+    VERSION = "0.12.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.12.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-31 00:00:00.000000000 Z
+date: 2021-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -84,22 +84,16 @@ dependencies:
   name: zaikio-jwt_auth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.5.0
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -144,11 +138,13 @@ files:
 - Rakefile
 - app/controllers/zaikio/oauth_client/connections_controller.rb
 - app/controllers/zaikio/oauth_client/sessions_controller.rb
+- app/controllers/zaikio/oauth_client/subscriptions_controller.rb
 - app/helpers/zaikio/application_helper.rb
 - app/jobs/zaikio/application_job.rb
 - app/jobs/zaikio/cleanup_access_tokens_job.rb
 - app/models/zaikio/access_token.rb
 - config/initializers/inflections.rb
+- config/locales/de.yml
 - config/locales/en.yml
 - config/routes.rb
 - db/migrate/20190426155505_enable_postgres_extensions_for_uuids.rb
@@ -161,13 +157,14 @@ files:
 - lib/zaikio/oauth_client/client_configuration.rb
 - lib/zaikio/oauth_client/configuration.rb
 - lib/zaikio/oauth_client/engine.rb
+- lib/zaikio/oauth_client/error.rb
 - lib/zaikio/oauth_client/test_helper.rb
 - lib/zaikio/oauth_client/version.rb
 homepage: https://github.com/zaikio/zaikio-oauth_client
 licenses:
 - MIT
 metadata:
-  changelog_uri: https://github.com/zaikio/zaikio-oauth_client/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/zaikio/zaikio-oauth_client/blob/main/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: