Commit 789caf255085e62bc12451f542542c2a8cff3aa1
1 parent
c54913e7
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
added oauth signup token param to be used to confirm signup
Showing
10 changed files
with
106 additions
and
57 deletions
Show diff stats
lib/noosfero/api/api.rb
| @@ -11,9 +11,11 @@ module Noosfero | @@ -11,9 +11,11 @@ module Noosfero | ||
| 11 | logger.formatter = GrapeLogging::Formatters::Default.new | 11 | logger.formatter = GrapeLogging::Formatters::Default.new |
| 12 | use GrapeLogging::Middleware::RequestLogger, { logger: logger } | 12 | use GrapeLogging::Middleware::RequestLogger, { logger: logger } |
| 13 | 13 | ||
| 14 | - #rescue_from :all do |e| | ||
| 15 | - # logger.error e | ||
| 16 | - #end | 14 | + rescue_from :all do |e| |
| 15 | + #puts e.inspect | ||
| 16 | + #puts e.backtrace.inspect | ||
| 17 | + #logger.error e | ||
| 18 | + end | ||
| 17 | 19 | ||
| 18 | @@NOOSFERO_CONF = nil | 20 | @@NOOSFERO_CONF = nil |
| 19 | def self.NOOSFERO_CONF | 21 | def self.NOOSFERO_CONF |
lib/noosfero/api/session.rb
| @@ -33,8 +33,8 @@ module Noosfero | @@ -33,8 +33,8 @@ module Noosfero | ||
| 33 | params do | 33 | params do |
| 34 | requires :email, type: String, desc: _("Email") | 34 | requires :email, type: String, desc: _("Email") |
| 35 | requires :login, type: String, desc: _("Login") | 35 | requires :login, type: String, desc: _("Login") |
| 36 | - requires :password, type: String, desc: _("Password") | ||
| 37 | - requires :password_confirmation, type: String, desc: _("Password confirmation") | 36 | + #requires :password, type: String, desc: _("Password") |
| 37 | + #requires :password_confirmation, type: String, desc: _("Password confirmation") | ||
| 38 | end | 38 | end |
| 39 | post "/register" do | 39 | post "/register" do |
| 40 | attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields | 40 | attrs = attributes_for_keys [:email, :login, :password, :password_confirmation] + environment.signup_person_fields |
| @@ -47,7 +47,6 @@ module Noosfero | @@ -47,7 +47,6 @@ module Noosfero | ||
| 47 | 47 | ||
| 48 | user = User.new(attrs) | 48 | user = User.new(attrs) |
| 49 | if user.save | 49 | if user.save |
| 50 | - user.activate | ||
| 51 | user.generate_private_token! | 50 | user.generate_private_token! |
| 52 | present user, :with => Entities::UserLogin | 51 | present user, :with => Entities::UserLogin |
| 53 | else | 52 | else |
plugins/oauth_client/controllers/public/oauth_client_plugin_public_controller.rb
| @@ -53,8 +53,9 @@ class OauthClientPluginPublicController < PublicController | @@ -53,8 +53,9 @@ class OauthClientPluginPublicController < PublicController | ||
| 53 | 53 | ||
| 54 | # reading provider from session and writing to cache to read when | 54 | # reading provider from session and writing to cache to read when |
| 55 | # api calls register to confirm signup | 55 | # api calls register to confirm signup |
| 56 | - provider = OauthClientPlugin::Provider.find(session[:provider_id]) | ||
| 57 | - OauthClientPlugin.write_cache(auth.info.email, provider.id, auth.uid) | 56 | + auth_cach_hash = auth.to_hash |
| 57 | + auth_cach_hash[:provider_id] = session[:provider_id] | ||
| 58 | + signup_token = OauthClientPlugin::SignupDataStore.store_oauth_data(auth.info.email, auth_cach_hash) | ||
| 58 | 59 | ||
| 59 | session[:oauth_data] = auth | 60 | session[:oauth_data] = auth |
| 60 | session[:oauth_client_popup] = true if request.env.fetch("omniauth.params", {})['oauth_client_popup'] | 61 | session[:oauth_client_popup] = true if request.env.fetch("omniauth.params", {})['oauth_client_popup'] |
| @@ -63,7 +64,16 @@ class OauthClientPluginPublicController < PublicController | @@ -63,7 +64,16 @@ class OauthClientPluginPublicController < PublicController | ||
| 63 | name ||= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : '' | 64 | name ||= auth.extra && auth.extra.raw_info ? auth.extra.raw_info.name : '' |
| 64 | 65 | ||
| 65 | if session[:oauth_client_popup] | 66 | if session[:oauth_client_popup] |
| 66 | - redirect_to :controller => :oauth_client_plugin_public, :action => :finish, :user => {:login => login, :email => auth.info.email, :oauth_providers => [session[:provider_id]]}, :profile_data => {:name => name}, :oauth_client_popup => session[:oauth_client_popup] | 67 | + redirect_to :controller => :oauth_client_plugin_public, |
| 68 | + :action => :finish, | ||
| 69 | + :user => { | ||
| 70 | + :signup_token => signup_token, | ||
| 71 | + :login => login, | ||
| 72 | + :email => auth.info.email, | ||
| 73 | + :oauth_providers => [session[:provider_id]] | ||
| 74 | + }, | ||
| 75 | + :profile_data => {:name => name}, | ||
| 76 | + :oauth_client_popup => session[:oauth_client_popup] | ||
| 67 | else | 77 | else |
| 68 | redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email}, :profile_data => {:name => name} | 78 | redirect_to :controller => :account, :action => :signup, :user => {:login => login, :email => auth.info.email}, :profile_data => {:name => name} |
| 69 | end | 79 | end |
plugins/oauth_client/db/migrate/20150714200000_add_oauth_auth_fields_to_user_provider.rb
| 1 | -class AddOAuthAuthFieldsToUserProvider < ActiveRecord::Migration | 1 | +class AddOauthAuthFieldsToUserProvider < ActiveRecord::Migration |
| 2 | 2 | ||
| 3 | def self.up | 3 | def self.up |
| 4 | change_table :oauth_client_plugin_user_providers do |t| | 4 | change_table :oauth_client_plugin_user_providers do |t| |
| 5 | - t.string :token | ||
| 6 | - t.boolean :expires | ||
| 7 | - t.datetime :expiration_date | 5 | + t.text :oauth_data |
| 8 | end | 6 | end |
| 9 | end | 7 | end |
| 10 | 8 | ||
| 11 | def self.down | 9 | def self.down |
| 12 | - remove_column :oauth_client_plugin_user_providers, :token | ||
| 13 | - remove_column :oauth_client_plugin_user_providers, :expires | ||
| 14 | - remove_column :oauth_client_plugin_user_providers, :expiration_date | 10 | + remove_column :oauth_client_plugin_user_providers, :oauth_data |
| 15 | end | 11 | end |
| 16 | end | 12 | end |
plugins/oauth_client/lib/ext/environment.rb
| @@ -4,4 +4,10 @@ class Environment | @@ -4,4 +4,10 @@ class Environment | ||
| 4 | 4 | ||
| 5 | has_many :oauth_providers, :class_name => 'OauthClientPlugin::Provider' | 5 | has_many :oauth_providers, :class_name => 'OauthClientPlugin::Provider' |
| 6 | 6 | ||
| 7 | + def signup_person_fields_with_oauth | ||
| 8 | + signup_person_fields_without_oauth + [:oauth_signup_token] | ||
| 9 | + end | ||
| 10 | + | ||
| 11 | + alias_method_chain :signup_person_fields, :oauth | ||
| 12 | + | ||
| 7 | end | 13 | end |
plugins/oauth_client/lib/ext/user.rb
| @@ -6,34 +6,59 @@ class User | @@ -6,34 +6,59 @@ class User | ||
| 6 | has_many :oauth_providers, :through => :oauth_user_providers, :source => :provider | 6 | has_many :oauth_providers, :through => :oauth_user_providers, :source => :provider |
| 7 | 7 | ||
| 8 | def password_required_with_oauth? | 8 | def password_required_with_oauth? |
| 9 | + # user creation through api does not set oauth_providers | ||
| 10 | + check_providers | ||
| 9 | password_required_without_oauth? && oauth_providers.empty? | 11 | password_required_without_oauth? && oauth_providers.empty? |
| 10 | end | 12 | end |
| 11 | 13 | ||
| 14 | + def oauth_data | ||
| 15 | + @oauth_data | ||
| 16 | + end | ||
| 17 | + | ||
| 18 | + def oauth_signup_token= value | ||
| 19 | + @oauth_signup_token = value | ||
| 20 | + end | ||
| 21 | + | ||
| 22 | + def oauth_signup_token | ||
| 23 | + @oauth_signup_token | ||
| 24 | + end | ||
| 25 | + | ||
| 12 | alias_method_chain :password_required?, :oauth | 26 | alias_method_chain :password_required?, :oauth |
| 13 | 27 | ||
| 14 | after_create :activate_oauth_user | 28 | after_create :activate_oauth_user |
| 15 | 29 | ||
| 16 | - def activate_oauth_user | ||
| 17 | - # user creation through api does not set oauth_providers | ||
| 18 | - if oauth_providers.empty? | 30 | + # user creation through api does not set oauth_providers |
| 31 | + # so it is being shared through a distributed cache | ||
| 32 | + def check_providers | ||
| 33 | + if @call_count | ||
| 34 | + @call_count +=1 | ||
| 35 | + else | ||
| 36 | + @call_count = 0 | ||
| 37 | + end | ||
| 38 | + if oauth_providers.empty? && oauth_signup_token.present? | ||
| 19 | #check if is oauth user, reading oauth_data recorded at cache store | 39 | #check if is oauth user, reading oauth_data recorded at cache store |
| 20 | - oauth_data = OauthClientPlugin.read_cache_for(self.email) | ||
| 21 | - if oauth_data | ||
| 22 | - oauth_providers = [OauthClientPlugin::Provider.find(oauth_data[:provider])] | ||
| 23 | - OauthClientPlugin.delete_cache_for(self.email) | 40 | + @oauth_data = OauthClientPlugin::SignupDataStore.get_oauth_data(self.email, self.oauth_signup_token) |
| 41 | + if @oauth_data | ||
| 42 | + provider_id = @oauth_data.delete(:provider_id) | ||
| 43 | + self.oauth_providers = [OauthClientPlugin::Provider.find(provider_id)] | ||
| 24 | end | 44 | end |
| 25 | end | 45 | end |
| 46 | + end | ||
| 26 | 47 | ||
| 27 | - unless oauth_providers.empty? | ||
| 28 | - activate | ||
| 29 | - oauth_providers.each do |provider| | ||
| 30 | - OauthClientPlugin::UserProvider.create!(:user => self, :provider => provider, :enabled => true) | 48 | + def activate_oauth_user |
| 49 | + self.oauth_providers.each do |provider| | ||
| 50 | + OauthClientPlugin::UserProvider.create! do |user_provider| | ||
| 51 | + user_provider.user = self | ||
| 52 | + user_provider.provider = provider | ||
| 53 | + user_provider.enabled = true | ||
| 54 | + user_provider.oauth_data = oauth_data | ||
| 31 | end | 55 | end |
| 32 | end | 56 | end |
| 57 | + activate unless oauth_providers.empty? | ||
| 33 | end | 58 | end |
| 34 | 59 | ||
| 35 | def make_activation_code_with_oauth | 60 | def make_activation_code_with_oauth |
| 36 | - oauth_providers.blank? ? make_activation_code_without_oauth : nil | 61 | + self.oauth_providers.blank? ? make_activation_code_without_oauth : nil |
| 37 | end | 62 | end |
| 38 | 63 | ||
| 39 | alias_method_chain :make_activation_code, :oauth | 64 | alias_method_chain :make_activation_code, :oauth |
plugins/oauth_client/lib/oauth_client_plugin.rb
| @@ -10,35 +10,6 @@ class OauthClientPlugin < Noosfero::Plugin | @@ -10,35 +10,6 @@ class OauthClientPlugin < Noosfero::Plugin | ||
| 10 | _("Login with Oauth.") | 10 | _("Login with Oauth.") |
| 11 | end | 11 | end |
| 12 | 12 | ||
| 13 | - def self.cache_prefix | ||
| 14 | - 'CACHE_OAUTH_CLIENT_AUTH' | ||
| 15 | - end | ||
| 16 | - | ||
| 17 | - def self.cache_name_for email | ||
| 18 | - "#{cache_prefix}_#{email}" | ||
| 19 | - end | ||
| 20 | - | ||
| 21 | - def self.read_cache_for email | ||
| 22 | - if cache_value = Rails.cache.fetch(cache_name_for(email)) | ||
| 23 | - if cache_value.include?('-') | ||
| 24 | - cache_arr = cache_value.split('-') | ||
| 25 | - return { | ||
| 26 | - provider: cache_arr[0], | ||
| 27 | - uid: cache_arr[1] | ||
| 28 | - } | ||
| 29 | - end | ||
| 30 | - end | ||
| 31 | - end | ||
| 32 | - | ||
| 33 | - def self.write_cache email, provider, uid | ||
| 34 | - Rails.cache.write(cache_name_for(email), "#{provider}-#{uid}" , :expires_in => 300) | ||
| 35 | - end | ||
| 36 | - | ||
| 37 | - def self.delete_cache_for email | ||
| 38 | - Rails.cache.delete(cache_name_for(email)) | ||
| 39 | - end | ||
| 40 | - | ||
| 41 | - | ||
| 42 | def login_extra_contents | 13 | def login_extra_contents |
| 43 | plugin = self | 14 | plugin = self |
| 44 | proc do | 15 | proc do |
plugins/oauth_client/lib/oauth_client_plugin/signup_data_store.rb
0 → 100644
| @@ -0,0 +1,34 @@ | @@ -0,0 +1,34 @@ | ||
| 1 | +# A Distributed Cache Store is needed | ||
| 2 | +# to save oauth autenthication to be | ||
| 3 | +# used on OAUTH flow using the Noosfero REST API. | ||
| 4 | +# Because of the nature session less of api implementation | ||
| 5 | +# When using more than one server is strongly recomended | ||
| 6 | +# provide your Rails application with a distributed Cache Store, | ||
| 7 | +# otherwise you will have to rely on client/server affinify provided by | ||
| 8 | +# network infrastructure | ||
| 9 | +class OauthClientPlugin::SignupDataStore | ||
| 10 | + | ||
| 11 | + def self.key_name_for email, signup_token | ||
| 12 | + "#{email}_#{signup_token}" | ||
| 13 | + end | ||
| 14 | + | ||
| 15 | + def self.get_oauth_data email, signup_token | ||
| 16 | + key_name = key_name_for(email, signup_token) | ||
| 17 | + puts "OAUTH_KEY_NAME :::: #{key_name}" | ||
| 18 | + oauth_data = Rails.cache.fetch(key_name) | ||
| 19 | + Rails.cache.delete(key_name) | ||
| 20 | + oauth_data | ||
| 21 | + end | ||
| 22 | + | ||
| 23 | + def self.store_oauth_data email, auth_obj | ||
| 24 | + signup_token = SecureRandom.hex | ||
| 25 | + Rails.cache.write(key_name_for(email, signup_token), auth_obj, :expires_in => 300) | ||
| 26 | + signup_token | ||
| 27 | + end | ||
| 28 | + | ||
| 29 | + def self.delete_cache_for email | ||
| 30 | + Rails.cache.delete(cache_name_for(email)) | ||
| 31 | + end | ||
| 32 | + | ||
| 33 | + | ||
| 34 | +end |
plugins/oauth_client/lib/oauth_client_plugin/user_provider.rb
| @@ -7,4 +7,5 @@ class OauthClientPlugin::UserProvider < Noosfero::Plugin::ActiveRecord | @@ -7,4 +7,5 @@ class OauthClientPlugin::UserProvider < Noosfero::Plugin::ActiveRecord | ||
| 7 | 7 | ||
| 8 | attr_accessible :user, :provider, :enabled | 8 | attr_accessible :user, :provider, :enabled |
| 9 | 9 | ||
| 10 | + acts_as_having_settings :field => :oauth_data | ||
| 10 | end | 11 | end |
plugins/oauth_client/test/unit/user_test.rb
| @@ -37,6 +37,11 @@ class UserTest < ActiveSupport::TestCase | @@ -37,6 +37,11 @@ class UserTest < ActiveSupport::TestCase | ||
| 37 | assert user.activation_code | 37 | assert user.activation_code |
| 38 | end | 38 | end |
| 39 | 39 | ||
| 40 | + should 'not send activation email when created with oauth' do | ||
| 41 | + UserMailer.expects(:activation_code).never | ||
| 42 | + user = User.create!(:email => 'testoauth@example.com', :login => 'testoauth', :oauth_providers => [provider]) | ||
| 43 | + end | ||
| 44 | + | ||
| 40 | should 'save oauth token when create with oauth' do | 45 | should 'save oauth token when create with oauth' do |
| 41 | 46 | ||
| 42 | end | 47 | end |