oauth_client: deserialize fields and improve authentication

Braulio Bhavamitra
1 parent c5776ba3
Showing 14 changed files with 136 additions and 66 deletions Show diff stats
plugins/oauth_client/controllers/public/oauth_client_plugin_public_controller.rb
plugins/oauth_client/db/migrate/20150815170000_deserialize_fields_on_oauth_client_plugin_provider.rb
plugins/oauth_client/db/migrate/20150815173209_add_authorization_data_to_oauth_client_user_provider.rb
plugins/oauth_client/lib/ext/profile.rb
plugins/oauth_client/lib/ext/user.rb
plugins/oauth_client/lib/oauth_client_plugin.rb
plugins/oauth_client/lib/oauth_client_plugin/provider.rb
plugins/oauth_client/lib/oauth_client_plugin/user_provider.rb
plugins/oauth_client/models/oauth_client_plugin/auth.rb
plugins/oauth_client/models/oauth_client_plugin/provider.rb
plugins/oauth_client/test/functional/oauth_client_plugin_public_controller_test.rb
plugins/oauth_client/test/unit/environment_test.rb
plugins/oauth_client/test/unit/oauth_client_plugin_test.rb
plugins/oauth_client/test/unit/user_test.rb
@@ -4,8 +4,8 @@ class OauthClientPluginPublicController &lt; PublicController
  
   def callback
     auth = request.env["omniauth.auth"]
-    user = environment.users.find_by_email(auth.info.email)
-    user ? login(user) : signup(auth)
+    auth_user = environment.users.where(email: auth.info.email).first
+    if auth_user then login auth_user.person else signup auth end
   end
  
   def failure
@@ -20,16 +20,14 @@ class OauthClientPluginPublicController &lt; PublicController
  
   protected
  
-  def login(user)
+  def login person
     provider = OauthClientPlugin::Provider.find(session[:provider_id])
-    user_provider = user.oauth_user_providers.find_by_provider_id(provider.id)
-    unless user_provider
-      user_provider = user.oauth_user_providers.create(:user => user, :provider => provider, :enabled => true)
-    end
-    if user_provider.enabled? && provider.enabled?
-      session[:user] = user.id
+    auth = person.oauth_auths.where(provider_id: provider.id).first
+    auth ||= person.oauth_auths.create! profile: person, provider: provider, enabled: true
+    if auth.enabled? && provider.enabled?
+      self.current_user = person.user
     else
-      session[:notice] = _("Can't login with %s") % provider.name
+      session[:notice] = _("Can't login with #{provider.name}")
     end
  
     redirect_to :controller => :account, :action => :login
@@ -0,0 +1,20 @@
+class DeserializeFieldsOnOauthClientPluginProvider < ActiveRecord::Migration
+
+  def up
+    add_column :oauth_client_plugin_providers, :client_id, :text
+    add_column :oauth_client_plugin_providers, :client_secret, :text
+
+    OauthClientPlugin::Provider.find_each batch_size: 50 do |provider|
+      provider.client_id = provider.options.delete :client_id
+      provider.client_secret = provider.options.delete :client_secret
+      provider.save!
+    end
+
+    add_index :oauth_client_plugin_providers, :client_id
+  end
+
+  def down
+    say "this migration can't be reverted"
+  end
+
+end
@@ -0,0 +1,26 @@
+class AddAuthorizationDataToOauthClientUserProvider < ActiveRecord::Migration
+
+  def change
+    rename_table :oauth_client_plugin_user_providers, :oauth_client_plugin_auths
+
+    add_column :oauth_client_plugin_auths, :type, :string
+    add_column :oauth_client_plugin_auths, :provider_user_id, :string
+    add_column :oauth_client_plugin_auths, :access_token, :text
+    add_column :oauth_client_plugin_auths, :expires_at, :datetime
+    add_column :oauth_client_plugin_auths, :scope, :text
+    add_column :oauth_client_plugin_auths, :data, :text, default: {}.to_yaml
+
+    add_column :oauth_client_plugin_auths, :profile_id, :integer
+    OauthClientPlugin::Auth.find_each batch_size: 50 do |auth|
+      auth.profile = User.find(auth.user_id).person
+      auth.save!
+    end
+    remove_column :oauth_client_plugin_auths, :user_id
+
+    add_index :oauth_client_plugin_auths, :profile_id
+    add_index :oauth_client_plugin_auths, :provider_id
+    add_index :oauth_client_plugin_auths, :provider_user_id
+    add_index :oauth_client_plugin_auths, :type
+  end
+
+end
@@ -0,0 +1,8 @@
+require_dependency 'profile'
+
+class Profile
+
+  has_many :oauth_auths, class_name: 'OauthClientPlugin::Auth', dependent: :destroy
+  has_many :oauth_providers, through: :oauth_auths, source: :provider
+
+end
@@ -2,8 +2,14 @@ require_dependency &#39;user&#39;
  
 class User
  
-  has_many :oauth_user_providers, :class_name => 'OauthClientPlugin::UserProvider'
-  has_many :oauth_providers, :through => :oauth_user_providers, :source => :provider
+  has_many :oauth_auths, through: :person
+  has_many :oauth_providers, through: :oauth_auths, source: :provider
+
+  after_create :activate_oauth_user
+
+  def activate_oauth_user
+    self.activate if oauth_providers.present?
+  end
  
   def password_required_with_oauth?
     password_required_without_oauth? && oauth_providers.empty?
@@ -11,17 +17,6 @@ class User
  
   alias_method_chain :password_required?, :oauth
  
-  after_create :activate_oauth_user
-
-  def activate_oauth_user
-    unless oauth_providers.empty?
-      activate
-      oauth_providers.each do |provider|
-        OauthClientPlugin::UserProvider.create!(:user => self, :provider => provider, :enabled => true)
-      end
-    end
-  end
-
   def make_activation_code_with_oauth
     oauth_providers.blank? ? make_activation_code_without_oauth : nil
   end
@@ -45,7 +45,9 @@ class OauthClientPlugin &lt; Noosfero::Plugin
     true
   end
  
-  OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
+  Rails.configuration.to_prepare do
+    OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
+  end
  
   Rails.application.config.middleware.use OmniAuth::Builder do
     PROVIDERS.each do |provider, options|
@@ -60,7 +62,8 @@ class OauthClientPlugin &lt; Noosfero::Plugin
         provider_id = request.params['id']
         provider_id ||= request.session['omniauth.params']['id'] if request.session['omniauth.params']
         provider = environment.oauth_providers.find(provider_id)
-        strategy.options.merge!(provider.options.symbolize_keys)
+        strategy.options.merge! client_id: provider.client_id, client_secret: provider.client_secret
+        strategy.options.merge! provider.options.symbolize_keys
  
         request.session[:provider_id] = provider_id
       }
@@ -1,20 +0,0 @@
-class OauthClientPlugin::Provider < Noosfero::Plugin::ActiveRecord
-
-  belongs_to :environment
-
-  validates_presence_of :name, :strategy
-
-  acts_as_having_image
-  acts_as_having_settings :field => :options
-
-  settings_items :client_id, :type => :string
-  settings_items :client_secret, :type => :string
-  settings_items :client_options, :type => Hash
-
-  attr_accessible :name, :environment, :strategy, :client_id, :client_secret, :enabled, :client_options, :image_builder
-
-  scope :enabled, :conditions => {:enabled => true}
-
-  acts_as_having_image
-
-end
@@ -1,10 +0,0 @@
-class OauthClientPlugin::UserProvider < Noosfero::Plugin::ActiveRecord
-
-   belongs_to :user, :class_name => 'User'
-   belongs_to :provider, :class_name => 'OauthClientPlugin::Provider'
-
-   set_table_name :oauth_client_plugin_user_providers
-
-   attr_accessible :user, :provider, :enabled
-
-end
@@ -0,0 +1,29 @@
+class OauthClientPlugin::Auth < ActiveRecord::Base
+
+  attr_accessible :profile, :provider, :enabled,
+    :access_token, :expires_in
+
+  belongs_to :profile, class_name: 'Profile'
+  belongs_to :provider, class_name: 'OauthClientPlugin::Provider'
+
+  validates_presence_of :profile
+  validates_presence_of :provider
+  validates_uniqueness_of :profile_id, scope: :provider_id
+
+  acts_as_having_settings field: :data
+
+  def expires_in
+    self.expires_at - Time.now
+  end
+  def expires_in= value
+    self.expires_at = Time.now + value.to_i
+  end
+
+  def expired?
+    Time.now > self.expires_at rescue true
+  end
+  def not_expired?
+    not self.expired?
+  end
+
+end
@@ -0,0 +1,21 @@
+class OauthClientPlugin::Provider < ActiveRecord::Base
+
+  belongs_to :environment
+
+  validates_presence_of :name, :strategy
+
+  acts_as_having_image
+  acts_as_having_settings field: :options
+
+  settings_items :site, type: String
+  settings_items :client_options, type: Hash
+
+  attr_accessible :name, :strategy, :enabled, :site, :image_builder,
+    :environment, :environment_id,
+    :client_id, :client_secret, :client_options
+
+  scope :enabled, -> { where enabled: true }
+
+  acts_as_having_image
+
+end
-require File.dirname(__FILE__) + '/../test_helper'
+require 'test_helper'
  
 class OauthClientPluginPublicControllerTest < ActionController::TestCase
  
@@ -21,7 +21,7 @@ class OauthClientPluginPublicControllerTest &lt; ActionController::TestCase
   end
  
   should 'redirect to login when user is found' do
-    user = fast_create(User, :environment_id => environment.id)
+    user = create_user
     auth.info.stubs(:email).returns(user.email)
     auth.info.stubs(:name).returns(user.name)
     session[:provider_id] = provider.id
@@ -32,7 +32,7 @@ class OauthClientPluginPublicControllerTest &lt; ActionController::TestCase
   end
  
   should 'do not login when the provider is disabled' do
-    user = fast_create(User, :environment_id => environment.id)
+    user = create_user
     auth.info.stubs(:email).returns(user.email)
     auth.info.stubs(:name).returns(user.name)
     session[:provider_id] = provider.id
@@ -44,11 +44,11 @@ class OauthClientPluginPublicControllerTest &lt; ActionController::TestCase
   end
  
   should 'do not login when the provider is disabled for a user' do
-    user = fast_create(User, :environment_id => environment.id)
+    user = create_user
     auth.info.stubs(:email).returns(user.email)
     auth.info.stubs(:name).returns(user.name)
     session[:provider_id] = provider.id
-    user.oauth_user_providers.create(:user => user, :provider => provider, :enabled => false)
+    user.person.oauth_auths.create!(profile: user.person, provider: provider, enabled: false)
  
     get :callback
     assert_redirected_to :controller => :account, :action => :login
@@ -56,7 +56,7 @@ class OauthClientPluginPublicControllerTest &lt; ActionController::TestCase
   end
  
   should 'save provider when an user login with it' do
-    user = fast_create(User, :environment_id => environment.id)
+    user = create_user
     auth.info.stubs(:email).returns(user.email)
     auth.info.stubs(:name).returns(user.name)
     session[:provider_id] = provider.id
@@ -66,13 +66,13 @@ class OauthClientPluginPublicControllerTest &lt; ActionController::TestCase
   end
  
   should 'do not duplicate relations between an user and a provider when the same provider was used again in a login' do
-    user = fast_create(User, :environment_id => environment.id)
+    user = create_user
     auth.info.stubs(:email).returns(user.email)
     auth.info.stubs(:name).returns(user.name)
     session[:provider_id] = provider.id
  
     get :callback
-    assert_no_difference 'user.oauth_user_providers.count' do
+    assert_no_difference 'user.oauth_auths.count' do
       3.times { get :callback }
     end
   end
-require File.dirname(__FILE__) + '/../test_helper'
+require 'test_helper'
  
 class UserTest < ActiveSupport::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require 'test_helper'
  
 class OauthClientPluginTest < ActiveSupport::TestCase
  
-require File.dirname(__FILE__) + '/../test_helper'
+require 'test_helper'
  
 class UserTest < ActiveSupport::TestCase
...	...	@@ -4,8 +4,8 @@ class OauthClientPluginPublicController < PublicController
4	4
5	5	def callback
6	6	auth = request.env["omniauth.auth"]
7		- user = environment.users.find_by_email(auth.info.email)
8		- user ? login(user) : signup(auth)
	7	+ auth_user = environment.users.where(email: auth.info.email).first
	8	+ if auth_user then login auth_user.person else signup auth end
9	9	end
10	10
11	11	def failure
...	...	@@ -20,16 +20,14 @@ class OauthClientPluginPublicController < PublicController
20	20
21	21	protected
22	22
23		- def login(user)
	23	+ def login person
24	24	provider = OauthClientPlugin::Provider.find(session[:provider_id])
25		- user_provider = user.oauth_user_providers.find_by_provider_id(provider.id)
26		- unless user_provider
27		- user_provider = user.oauth_user_providers.create(:user => user, :provider => provider, :enabled => true)
28		- end
29		- if user_provider.enabled? && provider.enabled?
30		- session[:user] = user.id
	25	+ auth = person.oauth_auths.where(provider_id: provider.id).first
	26	+ auth \|\|= person.oauth_auths.create! profile: person, provider: provider, enabled: true
	27	+ if auth.enabled? && provider.enabled?
	28	+ self.current_user = person.user
31	29	else
32		- session[:notice] = _("Can't login with %s") % provider.name
	30	+ session[:notice] = _("Can't login with #{provider.name}")
33	31	end
34	32
35	33	redirect_to :controller => :account, :action => :login
...	...
...	...	@@ -0,0 +1,20 @@
	1	+class DeserializeFieldsOnOauthClientPluginProvider < ActiveRecord::Migration
	2	+
	3	+ def up
	4	+ add_column :oauth_client_plugin_providers, :client_id, :text
	5	+ add_column :oauth_client_plugin_providers, :client_secret, :text
	6	+
	7	+ OauthClientPlugin::Provider.find_each batch_size: 50 do \|provider\|
	8	+ provider.client_id = provider.options.delete :client_id
	9	+ provider.client_secret = provider.options.delete :client_secret
	10	+ provider.save!
	11	+ end
	12	+
	13	+ add_index :oauth_client_plugin_providers, :client_id
	14	+ end
	15	+
	16	+ def down
	17	+ say "this migration can't be reverted"
	18	+ end
	19	+
	20	+end
...	...
...	...	@@ -0,0 +1,26 @@
	1	+class AddAuthorizationDataToOauthClientUserProvider < ActiveRecord::Migration
	2	+
	3	+ def change
	4	+ rename_table :oauth_client_plugin_user_providers, :oauth_client_plugin_auths
	5	+
	6	+ add_column :oauth_client_plugin_auths, :type, :string
	7	+ add_column :oauth_client_plugin_auths, :provider_user_id, :string
	8	+ add_column :oauth_client_plugin_auths, :access_token, :text
	9	+ add_column :oauth_client_plugin_auths, :expires_at, :datetime
	10	+ add_column :oauth_client_plugin_auths, :scope, :text
	11	+ add_column :oauth_client_plugin_auths, :data, :text, default: {}.to_yaml
	12	+
	13	+ add_column :oauth_client_plugin_auths, :profile_id, :integer
	14	+ OauthClientPlugin::Auth.find_each batch_size: 50 do \|auth\|
	15	+ auth.profile = User.find(auth.user_id).person
	16	+ auth.save!
	17	+ end
	18	+ remove_column :oauth_client_plugin_auths, :user_id
	19	+
	20	+ add_index :oauth_client_plugin_auths, :profile_id
	21	+ add_index :oauth_client_plugin_auths, :provider_id
	22	+ add_index :oauth_client_plugin_auths, :provider_user_id
	23	+ add_index :oauth_client_plugin_auths, :type
	24	+ end
	25	+
	26	+end
...	...
...	...	@@ -0,0 +1,8 @@
	1	+require_dependency 'profile'
	2	+
	3	+class Profile
	4	+
	5	+ has_many :oauth_auths, class_name: 'OauthClientPlugin::Auth', dependent: :destroy
	6	+ has_many :oauth_providers, through: :oauth_auths, source: :provider
	7	+
	8	+end
...	...
...	...	@@ -2,8 +2,14 @@ require_dependency 'user'
2	2
3	3	class User
4	4
5		- has_many :oauth_user_providers, :class_name => 'OauthClientPlugin::UserProvider'
6		- has_many :oauth_providers, :through => :oauth_user_providers, :source => :provider
	5	+ has_many :oauth_auths, through: :person
	6	+ has_many :oauth_providers, through: :oauth_auths, source: :provider
	7	+
	8	+ after_create :activate_oauth_user
	9	+
	10	+ def activate_oauth_user
	11	+ self.activate if oauth_providers.present?
	12	+ end
7	13
8	14	def password_required_with_oauth?
9	15	password_required_without_oauth? && oauth_providers.empty?
...	...	@@ -11,17 +17,6 @@ class User
11	17
12	18	alias_method_chain :password_required?, :oauth
13	19
14		- after_create :activate_oauth_user
15		-
16		- def activate_oauth_user
17		- unless oauth_providers.empty?
18		- activate
19		- oauth_providers.each do \|provider\|
20		- OauthClientPlugin::UserProvider.create!(:user => self, :provider => provider, :enabled => true)
21		- end
22		- end
23		- end
24		-
25	20	def make_activation_code_with_oauth
26	21	oauth_providers.blank? ? make_activation_code_without_oauth : nil
27	22	end
...	...
...	...	@@ -45,7 +45,9 @@ class OauthClientPlugin < Noosfero::Plugin
45	45	true
46	46	end
47	47
48		- OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
	48	+ Rails.configuration.to_prepare do
	49	+ OmniAuth.config.on_failure = OauthClientPluginPublicController.action(:failure)
	50	+ end
49	51
50	52	Rails.application.config.middleware.use OmniAuth::Builder do
51	53	PROVIDERS.each do \|provider, options\|
...	...	@@ -60,7 +62,8 @@ class OauthClientPlugin < Noosfero::Plugin
60	62	provider_id = request.params['id']
61	63	provider_id \|\|= request.session['omniauth.params']['id'] if request.session['omniauth.params']
62	64	provider = environment.oauth_providers.find(provider_id)
63		- strategy.options.merge!(provider.options.symbolize_keys)
	65	+ strategy.options.merge! client_id: provider.client_id, client_secret: provider.client_secret
	66	+ strategy.options.merge! provider.options.symbolize_keys
64	67
65	68	request.session[:provider_id] = provider_id
66	69	}
...	...
...	...	@@ -1,20 +0,0 @@
1		-class OauthClientPlugin::Provider < Noosfero::Plugin::ActiveRecord
2		-
3		- belongs_to :environment
4		-
5		- validates_presence_of :name, :strategy
6		-
7		- acts_as_having_image
8		- acts_as_having_settings :field => :options
9		-
10		- settings_items :client_id, :type => :string
11		- settings_items :client_secret, :type => :string
12		- settings_items :client_options, :type => Hash
13		-
14		- attr_accessible :name, :environment, :strategy, :client_id, :client_secret, :enabled, :client_options, :image_builder
15		-
16		- scope :enabled, :conditions => {:enabled => true}
17		-
18		- acts_as_having_image
19		-
20		-end
...	...	@@ -1,10 +0,0 @@
1		-class OauthClientPlugin::UserProvider < Noosfero::Plugin::ActiveRecord
2		-
3		- belongs_to :user, :class_name => 'User'
4		- belongs_to :provider, :class_name => 'OauthClientPlugin::Provider'
5		-
6		- set_table_name :oauth_client_plugin_user_providers
7		-
8		- attr_accessible :user, :provider, :enabled
9		-
10		-end
...	...	@@ -0,0 +1,29 @@
	1	+class OauthClientPlugin::Auth < ActiveRecord::Base
	2	+
	3	+ attr_accessible :profile, :provider, :enabled,
	4	+ :access_token, :expires_in
	5	+
	6	+ belongs_to :profile, class_name: 'Profile'
	7	+ belongs_to :provider, class_name: 'OauthClientPlugin::Provider'
	8	+
	9	+ validates_presence_of :profile
	10	+ validates_presence_of :provider
	11	+ validates_uniqueness_of :profile_id, scope: :provider_id
	12	+
	13	+ acts_as_having_settings field: :data
	14	+
	15	+ def expires_in
	16	+ self.expires_at - Time.now
	17	+ end
	18	+ def expires_in= value
	19	+ self.expires_at = Time.now + value.to_i
	20	+ end
	21	+
	22	+ def expired?
	23	+ Time.now > self.expires_at rescue true
	24	+ end
	25	+ def not_expired?
	26	+ not self.expired?
	27	+ end
	28	+
	29	+end
...	...
...	...	@@ -0,0 +1,21 @@
	1	+class OauthClientPlugin::Provider < ActiveRecord::Base
	2	+
	3	+ belongs_to :environment
	4	+
	5	+ validates_presence_of :name, :strategy
	6	+
	7	+ acts_as_having_image
	8	+ acts_as_having_settings field: :options
	9	+
	10	+ settings_items :site, type: String
	11	+ settings_items :client_options, type: Hash
	12	+
	13	+ attr_accessible :name, :strategy, :enabled, :site, :image_builder,
	14	+ :environment, :environment_id,
	15	+ :client_id, :client_secret, :client_options
	16	+
	17	+ scope :enabled, -> { where enabled: true }
	18	+
	19	+ acts_as_having_image
	20	+
	21	+end
...	...