From 45cb1146e47385b0a89b0755aae6c8211224442e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Miedes=20Garc=C3=A9s?= Date: Wed, 16 Sep 2020 20:03:37 +0200 Subject: [PATCH] Move RequestToken and AccessToken into Carto namespace --- app/controllers/oauth_controller.rb | 4 +- app/models/access_token.rb | 30 -------------- app/models/carto/access_token.rb | 32 +++++++++++++++ app/models/carto/request_token.rb | 39 +++++++++++++++++++ app/models/client_application.rb | 4 +- app/models/request_token.rb | 37 ------------------ config/initializers/warden.rb | 2 +- spec/models/access_token_spec.rb | 6 +-- spec/models/user_part_crud_spec.rb | 6 +-- .../user_metadata_export_service_spec.rb | 4 +- spec/support/factories/access_tokens.rb | 2 +- 11 files changed, 85 insertions(+), 81 deletions(-) delete mode 100644 app/models/access_token.rb create mode 100644 app/models/carto/access_token.rb create mode 100644 app/models/carto/request_token.rb delete mode 100644 app/models/request_token.rb diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb index 41807a3119..f68657831d 100644 --- a/app/controllers/oauth_controller.rb +++ b/app/controllers/oauth_controller.rb @@ -20,8 +20,8 @@ class OauthController < ApplicationController def access_token_with_xauth if params[:x_auth_mode] == 'client_auth' if user = authenticate(params[:x_auth_username], params[:x_auth_password]) - @token = AccessToken.filter(:user => user, :client_application => current_client_application, :invalidated_at => nil).limit(1).first - @token = AccessToken.create(:user => user, :client_application => current_client_application) if @token.blank? + @token = Carto::AccessToken.filter(:user => user, :client_application => current_client_application, :invalidated_at => nil).limit(1).first + @token = Carto::AccessToken.create(:user => user, :client_application => current_client_application) if @token.blank? if @token render :text => @token.to_query diff --git a/app/models/access_token.rb b/app/models/access_token.rb deleted file mode 100644 index 6858cf6f0e..0000000000 --- a/app/models/access_token.rb +++ /dev/null @@ -1,30 +0,0 @@ -class AccessToken < Carto::OauthToken - - before_create :set_authorized_at - after_create :store_api_credentials - after_destroy :clear_api_credentials - - private - - def metadata_key - "rails:oauth_access_tokens:#{token}" - end - - def set_authorized_at - self.authorized_at = Time.now - end - - def store_api_credentials - $api_credentials.hset metadata_key, "consumer_key", client_application.key - $api_credentials.hset metadata_key, "consumer_secret", client_application.secret - $api_credentials.hset metadata_key, "access_token_token", token - $api_credentials.hset metadata_key, "access_token_secret", secret - $api_credentials.hset metadata_key, "user_id", user_id - $api_credentials.hset metadata_key, "time", authorized_at - end - - def clear_api_credentials - $api_credentials.del metadata_key - end - -end diff --git a/app/models/carto/access_token.rb b/app/models/carto/access_token.rb new file mode 100644 index 0000000000..5ff3efdcaf --- /dev/null +++ b/app/models/carto/access_token.rb @@ -0,0 +1,32 @@ +module Carto + class AccessToken < OauthToken + + before_create :set_authorized_at + after_create :store_api_credentials + after_destroy :clear_api_credentials + + private + + def metadata_key + "rails:oauth_access_tokens:#{token}" + end + + def set_authorized_at + self.authorized_at = Time.now + end + + def store_api_credentials + $api_credentials.hset metadata_key, "consumer_key", client_application.key + $api_credentials.hset metadata_key, "consumer_secret", client_application.secret + $api_credentials.hset metadata_key, "access_token_token", token + $api_credentials.hset metadata_key, "access_token_secret", secret + $api_credentials.hset metadata_key, "user_id", user_id + $api_credentials.hset metadata_key, "time", authorized_at + end + + def clear_api_credentials + $api_credentials.del metadata_key + end + + end +end diff --git a/app/models/carto/request_token.rb b/app/models/carto/request_token.rb new file mode 100644 index 0000000000..c1d2a64baf --- /dev/null +++ b/app/models/carto/request_token.rb @@ -0,0 +1,39 @@ +module Carto + class RequestToken < OauthToken + + attr_accessor :provided_oauth_verifier + + def authorize!(user) + return false if authorized? + + new_attributes = { user: user, authorized_at: Time.now } + new_attributes[:verifier] = OAuth::Helper.generate_key(20)[0,20] unless oauth10? + + update!(new_attributes) + end + + def exchange! + return false unless authorized? + return false unless oauth10? || verifier == provided_oauth_verifier + + ActiveRecord::Base.transaction do + access_token = Carto::AccessToken.create!(user: user, client_application: client_application) + invalidate! + access_token + end + end + + def to_query + oauth10? ? super : "#{super}&oauth_callback_confirmed=true" + end + + def oob? + callback_url == 'oob' + end + + def oauth10? + (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && callback_url.blank? + end + + end +end diff --git a/app/models/client_application.rb b/app/models/client_application.rb index 1ce1a40594..93ed3efd97 100644 --- a/app/models/client_application.rb +++ b/app/models/client_application.rb @@ -26,7 +26,7 @@ class ClientApplication < Sequel::Model def self.find_token(token_key) return nil if token_key.nil? - token = ::RequestToken.find_by(token: token_key) || ::AccessToken.find_by(token: token_key) + token = Carto::RequestToken.find_by(token: token_key) || Carto::AccessToken.find_by(token: token_key) token && token.authorized? ? token : nil end @@ -64,7 +64,7 @@ class ClientApplication < Sequel::Model # If your application requires passing in extra parameters handle it here def create_request_token(params={}) - RequestToken.create :client_application => self, :callback_url=>self.token_callback_url + Carto::RequestToken.create :client_application => self, :callback_url=>self.token_callback_url end def before_create diff --git a/app/models/request_token.rb b/app/models/request_token.rb deleted file mode 100644 index 5908b7e976..0000000000 --- a/app/models/request_token.rb +++ /dev/null @@ -1,37 +0,0 @@ -class RequestToken < Carto::OauthToken - - attr_accessor :provided_oauth_verifier - - def authorize!(user) - return false if authorized? - - new_attributes = { user: user, authorized_at: Time.now } - new_attributes[:verifier] = OAuth::Helper.generate_key(20)[0,20] unless oauth10? - - update!(new_attributes) - end - - def exchange! - return false unless authorized? - return false unless oauth10? || verifier == provided_oauth_verifier - - ActiveRecord::Base.transaction do - access_token = AccessToken.create!(user: user, client_application: client_application) - invalidate! - access_token - end - end - - def to_query - oauth10? ? super : "#{super}&oauth_callback_confirmed=true" - end - - def oob? - callback_url == 'oob' - end - - def oauth10? - (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && callback_url.blank? - end - -end diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb index 6bbe24b59f..6739aac071 100644 --- a/config/initializers/warden.rb +++ b/config/initializers/warden.rb @@ -190,7 +190,7 @@ Warden::Strategies.add(:api_authentication) do [(@oauth_token.nil? ? nil : @oauth_token.secret), (@oauth_token.nil? || @oauth_token.client_application.nil? ? nil : @oauth_token.client_application.secret)] end - if @oauth_token && @oauth_token.is_a?(::AccessToken) + if @oauth_token && @oauth_token.is_a?(Carto::AccessToken) user = ::User.find_with_custom_fields(@oauth_token.user_id) if user.enable_account_token.nil? success!(user) and return diff --git a/spec/models/access_token_spec.rb b/spec/models/access_token_spec.rb index 9ec7bc7f08..ec287a2519 100644 --- a/spec/models/access_token_spec.rb +++ b/spec/models/access_token_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe AccessToken do +describe Carto::AccessToken do let(:carto_user) { @user.carto_user } @@ -17,7 +17,7 @@ describe AccessToken do it "should store tokens in redis when it is created" do client_application = carto_user.client_application - access_token = AccessToken.create(:user => carto_user, :client_application => client_application) + access_token = Carto::AccessToken.create(:user => carto_user, :client_application => client_application) access_token.present? base_key = "rails:oauth_access_tokens:#{access_token.token}" @@ -32,7 +32,7 @@ describe AccessToken do it "should remove tokens from redis when it is destroyed" do client_application = carto_user.client_application - access_token = AccessToken.create(:user => carto_user, :client_application => client_application) + access_token = Carto::AccessToken.create(:user => carto_user, :client_application => client_application) access_token.present? base_key = "rails:oauth_access_tokens:#{access_token.token}" diff --git a/spec/models/user_part_crud_spec.rb b/spec/models/user_part_crud_spec.rb index f7f92f0244..a8898e988d 100644 --- a/spec/models/user_part_crud_spec.rb +++ b/spec/models/user_part_crud_spec.rb @@ -243,7 +243,7 @@ describe User do user = create_user(email: 'clientapp@example.com', username: 'clientapp', password: @user_password) user.create_client_application - user.client_application.access_tokens << ::AccessToken.new( + user.client_application.access_tokens << Carto::AccessToken.new( token: "access_token", secret: "access_secret", callback_url: "http://callback2", @@ -252,7 +252,7 @@ describe User do client_application_id: user.client_application.id ).save - user.client_application.oauth_tokens << ::Carto::OauthToken.create!( + user.client_application.oauth_tokens << Carto::OauthToken.create!( token: "oauth_token", secret: "oauth_secret", callback_url: "http//callback.com", @@ -272,7 +272,7 @@ describe User do user.destroy expect(ClientApplication.where(user_id: user.id).first).to be_nil - expect(AccessToken.where(user_id: user.id).first).to be_nil + expect(Carto::AccessToken.where(user_id: user.id).first).to be_nil expect(Carto::OauthToken.where(user_id: user.id).first).to be_nil $api_credentials.keys.should_not include(base_key) end diff --git a/spec/services/carto/user_metadata_export_service_spec.rb b/spec/services/carto/user_metadata_export_service_spec.rb index e2584aec47..e3afceb89e 100644 --- a/spec/services/carto/user_metadata_export_service_spec.rb +++ b/spec/services/carto/user_metadata_export_service_spec.rb @@ -72,7 +72,7 @@ describe Carto::UserMetadataExportService do @user.reload # Client Application tokens - sequel_user.client_application.access_tokens << ::AccessToken.new( + sequel_user.client_application.access_tokens << Carto::AccessToken.new( token: "access_token", secret: "access_secret", callback_url: "http://callback2", @@ -80,7 +80,7 @@ describe Carto::UserMetadataExportService do scope: nil, client_application_id: sequel_user.client_application.id ).save - sequel_user.client_application.oauth_tokens << ::Carto::OauthToken.create!( + sequel_user.client_application.oauth_tokens << Carto::OauthToken.create!( token: "oauth_token", secret: "oauth_secret", callback_url: "http//callback.com", diff --git a/spec/support/factories/access_tokens.rb b/spec/support/factories/access_tokens.rb index fc3be0f243..4a732df090 100644 --- a/spec/support/factories/access_tokens.rb +++ b/spec/support/factories/access_tokens.rb @@ -2,7 +2,7 @@ module CartoDB module Factories def new_access_token(attributes = {}) attributes = attributes.dup - AccessToken.new(attributes) + Carto::AccessToken.new(attributes) end def create_access_token(attributes = {})