Class: GitkitLib::GitkitClient

Inherits:

Object

• Object
• GitkitLib::GitkitClient

Defined in:

lib/gitkit_client.rb

Class Method Summary

• .create_from_config_file(file) ⇒ Object

  Create a client from json config file.

Instance Method Summary

• #build_oob_link(full_url, param, mode) ⇒ Object
• #change_email_request(param, user_ip, gitkit_token) ⇒ Object
• #delete_user(local_id) ⇒ Object

  Deletes a user account from Gitkit service.

• #email_change_response(oob_link, param) ⇒ Object
• #failure_msg(msg) ⇒ Object
• #get_all_users(max_results = 10) {|GitkitUser| ... } ⇒ Object

  Downloads all user accounts from Gitkit service.

• #get_certs ⇒ Object private

  Gets Gitkit public certs.

• #get_oob_result(full_url, param, user_ip, gitkit_token = nil) ⇒ Hash

  Get one-time out-of-band code for ResetPassword/ChangeEmail request.

• #get_user_by_email(email) ⇒ GitkitUser

  Gets user info by email.

• #get_user_by_id(id) ⇒ GitkitUser

  Gets user info by user id.

• #initialize(client_id, service_account_email, service_account_key, widget_url, server_api_key = nil) ⇒ GitkitClient constructor

  Initializes a GitkitClient.

• #password_reset_request(param, user_ip) ⇒ Object
• #password_reset_response(oob_link, param) ⇒ Object
• #upload_users(hash_algorithm, hash_key, accounts) ⇒ Object

  Uploads multiple accounts to Gitkit service.

• #verify_gitkit_token(token_string) ⇒ GitkitUser^?

  Verifies a Gitkit token.

Constructor Details

#initialize(client_id, service_account_email, service_account_key, widget_url, server_api_key = nil) ⇒ GitkitClient

Initializes a GitkitClient.

Parameters:

• client_id (String) —

  Google oauth2 web client id of this site

• service_account_email (String) —

  Google service account email

• service_account_key (String) —

  Google service account private p12 key

• widget_url (String) —

  url to host the Gitkit widget

• server_api_key (String) (defaults to: nil) —

  server-side Google API key

# File 'lib/gitkit_client.rb', line 47

def initialize(client_id, service_account_email, service_account_key,
    widget_url, server_api_key = nil)
  @client_id = client_id
  @widget_url = widget_url
  @rpc_helper = RpcHelper.new(service_account_email, service_account_key,
      server_api_key)
  @certificates = {}
end

Class Method Details

.create_from_config_file(file) ⇒ Object

Create a client from json config file

Parameters:

• file (String) —

  file name of the json-format config

# File 'lib/gitkit_client.rb', line 28

def self.create_from_config_file(file)
  config = JSON.parse File.open(file, 'rb') { |io| io.read }
  p12key = File.open(config['serviceAccountPrivateKeyFile'], 'rb') {
      |io| io.read }
  new(
      config['clientId'],
      config['serviceAccountEmail'],
      p12key,
      config['widgetUrl'],
      config['serverApiKey'])
end

Instance Method Details

#build_oob_link(full_url, param, mode) ⇒ Object

# File 'lib/gitkit_client.rb', line 206

def build_oob_link(full_url, param, mode)
  code = @rpc_helper.get_oob_code(param)
  if code
    oob_link = Addressable::URI.parse full_url
    oob_link.path = @widget_url
    oob_link.query_values = { 'mode' => mode, 'oobCode' => code}
    return oob_link.to_s
  end
  nil
end

#change_email_request(param, user_ip, gitkit_token) ⇒ Object

# File 'lib/gitkit_client.rb', line 196

def change_email_request(param, user_ip, gitkit_token)
  {
    'email' => param['oldEmail'],
    'newEmail' => param['newEmail'],
    'userIp' => user_ip,
    'idToken' => gitkit_token,
    'requestType' => 'NEW_EMAIL_ACCEPT'
  }
end

#delete_user(local_id) ⇒ Object

Deletes a user account from Gitkit service

Parameters:

• local_id (String) —

  user id to be deleted

# File 'lib/gitkit_client.rb', line 145

def delete_user(local_id)
  @rpc_helper.delete_account local_id
end

#email_change_response(oob_link, param) ⇒ Object

# File 'lib/gitkit_client.rb', line 221

def email_change_response(oob_link, param)
  {
    :oldEmail => param['email'],
    :newEmail => param['newEmail'],
    :oobLink => oob_link,
    :action => :CHANGE_EMAIL,
    :response_body => {'success' => true}.to_json
  }
end

#failure_msg(msg) ⇒ Object

# File 'lib/gitkit_client.rb', line 217

def failure_msg(msg)
  {:response_body => {'error' => msg}}.to_json
end

#get_all_users(max_results = 10) {|GitkitUser| ... } ⇒ Object

Downloads all user accounts from Gitkit service

Parameters:

• max_results (Fixnum) (defaults to: 10) —

  pagination size of each request

Yields:

• (GitkitUser) —

  individual user account

# File 'lib/gitkit_client.rb', line 118

def get_all_users(max_results = 10)
  next_page_token = nil
  while true
    next_page_token, accounts = @rpc_helper.download_account(
        next_page_token, max_results)
    accounts.each { |account|
      yield GitkitUser.parse_from_api_response account }
    if not next_page_token or accounts.length == 0
      break
    end
  end
end

#get_certs ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Gets Gitkit public certs

# File 'lib/gitkit_client.rb', line 92

def get_certs
  @rpc_helper.get_gitkit_certs()
end

#get_oob_result(full_url, param, user_ip, gitkit_token = nil) ⇒ Hash

Get one-time out-of-band code for ResetPassword/ChangeEmail request

}

Parameters:

• full_url (String) —

  the full URL of incoming request

• param (Hash{String=>String}) —

  dict of HTTP POST params

• user_ip (String) —

  end user’s IP address

• gitkit_token (String) (defaults to: nil) —

  the gitkit token if user logged in

Returns:

• (Hash) —

  { email: user email who is asking reset password oobLink: the generated link to be send to user’s email action: OobAction response_body: the http body to be returned

# File 'lib/gitkit_client.rb', line 162

def get_oob_result(full_url, param, user_ip, gitkit_token=nil)
  if param.has_key? 'action'
    begin
      if param['action'] == 'resetPassword'
        oob_link = build_oob_link(full_url,
            password_reset_request(param, user_ip),
            param['action'])
        return password_reset_response(oob_link, param)
      elsif param['action'] == 'changeEmail'
        unless gitkit_token
          return failure_msg('login is required')
        end
        oob_link = build_oob_link(full_url,
            change_email_request(param, user_ip, gitkit_token),
            param['action'])
        return email_change_response(oob_link, param)
      end
    rescue GitkitClientError => error
      return failure_msg(error.message)
    end
  end
  failure_msg('unknown request type')
end

#get_user_by_email(email) ⇒ GitkitUser

Gets user info by email

Parameters:

• email (String) —

  user email

Returns:

• (GitkitUser) —

  for the email

# File 'lib/gitkit_client.rb', line 100

def get_user_by_email(email)
  response = @rpc_helper.get_user_by_email email
  GitkitUser.parse_from_api_response response.fetch('users', [{}])[0]
end

#get_user_by_id(id) ⇒ GitkitUser

Gets user info by user id

Parameters:

• id (String) —

  user id

Returns:

• (GitkitUser) —

  for the id

# File 'lib/gitkit_client.rb', line 109

def get_user_by_id(id)
  response = @rpc_helper.get_user_by_id id
  GitkitUser.parse_from_api_response response.fetch('users', [{}])[0]
end

#password_reset_request(param, user_ip) ⇒ Object

# File 'lib/gitkit_client.rb', line 186

def password_reset_request(param, user_ip)
  {
    'email' => param['email'],
    'userIp' => user_ip,
    'challenge' => param['challenge'],
    'captchaResp' => param['response'],
    'requestType' => 'PASSWORD_RESET'
  }
end

#password_reset_response(oob_link, param) ⇒ Object

# File 'lib/gitkit_client.rb', line 231

def password_reset_response(oob_link, param)
  {
    :email => param['email'],
    :oobLink => oob_link,
    :action => :RESET_PASSWORD,
    :response_body => {'success' => true}.to_json
  }
end

#upload_users(hash_algorithm, hash_key, accounts) ⇒ Object

Uploads multiple accounts to Gitkit service

Parameters:

• hash_algorithm (String) —

  password hash algorithm

• hash_key (String) —

  key of the hash algorithm

• accounts (Array<GitkitUser>) —

  user accounts to be uploaded

# File 'lib/gitkit_client.rb', line 136

def upload_users(hash_algorithm, hash_key, accounts)
  account_request = accounts.collect { |account| account.to_request }
  @rpc_helper.upload_account hash_algorithm, JWT.base64url_encode(hash_key),
      account_request
end

#verify_gitkit_token(token_string) ⇒ GitkitUser^?

Verifies a Gitkit token

error_message.

Parameters:

• token_string (String) —

  the token to be verified

Returns:

• (GitkitUser, nil) —

  for valid token, [nil, String] otherwise with

# File 'lib/gitkit_client.rb', line 61

def verify_gitkit_token(token_string)
  if token_string.nil?
    return nil, 'no token'
  end
  begin
    parsed_token, _ = JWT.decode(token_string, nil, true) {|header|
      # key finder
      key_id = header['kid']
      unless @certificates.has_key? key_id
        @certificates = Hash[get_certs.map {|key,cert|
            [key, OpenSSL::X509::Certificate.new(cert)]}]
      end
      @certificates[key_id].public_key
    }
    # check expiration time
    if Time.new.to_i > parsed_token['exp']
      return nil, 'token expired'
    end
    # check audience
    if parsed_token['aud'] != @client_id
      return nil, 'audience mismatch'
    end
    GitkitUser.parse_from_api_response parsed_token
  rescue JWT::DecodeError => e
    return nil, e.message
  end
end