Class: GitkitLib::GitkitClient

Inherits:
Object
  • Object
show all
Defined in:
lib/gitkit_client.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client_id, service_account_email, service_account_key, widget_url, server_api_key = nil, project_id = nil) ⇒ GitkitClient

Initializes a GitkitClient.

Parameters:

  • client_id (String)

    Google oauth2 web client id of this site

  • service_account_email (String)

    Google service account email

  • service_account_key (String)

    Google service account private p12 key

  • widget_url (String)

    full url to host the Gitkit widget

  • server_api_key (String) (defaults to: nil)

    server-side Google API key

  • project_id (String) (defaults to: nil)

    Google developer console project id



49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/gitkit_client.rb', line 49

def initialize(client_id, , ,
    widget_url, server_api_key = nil, project_id = nil)
  @client_id = client_id
  @project_id = project_id
  if @project_id.nil? and @client_id.nil?
    raise GitkitClientError, 'Missing projectId or clientId in server configuration.'
  end
  @widget_url = widget_url
  @rpc_helper = RpcHelper.new(, ,
      server_api_key)
  @certificates = {}
end

Class Method Details

.create_from_config_file(file) ⇒ Object

Create a client from json config file

Parameters:

  • file (String)

    file name of the json-format config



28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/gitkit_client.rb', line 28

def self.create_from_config_file(file)
  config = MultiJson.load File.open(file, 'rb') { |io| io.read }
  p12key = File.open(config['serviceAccountPrivateKeyFile'], 'rb') {
      |io| io.read }
  new(
      config['clientId'],
      config['serviceAccountEmail'],
      p12key,
      config['widgetUrl'],
      config['serverApiKey'],
      config['projectId'])
end

Instance Method Details



224
225
226
227
228
229
230
231
232
 
# File 'lib/gitkit_client.rb', line 224

def build_oob_link(param, mode)
  code = @rpc_helper.get_oob_code(param)
  if code
    oob_link = Addressable::URI.parse @widget_url
    oob_link.query_values = { 'mode' => mode, 'oobCode' => code}
    return oob_link.to_s
  end
  nil
end

#change_email_request(param, user_ip, gitkit_token) ⇒ Object 



214
215
216
217
218
219
220
221
222
 
# File 'lib/gitkit_client.rb', line 214

def change_email_request(param, user_ip, gitkit_token)
  {
    'email' => param['oldEmail'],
    'newEmail' => param['newEmail'],
    'userIp' => user_ip,
    'idToken' => gitkit_token,
    'requestType' => 'NEW_EMAIL_ACCEPT'
  }
end

#delete_user(local_id) ⇒ Object

Deletes a user account from Gitkit service

Parameters:

  • local_id (String)

    user id to be deleted



151
152
153
 
# File 'lib/gitkit_client.rb', line 151

def delete_user(local_id)
  @rpc_helper. local_id
end

#email_change_response(oob_link, param) ⇒ Object 



238
239
240
241
242
243
244
245
246
 
# File 'lib/gitkit_client.rb', line 238

def email_change_response(oob_link, param)
  {
    :oldEmail => param['email'],
    :newEmail => param['newEmail'],
    :oobLink => oob_link,
    :action => :CHANGE_EMAIL,
    :response_body => MultiJson.dump({'success' => true})
  }
end

#failure_msg(msg) ⇒ Object 



234
235
236
 
# File 'lib/gitkit_client.rb', line 234

def failure_msg(msg)
  {:response_body => MultiJson.dump({'error' => msg})}
end

#get_all_users(max_results = 10) {|GitkitUser| ... } ⇒ Object

Downloads all user accounts from Gitkit service

Parameters:

  • max_results (Fixnum) (defaults to: 10)

    pagination size of each request

Yields:



124
125
126
127
128
129
130
131
132
133
134
135
 
# File 'lib/gitkit_client.rb', line 124

def get_all_users(max_results = 10)
  next_page_token = nil
  while true
    next_page_token, accounts = @rpc_helper.(
        next_page_token, max_results)
    accounts.each { ||
      yield GitkitUser.parse_from_api_response  }
    if not next_page_token or accounts.length == 0
      break
    end
  end
end

#get_certsObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Gets Gitkit public certs



98
99
100
 
# File 'lib/gitkit_client.rb', line 98

def get_certs
  @rpc_helper.get_gitkit_certs()
end

#get_email_verification_link(email) ⇒ String

Get one-time code to verify user email

Parameters:

  • email (String)

    end user’s email to be verified

Returns:

  • (String)

    the generated link to be send to user’s email



196
197
198
199
200
201
202
 
# File 'lib/gitkit_client.rb', line 196

def get_email_verification_link(email)
  param = {
    'email' => email,
    'requestType' => 'VERIFY_EMAIL'
  }
  build_oob_link(param, "verifyEmail")
end

#get_oob_result(param, user_ip, gitkit_token = nil) ⇒ Hash

Get one-time out-of-band code for ResetPassword/ChangeEmail request

}

Parameters:

  • param (Hash{String=>String})

    dict of HTTP POST params

  • user_ip (String)

    end user’s IP address

  • gitkit_token (String) (defaults to: nil)

    the gitkit token if user logged in

Returns:

  • (Hash)

    { email: user email who is asking reset password oobLink: the generated link to be send to user’s email action: OobAction response_body: the http body to be returned



167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'lib/gitkit_client.rb', line 167

def get_oob_result(param, user_ip, gitkit_token=nil)
  if param.has_key? 'action'
    begin
      if param['action'] == 'resetPassword'
        oob_link = build_oob_link(
            password_reset_request(param, user_ip),
            param['action'])
        return password_reset_response(oob_link, param)
      elsif param['action'] == 'changeEmail'
        unless gitkit_token
          return failure_msg('login is required')
        end
        oob_link = build_oob_link(
            change_email_request(param, user_ip, gitkit_token),
            param['action'])
        return email_change_response(oob_link, param)
      end
    rescue GitkitClientError => error
      return failure_msg(error.message)
    end
  end
  failure_msg('unknown request type')
end

#get_user_by_email(email) ⇒ GitkitUser

Gets user info by email

Parameters:

  • email (String)

    user email

Returns:



106
107
108
109
 
# File 'lib/gitkit_client.rb', line 106

def get_user_by_email(email)
  response = @rpc_helper.get_user_by_email email
  GitkitUser.parse_from_api_response response.fetch('users', [{}])[0]
end

#get_user_by_id(id) ⇒ GitkitUser

Gets user info by user id

Parameters:

  • id (String)

    user id

Returns:



115
116
117
118
 
# File 'lib/gitkit_client.rb', line 115

def get_user_by_id(id)
  response = @rpc_helper.get_user_by_id id
  GitkitUser.parse_from_api_response response.fetch('users', [{}])[0]
end

#password_reset_request(param, user_ip) ⇒ Object 



204
205
206
207
208
209
210
211
212
 
# File 'lib/gitkit_client.rb', line 204

def password_reset_request(param, user_ip)
  {
    'email' => param['email'],
    'userIp' => user_ip,
    'challenge' => param['challenge'],
    'captchaResp' => param['response'],
    'requestType' => 'PASSWORD_RESET'
  }
end

#password_reset_response(oob_link, param) ⇒ Object 



248
249
250
251
252
253
254
255
 
# File 'lib/gitkit_client.rb', line 248

def password_reset_response(oob_link, param)
  {
    :email => param['email'],
    :oobLink => oob_link,
    :action => :RESET_PASSWORD,
    :response_body => MultiJson.dump({'success' => true})
  }
end

#upload_users(hash_algorithm, hash_key, accounts) ⇒ Object

Uploads multiple accounts to Gitkit service

Parameters:

  • hash_algorithm (String)

    password hash algorithm

  • hash_key (String)

    key of the hash algorithm

  • accounts (Array<GitkitUser>)

    user accounts to be uploaded



142
143
144
145
146
 
# File 'lib/gitkit_client.rb', line 142

def upload_users(hash_algorithm, hash_key, accounts)
   = accounts.collect { || .to_request }
  @rpc_helper. hash_algorithm, JWT.base64url_encode(hash_key),
      
end

#verify_gitkit_token(token_string) ⇒ GitkitUser?

Verifies a Gitkit token

error_message.

Parameters:

  • token_string (String)

    the token to be verified

Returns:

  • (GitkitUser, nil)

    for valid token, [nil, String] otherwise with



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/gitkit_client.rb', line 67

def verify_gitkit_token(token_string)
  if token_string.nil?
    return nil, 'no token'
  end
  begin
    key_finder = lambda {|header|
      key_id = header['kid']
      unless @certificates.has_key? key_id
        @certificates = Hash[get_certs.map {|key,cert|
            [key, OpenSSL::X509::Certificate.new(cert)]}]
      end
      @certificates[key_id].public_key }
    parsed_token, _ = JWT.decode(token_string, nil, true, &key_finder)
    # check expiration time
    if Time.new.to_i > parsed_token['exp']
      return nil, 'token expired'
    end
    # check audience
    if parsed_token['aud'] == @project_id or parsed_token['aud'] == @client_id
      GitkitUser.parse_from_api_response parsed_token
    else
      return nil, "Gitkit token audience(#{parsed_token['aud']}) doesn't match projectId or clientId in server configuration"
    end
  rescue JWT::DecodeError => e
    return nil, e.message
  end
end