Module: ShopliftClient

Extended by:

ActiveSupport::Concern

Includes:

Shopapp3

Included in:

ApiController, AuthController, ShopappLoginController, UserAuthenticatedController, UserAuthenticatedOrApiController

Defined in:

app/controllers/concerns/shoplift_client.rb

Instance Method Summary

• #authenticate_company!(soft = false) ⇒ Object
• #authenticate_user ⇒ Object
• #authenticate_user!(skip_landing_page = false) ⇒ Object
• #authenticate_user_or_api! ⇒ Object
• #client ⇒ Object
• #company_info(company_id = nil) ⇒ Object
• #company_logo_path_defined ⇒ Object
• #current_auditor ⇒ Object
• #current_company ⇒ Object
• #current_user ⇒ Object
• #current_user_json ⇒ Object
• #find_company_by_code(code, parameters = {}) ⇒ Object
• #get(url, params = {}) ⇒ Object
• #handle_not_authorized(message) ⇒ Object
• #hide_search_for_this_action ⇒ Object
• #home_link_path ⇒ Object
• #local_authlift_redirect_uri ⇒ Object
• #post(url, params) ⇒ Object

  To create/update a model, params must be of form { model_name: { attr1: value1, attr2: value2 } } and attr1, attr2 must be in the list of allowed params the Rails way.

• #redirect_unauthorized(skip_landing_page = false) ⇒ Object
• #scope ⇒ Object
• #search_remote ⇒ Object
• #session_cookie ⇒ Object
• #session_cookie=(new_value) ⇒ Object
• #shoplift_login_url ⇒ Object
• #show_search_for_this_action(params = {}) ⇒ Object
• #srv ⇒ Object
• #supported_locales_defined ⇒ Object
• #user_signed_in? ⇒ Boolean

Methods included from Shopapp3

#sidebar_actions_list

Instance Method Details

#authenticate_company!(soft = false) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 218

def authenticate_company!(soft = false)
  return true if authenticate_user

  @api_key = if params['key'].present?
               params['key'].match(/[0-9a-f]+/).to_s
             elsif request.headers['AUTHORIZATION'].present? && !request.headers['AUTHORIZATION'].include?('Basic')
               request.headers['AUTHORIZATION'].gsub(/^Bearer ?/, '')
             else
               Rails.configuration.settings['authlift_default_app_key']
             end

  if @api_key.blank?
    return false if soft
    handle_not_authorized 'Authentication token missing'
  end

  response = srv.post 'auth/api_key',
                      body: {
                        api_key: api_key,
                        requested_action: "#{self.controller_name}##{self.action_name}"
                      }

  if response.blank?
    return false if soft
    handle_not_authorized 'Request not authorized'
  end

  @authentication = JSON.parse response.body
  find_company_by_code authentication['company']
  true
end

#authenticate_user ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 168

def authenticate_user
  if session_cookie.present?
    @token = OAuth2::AccessToken.new client, session_cookie, scope: scope
    begin
      x = srv.get '/api/users/profile'
      @current_user_json_hash = @current_user = JSON.parse x.response.body

      unless @current_user['scopes'].is_a? String
        user_scopes = @current_user['scopes']
      else
        user_scopes = JSON.parse @current_user['scopes']
      end
      unless user_scopes.include? 'admin'
        (self.class.required_scopes || []).each do |required_scope|
          unless user_scopes.include? required_scope
            render(file: 'shopapp/403.html', status: 403, layout: false, locals: { missing_scope: required_scope })
            return false
          end
        end
      end
      find_company_by_code current_user['company']['code'],
                           name: current_user['company']['name'],
                           logo_code: current_user['company']['logo_code']
    rescue OAuth2::Error
      return false
    end
  else
    return false
  end
  true
end

#authenticate_user!(skip_landing_page = false) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 200

def authenticate_user!(skip_landing_page = false)
  redirect_unauthorized(skip_landing_page) unless authenticate_user
end

#authenticate_user_or_api! ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 204

def authenticate_user_or_api!
  unless authenticate_company!(true)
    redirect_unauthorized
  end
end

#client ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 301

def client
  @oauth ||= OAuth2::Client.new Rails.configuration.settings['authlift_app_id'],
                                Rails.configuration.settings['authlift_app_secret'],
                                site: Rails.configuration.settings['authlift_url']
end

#company_info(company_id = nil) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 54

def company_info(company_id = nil)
  @company_info ||= {}
  return @company_info[company_id] if @company_info[company_id].present?

  @company_info[company_id] = JSON.parse srv.get(['/api/users/company_info', company_id].compact.join '/').body
  ["clients", "suppliers"].each do |partner_type|
    @company_info[company_id][partner_type].each do |partner|
      partner[:company] = Company.find_or_create_by! code: partner['code']
      partner[:company].name = partner['name']
      partner[:company].info ||= {}

      # Very ugly bugfix: investigate how comes this is string in the first place
      if partner[:company].info.is_a? String
        begin
          partner[:company].info = JSON.parse(partner[:company].info)
        rescue
        end
      end

      partner[:company].info['company_info'] = partner['info']
      partner[:company].save!
    end
  end
  @company_info[company_id]
end

#company_logo_path_defined ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 307

def company_logo_path_defined
  if defined? self.company_logo_path
    company_logo_path
  else
    "https://media.shoplift.fi/company_logos/#{@current_user_json_hash['company']['logo_code']}_company_logo_24.png"
  end
end

#current_auditor ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 254

def current_auditor
  current_user.to_h['email']
end

#current_company ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 264

def current_company
end

#current_user ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 258

def current_user
  return @current_user if @current_user.present?

  @current_user
end

#current_user_json ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 250

def current_user_json
  current_user.to_json
end

#find_company_by_code(code, parameters = {}) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 140

def find_company_by_code(code, parameters = {})
  begin
    @current_company ||= Company.find_or_create_by! code: code do |new_company|
      fail if parameters.empty?
      new_company.name = parameters[:name]
      # following is an ugly yet backwards conpatible and safe way to store
      # the company info if and in the best way possible, until all the apps
      # are updated to have json there.
      case new_company.column_for_attribute('info').type
      when :json
        new_company.info = parameters
      when :string
        new_company.info = parameters.to_json
      end
    end
  rescue ActiveRecord::StatementInvalid
    if $!.cause.is_a? PG::UndefinedTable
      fail <<-ERROR.strip_heredoc
        You have not defined a company, and that is compulsory even if
        you are not planning to add any additional fields. You do not
        need to seed it, so following is enough forever:

            rails g model company code:string name:string info:json; rake db:migrate
      ERROR
    end
  end
end

#get(url, params = {}) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 285

def get(url, params = {})
  puts 'co_cli: get'
  puts "url: #{url}"
  puts "params: #{params}"
  response = srv.request(:get, url, body: params)
  JSON.parse(response.body)
rescue OAuth2::Error
  raise "Server fault, could not perform post to #{srv.client.site}#{url}"
rescue
  raise "Unknown error, could not perform post to #{srv.client.site}#{url}"
end

#handle_not_authorized(message) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 210

def handle_not_authorized(message)
  if request.format.html?
    redirect_unauthorized
  else
    fail ActionController::RoutingError, message
  end
end

#hide_search_for_this_action ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 80

def hide_search_for_this_action
  @do_hide_search_for_this_action = true
end

#home_link_path ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 323

def home_link_path
  root_path
end

#local_authlift_redirect_uri ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 103

def local_authlift_redirect_uri
  if respond_to? :app_authlift_redirect_uri
    app_authlift_redirect_uri
  else
    Rails.configuration.settings['authlift_redirect_uri']
  end
end

#post(url, params) ⇒ Object

To create/update a model, params must be of form { model_name: { attr1: value1, attr2: value2 } } and attr1, attr2 must be in the list of allowed params the Rails way.

# File 'app/controllers/concerns/shoplift_client.rb', line 273

def post(url, params)
  puts 'co_cli: post'
  puts "url: #{url}"
  puts "params: #{params}"
  response = srv.request(:post, url, body: params)
  JSON.parse(response.body)
rescue OAuth2::Error
  raise "Server fault, could not perform post to #{srv.client.site}#{url}"
rescue
  raise "Unknown error, could not perform post to #{srv.client.site}#{url}"
end

#redirect_unauthorized(skip_landing_page = false) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 124

def redirect_unauthorized(skip_landing_page = false)
  return if performed?
  session.clear
  session[:previous_url] = request.fullpath

  if Rails.configuration.settings['use_welcome_screen'].present? && !skip_landing_page
    redirect_to login_message_path
  else
    redirect_to shoplift_login_url
  end
end

#scope ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 136

def scope
  [Rails.configuration.settings['authlift_default_scope'], 'public'].compact.join ' '
end

#search_remote ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 84

def search_remote
  @search_remote || false
end

#session_cookie ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 95

def session_cookie
  session["authlift_session_id"]
end

#session_cookie=(new_value) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 99

def session_cookie=(new_value)
  session["authlift_session_id"] = new_value
end

#shoplift_login_url ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 111

def shoplift_login_url
  redirect_parameters = {
    redirect_uri: local_authlift_redirect_uri,
    scope: scope
  }

  if cookies[:set_i18n_pub]
    redirect_parameters[:set_i18n_pub] = cookies[:set_i18n_pub]
  end

  client.auth_code.authorize_url(redirect_parameters)
end

#show_search_for_this_action(params = {}) ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 88

def show_search_for_this_action(params = {})
  @do_hide_search_for_this_action = false
  @search_placeholder = params[:placeholder] if params[:placeholder].present?
  @search_path = params[:search_path] if params[:search_path].present?
  @search_remote = params[:search_remote] if params[:search_remote].present?
end

#srv ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 297

def srv
  @token ||= client.client_credentials.get_token scope: scope
end

#supported_locales_defined ⇒ Object

# File 'app/controllers/concerns/shoplift_client.rb', line 315

def supported_locales_defined
  if defined? self.supported_locales
    supported_locales
  else
    []
  end
end

#user_signed_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/concerns/shoplift_client.rb', line 267

def user_signed_in?
  !current_user.nil?
end