Merge pull request #3 from cased/guard

Cased CLI integration
cased · Mar 3, 2021 · c6e7b3c · c6e7b3c
2 parents c8d3b36 + 7184712
commit c6e7b3c
Show file tree

Hide file tree

Showing 65 changed files with 719 additions and 59 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -27,6 +27,9 @@ Style/TrailingCommaInArguments:
 Metrics/CyclomaticComplexity:
   Enabled: false
 
+Metrics/ModuleLength:
+  Enabled: false
+
 Metrics/BlockLength:
   Enabled: false
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -2,66 +2,67 @@ PATH
   remote: .
   specs:
     cased-rails (0.3.1)
-      cased-ruby (~> 0.3.3)
+      cased-ruby (~> 0.4.0)
+      jbuilder (>= 2.0)
       rails (>= 6.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.1)
-      actionpack (= 6.1.1)
-      activesupport (= 6.1.1)
+    actioncable (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.1)
-      actionpack (= 6.1.1)
-      activejob (= 6.1.1)
-      activerecord (= 6.1.1)
-      activestorage (= 6.1.1)
-      activesupport (= 6.1.1)
+    actionmailbox (6.1.3)
+      actionpack (= 6.1.3)
+      activejob (= 6.1.3)
+      activerecord (= 6.1.3)
+      activestorage (= 6.1.3)
+      activesupport (= 6.1.3)
       mail (>= 2.7.1)
-    actionmailer (6.1.1)
-      actionpack (= 6.1.1)
-      actionview (= 6.1.1)
-      activejob (= 6.1.1)
-      activesupport (= 6.1.1)
+    actionmailer (6.1.3)
+      actionpack (= 6.1.3)
+      actionview (= 6.1.3)
+      activejob (= 6.1.3)
+      activesupport (= 6.1.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.1)
-      actionview (= 6.1.1)
-      activesupport (= 6.1.1)
+    actionpack (6.1.3)
+      actionview (= 6.1.3)
+      activesupport (= 6.1.3)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.1)
-      actionpack (= 6.1.1)
-      activerecord (= 6.1.1)
-      activestorage (= 6.1.1)
-      activesupport (= 6.1.1)
+    actiontext (6.1.3)
+      actionpack (= 6.1.3)
+      activerecord (= 6.1.3)
+      activestorage (= 6.1.3)
+      activesupport (= 6.1.3)
       nokogiri (>= 1.8.5)
-    actionview (6.1.1)
-      activesupport (= 6.1.1)
+    actionview (6.1.3)
+      activesupport (= 6.1.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.1)
-      activesupport (= 6.1.1)
+    activejob (6.1.3)
+      activesupport (= 6.1.3)
       globalid (>= 0.3.6)
-    activemodel (6.1.1)
-      activesupport (= 6.1.1)
-    activerecord (6.1.1)
-      activemodel (= 6.1.1)
-      activesupport (= 6.1.1)
-    activestorage (6.1.1)
-      actionpack (= 6.1.1)
-      activejob (= 6.1.1)
-      activerecord (= 6.1.1)
-      activesupport (= 6.1.1)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activerecord (6.1.3)
+      activemodel (= 6.1.3)
+      activesupport (= 6.1.3)
+    activestorage (6.1.3)
+      actionpack (= 6.1.3)
+      activejob (= 6.1.3)
+      activerecord (= 6.1.3)
+      activesupport (= 6.1.3)
       marcel (~> 0.3.1)
       mimemagic (~> 0.3.2)
-    activesupport (6.1.1)
+    activesupport (6.1.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -71,18 +72,22 @@ GEM
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.0)
     builder (3.2.4)
-    cased-ruby (0.3.3)
+    cased-ruby (0.4.0)
       activesupport (~> 6)
+      dotpath (= 0.1.0)
       faraday (~> 1.0)
       faraday_middleware (~> 1.0)
       json (~> 2)
+      jwt (~> 2)
       net-http-persistent (~> 3.0)
+      subprocess (~> 1.5.0)
     concurrent-ruby (1.1.8)
     connection_pool (2.2.3)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     crass (1.0.6)
     docile (1.3.2)
+    dotpath (0.1.0)
     erubi (1.10.0)
     faraday (1.3.0)
       faraday-net_http (~> 1.0)
@@ -94,10 +99,13 @@ GEM
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     hashdiff (1.0.1)
-    i18n (1.8.7)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
+    jbuilder (2.11.2)
+      activesupport (>= 5.0.0)
     json (2.5.1)
+    jwt (2.2.2)
     loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -109,12 +117,12 @@ GEM
     mimemagic (0.3.5)
     mini_mime (1.0.2)
     mini_portile2 (2.5.0)
-    minitest (5.14.3)
+    minitest (5.14.4)
     mocha (1.11.2)
     multipart-post (2.1.1)
     net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
-    nio4r (2.5.4)
+    nio4r (2.5.5)
     nokogiri (1.11.1)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
@@ -127,29 +135,29 @@ GEM
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.1.1)
-      actioncable (= 6.1.1)
-      actionmailbox (= 6.1.1)
-      actionmailer (= 6.1.1)
-      actionpack (= 6.1.1)
-      actiontext (= 6.1.1)
-      actionview (= 6.1.1)
-      activejob (= 6.1.1)
-      activemodel (= 6.1.1)
-      activerecord (= 6.1.1)
-      activestorage (= 6.1.1)
-      activesupport (= 6.1.1)
+    rails (6.1.3)
+      actioncable (= 6.1.3)
+      actionmailbox (= 6.1.3)
+      actionmailer (= 6.1.3)
+      actionpack (= 6.1.3)
+      actiontext (= 6.1.3)
+      actionview (= 6.1.3)
+      activejob (= 6.1.3)
+      activemodel (= 6.1.3)
+      activerecord (= 6.1.3)
+      activestorage (= 6.1.3)
+      activesupport (= 6.1.3)
       bundler (>= 1.15.0)
-      railties (= 6.1.1)
+      railties (= 6.1.3)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.1.1)
-      actionpack (= 6.1.1)
-      activesupport (= 6.1.1)
+    railties (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
       method_source
       rake (>= 0.8.7)
       thor (~> 1.0)
@@ -176,6 +184,7 @@ GEM
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
+    subprocess (1.5.4)
     thor (1.1.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)

diff --git a/app/assets/config/cased/manifest.js b/app/assets/config/cased/manifest.js
@@ -0,0 +1,2 @@
+//= link_tree ../../images/cased
+//= link_directory ../../javascripts/cased .js
diff --git a/app/assets/images/cased/favicon.ico b/app/assets/images/cased/favicon.ico
diff --git a/app/assets/images/cased/logo.png b/app/assets/images/cased/logo.png
diff --git a/app/assets/javascripts/cased/index.js b/app/assets/javascripts/cased/index.js
@@ -0,0 +1,75 @@
+//= require rails-ujs
+
+let windowReference = null;
+let previousUrl = null;
+let casedCreateSession = null;
+let casedLoggedInContainer = null;
+let casedLoggedOutContainer = null;
+let casedUser = null;
+
+// receiveMessage is the callback that is triggered when an authentication
+// response is received from the new window we opened.
+//
+// We use this callback to update the user information in the UI and show the
+// logged in container.
+const receiveMessage = (event) => {
+  if (!event.isTrusted) {
+    return;
+  }
+
+  const { user } = event.data;
+  casedUser.innerText = user;
+  if (casedCreateSession) {
+    casedCreateSession.submit();
+  } else {
+    casedLoggedInContainer.classList.remove("hidden");
+    casedLoggedOutContainer.classList.add("hidden");
+  }
+};
+
+// openSignInWindow is used to present the Cased sign in window.
+const openSignInWindow = (url) => {
+  window.removeEventListener("message", receiveMessage);
+  const windowFeatures =
+    "toolbar=no, menubar=no, width=600, height=700, top=50, left=200";
+
+  if (windowReference === null || windowReference.closed) {
+    windowReference = window.open(url, "Cased", windowFeatures);
+  } else if (previousUrl !== url) {
+    // If the window is already open and the previous URL was different, we need
+    // to load a new URL and refocus.
+    windowReference = window.open(url, "Cased", windowFeatures);
+    windowReference.focus();
+  } else {
+    windowReference.focus();
+  }
+
+  window.addEventListener("message", (event) => receiveMessage(event), false);
+  previousUrl = url;
+};
+
+window.addEventListener("DOMContentLoaded", (event) => {
+  // Global elements
+  casedCreateSession = document.getElementById("cased-create-session");
+  casedLoggedInContainer = document.getElementById("cased-logged-in");
+  casedLoggedOutContainer = document.getElementById("cased-logged-out");
+  casedUser = document.getElementById("cased-user");
+
+  // Local elements
+  const casedAuthenticate = document.getElementById("cased-authenticate");
+  if (casedAuthenticate) {
+    casedAuthenticate.addEventListener("click", (event) => {
+      event.preventDefault();
+
+      openSignInWindow(event.currentTarget.href);
+    });
+  }
+
+  const casedLogout = document.getElementById("cased-logout");
+  if (casedLogout) {
+    casedLogout.addEventListener("ajax:success", (_event) => {
+      casedLoggedInContainer.classList.add("hidden");
+      casedLoggedOutContainer.classList.remove("hidden");
+    });
+  }
+});
diff --git a/app/controllers/cased/authorizations_controller.rb b/app/controllers/cased/authorizations_controller.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Cased
+  class AuthorizationsController < ApplicationController
+    def create
+      self.cased_authorization = params[:token]
+    end
+
+    def destroy
+      self.cased_authorization = nil
+    end
+  end
+end
diff --git a/app/controllers/cased/cli/sessions_controller.rb b/app/controllers/cased/cli/sessions_controller.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Cased
+  module CLI
+    class SessionsController < ApplicationController
+      def show
+        guard_session = Cased::CLI::Session.find(params[:guard_session_id])
+
+        respond_to do |format|
+          format.html do
+            render partial: 'cased/cli/sessions/form', locals: { guard_session: guard_session }
+          end
+
+          format.json do
+            render partial: 'cased/cli/sessions/guard_session', locals: { guard_session: guard_session }
+          end
+        end
+      end
+
+      def cancel
+        guard_session = Cased::CLI::Session.find(params[:guard_session_id])
+        guard_session.cancel
+
+        respond_to do |format|
+          format.html do
+            safe_redirect_back
+          end
+
+          format.json do
+            render partial: 'cased/cli/sessions/guard_session', locals: { guard_session: guard_session }
+          end
+        end
+      end
+
+      private
+
+      def safe_redirect_back(allow_other_host: false, **args)
+        referer = params[:referer]
+        redirect_to_referer = referer && (allow_other_host || url_host_allowed?(referer))
+        redirect_to redirect_to_referer ? referer : guard_fallback_location, **args
+      end
+
+      def url_host_allowed?(url)
+        uri = URI(url.to_s)
+
+        # We're redirecting to a path on app.cased.com, that is okay.
+        return true if uri.host.blank?
+
+        uri.host == request.host
+      rescue ArgumentError, URI::Error
+        false
+      end
+    end
+  end
+end
diff --git a/app/helpers/cased_helper.rb b/app/helpers/cased_helper.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module CasedHelper
+  # Guarded parameters are the original parameters when the form was first
+  # submitted. These parameters need to be preserved.
+  def guarded_parameters(form)
+    form_params = params.except(:authenticity_token, :controller, :action)
+
+    safe_join render_guarded_parameters(form, form_params.to_unsafe_h)
+  end
+
+  def render_guarded_parameters(form, form_params, prefix = nil)
+    form_params.collect do |key, value|
+      case value
+      when Hash
+        render_guarded_parameters(form, value, key)
+      else
+        name = prefix ? "#{prefix}[#{key}]" : key
+        hidden_field_tag(name, value)
+      end
+    end
+  end
+end