add authorization

Spencer Alan
1 parent abc6e60e
Showing 4 changed files with 88 additions and 2 deletions Show diff stats
app/controllers/concerns/scim_rails/exception_handler.rb
app/controllers/concerns/scim_rails/response.rb
app/controllers/scim_rails/application_controller.rb
app/models/scim_rails/authorize_api_request.rb
@@ -0,0 +1,29 @@
+module ScimRails
+  module ExceptionHandler
+    extend ActiveSupport::Concern
+
+    class MissingCredentials < StandardError
+    end
+
+    class InvalidCredentials < StandardError
+    end
+
+    included do
+      rescue_from ScimRails::ExceptionHandler::InvalidCredentials do
+        scim_response({ message: "Invalid credentials" }, :unauthorized)
+      end
+
+      rescue_from ScimRails::ExceptionHandler::MissingCredentials do
+        scim_response({ message: "Missing credentials" }, :unauthorized)
+      end
+
+      rescue_from ActiveRecord::RecordNotFound do |e|
+        scim_response({ message: e.message }, :not_found)
+      end
+
+      rescue_from ActiveRecord::RecordInvalid do |e|
+        scim_response({ message: e.message }, :unprocessable_entity)
+      end
+    end
+  end
+end
@@ -0,0 +1,7 @@
+module ScimRails
+  module Response
+    def scim_response(object, status = :ok)
+      render(json: object, status: status)
+    end
+  end
+end
 module ScimRails
-  class ApplicationController < ActionController::Base
-    protect_from_forgery with: :exception
+  class ApplicationController < ActionController::API
+    include ActionController::HttpAuthentication::Basic::ControllerMethods
+    include ExceptionHandler
+    include Response
+
+    before_action :authorize_request
+
+    private
+
+    def authorize_request
+      authenticate_with_http_basic do |username, password|
+        authorization = AuthorizeApiRequest.new(
+          subdomain: username,
+          api_key: password
+        )
+        @company = authorization.company
+      end
+    end
   end
 end
@@ -0,0 +1,34 @@
+module ScimRails
+  class AuthorizeApiRequest
+
+    def initialize(subdomain:, api_key:)
+      @subdomain = subdomain
+      @api_key = api_key
+
+      raise ScimRails::ExceptionHandler::MissingCredentials if subdomain.blank? || api_key.blank?
+    end
+
+    def company
+      company = find_company
+      authorize(company)
+      company
+    end
+
+    private
+
+    attr_reader :subdomain
+    attr_reader :api_key
+
+    def find_company
+      @company ||= Company.find_by!(subdomain: subdomain)
+
+    rescue ActiveRecord::RecordNotFound
+      raise ScimRails::ExceptionHandler::InvalidCredentials
+    end
+
+    def authorize(company)
+      authorized = ActiveSupport::SecurityUtils::secure_compare(company.api_key, api_key)
+      raise ScimRails::ExceptionHandler::InvalidCredentials unless authorized
+    end
+  end
+end
@@ -0,0 +1,29 @@		@@ -0,0 +1,29 @@
	1	+module ScimRails
	2	+ module ExceptionHandler
	3	+ extend ActiveSupport::Concern
	4	+
	5	+ class MissingCredentials < StandardError
	6	+ end
	7	+
	8	+ class InvalidCredentials < StandardError
	9	+ end
	10	+
	11	+ included do
	12	+ rescue_from ScimRails::ExceptionHandler::InvalidCredentials do
	13	+ scim_response({ message: "Invalid credentials" }, :unauthorized)
	14	+ end
	15	+
	16	+ rescue_from ScimRails::ExceptionHandler::MissingCredentials do
	17	+ scim_response({ message: "Missing credentials" }, :unauthorized)
	18	+ end
	19	+
	20	+ rescue_from ActiveRecord::RecordNotFound do \|e\|
	21	+ scim_response({ message: e.message }, :not_found)
	22	+ end
	23	+
	24	+ rescue_from ActiveRecord::RecordInvalid do \|e\|
	25	+ scim_response({ message: e.message }, :unprocessable_entity)
	26	+ end
	27	+ end
	28	+ end
	29	+end
@@ -0,0 +1,7 @@		@@ -0,0 +1,7 @@
	1	+module ScimRails
	2	+ module Response
	3	+ def scim_response(object, status = :ok)
	4	+ render(json: object, status: status)
	5	+ end
	6	+ end
	7	+end
1	module ScimRails	1	module ScimRails
2	- class ApplicationController < ActionController::Base
3	- protect_from_forgery with: :exception	2	+ class ApplicationController < ActionController::API
		3	+ include ActionController::HttpAuthentication::Basic::ControllerMethods
		4	+ include ExceptionHandler
		5	+ include Response
		6	+
		7	+ before_action :authorize_request
		8	+
		9	+ private
		10	+
		11	+ def authorize_request
		12	+ authenticate_with_http_basic do \|username, password\|
		13	+ authorization = AuthorizeApiRequest.new(
		14	+ subdomain: username,
		15	+ api_key: password
		16	+ )
		17	+ @company = authorization.company
		18	+ end
		19	+ end
4	end	20	end
5	end	21	end
@@ -0,0 +1,34 @@		@@ -0,0 +1,34 @@
	1	+module ScimRails
	2	+ class AuthorizeApiRequest
	3	+
	4	+ def initialize(subdomain:, api_key:)
	5	+ @subdomain = subdomain
	6	+ @api_key = api_key
	7	+
	8	+ raise ScimRails::ExceptionHandler::MissingCredentials if subdomain.blank? \|\| api_key.blank?
	9	+ end
	10	+
	11	+ def company
	12	+ company = find_company
	13	+ authorize(company)
	14	+ company
	15	+ end
	16	+
	17	+ private
	18	+
	19	+ attr_reader :subdomain
	20	+ attr_reader :api_key
	21	+
	22	+ def find_company
	23	+ @company \|\|= Company.find_by!(subdomain: subdomain)
	24	+
	25	+ rescue ActiveRecord::RecordNotFound
	26	+ raise ScimRails::ExceptionHandler::InvalidCredentials
	27	+ end
	28	+
	29	+ def authorize(company)
	30	+ authorized = ActiveSupport::SecurityUtils::secure_compare(company.api_key, api_key)
	31	+ raise ScimRails::ExceptionHandler::InvalidCredentials unless authorized
	32	+ end
	33	+ end
	34	+end