From 14c883c9087d44a2c383ce3ca8a7614774433e70 Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Fri, 24 May 2024 13:41:31 +0200 Subject: [PATCH 1/9] Remove dependency on Rails secrets --- README.md | 24 ------------------------ spec/rails_app/config/secrets.yml | 10 ---------- 2 files changed, 34 deletions(-) delete mode 100644 spec/rails_app/config/secrets.yml diff --git a/README.md b/README.md index 2b1e646..289c2c8 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ InfinumAzure Engine is gem for resource authentication with Infinum Azure AD ser - [Dependencies](#dependencies) - [Configuration](#configuration) * [InfinumAzure](#infinumazure) - * [Secrets](#secrets) - [Usage](#usage) ## Installation @@ -66,29 +65,6 @@ Configuration options: * `groups` - string || null -> a comma separated list; if "employees" is present, the user is an employee * `deactivated` - boolean -### Secrets - -Secrets should be kept in `config/secrets.yml` file. - -Required ones are: - -```ruby -# config/secrets.yml - -infinum_azure: - client_id: 'client_id_from_InfinumAzure' - client_secret: 'client_secret_from_InfinumAzure' - domain: 'https://login.b2c.com' - tenant: 'InfinumAzure_tenant' -``` - -Optional ones are: - -```ruby -infinum_azure: - users_auth_url: 'InfinumAzure_users_auth_url_with_api_code' # required only if infinum_azure:migrate_users rake task is used -``` - ## Usage 1. Add columns to resource via migration. diff --git a/spec/rails_app/config/secrets.yml b/spec/rails_app/config/secrets.yml deleted file mode 100644 index 5d045e4..0000000 --- a/spec/rails_app/config/secrets.yml +++ /dev/null @@ -1,10 +0,0 @@ -default: &default - -test: - <<: *default - infinum_azure: - client_id: 'vault_client_id' - client_secret: 'vault_client_secret' - domain: 'https://login.b2c.com' - tenant: 'infinumtest' - users_auth_url: 'http://example_api_url_with_users.com' From bdeafa65cab60d034cee0ae69edcaec862ea45ff Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Fri, 24 May 2024 13:43:57 +0200 Subject: [PATCH 2/9] Remove defaults module --- lib/infinum_azure.rb | 35 ----------- lib/infinum_azure/config.rb | 7 --- lib/infinum_azure/defaults.rb | 28 --------- spec/infinum_azure_spec.rb | 81 ------------------------- spec/lib/infinum_azure/defaults_spec.rb | 20 ------ 5 files changed, 171 deletions(-) delete mode 100644 lib/infinum_azure/defaults.rb delete mode 100644 spec/lib/infinum_azure/defaults_spec.rb diff --git a/lib/infinum_azure.rb b/lib/infinum_azure.rb index b8ff0b0..a19d1be 100644 --- a/lib/infinum_azure.rb +++ b/lib/infinum_azure.rb @@ -3,7 +3,6 @@ require 'omniauth/infinum_azure' require 'infinum_azure/version' require 'infinum_azure/engine' -require 'infinum_azure/defaults' require 'infinum_azure/config' require 'devise' @@ -14,51 +13,17 @@ class << self def configure yield config if block_given? - ensure_all_attributes_present! end def config @config ||= Config.new end - def ensure_all_attributes_present! - Defaults.all_attribute_names.each do |attribute| - raise Error, "InfinumAzure attribute '@#{attribute}' not set" if config.public_send(attribute).blank? - end - end - - delegate(*Defaults.all_attribute_names, to: :config) - def provider to_s.underscore end def resource_class - resource_name.constantize - end - - def client_id - dig_secret(:client_id) - end - - def client_secret - dig_secret(:client_secret) - end - - def domain - dig_secret(:domain) - end - - def tenant - dig_secret(:tenant) - end - - def users_auth_url - dig_secret(:users_auth_url) - end - - def dig_secret(key) - Rails.application.secrets.dig(:infinum_azure, key) end end end diff --git a/lib/infinum_azure/config.rb b/lib/infinum_azure/config.rb index 3025b3e..86eaa8d 100644 --- a/lib/infinum_azure/config.rb +++ b/lib/infinum_azure/config.rb @@ -2,12 +2,5 @@ module InfinumAzure class Config - Defaults.all_attributes.each do |attr, value| - attr_writer attr - - define_method(attr) do - instance_variable_set(:"@#{attr}", instance_variable_get(:"@#{attr}") || value) - end - end end end diff --git a/lib/infinum_azure/defaults.rb b/lib/infinum_azure/defaults.rb deleted file mode 100644 index 26000b4..0000000 --- a/lib/infinum_azure/defaults.rb +++ /dev/null @@ -1,28 +0,0 @@ -# frozen_string_literal: true - -module InfinumAzure - module Defaults - REQUIRED = { - service_name: nil, - resource_name: nil - }.freeze - OPTIONAL = { - resource_attributes: [ - :uid, :email, :first_name, :last_name, :avatar_url, :deactivated_at, :provider_groups, :employee - ], - user_migration_scope: -> { InfinumAzure.resource_class.where(provider: 'infinum_id') }, - user_migration_operation: lambda { |record, resource| - record.update_attribute(:provider, 'infinum_azure') # rubocop:disable Rails/SkipsModelValidations - record.update_attribute(:uid, resource['uid']) # rubocop:disable Rails/SkipsModelValidations - } - }.freeze - - def self.all_attribute_names - REQUIRED.keys + OPTIONAL.keys - end - - def self.all_attributes - REQUIRED.merge(OPTIONAL) - end - end -end diff --git a/spec/infinum_azure_spec.rb b/spec/infinum_azure_spec.rb index 98c56aa..f6117ae 100644 --- a/spec/infinum_azure_spec.rb +++ b/spec/infinum_azure_spec.rb @@ -29,85 +29,4 @@ end.to raise_error(described_class::Error, "InfinumAzure attribute '@service_name' not set") end end - - describe 'delegated methods' do - before do - described_class.configure do |config| - config.service_name = 'Example' - config.resource_name = 'User' - end - end - - describe '#service_name' do - it 'returns correct value' do - expect(described_class.service_name).to eq('Example') - end - end - - describe '#resource_name' do - it 'returns correct value' do - expect(described_class.resource_name).to eq('User') - end - end - - describe '#resource_attributes' do - it 'returns array' do - expect(described_class.resource_attributes).to be_a(Array) - end - end - - describe '#user_migration_scope' do - it 'returns proc' do - expect(described_class.user_migration_scope).to be_a(Proc) - end - end - - describe '#user_migration_operation' do - it 'returns proc' do - expect(described_class.user_migration_operation).to be_a(Proc) - end - end - - describe '.provider' do - it 'returns "infinum_azure"' do - expect(described_class.provider).to eq('infinum_azure') - end - end - - describe '.resource_class' do - it 'returns constantized resource_name' do - expect(described_class.resource_class).to eq(User) - end - end - - describe '.client_id' do - it 'returns value from secrets' do - expect(described_class.client_id).to eq('vault_client_id') - end - end - - describe '.client_secret' do - it 'returns value from secrets' do - expect(described_class.client_secret).to eq('vault_client_secret') - end - end - - describe '.domain' do - it 'returns value from secrets' do - expect(described_class.domain).to eq('https://login.b2c.com') - end - end - - describe '.tenant' do - it 'returns value from secrets' do - expect(described_class.tenant).to eq('infinumtest') - end - end - - describe '.users_auth_url' do - it 'returns value from secrets' do - expect(described_class.users_auth_url).to eq('http://example_api_url_with_users.com') - end - end - end end diff --git a/spec/lib/infinum_azure/defaults_spec.rb b/spec/lib/infinum_azure/defaults_spec.rb deleted file mode 100644 index e67aa96..0000000 --- a/spec/lib/infinum_azure/defaults_spec.rb +++ /dev/null @@ -1,20 +0,0 @@ -# frozen_string_literal: true - -RSpec.describe InfinumAzure::Defaults do - before do - stub_const("#{described_class}::REQUIRED", { key1: anything, key2: anything }) - stub_const("#{described_class}::OPTIONAL", { key3: anything, key4: anything }) - end - - describe '.all_attribute_names' do - it 'returns all keys from required and optional hash' do - expect(described_class.all_attribute_names).to eq([:key1, :key2, :key3, :key4]) - end - end - - describe '.all_attributes' do - it 'returns all key value pairs from required and optional hash' do - expect(described_class.all_attributes).to eq({ key1: anything, key2: anything, key3: anything, key4: anything }) - end - end -end From 5c8eacfc0d35e5747644cee4a8be405574224035 Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Fri, 24 May 2024 13:51:51 +0200 Subject: [PATCH 3/9] Refactor config --- README.md | 10 ++++++ .../infinum_azure/api/base_controller.rb | 3 +- .../infinum_azure/api/webhooks_controller.rb | 2 +- config/initializers/devise.rb | 8 +++-- config/routes.rb | 6 ++-- lib/infinum_azure.rb | 2 ++ lib/infinum_azure/config.rb | 25 +++++++++++++++ spec/infinum_azure_spec.rb | 29 ++++++++++++----- spec/lib/infinum_azure/config_spec.rb | 32 ++++++++++++------- 9 files changed, 90 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 289c2c8..26d6b11 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,11 @@ InfinumAzure.configure do |config| record.update_attribute(:provider, 'infinum_azure') record.update_attribute(:uid, resource['uid']) } + config.client_id = 'client-id' + config.client_secret = 'client-secret' + config.domain = 'https://login.b2c.com' + config.tenant = 'tenant' + config.users_auth_url = 'https://example.com' end ``` @@ -64,6 +69,11 @@ Configuration options: * `avatar_url` - string || null * `groups` - string || null -> a comma separated list; if "employees" is present, the user is an employee * `deactivated` - boolean +* client_id(mandatory) - client ID +* client_secret(mandatory) - client secret +* domain(mandatory) - Identity service domain +* tenant(mandatory) - Tenant id +* users_auth_url(optional) ## Usage diff --git a/app/controllers/infinum_azure/api/base_controller.rb b/app/controllers/infinum_azure/api/base_controller.rb index c5037f2..49ca633 100644 --- a/app/controllers/infinum_azure/api/base_controller.rb +++ b/app/controllers/infinum_azure/api/base_controller.rb @@ -6,7 +6,8 @@ class BaseController < ApplicationController protect_from_forgery with: :null_session respond_to :json - delegate :resource_name, :resource_class, to: InfinumAzure + delegate :resource_name, to: 'InfinumAzure.config' + delegate :resource_class, to: InfinumAzure end end end diff --git a/app/controllers/infinum_azure/api/webhooks_controller.rb b/app/controllers/infinum_azure/api/webhooks_controller.rb index 9fdc6be..029945e 100644 --- a/app/controllers/infinum_azure/api/webhooks_controller.rb +++ b/app/controllers/infinum_azure/api/webhooks_controller.rb @@ -27,7 +27,7 @@ def resource def user_params normalized_azure_params - .slice(*InfinumAzure.resource_attributes) + .slice(*InfinumAzure.config.resource_attributes) .merge(provider: InfinumAzure.provider) end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index de70b7b..0f06057 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -19,9 +19,11 @@ config.sign_out_via = :get # ==> OmniAuth - config.omniauth :infinum_azure, InfinumAzure.client_id, InfinumAzure.client_secret, + config.omniauth :infinum_azure, + InfinumAzure.config.client_id, + InfinumAzure.config.client_secret, client_options: { - domain: InfinumAzure.domain, - tenant: InfinumAzure.tenant + domain: InfinumAzure.config.domain, + tenant: InfinumAzure.config.tenant } end diff --git a/config/routes.rb b/config/routes.rb index 0c46827..b1331ed 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,14 +1,14 @@ # frozen_string_literal: true Rails.application.routes.draw do - get "/#{InfinumAzure.resource_name.pluralize.underscore}/auth/infinum_azure/logout", + get "/#{InfinumAzure.config.resource_name.pluralize.underscore}/auth/infinum_azure/logout", to: 'infinum_azure/resources#passthru', as: :infinum_azure_logout - get "/#{InfinumAzure.resource_name.pluralize.underscore}/auth/logout", + get "/#{InfinumAzure.config.resource_name.pluralize.underscore}/auth/logout", to: 'infinum_azure/resources#destroy', as: :logout - devise_for InfinumAzure.resource_name.pluralize.underscore, controllers: { + devise_for InfinumAzure.config.resource_name.pluralize.underscore, controllers: { omniauth_callbacks: 'infinum_azure/resources/omniauth_callbacks' } diff --git a/lib/infinum_azure.rb b/lib/infinum_azure.rb index a19d1be..144dd79 100644 --- a/lib/infinum_azure.rb +++ b/lib/infinum_azure.rb @@ -13,6 +13,7 @@ class << self def configure yield config if block_given? + config.validate! end def config @@ -24,6 +25,7 @@ def provider end def resource_class + config.resource_name.constantize end end end diff --git a/lib/infinum_azure/config.rb b/lib/infinum_azure/config.rb index 86eaa8d..1bca771 100644 --- a/lib/infinum_azure/config.rb +++ b/lib/infinum_azure/config.rb @@ -2,5 +2,30 @@ module InfinumAzure class Config + PROVIDER_INFINUM_ID = 'infinum_id' + PROVIDER_INFINUM_AZURE = 'infinum_azure' + UID = 'uid' + DEFAULT_RESOURCE_ATTRIBUTES = [ + :uid, :email, :first_name, :last_name, :avatar_url, :deactivated_at, :provider_groups, :employee + ].freeze + + attr_accessor :service_name, :resource_name, :resource_attributes, :user_migration_scope, + :user_migration_operation, :client_id, :client_secret, :domain, :tenant, :users_auth_url + + def initialize + self.resource_attributes = DEFAULT_RESOURCE_ATTRIBUTES + self.user_migration_scope = -> { InfinumAzure.resource_class.where(provider: PROVIDER_INFINUM_ID) } + self.user_migration_operation = ->(record, resource) { + record.update_attribute(:provider, PROVIDER_INFINUM_AZURE) + record.update_attribute(:uid, resource[UID]) + } + end + + def validate! + [:service_name, :resource_name, :resource_attributes, :user_migration_scope, + :user_migration_operation, :client_id, :client_secret, :domain, :tenant].each do |attribute| + raise InfinumAzure::Error, "InfinumAzure attribute '@#{attribute}' not set" if public_send(attribute).blank? + end + end end end diff --git a/spec/infinum_azure_spec.rb b/spec/infinum_azure_spec.rb index f6117ae..4694832 100644 --- a/spec/infinum_azure_spec.rb +++ b/spec/infinum_azure_spec.rb @@ -6,27 +6,40 @@ end describe '.configure' do - it 'sets values to config attributes and uses default values when config attribute not set' do + it 'yields config' do described_class.configure do |config| config.service_name = 'Example' config.resource_name = 'User' config.user_migration_operation = -> { 'from_block' } + config.client_id = 'client-id' + config.client_secret = 'client-secret' + config.domain = 'https://login.b2c.com' + config.tenant = 'tenant' + config.users_auth_url = 'https://example.com' end - expect(described_class.service_name).to eq('Example') - expect(described_class.resource_name).to eq('User') - expect(described_class.resource_attributes).to be_a(Array) - expect(described_class.user_migration_scope.call).to be_a(ActiveRecord::Relation) - expect(described_class.user_migration_operation.call).to eq('from_block') + expect(described_class.config.service_name).to eq('Example') + expect(described_class.config.resource_name).to eq('User') + expect(described_class.config.resource_attributes).to be_a(Array) + expect(described_class.config.user_migration_scope.call).to be_a(ActiveRecord::Relation) + expect(described_class.config.user_migration_operation.call).to eq('from_block') + expect(described_class.config.client_id).to eq('client-id') + expect(described_class.config.client_secret).to eq('client-secret') + expect(described_class.config.domain).to eq('https://login.b2c.com') + expect(described_class.config.tenant).to eq('tenant') + expect(described_class.config.users_auth_url).to eq('https://example.com') end it 'raises error if attribute not set' do expect do described_class.configure do |config| - config.service_name = nil config.resource_name = 'User' + config.client_id = 'client-id' + config.domain = 'https://eample.com' + config.tenant = 'tenant' + config.client_secret = nil end - end.to raise_error(described_class::Error, "InfinumAzure attribute '@service_name' not set") + end.to raise_error(InfinumAzure::Error, "InfinumAzure attribute '@client_secret' not set") end end end diff --git a/spec/lib/infinum_azure/config_spec.rb b/spec/lib/infinum_azure/config_spec.rb index 7d95c3e..cbceb4d 100644 --- a/spec/lib/infinum_azure/config_spec.rb +++ b/spec/lib/infinum_azure/config_spec.rb @@ -3,22 +3,32 @@ RSpec.describe InfinumAzure::Config do subject(:config) { described_class.new } - describe 'attribute writers and readers' do - it 'creates attribute writer methods for all keys' do - expect { config.service_name = 'Example' }.to change(config, :service_name).from(nil).to('Example') + describe 'default values' do + it 'initializes #resource_attributes' do + expect(config.resource_attributes).not_to be_empty + end + + it 'initializes #user_migration_scope' do + expect(config.user_migration_scope).to be_a(Proc) + end + + it 'initializes #user_migration_operation' do + expect(config.user_migration_operation).to be_a(Proc) + expect(config.user_migration_operation.arity).to eq(2) end end - describe 'attribute readers from Defaults' do - it 'creates attribute methods that default to nil if not set' do - config.service_name = 'Example' + describe '#validate!' do + it 'raises error if attribute not set' do config.resource_name = 'User' + config.client_id = 'client-id' + config.domain = 'https://eample.com' + config.tenant = 'tenant' + config.client_secret = nil - expect(config.service_name).to eq('Example') - expect(config.resource_name).to eq('User') - expect(config.resource_attributes).to be_a(Array) - expect(config.user_migration_scope).to be_a(Proc) - expect(config.user_migration_operation).to be_a(Proc) + expect do + config.validate! + end.to raise_error(InfinumAzure::Error, "InfinumAzure attribute '@client_secret' not set") end end end From fcf7133429ad4bb717d8b5dcc48754e1779a55e1 Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Fri, 24 May 2024 14:12:18 +0200 Subject: [PATCH 4/9] Remove service name property --- README.md | 2 -- lib/infinum_azure/config.rb | 8 ++++---- spec/infinum_azure_spec.rb | 2 -- spec/rails_app/config/application.rb | 1 - spec/spec_helper.rb | 1 - 5 files changed, 4 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 26d6b11..158343a 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ Or install it yourself as: # config/initializers/infinum_azure.rb InfinumAzure.configure do |config| - config.service_name = 'Revisor' config.resource_name = 'User' config.resource_attributes = [:uid, :email, :first_name, :last_name, :avatar_url, :deactivated_at, :provider_groups, :employee] @@ -57,7 +56,6 @@ end ``` Configuration options: -* service_name(mandatory) - name of application * resource_name(mandatory) - name of resource on whom authentication is being done * resource_attributes(optional) - attributes that will be permitted once the webhook controller receives the params from InfinumAzure * user_migration_scope(optional) - a block that will be used to get the initial collection of resources (if blank, default is written above) diff --git a/lib/infinum_azure/config.rb b/lib/infinum_azure/config.rb index 1bca771..a38404e 100644 --- a/lib/infinum_azure/config.rb +++ b/lib/infinum_azure/config.rb @@ -9,8 +9,8 @@ class Config :uid, :email, :first_name, :last_name, :avatar_url, :deactivated_at, :provider_groups, :employee ].freeze - attr_accessor :service_name, :resource_name, :resource_attributes, :user_migration_scope, - :user_migration_operation, :client_id, :client_secret, :domain, :tenant, :users_auth_url + attr_accessor :resource_name, :resource_attributes, :user_migration_scope, :user_migration_operation, :client_id, + :client_secret, :domain, :tenant, :users_auth_url def initialize self.resource_attributes = DEFAULT_RESOURCE_ATTRIBUTES @@ -22,8 +22,8 @@ def initialize end def validate! - [:service_name, :resource_name, :resource_attributes, :user_migration_scope, - :user_migration_operation, :client_id, :client_secret, :domain, :tenant].each do |attribute| + [:resource_name, :resource_attributes, :user_migration_scope, :user_migration_operation, :client_id, + :client_secret, :domain, :tenant].each do |attribute| raise InfinumAzure::Error, "InfinumAzure attribute '@#{attribute}' not set" if public_send(attribute).blank? end end diff --git a/spec/infinum_azure_spec.rb b/spec/infinum_azure_spec.rb index 4694832..0e50e0b 100644 --- a/spec/infinum_azure_spec.rb +++ b/spec/infinum_azure_spec.rb @@ -8,7 +8,6 @@ describe '.configure' do it 'yields config' do described_class.configure do |config| - config.service_name = 'Example' config.resource_name = 'User' config.user_migration_operation = -> { 'from_block' } config.client_id = 'client-id' @@ -18,7 +17,6 @@ config.users_auth_url = 'https://example.com' end - expect(described_class.config.service_name).to eq('Example') expect(described_class.config.resource_name).to eq('User') expect(described_class.config.resource_attributes).to be_a(Array) expect(described_class.config.user_migration_scope.call).to be_a(ActiveRecord::Relation) diff --git a/spec/rails_app/config/application.rb b/spec/rails_app/config/application.rb index 559afae..3e3109d 100644 --- a/spec/rails_app/config/application.rb +++ b/spec/rails_app/config/application.rb @@ -12,7 +12,6 @@ class Application < Rails::Application config.i18n.enforce_available_locales = true config.active_record.legacy_connection_handling = false - InfinumAzure.config.service_name = 'Specs' InfinumAzure.config.resource_name = 'User' InfinumAzure.config.resource_attributes = [ :uid, :email, :first_name, :last_name, :avatar_url, :deactivated_at, :provider_groups, :employee diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f967bc3..49988b7 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -22,7 +22,6 @@ OmniAuth.config.test_mode = true ActiveJob::Base.queue_adapter = :test -InfinumAzure.config.service_name = 'InfinumAzure engine' Rails.configuration.host_url = 'http://localhost:3000' RSpec.configure do |config| From 01d701bb41419d286902c1e428dac290d158de83 Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Fri, 24 May 2024 14:17:02 +0200 Subject: [PATCH 5/9] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8c391d7..ba0feb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ - Add rubocop gems: factory_bot, infinum, rake, rspec_rails - Fix RuboCop offenses - Add build GHA workflow +- Remove dependency on Rails secrets and enable clients to choose how to manage secret parameters ## [2.0.0] - 2024-03-12 From d236768c21f8461cb65fb911474d9dac5cab2866 Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Tue, 4 Jun 2024 17:50:32 +0200 Subject: [PATCH 6/9] Delegate users_auth_url to config --- lib/tasks/infinum_azure/users/request.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tasks/infinum_azure/users/request.rb b/lib/tasks/infinum_azure/users/request.rb index 014f927..42eaee4 100644 --- a/lib/tasks/infinum_azure/users/request.rb +++ b/lib/tasks/infinum_azure/users/request.rb @@ -7,7 +7,7 @@ module InfinumAzure module Users class Request - URL = InfinumAzure.users_auth_url + URL = InfinumAzure.config.users_auth_url def self.execute raise 'infinum_azure_users_auth_url secret required for this rake task' if URL.blank? From 1406aadf1518ff6970047f5e3b104813838e222f Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Tue, 4 Jun 2024 20:30:16 +0200 Subject: [PATCH 7/9] Reorder options by ordinality --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 158343a..05a6475 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,11 @@ end ``` Configuration options: +* client_id(mandatory) - client ID +* client_secret(mandatory) - client secret +* domain(mandatory) - Identity service domain * resource_name(mandatory) - name of resource on whom authentication is being done +* tenant(mandatory) - Tenant id * resource_attributes(optional) - attributes that will be permitted once the webhook controller receives the params from InfinumAzure * user_migration_scope(optional) - a block that will be used to get the initial collection of resources (if blank, default is written above) * user_migration_operation(optional) - a block that will be called for each resource from the above collection if a matching resource on InfinumAzure is found. The resource is a Hash containing the following properties: @@ -67,10 +71,6 @@ Configuration options: * `avatar_url` - string || null * `groups` - string || null -> a comma separated list; if "employees" is present, the user is an employee * `deactivated` - boolean -* client_id(mandatory) - client ID -* client_secret(mandatory) - client secret -* domain(mandatory) - Identity service domain -* tenant(mandatory) - Tenant id * users_auth_url(optional) ## Usage From 370ffd627ccef6a99038d2d71c4e1e402ab0575b Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Fri, 7 Jun 2024 14:09:01 +0200 Subject: [PATCH 8/9] Move Devise omniauth config to initializer block --- config/initializers/devise.rb | 9 --------- lib/infinum_azure/engine.rb | 13 +++++++++++++ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 0f06057..d4a9f8f 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -17,13 +17,4 @@ config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ config.sign_out_via = :get - - # ==> OmniAuth - config.omniauth :infinum_azure, - InfinumAzure.config.client_id, - InfinumAzure.config.client_secret, - client_options: { - domain: InfinumAzure.config.domain, - tenant: InfinumAzure.config.tenant - } end diff --git a/lib/infinum_azure/engine.rb b/lib/infinum_azure/engine.rb index d6ccad2..11d9503 100644 --- a/lib/infinum_azure/engine.rb +++ b/lib/infinum_azure/engine.rb @@ -10,5 +10,18 @@ class Engine < ::Rails::Engine if defined?(FactoryBotRails) config.factory_bot.definition_file_paths += [File.expand_path('../../spec/factories', __dir__)] end + + initializer 'infinum_azure.devise_omniauth', before: 'devise.omniauth' do + Devise.setup do |config| + # ==> OmniAuth + config.omniauth :infinum_azure, + InfinumAzure.config.client_id, + InfinumAzure.config.client_secret, + client_options: { + domain: InfinumAzure.config.domain, + tenant: InfinumAzure.config.tenant + } + end + end end end From fccdfa06945868c82775fc2404f83d830ab40588 Mon Sep 17 00:00:00 2001 From: Vedran Hrncic Date: Wed, 12 Jun 2024 10:22:06 +0200 Subject: [PATCH 9/9] Fix RuboCop offenses --- lib/infinum_azure/config.rb | 19 ++++++++++++++----- spec/infinum_azure_spec.rb | 2 +- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/lib/infinum_azure/config.rb b/lib/infinum_azure/config.rb index a38404e..606126b 100644 --- a/lib/infinum_azure/config.rb +++ b/lib/infinum_azure/config.rb @@ -9,15 +9,24 @@ class Config :uid, :email, :first_name, :last_name, :avatar_url, :deactivated_at, :provider_groups, :employee ].freeze - attr_accessor :resource_name, :resource_attributes, :user_migration_scope, :user_migration_operation, :client_id, - :client_secret, :domain, :tenant, :users_auth_url + attr_accessor :resource_name + attr_accessor :resource_attributes + attr_accessor :user_migration_scope + attr_accessor :user_migration_operation + attr_accessor :client_id + attr_accessor :client_secret + attr_accessor :domain + attr_accessor :tenant + attr_accessor :users_auth_url def initialize self.resource_attributes = DEFAULT_RESOURCE_ATTRIBUTES self.user_migration_scope = -> { InfinumAzure.resource_class.where(provider: PROVIDER_INFINUM_ID) } - self.user_migration_operation = ->(record, resource) { - record.update_attribute(:provider, PROVIDER_INFINUM_AZURE) - record.update_attribute(:uid, resource[UID]) + self.user_migration_operation = lambda { |record, resource| + record.update_columns( # rubocop:disable Rails/SkipsModelValidations + provider: PROVIDER_INFINUM_AZURE, + uid: resource[UID] + ) } end diff --git a/spec/infinum_azure_spec.rb b/spec/infinum_azure_spec.rb index 0e50e0b..6213b23 100644 --- a/spec/infinum_azure_spec.rb +++ b/spec/infinum_azure_spec.rb @@ -6,7 +6,7 @@ end describe '.configure' do - it 'yields config' do + it 'yields config' do # rubocop:disable RSpec/ExampleLength, RSpec/MultipleExpectations described_class.configure do |config| config.resource_name = 'User' config.user_migration_operation = -> { 'from_block' }