Remove code related to Launchpad auth or 37id Users
This commit is contained in:
+9
-38
@@ -40,45 +40,16 @@ def create_tenant(signal_account_name, bare: false)
|
||||
end
|
||||
|
||||
def find_or_create_user(full_name, email_address)
|
||||
if Rails.application.config.x.local_authentication
|
||||
if user = User.find_by(email_address: email_address)
|
||||
user.password = "secret123456"
|
||||
user.save!
|
||||
user
|
||||
else
|
||||
User.create!(
|
||||
name: full_name,
|
||||
email_address: email_address,
|
||||
password: "secret123456"
|
||||
)
|
||||
end
|
||||
if user = User.find_by(email_address: email_address)
|
||||
user.password = "secret123456"
|
||||
user.save!
|
||||
user
|
||||
else
|
||||
SignalId::Database.on_master do
|
||||
unless signal_identity = SignalId::Identity.find_by_email_address(email_address)
|
||||
signal_identity = SignalId::Identity.create!(
|
||||
name: full_name,
|
||||
email_address: email_address,
|
||||
username: email_address,
|
||||
password: "secret123456"
|
||||
)
|
||||
end
|
||||
|
||||
signal_account = Account.sole.external_account
|
||||
signal_user = SignalId::User.find_or_create_by!(identity: signal_identity, account: signal_account)
|
||||
|
||||
if user = User.find_by(external_user_id: signal_user.id)
|
||||
user.password = "secret123456"
|
||||
user.save!
|
||||
user
|
||||
else
|
||||
User.create!(
|
||||
external_user_id: signal_user.id,
|
||||
name: signal_identity.name,
|
||||
email_address: signal_identity.email_address,
|
||||
password: "secret123456"
|
||||
)
|
||||
end
|
||||
end
|
||||
User.create!(
|
||||
name: full_name,
|
||||
email_address: email_address,
|
||||
password: "secret123456"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
module Sessions
|
||||
module SignalSessions
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
included do
|
||||
before_action :require_local_auth, only: %i[ new create ]
|
||||
end
|
||||
|
||||
private
|
||||
def require_local_auth
|
||||
head :forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -1,23 +0,0 @@
|
||||
class Sessions::LaunchpadController < ApplicationController
|
||||
require_unauthenticated_access
|
||||
|
||||
before_action :require_sig
|
||||
|
||||
def show
|
||||
end
|
||||
|
||||
def update
|
||||
user = Account.sole.external_account.authenticate(sig: @sig).try(:peer)
|
||||
if user.present? && user.active?
|
||||
start_new_session_for user
|
||||
redirect_to after_authentication_url
|
||||
else
|
||||
render plain: "Authentication failed. This is probably a bug.", status: :unauthorized
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
def require_sig
|
||||
@sig = params.expect(:sig)
|
||||
end
|
||||
end
|
||||
@@ -1,15 +0,0 @@
|
||||
module LoginHelper
|
||||
module SignalLogin
|
||||
def login_url
|
||||
if ApplicationRecord.current_tenant
|
||||
Launchpad.login_url(product: true, account: Account.sole)
|
||||
else
|
||||
Launchpad.login_url(product: true)
|
||||
end
|
||||
end
|
||||
|
||||
def logout_url
|
||||
Launchpad.logout_url
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -20,9 +20,8 @@ module Account::SignalAccount
|
||||
User.create!(
|
||||
name: account.external_account.owner.name,
|
||||
email_address: account.external_account.owner.email_address,
|
||||
external_user_id: account.external_account.owner.id,
|
||||
role: "admin",
|
||||
password: SecureRandom.hex(36) # TODO: remove password column?
|
||||
password: SecureRandom.hex(16)
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
module User::SignalUser
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
prepended do
|
||||
# the external_user_id is the SignalId::User id
|
||||
belongs_to :external_user, dependent: :destroy, class_name: "SignalId::User", optional: true
|
||||
end
|
||||
|
||||
class_methods do
|
||||
def find_by_signal_user_id(signal_user_id)
|
||||
find_by(external_user_id: signal_user_id)
|
||||
end
|
||||
end
|
||||
|
||||
def deactivate
|
||||
super
|
||||
SignalId::Database.on_master { external_user&.destroy }
|
||||
end
|
||||
end
|
||||
@@ -1,10 +1,4 @@
|
||||
Fizzy::Saas::Engine.routes.draw do
|
||||
resource :session do
|
||||
scope module: "sessions" do
|
||||
resource :launchpad, only: %i[ show update ], controller: "launchpad"
|
||||
end
|
||||
end
|
||||
|
||||
namespace :signup do
|
||||
get "/" => "accounts#new"
|
||||
resources :accounts, only: %i[ new create ]
|
||||
|
||||
@@ -5,10 +5,7 @@ module Fizzy
|
||||
class Engine < ::Rails::Engine
|
||||
# extend application models
|
||||
config.to_prepare do
|
||||
User.prepend User::SignalUser
|
||||
Account.prepend Account::SignalAccount
|
||||
LoginHelper.prepend LoginHelper::SignalLogin
|
||||
SessionsController.include Sessions::SignalSessions
|
||||
end
|
||||
|
||||
# moved from config/initializers/queenbee.rb
|
||||
@@ -39,7 +36,6 @@ module Fizzy
|
||||
|
||||
silence_warnings do
|
||||
SignalId::Account::Peer = Account
|
||||
SignalId::User::Peer = User
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
require "test_helper"
|
||||
|
||||
class ControllerAuthenticationTest < ActionDispatch::IntegrationTest
|
||||
test "access without an account slug redirects to launchpad" do
|
||||
integration_session.default_url_options[:script_name] = "" # no tenant
|
||||
|
||||
get cards_path
|
||||
|
||||
assert_redirected_to Launchpad.login_url(product: true)
|
||||
end
|
||||
|
||||
test "access with an account slug but no session redirects to launchpad" do
|
||||
get cards_path
|
||||
|
||||
assert_redirected_to Launchpad.login_url(product: true, account: Account.sole)
|
||||
end
|
||||
end
|
||||
@@ -1,38 +0,0 @@
|
||||
require "test_helper"
|
||||
|
||||
class Sessions::LaunchpadControllerTest < ActionDispatch::IntegrationTest
|
||||
test "show renders when not signed in" do
|
||||
get saas.session_launchpad_path(params: { sig: "test-sig" })
|
||||
|
||||
assert_response :success
|
||||
|
||||
assert_select "form input#sig" do |node|
|
||||
assert_equal node.length, 1
|
||||
assert_equal node.first["value"], "test-sig"
|
||||
end
|
||||
end
|
||||
|
||||
test "create establishes a session when the sig is valid" do
|
||||
user = users(:david)
|
||||
|
||||
put saas.session_launchpad_path(params: { sig: user.external_user.perishable_signature })
|
||||
|
||||
assert_redirected_to root_url
|
||||
assert parsed_cookies.signed[:session_token]
|
||||
end
|
||||
|
||||
test "create checks user.active?" do
|
||||
user = users(:david)
|
||||
user.update! active: false
|
||||
|
||||
put saas.session_launchpad_path(params: { sig: user.external_user.perishable_signature })
|
||||
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
test "returns 401 when the sig is invalid" do
|
||||
put saas.session_launchpad_path(params: { sig: "invalid" })
|
||||
|
||||
assert_response :unauthorized
|
||||
end
|
||||
end
|
||||
@@ -1,24 +0,0 @@
|
||||
require "test_helper"
|
||||
|
||||
class SessionsControllerTest < ActionDispatch::IntegrationTest
|
||||
test "destroy" do
|
||||
sign_in_as :kevin
|
||||
|
||||
delete session_path
|
||||
|
||||
assert_redirected_to Launchpad.logout_url
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
|
||||
test "new" do
|
||||
get new_session_path
|
||||
|
||||
assert_response :forbidden
|
||||
end
|
||||
|
||||
test "create" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "secret123456" }
|
||||
|
||||
assert_response :forbidden
|
||||
end
|
||||
end
|
||||
@@ -18,7 +18,7 @@ class Account::SignalAccountTest < ActiveSupport::TestCase
|
||||
assert_equal @account, @account.external_account.peer
|
||||
end
|
||||
|
||||
test ".create_with_admin_user creates a new local account and user peers" do
|
||||
test ".create_with_admin_user creates a new local account" do
|
||||
ApplicationRecord.create_tenant("account-create-with-dependents") do
|
||||
signal_account = signal_accounts(:honcho_fizzy)
|
||||
account = Account.create_with_admin_user(tenant_id: signal_account.queenbee_id)
|
||||
@@ -32,11 +32,9 @@ class Account::SignalAccountTest < ActiveSupport::TestCase
|
||||
|
||||
assert_equal 1, User.count
|
||||
User.first.tap do |user|
|
||||
assert signal_account.owner.name, user.name
|
||||
assert signal_account.owner.email_address, user.email_address
|
||||
assert signal_account.owner.id, user.external_user_id
|
||||
assert_equal signal_account.owner.name, user.name
|
||||
assert_equal signal_account.owner.email_address, user.email_address
|
||||
assert_equal "admin", user.role
|
||||
assert_equal user, signal_account.owner.peer
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -42,7 +42,6 @@ class SignupTest < ActiveSupport::TestCase
|
||||
|
||||
assert @signup.user
|
||||
assert @signup.user.persisted?
|
||||
assert_equal @signup.user.external_user, @signup.signal_account.owner
|
||||
|
||||
assert_equal @signup.queenbee_account.id.to_s, @signup.tenant_name
|
||||
assert_includes ApplicationRecord.tenants, @signup.tenant_name
|
||||
@@ -86,7 +85,6 @@ class SignupTest < ActiveSupport::TestCase
|
||||
|
||||
assert @signup.user
|
||||
assert @signup.user.persisted?
|
||||
assert_equal @signup.user.external_user, @signup.signal_account.owner
|
||||
|
||||
assert_equal @signup.queenbee_account.id.to_s, @signup.tenant_name
|
||||
assert_includes ApplicationRecord.tenants, @signup.tenant_name
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
require "test_helper"
|
||||
|
||||
class User::SignalUserTest < ActiveSupport::TestCase
|
||||
setup do
|
||||
@user = users(:david)
|
||||
end
|
||||
|
||||
test "belongs to a Signal::User" do
|
||||
assert_not_nil @user.external_user_id
|
||||
assert_equal signal_users("37s_fizzy_david"), @user.external_user
|
||||
end
|
||||
|
||||
test "peering" do
|
||||
assert_equal @user, @user.external_user.peer
|
||||
end
|
||||
|
||||
test "deactivate clears signal user" do
|
||||
users(:jz).deactivate
|
||||
|
||||
assert_nil users(:jz).reload.external_user
|
||||
end
|
||||
end
|
||||
@@ -4,10 +4,6 @@ require "queenbee/testing/mocks"
|
||||
module ActiveSupport
|
||||
class TestCase
|
||||
include SignalId::Testing
|
||||
|
||||
def saas_extension_sign_in_as(user)
|
||||
put saas.session_launchpad_path, params: { sig: user.external_user.perishable_signature }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
+14
-30
@@ -2,41 +2,25 @@
|
||||
|
||||
require_relative "../config/environment"
|
||||
|
||||
if ARGV.length < 2
|
||||
puts "Usage: #{$0} <email> <tenant>"
|
||||
if ARGV.length < 3
|
||||
puts "Usage: #{$0} <tenant> <email> <fullname>"
|
||||
exit 1
|
||||
end
|
||||
|
||||
email_address = ARGV[0]
|
||||
tenant = ARGV[1]
|
||||
tenant = ARGV.shift
|
||||
email_address = ARGV.shift
|
||||
name = ARGV.join(" ")
|
||||
|
||||
def confirm(noun)
|
||||
print "Is this the correct #{noun}? (y/n) "
|
||||
response = $stdin.gets.chomp.downcase
|
||||
exit 0 unless response == "y"
|
||||
puts
|
||||
end
|
||||
|
||||
signal_identity = SignalId::Identity.find_by!(email_address: email_address)
|
||||
pp signal_identity
|
||||
confirm "identity"
|
||||
|
||||
ApplicationRecord.with_tenant(tenant) do
|
||||
signal_account = Account.sole.external_account
|
||||
pp signal_account
|
||||
confirm "account"
|
||||
|
||||
SignalId::Database.on_master do
|
||||
signal_user = SignalId::User.create!(identity: signal_identity, account: signal_account)
|
||||
|
||||
user = User.create!(
|
||||
name: signal_user.name,
|
||||
email_address: signal_user.email_address,
|
||||
external_user_id: signal_user.id,
|
||||
password: SecureRandom.hex(36) # TODO: remove password column?
|
||||
)
|
||||
begin
|
||||
ApplicationRecord.with_tenant(tenant) do
|
||||
password = SecureRandom.hex(16)
|
||||
|
||||
user = User.create!(name:, email_address:, password:)
|
||||
puts "Created: "
|
||||
pp [ user, signal_user ]
|
||||
pp user
|
||||
|
||||
puts "Password is: #{password.inspect}"
|
||||
end
|
||||
rescue Exception => e
|
||||
puts "Failed with error: #{e.inspect}"
|
||||
end
|
||||
|
||||
@@ -34,7 +34,6 @@ ActiveRecord::Tenanted::DatabaseTasks.migrate_all
|
||||
|
||||
ApplicationRecord.with_tenant(signup.tenant_name) do |tenant|
|
||||
Account.sole.update! external_account: signup.signal_account
|
||||
User.first.update! external_user: signup.signal_account.owner
|
||||
|
||||
puts "\n\nLogin to http://launchpad.localhost:3011/ as #{signup.email_address} / #{signup.password}"
|
||||
end
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
require_relative "../config/environment"
|
||||
|
||||
ApplicationRecord.with_each_tenant do |tenant|
|
||||
account = Account.sole
|
||||
signal_account = account.signal_account
|
||||
|
||||
signal_users = SignalId::User.where(account_id: signal_account.id)
|
||||
|
||||
signal_users.each do |signal_user|
|
||||
unless User.find_by(signal_user_id: signal_user.id)
|
||||
User.create!(
|
||||
name: signal_user.identity.name,
|
||||
email_address: signal_user.identity.email_address,
|
||||
signal_user_id: signal_user.id,
|
||||
password: SecureRandom.hex(36) # TODO: remove password column?
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -1,41 +0,0 @@
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
#
|
||||
# this is intended to copy a production database into beta, change the account id, and stitch the
|
||||
# user accounts together properly.
|
||||
#
|
||||
|
||||
require_relative "../config/environment"
|
||||
|
||||
ActiveRecord::Base.logger = Logger.new(File::NULL)
|
||||
|
||||
ApplicationRecord.with_each_tenant do |tenant|
|
||||
puts "\n# tenant: #{tenant}"
|
||||
|
||||
signal_account = SignalId::Account.find_by!(queenbee_id: tenant)
|
||||
puts "Found signal account #{signal_account.inspect}"
|
||||
|
||||
account = Account.sole
|
||||
if account.tenant_id != tenant
|
||||
puts "setting account tenant_id to #{tenant}"
|
||||
account.update!(tenant_id: tenant, name: account.name + " (Beta)")
|
||||
end
|
||||
|
||||
User.find_each do |user|
|
||||
next if user.system? || user.external_user_id.nil?
|
||||
|
||||
signal_user = user.external_user
|
||||
next if signal_user.nil?
|
||||
next if signal_user.account == account.external_account
|
||||
|
||||
signal_identity = signal_user.identity
|
||||
pp signal_identity
|
||||
|
||||
SignalId::Database.on_master do
|
||||
signal_user = SignalId::User.find_or_create_by!(identity: signal_identity, account: signal_account)
|
||||
puts "Created signal user #{signal_user.inspect} for identity #{signal_identity.inspect}"
|
||||
user.external_user_id = signal_user.id
|
||||
user.save!
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -1,20 +1,18 @@
|
||||
require "test_helper"
|
||||
|
||||
class ControllerAuthenticationTest < ActionDispatch::IntegrationTest
|
||||
if Rails.application.config.x.local_authentication
|
||||
test "access without an account slug redirects to new session" do
|
||||
integration_session.default_url_options[:script_name] = "" # no tenant
|
||||
test "access without an account slug redirects to new session" do
|
||||
integration_session.default_url_options[:script_name] = "" # no tenant
|
||||
|
||||
get cards_path
|
||||
get cards_path
|
||||
|
||||
assert_redirected_to new_session_path
|
||||
end
|
||||
assert_redirected_to new_session_path
|
||||
end
|
||||
|
||||
test "access with an account slug but no session redirects to new session" do
|
||||
get cards_path
|
||||
test "access with an account slug but no session redirects to new session" do
|
||||
get cards_path
|
||||
|
||||
assert_redirected_to new_session_path
|
||||
end
|
||||
assert_redirected_to new_session_path
|
||||
end
|
||||
|
||||
test "access with an account slug and a session allows functional access" do
|
||||
|
||||
@@ -1,34 +1,32 @@
|
||||
require "test_helper"
|
||||
|
||||
class SessionsControllerTest < ActionDispatch::IntegrationTest
|
||||
if Rails.application.config.x.local_authentication
|
||||
test "destroy" do
|
||||
sign_in_as :kevin
|
||||
test "destroy" do
|
||||
sign_in_as :kevin
|
||||
|
||||
delete session_path
|
||||
delete session_path
|
||||
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
|
||||
test "new" do
|
||||
get new_session_path
|
||||
test "new" do
|
||||
get new_session_path
|
||||
|
||||
assert_response :success
|
||||
end
|
||||
assert_response :success
|
||||
end
|
||||
|
||||
test "create with valid credentials" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "secret123456" }
|
||||
test "create with valid credentials" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "secret123456" }
|
||||
|
||||
assert_redirected_to root_path
|
||||
assert cookies[:session_token].present?
|
||||
end
|
||||
assert_redirected_to root_path
|
||||
assert cookies[:session_token].present?
|
||||
end
|
||||
|
||||
test "create with invalid credentials" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "wrong" }
|
||||
test "create with invalid credentials" do
|
||||
post session_path, params: { email_address: "david@37signals.com", password: "wrong" }
|
||||
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
assert_redirected_to new_session_path
|
||||
assert_not cookies[:session_token].present?
|
||||
end
|
||||
end
|
||||
|
||||
Vendored
-9
@@ -5,27 +5,18 @@ david:
|
||||
email_address: david@37signals.com
|
||||
password_digest: <%= digest %>
|
||||
role: member
|
||||
<% if User.reflect_on_association :external_user %>
|
||||
external_user: 37s_fizzy_david
|
||||
<% end %>
|
||||
|
||||
jz:
|
||||
name: JZ
|
||||
email_address: jz@37signals.com
|
||||
password_digest: <%= digest %>
|
||||
role: member
|
||||
<% if User.reflect_on_association :external_user %>
|
||||
external_user: 37s_fizzy_jzimdars
|
||||
<% end %>
|
||||
|
||||
kevin:
|
||||
name: Kevin
|
||||
email_address: kevin@37signals.com
|
||||
password_digest: <%= digest %>
|
||||
role: admin
|
||||
<% if User.reflect_on_association :external_user %>
|
||||
external_user: 37s_fizzy_kevin
|
||||
<% end %>
|
||||
|
||||
system:
|
||||
name: System
|
||||
|
||||
@@ -7,11 +7,7 @@ module SessionTestHelper
|
||||
cookies.delete :session_token
|
||||
user = users(user) unless user.is_a? User
|
||||
|
||||
if Rails.application.config.x.local_authentication
|
||||
post session_path, params: { email_address: user.email_address, password: "secret123456" }
|
||||
else
|
||||
saas_extension_sign_in_as(user)
|
||||
end
|
||||
post session_path, params: { email_address: user.email_address, password: "secret123456" }
|
||||
|
||||
cookie = cookies.get_cookie "session_token"
|
||||
assert_not_nil cookie, "Expected session_token cookie to be set after sign in"
|
||||
|
||||
Reference in New Issue
Block a user