2022-11-30 10:06:33 +01:00
|
|
|
|
class APIToken < ApplicationRecord
|
|
|
|
|
|
include ActiveRecord::SecureToken
|
2022-09-28 12:40:44 +02:00
|
|
|
|
|
2022-11-30 10:06:33 +01:00
|
|
|
|
belongs_to :administrateur, inverse_of: :api_tokens
|
2023-02-13 14:57:51 +01:00
|
|
|
|
has_many :procedures, through: :administrateur
|
|
|
|
|
|
|
2023-02-28 16:33:22 +01:00
|
|
|
|
before_save :check_allowed_procedure_ids_ownership
|
|
|
|
|
|
|
2023-02-13 14:57:51 +01:00
|
|
|
|
def context
|
|
|
|
|
|
context = { administrateur_id: administrateur_id, write_access: write_access? }
|
|
|
|
|
|
|
|
|
|
|
|
if full_access?
|
|
|
|
|
|
context.merge procedure_ids:
|
|
|
|
|
|
else
|
|
|
|
|
|
context.merge procedure_ids: procedure_ids & allowed_procedure_ids
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
2022-09-28 12:40:44 +02:00
|
|
|
|
|
2023-02-28 16:33:22 +01:00
|
|
|
|
def full_access?
|
|
|
|
|
|
allowed_procedure_ids.nil?
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def procedures_to_allow
|
|
|
|
|
|
procedures.select(:id, :libelle, :path).where.not(id: allowed_procedure_ids || []).order(:libelle)
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def allowed_procedures
|
|
|
|
|
|
if allowed_procedure_ids.present?
|
|
|
|
|
|
procedures.select(:id, :libelle, :path).where(id: allowed_procedure_ids).order(:libelle)
|
|
|
|
|
|
else
|
|
|
|
|
|
[]
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def disallow_procedure(procedure_id)
|
|
|
|
|
|
allowed_procedure_ids = allowed_procedures.map(&:id) - [procedure_id]
|
|
|
|
|
|
if allowed_procedure_ids.empty?
|
|
|
|
|
|
allowed_procedure_ids = nil
|
|
|
|
|
|
end
|
|
|
|
|
|
update!(allowed_procedure_ids:)
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-11-30 10:06:33 +01:00
|
|
|
|
# Prefix is made of the first 6 characters of the uuid base64 encoded
|
|
|
|
|
|
# it does not leak plain token
|
|
|
|
|
|
def prefix
|
|
|
|
|
|
Base64.urlsafe_encode64(id).slice(0, 5)
|
2022-09-28 12:40:44 +02:00
|
|
|
|
end
|
|
|
|
|
|
|
2022-11-30 10:06:33 +01:00
|
|
|
|
class << self
|
|
|
|
|
|
def generate(administrateur)
|
|
|
|
|
|
plain_token = generate_unique_secure_token
|
|
|
|
|
|
encrypted_token = BCrypt::Password.create(plain_token)
|
|
|
|
|
|
api_token = create!(administrateur:, encrypted_token:, name: Date.today.strftime('Jeton d’API généré le %d/%m/%Y'))
|
2023-08-03 12:04:08 +02:00
|
|
|
|
bearer = BearerToken.new(api_token.id, plain_token)
|
|
|
|
|
|
[api_token, bearer.to_string]
|
2022-11-30 10:06:33 +01:00
|
|
|
|
end
|
2022-09-28 12:40:44 +02:00
|
|
|
|
|
2023-08-03 12:04:08 +02:00
|
|
|
|
def find_and_verify(bearer_string)
|
|
|
|
|
|
bearer = BearerToken.from_string(bearer_string)
|
|
|
|
|
|
|
|
|
|
|
|
return if bearer.nil?
|
|
|
|
|
|
|
|
|
|
|
|
api_token = find_by(id: bearer.api_token_id, version: 3)
|
2022-11-30 10:06:33 +01:00
|
|
|
|
|
2023-08-03 12:04:08 +02:00
|
|
|
|
return if api_token.nil?
|
2022-11-30 10:06:33 +01:00
|
|
|
|
|
2023-08-03 12:04:08 +02:00
|
|
|
|
BCrypt::Password.new(api_token.encrypted_token) == bearer.plain_token ? api_token : nil
|
2022-11-30 10:06:33 +01:00
|
|
|
|
end
|
2022-09-28 12:40:44 +02:00
|
|
|
|
end
|
2023-02-28 16:33:22 +01:00
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
|
|
def check_allowed_procedure_ids_ownership
|
|
|
|
|
|
if allowed_procedure_ids.present?
|
|
|
|
|
|
self.allowed_procedure_ids = allowed_procedures.map(&:id)
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
2023-08-03 12:04:08 +02:00
|
|
|
|
|
|
|
|
|
|
class BearerToken < Data.define(:api_token_id, :plain_token)
|
|
|
|
|
|
def to_string
|
|
|
|
|
|
Base64.urlsafe_encode64([api_token_id, plain_token].join(';'))
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def self.from_string(bearer_token)
|
|
|
|
|
|
return if bearer_token.nil?
|
|
|
|
|
|
|
|
|
|
|
|
api_token_id, plain_token = Base64.urlsafe_decode64(bearer_token).split(';')
|
|
|
|
|
|
BearerToken.new(api_token_id, plain_token)
|
|
|
|
|
|
rescue ArgumentError
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
2022-09-28 12:40:44 +02:00
|
|
|
|
end
|
