DGNum/demarches-normaliennes
11
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

remove v1/v2 api token logic

Browse source
This commit is contained in:
simon lehericey 2023-08-02 19:33:42 +02:00
parent 4fa783fa80
commit 0b03ba4d68
4 changed files with 5 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/api/v2/base_controller.rb
View file

@ -8,7 +8,6 @@ class API::V2::BaseController < ApplicationController
private
def context
# new token
if api_token.present?
api_token.context
# web interface (/graphql) give current_administrateur
@ -18,12 +17,6 @@ class API::V2::BaseController < ApplicationController
procedure_ids: current_administrateur.procedure_ids,
write_access: true
}
# old token
else
{
token: authorization_bearer_token,
write_access: true
}
end
end

2
app/controllers/api_controller.rb
View file

@ -4,7 +4,7 @@ class APIController < ApplicationController
protected
def find_administrateur_for_token(procedure)
api_token = APIToken.find_and_verify(authorization_bearer_token, procedure.administrateurs)
api_token = APIToken.find_and_verify(authorization_bearer_token)
if api_token.present? && api_token.context.fetch(:procedure_ids).include?(procedure.id)
api_token.touch(:last_v1_authenticated_at)
api_token.administrateur

15
app/graphql/api/v2/context.rb
View file

@ -75,20 +75,7 @@ class API::V2::Context < GraphQL::Query::Context
def compute_demarche_authorization(demarche)
# procedure_ids and token are passed from graphql controller
if self[:procedure_ids].present?
self[:procedure_ids].include?(demarche.id)
elsif self[:token].present?
token = APIToken.find_and_verify(self[:token], demarche.administrateurs)
if token.present?
token.touch(:last_v2_authenticated_at)
Current.user = token.administrateur.user
true
else
false
end
else
false
end
(self[:procedure_ids] || []).include?(demarche.id)
end
# This is a query AST visitor that we use to check

46
app/models/api_token.rb
View file

@ -55,53 +55,13 @@ class APIToken < ApplicationRecord
[api_token, packed_token]
end
def find_and_verify(maybe_packed_token, administrateurs = [])
token = case unpack(maybe_packed_token)
in { plain_token:, id: } # token v3
find_by(id:, version: 3)&.then(&ensure_valid_token(plain_token))
in { plain_token:, administrateur_id: } # token v2
# the migration to the APIToken model set `version: 1` for all the v1 and v2 token
# this is the only place where we can fix the version
where(administrateur_id:, version: 1).update_all(version: 2) # update to v2
find_by(administrateur_id:, version: 2)&.then(&ensure_valid_token(plain_token))
in { plain_token: } # token v1
where(administrateur: administrateurs, version: 1).find(&ensure_valid_token(plain_token))
end
# TODO:
# remove all the not v3 version code
# when everyone has migrated
# it should also be a good place in case we need to feature flag old token use
if token&.version == 3 || Rails.env.test?
token
else
nil
end
def find_and_verify(base64_packed_token)
id, plain_token = Base64.urlsafe_decode64(base64_packed_token).split(';')
find_by(id:, version: 3)&.then(&ensure_valid_token(plain_token))
end
private
UUID_SIZE = SecureRandom.uuid.size
def unpack(maybe_packed_token)
case message_verifier.verified(maybe_packed_token)
in [administrateur_id, plain_token]
{ plain_token:, administrateur_id: }
else
case Base64.urlsafe_decode64(maybe_packed_token).split(';')
in [id, plain_token] if id.size == UUID_SIZE # valid format "<uuid>;<random token>"
{ plain_token:, id: }
else
{ plain_token: maybe_packed_token }
end
end
rescue
{ plain_token: maybe_packed_token }
end
def message_verifier
Rails.application.message_verifier('api_v2_token')
end
def ensure_valid_token(plain_token)
-> (api_token) { api_token if BCrypt::Password.new(api_token.encrypted_token) == plain_token }
end