remove v1/v2 api token logic
This commit is contained in:
simon lehericey
parent
4fa783fa80
commit
0b03ba4d68
4 changed files with 5 additions and 65 deletions
|
|
@ -8,7 +8,6 @@ class API::V2::BaseController < ApplicationController
|
||||||
private
|
private
|
||||||
|
|
||||||
def context
|
def context
|
||||||
# new token
|
|
||||||
if api_token.present?
|
if api_token.present?
|
||||||
api_token.context
|
api_token.context
|
||||||
# web interface (/graphql) give current_administrateur
|
# web interface (/graphql) give current_administrateur
|
||||||
|
|
@ -18,12 +17,6 @@ class API::V2::BaseController < ApplicationController
|
||||||
procedure_ids: current_administrateur.procedure_ids,
|
procedure_ids: current_administrateur.procedure_ids,
|
||||||
write_access: true
|
write_access: true
|
||||||
}
|
}
|
||||||
# old token
|
|
||||||
else
|
|
||||||
{
|
|
||||||
token: authorization_bearer_token,
|
|
||||||
write_access: true
|
|
||||||
}
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ class APIController < ApplicationController
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def find_administrateur_for_token(procedure)
|
def find_administrateur_for_token(procedure)
|
||||||
api_token = APIToken.find_and_verify(authorization_bearer_token, procedure.administrateurs)
|
api_token = APIToken.find_and_verify(authorization_bearer_token)
|
||||||
if api_token.present? && api_token.context.fetch(:procedure_ids).include?(procedure.id)
|
if api_token.present? && api_token.context.fetch(:procedure_ids).include?(procedure.id)
|
||||||
api_token.touch(:last_v1_authenticated_at)
|
api_token.touch(:last_v1_authenticated_at)
|
||||||
api_token.administrateur
|
api_token.administrateur
|
||||||
|
|
|
||||||
|
|
@ -75,20 +75,7 @@ class API::V2::Context < GraphQL::Query::Context
|
||||||
|
|
||||||
def compute_demarche_authorization(demarche)
|
def compute_demarche_authorization(demarche)
|
||||||
# procedure_ids and token are passed from graphql controller
|
# procedure_ids and token are passed from graphql controller
|
||||||
if self[:procedure_ids].present?
|
(self[:procedure_ids] || []).include?(demarche.id)
|
||||||
self[:procedure_ids].include?(demarche.id)
|
|
||||||
elsif self[:token].present?
|
|
||||||
token = APIToken.find_and_verify(self[:token], demarche.administrateurs)
|
|
||||||
if token.present?
|
|
||||||
token.touch(:last_v2_authenticated_at)
|
|
||||||
Current.user = token.administrateur.user
|
|
||||||
true
|
|
||||||
else
|
|
||||||
false
|
|
||||||
end
|
|
||||||
else
|
|
||||||
false
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# This is a query AST visitor that we use to check
|
# This is a query AST visitor that we use to check
|
||||||
|
|
|
||||||
|
|
@ -55,53 +55,13 @@ class APIToken < ApplicationRecord
|
||||||
[api_token, packed_token]
|
[api_token, packed_token]
|
||||||
end
|
end
|
||||||
|
|
||||||
def find_and_verify(maybe_packed_token, administrateurs = [])
|
def find_and_verify(base64_packed_token)
|
||||||
token = case unpack(maybe_packed_token)
|
id, plain_token = Base64.urlsafe_decode64(base64_packed_token).split(';')
|
||||||
in { plain_token:, id: } # token v3
|
find_by(id:, version: 3)&.then(&ensure_valid_token(plain_token))
|
||||||
find_by(id:, version: 3)&.then(&ensure_valid_token(plain_token))
|
|
||||||
in { plain_token:, administrateur_id: } # token v2
|
|
||||||
# the migration to the APIToken model set `version: 1` for all the v1 and v2 token
|
|
||||||
# this is the only place where we can fix the version
|
|
||||||
where(administrateur_id:, version: 1).update_all(version: 2) # update to v2
|
|
||||||
find_by(administrateur_id:, version: 2)&.then(&ensure_valid_token(plain_token))
|
|
||||||
in { plain_token: } # token v1
|
|
||||||
where(administrateur: administrateurs, version: 1).find(&ensure_valid_token(plain_token))
|
|
||||||
end
|
|
||||||
|
|
||||||
# TODO:
|
|
||||||
# remove all the not v3 version code
|
|
||||||
# when everyone has migrated
|
|
||||||
# it should also be a good place in case we need to feature flag old token use
|
|
||||||
if token&.version == 3 || Rails.env.test?
|
|
||||||
token
|
|
||||||
else
|
|
||||||
nil
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
UUID_SIZE = SecureRandom.uuid.size
|
|
||||||
def unpack(maybe_packed_token)
|
|
||||||
case message_verifier.verified(maybe_packed_token)
|
|
||||||
in [administrateur_id, plain_token]
|
|
||||||
{ plain_token:, administrateur_id: }
|
|
||||||
else
|
|
||||||
case Base64.urlsafe_decode64(maybe_packed_token).split(';')
|
|
||||||
in [id, plain_token] if id.size == UUID_SIZE # valid format "<uuid>;<random token>"
|
|
||||||
{ plain_token:, id: }
|
|
||||||
else
|
|
||||||
{ plain_token: maybe_packed_token }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
rescue
|
|
||||||
{ plain_token: maybe_packed_token }
|
|
||||||
end
|
|
||||||
|
|
||||||
def message_verifier
|
|
||||||
Rails.application.message_verifier('api_v2_token')
|
|
||||||
end
|
|
||||||
|
|
||||||
def ensure_valid_token(plain_token)
|
def ensure_valid_token(plain_token)
|
||||||
-> (api_token) { api_token if BCrypt::Password.new(api_token.encrypted_token) == plain_token }
|
-> (api_token) { api_token if BCrypt::Password.new(api_token.encrypted_token) == plain_token }
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue