DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feat(api_token): api v2 use new token

Browse source
This commit is contained in:
Paul Chavard 2022-11-30 10:14:23 +01:00
parent a47a056ee8
commit 52c8fc7e8d
4 changed files with 27 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
app/controllers/api/v2/base_controller.rb
View file

@ -8,15 +8,15 @@ class API::V2::BaseController < ApplicationController
private private
def context def context
# new token give administrateur_id # new token
if api_token.administrateur? if api_token.present?
{ administrateur_id: api_token.administrateur_id, token: api_token.token } { token: authorization_bearer_token, administrateur_id: api_token.administrateur.id }
# web interface (/graphql) give current_administrateur # web interface (/graphql) give current_administrateur
elsif current_administrateur.present? elsif current_administrateur.present?
{ administrateur_id: current_administrateur.id } { administrateur_id: current_administrateur.id }
# old token # old token
else else
{ token: api_token.token } { token: authorization_bearer_token }
end end
end end
@ -24,6 +24,19 @@ class API::V2::BaseController < ApplicationController
authorization_bearer_token.present? authorization_bearer_token.present?
end end
def authenticate_administrateur_from_token
if api_token.present?
@current_user = api_token.administrateur.user
end
end
def api_token
if @api_token.nil?
@api_token = APIToken.find_and_verify(authorization_bearer_token) || false
end
@api_token
end
def authorization_bearer_token def authorization_bearer_token
@authorization_bearer_token ||= begin @authorization_bearer_token ||= begin
received_token = nil received_token = nil
@ -33,17 +46,4 @@ class API::V2::BaseController < ApplicationController
received_token received_token
end end
end end
def authenticate_administrateur_from_token
if api_token.administrateur?
administrateur = Administrateur.includes(:user).find_by(id: api_token.administrateur_id)
if administrateur.valid_api_token?(api_token.token)
@current_user = administrateur.user
end
end
end
def api_token
@api_token ||= APIToken.new(authorization_bearer_token)
end
end end

12
app/graphql/api/v2/context.rb
View file

@ -23,15 +23,11 @@ class API::V2::Context < GraphQL::Query::Context
# We are caching authorization logic because it is called for each node # We are caching authorization logic because it is called for each node
# of the requested graph and can be expensive. Context is reset per request so it is safe. # of the requested graph and can be expensive. Context is reset per request so it is safe.
self[:authorized] ||= Hash.new do |hash, demarche_id| self[:authorized] ||= Hash.new do |hash, demarche_id|
# Compute the hash value dynamically when first requested hash[demarche_id] = if self[:token]
authorized_administrateur = demarche.administrateurs.find do |administrateur| APIToken.find_and_verify(self[:token], demarche.administrateurs).present?
if self[:token] elsif self[:administrateur_id]
administrateur.valid_api_token?(self[:token]) demarche.administrateurs.map(&:id).include?(self[:administrateur_id])
else
administrateur.id == self[:administrateur_id]
end
end end
hash[demarche_id] = authorized_administrateur.present?
end end
self[:authorized][demarche.id] self[:authorized][demarche.id]

7
spec/controllers/api/v2/graphql_controller_spec.rb
View file

@ -1,7 +1,7 @@
describe API::V2::GraphqlController do describe API::V2::GraphqlController do
let(:admin) { create(:administrateur) } let(:admin) { create(:administrateur) }
let(:token) { admin.renew_api_token } let(:token) { APIToken.generate(admin)[1] }
let(:legacy_token) { APIToken.new(token).token } let(:legacy_token) { APIToken.send(:unpack, token)[:plain_token] }
let(:procedure) { create(:procedure, :published, :for_individual, :with_service, administrateurs: [admin]) } let(:procedure) { create(:procedure, :published, :for_individual, :with_service, administrateurs: [admin]) }
let(:dossier) { create(:dossier, :en_construction, :with_individual, procedure: procedure) } let(:dossier) { create(:dossier, :en_construction, :with_individual, procedure: procedure) }
let(:dossier1) { create(:dossier, :en_construction, :with_individual, procedure: procedure, en_construction_at: 1.day.ago) } let(:dossier1) { create(:dossier, :en_construction, :with_individual, procedure: procedure, en_construction_at: 1.day.ago) }
@ -108,6 +108,7 @@ describe API::V2::GraphqlController do
before do before do
request.env['HTTP_AUTHORIZATION'] = authorization_header request.env['HTTP_AUTHORIZATION'] = authorization_header
admin.api_tokens.first.update(version: 1)
end end
it "returns the demarche" do it "returns the demarche" do
@ -141,7 +142,7 @@ describe API::V2::GraphqlController do
context "when the token is revoked" do context "when the token is revoked" do
before do before do
admin.update(encrypted_token: nil) admin.api_tokens.destroy_all
end end
it { it {

4
spec/controllers/api/v2/graphql_controller_stored_queries_spec.rb
View file

@ -1,7 +1,7 @@
describe API::V2::GraphqlController do describe API::V2::GraphqlController do
let(:admin) { create(:administrateur) } let(:admin) { create(:administrateur) }
let(:token) { admin.renew_api_token } let(:token) { APIToken.generate(admin)[1] }
let(:legacy_token) { APIToken.new(token).token } let(:legacy_token) { APIToken.send(:unpack, token)[:plain_token] }
let(:procedure) { create(:procedure, :published, :for_individual, :with_service, administrateurs: [admin]) } let(:procedure) { create(:procedure, :published, :for_individual, :with_service, administrateurs: [admin]) }
let(:dossier) { create(:dossier, :en_construction, :with_individual, procedure: procedure) } let(:dossier) { create(:dossier, :en_construction, :with_individual, procedure: procedure) }
let(:dossier1) { create(:dossier, :en_construction, :with_individual, procedure: procedure, en_construction_at: 1.day.ago) } let(:dossier1) { create(:dossier, :en_construction, :with_individual, procedure: procedure, en_construction_at: 1.day.ago) }