Module: BookingSync::Engine::AuthHelpers

Extended by:
ActiveSupport::Concern
Defined in:
lib/bookingsync/engine/auth_helpers.rb

Constant Summary collapse

NEW_AUTHORIZATION_URL =

Path which will be used in POST request to start a new Authorization process.

Default to /auth/bookingsync

"/auth/bookingsync".freeze

Instance Method Summary collapse

Instance Method Details

#account_authorized(account) ⇒ Object (private)

Callback after account is authorized.

Stores the authorized account's synced_id in the session.

Parameters:

  • account (Account)

    the just authorized account


29
30
31
# File 'lib/bookingsync/engine/auth_helpers.rb', line 29

def ()
  session[:account_id] = .public_send(BookingSyncEngine.bookingsync_id_key).to_s
end

#after_bookingsync_sign_in_pathObject (private)

Path to which the user should be redirected after successful authorization. This method should be overridden in applications using this engine.

Defaults to root_path.


135
136
137
# File 'lib/bookingsync/engine/auth_helpers.rb', line 135

def 
  root_path
end

#after_bookingsync_sign_out_pathObject (private)

Path to which the user should be redirected after sign out. This method should be overridden in applications using this engine.

Defaults to root_path.


143
144
145
# File 'lib/bookingsync/engine/auth_helpers.rb', line 143

def after_bookingsync_sign_out_path
  root_path
end

#authenticate_account!Object (private)

Requests authorization if not currently authorized.


148
149
150
151
152
153
# File 'lib/bookingsync/engine/auth_helpers.rb', line 148

def authenticate_account!
   if BookingSync::Engine.embedded
  sign_out_if_inactive
  
  request_authorization! if .nil?
end

#auto_submit_form_htmlObject (private)


159
160
161
162
163
164
165
# File 'lib/bookingsync/engine/auth_helpers.rb', line 159

def auto_submit_form_html
  Repost::Senpai.perform(
    new_authorization_path,
    params: { account_id: session[:_bookingsync_account_id] },
    options: { authenticity_token: Rack::Protection::AuthenticityToken.token(session) }
  ).html_safe
end

#clear_authorization!Object (private)

Removes the authorization from session. Will not redirect to any other page, see #reset_authorization!


48
49
50
# File 'lib/bookingsync/engine/auth_helpers.rb', line 48

def clear_authorization!
  session[:account_id] = nil
end

#current_accountAccount? (private)

Returns currently authorized Account or nil if unauthorized.

Returns:

  • (Account, nil)

    currently authorized Account or nil if unauthorized


17
18
19
20
21
22
# File 'lib/bookingsync/engine/auth_helpers.rb', line 17

def 
  return if session[:account_id].nil?

  @current_account ||=
    ::BookingSyncEngine..find_by_host_and_bookingsync_id_key(request.host, session[:account_id])
end

#enforce_requested_account_authorized!Object (private)

Clear authorization if the account passed from the BookingSync app store embed doesn't match the currently authorized account


35
36
37
# File 'lib/bookingsync/engine/auth_helpers.rb', line 35

def 
  clear_authorization! unless 
end

#handle_oauth_error(error) ⇒ Object (private)

Handler to rescue OAuth errors

Parameters:

  • error (OAuth2::Error)

    the rescued error


122
123
124
125
126
127
128
129
# File 'lib/bookingsync/engine/auth_helpers.rb', line 122

def handle_oauth_error(error)
  if error.code == "Not authorized"
    .try(:clear_token!)
    reset_authorization!
  else
    raise
  end
end

#new_authorization_pathObject (private)


111
112
113
# File 'lib/bookingsync/engine/auth_helpers.rb', line 111

def new_authorization_path
  NEW_AUTHORIZATION_URL
end

#new_authorization_urlObject (private)


115
116
117
# File 'lib/bookingsync/engine/auth_helpers.rb', line 115

def new_authorization_url
  request.base_url + new_authorization_path
end

#request_authorization!Object (private)

Request a new authorization.


62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# File 'lib/bookingsync/engine/auth_helpers.rb', line 62

def request_authorization!
  respond_to do |format|
    format.html do
      if request.xhr?
        request_authorization_for_xhr!
      elsif BookingSync::Engine.embedded
        request_authorization_for_embedded!
      else
        request_authorization_for_standalone!
      end
    end

    format.json do
      head :unauthorized
    end

    format.api_json do
      head :unauthorized
    end
  end
end

#request_authorization_for_embedded!Object (private)

Request a new authorization for Embedded Apps.

Load the new authorization path using Javascript by default.


94
95
96
97
# File 'lib/bookingsync/engine/auth_helpers.rb', line 94

def request_authorization_for_embedded!
  allow_bookingsync_iframe
  render html: auto_submit_form_html
end

#request_authorization_for_standalone!Object (private)

Request a new authorization for Standalone Apps.

Redirects to new authorization path by default.


102
103
104
# File 'lib/bookingsync/engine/auth_helpers.rb', line 102

def request_authorization_for_standalone!
  render html: auto_submit_form_html
end

#request_authorization_for_xhr!Object (private)

Request a new authorization for Ajax requests.

Renders the new auto submit form with 401 Unauthorized status by default.


87
88
89
# File 'lib/bookingsync/engine/auth_helpers.rb', line 87

def request_authorization_for_xhr!
  render html: auto_submit_form_html, status: :unauthorized
end

#requested_account_authorized?Boolean (private)

Checks if the account requested from the BookingSync app store embed matches currently authorized account.

Returns:

  • (Boolean)

41
42
43
44
# File 'lib/bookingsync/engine/auth_helpers.rb', line 41

def 
  session[:_bookingsync_account_id].blank? ||
    session[:_bookingsync_account_id] == session[:account_id]
end

#reset_authorization!Object (private)

Removes authorization from session and requests new authorization. For removing authorization without redirecting, see #clear_authorization!.


54
55
56
57
58
59
# File 'lib/bookingsync/engine/auth_helpers.rb', line 54

def reset_authorization!
  session[:_bookingsync_account_id] =
    params[:account_id].presence || session[:account_id]
  clear_authorization!
  request_authorization!
end

#store_bookingsync_account_idObject (private)

:nodoc:


155
156
157
# File 'lib/bookingsync/engine/auth_helpers.rb', line 155

def  # :nodoc:
  session[:_bookingsync_account_id] = params.delete(:_bookingsync_account_id)
end