chore(force-release): release forest-rails 6

Author: DrRaider

.gitignore

@@ -33,7 +33,6 @@ build/
 # for a library or gem, you might want to ignore these files since the code is
 # intended to run in multiple environments; otherwise, check them in:
 # Gemfile.lock
-.ruby-version
 # .ruby-gemset
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
@@ -43,3 +42,7 @@ node_modules/
 
 # IDE
 /.idea/
+
+# rbenv
+.ruby-version
+

CHANGELOG.md

@@ -26,13 +26,68 @@
 
 * **smart-action-hook:** value injected to an enum field of type is now correctly handled ([#414](https://github.com/ForestAdmin/forest-rails/issues/414)) ([ef90105](https://github.com/ForestAdmin/forest-rails/commit/ef90105659f57c4c8531b0c4d576f345bc976b33))
 
+# [6.0.0-beta.4](https://github.com/ForestAdmin/forest-rails/compare/v6.0.0-beta.3...v6.0.0-beta.4) (2021-01-15)
+
+
+### Bug Fixes
+
+* **auth:** support multi-instances and remove auth's redirection ([#407](https://github.com/ForestAdmin/forest-rails/issues/407)) ([8fcf9d4](https://github.com/ForestAdmin/forest-rails/commit/8fcf9d4ba0f41b8c98451a3d15d31c73ab4fd162))
+
+# [6.0.0-beta.3](https://github.com/ForestAdmin/forest-rails/compare/v6.0.0-beta.2...v6.0.0-beta.3) (2020-12-14)
+
+
+### Bug Fixes
+
+* fix test after enums ([#398](https://github.com/ForestAdmin/forest-rails/issues/398)) ([7b37350](https://github.com/ForestAdmin/forest-rails/commit/7b37350fc2b6244c3180cb953c2954d5b6927739))
+* **smart-actions:** reset value when not present in enums in hook response ([#397](https://github.com/ForestAdmin/forest-rails/issues/397)) ([a1ddac1](https://github.com/ForestAdmin/forest-rails/commit/a1ddac1c0d474e11b43e0f489dcc5ea70cd940b8))
+* **smart-actions:** transform legacy widgets in hooks ([#395](https://github.com/ForestAdmin/forest-rails/issues/395)) ([0183d08](https://github.com/ForestAdmin/forest-rails/commit/0183d0883c85fa2569cba70d268747536770a612))
+* **smart-actions:** use changedField instead of comparing values to trigger the correct change hook ([#396](https://github.com/ForestAdmin/forest-rails/issues/396)) ([d65c065](https://github.com/ForestAdmin/forest-rails/commit/d65c065319f9ab83d909214a2a71923467a78a0d))
+
+
+### Features
+
+* **role:** add support for new roles ACL permissions ([#391](https://github.com/ForestAdmin/forest-rails/issues/391)) ([ae3539e](https://github.com/ForestAdmin/forest-rails/commit/ae3539e59c49b525078639a6d316ae2b5598ed75))
+* handle hooks ([#382](https://github.com/ForestAdmin/forest-rails/issues/382)) ([8dd0e35](https://github.com/ForestAdmin/forest-rails/commit/8dd0e356be27b33379b2aaa0376deb3a76123300))
+
 # [5.4.0](https://github.com/ForestAdmin/forest-rails/compare/v5.3.3...v5.4.0) (2020-12-10)
 
 
 ### Features
 
 * **role:** add support for new roles ACL permissions ([#391](https://github.com/ForestAdmin/forest-rails/issues/391)) ([ae3539e](https://github.com/ForestAdmin/forest-rails/commit/ae3539e59c49b525078639a6d316ae2b5598ed75))
 
+# [6.0.0-beta.2](https://github.com/ForestAdmin/forest-rails/compare/v6.0.0-beta.1...v6.0.0-beta.2) (2020-12-09)
+
+
+### Bug Fixes
+
+* **gemfile:** gemfile.lock forest_liana version mismatch ([#401](https://github.com/ForestAdmin/forest-rails/issues/401)) ([60ceaf1](https://github.com/ForestAdmin/forest-rails/commit/60ceaf195371c56ee327cffbd40e8b85bf42ea3a))
+
+
+### Features
+
+* **auth:** authenticate using oidc ([#400](https://github.com/ForestAdmin/forest-rails/issues/400)) ([4898b73](https://github.com/ForestAdmin/forest-rails/commit/4898b73bc70bf3a4828d7cdf63cd642add10b643))
+
+
+### BREAKING CHANGES
+
+* **auth:** Introduces a new authentication system.
+- The application_url property is required to initialize ForestLiana,
+- CORS rules must be adapted (to allow null origins).
+
+# [6.0.0-beta.1](https://github.com/ForestAdmin/forest-rails/compare/v5.2.3...v6.0.0-beta.1) (2020-12-09)
+
+
+### Features
+
+* **auth:** authenticate using oidc ([#383](https://github.com/ForestAdmin/forest-rails/issues/383)) ([b535ab4](https://github.com/ForestAdmin/forest-rails/commit/b535ab4e7e7e371c93d01bdb41c6006bd9acc7cd))
+
+
+### BREAKING CHANGES
+
+* **auth:** New authentication system.
+The application_url must be set in the ForestLiana initializer, adding a regex CORS rule for null origin is required.
+
 ## [5.3.3](https://github.com/ForestAdmin/forest-rails/compare/v5.3.2...v5.3.3) (2020-12-08)
 
 

Gemfile

@@ -30,7 +30,8 @@ gem 'groupdate', '2.5.2'
 gem 'useragent'
 gem 'jwt'
 gem 'bcrypt'
-gem 'base32', '0.3.4'
-gem 'rotp', '6.2.0'
 gem 'httparty', '0.18.1'
 gem 'ipaddress', '0.8.3'
+gem 'openid_connect', '1.2.0'
+gem 'json'
+gem 'json-jwt', '1.12.0'

Gemfile.lock

@@ -1,18 +1,19 @@
 PATH
   remote: .
   specs:
-    forest_liana (5.4.4)
+    forest_liana (6.0.0.pre.beta.4)
       arel-helpers
-      base32
       bcrypt
       groupdate (= 2.5.2)
       httparty
       ipaddress
+      json
+      json-jwt
       jsonapi-serializers (>= 0.14.0)
       jwt
+      openid_connect
       rack-cors
       rails (>= 4.0)
-      rotp
       useragent
 
 GEM
@@ -73,10 +74,12 @@ GEM
       minitest (~> 5.1)
       tzinfo (~> 1.1)
       zeitwerk (~> 2.2, >= 2.2.2)
+    aes_key_wrap (1.1.0)
     arel-helpers (2.11.0)
       activerecord (>= 3.1.0, < 7)
-    base32 (0.3.4)
+    attr_required (1.0.1)
     bcrypt (3.1.16)
+    bindata (2.4.8)
     builder (3.2.4)
     byebug (11.1.3)
     concurrent-ruby (1.1.7)
@@ -91,10 +94,15 @@ GEM
     httparty (0.18.1)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
+    httpclient (2.8.3)
     i18n (1.8.5)
       concurrent-ruby (~> 1.0)
     ipaddress (0.8.3)
     json (2.5.1)
+    json-jwt (1.12.0)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
     jsonapi-serializers (1.0.1)
       activesupport
     jwt (2.2.2)
@@ -117,9 +125,26 @@ GEM
     nio4r (2.5.4)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
+    openid_connect (1.2.0)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.5.0)
+      rack-oauth2 (>= 1.6.1)
+      swd (>= 1.0.0)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (>= 1.0.1)
+    public_suffix (4.0.6)
     rack (2.2.3)
     rack-cors (1.1.1)
       rack (>= 2.0.0)
+    rack-oauth2 (1.16.0)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails (6.0.3.4)
@@ -149,7 +174,6 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
     rake (13.0.1)
-    rotp (6.2.0)
     rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.6)
@@ -180,11 +204,24 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
+    swd (1.2.0)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
     thor (1.0.1)
     thread_safe (0.3.6)
     tzinfo (1.2.8)
       thread_safe (~> 0.1)
     useragent (0.16.10)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.13)
+      activemodel (>= 3.0.0)
+      public_suffix
+    webfinger (1.1.0)
+      activesupport
+      httpclient (>= 2.4)
     websocket-driver (0.7.3)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -195,19 +232,20 @@ PLATFORMS
 
 DEPENDENCIES
   arel-helpers (= 2.11.0)
-  base32 (= 0.3.4)
   bcrypt
   byebug
   forest_liana!
   groupdate (= 2.5.2)
   httparty (= 0.18.1)
   ipaddress (= 0.8.3)
+  json
+  json-jwt (= 1.12.0)
   jsonapi-serializers (= 1.0.1)
   jwt
+  openid_connect (= 1.2.0)
   rack-cors
   rails (= 6.0.3.4)
   rake
-  rotp (= 6.2.0)
   rspec-rails (= 3.8.2)
   simplecov (~> 0.17.0)
   sqlite3 (~> 1.4)

app/controllers/forest_liana/application_controller.rb

@@ -3,8 +3,6 @@
 
 module ForestLiana
   class ApplicationController < ForestLiana::BaseController
-    REGEX_COOKIE_SESSION_TOKEN = /forest_session_token=([^;]*)/;
-
     def self.papertrail?
       Object.const_get('PaperTrail::Version').is_a?(Class) rescue false
     end
@@ -64,7 +62,7 @@ def authenticate_user_from_jwt
             token = request.headers['Authorization'].split.second
           # NOTICE: Necessary for downloads authentication.
           elsif request.headers['cookie']
-            match = REGEX_COOKIE_SESSION_TOKEN.match(request.headers['cookie'])
+            match = ForestLiana::Token::REGEX_COOKIE_SESSION_TOKEN.match(request.headers['cookie'])
             token = match[1] if match && match[1]
           end
 
@@ -97,10 +95,6 @@ def get_smart_action_context
       end
     end
 
-    def route_not_found
-      head :not_found
-    end
-
     def internal_server_error
       head :internal_server_error
     end

app/controllers/forest_liana/authentication_controller.rb

@@ -0,0 +1,122 @@
+require 'uri'
+require 'json'
+
+module ForestLiana
+  class AuthenticationController < ForestLiana::BaseController
+    START_AUTHENTICATION_ROUTE = 'authentication'
+    CALLBACK_AUTHENTICATION_ROUTE = 'authentication/callback'
+    LOGOUT_ROUTE = 'authentication/logout';
+    PUBLIC_ROUTES = [
+      "/#{START_AUTHENTICATION_ROUTE}",
+      "/#{CALLBACK_AUTHENTICATION_ROUTE}",
+      "/#{LOGOUT_ROUTE}",
+    ]
+
+    def initialize
+      @authentication_service = ForestLiana::Authentication.new()
+    end
+  
+    def get_callback_url
+        URI.join(ForestLiana.application_url, "/forest/#{CALLBACK_AUTHENTICATION_ROUTE}").to_s
+    rescue => error
+      raise "application_url is not valid or not defined" if error.is_a?(ArgumentError)
+    end
+
+    def get_and_check_rendering_id
+      if !params.has_key?('renderingId')
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:MISSING_RENDERING_ID]
+      end
+
+      rendering_id = params[:renderingId]
+      
+      if !(rendering_id.instance_of?(String) || rendering_id.instance_of?(Numeric)) || (rendering_id.instance_of?(Numeric) && rendering_id.nan?)
+        raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_RENDERING_ID]
+      end
+
+      return rendering_id.to_i
+    end
+
+    def start_authentication 
+      begin
+        rendering_id = get_and_check_rendering_id()
+        callback_url = get_callback_url()
+
+        result = @authentication_service.start_authentication(
+          callback_url,
+          { 'renderingId' => rendering_id },
+        )
+
+        render json: { authorizationUrl: result['authorization_url']}, status: 200
+      rescue => error
+        render json: { errors: [{ status: 500, detail: error.message }] },
+          status: :internal_server_error, serializer: nil
+      end
+    end
+
+    def authentication_callback
+      begin
+        callback_url = get_callback_url()
+
+        token = @authentication_service.verify_code_and_generate_token(
+          callback_url,
+          params,
+        )
+    
+        response.set_cookie(
+          'forest_session_token',
+          {
+            value: token,
+            httponly: true,
+            secure: true,
+            expires: ForestLiana::Token.expiration_in_days,
+            samesite: 'none',
+            path: '/'
+          },
+        )
+
+        response_body = {
+          tokenData: JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
+        }
+
+        # The token is sent decoded, because we don't want to share the whole, signed token
+        # that is used to authenticate people
+        # but the token itself contains interesting values, such as its expiration date
+        response_body[:token] = token if !ForestLiana.application_url.start_with?('https://')
+
+        render json: response_body, status: 200
+
+      rescue => error
+        render json: { errors: [{ status: error.error_code || 500, detail: error.message }] },
+          status: error.status || :internal_server_error, serializer: nil
+      end
+    end
+
+    def logout
+      begin
+        if cookies.has_key?(:forest_session_token)
+          forest_session_token = cookies[:forest_session_token]
+          
+          if forest_session_token
+            response.set_cookie(
+              'forest_session_token',
+              {
+                value: forest_session_token,
+                httponly: true,
+                secure: true,
+                expires: Time.at(0),
+                samesite: 'none',
+                path: '/'
+              },
+            )
+          end
+        end
+
+        render json: {}, status: 204
+      rescue => error
+        render json: { errors: [{ status: 500, detail: error.message }] },
+        status: :internal_server_error, serializer: nil
+      end
+    end
+
+  end
+end

app/controllers/forest_liana/base_controller.rb

@@ -4,6 +4,10 @@ class BaseController < ::ActionController::Base
     wrap_parameters false
     before_action :reject_unauthorized_ip
 
+    def route_not_found
+      head :not_found
+    end
+
     private
 
     def reject_unauthorized_ip