refactor(auth): remove old session and 2fa logic (#ccukc7) (#418)

Author: DrRaider

Gemfile

@@ -30,8 +30,6 @@ gem 'groupdate', '2.5.2'
 gem 'useragent'
 gem 'jwt'
 gem 'bcrypt'
-gem 'base32', '0.3.4'
-gem 'rotp', '6.2.0'
 gem 'httparty', '0.18.1'
 gem 'ipaddress', '0.8.3'
 gem 'openid_connect', '1.2.0'

Gemfile.lock

@@ -1,9 +1,8 @@
 PATH
   remote: .
   specs:
-    forest_liana (6.0.0-beta.4)
+    forest_liana (6.0.0.pre.beta.4)
       arel-helpers
-      base32
       bcrypt
       groupdate (= 2.5.2)
       httparty
@@ -15,7 +14,6 @@ PATH
       openid_connect
       rack-cors
       rails (>= 4.0)
-      rotp
       useragent
 
 GEM
@@ -80,7 +78,6 @@ GEM
     arel-helpers (2.11.0)
       activerecord (>= 3.1.0, < 7)
     attr_required (1.0.1)
-    base32 (0.3.4)
     bcrypt (3.1.16)
     bindata (2.4.8)
     builder (3.2.4)
@@ -177,7 +174,6 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
     rake (13.0.1)
-    rotp (6.2.0)
     rspec-core (3.8.2)
       rspec-support (~> 3.8.0)
     rspec-expectations (3.8.6)
@@ -237,7 +233,6 @@ PLATFORMS
 
 DEPENDENCIES
   arel-helpers (= 2.11.0)
-  base32 (= 0.3.4)
   bcrypt
   byebug
   forest_liana!
@@ -252,7 +247,6 @@ DEPENDENCIES
   rack-cors
   rails (= 6.0.3.4)
   rake
-  rotp (= 6.2.0)
   rspec-rails (= 3.8.2)
   simplecov
   sqlite3 (~> 1.4)

app/controllers/forest_liana/authentication_controller.rb

@@ -86,8 +86,8 @@ def authentication_callback
         render json: response_body, status: 200
 
       rescue => error
-        render json: { errors: [{ status: 500, detail: error.message }] },
-          status: :internal_server_error, serializer: nil
+        render json: { errors: [{ status: error.error_code || 500, detail: error.message }] },
+          status: error.status || :internal_server_error, serializer: nil
       end
     end
 

app/controllers/forest_liana/sessions_controller.rb

@@ -26,9 +26,7 @@ def verify_code_and_generate_token(redirect_url, params)
 
       user = ForestLiana::AuthorizationGetter.authenticate(
         rendering_id,
-        true,
         { :forest_token => access_token_instance.instance_variable_get(:@access_token) },
-        nil,
       )
 
       return ForestLiana::Token.create_token(user, rendering_id)

app/serializers/forest_liana/session_serializer.rb

@@ -1,39 +1,41 @@
 module ForestLiana
   class AuthorizationGetter
-    def self.authenticate(rendering_id, use_google_authentication, auth_data, two_factor_registration)
+    def self.authenticate(rendering_id, auth_data)
       begin
         route = "/liana/v2/renderings/#{rendering_id.to_s}/authorization"
-
-        if !use_google_authentication.nil?
-          headers = { 'forest-token' => auth_data[:forest_token] }
-        elsif !auth_data[:email].nil?
-          headers = { 'email' => auth_data[:email], 'password' => auth_data[:password] }
-        end
-
-        query_parameters = {}
-
-        unless two_factor_registration.nil?
-          query_parameters['two-factor-registration'] = true
-        end
+        headers = { 'forest-token' => auth_data[:forest_token] }
 
         response = ForestLiana::ForestApiRequester
-          .get(route, query: query_parameters, headers: headers)
+          .get(route, query: {}, headers: headers)
 
         if response.code.to_i == 200
           body = JSON.parse(response.body, :symbolize_names => false)
           user = body['data']['attributes']
           user['id'] = body['data']['id']
           user
         else
-          unless use_google_authentication.nil?
-            raise "Cannot authorize the user using this google account. Forest API returned an #{Errors::HTTPErrorHelper.format(response)}"
-          else
-            raise "Cannot authorize the user using this email/password. Forest API returned an #{Errors::HTTPErrorHelper.format(response)}"
-          end
+          raise generate_authentication_error response
         end
-      rescue
-        raise ForestLiana::Errors::HTTP401Error
       end
     end
+
+    private
+    def self.generate_authentication_error(error)
+      case error[:message]
+      when ForestLiana::MESSAGES[:SERVER_TRANSACTION][:SECRET_AND_RENDERINGID_INCONSISTENT]
+        return ForestLiana::Errors::InconsistentSecretAndRenderingError.new()
+      when ForestLiana::MESSAGES[:SERVER_TRANSACTION][:SECRET_NOT_FOUND]
+        return ForestLiana::Errors::SecretNotFoundError.new()
+      else
+      end
+
+      serverError = error[:jse_cause][:response][:body][:errors][0] || nil
+
+      if !serverError.nil? && serverError[:name] == ForestLiana::MESSAGES[:SERVER_TRANSACTION][:names][:TWO_FACTOR_AUTHENTICATION_REQUIRED]
+        return ForestLiana::Errors::TwoFactorAuthenticationRequiredError.new()
+      end
+
+      return StandardError.new(error)
+    end
   end
 end