WIP: Flesh out PersonPlatformIntegration

Author: rsmithlal

app/controllers/better_together/omniauth_callbacks_controller.rb

@@ -1,19 +1,56 @@
-
 class BetterTogether::OmniauthCallbacksController < Devise::OmniauthCallbacksController
   # See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy
   skip_before_action :verify_authenticity_token, only: %i[github]
 
+  before_action :set_person_platform_integration, except: [:failure]
+  before_action :set_user, except: [:failure]
+
+  attr_reader :person_platform_integration, :user
+
+  # def facebook
+  #   handle_auth "Facebook"
+  # end
+
   def github
-    @user = ::BetterTogether.user_class.from_omniauth(request.env['omniauth.auth'])
-    if @user.persisted?
-      sign_in_and_redirect @user
-      set_flash_message(:notice, :success, kind: 'Github') if is_navigational_format?
-    else
-      flash[:error] = 'There was a problem signing you in through Github. Please register or try signing in later.'
-      redirect_to new_user_registration_url
-    end
+    handle_auth 'Github'
+  end
+
+  private
+
+  def handle_auth(kind)
+    return unless user_signed_in?
+
+    flash[:success] = t 'devise_omniauth_callbacks.success', kind: if is_navigational_format?
+                                                                     redirect_to edit_user_registration_path
+                                                                   else
+                                                                     flash[:alert] = t 'devise_omniauth_callbacks.failure', kind:, reason: "#{auth.info.email} is not authorized"
+                                                                     redirect_to new_user_registration_path
+                                                                   end
   end
 
+  def auth
+    request.env['omniauth.auth']
+  end
+
+  def set_person_platform_integration
+    @person_platform_integration = PersonPlatformIntegration.find_by(provider: auth.provider, uid: auth.uid)
+  end
+
+  def set_user
+    @user = ::BetterTogether.user_class.from_omniauth(person_platform_integration:, auth:, current_user:)
+  end
+
+  # def github
+  #   @user = ::BetterTogether.user_class.from_omniauth(request.env['omniauth.auth'])
+  #   if @user.persisted?
+  #     sign_in_and_redirect @user
+  #     set_flash_message(:notice, :success, kind: 'Github') if is_navigational_format?
+  #   else
+  #     flash[:error] = 'There was a problem signing you in through Github. Please register or try signing in later.'
+  #     redirect_to new_user_registration_url
+  #   end
+  # end
+
   def failure
     flash[:error] = 'There was a problem signing you in. Please register or try signing in later.'
     redirect_to helpers.base_url

app/controllers/better_together/person_platform_integrations_controller.rb

@@ -1,51 +1,55 @@
-class BetterTogether::PersonPlatformIntegrationsController < ApplicationController
-  before_action :set_person_platform_integration, only: %i[ show edit update destroy ]
+# frozen_string_literal: true
 
-  # GET /better_together/person_platform_integrations
-  def index
-    @person_platform_integrations = BetterTogether::PersonPlatformIntegration.all
-  end
+module BetterTogether
+  class PersonPlatformIntegrationsController < ApplicationController
+    before_action :set_person_platform_integration, only: %i[show edit update destroy]
 
-  # GET /better_together/person_platform_integrations/1
-  def show
-  end
+    # GET /better_together/person_platform_integrations
+    def index
+      @person_platform_integrations = BetterTogether::PersonPlatformIntegration.all
+    end
 
-  # GET /better_together/person_platform_integrations/new
-  def new
-    @person_platform_integration = BetterTogether::PersonPlatformIntegration.new
-  end
+    # GET /better_together/person_platform_integrations/1
+    def show; end
 
-  # GET /better_together/person_platform_integrations/1/edit
-  def edit
-  end
+    # GET /better_together/person_platform_integrations/new
+    def new
+      @person_platform_integration = BetterTogether::PersonPlatformIntegration.new
+    end
+
+    # GET /better_together/person_platform_integrations/1/edit
+    def edit; end
 
-  # POST /better_together/person_platform_integrations
-  def create
-    @better_together_person_platform_integration = BetterTogether::PersonPlatformIntegration.new(person_platform_integration_params)
+    # POST /better_together/person_platform_integrations
+    def create
+      @better_together_person_platform_integration = BetterTogether::PersonPlatformIntegration.new(person_platform_integration_params)
 
-    if @person_platform_integration.save
-      redirect_to @person_platform_integration, notice: "PersonPlatformIntegration was successfully created."
-    else
-      render :new, status: :unprocessable_entity
+      if @person_platform_integration.save
+        redirect_to @person_platform_integration, notice: 'PersonPlatformIntegration was successfully created.'
+      else
+        render :new, status: :unprocessable_entity
+      end
     end
-  end
 
-  # PATCH/PUT /better_together/person_platform_integrations/1
-  def update
-    if @person_platform_integration.update(person_platform_integration_params)
-      redirect_to @person_platform_integration, notice: "PersonPlatformIntegration was successfully updated.", status: :see_other
-    else
-      render :edit, status: :unprocessable_entity
+    # PATCH/PUT /better_together/person_platform_integrations/1
+    def update
+      if @person_platform_integration.update(person_platform_integration_params)
+        redirect_to @person_platform_integration, notice: 'PersonPlatformIntegration was successfully updated.',
+                                                  status: :see_other
+      else
+        render :edit, status: :unprocessable_entity
+      end
     end
-  end
 
-  # DELETE /better_together/person_platform_integrations/1
-  def destroy
-    @person_platform_integration.destroy!
-    redirect_to person_platform_integrations_url, notice: "PersonPlatformIntegration was successfully destroyed.", status: :see_other
-  end
+    # DELETE /better_together/person_platform_integrations/1
+    def destroy
+      @person_platform_integration.destroy!
+      redirect_to person_platform_integrations_url, notice: 'PersonPlatformIntegration was successfully destroyed.',
+                                                    status: :see_other
+    end
+
+    private
 
-  private
     # Use callbacks to share common setup or constraints between actions.
     def set_person_platform_integration
       @person_platform_integration = BetterTogether::PersonPlatformIntegration.find(params[:id])
@@ -55,4 +59,5 @@ def set_person_platform_integration
     def person_platform_integration_params
       params.require(:person_platform_integration).permit(:provider, :uid, :token, :secret, :profile_url, :user_id)
     end
+  end
 end

app/helpers/better_together/person_platform_integrations_helper.rb

@@ -1,2 +1,6 @@
-module BetterTogether::PersonPlatformIntegrationsHelper
+# frozen_string_literal: true
+
+module BetterTogether
+  module PersonPlatformIntegrationsHelper
+  end
 end

app/integrations/better_together/github.rb

@@ -4,5 +4,27 @@
 
 module BetterTogether
   class Github
+    def access_token
+      Octokit::Client.new(bearer_token: jwt).create_app_installation_access_token(Rails.application.credentials.dig(
+                                                                                    :github, :installation_id
+                                                                                  ))[:token]
+    end
+
+    def jwt
+      payload = {
+        iat: Time.now.to_i - 60, # issued at time
+        exp: Time.now.to_i + (10 * 60),
+        iss: Rails.application.credentials.dig(:github, :app_id)
+      }
+      JWT.encode(payload, private_key, 'RS256')
+    end
+
+    def private_key
+      @private_key ||= OpenSSL::PKey::RSA.new(private_pem)
+    end
+
+    def private_pem
+      @private_pem ||= Rails.application.credentials.dig(:github, :private_pem)
+    end
   end
 end

app/models/better_together/person.rb

@@ -45,6 +45,8 @@ def self.primary_community_delegation_attrs
     has_many :agreement_participants, class_name: 'BetterTogether::AgreementParticipant', dependent: :destroy
     has_many :agreements, through: :agreement_participants
 
+    has_many :person_platform_integrations, dependent: :destroy
+
     has_one :user_identification,
             lambda {
               where(
@@ -78,6 +80,8 @@ def self.primary_community_delegation_attrs
       show_conversation_details Boolean, default: false
     end
 
+    # has_one_attached :profile_image
+
     validates :name,
               presence: true
 

app/models/better_together/person_platform_integration.rb

@@ -1,4 +1,97 @@
-class BetterTogether::PersonPlatformIntegration < ApplicationRecord
-  belongs_to :person
-  belongs_to :platform
+# frozen_string_literal: true
+
+module BetterTogether
+  class PersonPlatformIntegration < ApplicationRecord
+    PROVIDERS = {
+      facebook: 'Facebook',
+      github: 'Github',
+      google_oauth2: 'Google',
+      linkedin: 'Linkedin'
+    }.freeze
+
+    belongs_to :person
+    belongs_to :platform
+    belongs_to :user
+
+    Devise.omniauth_configs.each_key do |provider|
+      scope provider, -> { where(provider:) }
+    end
+
+    def expired?
+      expires_at? && expires_at <= Time.zone.now
+    end
+
+    def token
+      renew_token! if expired?
+      access_token
+    end
+
+    def renew_token!
+      new_token = current_token.refresh!
+      update(
+        access_token: new_token.token,
+        refresh_token: new_token.refresh_token,
+        expires_at: Time.at(new_token.expires_at)
+      )
+    end
+
+    def refresh_auth_hash
+      renew_token! if expired?
+
+      omniauth = strategy
+      omniauth.access_token = current_token
+
+      update(self.class.attributes_from_omniauth(omniauth.auth_hash))
+    end
+
+    def current_token
+      OAuth2::AccessToken.new(
+        strategy.client,
+        access_token,
+        refresh_token:
+      )
+    end
+
+    # return an OmniAuth::Strategies instance for the provider
+    def strategy
+      OmniAuth::Strategies.const_get(OmniAuth::Utils.camelize(provider)).new(
+        nil,
+        ENV.fetch("#{provider.downcase}_client_id", nil),
+        ENV.fetch("#{provider.downcase}_client_secret", nil)
+      )
+    end
+
+    def self.attributes_from_omniauth(auth)
+      expires_at = auth.credentials.expires_at.present? ? Time.at(auth.credentials.expires_at) : nil
+
+      attributes = {
+        provider: auth.provider,
+        uid: auth.uid,
+        expires_at:,
+        access_token: auth.credentials.token,
+        access_token_secret: auth.credentials.secret,
+        auth: auth.to_hash
+      }
+
+      attributes[:handle] = auth.info.nickname if auth.info.nickname.present?
+      attributes[:name] = auth.info.name if auth.info.name.present?
+      attributes[:image_url] = URI.parse(auth.info.image) if auth.info.image.present?
+
+      attributes[:profile_url] = auth.info.urls.first.last unless person_platform_integration.persisted?
+
+      attributes
+    end
+
+    def self.update_or_initialize(person_platform_integration, auth)
+      if person_platform_integration.present?
+        person_platform_integration.update(attributes_from_omniauth(auth))
+      else
+        person_platform_integration = new(
+          attributes_from_omniauth(auth)
+        )
+      end
+
+      person_platform_integration
+    end
+  end
 end

app/models/concerns/better_together/devise_user.rb

@@ -10,30 +10,44 @@ module DeviseUser
 
       slugged :email
 
+      has_many :person_platform_integrations, dependent: :destroy
+
       validates :email, presence: true, uniqueness: { case_sensitive: false }
 
-      def send_devise_notification(notification, *)
-        devise_mailer.send(notification, self, *).deliver_later
-      end
+      def self.from_omniauth(person_platform_integration:, auth:, current_user:)
+        person_platform_integration = PersonPlatformIntegration.update_or_initialize(person_platform_integration, auth)
 
-      def self.from_omniauth(auth)
-        find_or_create_by(provider: auth.provider, uid: auth.uid) do |user|
-          user.email = auth.info.email
-          user.password = Devise.friendly_token[0, 20]
-          # user.name = auth.info.name   # assuming the user model has a name
-          # user.image = auth.info.image # assuming the user model has an image
-          # If you are using confirmable and the provider(s) you use validate emails,
-          # uncomment the line below to skip the confirmation emails.
-          # user.skip_confirmation!
-        end
-      end
+        return person_platform_integration.user if person_platform_integration.user.present?
+
+        unless person_platform_integration.persisted?
+          user = current_user.present? ? current_user : find_by(email: auth['info']['email'])
 
-      def self.new_with_session(params, session)
-        super.tap do |user|
-          if (data = session['devise.github_data'] && session['devise.github_data']['extra']['raw_info']) && user.email.blank?
-            user.email = data['email']
+          if user.blank?
+            user = new
+            user.skip_confirmation!
+            user.password = ::Devise.friendly_token[0, 20]
+            user.set_attributes_from_auth(auth)
+
+            person_attributes = {
+              name: person_platform_integration.name || user.email.split('@').first || 'Unidentified Person',
+              handle: person_platform_integration.handle || user.email.split('@').first
+            }
+            user.build_person(person_attributes)
+
+            user.save
           end
+
+          person_platform_integration.user = user
+          person_platform_integration.person = user.person
+
+          person_platform_integration.save
         end
+
+        person_platform_integration.user
+      end
+
+      def set_attributes_from_auth(auth)
+        self.email = auth.info.email
       end
 
       # TODO: address the confirmation and password reset email modifications for api users when the API is under