feature/ github oauth integration

Gemfile.lock

@@ -26,6 +26,10 @@ PATH
       jsonapi-resources (>= 0.10.0)
       mobility (>= 1.0.1, < 2.0)
       mobility-actiontext (~> 1.1)
+      octokit
+      omniauth
+      omniauth-github (~> 2.0.0)
+      omniauth-rails_csrf_protection
       pundit (>= 2.1, < 2.4)
       pundit-resources
       rack-cors (>= 1.1.1, < 2.1.0)
@@ -236,6 +240,10 @@ GEM
       railties (>= 5.0.0)
     faker (3.4.1)
       i18n (>= 1.8.11, < 2)
+    faraday (2.9.1)
+      faraday-net_http (>= 2.0, < 3.2)
+    faraday-net_http (3.1.0)
+      net-http
     ffi (1.17.0-x86_64-linux-gnu)
     fog-aws (3.22.0)
       fog-core (~> 2.1)
@@ -268,6 +276,7 @@ GEM
     google-protobuf (4.27.1-x86_64-linux)
       bigdecimal
       rake (>= 13)
+    hashie (5.0.0)
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
@@ -323,7 +332,11 @@ GEM
       mobility (~> 1.2)
     msgpack (1.7.2)
     multi_json (1.15.0)
+    multi_xml (0.7.1)
+      bigdecimal (~> 3.1)
     mutex_m (0.2.0)
+    net-http (0.4.1)
+      uri
     net-imap (0.4.12)
       date
       net-protocol
@@ -337,6 +350,29 @@ GEM
     nio4r (2.7.3)
     nokogiri (1.16.5-x86_64-linux)
       racc (~> 1.4)
+    oauth2 (2.0.9)
+      faraday (>= 0.17.3, < 3.0)
+      jwt (>= 1.0, < 3.0)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 4)
+      snaky_hash (~> 2.0)
+      version_gem (~> 1.1)
+    octokit (9.1.0)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    omniauth (2.1.2)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-github (2.0.1)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8)
+    omniauth-oauth2 (1.8.0)
+      oauth2 (>= 1.4, < 3)
+      omniauth (~> 2.0)
+    omniauth-rails_csrf_protection (1.0.2)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
     optimist (3.1.0)
     orm_adapter (0.5.0)
     parallel (1.24.0)
@@ -517,6 +553,9 @@ GEM
       ffi (~> 1.9)
     sassc-embedded (1.76.0)
       sass-embedded (~> 1.76)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
     selenium-webdriver (4.21.1)
       base64 (~> 0.2)
       rexml (~> 3.2, >= 3.2.5)
@@ -543,6 +582,9 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
+    snaky_hash (2.0.1)
+      hashie
+      version_gem (~> 1.1, >= 1.1.1)
     spring (4.2.1)
     spring-watcher-listen (2.1.0)
       listen (>= 2.7, < 4.0)
@@ -581,6 +623,8 @@ GEM
       unf_ext
     unf_ext (0.0.8.2)
     unicode-display_width (2.5.0)
+    uri (0.13.0)
+    version_gem (1.1.4)
     warden (1.2.9)
       rack (>= 2.0.9)
     warden-jwt_auth (0.8.0)

app/concerns/better_together/devise_user.rb

@@ -5,13 +5,55 @@ module BetterTogether
   module DeviseUser
     extend ActiveSupport::Concern
 
-    included do
+    included do # rubocop:todo Metrics/BlockLength
       include FriendlySlug
 
       slugged :email
 
+      has_many :person_platform_integrations, dependent: :destroy
+
       validates :email, presence: true, uniqueness: { case_sensitive: false }
 
+      # rubocop:todo Metrics/CyclomaticComplexity
+      # rubocop:todo Metrics/MethodLength
+      def self.from_omniauth(person_platform_integration:, auth:, current_user:) # rubocop:todo Metrics/AbcSize, Metrics/MethodLength
+        person_platform_integration = PersonPlatformIntegration.update_or_initialize(person_platform_integration, auth)
+
+        return person_platform_integration.user if person_platform_integration.user.present?
+
+        unless person_platform_integration.persisted?
+          user = current_user.present? ? current_user : find_by(email: auth['info']['email'])
+
+          if user.blank?
+            user = new
+            user.skip_confirmation!
+            user.password = ::Devise.friendly_token[0, 20]
+            user.attributes_from_auth(auth)
+
+            person_attributes = {
+              name: person_platform_integration.name || user.email.split('@').first || 'Unidentified Person',
+              handle: person_platform_integration.handle || user.email.split('@').first
+            }
+            user.build_person(person_attributes)
+
+            user.save
+          end
+
+          person_platform_integration.user = user
+          person_platform_integration.person = user.person
+
+          person_platform_integration.save
+        end
+
+        person_platform_integration.user
+      end
+      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/CyclomaticComplexity
+
+      def attributes_from_auth(auth)
+        self.email = auth.info.email
+      end
+
       # TODO: address the confirmation and password reset email modifications for api users when the API is under
       # active development and full use.
       # override devise method to include additional info as opts hash
@@ -27,6 +69,10 @@ def send_confirmation_instructions(opts = {})
         send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
       end
 
+      def send_devise_notification(notification, *args)
+        devise_mailer.send(notification, self, *args).deliver_later
+      end
+
       # # override devise method to include additional info as opts hash
       def send_reset_password_instructions(opts = {})
         token = set_reset_password_token

app/concerns/better_together/primary_community.rb

@@ -25,7 +25,7 @@ def self.primary_community_delegation_attrs
     def create_primary_community
       create_community(
         name:,
-        description:,
+        description: (respond_to?(:description) ? description : "#{name}'s primary community"),
         privacy: (respond_to?(:privacy) ? privacy : 'secret'),
         **primary_community_extra_attrs
       )

app/controllers/better_together/omniauth_callbacks_controller.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  class OmniauthCallbacksController < Devise::OmniauthCallbacksController # rubocop:todo Style/Documentation
+    # See https://github.com/omniauth/omniauth/wiki/FAQ#rails-session-is-clobbered-after-callback-on-developer-strategy
+    skip_before_action :verify_authenticity_token, only: %i[github]
+
+    before_action :set_person_platform_integration, except: [:failure]
+    before_action :set_user, except: [:failure]
+
+    attr_reader :person_platform_integration, :user
+
+    def github
+      handle_auth 'Github'
+    end
+
+    private
+
+    def handle_auth(kind)
+      if user_signed_in?
+        flash[:success] = t 'devise_omniauth_callbacks.success', kind: kind if is_navigational_format?
+        redirect_to edit_user_registration_path
+      else
+        flash[:alert] =
+          t 'devise_omniauth_callbacks.failure', kind:, reason: "#{auth.info.email} is not authorized"
+        redirect_to new_user_registration_path
+      end
+    end
+
+    def auth
+      request.env['omniauth.auth']
+    end
+
+    def set_person_platform_integration
+      @person_platform_integration = PersonPlatformIntegration.find_by(provider: auth.provider, uid: auth.uid)
+    end
+
+    def set_user
+      @user = ::BetterTogether.user_class.from_omniauth(person_platform_integration:, auth:, current_user:)
+    end
+
+    def failure
+      flash[:error] = 'There was a problem signing you in. Please register or try signing in later.'
+      redirect_to helpers.base_url
+    end
+  end
+end

app/controllers/better_together/person_platform_integrations_controller.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  # Allows for the management of PersonPlatformIntegrations
+  class PersonPlatformIntegrationsController < ApplicationController
+    before_action :set_person_platform_integration, only: %i[show edit update destroy]
+
+    # GET /better_together/person_platform_integrations
+    def index
+      @person_platform_integrations = BetterTogether::PersonPlatformIntegration.all
+    end
+
+    # GET /better_together/person_platform_integrations/1
+    def show; end
+
+    # GET /better_together/person_platform_integrations/new
+    def new
+      @person_platform_integration = BetterTogether::PersonPlatformIntegration.new
+    end
+
+    # GET /better_together/person_platform_integrations/1/edit
+    def edit; end
+
+    # POST /better_together/person_platform_integrations
+    def create
+      # rubocop:todo Layout/LineLength
+      @better_together_person_platform_integration = BetterTogether::PersonPlatformIntegration.new(person_platform_integration_params)
+      # rubocop:enable Layout/LineLength
+
+      if @person_platform_integration.save
+        redirect_to @person_platform_integration, notice: 'PersonPlatformIntegration was successfully created.'
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    # PATCH/PUT /better_together/person_platform_integrations/1
+    def update
+      if @person_platform_integration.update(person_platform_integration_params)
+        redirect_to @person_platform_integration, notice: 'PersonPlatformIntegration was successfully updated.',
+                                                  status: :see_other
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /better_together/person_platform_integrations/1
+    def destroy
+      @person_platform_integration.destroy!
+      redirect_to person_platform_integrations_url, notice: 'PersonPlatformIntegration was successfully destroyed.',
+                                                    status: :see_other
+    end
+
+    private
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_person_platform_integration
+      @person_platform_integration = BetterTogether::PersonPlatformIntegration.find(params[:id])
+    end
+
+    # Only allow a list of trusted parameters through.
+    def person_platform_integration_params
+      params.require(:person_platform_integration).permit(:provider, :uid, :token, :secret, :profile_url, :user_id)
+    end
+  end
+end

app/helpers/better_together/person_platform_integrations_helper.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module BetterTogether
+  # This module conains helper methods for PersonPLatformIntegrations
+  module PersonPlatformIntegrationsHelper
+  end
+end

app/integrations/better_together/github.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'octokit'
+
+module BetterTogether
+  # This class allows integration with the GitHub API
+  class Github
+    def access_token
+      Octokit::Client.new(bearer_token: jwt).create_app_installation_access_token(Rails.application.credentials.dig(
+                                                                                    :github, :installation_id
+                                                                                  ))[:token]
+    end
+
+    def jwt
+      payload = {
+        iat: Time.now.to_i - 60, # issued at time
+        exp: Time.now.to_i + (10 * 60),
+        iss: Rails.application.credentials.dig(:github, :app_id)
+      }
+      JWT.encode(payload, private_key, 'RS256')
+    end
+
+    def private_key
+      @private_key ||= OpenSSL::PKey::RSA.new(private_pem)
+    end
+
+    def private_pem
+      @private_pem ||= Rails.application.credentials.dig(:github, :private_pem)
+    end
+  end
+end

app/models/better_together/person.rb

@@ -22,6 +22,8 @@ def self.primary_community_delegation_attrs
 
     slugged :identifier, dependent: :delete_all
 
+    has_many :person_platform_integrations, dependent: :destroy
+
     # has_one_attached :profile_image
 
     validates :name,