Allow to launch RS apps from dashboard

2023-11-19 19:10:13 +01:00 · 2023-11-19 19:10:13 +01:00 · aa399b862a
commit aa399b862a
parent 713e91a720
7 changed files with 54 additions and 53 deletions
--- a/app/components/rs_auth_component.html.erb
+++ b/app/components/rs_auth_component.html.erb
@ -10,13 +10,10 @@
      <%= @auth.client_id %>
    </p>
  </div>
  <!-- <div> -->
  <!--   <p class="text&#45;sm text&#45;gray&#45;500"> -->
  <!--     Approved <%= time_ago_in_words @auth.created_at %> ago -->
  <!--   </p> -->
  <!-- </div> -->
  <%= render DropdownComponent.new do %>
-    <%= render DropdownLinkComponent.new(href: "#") do %>
+    <%= render DropdownLinkComponent.new(
          href: launch_app_services_storage_rs_auth_url(@auth)
        ) do %>
      Launch app
    <% end %>
    <%= render DropdownLinkComponent.new(
--- a/app/controllers/rs/oauth_controller.rb
+++ b/app/controllers/rs/oauth_controller.rb
@ -95,13 +95,6 @@ class Rs::OauthController < ApplicationController
                allow_other_host: true
  end
  # GET /rs/oauth/token/:id/launch_app
  def launch_app
    auth = current_user.remote_storage_authorizations.find(params[:id])
    redirect_to app_auth_url(auth), allow_other_host: true
  end
  private
  def require_signed_in_with_username
@ -111,12 +104,6 @@ class Rs::OauthController < ApplicationController
    end
  end
  def app_auth_url(auth)
    url = "#{auth.url}#remotestorage=#{current_user.address}"
    url += "&access_token=#{auth.token}"
    url
  end
  def hostname_of(uri)
    uri.gsub(/http(s)?:\/\//, "").split(":")[0].split("/")[0]
  end
--- a/app/controllers/services/rs_auths_controller.rb
+++ b/app/controllers/services/rs_auths_controller.rb
@ -5,8 +5,8 @@ class Services::RsAuthsController < Services::BaseController
  # before_action :require_service_enabled
  def destroy
-    if @rs_auth = current_user.remote_storage_authorizations.find(params[:id])
+    if auth = current_user.remote_storage_authorizations.find(params[:id])
-      @rs_auth.destroy!
+      auth.destroy!
    else
      http_status :not_found
    end
@ -20,6 +20,13 @@ class Services::RsAuthsController < Services::BaseController
    end
  end
  def launch_app
    auth = current_user.remote_storage_authorizations.find(params[:id])
    launch_url = "#{auth.url}#remotestorage=#{current_user.address}&access_token=#{auth.token}"
    redirect_to launch_url, allow_other_host: true
  end
  private
    def require_feature_enabled
--- a/app/models/remote_storage_authorization.rb
+++ b/app/models/remote_storage_authorization.rb
@ -23,7 +23,7 @@ class RemoteStorageAuthorization < ApplicationRecord
  after_destroy  :remove_token_expiry_job
  def url
-    # TODO use web app scope in addition to host
+    # TODO use web app scope in addition to host/client_id
    uri = URI.parse self.redirect_uri
    "#{uri.scheme}://#{client_id}"
  end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -33,7 +33,8 @@ Rails.application.routes.draw do
    resource :storage, controller: 'remotestorage', only: [:show] do
      resources :rs_auths, only: [:destroy] do
        member do
-          get 'revoke', to: 'rs_auths#destroy'
+          get :revoke, to: 'rs_auths#destroy'
          get :launch_app
        end
      end
    end
@ -86,7 +87,6 @@ Rails.application.routes.draw do
    resource :oauth, only: [:new, :create], path_names: {
      new: ':username', create: ':username'
    }, controller: 'oauth'
    get 'oauth/token/:id/launch_app' => 'oauth#launch_app', as: :launch_app
  end
  get '.well-known/webfinger', to: 'webfinger#show'
--- a/spec/controllers/rs/oauth_controller_spec.rb
+++ b/spec/controllers/rs/oauth_controller_spec.rb
@ -437,33 +437,4 @@ RSpec.describe Rs::OauthController, type: :controller do
      end
    end
  end
  describe "GET /rs/oauth/token/:id/launch_app" do
    context "when user is signed in" do
      before do
        sign_in user
      end
      context "token exists" do
        before do
          @auth = user.remote_storage_authorizations.create!(
            permissions: %w(documents), client_id: "app.example.com",
            redirect_uri: "https://app.example.com",
            expire_at: 2.days.from_now
          )
          get :launch_app, params: { id: @auth.id }
        end
        after do
          @auth.destroy
        end
        it "redirects to the given URL with the correct RS URL fragment params" do
          launch_url = "https://app.example.com#remotestorage=#{user.address}&access_token=#{@auth.token}"
          expect(response).to redirect_to(launch_url)
        end
      end
    end
  end
 end
--- a/spec/controllers/services/rs_auths_controller_spec.rb
+++ b/spec/controllers/services/rs_auths_controller_spec.rb
@ -0,0 +1,39 @@
 require 'rails_helper'
 RSpec.describe Services::RsAuthsController, type: :controller do
  let(:user) { create :user }
  before do
    allow_any_instance_of(AppCatalog::WebApp).to receive(:update_metadata).and_return(true)
    allow_any_instance_of(Flipper).to receive(:enabled?).and_return(true)
  end
  describe "GET /services/storage/rs_auths/:id/launch_app" do
    context "when user is signed in" do
      before do
        sign_in user
      end
      context "token exists" do
        before do
          @auth = user.remote_storage_authorizations.create!(
            permissions: %w(documents), client_id: "app.example.com",
            redirect_uri: "https://app.example.com",
            expire_at: 2.days.from_now
          )
          get :launch_app, params: { id: @auth.id }
        end
        after do
          @auth.destroy
        end
        it "redirects to the given URL with the correct RS URL fragment params" do
          launch_url = "https://app.example.com#remotestorage=#{user.address}&access_token=#{@auth.token}"
          expect(response).to redirect_to(launch_url)
        end
      end
    end
  end
 end