module BookingSync::Engine::AuthHelpers

Constants

NEW_AUTHORIZATION_URL

Path which will be used in POST request to start a new Authorization process.

Default to /auth/bookingsync

Private Instance Methods

account_authorized(account) click to toggle source

Callback after account is authorized.

Stores the authorized account's synced_id in the session.

@param account [Account] the just authorized account

# File lib/bookingsync/engine/auth_helpers.rb, line 29
def account_authorized(account)
  session[:account_id] = account.public_send(BookingSyncEngine.bookingsync_id_key).to_s
end
after_bookingsync_sign_in_path() click to toggle source

Path to which the user should be redirected after successful authorization. This method should be overridden in applications using this engine.

Defaults to root_path.

# File lib/bookingsync/engine/auth_helpers.rb, line 135
def after_bookingsync_sign_in_path
  root_path
end
after_bookingsync_sign_out_path() click to toggle source

Path to which the user should be redirected after sign out. This method should be overridden in applications using this engine.

Defaults to root_path.

# File lib/bookingsync/engine/auth_helpers.rb, line 143
def after_bookingsync_sign_out_path
  root_path
end
authenticate_account!() click to toggle source

Requests authorization if not currently authorized.

# File lib/bookingsync/engine/auth_helpers.rb, line 148
def authenticate_account!
  store_bookingsync_account_id if BookingSync::Engine.embedded
  sign_out_if_inactive
  enforce_requested_account_authorized!
  request_authorization! if current_account.nil?
end
auto_submit_form_html() click to toggle source
# File lib/bookingsync/engine/auth_helpers.rb, line 159
def auto_submit_form_html
  Repost::Senpai.perform(
    new_authorization_path,
    params: { account_id: session[:_bookingsync_account_id] },
    options: { authenticity_token: Rack::Protection::AuthenticityToken.token(session) }
  ).html_safe
end
clear_authorization!() click to toggle source

Removes the authorization from session. Will not redirect to any other page, see {#reset_authorization!}

# File lib/bookingsync/engine/auth_helpers.rb, line 48
def clear_authorization!
  session[:account_id] = nil
end
current_account() click to toggle source

@return [Account, nil] currently authorized Account or nil if unauthorized

# File lib/bookingsync/engine/auth_helpers.rb, line 17
def current_account
  return if session[:account_id].nil?

  @current_account ||=
    ::BookingSyncEngine.account_model.find_by_host_and_bookingsync_id_key(request.host, session[:account_id])
end
enforce_requested_account_authorized!() click to toggle source

Clear authorization if the account passed from the BookingSync app store embed doesn't match the currently authorized account

# File lib/bookingsync/engine/auth_helpers.rb, line 35
def enforce_requested_account_authorized!
  clear_authorization! unless requested_account_authorized?
end
handle_oauth_error(error) click to toggle source

Handler to rescue OAuth errors

@param error [OAuth2::Error] the rescued error

# File lib/bookingsync/engine/auth_helpers.rb, line 122
def handle_oauth_error(error)
  if error.code == "Not authorized"
    current_account.try(:clear_token!)
    reset_authorization!
  else
    raise
  end
end
new_authorization_path() click to toggle source
# File lib/bookingsync/engine/auth_helpers.rb, line 111
def new_authorization_path
  NEW_AUTHORIZATION_URL
end
new_authorization_url() click to toggle source
# File lib/bookingsync/engine/auth_helpers.rb, line 115
def new_authorization_url
  request.base_url + new_authorization_path
end
request_authorization!() click to toggle source

Request a new authorization.

# File lib/bookingsync/engine/auth_helpers.rb, line 62
def request_authorization!
  respond_to do |format|
    format.html do
      if request.xhr?
        request_authorization_for_xhr!
      elsif BookingSync::Engine.embedded
        request_authorization_for_embedded!
      else
        request_authorization_for_standalone!
      end
    end

    format.json do
      head :unauthorized
    end

    format.api_json do
      head :unauthorized
    end
  end
end
request_authorization_for_embedded!() click to toggle source

Request a new authorization for Embedded Apps.

Load the new authorization path using Javascript by default.

# File lib/bookingsync/engine/auth_helpers.rb, line 94
def request_authorization_for_embedded!
  allow_bookingsync_iframe
  render html: auto_submit_form_html
end
request_authorization_for_standalone!() click to toggle source

Request a new authorization for Standalone Apps.

Redirects to new authorization path by default.

# File lib/bookingsync/engine/auth_helpers.rb, line 102
def request_authorization_for_standalone!
  render html: auto_submit_form_html
end
request_authorization_for_xhr!() click to toggle source

Request a new authorization for Ajax requests.

Renders the new auto submit form with 401 Unauthorized status by default.

# File lib/bookingsync/engine/auth_helpers.rb, line 87
def request_authorization_for_xhr!
  render html: auto_submit_form_html, status: :unauthorized
end
requested_account_authorized?() click to toggle source

Checks if the account requested from the BookingSync app store embed matches currently authorized account.

# File lib/bookingsync/engine/auth_helpers.rb, line 41
def requested_account_authorized?
  session[:_bookingsync_account_id].blank? ||
    session[:_bookingsync_account_id] == session[:account_id]
end
reset_authorization!() click to toggle source

Removes authorization from session and requests new authorization. For removing authorization without redirecting, see {#clear_authorization!}.

# File lib/bookingsync/engine/auth_helpers.rb, line 54
def reset_authorization!
  session[:_bookingsync_account_id] =
    params[:account_id].presence || session[:account_id]
  clear_authorization!
  request_authorization!
end