Module: Devise::Models::Auth0

Extended by:

ActiveSupport::Concern

Defined in:

lib/devise/models/auth0.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

Instance Method Summary

• #after_auth0_omniauth(auth) ⇒ Object
• #after_auth0_omniauth_created(auth) ⇒ Object
• #after_auth0_token(token) ⇒ Object
• #after_auth0_token_created(token) ⇒ Object
• #auth0_id ⇒ Object
• #auth0_scopes ⇒ Object
• #auth0_scopes=(scopes) ⇒ Object
• #can?(action, resource_class = nil) ⇒ Boolean
• #cannot?(*args) ⇒ Boolean

  Convenience method which works the same as “can?” but returns the opposite value.

• #email_domain_allowed ⇒ Object
• #email_domain_disallowed ⇒ Object

Class Method Details

.required_fields(klass) ⇒ Object

# File 'lib/devise/models/auth0.rb', line 20

def required_fields(klass)
  []
end

Instance Method Details

#after_auth0_omniauth(auth) ⇒ Object

# File 'lib/devise/models/auth0.rb', line 126

def after_auth0_omniauth(auth)
  set_auth_id(auth.provider, auth.uid)
end

#after_auth0_omniauth_created(auth) ⇒ Object

# File 'lib/devise/models/auth0.rb', line 123

def after_auth0_omniauth_created(auth)
end

#after_auth0_token(token) ⇒ Object

# File 'lib/devise/models/auth0.rb', line 119

def after_auth0_token(token)
  set_auth_id(token.provider, token.uid)
end

#after_auth0_token_created(token) ⇒ Object

# File 'lib/devise/models/auth0.rb', line 116

def after_auth0_token_created(token)
end

#auth0_id ⇒ Object

# File 'lib/devise/models/auth0.rb', line 112

def auth0_id
  "#{provider}|#{uid}"
end

#auth0_scopes ⇒ Object

# File 'lib/devise/models/auth0.rb', line 75

def auth0_scopes
  ::Devise.auth0.cache.fetch("devise-auth0/#{auth0_id}/scopes", expires_in: ::Devise.auth0.cache_expires_in) do
    if bot?
      self.class.auth0_client.client_grants(
        client_id: uid,
        audience: self.class.auth0_config.aud,
      ).first.try(:[], "scope")
    else
      user = self.class.auth0_client.users_by_email(email).find do |u|
        u["identities"].any? { |i| i["user_id"] == uid }
      end
      return [] if user.nil?

      permissions = []
      page = 0
      loop do
        response_data = self.class.auth0_client
          .get_user_permissions(
            user["user_id"],
            { page: page, per_page: 100, include_totals: true },
          )

        response_data["permissions"].select do |permission|
          self.class.auth0_config.aud.include?(permission["resource_server_identifier"])
        end.each do |permission|
          permissions << permission["permission_name"]
        end

        break if response_data["start"] / 100 == response_data["total"] / 100

        page += 1
      end
      permissions
    end
  end
end

#auth0_scopes=(scopes) ⇒ Object

# File 'lib/devise/models/auth0.rb', line 67

def auth0_scopes=(scopes)
  ::Devise.auth0.cache.write(
    "devise-auth0/#{auth0_id}/scopes",
    scopes,
    expires_in: ::Devise.auth0.cache_expires_in,
  )
end

#can?(action, resource_class = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise/models/auth0.rb', line 47

def can?(action, resource_class = nil)
  scope = [action]
  if resource_class.is_a?(String)
    scope << resource_class
  elsif resource_class
    resource_name = resource_class.name.underscore.split("/")
    resource_name[-1] = resource_name[-1].pluralize
    scope << resource_name.join("/")
  end
  auth0_scopes.include?(scope.join(":"))
end

#cannot?(*args) ⇒ Boolean

Convenience method which works the same as “can?” but returns the opposite value.

cannot? :destroy, @project

Returns:

• (Boolean)

# File 'lib/devise/models/auth0.rb', line 63

def cannot?(*args)
  !can?(*args)
end

#email_domain_allowed ⇒ Object

# File 'lib/devise/models/auth0.rb', line 25

def email_domain_allowed
  return if self.class.auth0_config.email_domains_allowlist.empty?

  m = Mail::Address.new(email)
  return if m.domain.nil?

  unless self.class.auth0_config.email_domains_allowlist.include?(m.domain)
    errors.add(:email, :not_allowed)
  end
end

#email_domain_disallowed ⇒ Object

# File 'lib/devise/models/auth0.rb', line 36

def email_domain_disallowed
  return if self.class.auth0_config.email_domains_blocklist.empty?

  m = Mail::Address.new(email)
  return if m.domain.nil?

  if self.class.auth0_config.email_domains_blocklist.include?(m.domain)
    errors.add(:email, :not_allowed)
  end
end