wip: add UBX authorization handler

Author: moustachu

app/commands/decidim/verifications/omniauth/confirm_omniauth_authorization.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    module Omniauth
+      class ConfirmOmniauthAuthorization < Decidim::Verifications::ConfirmUserAuthorization
+        def call
+          return broadcast(:invalid) unless form.valid?
+
+          if confirmation_successful?
+            authorization.attributes = {
+              unique_id: form.unique_id,
+              encrypted_metadata: Decidim::MetadataEncryptor.new(
+                uid: form.unique_id
+              ).encrypt(form.metadata.reject { |k, _v| k == :nickname })
+            }
+
+            authorization.grant!
+            broadcast(:ok)
+          else
+            broadcast(:invalid)
+          end
+        end
+      end
+    end
+  end
+end

app/controllers/decidim/verifications/admin/verifications_controller.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    module Admin
+      class VerificationsController < Decidim::Admin::ApplicationController
+        def destroy_before_date
+          enforce_permission_to :destroy, :authorization
+          return unless params.has_key?(:revocations_before_date)
+
+          form = RevocationsBeforeDateForm.from_params(params[:revocations_before_date])
+          RevokeByConditionAuthorizations.call(current_organization, current_user, form) do
+            on(:ok) do
+              flash[:notice] = t("authorization_revocation.destroy_ok", scope: "decidim.admin.menu")
+              redirect_to decidim_admin.authorization_workflows_url
+            end
+            on(:invalid) do
+              flash.now[:alert] = t("authorization_revocation.destroy_nok", scope: "decidim.admin.menu")
+              redirect_to decidim_admin.authorization_workflows_url
+            end
+          end
+        end
+
+        def destroy_all
+          enforce_permission_to :destroy, :authorization
+          RevokeAllAuthorizations.call(current_organization, current_user) do
+            on(:ok) do
+              flash[:notice] = t("authorization_revocation.destroy_ok", scope: "decidim.admin.menu")
+              redirect_to decidim_admin.authorization_workflows_url
+            end
+            on(:invalid) do
+              flash.now[:alert] = t("authorization_revocation.destroy_nok", scope: "decidim.admin.menu")
+              redirect_to decidim_admin.authorization_workflows_url
+            end
+          end
+        end
+      end
+    end
+  end
+end

app/controllers/decidim/verifications/application_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    class ApplicationController < Decidim::ApplicationController
+      include NeedsPermission
+
+      before_action :confirmed_user, only: [:new, :create]
+
+      def new
+        raise NotImplementedError
+      end
+
+      def create
+        raise NotImplementedError
+      end
+
+      private
+
+      def confirmed_user
+        return true if !current_user || current_user && current_user.verifiable?
+
+        redirect_back(
+          fallback_location: root_path,
+          alert: t(
+            "authorizations.create.unconfirmed",
+            scope: "decidim.verifications"
+          )
+        ) && (return false)
+      end
+    end
+  end
+end

app/controllers/decidim/verifications/authorizations_controller.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    # This controller allows users to create and destroy their authorizations. It
+    # shouldn't be necessary to expand it to add new authorization schemes.
+    class AuthorizationsController < ApplicationController
+      helper_method :handler, :unauthorized_methods, :disabled_methods, :authorization_anti_affinity
+      before_action :valid_handler, only: [:new, :create]
+
+      include Decidim::UserProfile
+      helper Decidim::DecidimFormHelper
+      helper Decidim::CtaButtonHelper
+      helper Decidim::AuthorizationFormHelper
+      helper MetadataHelper
+
+      layout "layouts/decidim/user_profile", only: [:index]
+
+      def new; end
+
+      def index
+        @granted_authorizations = granted_authorizations
+        @pending_authorizations = pending_authorizations
+      end
+
+      def first_login
+        if unauthorized_methods.length == 1
+          redirect_to(
+            action: :new,
+            handler: unauthorized_methods.first.name,
+            redirect_url: decidim.account_path
+          )
+        end
+      end
+
+      def create
+        AuthorizeUser.call(handler) do
+          on(:ok) do
+            flash[:notice] = t("authorizations.create.success", scope: "decidim.verifications")
+            redirect_to redirect_url || authorizations_path
+          end
+
+          on(:invalid) do
+            flash[:alert] = t("authorizations.create.error", scope: "decidim.verifications")
+            render action: :new
+          end
+        end
+      end
+
+      protected
+
+      def handler
+        @handler ||= Decidim::AuthorizationHandler.handler_for(handler_name, handler_params)
+      end
+
+      def handler_params
+        (params[:authorization_handler] || {}).merge(user: current_user)
+      end
+
+      def handler_name
+        params[:handler] || params.dig(:authorization_handler, :handler_name)
+      end
+
+      def valid_handler
+        return true if handler
+
+        logger.warn "Invalid authorization handler given: #{handler_name} doesn't"\
+          "exist or you haven't added it to `Decidim.authorization_handlers`"
+
+        redirect_to(authorizations_path) && (return false)
+      end
+
+      def unauthorized_methods
+        @unauthorized_methods ||= available_verification_workflows.reject do |handler|
+          (active_authorization_methods + authorization_anti_affinity).include?(handler.key)
+        end
+      end
+
+      def disabled_methods
+        @disabled_methods ||= available_verification_workflows.select do |handler|
+          authorization_anti_affinity.include?(handler.key)
+        end
+      end
+
+      def authorization_anti_affinity
+        @authorization_anti_affinity ||= active_authorization_methods.map do |handler|
+          Decidim::Verifications.find_workflow_manifest(handler).anti_affinity
+        end.flatten.compact
+      end
+
+      def active_authorization_methods
+        Authorizations.new(organization: current_organization, user: current_user).pluck(:name)
+      end
+
+      def granted_authorizations
+        Authorizations.new(organization: current_organization, user: current_user, granted: true)
+      end
+
+      def pending_authorizations
+        Authorizations.new(organization: current_organization, user: current_user, granted: false)
+      end
+
+      def store_current_location
+        return if redirect_url.blank? || !request.format.html?
+
+        store_location_for(:user, redirect_url)
+      end
+    end
+  end
+end

app/controllers/decidim/verifications/csv_census/admin/census_controller.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    module CsvCensus
+      module Admin
+        class CensusController < Decidim::Admin::ApplicationController
+          layout "decidim/admin/users"
+
+          before_action :show_instructions,
+                        unless: :csv_census_active?
+
+          def index
+            enforce_permission_to :index, :authorization
+            @form = form(CensusDataForm).instance
+            @status = Status.new(current_organization)
+          end
+
+          def create
+            enforce_permission_to :create, :authorization
+            @form = form(CensusDataForm).from_params(params)
+            CreateCensusData.call(@form, current_organization) do
+              on(:ok) do
+                flash[:notice] = t(".success", count: @form.data.values.count, errors: @form.data.errors.count)
+              end
+
+              on(:invalid) do
+                flash[:alert] = t(".error")
+              end
+            end
+            redirect_to census_path
+          end
+
+          def destroy_all
+            enforce_permission_to :destroy, :authorization
+            CsvDatum.clear(current_organization)
+
+            redirect_to census_path, notice: t(".success")
+          end
+
+          private
+
+          def show_instructions
+            enforce_permission_to :index, :authorization
+            render :instructions
+          end
+
+          def csv_census_active?
+            current_organization.available_authorizations.include?("csv_census")
+          end
+        end
+      end
+    end
+  end
+end

app/controllers/decidim/verifications/csv_census/authorizations_controller.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    module CsvCensus
+      class AuthorizationsController < Decidim::ApplicationController
+        helper_method :authorization
+
+        before_action :load_authorization
+
+        def new
+          @form = CensusForm.from_params(user: current_user)
+          ConfirmCensusAuthorization.call(@authorization, @form) do
+            on(:ok) do
+              flash[:notice] = t("authorizations.new.success", scope: "decidim.verifications.csv_census")
+            end
+            on(:invalid) do
+              flash[:alert] = t("authorizations.new.error", scope: "decidim.verifications.csv_census")
+            end
+            redirect_to decidim_verifications.authorizations_path
+          end
+        end
+
+        private
+
+        def authorization
+          @authorization ||= AuthorizationPresenter.new(@authorization)
+        end
+
+        def load_authorization
+          @authorization = Decidim::Authorization.find_or_initialize_by(
+            user: current_user,
+            name: "csv_census"
+          )
+        end
+      end
+    end
+  end
+end

app/controllers/decidim/verifications/id_documents/admin/config_controller.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Verifications
+    module IdDocuments
+      module Admin
+        #
+        # Handles the configuration for the ID documents verification
+        #
+        class ConfigController < Decidim::Admin::ApplicationController
+          layout "decidim/admin/users"
+
+          def edit
+            enforce_permission_to :update, :organization, organization: current_organization
+
+            @form = form(ConfigForm).from_model(current_organization)
+          end
+
+          def update
+            enforce_permission_to :update, :organization, organization: current_organization
+
+            @form = form(ConfigForm).from_params(params)
+
+            UpdateConfig.call(@form) do
+              on(:ok) do
+                flash[:notice] = t("config.update.success", scope: "decidim.verifications.id_documents.admin")
+                redirect_to pending_authorizations_path
+              end
+
+              on(:invalid) do
+                flash.now[:alert] = t("config.update.error", scope: "decidim.verifications.id_documents.admin")
+                render action: :edit
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end