discourse-custom-wizard-unlocked/lib/api/authorization.rb

require 'excon'

class CustomWizard::Api::Authorization
  include ActiveModel::SerializerSupport

  attr_accessor :authorized,
                :service,
                :auth_type,
                :auth_url,
                :token_url,
                :client_id,
                :client_secret,
                :auth_params,
                :access_token,
                :refresh_token,
                :token_expires_at,
                :token_refresh_at,
                :code,
                :username,
                :password

  def initialize(service, params)
    @service = service
    data = params.is_a?(String) ? ::JSON.parse(params) : params

    data.each do |k, v|
      self.send "#{k}=", v if self.respond_to?(k)
    end
  end

  def authorized
    @authorized ||= @access_token && @token_expires_at.to_datetime > Time.now
  end

  def self.set(service, data)
    model = self.get(service) || {}

    data.each do |k, v|
      model.send "#{k}=", v if model.respond_to?(k)
    end

    PluginStore.set("custom_wizard_api_#{service}", 'authorization', model.as_json)

    self.get(service)
  end

  def self.get(service)
    data = PluginStore.get("custom_wizard_api_#{service}", 'authorization')
    self.new(service, data)
  end

  def self.get_header_authorization_string(service)
    protocol = authentication_protocol(service)
    raise Discourse::InvalidParameters.new(:service) unless protocol.present?
    raise Discourse::InvalidParameters.new(:protocol) unless [BASIC_AUTH, OAUTH2_AUTH].include? protocol

    if protocol = BASIC_AUTH
      username = username(service)
      raise Discourse::InvalidParameters.new(:username) unless username.present?
      password = password(service)
      raise Discourse::InvalidParameters.new(:password) unless password.present?
      authorization_string = (username + ":" + password).chomp
      "Basic #{Base64.strict_encode64(authorization_string)}"
    else
      # must be OAUTH2
      access_token = access_token(service)
      raise Discourse::InvalidParameters.new(access_token) unless access_token.present?
      "Bearer #{access_token}"
    end
  end

  def self.get_token(service)
    authorization = CustomWizard::Api::Authorization.get(service)

    body = {
      client_id: authorization.client_id,
      client_secret: authorization.client_secret,
      code: authorization.code,
      grant_type: 'authorization_code',
      redirect_uri: Discourse.base_url + "/admin/wizards/apis/#{service}/redirect"
    }

    result = Excon.post(
      authorization.token_url,
      :headers => {
        "Content-Type" => "application/x-www-form-urlencoded"
      },
      :body => URI.encode_www_form(body)
    )

    self.handle_token_result(service, result)
  end

  def self.refresh_token(service)
    authorization = CustomWizard::Api::Authorization.get(service)

    body = {
      grant_type: 'refresh_token',
      refresh_token: authorization.refresh_token
    }

    authorization_string = authorization.client_id + ':' + authorization.client_secret

    result = Excon.post(
      authorization.token_url,
      :headers => {
        "Content-Type" => "application/x-www-form-urlencoded",
        "Authorization" => "Basic #{Base64.strict_encode64(authorization_string)}"
      },
      :body => URI.encode_www_form(body)
    )

    self.handle_token_result(service, result)
  end

  def self.handle_token_result(service, result)
    data = JSON.parse(result.body)

    return false if (data['error'])

    access_token = data['access_token']
    refresh_token = data['refresh_token']
    expires_at = Time.now + data['expires_in'].seconds
    refresh_at = expires_at.to_time - 2.hours

    opts = {
      service: service
    }

    Jobs.enqueue_at(refresh_at, :refresh_api_access_token, opts)

    CustomWizard::Api::Authorization.set(service,
      access_token: access_token,
      refresh_token: refresh_token,
      token_expires_at: expires_at,
      token_refresh_at: refresh_at
    )
  end
end