feat(auth): remove callbackUrl parameter on authentication and remove forest_agent_url (FOREST_APPLICATION_URL) variable (#582)

Author: matthv

app/controllers/forest_liana/authentication_controller.rb

@@ -6,45 +6,30 @@ class AuthenticationController < ForestLiana::BaseController
     START_AUTHENTICATION_ROUTE = 'authentication'
     CALLBACK_AUTHENTICATION_ROUTE = 'authentication/callback'
     LOGOUT_ROUTE = 'authentication/logout'
-    PUBLIC_ROUTES = [
-      "/#{START_AUTHENTICATION_ROUTE}",
-      "/#{CALLBACK_AUTHENTICATION_ROUTE}",
-      "/#{LOGOUT_ROUTE}",
-    ]
+    PUBLIC_ROUTES = %W[/#{START_AUTHENTICATION_ROUTE} /#{CALLBACK_AUTHENTICATION_ROUTE} /#{LOGOUT_ROUTE}]
 
     def initialize
       @authentication_service = ForestLiana::Authentication.new()
     end
-  
-    def get_callback_url
-      File.join(ForestLiana.application_url, "/forest/#{CALLBACK_AUTHENTICATION_ROUTE}").to_s
-    rescue => error
-      raise "application_url is not valid or not defined" if error.is_a?(ArgumentError)
-    end
 
     def get_and_check_rendering_id
       if !params.has_key?('renderingId')
         raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:MISSING_RENDERING_ID]
       end
 
       rendering_id = params[:renderingId]
-      
+
       if !(rendering_id.instance_of?(String) || rendering_id.instance_of?(Numeric)) || (rendering_id.instance_of?(Numeric) && rendering_id.nan?)
         raise ForestLiana::MESSAGES[:SERVER_TRANSACTION][:INVALID_RENDERING_ID]
       end
 
       return rendering_id.to_i
     end
 
-    def start_authentication 
+    def start_authentication
       begin
         rendering_id = get_and_check_rendering_id()
-        callback_url = get_callback_url()
-
-        result = @authentication_service.start_authentication(
-          callback_url,
-          { 'renderingId' => rendering_id },
-        )
+        result = @authentication_service.start_authentication({ 'renderingId' => rendering_id })
 
         render json: { authorizationUrl: result['authorization_url']}, status: 200
       rescue => error
@@ -55,12 +40,7 @@ def start_authentication
 
     def authentication_callback
       begin
-        callback_url = get_callback_url()
-
-        token = @authentication_service.verify_code_and_generate_token(
-          callback_url,
-          params,
-        )
+        token = @authentication_service.verify_code_and_generate_token(params)
 
         response_body = {
           token: token,
@@ -79,7 +59,7 @@ def logout
       begin
         if cookies.has_key?(:forest_session_token)
           forest_session_token = cookies[:forest_session_token]
-          
+
           if forest_session_token
             response.set_cookie(
               'forest_session_token',

app/services/forest_liana/authentication.rb

@@ -1,18 +1,18 @@
 module ForestLiana
   class Authentication
-    def start_authentication(redirect_url, state)
-      client = ForestLiana::OidcClientManager.get_client_for_callback_url(redirect_url)
+    def start_authentication(state)
+      client = ForestLiana::OidcClientManager.get_client()
 
       authorization_url = client.authorization_uri({
         scope: 'openid email profile',
         state: state.to_s,
       })
-  
+
       { 'authorization_url' => authorization_url }
     end
 
-    def verify_code_and_generate_token(redirect_url, params) 
-      client = ForestLiana::OidcClientManager.get_client_for_callback_url(redirect_url)
+    def verify_code_and_generate_token(params)
+      client = ForestLiana::OidcClientManager.get_client()
 
       rendering_id = parse_state(params['state'])
       client.authorization_code = params['code']

app/services/forest_liana/oidc_client_manager.rb

@@ -2,33 +2,32 @@
 
 module ForestLiana
   class OidcClientManager
-    def self.get_client_for_callback_url(callback_url)
+    def self.get_client
       begin
         configuration = ForestLiana::OidcConfigurationRetriever.retrieve()
         if ForestLiana.forest_client_id.nil?
-          client_data = Rails.cache.read("#{callback_url}-#{ForestLiana.env_secret}-client-data") || nil
+          client_data = Rails.cache.read("#{ForestLiana.env_secret}-client-data") || nil
           if client_data.nil?
             client_credentials = ForestLiana::OidcDynamicClientRegistrator.register({
               token_endpoint_auth_method: 'none',
-              redirect_uris: [callback_url],
               registration_endpoint: configuration['registration_endpoint']
             })
-            client_data = { :client_id => client_credentials['client_id'], :issuer => configuration['issuer'] }
-            Rails.cache.write("#{callback_url}-#{ForestLiana.env_secret}-client-data", client_data)
+            client_data = { :client_id => client_credentials['client_id'], :issuer => configuration['issuer'], :redirect_uri => client_credentials['redirect_uris'][0] }
+            Rails.cache.write("#{ForestLiana.env_secret}-client-data", client_data)
           end
         else
-          client_data = { :client_id => ForestLiana.forest_client_id, :issuer => configuration['issuer'] }
+          client_data = { :client_id => ForestLiana.forest_client_id, :issuer => configuration['issuer'], :redirect_uri => File.join(ForestLiana.application_url, "/forest/authentication/callback").to_s }
         end
 
         OpenIDConnect::Client.new(
           identifier: client_data[:client_id],
-          redirect_uri: callback_url,
+          redirect_uri: client_data[:redirect_uri],
           host: "#{client_data[:issuer].sub(/^https?\:\/\/(www.)?/,'')}",
           authorization_endpoint: '/oidc/auth',
           token_endpoint: '/oidc/token',
         )
       rescue => error
-        Rails.cache.delete("#{callback_url}-#{ForestLiana.env_secret}-client-data")
+        Rails.cache.delete("#{ForestLiana.env_secret}-client-data")
         raise error
       end
     end

lib/forest_liana/bootstrapper.rb

@@ -18,11 +18,19 @@ def initialize
         ForestLiana.auth_secret = ForestLiana.auth_key
       end
 
-      unless Rails.application.config.action_controller.perform_caching || Rails.env.test? || ForestLiana.forest_client_id
+      if ForestLiana.forest_client_id
+        FOREST_LOGGER.warn "DEPRECATION WARNING: The use of " \
+          "ForestLiana.forest_client_id is deprecated. It's not needed anymore."
+      end
+
+      if Rails.application.secrets.forest_application_url
+        FOREST_LOGGER.warn "DEPRECATION WARNING: The use of " \
+          "The secret forest_application_url is deprecated. It's not needed anymore."
+      end
+
+      unless Rails.application.config.action_controller.perform_caching || Rails.env.test?
         FOREST_LOGGER.error "You need to enable caching on your environment to use Forest Admin.\n" \
-          "For a development environment, run: `rails dev:cache`\n" \
-          "Or setup a static forest_client_id by following this part of the documentation:\n" \
-          "https://docs.forestadmin.com/documentation/how-tos/maintain/upgrade-notes-rails/upgrade-to-v6#setup-a-static-clientid"
+          "For a development environment, run: `rails dev:cache`"
       end
 
       fetch_models

lib/generators/forest_liana/install_generator.rb

@@ -5,7 +5,6 @@ class InstallGenerator < Rails::Generators::Base
     desc 'Forest Rails Liana installation generator'
 
     argument :env_secret, type: :string, required: true, desc: 'required', banner: 'env_secret'
-    argument :application_url, type: :string, required: false, desc: 'optional', banner: 'application_url', default: 'http://localhost:3000'
 
     def install
       if ForestLiana.env_secret.present?
@@ -28,42 +27,35 @@ def install
       if File.exist? 'config/secrets.yml'
         inject_into_file 'config/secrets.yml', after: "development:\n" do
           "  forest_env_secret: #{env_secret}\n" +
-          "  forest_auth_secret: #{auth_secret}\n" +
-          "  forest_application_url: #{application_url}\n"
+          "  forest_auth_secret: #{auth_secret}\n"
         end
 
         inject_into_file 'config/secrets.yml', after: "staging:\n", force: true do
           "  forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
-          "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n" +
-          "  forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n"
+          "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
         end
 
         inject_into_file 'config/secrets.yml', after: "production:\n", force: true do
           "  forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
-          "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n" +
-          "  forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n"
+          "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
         end
       else
         create_file 'config/secrets.yml' do
           "development:\n" +
           "  forest_env_secret: #{env_secret}\n" +
           "  forest_auth_secret: #{auth_secret}\n" +
-          "  forest_application_url: #{application_url}\n" +
           "staging:\n" +
           "  forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
           "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n" +
-          "  forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n" +
           "production:\n" +
           "  forest_env_secret: <%= ENV[\"FOREST_ENV_SECRET\"] %>\n" +
-          "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n" +
-          "  forest_application_url: <%= ENV[\"FOREST_APPLICATION_URL\"] %>\n"
+          "  forest_auth_secret: <%= ENV[\"FOREST_AUTH_SECRET\"] %>\n"
         end
       end
 
       initializer 'forest_liana.rb' do
         "ForestLiana.env_secret = Rails.application.secrets.forest_env_secret" +
-        "\nForestLiana.auth_secret = Rails.application.secrets.forest_auth_secret" +
-        "\nForestLiana.application_url = Rails.application.secrets.forest_application_url"
+        "\nForestLiana.auth_secret = Rails.application.secrets.forest_auth_secret"
       end
     end
   end

lib/tasks/clear_oidc_data.rake

@@ -0,0 +1,6 @@
+namespace :forest do
+  desc "Clear the OIDC data cache key"
+  task clear: :environment do
+    Rails.cache.delete("#{ForestLiana.env_secret}-client-data")
+  end
+end

spec/requests/authentications_spec.rb

@@ -14,19 +14,19 @@
         }', :symbolize_names => false)
     }
     allow(ForestLiana::ForestApiRequester).to receive(:post) {
-      instance_double(HTTParty::Response, body: '{ "client_id": "random_id" }', code: 201)
+      instance_double(HTTParty::Response, body: '{ "client_id": "random_id", "redirect_uris": ["http://localhost:3000/forest/authentication/callback"] }', code: 201)
     }
     allow_any_instance_of(OpenIDConnect::Client).to receive(:access_token!) {
       OpenIDConnect::AccessToken.new(access_token: 'THE-ACCESS-TOKEN', client: instance_double(OpenIDConnect::Client))
     }
   end
 
   after do
-    Rails.cache.delete(URI.join(ForestLiana.application_url, ForestLiana::Engine.routes.url_helpers.authentication_callback_path).to_s)
+    Rails.cache.delete("#{ForestLiana.env_secret}-client-data")
   end
 
   describe "POST /authentication" do
-    before() do 
+    before() do
       post ForestLiana::Engine.routes.url_helpers.authentication_path, params: '{"renderingId":"42"}', headers: {
         'Accept' => 'application/json',
         'Content-Type' => 'application/json',
@@ -44,10 +44,10 @@
   end
 
   describe "GET /authentication/callback" do
-    before() do 
+    before() do
       response = '{"data":{"id":666,"attributes":{"first_name":"Alice","last_name":"Doe","email":"alice@forestadmin.com","teams":[1,2,3],"role":"Test","tags":[{"key":"city","value":"Paris"}]}}}'
       allow(ForestLiana::ForestApiRequester).to receive(:get).with(
-        "/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query=> {} }
+        "/liana/v2/renderings/42/authorization", { :headers => { "forest-token" => "THE-ACCESS-TOKEN" }, :query => {} }
       ).and_return(
         instance_double(HTTParty::Response, :body => response, :code => 200)
       )
@@ -86,7 +86,7 @@
   end
 
   describe "POST /authentication/logout" do
-    before() do 
+    before() do
       post ForestLiana::Engine.routes.url_helpers.authentication_logout_path, params: { :renderingId => 42 }, :headers => headers
     end