lib/arux_app/api/auth.rb in arux_app-1.0.0 vs lib/arux_app/api/auth.rb in arux_app-3.0.0

@@ -3,15 +3,16 @@
     class Auth
       class InvalidGrantError < API::Error; end
       class InvalidClientError < API::Error; end
 
       class AccessToken
-        attr_accessor :token, :auth
+        attr_accessor :token, :auth, :scope
 
         def initialize(options = {})
           self.token = options[:token]
           self.auth = options[:auth]
+          self.scope = options[:scope]
 
           raise API::InitializerError.new(:token, "can't be blank") if self.token.to_s.empty?
           raise API::InitializerError.new(:auth, "can't be blank") if self.auth.nil?
           raise API::InitializerError.new(:auth, "must be of class type AruxApp::API::Auth") if !self.auth.is_a?(AruxApp::API::Auth)
         end
@@ -23,20 +24,10 @@
           end
           @user_data
         end
       end
 
-      def self.server_uri
-        if AruxApp::API.standardmode?
-          "https://sso.arux.app"
-        elsif AruxApp::API.testmode?
-          "https://sso.arux.blue"
-        elsif AruxApp::API.devmode?
-          "https://sso.#{HOSTNAME}"
-        end
-      end
-
       attr_accessor :client_id, :client_secret, :redirect_uri, :js_callback, :district_subdomain, :current_user_uuid, :login_mechanism, :element
 
       def initialize(options = {})
         self.client_id = options[:client_id]
         self.client_secret = options[:client_secret]
@@ -50,16 +41,66 @@
         raise API::InitializerError.new(:client_id, "can't be blank") if self.client_id.to_s.empty?
         raise API::InitializerError.new(:client_secret, "can't be blank") if self.client_secret.to_s.empty?
         raise API::InitializerError.new(:redirect_uri, "can't be blank") if self.redirect_uri.to_s.empty?
       end
 
-      def authorization_url
-        %(#{self.class.server_uri}/authorize?client_id=#{self.client_id}&redirect_uri=#{self.redirect_uri}&district=#{self.district_subdomain})
+      def self.public_uri
+        AruxApp::API.uri(subdomain: "account")
       end
 
+      def public_uri
+        self.class.public_uri
+      end
+
+      def self.api_uri
+        AruxApp::API.uri(subdomain: "account.api")
+      end
+
+      def api_uri
+        self.class.api_uri
+      end
+
+      def authorization_url(scope: "public")
+        base_uri = URI.parse("#{public_uri}/oauth/authorize")
+        params = {
+          scope: scope,
+          response_type: "code",
+          client_id: client_id,
+          redirect_uri: redirect_uri,
+          district: district_subdomain
+        }
+        base_uri.query = URI.encode_www_form(params)
+        base_uri.to_s
+      end
+
+      def basic_authentication(username, password, scope = "public")
+        params = {
+          scope: scope,
+          grant_type: "password",
+          client_id: client_id,
+          client_secret: client_secret
+        }
+
+        request = HTTPI::Request.new.tap do |req|
+          req.url = "#{public_uri}/oauth/token"
+          req.body = params
+          req.headers = { 'User-Agent' => USER_AGENT }
+          req.auth.basic(username, password)
+        end
+
+        response = HTTPI.post(request)
+        raise(API::Error.new(response.code, response.body)) if response.error?
+
+        AccessToken.new(
+          token: JSON.parse(response.body)['access_token'],
+          scope: JSON.parse(response.body)['scope'],
+          auth: self
+        )
+      end
+
       def registration_url
-        %(#{self.class.server_uri}/register?client_id=#{self.client_id}&redirect_uri=#{self.redirect_uri}&district=#{self.district_subdomain})
+        %(#{public_uri}/users/registrations?client_id=#{self.client_id}&redirect_uri=#{self.redirect_uri}&district=#{self.district_subdomain})
       end
 
       def access_token(code)
         data = {
           :code => code,
@@ -68,18 +109,22 @@
           :client_secret => self.client_secret,
           :client_id => self.client_id
         }
 
         request = HTTPI::Request.new
-        request.url = "#{self.class.server_uri}/access_token"
+        request.url = "#{api_uri}/oauth/token"
         request.body = data
         request.headers = {'User-Agent' => USER_AGENT}
 
         response = HTTPI.post(request)
 
         if !response.error?
-          return AccessToken.new(:token => JSON.parse(response.body)['access_token'], :auth => self)
+          AccessToken.new(
+            token: JSON.parse(response.body)['access_token'],
+            scope: JSON.parse(response.body)['scope'],
+            auth: self
+          )
         else
           begin
             resp_data = JSON.parse(response.body)
           rescue
           end
@@ -88,9 +133,30 @@
           elsif resp_data and resp_data["error"] == "invalid_client"
             raise(API::Auth::InvalidClientError.new(response.code, response.body))
           else
             raise(API::Error.new(response.code, response.body))
           end
+        end
+      end
+
+      def client_credentials_token
+        data = {
+          scope: "public",
+          grant_type: "client_credentials",
+          client_id: client_id,
+          client_secret: client_secret
+        }
+
+        request = HTTPI::Request.new
+        request.url = "#{api_uri}/oauth/token"
+        request.body = data
+        request.headers = {'User-Agent' => USER_AGENT}
+
+        response = HTTPI.post(request)
+        if !response.error?
+          AccessToken.new(:token => JSON.parse(response.body)['access_token'], auth: self)
+        else
+          raise(API::Error.new(response.code, response.body))
         end
       end
 
       def javascript
         options = {