impress/app/models/auth_user.rb

class AuthUser < AuthRecord
  self.table_name = 'users'

  devise :database_authenticatable, :encryptable, :registerable, :validatable,
    :rememberable, :trackable, :recoverable, :omniauthable,
    omniauth_providers: [:neopass]

  validates :name, presence: true, uniqueness: {case_sensitive: false},
    length: {maximum: 30}
  
  has_one :user, foreign_key: :remote_id, inverse_of: :auth_user
  
  # It's important to keep AuthUser and User in sync. When we create an AuthUser
  # (e.g. through the registration process), we create a matching User, too. And
  # when the AuthUser's name changes, we update User to match.
  #
  # TODO: Should we sync deletions too? We don't do deletions anywhere in app
  # right now, so I'll hold off to avoid leaving dead code around.
  after_create :create_user!
  after_update :sync_name_with_user!, if: :saved_change_to_name?

  def create_user!
    User.create!(name: name, auth_server_id: 1, remote_id: id)
  end

  def sync_name_with_user!
    user.name = name
    user.save!
  end

  def uses_omniauth?
    provider? && uid?
  end

  def email_required?
    !uses_omniauth?
  end

  def password_required?
    super && !uses_omniauth?
  end

  def neopass?
    provider == "neopass"
  end

  def neopass_friendly_id
    neopass_email || uid
  end

  def self.from_omniauth(auth)
    raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?

    transaction do
      find_or_create_by!(provider: auth.provider, uid: auth.uid) do |user|
        # This account is new! Let's do the initial setup.

        # TODO: Can we somehow get the Neopets username if one exists, instead
        # of just using total randomness?
        user.name = build_unique_username

        # Copy the email address from their Neopets account to their DTI
        # account, unless they already have a DTI account with this email, in
        # which case, ignore it. (It's primarily for their own convenience with
        # password recovery!)
        email_exists = AuthUser.where(email: auth.info.email).exists?
        user.email = auth.info.email unless email_exists
      end.tap do |user|
        # Additionally, whether this account is new or existing, make sure
        # we've saved the latest email to `neopass_email`.
        #
        # We track this separately from `email`, which the user can edit, to
        # use in the Settings UI to indicate what NeoPass you're linked to. (In
        # practice, this *shouldn't* ever change after initial setup, because
        # NeoPass emails are immutable? But why not be resilient!)
        user.update!(neopass_email: auth.info.email)
      end
    end
  end

  def self.build_unique_username
    # Start with a base name like "neopass-kougra-".
    random_species_name = Species.all.pluck(:name).sample
    base_name = "neopass-#{random_species_name}"

    # Fetch the list of names that already start with that.
    name_query = sanitize_sql_like(base_name) + "%"
    similar_names = where("name LIKE ?", name_query).pluck(:name).to_set

    # Shuffle the list of four-digit numbers to create 10000 possible names,
    # then use the first one that's not already claimed.
    potential_names = (0..9999).map { |n| "#{base_name}-#{n}" }.shuffle
    name = potential_names.find { |name| !similar_names.include?(name) }
    return name unless name.nil?

    # If that failed, try again but with six digits.
    potential_names = (0..999999).map { |n| "#{base_name}-#{n}" }.shuffle
    name = potential_names.find { |name| !similar_names.include?(name) }
    return name unless name.nil?

    # If *that* failed, then golly gee, we have millions of NeoPass users
    # running around using the default username. Good for us, I guess?? If so,
    # uhh, let's cross that bridge when we come to it. (At time of writing,
    # there are about 60k total registered DTI users at *all*.)
    raise "Failed to build unique username (all million+ names starting with " +
      "\"#{base_name}\" are taken??)"
  end

  class MissingAuthInfoError < ArgumentError;end
end
Add AuthUser model, connecting to openneo_id db No user-facing functionality here yet, just configuring the database connection to work with openneo_id records. This is a first step in integrating Devise stuff into this app instead of connecting with a weird second app. My basic testing for this was to temporarily connect to production `openneo_id`, and see `AuthUser.first` correctly return a user! 2023-08-03 17:14:09 -07:00			`class AuthUser < AuthRecord`
			`self.table_name = 'users'`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00
Add Remember Me to login This requires a migration, our first migration against the openneo_id database from this app! Fun! 2023-08-06 18:03:06 -07:00			`devise :database_authenticatable, :encryptable, :registerable, :validatable,`
Add hidden "Log in with NeoPass" button, to placeholder login strategy If you pass `?neopass=1` (or a secret value in production), you can see the "Log in with NeoPass" button, which currently takes you to OmniAuth's "developer" login page, where you can specify a name and email and be redirected back. (All placeholder UI!) We're gonna strip the whole developer strategy out pretty fast and replace it with one that uses our NeoPass test server. This is just me checking my understanding of the wiring! 2024-03-14 15:34:24 -07:00			`:rememberable, :trackable, :recoverable, :omniauthable,`
NeoPass strategy interacts with dev NeoPass server, which is still WIP In this change, we wire up a new NeoPass OAuth2 strategy for OmniAuth, and hook up the "Log in with NeoPass" button to use it! The authentication currently fails with `invalid_credentials`, and shows the `owo` response we hardcoded into the NeoPass server's token response. We need to finally follow up on the little `TODO` written in there! 2024-03-14 16:13:31 -07:00			`omniauth_providers: [:neopass]`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00
			`validates :name, presence: true, uniqueness: {case_sensitive: false},`
Increase maximum username length to 30 I'm writing some code for default NeoPass usernames, and they can get kinda long, so I want to clear some extra space for them! 2024-04-01 05:47:00 -07:00			`length: {maximum: 30}`
Create a User when we create an AuthUser We also update seeds.rb to be up to date! This should make it possible to log in as test/test123 from a fresh database. 2023-08-06 16:08:13 -07:00
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00			`has_one :user, foreign_key: :remote_id, inverse_of: :auth_user`

			`# It's important to keep AuthUser and User in sync. When we create an AuthUser`
			`# (e.g. through the registration process), we create a matching User, too. And`
			`# when the AuthUser's name changes, we update User to match.`
			`#`
			`# TODO: Should we sync deletions too? We don't do deletions anywhere in app`
			`# right now, so I'll hold off to avoid leaving dead code around.`
Clarify the error behavior on AuthUser syncing I added bangs to signify they're mutative operations, but also the bang on `create!` helps ensure we'll bail if User creation fails for some reason. 2023-08-06 18:35:52 -07:00			`after_create :create_user!`
			`after_update :sync_name_with_user!, if: :saved_change_to_name?`
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00
Clarify the error behavior on AuthUser syncing I added bangs to signify they're mutative operations, but also the bang on `create!` helps ensure we'll bail if User creation fails for some reason. 2023-08-06 18:35:52 -07:00			`def create_user!`
			`User.create!(name: name, auth_server_id: 1, remote_id: id)`
Create a User when we create an AuthUser We also update seeds.rb to be up to date! This should make it possible to log in as test/test123 from a fresh database. 2023-08-06 16:08:13 -07:00			`end`
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00
Clarify the error behavior on AuthUser syncing I added bangs to signify they're mutative operations, but also the bang on `create!` helps ensure we'll bail if User creation fails for some reason. 2023-08-06 18:35:52 -07:00			`def sync_name_with_user!`
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00			`user.name = name`
			`user.save!`
			`end`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00
			`def uses_omniauth?`
			`provider? && uid?`
			`end`

			`def email_required?`
			`!uses_omniauth?`
			`end`

			`def password_required?`
Oops, stop requiring a new password whenever AuthUser is changed Ah right, I went and checked the Devise source code, and the default implementation for `password_required?` is a bit trickier than I expected: ```ruby def password_required? !persisted? \|\| !password.nil? \|\| !password_confirmation.nil? end ``` Looks like `super` does a good enough job here, though! (I'm actually kinda surprised, I wasn't sure how Ruby's `super` rules worked, and this isn't a subclass thing—or maybe it is, maybe the `devise` method adds a mixin? Idk! But it does what I expect, so, great!) So now, we require the password if 1) Devise doesn't see a UI reason not to, and 2) the user isn't using OmniAuth (i.e. NeoPass). This had caused a bug where it was impossible to use the Settings page without changing your password! (The form says it's okay to leave it blank, which stopped being true! But now it's fixed!) 2024-03-14 19:19:56 -07:00			`super && !uses_omniauth?`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00			`end`

Add some NeoPass info to the Settings page, if you have one No buttons to change it or anything, or to link if you don't! Just a basic display and explanation! 2024-04-07 07:17:33 -07:00			`def neopass?`
			`provider == "neopass"`
			`end`

			`def neopass_friendly_id`
			`neopass_email \|\| uid`
			`end`

Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00			`def self.from_omniauth(auth)`
			`raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?`

			`transaction do`
			`find_or_create_by!(provider: auth.provider, uid: auth.uid) do \|user\|`
Track `neopass_email` when logging in with NeoPass Gonna use this in the Settings UI to communicate what NeoPass you're connected to! 2024-04-07 07:17:07 -07:00			`# This account is new! Let's do the initial setup.`

Use completely random NeoPass usernames for now Ahh, I had assumed the `uid` provided by NeoPass would be the user's Neopets username, but in hindsight that was never gonna work out since NeoPass doesn't think of things in terms of usernames at all! For now, we create 100% random NeoPass usernames, of the form "neopass-shoyru-5812" or similar. This will be an important fallback anyway, because it's possible to have a NeoPass with no Neopets.com account attached. But hopefully we'll be able to work with TNT to request the user's main Neopets account's username somehow, to use that as the default when possible! 2024-04-01 05:57:06 -07:00			`# TODO: Can we somehow get the Neopets username if one exists, instead`
			`# of just using total randomness?`
			`user.name = build_unique_username`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00
			`# Copy the email address from their Neopets account to their DTI`
			`# account, unless they already have a DTI account with this email, in`
			`# which case, ignore it. (It's primarily for their own convenience with`
			`# password recovery!)`
			`email_exists = AuthUser.where(email: auth.info.email).exists?`
			`user.email = auth.info.email unless email_exists`
Track `neopass_email` when logging in with NeoPass Gonna use this in the Settings UI to communicate what NeoPass you're connected to! 2024-04-07 07:17:07 -07:00			`end.tap do \|user\|`
			`# Additionally, whether this account is new or existing, make sure`
			# we've saved the latest email to `neopass_email`.
			`#`
			# We track this separately from `email`, which the user can edit, to
			`# use in the Settings UI to indicate what NeoPass you're linked to. (In`
			`# practice, this shouldn't ever change after initial setup, because`
			`# NeoPass emails are immutable? But why not be resilient!)`
			`user.update!(neopass_email: auth.info.email)`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00			`end`
			`end`
			`end`

Use completely random NeoPass usernames for now Ahh, I had assumed the `uid` provided by NeoPass would be the user's Neopets username, but in hindsight that was never gonna work out since NeoPass doesn't think of things in terms of usernames at all! For now, we create 100% random NeoPass usernames, of the form "neopass-shoyru-5812" or similar. This will be an important fallback anyway, because it's possible to have a NeoPass with no Neopets.com account attached. But hopefully we'll be able to work with TNT to request the user's main Neopets account's username somehow, to use that as the default when possible! 2024-04-01 05:57:06 -07:00			`def self.build_unique_username`
			`# Start with a base name like "neopass-kougra-".`
			`random_species_name = Species.all.pluck(:name).sample`
			`base_name = "neopass-#{random_species_name}"`

			`# Fetch the list of names that already start with that.`
			`name_query = sanitize_sql_like(base_name) + "%"`
			`similar_names = where("name LIKE ?", name_query).pluck(:name).to_set`

			`# Shuffle the list of four-digit numbers to create 10000 possible names,`
			`# then use the first one that's not already claimed.`
			`potential_names = (0..9999).map { \|n\| "#{base_name}-#{n}" }.shuffle`
			`name = potential_names.find { \|name\| !similar_names.include?(name) }`
			`return name unless name.nil?`

			`# If that failed, try again but with six digits.`
			`potential_names = (0..999999).map { \|n\| "#{base_name}-#{n}" }.shuffle`
			`name = potential_names.find { \|name\| !similar_names.include?(name) }`
			`return name unless name.nil?`

			`# If that failed, then golly gee, we have millions of NeoPass users`
			`# running around using the default username. Good for us, I guess?? If so,`
			`# uhh, let's cross that bridge when we come to it. (At time of writing,`
			`# there are about 60k total registered DTI users at all.)`
			`raise "Failed to build unique username (all million+ names starting with " +`
			`"\"#{base_name}\" are taken??)"`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00			`end`

			`class MissingAuthInfoError < ArgumentError;end`
Add AuthUser model, connecting to openneo_id db No user-facing functionality here yet, just configuring the database connection to work with openneo_id records. This is a first step in integrating Devise stuff into this app instead of connecting with a weird second app. My basic testing for this was to temporarily connect to production `openneo_id`, and see `AuthUser.first` correctly return a user! 2023-08-03 17:14:09 -07:00			`end`