impress/app/models/auth_user.rb

class AuthUser < AuthRecord
  self.table_name = 'users'

  devise :database_authenticatable, :encryptable, :registerable, :validatable,
    :rememberable, :trackable, :recoverable, :omniauthable,
    omniauth_providers: [:neopass]

  validates :name, presence: true, uniqueness: {case_sensitive: false},
    length: {maximum: 20}
  
  has_one :user, foreign_key: :remote_id, inverse_of: :auth_user
  
  # It's important to keep AuthUser and User in sync. When we create an AuthUser
  # (e.g. through the registration process), we create a matching User, too. And
  # when the AuthUser's name changes, we update User to match.
  #
  # TODO: Should we sync deletions too? We don't do deletions anywhere in app
  # right now, so I'll hold off to avoid leaving dead code around.
  after_create :create_user!
  after_update :sync_name_with_user!, if: :saved_change_to_name?

  def create_user!
    User.create!(name: name, auth_server_id: 1, remote_id: id)
  end

  def sync_name_with_user!
    user.name = name
    user.save!
  end

  def uses_omniauth?
    provider? && uid?
  end

  def email_required?
    !uses_omniauth?
  end

  def password_required?
    super && !uses_omniauth?
  end

  def self.from_omniauth(auth)
    raise MissingAuthInfoError, "Username missing" if auth.uid.blank?
    raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?

    transaction do
      find_or_create_by!(provider: auth.provider, uid: auth.uid) do |user|
        # Use the Neopets username if possible, or a unique username if not.
        dti_username = build_unique_username_like(auth.uid)
        user.name = dti_username

        # Copy the email address from their Neopets account to their DTI
        # account, unless they already have a DTI account with this email, in
        # which case, ignore it. (It's primarily for their own convenience with
        # password recovery!)
        email_exists = AuthUser.where(email: auth.info.email).exists?
        user.email = auth.info.email unless email_exists
      end
    end
  end

  def self.build_unique_username_like(name)
    name_query = sanitize_sql_like(name) + "%"
    similar_names = where("name LIKE ?", name_query).pluck(:name)

    # Use the given name itself, if we can.
    return name unless similar_names.include?(name)

    # If not, try appending "-neopass".
    return "#{name}-neopass" unless similar_names.include?("#{name}-neopass")

    # After that, try appending "-neopass-1", "-neopass-2", etc, until a
    # unique name arises. (We don't expect this to happen basically ever, but
    # it's nice to have a guarantee!)
    max = similar_names.size + 1
    candidates = (1..max).map { |n| "#{name}-neopass-#{n}"}
    numerical_name = candidates.find { |name| !similar_names.include?(name) }
    return numerical_name unless numerical_name.nil?

    raise "Failed to build unique username (shouldn't be possible?)"
  end

  class MissingAuthInfoError < ArgumentError;end
end
Add AuthUser model, connecting to openneo_id db No user-facing functionality here yet, just configuring the database connection to work with openneo_id records. This is a first step in integrating Devise stuff into this app instead of connecting with a weird second app. My basic testing for this was to temporarily connect to production `openneo_id`, and see `AuthUser.first` correctly return a user! 2023-08-03 17:14:09 -07:00			`class AuthUser < AuthRecord`
			`self.table_name = 'users'`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00
Add Remember Me to login This requires a migration, our first migration against the openneo_id database from this app! Fun! 2023-08-06 18:03:06 -07:00			`devise :database_authenticatable, :encryptable, :registerable, :validatable,`
Add hidden "Log in with NeoPass" button, to placeholder login strategy If you pass `?neopass=1` (or a secret value in production), you can see the "Log in with NeoPass" button, which currently takes you to OmniAuth's "developer" login page, where you can specify a name and email and be redirected back. (All placeholder UI!) We're gonna strip the whole developer strategy out pretty fast and replace it with one that uses our NeoPass test server. This is just me checking my understanding of the wiring! 2024-03-14 15:34:24 -07:00			`:rememberable, :trackable, :recoverable, :omniauthable,`
NeoPass strategy interacts with dev NeoPass server, which is still WIP In this change, we wire up a new NeoPass OAuth2 strategy for OmniAuth, and hook up the "Log in with NeoPass" button to use it! The authentication currently fails with `invalid_credentials`, and shows the `owo` response we hardcoded into the NeoPass server's token response. We need to finally follow up on the little `TODO` written in there! 2024-03-14 16:13:31 -07:00			`omniauth_providers: [:neopass]`
Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. 2023-08-06 15:52:05 -07:00
			`validates :name, presence: true, uniqueness: {case_sensitive: false},`
			`length: {maximum: 20}`
Create a User when we create an AuthUser We also update seeds.rb to be up to date! This should make it possible to log in as test/test123 from a fresh database. 2023-08-06 16:08:13 -07:00
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00			`has_one :user, foreign_key: :remote_id, inverse_of: :auth_user`

			`# It's important to keep AuthUser and User in sync. When we create an AuthUser`
			`# (e.g. through the registration process), we create a matching User, too. And`
			`# when the AuthUser's name changes, we update User to match.`
			`#`
			`# TODO: Should we sync deletions too? We don't do deletions anywhere in app`
			`# right now, so I'll hold off to avoid leaving dead code around.`
Clarify the error behavior on AuthUser syncing I added bangs to signify they're mutative operations, but also the bang on `create!` helps ensure we'll bail if User creation fails for some reason. 2023-08-06 18:35:52 -07:00			`after_create :create_user!`
			`after_update :sync_name_with_user!, if: :saved_change_to_name?`
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00
Clarify the error behavior on AuthUser syncing I added bangs to signify they're mutative operations, but also the bang on `create!` helps ensure we'll bail if User creation fails for some reason. 2023-08-06 18:35:52 -07:00			`def create_user!`
			`User.create!(name: name, auth_server_id: 1, remote_id: id)`
Create a User when we create an AuthUser We also update seeds.rb to be up to date! This should make it possible to log in as test/test123 from a fresh database. 2023-08-06 16:08:13 -07:00			`end`
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00
Clarify the error behavior on AuthUser syncing I added bangs to signify they're mutative operations, but also the bang on `create!` helps ensure we'll bail if User creation fails for some reason. 2023-08-06 18:35:52 -07:00			`def sync_name_with_user!`
Sync AuthUser and User names Callbacks are handy for this! 2023-08-06 16:23:22 -07:00			`user.name = name`
			`user.save!`
			`end`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00
			`def uses_omniauth?`
			`provider? && uid?`
			`end`

			`def email_required?`
			`!uses_omniauth?`
			`end`

			`def password_required?`
Oops, stop requiring a new password whenever AuthUser is changed Ah right, I went and checked the Devise source code, and the default implementation for `password_required?` is a bit trickier than I expected: ```ruby def password_required? !persisted? \|\| !password.nil? \|\| !password_confirmation.nil? end ``` Looks like `super` does a good enough job here, though! (I'm actually kinda surprised, I wasn't sure how Ruby's `super` rules worked, and this isn't a subclass thing—or maybe it is, maybe the `devise` method adds a mixin? Idk! But it does what I expect, so, great!) So now, we require the password if 1) Devise doesn't see a UI reason not to, and 2) the user isn't using OmniAuth (i.e. NeoPass). This had caused a bug where it was impossible to use the Settings page without changing your password! (The form says it's okay to leave it blank, which stopped being true! But now it's fixed!) 2024-03-14 19:19:56 -07:00			`super && !uses_omniauth?`
Actually create user from NeoPass authentication! <3 <3 Whew, exciting! Still done nothing against the live NeoPass server, but we've got this fully working with the development server, it seems! Wowie!! This is all still hidden behind secret flags, so it's fine to deploy live. (And it's not actually a problem if someone gets past to the endpoints behind it, because we haven't actually set up real credentials for our NeoPass client yet, so authentication will fail!) Okay time to lie down lol. 2024-03-14 19:11:06 -07:00			`end`

			`def self.from_omniauth(auth)`
			`raise MissingAuthInfoError, "Username missing" if auth.uid.blank?`
			`raise MissingAuthInfoError, "Email missing" if auth.info.email.blank?`

			`transaction do`
			`find_or_create_by!(provider: auth.provider, uid: auth.uid) do \|user\|`
			`# Use the Neopets username if possible, or a unique username if not.`
			`dti_username = build_unique_username_like(auth.uid)`
			`user.name = dti_username`

			`# Copy the email address from their Neopets account to their DTI`
			`# account, unless they already have a DTI account with this email, in`
			`# which case, ignore it. (It's primarily for their own convenience with`
			`# password recovery!)`
			`email_exists = AuthUser.where(email: auth.info.email).exists?`
			`user.email = auth.info.email unless email_exists`
			`end`
			`end`
			`end`

			`def self.build_unique_username_like(name)`
			`name_query = sanitize_sql_like(name) + "%"`
			`similar_names = where("name LIKE ?", name_query).pluck(:name)`

			`# Use the given name itself, if we can.`
			`return name unless similar_names.include?(name)`

			`# If not, try appending "-neopass".`
			`return "#{name}-neopass" unless similar_names.include?("#{name}-neopass")`

			`# After that, try appending "-neopass-1", "-neopass-2", etc, until a`
			`# unique name arises. (We don't expect this to happen basically ever, but`
			`# it's nice to have a guarantee!)`
			`max = similar_names.size + 1`
			`candidates = (1..max).map { \|n\| "#{name}-neopass-#{n}"}`
			`numerical_name = candidates.find { \|name\| !similar_names.include?(name) }`
			`return numerical_name unless numerical_name.nil?`

			`raise "Failed to build unique username (shouldn't be possible?)"`
			`end`

			`class MissingAuthInfoError < ArgumentError;end`
Add AuthUser model, connecting to openneo_id db No user-facing functionality here yet, just configuring the database connection to work with openneo_id records. This is a first step in integrating Devise stuff into this app instead of connecting with a weird second app. My basic testing for this was to temporarily connect to production `openneo_id`, and see `AuthUser.first` correctly return a user! 2023-08-03 17:14:09 -07:00			`end`