From 75eafbaf5656b9f9cbaed25647c75b56d8ac34ac Mon Sep 17 00:00:00 2001
From: Jay Varner <jayvarner@gmail.com>
Date: Tue, 15 Jun 2021 18:20:18 -0400
Subject: [PATCH] Update Readme. Remove cookie on delete

---
 README.md                                     | 54 ++++++++++++++++---
 .../ecds_rails_auth_engine/current_user.rb    | 19 ++++---
 .../tokens_controller.rb                      | 25 +++++++--
 3 files changed, 78 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index d7e8820..1ce2989 100644
--- a/README.md
+++ b/README.md
@@ -1,28 +1,66 @@
 # EcdsRailsAuthEngine
-Short description and motivation.
 
-## Usage
-How to use my plugin.
+Rails engine for using token/signed cookie and FauxOAuth.
+
 
 ## Installation
+
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'ecds_rails_auth_engine'
+gem 'ecds_rails_auth_engine', git: 'https://github.com/ecds/ecds_rails_auth_engine.git', branch: 'feature/fauxoauth'
 ```
 
 And then execute:
+
 ```bash
-$ bundle
+bundle install
 ```
 
-Or install it yourself as:
-```bash
-$ gem install ecds_rails_auth_engine
+## Configuration
+
+Edit your `config/application.rb` by adding
+
+```ruby
+config.middleware.use(ActionDispatch::Cookies)
+config.middleware.use(ActionDispatch::Session::CookieStore)
+```
+
+Create an initializer at `config/initializers/cookie_session.rb` and add the lines:
+
+```ruby
+Rails.application.config.session_store(:cookie_store, key: '<some_unique_name')
+Rails.application.config.action_dispatch.cookies_serializer = :json
+```
+
+Make sure your `User` model has a column for `email`.
+
+Mount the routes in your `config/routes.rb`
+
+```ruby
+mount EcdsRailsAuthEngine::Engine, at: '/auth'
+```
+
+## Usage
+
+### CurrentUser
+
+Include the `EcdsRailsAuthEngine::CurrentUser` controller concern to your `app/controllers/application.rb`
+
+```ruby
+class ApplicationController < ActionController::API
+  include EcdsRailsAuthEngine::CurrentUser
+  ...
+end
 ```
 
+This will add a `current_user` object in your controllers that is the `User` model object of the user making the request.
+
+
 ## Contributing
+
 Contribution directions go here.
 
 ## License
+
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
diff --git a/app/controllers/ecds_rails_auth_engine/current_user.rb b/app/controllers/ecds_rails_auth_engine/current_user.rb
index 1c6e228..4504361 100644
--- a/app/controllers/ecds_rails_auth_engine/current_user.rb
+++ b/app/controllers/ecds_rails_auth_engine/current_user.rb
@@ -14,20 +14,25 @@ module CurrentUser
       #
       def current_user
         # a = request.headers['Authorization']
-        token = cookies.signed[:auth]
+        # 10.times { puts headers }
+        token = if Rails.env == 'test'
+          cookies[:auth]
+        else
+          cookies.signed[:auth]
+        end
+
         return nil if token.nil?
         # begin
         #   token = a.split(' ').last
 
         #   return nil if token == 'undefined'
+        login = EcdsRailsAuthEngine::Login.find_by(token: token)
+        return User.new if login.nil?
+        # return { cookie: token, signed: cookies.signed[:auth]}
 
-          login = EcdsRailsAuthEngine::Login.find_by(token: token)
-          return nil if login.nil?
-          # return { cookie: token, signed: cookies.signed[:auth]}
-
-          # return nil unless TokenService.verify(login.token)
+        # return nil unless TokenService.verify(login.token)
 
-          User.find(login.user_id)
+        User.find(login.user_id)
         # rescue NoMethodError
         #   nil
         # end
diff --git a/app/controllers/ecds_rails_auth_engine/tokens_controller.rb b/app/controllers/ecds_rails_auth_engine/tokens_controller.rb
index 1c9eb5c..437c8a7 100644
--- a/app/controllers/ecds_rails_auth_engine/tokens_controller.rb
+++ b/app/controllers/ecds_rails_auth_engine/tokens_controller.rb
@@ -45,7 +45,11 @@ def verify
       login = Login.find_or_create_by(who: token_contents[:who])
 
       # TODO: How does RailsApiAuth do this?
-      login.user_id = User.find_or_create_by(email: token_contents[:who]).id
+      user = User.find_or_create_by(email: token_contents[:who])
+      10.times { Rails.logger.debug "CONTENTS: #{token_contents}"}
+      user.display_name = token_contents[:name]
+      user.save
+      login.user_id = user.id
 
       login.provider = token_contents[:provider]
       access_token = TokenService.create(login)
@@ -59,10 +63,24 @@ def verify
         same_site: :none,
         secure: 'Secure'
       }
-      render json: { access_token: SecureRandom.hex(10) }, status: :ok
+      Rails.logger.debug "CREATED FROM: #{access_token}"
+      Rails.logger.debug "AUTH COOKIE: #{cookies.signed[:auth]}"
+      Rails.logger.debug "TOKEN IN DB: #{login.token}"
+      render json: { access_token: cookies.signed[:auth] }, status: :ok
     end
 
     def destroy
+      # # Rails.logger.debug "AUTH COOKIE BEFORE: #{cookies.signed[:auth]}"
+      # # Rails.logger.debug "AUTH COOKIE BEFORE: #{cookies.signed[:auth]}"
+      cookies.signed[:auth] = {
+        value: @login.token,
+        httponly: true,
+        expires: 2.seconds.from_now,
+        same_site: :none,
+        secure: 'Secure'
+      }
+      # cookies.delete :auth
+      # Rails.logger.debug "AUTH COOKIE AFTER: #{cookies.signed[:auth]}"
       @login.token = nil
       @login.save
       head 200
@@ -72,9 +90,6 @@ def destroy
 
     # Use callbacks to share common setup or constraints between actions.
     def set_token
-      cookies.each do |cookie|
-        puts cookie
-      end
       @login = Login.find_by(token: cookies.signed[:auth])
     end