12735624472

Committed 12 Jan 2025 05:24PM UTC coverage: 100.0%. Remained the same

Build # 12735624472

Build Type

push

travis-ci

Committed by

simukappu

Commit Message

Update Ruby versions for test

Run Details

3432 of 3432 relevant lines covered (100.0%)

2130.83 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/lib/activity_notification/controllers/devise_authentication_controller.rb

module ActivityNotification
  # Module included in controllers to authenticate with Devise module
  module DeviseAuthenticationController
    extend ActiveSupport::Concern
    include CommonController

    included do
      prepend_before_action :authenticate_devise_resource!
      before_action :authenticate_target!
    end

    protected

      # Authenticate devise resource by Devise (e.g. calling authenticate_user! method).
      # @api protected
      # @todo Needs to call authenticate method by more secure way
      # @return [Response] Redirects for unsigned in target by Devise, returns HTTP 403 without neccesary target method or returns 400 when request parameters are not enough
      def authenticate_devise_resource!
        if params[:devise_type].present?
          authenticate_method_name = "authenticate_#{params[:devise_type].to_resource_name}!"
          if respond_to?(authenticate_method_name)
            send(authenticate_method_name)
          else
            render status: 403, json: error_response(code: 403, message: "Unauthenticated with Devise")
          end
        else
          render status: 400, json: error_response(code: 400, message: "Invalid parameter", type: "Missing devise_type")
        end
      end

      # Sets @target instance variable from request parameters.
      # This method override super (ActivityNotiication::CommonController#set_target)
      # to set devise authenticated target when the target_id params is not specified.
      # @api protected
      # @return [Object] Target instance (Returns HTTP 400 when request parameters are not enough)
      def set_target
        target_type = params[:target_type]
        if params[:target_id].blank? && params["#{target_type.to_resource_name}_id"].blank?
          target_class = target_type.to_model_class
          current_resource_method_name = "current_#{params[:devise_type].to_resource_name}"
          params[:target_id] = target_class.resolve_current_devise_target(send(current_resource_method_name))
          render status: 403, json: error_response(code: 403, message: "Unauthenticated as default target") and return if params[:target_id].blank?
        end
        super
      end

      # Authenticate the target of requested notification with authenticated devise resource.
      # @api protected
      # @todo Needs to call authenticate method by more secure way
      # @return [Response] Returns HTTP 403 for unauthorized target
      def authenticate_target!
        current_resource_method_name = "current_#{params[:devise_type].to_resource_name}"
        unless @target.authenticated_with_devise?(send(current_resource_method_name))
          render status: 403, json: error_response(code: 403, message: "Unauthorized target")
        end
      end
  end
end

1	module ActivityNotification	25✔
2	# Module included in controllers to authenticate with Devise module
3	module DeviseAuthenticationController	25✔
4	extend ActiveSupport::Concern	25✔
5	include CommonController	25✔
6
7	included do	25✔
8	prepend_before_action :authenticate_devise_resource!	96✔
9	before_action :authenticate_target!	96✔
10	end
11
12	protected	25✔
13
14	# Authenticate devise resource by Devise (e.g. calling authenticate_user! method).
15	# @api protected
16	# @todo Needs to call authenticate method by more secure way
17	# @return [Response] Redirects for unsigned in target by Devise, returns HTTP 403 without neccesary target method or returns 400 when request parameters are not enough
18	def authenticate_devise_resource!	25✔
19	if params[:devise_type].present?	5,616✔
20	authenticate_method_name = "authenticate_#{params[:devise_type].to_resource_name}!"	5,520✔
21	if respond_to?(authenticate_method_name)	5,520✔
22	send(authenticate_method_name)	5,472✔
23	else
24	render status: 403, json: error_response(code: 403, message: "Unauthenticated with Devise")	48✔
25	end
26	else
27	render status: 400, json: error_response(code: 400, message: "Invalid parameter", type: "Missing devise_type")	96✔
28	end
29	end
30
31	# Sets @target instance variable from request parameters.
32	# This method override super (ActivityNotiication::CommonController#set_target)
33	# to set devise authenticated target when the target_id params is not specified.
34	# @api protected
35	# @return [Object] Target instance (Returns HTTP 400 when request parameters are not enough)
36	def set_target	25✔
37	target_type = params[:target_type]	5,328✔
38	if params[:target_id].blank? && params["#{target_type.to_resource_name}_id"].blank?	5,328✔
39	target_class = target_type.to_model_class	48✔
40	current_resource_method_name = "current_#{params[:devise_type].to_resource_name}"	48✔
41	params[:target_id] = target_class.resolve_current_devise_target(send(current_resource_method_name))	48✔
42	render status: 403, json: error_response(code: 403, message: "Unauthenticated as default target") and return if params[:target_id].blank?	48✔
43	end
44	super	5,328✔
45	end
46
47	# Authenticate the target of requested notification with authenticated devise resource.
48	# @api protected
49	# @todo Needs to call authenticate method by more secure way
50	# @return [Response] Returns HTTP 403 for unauthorized target
51	def authenticate_target!	25✔
52	current_resource_method_name = "current_#{params[:devise_type].to_resource_name}"	5,088✔
53	unless @target.authenticated_with_devise?(send(current_resource_method_name))	5,088✔
54	render status: 403, json: error_response(code: 403, message: "Unauthorized target")	96✔
55	end
56	end
57	end
58	end

simukappu / activity_notification / 12735624472

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous