Source

authenticators/devise.ts

import { isEmpty } from '@ember/utils';
import { run } from '@ember/runloop';
import BaseAuthenticator from './base';
import { waitFor } from '@ember/test-waiters';

const JSON_CONTENT_TYPE = 'application/json';

export type NestedRecord = Record<string, string | Record<string, string>>;

/**
  Authenticator that works with the Ruby gem
  [devise](https://github.com/plataformatec/devise).

  __As token authentication is not actually part of devise anymore, the server
  needs to implement some customizations__ to work with this authenticator -
  see [this gist](https://gist.github.com/josevalim/fb706b1e933ef01e4fb6).

  @class DeviseAuthenticator
  @extends BaseAuthenticator
  @public
*/
export default class DeviseAuthenticator extends BaseAuthenticator {
  /**
    The endpoint on the server that the authentication request is sent to.

    @memberof DeviseAuthenticator
    @property serverTokenEndpoint
    @type String
    @default '/users/sign_in'
    @public
  */
  serverTokenEndpoint = '/users/sign_in';

  /**
    The devise resource name. __This will be used in the request and also be
    expected in the server's response.__

    @memberof DeviseAuthenticator
    @property resourceName
    @type String
    @default 'user'
    @public
  */
  resourceName = 'user';

  /**
    The token attribute name. __This will be used in the request and also be
    expected in the server's response.__

    @memberof DeviseAuthenticator
    @property tokenAttributeName
    @type String
    @default 'token'
    @public
  */
  tokenAttributeName = 'token';

  /**
    The identification attribute name. __This will be used in the request and
    also be expected in the server's response.__

    @memberof DeviseAuthenticator
    @property identificationAttributeName
    @type String
    @default 'email'
    @public
  */
  identificationAttributeName = 'email';

  /**
    Restores the session from a session data object; __returns a resolving
    promise when there are non-empty
    [token]{@linkplain DeviseAuthenticator.tokenAttributeName}
    and
    [identification]{@linkplain DeviseAuthenticator.identificationAttributeName}
    values in `data`__ and a rejecting promise otherwise.

    @memberof DeviseAuthenticator
    @method restore
    @param {Object} data The data to restore the session from
    @return {Promise} A promise that when it resolves results in the session becoming or remaining authenticated
    @public
  */
  restore(data: Record<string, NestedRecord>) {
    return this._validate(data) ? Promise.resolve(data) : Promise.reject();
  }

  /**
    Authenticates the session with the specified `identification` and
    `password`; the credentials are `POST`ed to the
    [server]{@linkplain DeviseAuthenticator.serverTokenEndpoint}.
    If the credentials are valid the server will responds with a
    [token]{@linkplain DeviseAuthenticator.tokenAttributeName}
    and
    [identification]{@linkplain DeviseAuthenticator.identificationAttributeName}.
    __If the credentials are valid and authentication succeeds, a promise that
    resolves with the server's response is returned__, otherwise a promise that
    rejects with the server error is returned.

    @memberof DeviseAuthenticator
    @method authenticate
    @param {String} identification The user's identification
    @param {String} password The user's password
    @return {Promise} A promise that when it resolves results in the session becoming authenticated. If authentication fails, the promise will reject with the server response; however, the authenticator reads that response already so if you need to read it again you need to clone the response object first
    @public
  */
  authenticate(identification: string, password: string) {
    return new Promise((resolve, reject) => {
      const { resourceName, identificationAttributeName, tokenAttributeName } = this.getProperties(
        'resourceName',
        'identificationAttributeName',
        'tokenAttributeName'
      );
      let data: NestedRecord = {};
      data[resourceName] = { password };
      data[resourceName][identificationAttributeName] = identification;

      this.makeRequest(data)
        .then(response => {
          if (response.ok) {
            response.json().then(json => {
              if (this._validate(json)) {
                const resourceName = this.get('resourceName');
                const _json = json[resourceName] ? json[resourceName] : json;
                run(null, resolve, _json);
              } else {
                run(
                  null,
                  reject,
                  `Check that server response includes ${tokenAttributeName} and ${identificationAttributeName}`
                );
              }
            });
          } else {
            run(null, reject, response);
          }
        })
        .catch(error => run(null, reject, error));
    });
  }

  /**
    Does nothing

    @memberof DeviseAuthenticator
    @method invalidate
    @return {Promise} A resolving promise
    @public
  */
  invalidate() {
    return Promise.resolve();
  }

  /**
    Makes a request to the Devise server using
    [ember-fetch](https://github.com/stefanpenner/ember-fetch).

    @memberof DeviseAuthenticator
    @method makeRequest
    @param {Object} data The request data
    @param {Object} options request options that are passed to `fetch`
    @return {Promise} The promise returned by `fetch`
    @protected
  */
  @waitFor
  makeRequest(data: NestedRecord, options: { url?: string } = {}) {
    let url = options.url || this.get('serverTokenEndpoint');
    let requestOptions = {};
    let body = JSON.stringify(data);
    Object.assign(requestOptions, {
      body,
      method: 'POST',
      headers: {
        accept: JSON_CONTENT_TYPE,
        'content-type': JSON_CONTENT_TYPE,
      },
    });
    Object.assign(requestOptions, options || {});

    return fetch(url, requestOptions);
  }

  _validate(data: Record<string, NestedRecord>) {
    const tokenAttributeName = this.get('tokenAttributeName');
    const identificationAttributeName = this.get('identificationAttributeName');
    const resourceName = this.get('resourceName');
    const _data = data[resourceName] ? data[resourceName] : data;

    return !isEmpty(_data[tokenAttributeName]) && !isEmpty(_data[identificationAttributeName]);
  }
}