OAuth strategy and authorization by user role (#3)

* OAuth strategy

* Properly fetch user attributes from the retrieved info

* Auto verification for users

* Add coverage to CI

* Add badges to README.md

* Add tests for commands, forms, models, jobs and OmniAuth button

* Lint

* Add OAuth strategy test

* Test auto verification

* Improve coverage

* Add callback_url test

* Update README.md

* Fix .simplecov

.github/workflows/lint.yml

@@ -0,0 +1,65 @@
+name: "[CI] Lint"
+on:
+  push:
+    branches:
+      - main
+      - release/*
+      - "*-stable"
+  pull_request:
+    branches-ignore:
+      - "chore/l10n*"
+
+env:
+  CI: "true"
+  RUBY_VERSION: 3.1.1
+  NODE_VERSION: 18.17.1
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  main:
+    name: Lint
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    services:
+      postgres:
+        image: postgres:14
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_PASSWORD: postgres
+    env:
+      DATABASE_USERNAME: postgres
+      DATABASE_PASSWORD: postgres
+      DATABASE_HOST: localhost
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ${{ env.RUBY_VERSION }}
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      - name: Get npm cache directory path
+        id: npm-cache-dir-path
+        run: echo "dir=$(npm get cache)-ub" >> $GITHUB_OUTPUT
+      - uses: actions/cache@v3
+        id: npm-cache
+        with:
+          path: ${{ steps.npm-cache-dir-path.outputs.dir }}
+          key: npm-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            npm-
+      - run: bundle exec rubocop -P
+        name: Lint Ruby files
+      - run: bundle exec mdl *.md
+        name: Lint Markdown files

.github/workflows/test.yml

@@ -0,0 +1,78 @@
+name: "[CI] Test"
+on:
+  push:
+    branches:
+      - main
+      - release/*
+      - "*-stable"
+  pull_request:
+    branches-ignore:
+      - "chore/l10n*"
+
+env:
+  CI: "true"
+  RUBY_VERSION: 3.1.1
+  NODE_VERSION: 18.17.1
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  main:
+    name: Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    services:
+      postgres:
+        image: postgres:11
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_PASSWORD: postgres
+    env:
+      DATABASE_USERNAME: postgres
+      DATABASE_PASSWORD: postgres
+      DATABASE_HOST: localhost
+      COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ${{ env.RUBY_VERSION }}
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      - name: Get npm cache directory path
+        id: npm-cache-dir-path
+        run: echo "dir=$(npm get cache)-ub" >> $GITHUB_OUTPUT
+      - uses: actions/cache@v3
+        id: npm-cache
+        with:
+          path: ${{ steps.npm-cache-dir-path.outputs.dir }}
+          key: npm-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            npm-
+      - run: bundle exec rake test_app
+        name: Create test app
+      - run: mkdir -p ./spec/decidim_dummy_app/tmp/screenshots
+        name: Create the screenshots folder
+      - uses: nanasess/setup-chromedriver@v2
+      - run: RAILS_ENV=test bundle exec rails assets:precompile
+        name: Precompile assets
+        working-directory: ./spec/decidim_dummy_app/
+      - run: CI=1 bundle exec rspec
+        name: RSpec
+      - uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: screenshots
+          path: ./spec/decidim_dummy_app/tmp/screenshots
+          if-no-files-found: ignore

.gitignore

@@ -1,69 +1,22 @@
-*.rbc
-capybara-*.html
-.rspec
-/db/*.sqlite3
-/db/*.sqlite3-journal
-/db/*.sqlite3-[0-9]*
-/public/system
+/.bundle/
+/.yardoc
+/_yardoc/
 /coverage/
-/spec/tmp
-*.orig
-rerun.txt
-pickle-email-*.html
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
 
-# Ignore all logfiles and tempfiles.
-/log/*
-/tmp/*
-!/log/.keep
-!/tmp/.keep
+# rspec failure tracking
+.rspec-failures
 
-# TODO Comment out this rule if you are OK with secrets being uploaded to the repo
-config/initializers/secret_token.rb
-config/master.key
-
-# Only include if you have production secrets in this file, which is no longer a Rails default
-# config/secrets.yml
-
-# dotenv, dotenv-rails
-# TODO Comment out these rules if environment variables can be committed
+# env configuration files
 .env
-.env*.local
-
-## Environment normalization:
-/.bundle
-/vendor/bundle
-
-# these should all be checked in to normalize the environment:
-# Gemfile.lock, .ruby-version, .ruby-gemset
-
-# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
-.rvmrc
-
-# if using bower-rails ignore default bower_components path bower.json files
-/vendor/assets/bower_components
-*.bowerrc
-bower.json
-
-# Ignore pow environment settings
-.powenv
-
-# Ignore Byebug command history file.
-.byebug_history
-
-# Ignore node_modules
-node_modules/
-
-# Ignore precompiled javascript packs
-/public/packs
-/public/packs-test
-/public/assets
+.envrc
+.rbenv-vars
 
-# Ignore yarn files
-/yarn-error.log
-yarn-debug.log*
-.yarn-integrity
+# default test application
+spec/decidim_dummy_app
 
-# Ignore uploaded files in development
-/storage/*
-!/storage/.keep
-/public/uploads
+# default development application
+development_app

.mdl_style.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+all
+
+exclude_rule "first-line-h1"
+
+exclude_rule "line-length"
+
+exclude_rule "no-bare-urls"
+
+exclude_rule "no-inline-html"
+
+rule "no-trailing-punctuation", punctuation: ".,;:!"

.mdlrc

@@ -0,0 +1 @@
+style ".mdl_style.rb"

.rubocop.yml

@@ -0,0 +1,26 @@
+inherit_from: .rubocop_todo.yml
+
+inherit_gem:
+  decidim-dev: rubocop-decidim.yml
+
+inherit_mode:
+  merge:
+    - Exclude
+
+AllCops:
+  Include:
+    - "**/*.rb"
+    - "**/*.rake"
+    - "**/*.ru"
+    - "**/Gemfile"
+    - "**/Rakefile"
+  Exclude:
+    - "spec/decidim_dummy_app/**/*"
+    - "**/spec/decidim_dummy_app/**/*"
+    - "bin/**/*"
+    - "node_modules/**/*"
+    - "**/node_modules/**/*"
+    - "db/schema.rb"
+    - "db/migrate/*"
+    - "vendor/**/*"
+    - "**/vendor/**/*"

.rubocop_todo.yml

@@ -0,0 +1,8 @@
+RSpec/AnyInstance:
+  Exclude:
+    - 'spec/jobs/decidim/ub/auto_verification_job_spec.rb'
+    - 'spec/jobs/decidim/ub/omniauth_user_sync_job_spec.rb'
+    - 'spec/omni_auth/strategies/ub_spec.rb'
+RSpec/DescribeClass:
+  Exclude:
+    - 'spec/lib/ub/ub_automatic_verification_spec.rb'

.ruby-version

@@ -0,0 +1 @@
+3.1.1

.simplecov

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+SimpleCov.start do
+  root ENV.fetch("ENGINE_ROOT", nil)
+
+  track_files "{app,lib}/**/*.rb"
+
+  add_filter "lib/generators"
+  add_filter "lib/decidim/ub/version.rb"
+  add_filter "lib/omniauth/ub.rb"
+  add_filter "/spec"
+end
+
+SimpleCov.command_name ENV.fetch("COMMAND_NAME", File.basename(Dir.pwd))
+
+SimpleCov.merge_timeout 1800

Gemfile

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+ruby RUBY_VERSION
+
+DECIDIM_VERSION = "~> 0.28.0"
+
+gem "decidim", DECIDIM_VERSION
+gem "decidim-ub", path: "."
+
+gem "bootsnap", "~> 1.4"
+
+gem "puma", ">= 6.3.1"
+
+group :development, :test do
+  gem "byebug", "~> 11.0", platform: :mri
+  gem "mdl"
+
+  gem "decidim-dev", DECIDIM_VERSION
+end
+
+group :development do
+  gem "faker", "~> 3.2"
+  gem "letter_opener_web", "~> 2.0"
+  gem "listen", "~> 3.1"
+  gem "rack-mini-profiler", require: false
+  gem "spring", "~> 2.0"
+  gem "spring-watcher-listen", "~> 2.0"
+  gem "web-console", "~> 4.2"
+end
+
+group :test do
+  gem "coveralls_reborn", require: false
+end