Add capability toggle callbacks

Notifies the remote FASP of changes wrt enabled capabilities. Also includes some small fixes.
2025-10-05 16:42:47 +00:00 · 2025-02-18 15:51:34 +01:00 · 2025-02-18 15:51:34 +01:00 · 19198c009f
commit 19198c009f
parent e70c8261f2
6 changed files with 47 additions and 9 deletions
--- a/app/controllers/admin/fasp/providers_controller.rb
+++ b/app/controllers/admin/fasp/providers_controller.rb
@ -38,7 +38,7 @@ class Admin::Fasp::ProvidersController < Admin::BaseController
  private

  def provider_params
-    params.require(:provider).permit(enabled_capabilities: {})
+    params.expect(provider: [enabled_capabilities: {}])
  end

  def set_provider
--- a/app/controllers/api/fasp/registrations_controller.rb
+++ b/app/controllers/api/fasp/registrations_controller.rb
@ -20,7 +20,7 @@ class Api::Fasp::RegistrationsController < Api::Fasp::BaseController
    {
      faspId: current_provider.id.to_s,
      publicKey: current_provider.server_public_key_base64,
-      registrationCompletionUri: admin_fasp_provider_url(current_provider),
+      registrationCompletionUri: new_admin_fasp_provider_registration_url(current_provider),
    }
  end
 end
--- a/app/lib/fasp/request.rb
+++ b/app/lib/fasp/request.rb
@ -21,6 +21,14 @@ class Fasp::Request
    response.parse if response.body.present?
  end

+  def delete(path, body: nil)
+    url = @provider.url(path)
+    body = body.to_json
+    response = HTTP.headers(headers('DELETE', url, body)).delete(url, body:)
+
+    response.parse if response.body.present?
+  end
+
  private

  def headers(verb, url, body = '')
--- a/app/models/fasp/provider.rb
+++ b/app/models/fasp/provider.rb
@ -27,20 +27,27 @@ class Fasp::Provider < ApplicationRecord
  has_many :fasp_subscriptions, inverse_of: :fasp_provider, class_name: 'Fasp::Subscription', dependent: :delete_all

  before_create :create_keypair
+  after_commit :update_remote_capabilities

  def enabled_capabilities=(hash)
    capabilities.each do |capability|
      capability['enabled'] = hash[capability['id']] == '1'
    end
-    save!
  end

-  def capability?(capability_name, only_enabled: true)
+  def capability?(capability_name)
    return false unless confirmed?

    capabilities.present? && capabilities.any? do |capability|
-      capability['id'] == capability_name &&
-        (only_enabled ? capability['enabled'] : true)
+      capability['id'] == capability_name
+    end
+  end
+
+  def capability_enabled?(capability_name)
+    return false unless confirmed?
+
+    capabilities.present? && capabilities.any? do |capability|
+      capability['id'] == capability_name && capability['enabled']
    end
  end

@ -97,4 +104,24 @@ class Fasp::Provider < ApplicationRecord
    self.server_private_key_pem =
      OpenSSL::PKey.generate_key('ed25519').private_to_pem
  end
+
+  def update_remote_capabilities
+    return unless saved_change_to_attribute?(:capabilities)
+
+    old, current = saved_change_to_attribute(:capabilities)
+    old ||= []
+    current.each do |capability|
+      update_remote_capability(capability) if capability.key?('enabled') && !old.include?(capability)
+    end
+  end
+
+  def update_remote_capability(capability)
+    version, = capability['version'].split('.')
+    path = "/capabilities/#{capability['id']}/#{version}/activation"
+    if capability['enabled']
+      Fasp::Request.new(self).post(path)
+    else
+      Fasp::Request.new(self).delete(path)
+    end
+  end
 end
--- a/app/views/admin/fasp/providers/_provider.html.haml
+++ b/app/views/admin/fasp/providers/_provider.html.haml
@ -7,11 +7,13 @@
    - else
      = t('admin.fasp.providers.registration_requested')
  %td
-    - unless provider.confirmed?
+    - if provider.confirmed?
+      = table_link_to 'edit', t('admin.fasp.providers.edit'), edit_admin_fasp_provider_path(provider)
+    - else
      = table_link_to 'check', t('admin.fasp.providers.finish_registration'), new_admin_fasp_provider_registration_path(provider)
    - if provider.sign_in_url.present?
      = table_link_to 'open_in_new', t('admin.fasp.providers.sign_in'), provider.sign_in_url, target: '_blank'
-    - if provider.capability?('callback')
+    - if provider.capability_enabled?('callback')
      = table_link_to 'repeat', t('admin.fasp.providers.callback'), admin_fasp_provider_debug_calls_path(provider), data: { method: :post }

    = table_link_to 'close', t('admin.providers.delete'), admin_fasp_provider_path(provider), method: :delete, data: { confirm: t('admin.accounts.are_you_sure') }
--- a/app/views/admin/fasp/providers/edit.html.haml
+++ b/app/views/admin/fasp/providers/edit.html.haml
@ -7,6 +7,7 @@
  %h4= t('admin.fasp.providers.select_capabilities')

  - f.object.capabilities.each do |capability|
+    - enabled = @provider.capability_enabled?(capability['id'])
    .fields-group
      .input.with_label.boolean.optional.field_with_hint
        .label_input
@ -15,7 +16,7 @@
        .label_input__wrapper
          = hidden_field_tag "provider[enabled_capabilities][#{capability['id']}]", '0', id: false
          %label.checkbox
-            = check_box_tag "provider[enabled_capabilities][#{capability['id']}]", class: 'optional boolean'
+            = check_box_tag "provider[enabled_capabilities][#{capability['id']}]", checked: enabled, class: 'optional boolean'

  .actions
    = f.button :button, t('admin.fasp.providers.save'), type: :submit