Last active
January 3, 2018 20:45
-
-
Save ToniRib/d10a32cd6c824741770a939c4a96118f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module Gospotcheck | |
module Sso | |
class IdpBroker | |
def initialize(username, password, request_id) | |
@username = username | |
@password = password | |
@request_id = request_id | |
end | |
def sso_user? | |
log('sso_user?', 'requestStart', { username: @username }) | |
if user_idp.success? | |
log('sso_user?', 'idpUserConfirmed', { idpId: user_idp.idp_id }) | |
true | |
else | |
log('sso_user?', 'nonIdpUser') | |
false | |
end | |
end | |
def user_authenticated? | |
log('user_authenticated?', 'requestStart', { username: @username, idpId: user_idp.idp_id }) | |
if user_idp.idp_id.nil? | |
log('user_authenticated?', 'idpNotPresent', { error: 'idp_id not returned from IdpBroker' }) | |
end | |
response = HTTParty.post(idp_authn_path, auth_request_options) rescue nil | |
if response&.code == 200 | |
log('user_authenticated?', 'userAuthenticated') | |
true | |
else | |
log('user_authenticated?', 'userNotAuthenticated', { responseCode: response&.code }) | |
false | |
end | |
end | |
def sso_info | |
log('sso_info', 'requestStart', { username: @username }) | |
if user_idp.success? | |
log('sso_info', 'ssoInfoConfirmed', { idpId: user_idp.idp_id }) | |
user_idp | |
else | |
log('sso_info', 'nonIdpUser') | |
nil | |
end | |
end | |
def jwt_token | |
client = OpenStruct.new(uid: ENV['IDP_BROKER_CLIENT_ID'], scopes: ['public', 'internal']) | |
company = OpenStruct.new(id: '2', name: 'GoSpotCheck') | |
Gospotcheck::Jwt.company_encode( | |
client: client, | |
company: company, | |
audiences: [ 'https://idp.gospotcheck.com' ], | |
) | |
end | |
private | |
def user_idp | |
@user_idp ||= begin | |
response = HTTParty.get(user_idp_path, idp_request_options) rescue nil | |
if response | |
SuccessfulUserIdp.new(data: response) | |
else | |
FailedUserIdp.new | |
end | |
end | |
end | |
def user_idp_path | |
"#{api_url}user_idp/#{URI.encode(@username)}" | |
end | |
def idp_authn_path | |
"#{api_url}idps/#{user_idp.idp_id}/authn" | |
end | |
def api_url | |
ENV['IDP_BROKER_API_URL'] | |
end | |
def idp_request_options | |
{ | |
headers: { | |
'Content-Type' => 'application/json', | |
'Accept' => 'application/json', | |
'GSC-Correlation-Id' => @request_id, | |
'Authorization' => "Bearer #{jwt_token}" | |
} | |
} | |
end | |
def auth_request_options | |
{ | |
headers: { | |
'Content-Type' => 'application/json', | |
'Accept' => 'application/json', | |
'GSC-Correlation-Id' => @request_id | |
}, | |
body: { 'username' => @username, 'password' => @password }.to_json | |
} | |
end | |
def log(method, event, other={}) | |
msg = { | |
requestType: "Gospotcheck::Sso::IdpBroker##{method}", | |
event: event | |
}.merge(other).to_json | |
Rails.logger.info(msg) | |
end | |
class SuccessfulUserIdp | |
def initialize(data: data) | |
@data = JSON.parse(data.body) rescue {} | |
end | |
def success? | |
idp_id != 0 | |
end | |
def idp_id | |
data.dig('data', 'idp', 'id') || 0 | |
end | |
def contact_name | |
data.dig('data', 'idp', 'contact_name') | |
end | |
def contact_email | |
data.dig('data', 'idp', 'contact_email') | |
end | |
def contact_phone | |
data.dig('data', 'idp', 'contact_phone') | |
end | |
def contact_notes | |
data.dig('data', 'idp', 'contact_notes') | |
end | |
private | |
attr_reader :data | |
end | |
class FailedUserIdp | |
def success? | |
false | |
end | |
def idp_id | |
0 | |
end | |
def contact_name | |
end | |
def contact_email | |
end | |
def contact_phone | |
end | |
def contact_notes | |
end | |
end | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment