Class: CASinoCore::Processor::SecondFactorAuthenticationAcceptor

Inherits:

CASinoCore::Processor

• Object
• CASinoCore::Processor
• CASinoCore::Processor::SecondFactorAuthenticationAcceptor

Includes:

Helper::ServiceTickets, Helper::TicketGrantingTickets, Helper::TwoFactorAuthenticators

Defined in:

lib/casino_core/processor/second_factor_authentication_acceptor.rb

Overview

The SecondFactorAuthenticationAcceptor processor can be used to activate a previously generated ticket-granting ticket with pending two-factor authentication.

This feature is not described in the CAS specification so it’s completly optional to implement this on the web application side.

Constant Summary

Constants included from Helper::ServiceTickets

Helper::ServiceTickets::RESERVED_CAS_PARAMETER_KEYS

Constants included from Helper::Tickets

Helper::Tickets::ALLOWED_TICKET_STRING_CHARACTERS

Instance Method Summary

• #process(params = nil, user_agent = nil) ⇒ Object

  The method will call one of the following methods on the listener: * #user_not_logged_in: The user should be redirected to /login.

Methods included from Helper::TwoFactorAuthenticators

#validate_one_time_password

Methods included from Helper::TicketGrantingTickets

#acquire_ticket_granting_ticket, #cleanup_expired_ticket_granting_tickets, #find_valid_ticket_granting_ticket, #load_or_initialize_user, #remove_ticket_granting_ticket

Methods included from Helper::Logger

#logger

Methods included from Helper::Browser

#browser_info, #same_browser?

Methods included from Helper::ServiceTickets

#acquire_service_ticket, #clean_service_url

Methods included from Helper::ProxyTickets

#acquire_proxy_ticket, #ticket_valid_for_service?, #validate_ticket_for_service

Methods included from Helper::Tickets

#random_ticket_string

Methods inherited from CASinoCore::Processor

#initialize

Constructor Details

This class inherits a constructor from CASinoCore::Processor

Instance Method Details

#process(params = nil, user_agent = nil) ⇒ Object

The method will call one of the following methods on the listener:

• #user_not_logged_in: The user should be redirected to /login.

• #user_logged_in: The first argument (String) is the URL (if any), the user should be redirected to. The second argument (String) is the ticket-granting ticket. It should be stored in a cookie named “tgt”.

• #invalid_one_time_password: The user should be asked for a new OTP.

Parameters:

• params (Hash) (defaults to: nil) —

  parameters supplied by user. The processor will look for keys :otp and :service.

• user_agent (String) (defaults to: nil) —

  user-agent delivered by the client

# File 'lib/casino_core/processor/second_factor_authentication_acceptor.rb', line 23

def process(params = nil, user_agent = nil)
  cookies ||= {}
  tgt = find_valid_ticket_granting_ticket(params[:tgt], user_agent, true)
  if tgt.nil?
    @listener.user_not_logged_in
  else
    validation_result = validate_one_time_password(params[:otp], tgt.user.active_two_factor_authenticator)
    if validation_result.success?
      tgt.awaiting_two_factor_authentication = false
      tgt.save!
      begin
        url = unless params[:service].blank?
          acquire_service_ticket(tgt, params[:service], true).service_with_ticket_url
        end
        if tgt.long_term?
          @listener.user_logged_in(url, tgt.ticket, CASinoCore::Settings.ticket_granting_ticket[:lifetime_long_term].seconds.from_now)
        else
          @listener.user_logged_in(url, tgt.ticket)
        end
      rescue ServiceNotAllowedError => e
        @listener.service_not_allowed(clean_service_url params[:service])
      end
    else
      @listener.invalid_one_time_password
    end
  end
end