Class: CASinoCore::Processor::TwoFactorAuthenticatorActivator

Inherits:

CASinoCore::Processor

• Object
• CASinoCore::Processor
• CASinoCore::Processor::TwoFactorAuthenticatorActivator

Includes:

Helper::TicketGrantingTickets, Helper::TwoFactorAuthenticators

Defined in:

lib/casino_core/processor/two_factor_authenticator_activator.rb

Overview

The TwoFactorAuthenticatorActivator processor can be used to activate a previously generated two-factor authenticator.

This feature is not described in the CAS specification so it’s completly optional to implement this on the web application side.

Instance Method Summary

• #process(params = nil, cookies = nil, user_agent = nil) ⇒ Object

  The method will call one of the following methods on the listener: * #user_not_logged_in: The user is not logged in and should be redirected to /login.

Methods included from Helper::TwoFactorAuthenticators

#validate_one_time_password

Methods included from Helper::TicketGrantingTickets

#acquire_ticket_granting_ticket, #cleanup_expired_ticket_granting_tickets, #find_valid_ticket_granting_ticket, #load_or_initialize_user, #remove_ticket_granting_ticket

Methods included from Helper::Logger

#logger

Methods included from Helper::Browser

#browser_info, #same_browser?

Methods inherited from CASinoCore::Processor

#initialize

Constructor Details

This class inherits a constructor from CASinoCore::Processor

Instance Method Details

#process(params = nil, cookies = nil, user_agent = nil) ⇒ Object

The method will call one of the following methods on the listener:

• #user_not_logged_in: The user is not logged in and should be redirected to /login.

• #two_factor_authenticator_activated: The two-factor authenticator was successfully activated.

• #invalid_two_factor_authenticator: The two-factor authenticator is not valid.

• #invalid_one_time_password: The user should be asked for a new OTP.

Parameters:

• params (Hash) (defaults to: nil) —

  parameters supplied by user. The processor will look for keys :otp and :id.

• cookies (Hash) (defaults to: nil) —

  cookies delivered by the client

• user_agent (String) (defaults to: nil) —

  user-agent delivered by the client

# File 'lib/casino_core/processor/two_factor_authenticator_activator.rb', line 23

def process(params = nil, cookies = nil, user_agent = nil)
  cookies ||= {}
  params ||= {}
  tgt = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent)
  if tgt.nil?
    @listener.user_not_logged_in
  else
    authenticator = tgt.user.two_factor_authenticators.where(id: params[:id]).first
    validation_result = validate_one_time_password(params[:otp], authenticator)
    if validation_result.success?
      tgt.user.two_factor_authenticators.where(active: true).delete_all
      authenticator.active = true
      authenticator.save!
      @listener.two_factor_authenticator_activated
    else
      if validation_result.error_code == 'INVALID_OTP'
        @listener.invalid_one_time_password(authenticator)
      else
        @listener.invalid_two_factor_authenticator
      end
    end
  end
end