Class: Himari::Services::OidcUserinfoEndpoint::Handler

Inherits:
Object
  • Object
show all
Defined in:
lib/himari/services/oidc_userinfo_endpoint.rb

Defined Under Namespace

Classes: InvalidToken

Instance Method Summary collapse

Constructor Details

#initialize(storage:, env:, logger:) ⇒ Handler

Returns a new instance of Handler.



26
27
28
29
30
 
# File 'lib/himari/services/oidc_userinfo_endpoint.rb', line 26

def initialize(storage:, env:, logger:)
  @storage = storage
  @env = env
  @logger = logger
end

Instance Method Details

#given_tokenObject 



59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/himari/services/oidc_userinfo_endpoint.rb', line 59

def given_token
  # Only supports Authorization Request Header Field method https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1
  @given_token ||= begin
    ah = @env['HTTP_AUTHORIZATION']
    method, token = ah&.split(/\s+/, 2) # https://www.rfc-editor.org/rfc/rfc9110#name-credentials
    if method&.downcase == 'bearer' && token && !token.empty?
      token
    else
      nil
    end
  end
end

#responseObject 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/himari/services/oidc_userinfo_endpoint.rb', line 32

def response
  # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
  return [404, {'Content-Type' => 'application/json'}, ['{"error": "not_found"}']] unless %w(GET POST).include?(@env['REQUEST_METHOD'])

  raise InvalidToken unless given_token
  given_parsed_token = Himari::AccessToken.parse(given_token)

  token = @storage.find_token(given_parsed_token.handle)
  raise InvalidToken unless token
  token.verify_expiry!()
  token.verify_secret!(given_parsed_token.secret)

  @logger&.info(Himari::LogLine.new('OidcUserinfoEndpoint: returning', req: @env['himari.request_as_log'], token: token.as_log))
  [
    200,
    {'Content-Type' => 'application/json; charset=utf-8'},
    [JSON.pretty_generate(token.userinfo), "\n"],
  ]
rescue InvalidToken, Himari::TokenString::SecretIncorrect, Himari::TokenString::InvalidFormat, Himari::TokenString::TokenExpired => e
  @logger&.warn(Himari::LogLine.new('OidcUserinfoEndpoint: invalid_token', req: @env['himari.request_as_log'], err: e.class.inspect, token: token&.as_log))
  [
    401,
    {'Content-Type' => 'application/json', 'WWW-Authenticate' => 'error="invalid_token", error_description="invalid access token"'},
    [JSON.pretty_generate(error: 'invalid_token'), "\n"],
  ]
end