Class: Himari::Services::UpstreamAuthentication

Inherits:
Object
  • Object
show all
Defined in:
lib/himari/services/upstream_authentication.rb

Defined Under Namespace

Classes: Result, UnauthorizedError

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(auth:, request: nil, claims_rules: [], authn_rules: [], logger: nil) ⇒ UpstreamAuthentication

Returns a new instance of UpstreamAuthentication.

Parameters:

  • auth (Hash)

    Omniauth Auth Hash

  • claims_rules (Array<Himari::Rule>) (defaults to: [])

    Claims Rules

  • authn_rules (Array<Himari::Rule>) (defaults to: [])

    Authentication Rules

  • logger (Logger) (defaults to: nil) 


43
44
45
46
47
48
49
 
# File 'lib/himari/services/upstream_authentication.rb', line 43

def initialize(auth:, request: nil, claims_rules: [], authn_rules: [], logger: nil)
  @request = request
  @auth = auth
  @claims_rules = claims_rules
  @authn_rules = authn_rules
  @logger = logger
end

Class Method Details

.from_request(request) ⇒ Object

Parameters:

  • request (Rack::Request) 


52
53
54
55
56
57
58
59
60
 
# File 'lib/himari/services/upstream_authentication.rb', line 52

def self.from_request(request)
  new(
    auth: request.env.fetch('omniauth.auth'),
    request: request,
    claims_rules: Himari::ProviderChain.new(request.env[Himari::Middlewares::ClaimsRule::RACK_KEY] || []).collect,
    authn_rules: Himari::ProviderChain.new(request.env[Himari::Middlewares::AuthenticationRule::RACK_KEY] || []).collect,
    logger: request.env['rack.logger'],
  )
end

Instance Method Details

#check_authn(claims_result, session_data) ⇒ Object

Raises:



95
96
97
98
99
100
101
102
103
 
# File 'lib/himari/services/upstream_authentication.rb', line 95

def check_authn(claims_result, session_data)
  context = Himari::Decisions::Authentication::Context.new(provider: provider, claims: session_data.claims, user_data: session_data.user_data, request: @request).freeze
  result = Himari::RuleProcessor.new(context, Himari::Decisions::Authentication.new).run(@authn_rules)

  @logger&.debug(Himari::LogLine.new('UpstreamAuthentication: authentication', objid: self.object_id.to_s(16), uid: @auth[:uid], provider: @auth[:provider],  authn_result: result.as_log))

  raise UnauthorizedError.new(Result.new(claims_result, result, nil)) unless result.allowed
  result
end

#make_claimsObject 



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/himari/services/upstream_authentication.rb', line 79

def make_claims
  context = Himari::Decisions::Claims::Context.new(request: @request, auth: @auth).freeze
  result = Himari::RuleProcessor.new(context, Himari::Decisions::Claims.new).run(@claims_rules)

  @logger&.debug(Himari::LogLine.new('UpstreamAuthentication: claims', objid: self.object_id.to_s(16), uid: @auth[:uid], provider: @auth[:provider], claims_result: result.as_log))

  begin
    claims = result.decision&.output&.claims
    raise UnauthorizedError.new(Result.new(result, nil, nil)) unless claims
  rescue Himari::Decisions::Claims::UninitializedError
    raise UnauthorizedError.new(Result.new(result, nil, nil))
  end

  result
end

#performObject 



66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/himari/services/upstream_authentication.rb', line 66

def perform
  @logger&.debug(Himari::LogLine.new('UpstreamAuthentication: perform', objid: self.object_id.to_s(16), uid: @auth[:uid], provider: @auth[:provider]))
  claims_result = make_claims()
  session_data = claims_result.decision.output

  authn_result = check_authn(claims_result, session_data)


  result = Result.new(claims_result, authn_result, session_data)
  @logger&.debug(Himari::LogLine.new('UpstreamAuthentication: result', objid: self.object_id.to_s(16), uid: @auth[:uid], provider: @auth[:provider], result: result.as_log))
  result
end

#providerObject 



62
63
64
 
# File 'lib/himari/services/upstream_authentication.rb', line 62

def provider
  @auth&.fetch(:provider)
end