Class: Masks::Credential

Inherits:

ApplicationModel

• Object
• ApplicationModel
• Masks::Credential

Defined in:

app/models/masks/credential.rb

Overview

A base class for credentials, which identify actors and check their access.

When a session is masked, a set of credentials are given the chance to inspect the session parameters, propose an actor, and approve or deny their access.

There are a few lifecycle methods available to credentials:

• lookup - should return an identified actor if found

• maskup - validates the session, actor, and any other data

• backup - records the status of the credential’s check(s), if necessary

• cleanup - deletes any recorded data for the credential

Sessions expect credentials to use checks to record their results, so there are helper methods to approve, deny, or skip associated checks—approve!, deny!, and skip! respectively.

See Also:

• Masks::Check
• Masks::Credentials

Direct Known Subclasses

Masks::Credentials::AccessToken, Masks::Credentials::BackupCode, Masks::Credentials::Device, Masks::Credentials::Email, Masks::Credentials::Key, Masks::Credentials::LastLogin, Masks::Credentials::Masquerade, Masks::Credentials::Nickname, Masks::Credentials::OneTimeCode, Masks::Credentials::Password, Masks::Credentials::Recovery, Masks::Credentials::ReturnTo, Masks::Credentials::Session

Class Method Summary

• .checks(value = nil) ⇒ Object

Instance Method Summary

• #backup ⇒ Object

  write any data after all credentials/checks have run.

• #backup! ⇒ Object
• #check ⇒ Object
• #cleanup ⇒ Object

  cleanup data re: the mask.

• #cleanup! ⇒ Object
• #lookup ⇒ Object

  return an actor if it’s found and valid.

• #mask! ⇒ Object
• #maskup ⇒ Object

  verify the session and actor.

• #name ⇒ Object
• #patch_params ⇒ Object
• #slug ⇒ Object

Class Method Details

.checks(value = nil) ⇒ Object

# File 'app/models/masks/credential.rb', line 25

def checks(value = nil)
  @checks ||= {}
  @checks[self.class.name] = value.to_s if value
  @checks[self.class.name]
end

Instance Method Details

#backup ⇒ Object

write any data after all credentials/checks have run

# File 'app/models/masks/credential.rb', line 74

def backup
  nil # but overridable
end

#backup! ⇒ Object

# File 'app/models/masks/credential.rb', line 66

def backup!
  self.passed_at = Time.current if check&.passed? &&
    check&.attempt_approved?(slug)

  backup
end

#check ⇒ Object

# File 'app/models/masks/credential.rb', line 103

def check
  session&.find_check(self.class.checks)
end

#cleanup ⇒ Object

cleanup data re: the mask

# File 'app/models/masks/credential.rb', line 79

def cleanup
  nil # but overridable
end

#cleanup! ⇒ Object

# File 'app/models/masks/credential.rb', line 83

def cleanup!
  cleanup
  reset!
end

#lookup ⇒ Object

return an actor if it’s found and valid

# File 'app/models/masks/credential.rb', line 45

def lookup
  nil
end

#mask! ⇒ Object

# File 'app/models/masks/credential.rb', line 49

def mask!
  before_mask

  # existing checks (found from the session) can be
  # skipped when already present and not expired
  return if check&.passed? && check.attempts[slug] && valid?

  self.masked_at = Time.current

  maskup
end

#maskup ⇒ Object

verify the session and actor

# File 'app/models/masks/credential.rb', line 62

def maskup
  nil
end

#name ⇒ Object

# File 'app/models/masks/credential.rb', line 99

def name
  I18n.t("auth.credentials.#{slug}.name")
end

#patch_params ⇒ Object

# File 'app/models/masks/credential.rb', line 107

def patch_params
  session&.account_params&.fetch(slug, {})
end

#slug ⇒ Object

# File 'app/models/masks/credential.rb', line 95

def slug
  self.class.name.split("::").join("_").underscore
end