Class: Masks::Mask

Inherits:

ApplicationModel

• Object
• ApplicationModel
• Masks::Mask

Defined in:

app/models/masks/mask.rb

Overview

Represents an individual mask, its properties, and methods for interpreting them.

When a session is created it finds the first matching mask to use for dictating how to control access. A Mask contains rules that allow sessions to match them.

See Also:

• Masks::Check
• Masks::Credentials

Instance Attribute Summary

• #access ⇒ Array<String>

  A list of access classes allowed during this session.

• #actor ⇒ String

  Returns the class name expected for any actor attached to this session.

• #anon ⇒ Boolean

  Whether or not to allow “anonymous” actors.

• #backup ⇒ Boolean

  Whether or not to save results of masks.

• #checks ⇒ Hash

  A hash of check configuration, keyed by their name.

• #credentials ⇒ Array<Class>

  Converts credentials to classes before returning the list.

• #extras ⇒ Hash

  Extra attributes and configuration accessible on the mask.

• #fail ⇒ String|Boolean

  What to do when the session is failed by checks, credentials, or another error.

• #name ⇒ String

  a unique name for the mask.

• #pass ⇒ String

  What to do when the session passes, typically a redirect uri.

• #request ⇒ Hash

  A hash of properties an HTTP request must match to use this mask.

• #scopes ⇒ Array<String>

  An array of scopes required to access the session.

• #skip ⇒ Boolean

  Whether or not to skip processing by masks.

• #type ⇒ String

  A type name to inherit configuration from.

• #types ⇒ String

  A list of required type names.

Instance Method Summary

• #actor_scope ⇒ String

  Returns the constantized version of #actor.

• #allow_anonymous? ⇒ Boolean

  Whether or not anonymous actors are allowed in the session.

• #backup? ⇒ Boolean

  Whether or not sessions using this mask should be saved.

• #matches_request?(request) ⇒ Boolean

  Returns whether or not the mask’s request confiig matches the request passed.

• #matches_session?(session) ⇒ Boolean

  Returns whether or not the mask matches the passed session.

• #skip? ⇒ Boolean

  Whether or not sessions matching this mask should skip all work.

Instance Attribute Details

#access ⇒ Array<String>

A list of access classes allowed during this session

Returns:

• (Array<String>)

# File 'app/models/masks/mask.rb', line 48

attribute :access

#actor ⇒ String

Returns the class name expected for any actor attached to this session.

Returns:

• (String)

# File 'app/models/masks/mask.rb', line 52

attribute :actor

#anon ⇒ Boolean

Whether or not to allow “anonymous” actors

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 56

attribute :anon

#backup ⇒ Boolean

Whether or not to save results of masks

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 68

attribute :backup, default: true

#checks ⇒ Hash

A hash of check configuration, keyed by their name.

Returns:

• (Hash)

# File 'app/models/masks/mask.rb', line 32

attribute :checks

#credentials ⇒ Array<Class>

Converts credentials to classes before returning the list.

Returns:

• (Array<Class>)

Raises:

• Masks::Error::InvalidConfiguration

# File 'app/models/masks/mask.rb', line 36

attribute :credentials

#extras ⇒ Hash

Extra attributes and configuration accessible on the mask

Returns:

• (Hash)

# File 'app/models/masks/mask.rb', line 72

attribute :extras, default: -> { {} }

#fail ⇒ String|Boolean

What to do when the session is failed by checks, credentials, or another error

Returns:

• (String|Boolean)

# File 'app/models/masks/mask.rb', line 64

attribute :fail, default: true

#name ⇒ String

a unique name for the mask

Returns:

• (String)

# File 'app/models/masks/mask.rb', line 16

attribute :name

#pass ⇒ String

What to do when the session passes, typically a redirect uri

Returns:

• (String)

# File 'app/models/masks/mask.rb', line 60

attribute :pass, default: "/"

#request ⇒ Hash

A hash of properties an HTTP request must match to use this mask

Returns:

• (Hash)

# File 'app/models/masks/mask.rb', line 44

attribute :request

#scopes ⇒ Array<String>

An array of scopes required to access the session

Returns:

• (Array<String>)

# File 'app/models/masks/mask.rb', line 40

attribute :scopes

#skip ⇒ Boolean

Whether or not to skip processing by masks

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 20

attribute :skip, default: false

#type ⇒ String

A type name to inherit configuration from

Returns:

• (String)

# File 'app/models/masks/mask.rb', line 24

attribute :type

#types ⇒ String

A list of required type names

Returns:

• (String)

# File 'app/models/masks/mask.rb', line 28

attribute :types

Instance Method Details

#actor_scope ⇒ String

Returns the constantized version of #actor.

Returns:

• (String)

# File 'app/models/masks/mask.rb', line 104

def actor_scope
  (actor.constantize unless skip?)
end

#allow_anonymous? ⇒ Boolean

Whether or not anonymous actors are allowed in the session.

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 118

def allow_anonymous?
  anon
end

#backup? ⇒ Boolean

Whether or not sessions using this mask should be saved.

Some masks definitely want this enabled, as it is what stores the results of masks, credentials, and checks in the rails session. In other cases, it is not necessary, for example when verifying an API key.

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 127

def backup?
  return false if skip?

  !!backup
end

#matches_request?(request) ⇒ Boolean

Returns whether or not the mask’s request confiig matches the request passed.

The following parameters are supported in the request hash:

• path - if specified, the request path must be in this list.

• method - if specified, the request method must be in this list.

• param - if specified, the key must exist in the session params.

• header - if specified, the header must be present in the request.

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 203

def matches_request?(request)
  return false unless self.request
  return false unless matches_path?(request)
  return false unless matches_method?(request)

  param = self.request.fetch(:param, nil)

  if param && param != "*" && !request.params&.fetch(param.to_sym, nil)
    return false
  end

  header = self.request.fetch(:header, nil)

  return false if header && !request.headers[header]

  true
end

#matches_session?(session) ⇒ Boolean

Returns whether or not the mask matches the passed session.

The behaviour of this method depends on the mask’s configuration. For example, a session with an anonymous actor will return true only if the mask’s #allow_anonymous? method returns true.

Parameters:

• session (Masks::Session)

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 175

def matches_session?(session)
  actor = session.actor

  return false unless actor
  return true if actor.anonymous? && allow_anonymous?

  case self.actor
  when String
    return false unless actor.is_a?(self.actor.constantize)
  when Class
    return false unless actor.is_a?(self.actor)
  else
    return false unless actor.is_a?(config.model(:actor))
  end

  matches_scopes?(session.scopes)
end

#skip? ⇒ Boolean

Whether or not sessions matching this mask should skip all work.

Returns:

• (Boolean)

# File 'app/models/masks/mask.rb', line 111

def skip?
  !!skip
end