Class: OmniAuth::Strategies::WSFed::AuthCallbackValidator

Inherits:

Object

• Object
• OmniAuth::Strategies::WSFed::AuthCallbackValidator

Defined in:

lib/omniauth/strategies/wsfed/auth_callback_validator.rb

Constant Summary

ISSUER_MISMATCH =

'AuthN token issuer does not match configured issuer.'

AUDIENCE_MISMATCH =

'AuthN token audience does not match configured realm.'

TOKEN_EXPIRED =

'AuthN token has expired.'

NO_CLAIMS =

'AuthN token contains no claims.'

NO_USER_IDENTIFIER =

'AuthN token contains no user identifier. Verify that configured :id_claim setting is correct.'

Instance Attribute Summary

• #auth_callback ⇒ Object

  Returns the value of attribute auth_callback.

• #wsfed_settings ⇒ Object

  Returns the value of attribute wsfed_settings.

Instance Method Summary

• #initialize(auth_callback, wsfed_settings) ⇒ AuthCallbackValidator constructor

  A new instance of AuthCallbackValidator.

• #validate! ⇒ Object
• #validate_audience! ⇒ Object
• #validate_claims! ⇒ Object
• #validate_issuer! ⇒ Object
• #validate_token_expiration! ⇒ Object
• #validate_uid! ⇒ Object

Constructor Details

#initialize(auth_callback, wsfed_settings) ⇒ AuthCallbackValidator

Returns a new instance of AuthCallbackValidator.

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 15

def initialize(auth_callback, wsfed_settings)
  self.auth_callback  = auth_callback
  self.wsfed_settings = wsfed_settings
end

Instance Attribute Details

#auth_callback ⇒ Object

Returns the value of attribute auth_callback.

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 7

def auth_callback
  @auth_callback
end

#wsfed_settings ⇒ Object

Returns the value of attribute wsfed_settings.

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 7

def wsfed_settings
  @wsfed_settings
end

Instance Method Details

#validate! ⇒ Object

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 20

def validate!
  validate_issuer!
  validate_audience!
  validate_token_expiration!
  validate_claims!
  validate_uid!

  true
end

#validate_audience! ⇒ Object

Raises:

• (OmniAuth::Strategies::WSFed::ValidationError)

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 35

def validate_audience!
  raise OmniAuth::Strategies::WSFed::ValidationError.new(AUDIENCE_MISMATCH) unless
      auth_callback.audience == wsfed_settings[:realm]
end

#validate_claims! ⇒ Object

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 45

def validate_claims!
  if auth_callback.claims.nil? || auth_callback.claims.empty?
    raise OmniAuth::Strategies::WSFed::ValidationError.new(NO_CLAIMS)
  end
end

#validate_issuer! ⇒ Object

Raises:

• (OmniAuth::Strategies::WSFed::ValidationError)

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 30

def validate_issuer!
  raise OmniAuth::Strategies::WSFed::ValidationError.new(ISSUER_MISMATCH) unless
      auth_callback.issuer == wsfed_settings[:issuer_name]
end

#validate_token_expiration! ⇒ Object

Raises:

• (OmniAuth::Strategies::WSFed::ValidationError)

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 40

def validate_token_expiration!
  raise OmniAuth::Strategies::WSFed::ValidationError.new(TOKEN_EXPIRED) unless
      auth_callback.expires_at > Time.now.utc
end

#validate_uid! ⇒ Object

# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 51

def validate_uid!
  if auth_callback.name_id.nil? || auth_callback.name_id.empty?
    raise OmniAuth::Strategies::WSFed::ValidationError.new(NO_USER_IDENTIFIER)
  end
end