Class: OmniAuth::Strategies::WSFed::AuthCallbackValidator
- Inherits:
-
Object
- Object
- OmniAuth::Strategies::WSFed::AuthCallbackValidator
- Defined in:
- lib/omniauth/strategies/wsfed/auth_callback_validator.rb
Constant Summary collapse
- ISSUER_MISMATCH =
'AuthN token issuer does not match configured issuer.'
- AUDIENCE_MISMATCH =
'AuthN token audience does not match configured realm.'
- TOKEN_EXPIRED =
'AuthN token has expired.'
- NO_CLAIMS =
'AuthN token contains no claims.'
- NO_USER_IDENTIFIER =
'AuthN token contains no user identifier. Verify that configured :id_claim setting is correct.'
Instance Attribute Summary collapse
-
#auth_callback ⇒ Object
Returns the value of attribute auth_callback.
-
#wsfed_settings ⇒ Object
Returns the value of attribute wsfed_settings.
Instance Method Summary collapse
-
#initialize(auth_callback, wsfed_settings) ⇒ AuthCallbackValidator
constructor
A new instance of AuthCallbackValidator.
- #validate! ⇒ Object
- #validate_audience! ⇒ Object
- #validate_claims! ⇒ Object
- #validate_issuer! ⇒ Object
- #validate_token_expiration! ⇒ Object
- #validate_uid! ⇒ Object
Constructor Details
#initialize(auth_callback, wsfed_settings) ⇒ AuthCallbackValidator
Returns a new instance of AuthCallbackValidator.
15 16 17 18 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 15 def initialize(auth_callback, wsfed_settings) self.auth_callback = auth_callback self.wsfed_settings = wsfed_settings end |
Instance Attribute Details
#auth_callback ⇒ Object
Returns the value of attribute auth_callback.
7 8 9 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 7 def auth_callback @auth_callback end |
#wsfed_settings ⇒ Object
Returns the value of attribute wsfed_settings.
7 8 9 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 7 def wsfed_settings @wsfed_settings end |
Instance Method Details
#validate! ⇒ Object
20 21 22 23 24 25 26 27 28 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 20 def validate! validate_issuer! validate_audience! validate_token_expiration! validate_claims! validate_uid! true end |
#validate_audience! ⇒ Object
35 36 37 38 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 35 def validate_audience! raise OmniAuth::Strategies::WSFed::ValidationError.new(AUDIENCE_MISMATCH) unless auth_callback.audience == wsfed_settings[:realm] end |
#validate_claims! ⇒ Object
45 46 47 48 49 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 45 def validate_claims! if auth_callback.claims.nil? || auth_callback.claims.empty? raise OmniAuth::Strategies::WSFed::ValidationError.new(NO_CLAIMS) end end |
#validate_issuer! ⇒ Object
30 31 32 33 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 30 def validate_issuer! raise OmniAuth::Strategies::WSFed::ValidationError.new(ISSUER_MISMATCH) unless auth_callback.issuer == wsfed_settings[:issuer_name] end |
#validate_token_expiration! ⇒ Object
40 41 42 43 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 40 def validate_token_expiration! raise OmniAuth::Strategies::WSFed::ValidationError.new(TOKEN_EXPIRED) unless auth_callback.expires_at > Time.now.utc end |
#validate_uid! ⇒ Object
51 52 53 54 55 |
# File 'lib/omniauth/strategies/wsfed/auth_callback_validator.rb', line 51 def validate_uid! if auth_callback.name_id.nil? || auth_callback.name_id.empty? raise OmniAuth::Strategies::WSFed::ValidationError.new(NO_USER_IDENTIFIER) end end |