Class: OpenID::PAPE::Response

Inherits:

Extension

• Object
• Extension
• OpenID::PAPE::Response

Defined in:

lib/openid/extensions/pape.rb

Overview

A Provider Authentication Policy response, sent from a provider to a relying party

Instance Attribute Summary

• #auth_policies ⇒ Object

  Returns the value of attribute auth_policies.

• #auth_time ⇒ Object

  Returns the value of attribute auth_time.

• #nist_auth_level ⇒ Object

  Returns the value of attribute nist_auth_level.

• #ns_alias ⇒ Object

  Returns the value of attribute ns_alias.

Class Method Summary

• .from_success_response(success_response) ⇒ Object

  Create a Response object from an OpenID::Consumer::SuccessResponse.

Instance Method Summary

• #add_policy_uri(policy_uri) ⇒ Object

  Add a policy URI to the response see openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies.

• #get_extension_args ⇒ Object
• #initialize(auth_policies = [], auth_time = nil, nist_auth_level = nil) ⇒ Response constructor

  A new instance of Response.

• #parse_extension_args(args, strict = false) ⇒ Object

  parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered.

Methods inherited from Extension

#to_message

Constructor Details

#initialize(auth_policies = [], auth_time = nil, nist_auth_level = nil) ⇒ Response

Returns a new instance of Response.

# File 'lib/openid/extensions/pape.rb', line 90

def initialize(auth_policies=[], auth_time=nil, nist_auth_level=nil)
  @ns_alias = 'pape'
  @ns_uri = NS_URI
  @auth_policies = auth_policies
  @auth_time = auth_time
  @nist_auth_level = nist_auth_level
end

Instance Attribute Details

#auth_policies ⇒ Object

Returns the value of attribute auth_policies.

# File 'lib/openid/extensions/pape.rb', line 89

def auth_policies
  @auth_policies
end

#auth_time ⇒ Object

Returns the value of attribute auth_time.

# File 'lib/openid/extensions/pape.rb', line 89

def auth_time
  @auth_time
end

#nist_auth_level ⇒ Object

Returns the value of attribute nist_auth_level.

# File 'lib/openid/extensions/pape.rb', line 89

def nist_auth_level
  @nist_auth_level
end

#ns_alias ⇒ Object

Returns the value of attribute ns_alias.

# File 'lib/openid/extensions/pape.rb', line 89

def ns_alias
  @ns_alias
end

Class Method Details

.from_success_response(success_response) ⇒ Object

Create a Response object from an OpenID::Consumer::SuccessResponse

# File 'lib/openid/extensions/pape.rb', line 105

def self.from_success_response(success_response)
  args = success_response.get_signed_ns(NS_URI)
  return nil if args.nil?
  pape_resp = new
  pape_resp.parse_extension_args(args)
  return pape_resp
end

Instance Method Details

#add_policy_uri(policy_uri) ⇒ Object

Add a policy URI to the response see openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies

# File 'lib/openid/extensions/pape.rb', line 100

def add_policy_uri(policy_uri)
  @auth_policies << policy_uri unless @auth_policies.member?(policy_uri)
end

#get_extension_args ⇒ Object

# File 'lib/openid/extensions/pape.rb', line 153

def get_extension_args
  ns_args = {}
  if @auth_policies.empty?
    ns_args['auth_policies'] = 'none'
  else
    ns_args['auth_policies'] = @auth_policies.join(' ')
  end
  if @nist_auth_level
    unless (0..4).member? @nist_auth_level
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{@nist_auth_level.inspect}"
    end
    ns_args['nist_auth_level'] = @nist_auth_level.to_s
  end

  if @auth_time
    unless @auth_time =~ TIME_VALIDATOR
      raise ArgumentError, "auth_time must be in RFC3339 format"
    end
    ns_args['auth_time'] = @auth_time
  end
  return ns_args
end

#parse_extension_args(args, strict = false) ⇒ Object

parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered

# File 'lib/openid/extensions/pape.rb', line 117

def parse_extension_args(args, strict=false)
  policies_str = args['auth_policies']
  if policies_str and policies_str != 'none'
    @auth_policies = policies_str.split(' ')
  end

  nist_level_str = args['nist_auth_level']
  if nist_level_str
    # special handling of zero to handle to_i behavior
    if nist_level_str.strip == '0'
      nist_level = 0
    else
      nist_level = nist_level_str.to_i
      # if it's zero here we have a bad value
      if nist_level == 0
        nist_level = nil
      end
    end
    if nist_level and nist_level >= 0 and nist_level < 5
      @nist_auth_level = nist_level
    elsif strict
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{nist_level_str.inspect}"
    end
  end

  auth_time_str = args['auth_time']
  if auth_time_str
    # validate time string
    if auth_time_str =~ TIME_VALIDATOR
      @auth_time = auth_time_str
    elsif strict
      raise ArgumentError, "auth_time must be in RFC3339 format"
    end
  end
end