Class: RailsBase::Authentication::MfaValidator
- Inherits:
-
ServiceBase
- Object
- ServiceBase
- RailsBase::Authentication::MfaValidator
show all
- Defined in:
- app/services/rails_base/authentication/mfa_validator.rb
Instance Method Summary
collapse
Methods inherited from ServiceBase
inherited, #internal_validate, #service_base_logging
#aletered_message, #class_name, #log, #log_prefix, #logger, #service_id
Instance Method Details
#call ⇒ Object
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 8
def call
array = convert_to_array
if array.length != Constants::MFA_LENGTH
log(level: :warn, msg: "Not enough params for MFA code. Given #{array}. Expected of length #{Constants::MFA_LENGTH}")
context.fail!(message: Constants::MV_FISHY, redirect_url: Constants::URL_HELPER.new_user_session_path, level: :alert)
end
mfa_code = array.join
log(level: :info, msg: "mfa code received: #{mfa_code}")
datum = get_short_lived_datum(mfa_code)
log(level: :info, msg: "Datum returned with: #{datum}")
validate_datum?(datum)
validate_user_consistency?(datum)
validate_current_user?(datum) if current_user
context.user = datum[:user]
end
|
#convert_to_array ⇒ Object
67
68
69
70
71
72
73
74
75
76
77
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 67
def convert_to_array
array = []
return array unless params.dig(:mfa).respond_to? :keys
Constants::MFA_LENGTH.times do |index|
var_name = "#{Constants::MV_BASE_NAME}#{index}".to_sym
array << params[:mfa][var_name]
end
array.compact
end
|
#get_short_lived_datum(mfa_code) ⇒ Object
62
63
64
65
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 62
def get_short_lived_datum(mfa_code)
log(level: :debug, msg: "Looking for #{mfa_code} with reason #{reason}")
ShortLivedData.find_datum(data: mfa_code, reason: reason)
end
|
#reason ⇒ Object
79
80
81
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 79
def reason
input_reason || Constants::MFA_REASON
end
|
#validate! ⇒ Object
83
84
85
86
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 83
def validate!
raise 'Expected the params passed' if params.nil?
raise 'session_mfa_user_id is not present' if session_mfa_user_id.nil?
end
|
#validate_current_user?(datum) ⇒ Boolean
27
28
29
30
31
32
33
34
35
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 27
def validate_current_user?(datum)
return true if current_user.id == datum[:user].id
log(level: :error, msg: "Someone is a teapot. Current logged in user does not equal mfa code.")
context.fail!(message: 'You are a teapot', redirect_url: Constants::URL_HELPER.signout_path, level: :warn)
end
|
#validate_datum?(datum) ⇒ Boolean
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 37
def validate_datum?(datum)
return true if datum[:valid]
if datum[:found]
msg = "Errors with MFA: #{datum[:invalid_reason].join(", ")}. Please login again"
log(level: :warn, msg: msg)
context.fail!(message: msg, redirect_url: Constants::URL_HELPER.new_user_session_path, level: :warn)
end
log(level: :warn, msg: "Could not find MFA code. Incorrect MFA code")
context.fail!(message: "Incorrect MFA code.", redirect_url: Constants::URL_HELPER.mfa_code_path, level: :warn)
end
|
#validate_user_consistency?(datum) ⇒ Boolean
53
54
55
56
57
58
59
60
|
# File 'app/services/rails_base/authentication/mfa_validator.rb', line 53
def validate_user_consistency?(datum)
return true if datum[:user].id == session_mfa_user_id.to_i
log(level: :warn, msg: "Datum user does not match session user. [#{datum[:user].id}, #{session_mfa_user_id.to_i}]")
context.fail!(message: Constants::MV_FISHY, redirect_url: Constants::URL_HELPER.new_user_session_path, level: :alert)
end
|