Class: SSO::Server::Passport
- Inherits:
-
ActiveRecord::Base
- Object
- ActiveRecord::Base
- SSO::Server::Passport
show all
- Includes:
- Benchmarking, Logging
- Defined in:
- lib/sso/server/passport.rb
Overview
This could be MongoDB or whatever
Instance Attribute Summary collapse
Instance Method Summary
collapse
#benchmark
Methods included from Meter
#caller_name, #metric, #timing, #track
Methods included from Logging
#debug, #error, #fatal, #info, #logger, #progname, #warn
Instance Attribute Details
#chip ⇒ Object
Returns the value of attribute chip.
22
23
24
|
# File 'lib/sso/server/passport.rb', line 22
def chip
@chip
end
|
#user ⇒ Object
Returns the value of attribute user.
21
22
23
|
# File 'lib/sso/server/passport.rb', line 21
def user
@user
end
|
Instance Method Details
#chip! ⇒ Object
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
# File 'lib/sso/server/passport.rb', line 64
def chip!
benchmark(name: 'Passport chip encryption') do
ensure_secret
cipher = chip_digest
cipher.encrypt
cipher.key = chip_key
chip_iv = cipher.random_iv
ciphertext = cipher.update chip_plaintext
ciphertext << cipher.final
debug { "The Passport chip plaintext #{chip_plaintext.inspect} was encrypted using key #{chip_key.inspect} and IV #{chip_iv.inspect} and resultet in ciphertext #{ciphertext.inspect}" }
chip = [Base64.encode64(ciphertext).strip, Base64.encode64(chip_iv).strip].join('|')
logger.debug { "Augmented passport #{id.inspect} with chip #{chip.inspect}" }
chip
end
end
|
#chip_digest ⇒ Object
84
85
86
|
# File 'lib/sso/server/passport.rb', line 84
def chip_digest
OpenSSL::Cipher::AES256.new :CBC
end
|
#chip_key ⇒ Object
88
89
90
|
# File 'lib/sso/server/passport.rb', line 88
def chip_key
SSO.config.passport_chip_key
end
|
#chip_plaintext ⇒ Object
Don’t get confused, the chip plaintext is the passport secret
93
94
95
|
# File 'lib/sso/server/passport.rb', line 93
def chip_plaintext
[id, secret].join '|'
end
|
#create_chip! ⇒ Object
60
61
62
|
# File 'lib/sso/server/passport.rb', line 60
def create_chip!
@chip = chip!
end
|
#export ⇒ Object
24
25
26
27
28
29
30
31
32
33
|
# File 'lib/sso/server/passport.rb', line 24
def export
debug { "Exporting Passport #{id} including the encapsulated user." }
{
id: id,
secret: secret,
state: state,
chip: chip,
user: user,
}
end
|
#load_user! ⇒ Object
56
57
58
|
# File 'lib/sso/server/passport.rb', line 56
def load_user!
@user = SSO.config.find_user_for_passport.call passport: reload
end
|
#state ⇒ Object
39
40
41
42
43
44
45
46
|
# File 'lib/sso/server/passport.rb', line 39
def state
if user
@state ||= state!
else
warn { 'Wait a minute, this Passport is not encapsulating a user!' }
'missing_user_for_state_calculation'
end
end
|
#state! ⇒ Object
48
49
50
51
52
53
54
|
# File 'lib/sso/server/passport.rb', line 48
def state!
result = benchmark(name: 'Passport user state calculation') do
OpenSSL::HMAC.hexdigest user_state_digest, user_state_key, user_state_base
end
debug { "The user state is #{result.inspect}" }
result
end
|
#to_s ⇒ Object
35
36
37
|
# File 'lib/sso/server/passport.rb', line 35
def to_s
['Passport', owner_id, ip, activity_at].join ', '
end
|
#user_state_base ⇒ Object
101
102
103
|
# File 'lib/sso/server/passport.rb', line 101
def user_state_base
::SSO.config.user_state_base.call user
end
|
#user_state_digest ⇒ Object
80
81
82
|
# File 'lib/sso/server/passport.rb', line 80
def user_state_digest
OpenSSL::Digest.new 'sha1'
end
|
#user_state_key ⇒ Object
97
98
99
|
# File 'lib/sso/server/passport.rb', line 97
def user_state_key
::SSO.config.user_state_key
end
|