Module: SSO::Server::Passports

Extended by:
Logging
Defined in:
lib/sso/server/passports.rb,
lib/sso/server/passports/activity.rb

Overview

This is the one interaction point with persisting and querying Passports.

Defined Under Namespace

Classes: Activity

Class Method Summary collapse

Methods included from Logging

debug, error, fatal, info, logger, progname, warn

Class Method Details

.find(id) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
 
# File 'lib/sso/server/passports.rb', line 7

def self.find(id)
  record = backend.find_by_id(id)

  if record
    Operations.success(:record_found, object: record)
  else
    Operations.failure :record_not_found
  end

rescue => exception
  Operations.failure :backend_error, object: exception
end

.find_by_access_token_id(id) ⇒ Object 



20
21
22
23
24
25
26
27
28
 
# File 'lib/sso/server/passports.rb', line 20

def self.find_by_access_token_id(id)
  record = backend.where(revoked_at: nil).find_by_oauth_access_token_id(id)

  if record
    Operations.success(:record_found, object: record)
  else
    Operations.failure :record_not_found
  end
end

.generate(owner_id:, ip:, agent:, device: nil) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/sso/server/passports.rb', line 30

def self.generate(owner_id:, ip:, agent:, device: nil)
  debug { "Generating Passport for user ID #{owner_id.inspect} and IP #{ip.inspect} and Agent #{agent.inspect} and Device #{device.inspect}" }

  record = backend.create owner_id: owner_id, ip: ip, agent: agent, device: device

  if record.persisted?
    debug { "Successfully generated passport with ID #{record.id}" }
    Operations.success :generation_successful, object: record.id
  else
    Operations.failure :persistence_failed, object: record.errors.to_hash
  end
end

.logout(passport_id:) ⇒ Object 



90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/sso/server/passports.rb', line 90

def self.logout(passport_id:)
  return Operations.failure(:missing_passport_id) if passport_id.blank?

  debug { "Logging out Passport with ID #{passport_id.inspect}" }
  record = backend.find_by_id passport_id
  return Operations.success(:passport_does_not_exist) unless record
  return Operations.success(:passport_already_revoked) if record.revoked_at

  if record.update_attributes revoked_at: Time.now, revoke_reason: :logout
    Operations.success :passport_revoked
  else
    Operations.failure :backend_could_not_revoke_passport
  end
end

.register_access_token_from_grant(grant_token:, access_token:) ⇒ Object 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/sso/server/passports.rb', line 61

def self.register_access_token_from_grant(grant_token:, access_token:)
  access_grant = find_valid_access_grant(grant_token)             { |failure| return failure }
  access_token = find_valid_access_token(access_token)            { |failure| return failure }
  record       = find_valid_passport_by_grant_id(access_grant.id) { |failure| return failure }

  is_insider = access_token.scopes.include? 'insider'

  if record.update_attributes oauth_access_token_id: access_token.id, insider: is_insider
    debug { "Successfully augmented Passport #{record.id} with Access Token ID #{access_token.id} which is #{access_token.token}" }
    Operations.success :passport_known_by_grant_augmented_with_access_token
  else
    Operations.failure :could_not_augment_passport_known_by_grant_with_access_token
  end
end

.register_access_token_from_id(passport_id:, access_token:) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/sso/server/passports.rb', line 76

def self.register_access_token_from_id(passport_id:, access_token:)
  access_token = find_valid_access_token(access_token) { |failure| return failure }
  record       = find_valid_passport(passport_id)      { |failure| return failure }

  is_insider = access_token.scopes.include? 'insider'

  if record.update_attributes oauth_access_token_id: access_token.id, insider: is_insider
    debug { "Successfully augmented #{is_insider ? :insider : :outsider} Passport #{record.id} with Access Token ID #{access_token.id} which is #{access_token.token}" }
    Operations.success :passport_augmented_with_access_token
  else
    Operations.failure :could_not_augment_passport_with_access_token
  end
end

.register_authorization_grant(passport_id:, token:) ⇒ Object 



49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/sso/server/passports.rb', line 49

def self.register_authorization_grant(passport_id:, token:)
  record       = find_valid_passport(passport_id) { |failure| return failure }
  access_grant = find_valid_access_grant(token)   { |failure| return failure }

  if record.update_attribute :oauth_access_grant_id, access_grant.id
    debug { "Successfully augmented Passport #{record.id} with Authorization Grant ID #{access_grant.id} which is #{access_grant.token}" }
    Operations.success :passport_augmented_with_access_token
  else
    Operations.failure :could_not_augment_passport_with_access_token
  end
end

.update_activity(passport_id:, request:) ⇒ Object 



43
44
45
46
47
 
# File 'lib/sso/server/passports.rb', line 43

def self.update_activity(passport_id:, request:)
  record = find_valid_passport(passport_id) { |failure| return failure }

  ::SSO::Server::Passports::Activity.new(passport: record, request: request).call
end