Class: IAMUserIdentity
- Inherits:
-
UserIdentity
- Object
- Common::RedisStore
- UserIdentity
- IAMUserIdentity
- Extended by:
- Identity::Parsers::GCIdsHelper, SentryLogging
- Defined in:
- app/models/iam_user_identity.rb
Overview
Subclasses the ‘UserIdentity` model. Adds a unique redis namespace for IAM user identities. Like the it’s base model it acts as an adapter for the attributes from the IAMSSOeOAuth::Service’s introspect endpoint.Adds IAM sourced versions of ICN, EDIPI, and SEC ID to pass to the IAMUser model.
Constant Summary collapse
- PREMIUM_LOAS =
[2, 3].freeze
- UPGRADE_AUTH_TYPES =
%w[DSL MHV].freeze
- MULTIFACTOR_AUTH_TYPES =
%w[IDME LOGINGOV].freeze
Constants inherited from Common::RedisStore
Common::RedisStore::REQ_CLASS_INSTANCE_VARS
Class Method Summary collapse
-
.build_from_iam_profile(iam_profile) ⇒ IAMUserIdentity
Builds an identity instance from the profile returned in the IAM introspect response.
- .multifactor?(loa_level, auth_type) ⇒ Boolean
Instance Method Summary collapse
- #set_expire ⇒ Object
-
#uuid ⇒ String
Users from IAM don’t have a UUID like ID.me, instead we create one from the sec_id and iam_icn.
Methods included from SentryLogging
log_exception_to_sentry, log_message_to_sentry, non_nil_hash?, normalize_level, rails_logger
Methods included from Identity::Parsers::GCIdsHelper
sanitize_edipi, sanitize_id, sanitize_id_array
Methods inherited from UserIdentity
Methods inherited from Common::RedisStore
create, delete, #destroy, #destroyed?, exists?, #expire, find, find_or_build, #initialize, #initialize_dup, keys, #persisted?, pop, redis_key, redis_store, redis_ttl, #save, #save!, #ttl, #update, #update!
Constructor Details
This class inherits a constructor from Common::RedisStore
Class Method Details
.build_from_iam_profile(iam_profile) ⇒ IAMUserIdentity
Builds an identity instance from the profile returned in the IAM introspect response
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'app/models/iam_user_identity.rb', line 34 def self.build_from_iam_profile(iam_profile) loa_level = iam_profile[:fediamassur_level].to_i iam_auth_n_type = iam_profile[:fediamauth_n_type] loa_level = 3 if UPGRADE_AUTH_TYPES.include?(iam_auth_n_type) && PREMIUM_LOAS.include?(loa_level) identity = new( email: iam_profile[:email], expiration_timestamp: iam_profile[:exp], first_name: iam_profile[:given_name], icn: iam_profile[:fediam_mviicn], iam_edipi: sanitize_edipi(iam_profile[:fediam_do_dedipn_id]), iam_sec_id: iam_profile[:fediamsecid], iam_mhv_id: valid_mhv_id(iam_profile[:fediam_mhv_ien]), last_name: iam_profile[:family_name], loa: { current: loa_level, highest: loa_level }, middle_name: iam_profile[:middle_name], multifactor: multifactor?(loa_level, iam_auth_n_type), sign_in: { service_name: "oauth_#{iam_auth_n_type}", account_type: iam_profile[:fediamassur_level], auth_broker: SAML::URLService::BROKER_CODE, client_id: SAML::URLService::MOBILE_CLIENT_ID } ) identity.set_expire identity end |
.multifactor?(loa_level, auth_type) ⇒ Boolean
59 60 61 |
# File 'app/models/iam_user_identity.rb', line 59 def self.multifactor?(loa_level, auth_type) loa_level == LOA::THREE && MULTIFACTOR_AUTH_TYPES.include?(auth_type) end |
Instance Method Details
#set_expire ⇒ Object
63 64 65 |
# File 'app/models/iam_user_identity.rb', line 63 def set_expire redis_namespace.expireat(REDIS_CONFIG[:iam_user_identity][:namespace], ) end |
#uuid ⇒ String
Users from IAM don’t have a UUID like ID.me, instead we create one from the sec_id and iam_icn. It’s used for JSON API object serialization, caching (no longer than a session), and debugging. The hashed value is not reversible and does not reference any external system or database.
72 73 74 |
# File 'app/models/iam_user_identity.rb', line 72 def uuid Digest::UUID.uuid_v5(@iam_sec_id, @icn) end |