Class: Login::UserVerifier
- Inherits:
-
Object
- Object
- Login::UserVerifier
- Defined in:
- app/services/login/user_verifier.rb
Constant Summary collapse
- MHV_TYPE =
:mhv_uuid- IDME_TYPE =
:idme_uuid- DSLOGON_TYPE =
:dslogon_uuid- LOGINGOV_TYPE =
:logingov_uuid
Instance Attribute Summary collapse
-
#auth_broker ⇒ Object
readonly
private
Returns the value of attribute auth_broker.
-
#deprecated_log ⇒ Object
readonly
private
Returns the value of attribute deprecated_log.
-
#dslogon_uuid ⇒ Object
readonly
private
Returns the value of attribute dslogon_uuid.
-
#icn ⇒ Object
readonly
private
Returns the value of attribute icn.
-
#idme_uuid ⇒ Object
readonly
private
Returns the value of attribute idme_uuid.
-
#login_type ⇒ Object
readonly
private
Returns the value of attribute login_type.
-
#logingov_uuid ⇒ Object
readonly
private
Returns the value of attribute logingov_uuid.
-
#mhv_uuid ⇒ Object
readonly
private
Returns the value of attribute mhv_uuid.
-
#new_user_log ⇒ Object
readonly
private
Returns the value of attribute new_user_log.
-
#user_account_mismatch_log ⇒ Object
readonly
private
Returns the value of attribute user_account_mismatch_log.
Instance Method Summary collapse
-
#attempt_secondary_idme_identifier ⇒ Object
private
ID.me uuid has historically been a primary identifier, even for non-ID.me credentials.
- #backing_idme_uuid ⇒ Object private
- #backing_idme_uuid_has_changed? ⇒ Boolean private
- #create_user_verification ⇒ Object private
- #deprecate_unverified_user_account ⇒ Object private
- #existing_user_account ⇒ Object private
-
#find_or_create_user_verification ⇒ Object
private
Queries for a UserVerification on the user, based off the credential identifier If a UserVerification doesn’t exist, create one and a UserAccount record associated with that UserVerification.
- #identifier ⇒ Object private
-
#initialize(user) ⇒ UserVerifier
constructor
A new instance of UserVerifier.
- #locked ⇒ Object private
- #perform ⇒ Object
- #post_transaction_message_logs ⇒ Object private
- #set_deprecated_log(deprecated_user_account_id, user_verification_id, user_account_id) ⇒ Object private
- #set_new_user_log ⇒ Object private
- #type ⇒ Object private
- #type_with_backing_idme_uuid ⇒ Object private
- #update_backing_idme_uuid ⇒ Object private
- #update_existing_user_verification ⇒ Object private
- #update_newly_verified_user ⇒ Object private
- #user_verification ⇒ Object private
- #user_verification_needs_to_be_updated? ⇒ Boolean private
Constructor Details
#initialize(user) ⇒ UserVerifier
Returns a new instance of UserVerifier.
5 6 7 8 9 10 11 12 13 14 15 |
# File 'app/services/login/user_verifier.rb', line 5 def initialize(user) @login_type = user.sign_in&.dig(:service_name) @auth_broker = user.sign_in&.dig(:auth_broker) @mhv_uuid = user.mhv_correlation_id @idme_uuid = user.idme_uuid @dslogon_uuid = user.edipi @logingov_uuid = user.logingov_uuid @icn = user.icn.presence @deprecated_log = nil @user_account_mismatch_log = nil end |
Instance Attribute Details
#auth_broker ⇒ Object (readonly, private)
Returns the value of attribute auth_broker.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def auth_broker @auth_broker end |
#deprecated_log ⇒ Object (readonly, private)
Returns the value of attribute deprecated_log.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def deprecated_log @deprecated_log end |
#dslogon_uuid ⇒ Object (readonly, private)
Returns the value of attribute dslogon_uuid.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def dslogon_uuid @dslogon_uuid end |
#icn ⇒ Object (readonly, private)
Returns the value of attribute icn.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def icn @icn end |
#idme_uuid ⇒ Object (readonly, private)
Returns the value of attribute idme_uuid.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def idme_uuid @idme_uuid end |
#login_type ⇒ Object (readonly, private)
Returns the value of attribute login_type.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def login_type @login_type end |
#logingov_uuid ⇒ Object (readonly, private)
Returns the value of attribute logingov_uuid.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def logingov_uuid @logingov_uuid end |
#mhv_uuid ⇒ Object (readonly, private)
Returns the value of attribute mhv_uuid.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def mhv_uuid @mhv_uuid end |
#new_user_log ⇒ Object (readonly, private)
Returns the value of attribute new_user_log.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def new_user_log @new_user_log end |
#user_account_mismatch_log ⇒ Object (readonly, private)
Returns the value of attribute user_account_mismatch_log.
23 24 25 |
# File 'app/services/login/user_verifier.rb', line 23 def user_account_mismatch_log @user_account_mismatch_log end |
Instance Method Details
#attempt_secondary_idme_identifier ⇒ Object (private)
ID.me uuid has historically been a primary identifier, even for non-ID.me credentials. For now it is still worth attempting to use it as a backup identifier
134 135 136 137 138 139 140 |
# File 'app/services/login/user_verifier.rb', line 134 def attempt_secondary_idme_identifier @type = :idme_uuid @identifier = idme_uuid raise Errors::UserVerificationNotCreatedError if identifier.nil? Rails.logger.info("[Login::UserVerifier] Attempting alternate type=#{type} identifier=#{identifier}") end |
#backing_idme_uuid ⇒ Object (private)
156 157 158 |
# File 'app/services/login/user_verifier.rb', line 156 def backing_idme_uuid @backing_idme_uuid ||= type_with_backing_idme_uuid ? idme_uuid : nil end |
#backing_idme_uuid_has_changed? ⇒ Boolean (private)
112 113 114 |
# File 'app/services/login/user_verifier.rb', line 112 def backing_idme_uuid_has_changed? backing_idme_uuid != user_verification.backing_idme_uuid end |
#create_user_verification ⇒ Object (private)
98 99 100 101 102 103 104 105 106 |
# File 'app/services/login/user_verifier.rb', line 98 def create_user_verification set_new_user_log verified_at = icn ? Time.zone.now : nil UserVerification.create!(type => identifier, user_account: existing_user_account || UserAccount.new(icn:), backing_idme_uuid:, verified_at:, locked:) end |
#deprecate_unverified_user_account ⇒ Object (private)
84 85 86 87 88 89 90 |
# File 'app/services/login/user_verifier.rb', line 84 def deprecate_unverified_user_account deprecated_user_account = user_verification.user_account DeprecatedUserAccount.create!(user_account: deprecated_user_account, user_verification:) user_verification.update(user_account: existing_user_account, verified_at: Time.zone.now) set_deprecated_log(deprecated_user_account.id, user_verification.id, existing_user_account.id) end |
#existing_user_account ⇒ Object (private)
148 149 150 |
# File 'app/services/login/user_verifier.rb', line 148 def existing_user_account @existing_user_account ||= icn ? UserAccount.find_by(icn:) : nil end |
#find_or_create_user_verification ⇒ Object (private)
Queries for a UserVerification on the user, based off the credential identifier If a UserVerification doesn’t exist, create one and a UserAccount record associated with that UserVerification
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'app/services/login/user_verifier.rb', line 42 def find_or_create_user_verification if identifier.nil? Rails.logger.info("[Login::UserVerifier] Nil identifier for type=#{type}") attempt_secondary_idme_identifier end ActiveRecord::Base.transaction do if user_verification update_existing_user_verification if user_verification_needs_to_be_updated? update_backing_idme_uuid if backing_idme_uuid_has_changed? else create_user_verification end end user_verification end |
#identifier ⇒ Object (private)
177 178 179 180 181 182 183 184 185 186 187 188 |
# File 'app/services/login/user_verifier.rb', line 177 def identifier @identifier ||= case type when MHV_TYPE mhv_uuid when IDME_TYPE idme_uuid when DSLOGON_TYPE dslogon_uuid when LOGINGOV_TYPE logingov_uuid end end |
#locked ⇒ Object (private)
142 143 144 145 146 |
# File 'app/services/login/user_verifier.rb', line 142 def locked return false unless existing_user_account @locked ||= existing_user_account.user_verifications.send(login_type).where(locked: true).present? end |
#perform ⇒ Object
17 18 19 |
# File 'app/services/login/user_verifier.rb', line 17 def perform find_or_create_user_verification end |
#post_transaction_message_logs ⇒ Object (private)
121 122 123 124 125 |
# File 'app/services/login/user_verifier.rb', line 121 def Rails.logger.info(deprecated_log) if deprecated_log Rails.logger.info(user_account_mismatch_log) if user_account_mismatch_log Rails.logger.info(new_user_log, { icn: }) if new_user_log end |
#set_deprecated_log(deprecated_user_account_id, user_verification_id, user_account_id) ⇒ Object (private)
127 128 129 130 |
# File 'app/services/login/user_verifier.rb', line 127 def set_deprecated_log(deprecated_user_account_id, user_verification_id, user_account_id) @deprecated_log = "[Login::UserVerifier] Deprecating UserAccount id=#{deprecated_user_account_id}, " \ "Updating UserVerification id=#{user_verification_id} with UserAccount id=#{user_account_id}" end |
#set_new_user_log ⇒ Object (private)
116 117 118 119 |
# File 'app/services/login/user_verifier.rb', line 116 def set_new_user_log @new_user_log = '[Login::UserVerifier] New VA.gov user, ' \ "type=#{login_type}, broker=#{auth_broker}, identifier=#{identifier}, locked=#{locked}" end |
#type ⇒ Object (private)
164 165 166 167 168 169 170 171 172 173 174 175 |
# File 'app/services/login/user_verifier.rb', line 164 def type @type ||= case login_type when SAML::User::MHV_ORIGINAL_CSID MHV_TYPE when SAML::User::IDME_CSID IDME_TYPE when SAML::User::DSLOGON_CSID DSLOGON_TYPE when SAML::User::LOGINGOV_CSID LOGINGOV_TYPE end end |
#type_with_backing_idme_uuid ⇒ Object (private)
160 161 162 |
# File 'app/services/login/user_verifier.rb', line 160 def type_with_backing_idme_uuid type == MHV_TYPE || type == DSLOGON_TYPE end |
#update_backing_idme_uuid ⇒ Object (private)
80 81 82 |
# File 'app/services/login/user_verifier.rb', line 80 def update_backing_idme_uuid user_verification.update(backing_idme_uuid:) end |
#update_existing_user_verification ⇒ Object (private)
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'app/services/login/user_verifier.rb', line 60 def update_existing_user_verification if existing_user_account if user_verification.verified? @user_account_mismatch_log = '[Login::UserVerifier] User Account Mismatch for ' \ "UserVerification id=#{user_verification.id}, " \ "UserAccount id=#{user_verification.user_account.id}, " \ "icn=#{user_verification.user_account.icn}, conflicts with " \ "UserAccount id=#{existing_user_account.id} " \ "icn=#{existing_user_account.icn} " \ "Setting UserVerification id=#{user_verification.id} " \ "association to UserAccount id=#{existing_user_account.id}" user_verification.update(user_account: existing_user_account) else deprecate_unverified_user_account end else update_newly_verified_user end end |
#update_newly_verified_user ⇒ Object (private)
92 93 94 95 96 |
# File 'app/services/login/user_verifier.rb', line 92 def update_newly_verified_user user_verification_account = user_verification.user_account user_verification.update(verified_at: Time.zone.now) user_verification_account.update(icn:) end |
#user_verification ⇒ Object (private)
152 153 154 |
# File 'app/services/login/user_verifier.rb', line 152 def user_verification @user_verification ||= identifier ? UserVerification.find_by(type => identifier) : nil end |
#user_verification_needs_to_be_updated? ⇒ Boolean (private)
108 109 110 |
# File 'app/services/login/user_verifier.rb', line 108 def user_verification_needs_to_be_updated? icn.present? && user_verification.user_account != existing_user_account end |