Class: Okta::UserProfile

Inherits:
Object
  • Object
show all
Defined in:
lib/okta/user_profile.rb

Overview

Wraps user response to simplify the interface to LOA data as it is stored in the user’s profile.

Constant Summary collapse

DSLOGON_PREMIUM_LOAS = 
%w[2 3].freeze
MHV_PREMIUM_LOAS = 
%w[Premium].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(attrs) ⇒ UserProfile

Returns a new instance of UserProfile.



9
10
11
 
# File 'lib/okta/user_profile.rb', line 9

def initialize(attrs)
  @attrs = attrs
end

Instance Attribute Details

#attrsObject (readonly)

Returns the value of attribute attrs.



13
14
15
 
# File 'lib/okta/user_profile.rb', line 13

def attrs
  @attrs
end

Instance Method Details

#derived_loaObject 



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/okta/user_profile.rb', line 17

def derived_loa
  if @attrs['last_login_type'] == 'myhealthevet'
    ml = MHV_PREMIUM_LOAS.include?(@attrs['mhv_account_type']) ? 3 : 1
    { current: ml, highest: ml }
  elsif @attrs['last_login_type'] == 'dslogon'
    dl = DSLOGON_PREMIUM_LOAS.include?(@attrs['dslogon_assurance']) ? 3 : 1
    { current: dl, highest: dl }
  # SSOe combines LOA into a single field for all 3 login types
  elsif %w[200DOD 200VIDM 200MHV].include?(@attrs['last_login_type'])
    { current: @attrs['loa']&.to_i, highest: @attrs['loa']&.to_i }
  # Login.gov moves to IAL/AAL as the preferred method
  # Minimum IAL2 includes identity verification, AAL2 includes 2FA
  # Together will be treated as LOA3
  elsif @attrs['last_login_type'] == 'logingov'
    ial = @attrs['ial']&.to_i
    aal = @attrs['aal']&.to_i
    return { current: 1, highest: 1 } if ial.nil? || aal.nil?

    ll = ial >= 2 && aal >= 2 ? 3 : 1
    { current: ll, highest: ll }
  else
    { current: @attrs['idme_loa']&.to_i, highest: @attrs['idme_loa']&.to_i }
  end
end