Class: SAML::PostURLService
- Inherits:
-
URLService
- Object
- URLService
- SAML::PostURLService
- Includes:
- SentryLogging
- Defined in:
- lib/saml/post_url_service.rb
Overview
This class is responsible for providing the requests for the various SSO and SLO endpoints. It provides a similar interface to URLService, but for most endpoints it returns an SSO URL and form request parameters for use in a SAML POST submission, instead of a self-contained redirect URL.
Constant Summary
Constants inherited from URLService
URLService::BROKER_CODE, URLService::LOGIN_REDIRECT_PARTIAL, URLService::LOGOUT_REDIRECT_PARTIAL, URLService::MOBILE_CLIENT_ID, URLService::TERMS_OF_USE_DECLINED_PATH, URLService::TERMS_OF_USE_ENABLED_CLIENTS, URLService::UNIFIED_SIGN_IN_CLIENTS, URLService::VIRTUAL_HOST_MAPPINGS, URLService::WEB_CLIENT_ID
Instance Attribute Summary
Attributes inherited from URLService
#authn_context, #query_params, #saml_settings, #session, #tracker, #type, #user
Instance Method Summary collapse
-
#initialize(saml_settings, session: nil, user: nil, params: {}, loa3_context: LOA::IDME_LOA3_VETS) ⇒ PostURLService
constructor
A new instance of PostURLService.
- #login_redirect_url(auth: 'success', code: nil, request_id: nil) ⇒ Object
- #logout_redirect_url ⇒ Object
-
#ssoe_slo_url ⇒ Object
logout URL for SSOe.
- #terms_of_use_redirect_url ⇒ Object
- #tou_declined_logout_redirect_url ⇒ Object
Methods included from SentryLogging
#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger
Methods inherited from URLService
#base_redirect_url, #callback_verify_url, #custom_url, #idme_signup_url, #login_url, #logingov_signup_url, #mfa_url, #slo_url, #verify_url
Constructor Details
#initialize(saml_settings, session: nil, user: nil, params: {}, loa3_context: LOA::IDME_LOA3_VETS) ⇒ PostURLService
Returns a new instance of PostURLService.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/saml/post_url_service.rb', line 17 def initialize(saml_settings, session: nil, user: nil, params: {}, loa3_context: LOA::IDME_LOA3_VETS) unless %w[new saml_callback saml_logout_callback ssoe_slo_callback].include?(params[:action]) raise Common::Exceptions::RoutingError, params[:path] end if session.present? @session = session @user = user @authn_context = user&.authn_context end @saml_settings = saml_settings @loa3_context = loa3_context if (params[:action] == 'saml_callback') && params[:RelayState].present? @type = JSON.parse(CGI.unescapeHTML(params[:RelayState]))['type'] end @query_params = {} @tracker = initialize_tracker(params) Raven.extra_context(params:) Raven.user_context(session:, user:) end |
Instance Method Details
#login_redirect_url(auth: 'success', code: nil, request_id: nil) ⇒ Object
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/saml/post_url_service.rb', line 41 def login_redirect_url(auth: 'success', code: nil, request_id: nil) return client_redirect_target if auth == 'success' && @tracker.payload_attr(:redirect).present? # if the original auth request was an inbound ssoe autologin (type custom) # and authentication failed, set 'force-needed' so the FE can silently fail # authentication and NOT show the user an error page auth = 'force-needed' if auth != 'success' && @tracker&.payload_attr(:type) == 'custom' set_query_params(auth, code, request_id) if Settings.saml_ssoe.relay.present? add_query(Settings.saml_ssoe.relay, query_params) else add_query("#{base_redirect_url}#{LOGIN_REDIRECT_PARTIAL}", query_params) end end |
#logout_redirect_url ⇒ Object
57 58 59 |
# File 'lib/saml/post_url_service.rb', line 57 def logout_redirect_url "#{base_redirect_url}#{LOGOUT_REDIRECT_PARTIAL}" end |
#ssoe_slo_url ⇒ Object
logout URL for SSOe
75 76 77 |
# File 'lib/saml/post_url_service.rb', line 75 def ssoe_slo_url Settings.saml_ssoe.logout_url end |
#terms_of_use_redirect_url ⇒ Object
65 66 67 68 69 70 71 72 |
# File 'lib/saml/post_url_service.rb', line 65 def terms_of_use_redirect_url application = @tracker&.payload_attr(:application) || 'vaweb' if TERMS_OF_USE_ENABLED_CLIENTS.include?(application) add_query(terms_of_use_url, { redirect_url: login_redirect_url }) else login_redirect_url end end |
#tou_declined_logout_redirect_url ⇒ Object
61 62 63 |
# File 'lib/saml/post_url_service.rb', line 61 def tou_declined_logout_redirect_url "#{base_redirect_url}#{TERMS_OF_USE_DECLINED_PATH}" end |