Class: SAML::User

Inherits:

Object

Object
SAML::User

show all

Includes:: SentryLogging

Defined in:: lib/saml/user.rb

Constant Summary collapse

UNKNOWN_AUTHN_CONTEXT =

'unknown'

MHV_ORIGINAL_CSID =

'mhv'

MHV_MAPPED_CSID =

'myhealthevet'

IDME_CSID =

'idme'

DSLOGON_CSID =

'dslogon'

LOGINGOV_CSID =

'logingov'

AUTHN_CONTEXTS =

{
  LOA::IDME_LOA1_VETS => { loa_current: LOA::ONE, sign_in: { service_name: IDME_CSID } },
  LOA::IDME_LOA1_2FA => { loa_current: LOA::ONE, sign_in: { service_name: IDME_CSID } },
  LOA::IDME_LOA1_MFA => { loa_current: LOA::ONE, sign_in: { service_name: IDME_CSID } },
  LOA::IDME_LOA3_VETS => { loa_current: LOA::THREE, sign_in: { service_name: IDME_CSID } },
  LOA::IDME_LOA3 => { loa_current: LOA::THREE, sign_in: { service_name: IDME_CSID } },
  'multifactor' => { loa_current: nil, sign_in: { service_name: IDME_CSID } },
  'myhealthevet_multifactor' => { loa_current: nil, sign_in: { service_name: MHV_ORIGINAL_CSID } },
  'myhealthevet_loa3' => { loa_current: LOA::THREE, sign_in: { service_name: MHV_ORIGINAL_CSID } },
  'dslogon_multifactor' => { loa_current: nil, sign_in: { service_name: DSLOGON_CSID } },
  'dslogon_loa3' => { loa_current: LOA::THREE, sign_in: { service_name: DSLOGON_CSID } },
  'myhealthevet' => { loa_current: nil, sign_in: { service_name: MHV_ORIGINAL_CSID } },
  'dslogon' => { loa_current: nil, sign_in: { service_name: DSLOGON_CSID } },
  LOA::IDME_LOA3_2FA => { loa_current: LOA::THREE, sign_in: { service_name: IDME_CSID } },
  LOA::IDME_LOA3_MFA => { loa_current: LOA::THREE, sign_in: { service_name: IDME_CSID } },
  IAL::LOGIN_GOV_IAL1 => { loa_current: LOA::ONE, sign_in: { service_name: LOGINGOV_CSID } },
  IAL::LOGIN_GOV_IAL1_2FA => { loa_current: LOA::ONE, sign_in: { service_name: LOGINGOV_CSID } },
  IAL::LOGIN_GOV_IAL1_MFA => { loa_current: LOA::ONE, sign_in: { service_name: LOGINGOV_CSID } },
  IAL::LOGIN_GOV_IAL2 => { loa_current: LOA::THREE, sign_in: { service_name: LOGINGOV_CSID } },
  IAL::LOGIN_GOV_IAL2_2FA => { loa_current: LOA::THREE, sign_in: { service_name: LOGINGOV_CSID } },
  IAL::LOGIN_GOV_IAL2_MFA => { loa_current: LOA::THREE, sign_in: { service_name: LOGINGOV_CSID } }
}.freeze

LOGIN_TYPES =

[MHV_ORIGINAL_CSID, IDME_CSID, DSLOGON_CSID, LOGINGOV_CSID].freeze

Instance Attribute Summary collapse

#saml_attributes ⇒ Object readonly

Returns the value of attribute saml_attributes.
#saml_response ⇒ Object readonly

Returns the value of attribute saml_response.
#tracker_uuid ⇒ Object readonly

Returns the value of attribute tracker_uuid.
#user_attributes ⇒ Object readonly

Returns the value of attribute user_attributes.

Instance Method Summary collapse

#authn_context ⇒ Object private
#changing_multifactor? ⇒ Boolean
#initialize(saml_response) ⇒ User constructor

A new instance of User.
#validate! ⇒ Object

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger, #set_sentry_metadata

Constructor Details

#initialize(saml_response) ⇒ `User`

Returns a new instance of User.

# File 'lib/saml/user.rb', line 48

def initialize(saml_response)
  @saml_response = saml_response
  @saml_attributes = saml_response.attributes
  @tracker_uuid = saml_response.in_response_to

  Sentry.set_extras(
    saml_attributes: saml_attributes&.to_h,
    saml_response: Base64.encode64(saml_response&.response || '')
  )

  @user_attributes = SAML::UserAttributes::SSOe.new(saml_attributes, authn_context, tracker_uuid)

  Sentry.set_tags(
    sign_in_service_name: user_attributes.sign_in&.fetch(:service_name, nil),
    sign_in_account_type: user_attributes.sign_in&.fetch(:account_type, nil),
    sign_in_auth_broker: user_attributes.sign_in&.fetch(:auth_broker, nil)
  )
end

Instance Attribute Details

#saml_attributes ⇒ `Object` (readonly)

Returns the value of attribute saml_attributes.



43
44
45

# File 'lib/saml/user.rb', line 43

def saml_attributes
  @saml_attributes
end

#saml_response ⇒ `Object` (readonly)

Returns the value of attribute saml_response.



43
44
45

# File 'lib/saml/user.rb', line 43

def saml_response
  @saml_response
end

#tracker_uuid ⇒ `Object` (readonly)

Returns the value of attribute tracker_uuid.



43
44
45

# File 'lib/saml/user.rb', line 43

def tracker_uuid
  @tracker_uuid
end

#user_attributes ⇒ `Object` (readonly)

Returns the value of attribute user_attributes.



43
44
45

# File 'lib/saml/user.rb', line 43

def user_attributes
  @user_attributes
end

Instance Method Details

#authn_context ⇒ `Object` (private)

# File 'lib/saml/user.rb', line 79

def authn_context
  saml_response.authn_context_text
rescue
  Sentry.set_tags(controller_name: 'sessions', sign_in_method: 'not-signed-in:error')
  raise
end

#changing_multifactor? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/saml/user.rb', line 71

def changing_multifactor?
  return false if authn_context.nil?

  authn_context.include?('multifactor')
end

#validate! ⇒ `Object`



67
68
69

# File 'lib/saml/user.rb', line 67

def validate!
  @user_attributes.validate!
end

Class: SAML::User

Constant Summary collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from SentryLogging

Constructor Details

#initialize(saml_response) ⇒ User

Instance Attribute Details

#saml_attributes ⇒ Object (readonly)

#saml_response ⇒ Object (readonly)

#tracker_uuid ⇒ Object (readonly)

#user_attributes ⇒ Object (readonly)