Class: SignIn::Logingov::Service

Inherits:

Common::Client::Base

• Object
• Common::Client::Base
• SignIn::Logingov::Service

Defined in:

lib/sign_in/logingov/service.rb

Constant Summary

SCOPE =

'profile profile:verified_at address email social_security_number openid'

Instance Method Summary

• #normalized_attributes(user_info, credential_level) ⇒ Object
• #render_auth(state: SecureRandom.hex, acr: Constants::Auth::LOGIN_GOV_IAL1, operation: Constants::Auth::AUTHORIZE) ⇒ Object
• #render_logout(client_logout_redirect_uri) ⇒ Object
• #render_logout_redirect(state) ⇒ Object
• #token(code) ⇒ Object
• #user_info(token) ⇒ Object

Methods inherited from Common::Client::Base

configuration, #raise_backend_exception

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger

Instance Method Details

#normalized_attributes(user_info, credential_level) ⇒ Object

# File 'lib/sign_in/logingov/service.rb', line 51

def normalized_attributes(user_info, credential_level)
  {
    logingov_uuid: user_info.sub,
    current_ial: credential_level.current_ial,
    max_ial: credential_level.max_ial,
    ssn: user_info.social_security_number&.tr('-', ''),
    birth_date: user_info.birthdate,
    first_name: user_info.given_name,
    last_name: user_info.family_name,
    address: normalize_address(user_info.address),
    csp_email: user_info.email,
    multifactor: true,
    service_name: config.service_name,
    authn_context: get_authn_context(credential_level.current_ial),
    auto_uplevel: credential_level.auto_uplevel
  }
end

#render_auth(state: SecureRandom.hex, acr: Constants::Auth::LOGIN_GOV_IAL1, operation: Constants::Auth::AUTHORIZE) ⇒ Object

# File 'lib/sign_in/logingov/service.rb', line 14

def render_auth(state: SecureRandom.hex,
                acr: Constants::Auth::LOGIN_GOV_IAL1,
                operation: Constants::Auth::AUTHORIZE)
  Rails.logger.info('[SignIn][Logingov][Service] Rendering auth, ' \
                    "state: #{state}, acr: #{acr}, operation: #{operation}")
  RedirectUrlGenerator.new(redirect_uri: auth_url, params_hash: auth_params(acr, state)).perform
end

#render_logout(client_logout_redirect_uri) ⇒ Object

# File 'lib/sign_in/logingov/service.rb', line 22

def render_logout(client_logout_redirect_uri)
  "#{sign_out_url}?#{sign_out_params(config.logout_redirect_uri,
                                     encode_logout_redirect(client_logout_redirect_uri)).to_query}"
end

#render_logout_redirect(state) ⇒ Object

# File 'lib/sign_in/logingov/service.rb', line 27

def render_logout_redirect(state)
  state_hash = JSON.parse(Base64.decode64(state))
  logout_redirect_uri = state_hash['logout_redirect']
  RedirectUrlGenerator.new(redirect_uri: URI.parse(logout_redirect_uri).to_s).perform
end

#token(code) ⇒ Object

# File 'lib/sign_in/logingov/service.rb', line 33

def token(code)
  response = perform(
    :post, config.token_path, token_params(code), { 'Content-Type' => 'application/json' }
  )
  Rails.logger.info("[SignIn][Logingov][Service] Token Success, code: #{code}")
  parse_token_response(response.body)
rescue Common::Client::Errors::ClientError => e
  raise_client_error(e, 'Token')
end

#user_info(token) ⇒ Object

# File 'lib/sign_in/logingov/service.rb', line 43

def user_info(token)
  response = perform(:get, config.userinfo_path, nil, { 'Authorization' => "Bearer #{token}" })
  log_credential(response.body) if config.log_credential
  OpenStruct.new(response.body)
rescue Common::Client::Errors::ClientError => e
  raise_client_error(e, 'UserInfo')
end