Module: SignIn::ServiceAccountAuthentication

Extended by:: ActiveSupport::Concern

Included in:: ServiceAccountApplicationController

Defined in:: app/controllers/concerns/sign_in/service_account_authentication.rb

Constant Summary collapse

BEARER_PATTERN =

/^Bearer /

Instance Method Summary collapse

#authenticate_service_account ⇒ Object protected
#authenticate_service_account_access_token ⇒ Object private
#bearer_token ⇒ Object private
#handle_authenticate_error(error) ⇒ Object private
#validate_requested_scope ⇒ Object private

Instance Method Details

#authenticate_service_account ⇒ `Object` (protected)

# File 'app/controllers/concerns/sign_in/service_account_authentication.rb', line 13

def authenticate_service_account
  @service_account_access_token = authenticate_service_account_access_token
  validate_requested_scope
  @service_account_access_token.present?
rescue Errors::AccessTokenExpiredError => e
  render json: { errors: e }, status: :forbidden
rescue Errors::StandardError => e
  handle_authenticate_error(e)
end

#authenticate_service_account_access_token ⇒ `Object` (private)



25
26
27

# File 'app/controllers/concerns/sign_in/service_account_authentication.rb', line 25

def authenticate_service_account_access_token
  ServiceAccountAccessTokenJwtDecoder.new(service_account_access_token_jwt: bearer_token).perform
end

#bearer_token ⇒ `Object` (private)

# File 'app/controllers/concerns/sign_in/service_account_authentication.rb', line 29

def bearer_token
  header = request.authorization
  header.gsub(BEARER_PATTERN, '') if header&.match(BEARER_PATTERN)
end

#handle_authenticate_error(error) ⇒ `Object` (private)

# File 'app/controllers/concerns/sign_in/service_account_authentication.rb', line 34

def handle_authenticate_error(error)
  log_message_to_sentry(error.message, :error, { access_token_authorization_header: bearer_token })
  render json: { errors: error }, status: :unauthorized
end

#validate_requested_scope ⇒ `Object` (private)

# File 'app/controllers/concerns/sign_in/service_account_authentication.rb', line 39

def validate_requested_scope
  authorized_scopes = @service_account_access_token.scopes
  return if authorized_scopes.any? { |scope| request.url.include?(scope) }

  raise Errors::InvalidServiceAccountScope.new message: 'Required scope for requested resource not found'
end

Module: SignIn::ServiceAccountAuthentication

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#authenticate_service_account ⇒ Object (protected)

#authenticate_service_account_access_token ⇒ Object (private)

#bearer_token ⇒ Object (private)

#handle_authenticate_error(error) ⇒ Object (private)

#validate_requested_scope ⇒ Object (private)

#authenticate_service_account ⇒ `Object` (protected)

#authenticate_service_account_access_token ⇒ `Object` (private)

#bearer_token ⇒ `Object` (private)

#handle_authenticate_error(error) ⇒ `Object` (private)

#validate_requested_scope ⇒ `Object` (private)