Class: SignIn::SessionCreator

Inherits:

Object

• Object
• SignIn::SessionCreator

Defined in:

app/services/sign_in/session_creator.rb

Instance Attribute Summary

• #validated_credential ⇒ Object readonly

  Returns the value of attribute validated_credential.

Instance Method Summary

• #anti_csrf_token ⇒ Object private
• #client_config ⇒ Object private
• #create_new_access_token ⇒ Object private
• #create_new_refresh_token(parent_refresh_token_hash: nil) ⇒ Object private
• #create_new_session ⇒ Object private
• #device_secret ⇒ Object private
• #double_parent_refresh_token_hash ⇒ Object private
• #get_hash(object) ⇒ Object private
• #handle ⇒ Object private
• #hashed_device_secret ⇒ Object private
• #initialize(validated_credential:) ⇒ SessionCreator constructor

  A new instance of SessionCreator.

• #parent_refresh_token_hash ⇒ Object private
• #perform ⇒ Object
• #refresh_created_time ⇒ Object private
• #refresh_expiration_time ⇒ Object private
• #refresh_token ⇒ Object private
• #refresh_token_hash ⇒ Object private
• #user_attributes ⇒ Object private
• #user_uuid ⇒ Object private
• #user_verification ⇒ Object private
• #validate_credential_lock ⇒ Object private
• #validate_terms_of_use ⇒ Object private

Constructor Details

#initialize(validated_credential:) ⇒ SessionCreator

Returns a new instance of SessionCreator.

# File 'app/services/sign_in/session_creator.rb', line 7

def initialize(validated_credential:)
  @validated_credential = validated_credential
end

Instance Attribute Details

#validated_credential ⇒ Object (readonly)

Returns the value of attribute validated_credential.

# File 'app/services/sign_in/session_creator.rb', line 5

def validated_credential
  @validated_credential
end

Instance Method Details

#anti_csrf_token ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 34

def anti_csrf_token
  @anti_csrf_token ||= SecureRandom.hex
end

#client_config ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 131

def client_config
  @client_config ||= validated_credential.client_config
end

#create_new_access_token ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 60

def create_new_access_token
  AccessToken.new(
    session_handle: handle,
    client_id: client_config.client_id,
    user_uuid:,
    audience: AccessTokenAudienceGenerator.new(client_config:).perform,
    refresh_token_hash:,
    parent_refresh_token_hash:,
    anti_csrf_token:,
    last_regeneration_time: refresh_created_time,
    user_attributes:,
    device_secret_hash: hashed_device_secret
  )
end

#create_new_refresh_token(parent_refresh_token_hash: nil) ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 75

def create_new_refresh_token(parent_refresh_token_hash: nil)
  RefreshToken.new(
    session_handle: handle,
    user_uuid:,
    parent_refresh_token_hash:,
    anti_csrf_token:
  )
end

#create_new_session ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 84

def create_new_session
  OAuthSession.create!(user_account: user_verification.user_account,
                       user_verification:,
                       client_id: client_config.client_id,
                       credential_email: validated_credential.credential_email,
                       handle:,
                       hashed_refresh_token: double_parent_refresh_token_hash,
                       refresh_expiration: refresh_expiration_time,
                       refresh_creation: refresh_created_time,
                       user_attributes: user_attributes.to_json,
                       hashed_device_secret:)
end

#device_secret ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 109

def device_secret
  return unless validated_credential.device_sso

  @device_secret ||= SecureRandom.hex
end

#double_parent_refresh_token_hash ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 42

def double_parent_refresh_token_hash
  @double_parent_refresh_token_hash ||= get_hash(parent_refresh_token_hash)
end

#get_hash(object) ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 105

def get_hash(object)
  Digest::SHA256.hexdigest(object)
end

#handle ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 127

def handle
  @handle ||= SecureRandom.uuid
end

#hashed_device_secret ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 54

def hashed_device_secret
  return unless validated_credential.device_sso

  @hashed_device_secret ||= get_hash(device_secret)
end

#parent_refresh_token_hash ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 50

def parent_refresh_token_hash
  @parent_refresh_token_hash ||= get_hash(create_new_refresh_token.to_json)
end

#perform ⇒ Object

# File 'app/services/sign_in/session_creator.rb', line 11

def perform
  validate_credential_lock
  validate_terms_of_use
  SessionContainer.new(session: create_new_session,
                       refresh_token:,
                       access_token: create_new_access_token,
                       anti_csrf_token:,
                       client_config:,
                       device_secret:)
end

#refresh_created_time ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 97

def refresh_created_time
  @refresh_created_time ||= Time.zone.now
end

#refresh_expiration_time ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 101

def refresh_expiration_time
  @refresh_expiration_time ||= refresh_created_time + client_config.refresh_token_duration
end

#refresh_token ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 38

def refresh_token
  @refresh_token ||= create_new_refresh_token(parent_refresh_token_hash:)
end

#refresh_token_hash ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 46

def refresh_token_hash
  @refresh_token_hash ||= get_hash(refresh_token.to_json)
end

#user_attributes ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 119

def user_attributes
  @user_attributes ||= validated_credential.user_attributes
end

#user_uuid ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 123

def user_uuid
  @user_uuid ||= user_verification.backing_credential_identifier
end

#user_verification ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 115

def user_verification
  @user_verification ||= validated_credential.user_verification
end

#validate_credential_lock ⇒ Object (private)

Raises:

• (SignIn::Errors::CredentialLockedError)

# File 'app/services/sign_in/session_creator.rb', line 24

def validate_credential_lock
  raise SignIn::Errors::CredentialLockedError.new(message: 'Credential is locked') if user_verification.locked
end

#validate_terms_of_use ⇒ Object (private)

# File 'app/services/sign_in/session_creator.rb', line 28

def validate_terms_of_use
  if client_config.enforced_terms.present? && user_verification.user_account.needs_accepted_terms_of_use?
    raise Errors::TermsOfUseNotAcceptedError.new message: 'Terms of Use has not been accepted'
  end
end