Class: SignIn::StatePayloadJwtEncoder

Inherits:

Object

• Object
• SignIn::StatePayloadJwtEncoder

Defined in:

app/services/sign_in/state_payload_jwt_encoder.rb

Instance Attribute Summary

• #acr ⇒ Object readonly

  Returns the value of attribute acr.

• #client_config ⇒ Object readonly

  Returns the value of attribute client_config.

• #client_state ⇒ Object readonly

  Returns the value of attribute client_state.

• #code_challenge ⇒ Object readonly

  Returns the value of attribute code_challenge.

• #code_challenge_method ⇒ Object readonly

  Returns the value of attribute code_challenge_method.

• #scope ⇒ Object readonly

  Returns the value of attribute scope.

• #type ⇒ Object readonly

  Returns the value of attribute type.

Instance Method Summary

• #initialize(code_challenge:, code_challenge_method:, acr:, client_config:, type:, scope: nil, client_state: nil) ⇒ StatePayloadJwtEncoder constructor

  rubocop:disable Metrics/ParameterLists.

• #jwt_encode_state_payload ⇒ Object private
• #jwt_payload ⇒ Object private
• #perform ⇒ Object

  rubocop:enable Metrics/ParameterLists.

• #private_key ⇒ Object private
• #remove_base64_padding(data) ⇒ Object private
• #save_state_code ⇒ Object private
• #sso_not_enabled_for_device_sso_scope? ⇒ Boolean private
• #state_code ⇒ Object private
• #state_payload ⇒ Object private
• #validate_code_challenge! ⇒ Object private
• #validate_code_challenge_method! ⇒ Object private
• #validate_pkce_params! ⇒ Object private
• #validate_scope! ⇒ Object private
• #validate_state_payload! ⇒ Object private

Constructor Details

#initialize(code_challenge:, code_challenge_method:, acr:, client_config:, type:, scope: nil, client_state: nil) ⇒ StatePayloadJwtEncoder

rubocop:disable Metrics/ParameterLists

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 8

def initialize(code_challenge:, code_challenge_method:, acr:, client_config:, type:, scope: nil, client_state: nil)
  @acr = acr
  @client_config = client_config
  @type = type
  @code_challenge = code_challenge
  @code_challenge_method = code_challenge_method
  @client_state = client_state
  @scope = scope
end

Instance Attribute Details

#acr ⇒ Object (readonly)

Returns the value of attribute acr.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def acr
  @acr
end

#client_config ⇒ Object (readonly)

Returns the value of attribute client_config.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def client_config
  @client_config
end

#client_state ⇒ Object (readonly)

Returns the value of attribute client_state.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def client_state
  @client_state
end

#code_challenge ⇒ Object (readonly)

Returns the value of attribute code_challenge.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def code_challenge
  @code_challenge
end

#code_challenge_method ⇒ Object (readonly)

Returns the value of attribute code_challenge_method.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def code_challenge_method
  @code_challenge_method
end

#scope ⇒ Object (readonly)

Returns the value of attribute scope.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def scope
  @scope
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 5

def type
  @type
end

Instance Method Details

#jwt_encode_state_payload ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 54

def jwt_encode_state_payload
  JWT.encode(jwt_payload, private_key, Constants::Auth::JWT_ENCODE_ALGORITHM)
end

#jwt_payload ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 62

def jwt_payload
  {
    acr: state_payload.acr,
    type: state_payload.type,
    client_id: state_payload.client_id,
    code_challenge: state_payload.code_challenge,
    client_state: state_payload.client_state,
    code: state_payload.code,
    created_at: state_payload.created_at,
    scope: state_payload.scope
  }
end

#perform ⇒ Object

rubocop:enable Metrics/ParameterLists

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 19

def perform
  validate_pkce_params! if client_config.pkce?
  validate_scope!
  validate_state_payload!
  save_state_code
  jwt_encode_state_payload
end

#private_key ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 101

def private_key
  OpenSSL::PKey::RSA.new(File.read(Settings.sign_in.jwt_encode_key))
end

#remove_base64_padding(data) ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 93

def remove_base64_padding(data)
  return unless client_config.pkce? && data

  Base64.urlsafe_encode64(Base64.urlsafe_decode64(data.to_s), padding: false)
rescue ArgumentError
  raise Errors::CodeChallengeMalformedError.new message: 'Code Challenge is not valid'
end

#save_state_code ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 58

def save_state_code
  StateCode.new(code: state_code).save!
end

#sso_not_enabled_for_device_sso_scope? ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 89

def sso_not_enabled_for_device_sso_scope?
  scope == Constants::Auth::DEVICE_SSO && !client_config.device_sso_enabled?
end

#state_code ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 85

def state_code
  @state_code ||= SecureRandom.hex
end

#state_payload ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 75

def state_payload
  @state_payload ||= StatePayload.new(acr:,
                                      type:,
                                      client_id: client_config.client_id,
                                      code_challenge: remove_base64_padding(code_challenge),
                                      code: state_code,
                                      client_state:,
                                      scope:)
end

#validate_code_challenge! ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 44

def validate_code_challenge!
  raise Errors::CodeChallengeMalformedError.new message: 'Code Challenge is not valid' if code_challenge.blank?
end

#validate_code_challenge_method! ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 38

def validate_code_challenge_method!
  if code_challenge_method != Constants::Auth::CODE_CHALLENGE_METHOD
    raise Errors::CodeChallengeMethodMismatchError.new message: 'Code Challenge Method is not valid'
  end
end

#validate_pkce_params! ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 29

def validate_pkce_params!
  validate_code_challenge_method!
  validate_code_challenge!
end

#validate_scope! ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 34

def validate_scope!
  raise Errors::InvalidScope.new message: 'Scope is not valid for Client' if sso_not_enabled_for_device_sso_scope?
end

#validate_state_payload! ⇒ Object (private)

# File 'app/services/sign_in/state_payload_jwt_encoder.rb', line 48

def validate_state_payload!
  state_payload
rescue ActiveModel::ValidationError
  raise Errors::StatePayloadError.new message: 'Attributes are not valid'
end