Class: SignIn::UserLoader

Inherits:

Object

• Object
• SignIn::UserLoader

Defined in:

app/services/sign_in/user_loader.rb

Instance Attribute Summary

• #access_token ⇒ Object readonly

  Returns the value of attribute access_token.

• #request_ip ⇒ Object readonly

  Returns the value of attribute request_ip.

Instance Method Summary

• #authn_context ⇒ Object private
• #current_user ⇒ Object private
• #find_valid_user ⇒ Object private
• #idme_or_logingov_service ⇒ Object private
• #initialize(access_token:, request_ip:) ⇒ UserLoader constructor

  A new instance of UserLoader.

• #loa ⇒ Object private
• #multifactor ⇒ Object private
• #perform ⇒ Object
• #reload_user ⇒ Object private
• #session ⇒ Object private
• #sign_in ⇒ Object private
• #user_account ⇒ Object private
• #user_attributes ⇒ Object private
• #user_identity ⇒ Object private
• #user_is_verified? ⇒ Boolean private
• #user_verification ⇒ Object private
• #validate_account_and_session ⇒ Object private

Constructor Details

#initialize(access_token:, request_ip:) ⇒ UserLoader

Returns a new instance of UserLoader.

# File 'app/services/sign_in/user_loader.rb', line 7

def initialize(access_token:, request_ip:)
  @access_token = access_token
  @request_ip = request_ip
end

Instance Attribute Details

#access_token ⇒ Object (readonly)

Returns the value of attribute access_token.

# File 'app/services/sign_in/user_loader.rb', line 5

def access_token
  @access_token
end

#request_ip ⇒ Object (readonly)

Returns the value of attribute request_ip.

# File 'app/services/sign_in/user_loader.rb', line 5

def request_ip
  @request_ip
end

Instance Method Details

#authn_context ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 67

def authn_context
  case user_verification.credential_type
  when Constants::Auth::IDME
    user_is_verified? ? Constants::Auth::IDME_LOA3 : Constants::Auth::IDME_LOA1
  when Constants::Auth::DSLOGON
    user_is_verified? ? Constants::Auth::IDME_DSLOGON_LOA3 : Constants::Auth::IDME_DSLOGON_LOA1
  when Constants::Auth::MHV
    user_is_verified? ? Constants::Auth::IDME_MHV_LOA3 : Constants::Auth::IDME_MHV_LOA1
  when Constants::Auth::LOGINGOV
    user_is_verified? ? Constants::Auth::LOGIN_GOV_IAL2 : Constants::Auth::LOGIN_GOV_IAL1
  end
end

#current_user ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 108

def current_user
  return @current_user if @current_user

  user = User.new
  user.instance_variable_set(:@identity, user_identity)
  @current_user = user
end

#find_valid_user ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 18

def find_valid_user
  user = User.find(access_token.user_uuid)
  return unless user&.identity && user&.session_handle == access_token.session_handle

  user
end

#idme_or_logingov_service ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 84

def idme_or_logingov_service
  sign_in[:service_name] == Constants::Auth::IDME || sign_in[:service_name] == Constants::Auth::LOGINGOV
end

#loa ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 56

def loa
  current_loa = user_is_verified? ? Constants::Auth::LOA_THREE : Constants::Auth::LOA_ONE
  { current: current_loa, highest: Constants::Auth::LOA_THREE }
end

#multifactor ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 80

def multifactor
  user_is_verified? && idme_or_logingov_service
end

#perform ⇒ Object

# File 'app/services/sign_in/user_loader.rb', line 12

def perform
  find_valid_user || reload_user
end

#reload_user ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 25

def reload_user
  validate_account_and_session
  user_identity.uuid = access_token.user_uuid
  current_user.uuid = access_token.user_uuid
  current_user.last_signed_in = session.created_at
  current_user.fingerprint = request_ip
  current_user.session_handle = access_token.session_handle
  current_user.save && user_identity.save
  current_user.invalidate_mpi_cache
  current_user.create_mhv_account_async

  current_user
end

#session ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 92

def session
  @session ||= OAuthSession.find_by(handle: access_token.session_handle)
end

#sign_in ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 61

def sign_in
  { service_name: user_verification.credential_type,
    client_id: session.client_id,
    auth_broker: Constants::Auth::BROKER_CODE }
end

#user_account ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 96

def user_account
  @user_account ||= session.user_account
end

#user_attributes ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 43

def user_attributes
  {
    mhv_icn: user_account.icn,
    idme_uuid: user_verification.idme_uuid || user_verification.backing_idme_uuid,
    logingov_uuid: user_verification.logingov_uuid,
    loa:,
    email: session.credential_email,
    authn_context:,
    multifactor:,
    sign_in:
  }
end

#user_identity ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 104

def user_identity
  @user_identity ||= UserIdentity.new(user_attributes)
end

#user_is_verified? ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'app/services/sign_in/user_loader.rb', line 88

def user_is_verified?
  user_account.verified?
end

#user_verification ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 100

def user_verification
  @user_verification ||= session.user_verification
end

#validate_account_and_session ⇒ Object (private)

# File 'app/services/sign_in/user_loader.rb', line 39

def validate_account_and_session
  raise Errors::SessionNotFoundError.new message: 'Invalid Session Handle' unless session
end