Class: Gitlab::Auth::Oidc::StepUpAuthExpirationValidator

Inherits:

Object

Object
Gitlab::Auth::Oidc::StepUpAuthExpirationValidator

show all

Defined in:: lib/gitlab/auth/oidc/step_up_auth_expiration_validator.rb

Overview

Validates expiration of step-up authentication sessions based on ID token exp claims

This validator handles time-based expiration for step-up authentication sessions using OIDC ID token exp claims.

Defined Under Namespace

Classes: Result

Class Method Summary collapse

.validate(session_data) ⇒ Result

Main validation method that returns a Result struct.

Class Method Details

.validate(session_data) ⇒ `Result`

Main validation method that returns a Result struct

Parameters:

session_data (Hash) —

the session data containing expiration information

Returns:

(Result) —

validation result object

# File 'lib/gitlab/auth/oidc/step_up_auth_expiration_validator.rb', line 19

def validate(session_data)
  unless session_data.is_a?(Hash)
    return Result.new(
      valid?: false,
      expired?: false,
      message: 'No session data provided'
    )
  end

  exp_timestamp = session_data['exp_timestamp']
  unless exp_timestamp.present?
    return Result.new(
      valid?: false,
      expired?: false,
      message: 'No expiration timestamp in session'
    )
  end

  current_time = Time.current.to_i
  expired = current_time > exp_timestamp

  Result.new(
    valid?: true,
    expired?: expired,
    message: expired ? 'Session expired' : 'Session valid',
    current_time: current_time,
    exp_timestamp: exp_timestamp
  )
end