Module: CASino::ServiceTicketProcessor

Extended by:
ActiveSupport::Concern
Included in:
ControllerConcern::TicketValidator, SessionsHelper
Defined in:
app/processors/casino/service_ticket_processor.rb

Defined Under Namespace

Classes: ServiceNotAllowedError, ValidationResult

Constant Summary collapse

RESERVED_CAS_PARAMETER_KEYS =
['service', 'ticket', 'gateway', 'renew']

Instance Method Summary collapse

Instance Method Details

#acquire_service_ticket(ticket_granting_ticket, service, options = {}) ⇒ Object


15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'app/processors/casino/service_ticket_processor.rb', line 15

def acquire_service_ticket(ticket_granting_ticket, service, options = {})
  service_url = clean_service_url(service)
  unless service_allowed?(service_url)
    message = "#{service_url} is not in the list of allowed URLs"
    Rails.logger.error message
    raise ServiceNotAllowedError, message
  end
  service_tickets = ticket_granting_ticket.service_tickets
  service_tickets.where(service: service_url).destroy_all
  service_tickets.create!({
    service: service_url,
    issued_from_credentials: !!options[:credentials_supplied]
  })
end

#clean_service_url(dirty_service) ⇒ Object


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# File 'app/processors/casino/service_ticket_processor.rb', line 30

def clean_service_url(dirty_service)
  return dirty_service if dirty_service.blank?
  service_uri = Addressable::URI.parse dirty_service
  unless service_uri.query_values.nil?
    service_uri.query_values = service_uri.query_values(Array).select { |k,v| !RESERVED_CAS_PARAMETER_KEYS.include?(k) }
  end
  if service_uri.query_values.blank?
    service_uri.query_values = nil
  end

  service_uri.path = (service_uri.path || '').gsub(/\/+\z/, '')
  service_uri.path = '/' if service_uri.path.blank?

  service_uri.normalize.to_s.tap do |clean_service|
    Rails.logger.debug("Cleaned dirty service URL '#{dirty_service}' to '#{clean_service}'") if dirty_service != clean_service
  end
end

#service_allowed?(service) ⇒ Boolean

Returns:

  • (Boolean)

11
12
13
# File 'app/processors/casino/service_ticket_processor.rb', line 11

def service_allowed?(service)
  CASino::ServiceRule.allowed?(service)
end

#ticket_valid_for_service?(ticket, service, options = {}) ⇒ Boolean

Returns:

  • (Boolean)

48
49
50
# File 'app/processors/casino/service_ticket_processor.rb', line 48

def ticket_valid_for_service?(ticket, service, options = {})
  validate_ticket_for_service(ticket, service, options).success?
end

#validate_ticket_for_service(ticket, service, options = {}) ⇒ Object


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'app/processors/casino/service_ticket_processor.rb', line 52

def validate_ticket_for_service(ticket, service, options = {})
  if ticket.nil?
    result = ValidationResult.new 'INVALID_TICKET', 'Invalid validate request: Ticket does not exist', :warn
  else
    result = validate_existing_ticket_for_service(ticket, service, options)
    ticket.update_attribute(:consumed, true)
    Rails.logger.debug "Consumed ticket '#{ticket.ticket}'"
  end
  if result.success?
    Rails.logger.info "Ticket '#{ticket.ticket}' for service '#{service}' successfully validated"
  else
    Rails.logger.send(result.error_severity, result.error_message)
  end
  result
end