module PrxAuth::Rails::Controller

Constants

PRX_ACCOUNT_MAPPING_SESSION_KEY
PRX_AUTH_ENV_KEY
PRX_JWT_REFRESH_TTL

subtracted from the JWT ttl

PRX_JWT_SESSION_KEY
PRX_REFRESH_BACK_KEY
PRX_USER_INFO_SESSION_KEY

Public Instance Methods

account_for(account_id) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 96
def account_for(account_id)
  lookup_accounts([account_id]).first
end
account_name_for(account_id) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 92
def account_name_for(account_id)
  account_for(account_id).try(:[], "name")
end
accounts_for(account_ids) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 100
def accounts_for(account_ids)
  lookup_accounts(account_ids)
end
after_sign_in_user_redirect() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 84
def after_sign_in_user_redirect
  session[PRX_REFRESH_BACK_KEY]
end
authenticate!() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 40
def authenticate!
  return true if current_user.present?

  redirect_to PrxAuth::Rails::Engine.routes.url_helpers.new_sessions_path
end
current_user() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 50
def current_user
  prx_auth_token
end
current_user_apps() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 65
def current_user_apps
  apps = (current_user_info.try(:[], "apps") || []).map do |name, url|
    label = name.sub(/^https?:\/\//, "").sub(/\..+/, "").capitalize
    ["PRX #{label}", url]
  end

  # only return entire list in development
  if ::Rails.env.production? || ::Rails.env.staging?
    apps.to_h.select { |k, v| v.match?(/\.(org|tech)/) }
  else
    apps.to_h
  end
end
current_user_info() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 54
def current_user_info
  session[PRX_USER_INFO_SESSION_KEY] ||= begin
    info = fetch_userinfo
    info.slice("name", "preferred_username", "email", "image_href", "apps")
  end
end
current_user_name() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 61
def current_user_name
  current_user_info["name"] || current_user_info["preferred_username"] || current_user_info["email"]
end
prx_auth_needs_refresh?(jwt_ttl) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 46
def prx_auth_needs_refresh?(jwt_ttl)
  request.get? && jwt_ttl < PRX_JWT_REFRESH_TTL
end
prx_auth_token() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 17
def prx_auth_token
  env_token || session_token
rescue SessionTokenExpiredError
  session.delete(PRX_JWT_SESSION_KEY)
  session.delete(PRX_ACCOUNT_MAPPING_SESSION_KEY)
  session.delete(PRX_USER_INFO_SESSION_KEY)
  nil
end
prx_authenticated?() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 36
def prx_authenticated?
  !!prx_auth_token
end
prx_jwt() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 32
def prx_jwt
  session[PRX_JWT_SESSION_KEY]
end
set_after_sign_in_path() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 26
def set_after_sign_in_path
  return if instance_of?(PrxAuth::Rails::SessionsController)

  session[PRX_REFRESH_BACK_KEY] = request.fullpath
end
sign_in_user(token) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 79
def sign_in_user(token)
  session[PRX_JWT_SESSION_KEY] = token
  accounts_for(current_user.resources)
end
sign_out_user() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 88
def sign_out_user
  reset_session
end

Private Instance Methods

env_token() click to toggle source

token from data set by prx_auth rack middleware

# File lib/prx_auth/rails/ext/controller.rb, line 140
def env_token
  @env_token_data ||= if request.env[PRX_AUTH_ENV_KEY]
    token_data = request.env[PRX_AUTH_ENV_KEY]
    PrxAuth::Rails::Token.new(token_data)
  end
end
fetch(path, token = nil) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 131
def fetch(path, token = nil)
  url = "https://#{PrxAuth::Rails.configuration.id_host}#{path}"
  options = {}
  options[:ssl_verify_mode] = OpenSSL::SSL::VERIFY_NONE if ::Rails.env.development?
  options["Authorization"] = "Bearer #{token}" if token
  JSON.parse(URI.open(url, options).read) # standard:disable Security/Open
end
fetch_accounts(ids) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 121
def fetch_accounts(ids)
  ids_param = ids.map(&:to_s).join(",")
  resp = fetch("/api/v1/accounts?account_ids=#{ids_param}")
  resp.try(:[], "_embedded").try(:[], "prx:items") || []
end
fetch_userinfo() click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 127
def fetch_userinfo
  fetch("/userinfo?scope=apps+email+profile", prx_jwt)
end
lookup_accounts(ids) click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 106
def lookup_accounts(ids)
  session[PRX_ACCOUNT_MAPPING_SESSION_KEY] ||= {}

  # fetch any accounts we don't have yet
  missing = ids - session[PRX_ACCOUNT_MAPPING_SESSION_KEY].keys
  if missing.present?
    fetch_accounts(missing).each do |account|
      minimal = account.slice("name", "type")
      session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account["id"]] = minimal
    end
  end

  ids.map { |id| session[PRX_ACCOUNT_MAPPING_SESSION_KEY][id] }
end
session_token() click to toggle source

token from jwt stored in session

# File lib/prx_auth/rails/ext/controller.rb, line 148
def session_token
  @session_prx_auth_token ||= if prx_jwt
    # NOTE: we already validated this jwt - so just decode it
    validator = Rack::PrxAuth::AuthValidator.new(prx_jwt)

    # does this jwt need to be refreshed?
    if prx_auth_needs_refresh?(validator.time_to_live)
      raise SessionTokenExpiredError.new
    end

    # create new data/token from access claims
    token_data = Rack::PrxAuth::TokenData.new(validator.claims)
    PrxAuth::Rails::Token.new(token_data)
  end
end