module PrxAuth::Rails::Controller
Constants
- PRX_ACCOUNT_MAPPING_SESSION_KEY
- PRX_AUTH_ENV_KEY
- PRX_JWT_REFRESH_TTL
subtracted from the JWT ttl
- PRX_JWT_SESSION_KEY
- PRX_REFRESH_BACK_KEY
- PRX_USER_INFO_SESSION_KEY
Public Instance Methods
account_for(account_id)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 96 def account_for(account_id) lookup_accounts([account_id]).first end
account_name_for(account_id)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 92 def account_name_for(account_id) account_for(account_id).try(:[], "name") end
accounts_for(account_ids)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 100 def accounts_for(account_ids) lookup_accounts(account_ids) end
after_sign_in_user_redirect()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 84 def after_sign_in_user_redirect session[PRX_REFRESH_BACK_KEY] end
authenticate!()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 40 def authenticate! return true if current_user.present? redirect_to PrxAuth::Rails::Engine.routes.url_helpers.new_sessions_path end
current_user()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 50 def current_user prx_auth_token end
current_user_apps()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 65 def current_user_apps apps = (current_user_info.try(:[], "apps") || []).map do |name, url| label = name.sub(/^https?:\/\//, "").sub(/\..+/, "").capitalize ["PRX #{label}", url] end # only return entire list in development if ::Rails.env.production? || ::Rails.env.staging? apps.to_h.select { |k, v| v.match?(/\.(org|tech)/) } else apps.to_h end end
current_user_info()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 54 def current_user_info session[PRX_USER_INFO_SESSION_KEY] ||= begin info = fetch_userinfo info.slice("name", "preferred_username", "email", "image_href", "apps") end end
current_user_name()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 61 def current_user_name current_user_info["name"] || current_user_info["preferred_username"] || current_user_info["email"] end
prx_auth_needs_refresh?(jwt_ttl)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 46 def prx_auth_needs_refresh?(jwt_ttl) request.get? && jwt_ttl < PRX_JWT_REFRESH_TTL end
prx_auth_token()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 17 def prx_auth_token env_token || session_token rescue SessionTokenExpiredError session.delete(PRX_JWT_SESSION_KEY) session.delete(PRX_ACCOUNT_MAPPING_SESSION_KEY) session.delete(PRX_USER_INFO_SESSION_KEY) nil end
prx_authenticated?()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 36 def prx_authenticated? !!prx_auth_token end
prx_jwt()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 32 def prx_jwt session[PRX_JWT_SESSION_KEY] end
set_after_sign_in_path()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 26 def set_after_sign_in_path return if instance_of?(PrxAuth::Rails::SessionsController) session[PRX_REFRESH_BACK_KEY] = request.fullpath end
sign_in_user(token)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 79 def sign_in_user(token) session[PRX_JWT_SESSION_KEY] = token accounts_for(current_user.resources) end
sign_out_user()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 88 def sign_out_user reset_session end
Private Instance Methods
env_token()
click to toggle source
token from data set by prx_auth rack middleware
# File lib/prx_auth/rails/ext/controller.rb, line 140 def env_token @env_token_data ||= if request.env[PRX_AUTH_ENV_KEY] token_data = request.env[PRX_AUTH_ENV_KEY] PrxAuth::Rails::Token.new(token_data) end end
fetch(path, token = nil)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 131 def fetch(path, token = nil) url = "https://#{PrxAuth::Rails.configuration.id_host}#{path}" options = {} options[:ssl_verify_mode] = OpenSSL::SSL::VERIFY_NONE if ::Rails.env.development? options["Authorization"] = "Bearer #{token}" if token JSON.parse(URI.open(url, options).read) # standard:disable Security/Open end
fetch_accounts(ids)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 121 def fetch_accounts(ids) ids_param = ids.map(&:to_s).join(",") resp = fetch("/api/v1/accounts?account_ids=#{ids_param}") resp.try(:[], "_embedded").try(:[], "prx:items") || [] end
fetch_userinfo()
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 127 def fetch_userinfo fetch("/userinfo?scope=apps+email+profile", prx_jwt) end
lookup_accounts(ids)
click to toggle source
# File lib/prx_auth/rails/ext/controller.rb, line 106 def lookup_accounts(ids) session[PRX_ACCOUNT_MAPPING_SESSION_KEY] ||= {} # fetch any accounts we don't have yet missing = ids - session[PRX_ACCOUNT_MAPPING_SESSION_KEY].keys if missing.present? fetch_accounts(missing).each do |account| minimal = account.slice("name", "type") session[PRX_ACCOUNT_MAPPING_SESSION_KEY][account["id"]] = minimal end end ids.map { |id| session[PRX_ACCOUNT_MAPPING_SESSION_KEY][id] } end
session_token()
click to toggle source
token from jwt stored in session
# File lib/prx_auth/rails/ext/controller.rb, line 148 def session_token @session_prx_auth_token ||= if prx_jwt # NOTE: we already validated this jwt - so just decode it validator = Rack::PrxAuth::AuthValidator.new(prx_jwt) # does this jwt need to be refreshed? if prx_auth_needs_refresh?(validator.time_to_live) raise SessionTokenExpiredError.new end # create new data/token from access claims token_data = Rack::PrxAuth::TokenData.new(validator.claims) PrxAuth::Rails::Token.new(token_data) end end