Class: CredSummoner::Okta::Session

Inherits:

Object

Object
CredSummoner::Okta::Session

show all

Defined in:: lib/credsummoner/okta/session.rb

Instance Attribute Summary collapse

#get_creds ⇒ Object readonly

Returns the value of attribute get_creds.
#username ⇒ Object readonly

Returns the value of attribute username.

Instance Method Summary collapse

Constructor Details

#initialize(username, get_creds) ⇒ `Session`

Returns a new instance of Session.

# File 'lib/credsummoner/okta/session.rb', line 8

def initialize(username, get_creds)
  @username = username
  @get_creds = get_creds
end

Instance Attribute Details

#get_creds ⇒ `Object` (readonly)

Returns the value of attribute get_creds.



6
7
8

# File 'lib/credsummoner/okta/session.rb', line 6

def get_creds
  @get_creds
end

#username ⇒ `Object` (readonly)

Returns the value of attribute username.



6
7
8

# File 'lib/credsummoner/okta/session.rb', line 6

def username
  @username
end

Instance Method Details

#auth_url ⇒ `Object`



45
46
47

# File 'lib/credsummoner/okta/session.rb', line 45

def auth_url
  "#{base_okta_url}/api/v1/authn"
end

#aws_embed_uri ⇒ `Object`



37
38
39

# File 'lib/credsummoner/okta/session.rb', line 37

def aws_embed_uri
  @aws_embed_uri ||= URI.parse(Config.load.okta_aws_embed_link)
end

#base_okta_url ⇒ `Object`



41
42
43

# File 'lib/credsummoner/okta/session.rb', line 41

def base_okta_url
  "#{aws_embed_uri.scheme}://#{aws_embed_uri.host}"
end

#cache_dir ⇒ `Object`



13
14
15

# File 'lib/credsummoner/okta/session.rb', line 13

def cache_dir
  "#{ENV['HOME']}/.cache/credsummoner"
end

#cache_file ⇒ `Object`



17
18
19

# File 'lib/credsummoner/okta/session.rb', line 17

def cache_file
  "#{cache_dir}/okta_session_#{username}"
end

#cache_session(session) ⇒ `Object`

# File 'lib/credsummoner/okta/session.rb', line 25

def cache_session(session)
  FileUtils.mkdir_p(cache_dir)
  File.open(cache_file, 'w', 0600) do |file|
    file.puts(session.to_json)
  end
end

#clear! ⇒ `Object`

# File 'lib/credsummoner/okta/session.rb', line 32

def clear!
  File.delete(cache_file)
  @data = nil
end



111
112
113

# File 'lib/credsummoner/okta/session.rb', line 111

def cookie
  data['cookie']
end

#create_fresh_session ⇒ `Object`

# File 'lib/credsummoner/okta/session.rb', line 82

def create_fresh_session
  creds = get_creds.call
  session_token = login(creds)
  app_url_with_token = "#{aws_embed_uri.to_s}?onetimetoken=#{session_token}"
  # A successful login yields a URL to redirect to and a cookie that has
  # our session.
  response = Web.get(app_url_with_token)
  redirect_url = response['location']
  # Really simple cookie parsing.
  cookie = response.get_fields('set-cookie').map do |field|
    field.split('; ')[0]
  end.join('; ')
  saml_url = Web.get(redirect_url, cookie: cookie)['location']
  data = {
    'saml_url' => saml_url,
    'cookie' => cookie
  }
  cache_session(data)
  data
end

#data ⇒ `Object`



103
104
105

# File 'lib/credsummoner/okta/session.rb', line 103

def data
  @data ||= lookup_cached_session || create_fresh_session
end

# File 'lib/credsummoner/okta/session.rb', line 49

def login(creds)
  response = Web.post_json(auth_url,
                           username: username,
                           password: creds.password)

  if response
    status = response['status']
    case status
    when 'SUCCESS'
      response['sessionToken']
    when 'MFA_REQUIRED'
      # FIXME: TOTP is the only supported factor currently.
      factor = response['_embedded']['factors'].find do |factor|
        factor['factorType'] == 'token:software:totp'
      end
      mfa(factor['id'], response['stateToken'], creds)
    end
  else
    raise 'incorrect password'
  end
end

#lookup_cached_session ⇒ `Object`



21
22
23

# File 'lib/credsummoner/okta/session.rb', line 21

def lookup_cached_session
  File.exists?(cache_file) && JSON.parse(File.read(cache_file))
end

#mfa(factor_id, state_token, creds) ⇒ `Object`

# File 'lib/credsummoner/okta/session.rb', line 71

def mfa(factor_id, state_token, creds)
  response = Web.post_json("#{base_okta_url}/api/v1/authn/factors/#{factor_id}/verify",
                           stateToken: state_token,
                           passCode: creds.totp_token)
  if response
    response['sessionToken']
  else
    raise 'invalid MFA token'
  end
end

#saml_url ⇒ `Object`



107
108
109

# File 'lib/credsummoner/okta/session.rb', line 107

def saml_url
  data['saml_url']
end

Class: CredSummoner::Okta::Session

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(username, get_creds) ⇒ Session

Instance Attribute Details

#get_creds ⇒ Object (readonly)

#username ⇒ Object (readonly)

Instance Method Details

#auth_url ⇒ Object

#aws_embed_uri ⇒ Object

#base_okta_url ⇒ Object

#cache_dir ⇒ Object

#cache_file ⇒ Object

#cache_session(session) ⇒ Object

#clear! ⇒ Object

#cookie ⇒ Object

#create_fresh_session ⇒ Object

#data ⇒ Object

#login(creds) ⇒ Object

#lookup_cached_session ⇒ Object

#mfa(factor_id, state_token, creds) ⇒ Object

#saml_url ⇒ Object

#initialize(username, get_creds) ⇒ `Session`

#get_creds ⇒ `Object` (readonly)

#username ⇒ `Object` (readonly)

#auth_url ⇒ `Object`

#aws_embed_uri ⇒ `Object`

#base_okta_url ⇒ `Object`

#cache_dir ⇒ `Object`

#cache_file ⇒ `Object`

#cache_session(session) ⇒ `Object`

#clear! ⇒ `Object`

#cookie ⇒ `Object`

#create_fresh_session ⇒ `Object`

#data ⇒ `Object`

#login(creds) ⇒ `Object`

#lookup_cached_session ⇒ `Object`

#mfa(factor_id, state_token, creds) ⇒ `Object`

#saml_url ⇒ `Object`