Class: CredSummoner::Okta::Session
- Inherits:
-
Object
- Object
- CredSummoner::Okta::Session
- Defined in:
- lib/credsummoner/okta/session.rb
Instance Attribute Summary collapse
-
#get_creds ⇒ Object
readonly
Returns the value of attribute get_creds.
-
#username ⇒ Object
readonly
Returns the value of attribute username.
Instance Method Summary collapse
- #auth_url ⇒ Object
- #aws_embed_uri ⇒ Object
- #base_okta_url ⇒ Object
- #cache_dir ⇒ Object
- #cache_file ⇒ Object
- #cache_session(session) ⇒ Object
- #clear! ⇒ Object
- #cookie ⇒ Object
- #create_fresh_session ⇒ Object
- #data ⇒ Object
-
#initialize(username, get_creds) ⇒ Session
constructor
A new instance of Session.
- #login(creds) ⇒ Object
- #lookup_cached_session ⇒ Object
- #mfa(factor_id, state_token, creds) ⇒ Object
- #saml_url ⇒ Object
Constructor Details
#initialize(username, get_creds) ⇒ Session
Returns a new instance of Session.
8 9 10 11 |
# File 'lib/credsummoner/okta/session.rb', line 8 def initialize(username, get_creds) @username = username @get_creds = get_creds end |
Instance Attribute Details
#get_creds ⇒ Object (readonly)
Returns the value of attribute get_creds.
6 7 8 |
# File 'lib/credsummoner/okta/session.rb', line 6 def get_creds @get_creds end |
#username ⇒ Object (readonly)
Returns the value of attribute username.
6 7 8 |
# File 'lib/credsummoner/okta/session.rb', line 6 def username @username end |
Instance Method Details
#auth_url ⇒ Object
45 46 47 |
# File 'lib/credsummoner/okta/session.rb', line 45 def auth_url "#{base_okta_url}/api/v1/authn" end |
#aws_embed_uri ⇒ Object
37 38 39 |
# File 'lib/credsummoner/okta/session.rb', line 37 def @aws_embed_uri ||= URI.parse(Config.load.) end |
#base_okta_url ⇒ Object
41 42 43 |
# File 'lib/credsummoner/okta/session.rb', line 41 def base_okta_url "#{.scheme}://#{.host}" end |
#cache_dir ⇒ Object
13 14 15 |
# File 'lib/credsummoner/okta/session.rb', line 13 def cache_dir "#{ENV['HOME']}/.cache/credsummoner" end |
#cache_file ⇒ Object
17 18 19 |
# File 'lib/credsummoner/okta/session.rb', line 17 def cache_file "#{cache_dir}/okta_session_#{username}" end |
#cache_session(session) ⇒ Object
25 26 27 28 29 30 |
# File 'lib/credsummoner/okta/session.rb', line 25 def cache_session(session) FileUtils.mkdir_p(cache_dir) File.open(cache_file, 'w', 0600) do |file| file.puts(session.to_json) end end |
#clear! ⇒ Object
32 33 34 35 |
# File 'lib/credsummoner/okta/session.rb', line 32 def clear! File.delete(cache_file) @data = nil end |
#cookie ⇒ Object
111 112 113 |
# File 'lib/credsummoner/okta/session.rb', line 111 def data['cookie'] end |
#create_fresh_session ⇒ Object
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/credsummoner/okta/session.rb', line 82 def create_fresh_session creds = get_creds.call session_token = login(creds) app_url_with_token = "#{.to_s}?onetimetoken=#{session_token}" # A successful login yields a URL to redirect to and a cookie that has # our session. response = Web.get(app_url_with_token) redirect_url = response['location'] # Really simple cookie parsing. = response.get_fields('set-cookie').map do |field| field.split('; ')[0] end.join('; ') saml_url = Web.get(redirect_url, cookie: )['location'] data = { 'saml_url' => saml_url, 'cookie' => } cache_session(data) data end |
#data ⇒ Object
103 104 105 |
# File 'lib/credsummoner/okta/session.rb', line 103 def data @data ||= lookup_cached_session || create_fresh_session end |
#login(creds) ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/credsummoner/okta/session.rb', line 49 def login(creds) response = Web.post_json(auth_url, username: username, password: creds.password) if response status = response['status'] case status when 'SUCCESS' response['sessionToken'] when 'MFA_REQUIRED' # FIXME: TOTP is the only supported factor currently. factor = response['_embedded']['factors'].find do |factor| factor['factorType'] == 'token:software:totp' end mfa(factor['id'], response['stateToken'], creds) end else raise 'incorrect password' end end |
#lookup_cached_session ⇒ Object
21 22 23 |
# File 'lib/credsummoner/okta/session.rb', line 21 def lookup_cached_session File.exists?(cache_file) && JSON.parse(File.read(cache_file)) end |
#mfa(factor_id, state_token, creds) ⇒ Object
71 72 73 74 75 76 77 78 79 80 |
# File 'lib/credsummoner/okta/session.rb', line 71 def mfa(factor_id, state_token, creds) response = Web.post_json("#{base_okta_url}/api/v1/authn/factors/#{factor_id}/verify", stateToken: state_token, passCode: creds.totp_token) if response response['sessionToken'] else raise 'invalid MFA token' end end |
#saml_url ⇒ Object
107 108 109 |
# File 'lib/credsummoner/okta/session.rb', line 107 def saml_url data['saml_url'] end |