Class: Booth::Requests::Sudo

Inherits:

Object

• Object
• Booth::Requests::Sudo

Includes:

Logging

Defined in:

lib/booth/requests/sudo.rb

Instance Method Summary

• #guard_with_otp {|Tron.success(:otp_sudo_needed, step: :sudo, public_message:)| ... } ⇒ Object
• #guard_with_password {|Tron.success(:password_sudo_needed, step: :sudo, public_message:)| ... } ⇒ Object

  Guards.

• #guard_with_webauth {|Tron.success(:webauth_sudo_needed, step: :sudo, public_message:)| ... } ⇒ Object
• #initialize(scope:, request:) ⇒ Sudo constructor

  A new instance of Sudo.

• #lifespan ⇒ Object
• #mode ⇒ Object
• #otp! ⇒ Object
• #otp? ⇒ Boolean
• #password! ⇒ Object

  Setters.

• #password? ⇒ Boolean

  Getters.

• #webauth! ⇒ Object
• #webauth? ⇒ Boolean
• #webauthn_challenge ⇒ Object
• #webauthn_challenge=(new_challenge) ⇒ Object

Constructor Details

#initialize(scope:, request:) ⇒ Sudo

Returns a new instance of Sudo.

# File 'lib/booth/requests/sudo.rb', line 6

def initialize(scope:, request:)
  @scope = scope
  @request = request
end

Instance Method Details

#guard_with_otp {|Tron.success(:otp_sudo_needed, step: :sudo, public_message:)| ... } ⇒ Object

Yields:

• (Tron.success(:otp_sudo_needed, step: :sudo, public_message:))

# File 'lib/booth/requests/sudo.rb', line 30

def guard_with_otp
  raise unless block_given?
  return if otp?

  debug { 'You need OTP sudo' }
  public_message = I18n.t('booth.otp_sudo_timeout', lifespan_minutes: (lifespan / 60))
  yield Tron.success(:otp_sudo_needed, step: :sudo, public_message:)
end

#guard_with_password {|Tron.success(:password_sudo_needed, step: :sudo, public_message:)| ... } ⇒ Object

Guards

Yields:

• (Tron.success(:password_sudo_needed, step: :sudo, public_message:))

# File 'lib/booth/requests/sudo.rb', line 21

def guard_with_password
  raise unless block_given?
  return if password?

  debug { 'You need password sudo' }
  public_message = I18n.t('booth.password_sudo_timeout', lifespan_minutes: (lifespan / 60))
  yield Tron.success(:password_sudo_needed, step: :sudo, public_message:)
end

#guard_with_webauth {|Tron.success(:webauth_sudo_needed, step: :sudo, public_message:)| ... } ⇒ Object

Yields:

• (Tron.success(:webauth_sudo_needed, step: :sudo, public_message:))

# File 'lib/booth/requests/sudo.rb', line 39

def guard_with_webauth
  raise unless block_given?
  return if webauth?

  debug { 'You need Webauth sudo' }
  public_message = I18n.t('booth.webauth_sudo_timeout', lifespan_minutes: (lifespan / 60))
  yield Tron.success(:webauth_sudo_needed, step: :sudo, public_message:)
end

#lifespan ⇒ Object

# File 'lib/booth/requests/sudo.rb', line 15

def lifespan
  ::Booth.config.interaction_timeout
end

#mode ⇒ Object

# File 'lib/booth/requests/sudo.rb', line 11

def mode
  request.authentication.mode.to_sym
end

#otp! ⇒ Object

# File 'lib/booth/requests/sudo.rb', line 82

def otp!
  debug { "Remembering sudo via OTP has been granted in scope #{scope}" }
  session[:otp] = Time.current.to_i
end

#otp? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/booth/requests/sudo.rb', line 57

def otp?
  return true if session[:otp].to_i > lifespan.ago.to_i

  session[:otp] = nil
  false
end

#password! ⇒ Object

Setters

# File 'lib/booth/requests/sudo.rb', line 77

def password!
  debug { "Remembering sudo via password has been granted in scope #{scope}" }
  session[:password] = Time.current.to_i
end

#password? ⇒ Boolean

Getters

Returns:

• (Boolean)

# File 'lib/booth/requests/sudo.rb', line 50

def password?
  return true if session[:password].to_i > lifespan.ago.to_i

  session[:password] = nil
  false
end

#webauth! ⇒ Object

# File 'lib/booth/requests/sudo.rb', line 87

def webauth!
  debug { "Remembering sudo via WebAuth has been granted in scope #{scope}" }
  session[:webauth] = Time.current.to_i
end

#webauth? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/booth/requests/sudo.rb', line 64

def webauth?
  return true if session[:webauth].to_i > lifespan.ago.to_i

  session[:webauth] = nil
  false
end

#webauthn_challenge ⇒ Object

# File 'lib/booth/requests/sudo.rb', line 71

def webauthn_challenge
  session[:webauthn_challenge].presence
end

#webauthn_challenge=(new_challenge) ⇒ Object

# File 'lib/booth/requests/sudo.rb', line 92

def webauthn_challenge=(new_challenge)
  if new_challenge
    debug { "Persisting webauth challenge #{new_challenge.inspect} in sudo session for scope #{scope.inspect}" }
  else
    debug { "Removing webauth challenge from sudo session for scope #{scope.inspect}" }
  end
  session[:webauthn_challenge] = new_challenge.presence
end