Class: Bosh::Director::Api::UAAIdentityProvider
- Defined in:
- lib/bosh/director/api/uaa_identity_provider.rb
Instance Method Summary collapse
- #client_info ⇒ Object
- #get_user(request_env) ⇒ Object
-
#initialize(options, director_uuid_provider) ⇒ UAAIdentityProvider
constructor
A new instance of UAAIdentityProvider.
- #required_scopes(requested_access) ⇒ Object
- #supports_api_update? ⇒ Boolean
- #valid_access?(user, requested_access) ⇒ Boolean
Constructor Details
#initialize(options, director_uuid_provider) ⇒ UAAIdentityProvider
Returns a new instance of UAAIdentityProvider.
7 8 9 10 11 12 |
# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 7 def initialize(, director_uuid_provider) @url = .fetch('url') Config.logger.debug "Initializing UAA Identity provider with url #{@url}" @director_uuid = director_uuid_provider.uuid @token_coder = CF::UAA::TokenCoder.new(skey: .fetch('symmetric_key', nil), pkey: .fetch('public_key', nil), scope: []) end |
Instance Method Details
#client_info ⇒ Object
18 19 20 21 22 23 24 25 |
# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 18 def client_info { 'type' => 'uaa', 'options' => { 'url' => @url } } end |
#get_user(request_env) ⇒ Object
27 28 29 30 31 32 33 |
# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 27 def get_user(request_env) auth_header = request_env['HTTP_AUTHORIZATION'] token = @token_coder.decode(auth_header) UaaUser.new(token) rescue CF::UAA::DecodeError, CF::UAA::AuthError => e raise AuthenticationError, e. end |
#required_scopes(requested_access) ⇒ Object
44 45 46 |
# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 44 def required_scopes(requested_access) [requested_access] end |
#supports_api_update? ⇒ Boolean
14 15 16 |
# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 14 def supports_api_update? false end |
#valid_access?(user, requested_access) ⇒ Boolean
35 36 37 38 39 40 41 42 |
# File 'lib/bosh/director/api/uaa_identity_provider.rb', line 35 def valid_access?(user, requested_access) if user.scopes required_scopes = required_scopes(requested_access) return has_admin_scope?(user.scopes) || contains_requested_scope?(required_scopes, user.scopes) end false end |