Class: CASino::TwoFactorAuthenticatorActivatorProcessor

Inherits:

Processor

• Object
• Processor
• CASino::TwoFactorAuthenticatorActivatorProcessor

Includes:

ProcessorConcern::TicketGrantingTickets, ProcessorConcern::TwoFactorAuthenticators

Defined in:

app/processors/casino/two_factor_authenticator_activator_processor.rb

Overview

The TwoFactorAuthenticatorActivator processor can be used to activate a previously generated two-factor authenticator.

This feature is not described in the CAS specification so it’s completly optional to implement this on the web application side.

Instance Method Summary

• #process(params = nil, cookies = nil, user_agent = nil) ⇒ Object

  The method will call one of the following methods on the listener: * ‘#user_not_logged_in`: The user is not logged in and should be redirected to /login.

Methods included from ProcessorConcern::TwoFactorAuthenticators

#validate_one_time_password

Methods included from ProcessorConcern::TicketGrantingTickets

#acquire_ticket_granting_ticket, #cleanup_expired_ticket_granting_tickets, #find_valid_ticket_granting_ticket, #load_or_initialize_user, #remove_ticket_granting_ticket

Methods included from ProcessorConcern::Browser

#browser_info, #same_browser?

Methods inherited from Processor

#initialize

Constructor Details

This class inherits a constructor from CASino::Processor

Instance Method Details

#process(params = nil, cookies = nil, user_agent = nil) ⇒ Object

The method will call one of the following methods on the listener:

• ‘#user_not_logged_in`: The user is not logged in and should be redirected to /login.

• ‘#two_factor_authenticator_activated`: The two-factor authenticator was successfully activated.

• ‘#invalid_two_factor_authenticator`: The two-factor authenticator is not valid.

• ‘#invalid_one_time_password`: The user should be asked for a new OTP.

Parameters:

• params (Hash) (defaults to: nil) —

  parameters supplied by user. The processor will look for keys :otp and :id.

• cookies (Hash) (defaults to: nil) —

  cookies delivered by the client

• user_agent (String) (defaults to: nil) —

  user-agent delivered by the client

# File 'app/processors/casino/two_factor_authenticator_activator_processor.rb', line 18

def process(params = nil, cookies = nil, user_agent = nil)
  cookies ||= {}
  params ||= {}
  tgt = find_valid_ticket_granting_ticket(cookies[:tgt], user_agent)
  if tgt.nil?
    @listener.user_not_logged_in
  else
    authenticator = tgt.user.two_factor_authenticators.where(id: params[:id]).first
    validation_result = validate_one_time_password(params[:otp], authenticator)
    if validation_result.success?
      tgt.user.two_factor_authenticators.where(active: true).delete_all
      authenticator.active = true
      authenticator.save!
      @listener.two_factor_authenticator_activated
    else
      if validation_result.error_code == 'INVALID_OTP'
        @listener.invalid_one_time_password(authenticator)
      else
        @listener.invalid_two_factor_authenticator
      end
    end
  end
end