Class: Cloudcover::SimpleAuth

Inherits:

Object

• Object
• Cloudcover::SimpleAuth

Defined in:

lib/cloudcover/commands/simple_auth.rb

Constant Summary

DEFAULT_CONTEXT =

"AUTH"

InvalidCredsFile =

Class.new(StandardError)

Instance Method Summary

• #app_id ⇒ Object
• #auth_response(auth, msg) ⇒ Object
• #context ⇒ Object
• #context_message ⇒ Object
• #date_format ⇒ Object
• #file_based? ⇒ Boolean
• #file_creds(creds_path) ⇒ Object
• #formatted_date(time) ⇒ Object
• #get_credentials ⇒ Object
• #has_application_access? ⇒ Boolean
• #initialize(opts, path) ⇒ SimpleAuth constructor

  A new instance of SimpleAuth.

• #login ⇒ Object
• #password ⇒ Object
• #send_to_slack(msg) ⇒ Object
• #username ⇒ Object
• #verify_user ⇒ Object

Constructor Details

#initialize(opts, path) ⇒ SimpleAuth

Returns a new instance of SimpleAuth.

# File 'lib/cloudcover/commands/simple_auth.rb', line 6

def initialize(opts,path)
  Output.say_debug("SimpleAuth class: #{self}")
  @okta = Cloudcover::Okta::Client.new
  @credentials = {}
  @opts = opts
  @creds_path = path unless path.nil?
end

Instance Method Details

#app_id ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 88

def app_id
  @opts[:app]
end

#auth_response(auth, msg) ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 23

def auth_response(auth, msg)
  if auth
    if  @opts[:radius]
      p "Accept"
    else
      p msg
    end
  else
    if @opts[:radius]
      abort 'Reject'
    else
      send_to_slack(msg) if Cloudcover::Config.slack[:report_auth_failures]
      abort msg
    end
  end
end

#context ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 96

def context
  @opts[:context]
end

#context_message ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 100

def context_message
  context || DEFAULT_CONTEXT
end

#date_format ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 84

def date_format
  Cloudcover::Config.date_format ? Cloudcover::Config.date_format : "%a %b %e %H:%M:%S %Y"
end

#file_based? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/cloudcover/commands/simple_auth.rb', line 92

def file_based?
  @opts[:f]
end

#file_creds(creds_path) ⇒ Object

Raises:

• (InvalidCredsFile)

# File 'lib/cloudcover/commands/simple_auth.rb', line 52

def file_creds(creds_path)
  credentials = IO.read(creds_path).split rescue {}
  raise InvalidCredsFile unless credentials.length == 2
  credentials
end

#formatted_date(time) ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 58

def formatted_date(time)
  Time.at(time).strftime(date_format)
end

#get_credentials ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 40

def get_credentials
  if file_based?
    Output.say_debug("Using credtials from #{@creds_path}")
    creds = file_creds(@creds_path)
    @credentials[:username] = creds.first
    @credentials[:password] = creds.last
  else
    @credentials[:username] = Output.ask("Username: ")
    @credentials[:password] = Output.ask("Password: "){ |q| q.echo = "*" }
  end
end

#has_application_access? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/cloudcover/commands/simple_auth.rb', line 80

def has_application_access?
  @okta.myApps.map{ |g| g[:appInstanceId] }.include? app_id
end

#login ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 70

def login
  @okta.login(username, password)
  if @okta.logged_in?
    @user_id = @okta.login_id
    true
  else
    false
  end
end

#password ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 66

def password
  @credentials[:password]
end

#send_to_slack(msg) ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 104

def send_to_slack(msg)
  Output.say_debug "Posting to slack..."
  slackvars = [:username, :icon_url, :channel]
  payload = { text: msg }
  slackvars.each do |var|
    payload.merge!({var=> Cloudcover::Config.slack[var]}) if Cloudcover::Config.slack[var]
  end

  HTTParty.post(Cloudcover::Config.slack[:webhook],
                :body => "payload=#{payload.to_json}"
  )
end

#username ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 62

def username
  @credentials[:username]
end

#verify_user ⇒ Object

# File 'lib/cloudcover/commands/simple_auth.rb', line 14

def verify_user
  get_credentials
  auth_response(false, "#{formatted_date(Time.now)} - #{context_message} - Access denied, failed login for #{username}") unless login
  if app_id
    auth_response(false,"#{formatted_date(Time.now)} - #{context_message} - Access denied, #{username} does not have access to application ID `#{app_id}`") unless has_application_access?
  end
  auth_response(true, "#{formatted_date(Time.now)} - #{context_message} - Access granted for #{username}")
end