Class: Clerk::Proxy

Inherits:

Object

• Object
• Clerk::Proxy

Defined in:

lib/clerk/proxy.rb

Constant Summary

CACHE_TTL =

seconds

60

Instance Method Summary

• #initialize(session_claims: nil, session_token: nil) ⇒ Proxy constructor

  A new instance of Proxy.

• #organization ⇒ Object
• #organization? ⇒ Boolean
• #organization_id ⇒ Object
• #organization_permissions ⇒ Object
• #organization_role ⇒ Object
• #session ⇒ Object
• #sign_in_url ⇒ Object
• #sign_out_url ⇒ Object
• #sign_up_url ⇒ Object
• #user ⇒ Object
• #user? ⇒ Boolean
• #user_id ⇒ Object
• #user_needs_reverification?(preset = StepUp::Preset::STRICT) ⇒ Boolean
• #user_require_reverification!(preset = StepUp::Preset::STRICT) {|preset| ... } ⇒ Object
• #user_reverification_rack_response(config = nil) ⇒ Object
• #user_reverified?(params) ⇒ Boolean

  Returns true if the session needs to perform step up verification.

Constructor Details

#initialize(session_claims: nil, session_token: nil) ⇒ Proxy

Returns a new instance of Proxy.

# File 'lib/clerk/proxy.rb', line 11

def initialize(session_claims: nil, session_token: nil)
  @session_claims = session_claims
  @session_token = session_token
end

Instance Method Details

#organization ⇒ Object

# File 'lib/clerk/proxy.rb', line 40

def organization
  return nil unless organization?

  @organization ||= fetch_org(organization_id)
end

#organization? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/clerk/proxy.rb', line 36

def organization?
  !organization_id.nil?
end

#organization_id ⇒ Object

# File 'lib/clerk/proxy.rb', line 46

def organization_id
  return nil unless user?

  @session_claims['org_id']
end

#organization_permissions ⇒ Object

# File 'lib/clerk/proxy.rb', line 58

def organization_permissions
  return nil if @session_claims.nil?

  @session_claims['org_permissions']
end

#organization_role ⇒ Object

# File 'lib/clerk/proxy.rb', line 52

def organization_role
  return nil if @session_claims.nil?

  @session_claims['org_role']
end

#session ⇒ Object

# File 'lib/clerk/proxy.rb', line 16

def session
  @session_claims
end

#sign_in_url ⇒ Object

# File 'lib/clerk/proxy.rb', line 111

def sign_in_url
  ENV['CLERK_SIGN_IN_URL']
end

#sign_out_url ⇒ Object

# File 'lib/clerk/proxy.rb', line 115

def sign_out_url
  ENV['CLERK_SIGN_OUT_URL']
end

#sign_up_url ⇒ Object

# File 'lib/clerk/proxy.rb', line 119

def sign_up_url
  ENV['CLERK_SIGN_UP_URL']
end

#user ⇒ Object

# File 'lib/clerk/proxy.rb', line 24

def user
  return nil unless user?

  @user ||= fetch_user(user_id)
end

#user? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/clerk/proxy.rb', line 20

def user?
  !@session_claims.nil?
end

#user_id ⇒ Object

# File 'lib/clerk/proxy.rb', line 30

def user_id
  return nil unless user?

  @session_claims['sub']
end

#user_needs_reverification?(preset = StepUp::Preset::STRICT) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/clerk/proxy.rb', line 92

def user_needs_reverification?(preset = StepUp::Preset::STRICT)
  !user_reverified?(preset)
end

#user_require_reverification!(preset = StepUp::Preset::STRICT) {|preset| ... } ⇒ Object

Yields:

• (preset)

# File 'lib/clerk/proxy.rb', line 96

def user_require_reverification!(preset = StepUp::Preset::STRICT, &block)
  return unless user_needs_reverification?(preset)
  yield(preset) if block_given?
end

#user_reverification_rack_response(config = nil) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/clerk/proxy.rb', line 101

def user_reverification_rack_response(config = nil)
  raise ArgumentError, 'Missing config, please pass a preset a la `Clerk::StepUp::Preset::*`' if config.nil?

  [
    403,
    {Clerk::CONTENT_TYPE_HEADER => 'application/json'},
    [StepUp::Reverification.error_payload(config).to_json]
  ]
end

#user_reverified?(params) ⇒ Boolean

Returns true if the session needs to perform step up verification

Returns:

• (Boolean)

# File 'lib/clerk/proxy.rb', line 65

def user_reverified?(params)
  return false unless user?

  fva = session_claims['fva']

  # the feature is disabled
  return true if fva.nil?

  level = params[:level]
  after_minutes = params[:after_minutes].to_i

  return false if after_minutes.nil? || level.nil?

  factor1_age, factor2_age = fva
  is_valid_factor1 = factor1_age != -1 && after_minutes > factor1_age
  is_valid_factor2 = factor2_age != -1 && after_minutes > factor2_age

  case level
  when :first_factor
    is_valid_factor1
  when :second_factor
    factor2_age == -1 ? is_valid_factor1 : is_valid_factor2
  when :multi_factor
    factor2_age == -1 ? is_valid_factor1 : is_valid_factor1 && is_valid_factor2
  end
end