Class: Decidim::Suomifi::Verification::MetadataCollector

Inherits:
Object
  • Object
show all
Defined in:
lib/decidim/suomifi/verification/metadata_collector.rb

Instance Method Summary collapse

Constructor Details

#initialize(saml_attributes) ⇒ MetadataCollector

Returns a new instance of MetadataCollector.



7
8
9
 
# File 'lib/decidim/suomifi/verification/metadata_collector.rb', line 7

def initialize(saml_attributes)
  @saml_attributes = saml_attributes
end

Instance Method Details

#metadataObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/decidim/suomifi/verification/metadata_collector.rb', line 11

def metadata
  hetu = Henkilotunnus::Hetu.new(
    saml_attributes[:national_identification_number]
  )
  # In case the HETU was not sent by Suomi.fi, it will be empty and
  # therefore invalid and will not have the gender information. With
  # empty HETU, `Henkilotunnus::Hetu` would otherwise report "female" as
  # the gender which would not be correct.
  gender = nil
  date_of_birth = nil

  # Note that we cannot call hetu.valid? because it will also call
  # `:valid_person_number?`. This checks that the HETU is in range
  # 002-899 which are the actual HETU codes stored in the population
  # register system. The numbers above 899 are temporary codes, e.g. in
  # situations when a person does not yet have a HETU. Temporary codes
  # may be returned by the Suomi.fi endpoint e.g. in the testing mode.
  # Regarding the information needs here, it does not matter whether the
  # HETU is temporary or permanent.
  valid_hetu = hetu.send(:valid_format?) && hetu.send(:valid_checksum?)
  if valid_hetu
    gender = hetu.male? ? "m" : "f"
    # `.to_s` returns an ISO 8601 formatted string (YYYY-MM-DD for dates)
    date_of_birth = hetu.date_of_birth.to_s
  elsif saml_attributes[:eidas_date_of_birth]
    # xsd:date (YYYY-MM_DD)
    date_of_birth = saml_attributes[:eidas_date_of_birth]
  end

  postal_code_permanent = true
  postal_code = saml_attributes[:permanent_domestic_address_postal_code]
  unless postal_code
    postal_code_permanent = false
    postal_code = saml_attributes[:temporary_domestic_address_postal_code]
  end

  first_name = saml_attributes[:first_names]
  last_name = saml_attributes[:last_name]
  given_name = saml_attributes[:given_name]

  eidas = false
  if saml_attributes[:eidas_person_identifier]
    eidas = true
    first_name = saml_attributes[:eidas_first_names]
    last_name = saml_attributes[:eidas_family_name]
  end

  {
    eidas: eidas,
    gender: gender,
    date_of_birth: date_of_birth,
    pin_digest: person_identifier_digest,
    # The first name will contain all first names of the person
    first_name: first_name,
    # The given name is the primary first name of the person, also known
    # as "calling name" (kutsumanimi).
    given_name: given_name,
    last_name: last_name,
    # The municipality number, see:
    # http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
    municipality: saml_attributes[:home_municipality_number],
    municipality_name: saml_attributes[:home_municipality_name_fi],
    postal_code: postal_code,
    permanent_address: postal_code_permanent
  }
end

#person_identifier_digestObject

Digested format of the person’s identifier unique to the person. The digested format is used because the undigested format may hold personal sensitive information about the user and may require special care regarding the privacy policy. These will still be unique hashes bound to the person’s identification number.



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/decidim/suomifi/verification/metadata_collector.rb', line 83

def person_identifier_digest
  @person_identifier_digest ||= begin
    prefix = nil
    pin = nil

    if saml_attributes[:national_identification_number]
      prefix = "FI"
      pin = saml_attributes[:national_identification_number]
    elsif saml_attributes[:eidas_person_identifier]
      prefix = "EIDAS"
      pin = saml_attributes[:eidas_person_identifier]
    end

    if prefix && pin
      Digest::MD5.hexdigest(
        "#{prefix}:#{pin}:#{Rails.application.secrets.secret_key_base}"
      )
    end
  end
end