Module: Devise::Models::SamlAuthenticatable::ClassMethods

Defined in:
lib/devise_saml_authenticatable/model.rb

Instance Method Summary collapse

Instance Method Details

#attribute_map(saml_response = nil) ⇒ Object 



90
91
92
 
# File 'lib/devise_saml_authenticatable/model.rb', line 90

def attribute_map(saml_response = nil)
  attribute_map_resolver.new(saml_response).attribute_map
end

#attribute_map_resolverObject 



94
95
96
97
98
99
100
 
# File 'lib/devise_saml_authenticatable/model.rb', line 94

def attribute_map_resolver
  if Devise.saml_attribute_map_resolver.respond_to?(:new)
    Devise.saml_attribute_map_resolver
  else
    Devise.saml_attribute_map_resolver.constantize
  end
end

#authenticate_with_saml(saml_response, relay_state) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/devise_saml_authenticatable/model.rb', line 32

def authenticate_with_saml(saml_response, relay_state)
  key = Devise.saml_default_user_key
  decorated_response = ::SamlAuthenticatable::SamlResponse.new(
    saml_response,
    attribute_map(saml_response),
  )
  if Devise.saml_use_subject
    auth_value = saml_response.name_id
  else
    auth_value = decorated_response.attribute_value_by_resource_key(key)
  end
  auth_value.try(:downcase!) if Devise.case_insensitive_keys.include?(key)

  resource = Devise.saml_resource_locator.call(self, decorated_response, auth_value)

  raise "Only one validator configuration can be used at a time" if Devise.saml_resource_validator && Devise.saml_resource_validator_hook
  if Devise.saml_resource_validator || Devise.saml_resource_validator_hook
    valid = if Devise.saml_resource_validator then Devise.saml_resource_validator.new.validate(resource, saml_response)
            else Devise.saml_resource_validator_hook.call(resource, decorated_response, auth_value)
            end
    if !valid
      logger.info("User(#{auth_value}) did not pass custom validation.")
      return nil
    end
  end

  create_user = if Devise.saml_create_user.respond_to?(:call) then Devise.saml_create_user.call(self, decorated_response, auth_value)
                else Devise.saml_create_user
                end
  if resource.nil?
    if create_user
      logger.info("Creating user(#{auth_value}).")
      resource = new
    else
      logger.info("User(#{auth_value}) not found.  Not configured to create the user.")
      return nil
    end
  end

  update_user = if Devise.saml_update_user.respond_to?(:call) then Devise.saml_update_user.call(self, decorated_response, auth_value)
                else Devise.saml_update_user
                end
  if update_user || (resource.new_record? && create_user)
    Devise.saml_update_resource_hook.call(resource, decorated_response, auth_value)
  end

  resource
end

#find_for_shibb_authentication(conditions) ⇒ Object 



86
87
88
 
# File 'lib/devise_saml_authenticatable/model.rb', line 86

def find_for_shibb_authentication(conditions)
  find_for_authentication(conditions)
end

#reset_session_key_for(name_id) ⇒ Object 



81
82
83
84
 
# File 'lib/devise_saml_authenticatable/model.rb', line 81

def reset_session_key_for(name_id)
  resource = find_by(Devise.saml_default_user_key => name_id)
  resource.update_attribute(Devise.saml_session_index_key, nil) unless resource.nil?
end