Class: Himari::Services::DownstreamAuthorization

Inherits:
Object
  • Object
show all
Defined in:
lib/himari/services/downstream_authorization.rb

Defined Under Namespace

Classes: ForbiddenError, Result

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(session:, client:, request: nil, authz_rules: [], logger: nil) ⇒ DownstreamAuthorization 



41
42
43
44
45
46
47
 
# File 'lib/himari/services/downstream_authorization.rb', line 41

def initialize(session:, client:, request: nil, authz_rules: [], logger: nil)
  @session = session
  @client = client
  @request = request
  @authz_rules = authz_rules
  @logger = logger
end

Class Method Details

.from_request(session:, client:, request:) ⇒ Object 



52
53
54
55
56
57
58
59
60
 
# File 'lib/himari/services/downstream_authorization.rb', line 52

def self.from_request(session:, client:, request:)
  new(
    session: session,
    client: client,
    request: request,
    authz_rules: Himari::ProviderChain.new(request.env[Himari::Middlewares::AuthorizationRule::RACK_KEY] || []).collect,
    logger: request.env['rack.logger'],
  )
end

Instance Method Details

#performObject

Raises:



62
63
64
65
66
67
68
69
70
71
 
# File 'lib/himari/services/downstream_authorization.rb', line 62

def perform
  context = Himari::Decisions::Authorization::Context.new(claims: @session.claims, user_data: @session.user_data, request: @request, client: @client).freeze

  authorization = Himari::RuleProcessor.new(context, Himari::Decisions::Authorization.new(claims: @session.claims.dup)).run(@authz_rules)
  raise ForbiddenError.new(Result.new(@client, nil, nil, authorization)) unless authorization.allowed

  claims = authorization.decision.output_claims
  lifetime = authorization.decision.lifetime
  Result.new(@client, claims, lifetime, authorization)
end