Module: HubSsoLib::Core

Defined in:

lib/hub_sso_lib.rb

Overview

Module: Core #

Various authors                                            #
                                                           #

Purpose: The barely recognisable core of acts_as_authenticated’s #

AuthenticatedSystem module, modified to work with the      #
other parts of HubSsoLib. You should include this module   #
to use its facilities.                                     #
                                                           #

Author: Various; adaptation by A.D.Hodgkinson #

#

History: 20-Oct-2006 (ADH): Integrated into HubSsoLib. #

Class Method Summary

• .included(base) ⇒ Object

  Inclusion hook to make various methods available as ActionView helpers.

Instance Method Summary

• #hubssolib_account_link ⇒ Object

  Returns markup for a link that leads to Hub’s conditional login endpoint, inline-styled as a red “Log in” or green “Account” button.

• #hubssolib_afterwards ⇒ Object

  Mandatory controller “after_action” callback method to tidy up after Hub actions during a request.

• #hubssolib_authorized?(action = action_name, classname = self.class) ⇒ Boolean

  Check if the user is authorized to perform the current action.

• #hubssolib_beforehand ⇒ Object

  Mandatory controller “before_action” callback method which activates HubSsoLib permissions management, session expiry and so-on.

• #hubssolib_clear_flash ⇒ Object
• #hubssolib_current_user ⇒ Object

  Accesses the current user, via the DRb server if necessary.

• #hubssolib_current_user=(user) ⇒ Object

  Sets the currently signed in user.

• #hubssolib_destroy_user_sessions(hub_user_id) ⇒ Object

  WARNING: Comparatively slow.

• #hubssolib_ensure_https ⇒ Object

  Ensure the current request is carried out over HTTPS by redirecting back to the current URL with the HTTPS protocol if it isn’t.

• #hubssolib_enumerate_users ⇒ Object

  WARNING: Slow.

• #hubssolib_flash_data ⇒ Object

  Return flash data for known keys, then all remaining keys, from both the cross-application and standard standard flash hashes.

• #hubssolib_get_exception_message(id_data) ⇒ Object

  Retrieve the message of an exception stored as an object in the given string.

• #hubssolib_get_flash ⇒ Object

  Flash data can be carried across the Hub session, stored in the DRb server as a result, and is thus cleared automatically if a session gets dropped.

• #hubssolib_get_user_address ⇒ Object

  Public read-only accessor methods for common user activities: return the current user’s e-mail address, or nil if there’s no user.

• #hubssolib_get_user_id ⇒ Object

  Public read-only accessor methods for common user activities: return the Hub database ID of the current user account, or nil if there’s no user.

• #hubssolib_get_user_name ⇒ Object

  Public read-only accessor methods for common user activities: return the current user’s name as a string, or nil if there’s no user.

• #hubssolib_get_user_roles ⇒ Object

  Public read-only accessor methods for common user activities: return the current user’s roles as a Roles object, or nil if there’s no user.

• #hubssolib_log_in(user) ⇒ Object

  Log in the user.

• #hubssolib_log_out ⇒ Object

  Log out the user.

• #hubssolib_logged_in? ⇒ Boolean

  Returns true or false if a user is logged in or not, respectively.

• #hubssolib_privileged? ⇒ Boolean

  Is the current user privileged? Anything other than normal user privileges will suffice.

• #hubssolib_promote_uri_to_ssl(uri_str, host = nil) ⇒ Object

  Take a URI and pass an optional host parameter.

• #hubssolib_redirect_back_or_default(default) ⇒ Object

  Redirect to the URI stored by the most recent store_location call or to the passed default.

• #hubssolib_register_user_change_handler(app_name:, app_root:, task_name:) ⇒ Object

  If an application needs to know about changes of a user e-mail address or display name (e.g. because of sync to a local relational store of users related to other application-managed resources, with therefore a desire to keep that store up to date), it can register a task to run on-change here.

• #hubssolib_registered_user_change_handlers ⇒ Object

  Returns all change handlers registered by prior calls made to #hubssolib_register_user_change_handler.

• #hubssolib_retrieve_user_sessions(hub_user_id) ⇒ Object

  WARNING: Comparatively slow.

• #hubssolib_review_action(**args) ⇒ Object

  Convenience accessor to HubSsoLib::Trust.get_trust_object().review_action - see that method for details.

• #hubssolib_set_flash(symbol, message) ⇒ Object
• #hubssolib_store_location(uri_str = request.url) ⇒ Object

  Store the URI of the current request in the session, or store the optional supplied specific URI.

• #hubssolib_trusted? ⇒ Boolean

  Convenience method that returns true if there’s a currently logged-in Hub user that has been flagged as trusted, else - whether there is no current user, or they haven’t been flagged as trusted - returns false.

• #hubssolib_unique_name ⇒ Object

  Return a human-readable unique ID for a user.

Class Method Details

.included(base) ⇒ Object

Inclusion hook to make various methods available as ActionView helpers.

# File 'lib/hub_sso_lib.rb', line 1537

def self.included(base)
  if base.respond_to?(:helper_method)
    base.send(
      :helper_method,

      :hubssolib_current_user,
      :hubssolib_unique_name,
      :hubssolib_account_link,
      :hubssolib_flash_data,

      :hubssolib_logged_in?,
      :hubssolib_authorized?,
      :hubssolib_privileged?,
      :hubssolib_trusted?
    )
  end
end

Instance Method Details

#hubssolib_account_link ⇒ Object

Returns markup for a link that leads to Hub’s conditional login endpoint, inline-styled as a red “Log in” or green “Account” button. This can be used in page templates to avoid needing any additional images or other such resources and using pure HTML + CSS for the login indication.

JavaScript is used so that e.g. “back” button fully-cached displays by a browser will get updated with the correct login state, where needed (so long as the ‘pageshow’ event is supported). NOSCRIPT browsers use the old no-cache image fallback, which is much less efficient, but works.

# File 'lib/hub_sso_lib.rb', line 977

def hubssolib_account_link
  logged_in        = self.hubssolib_logged_in?()
  ui_href          = "#{HUB_PATH_PREFIX}/account/login_conditional"
  noscript_img_src = "#{HUB_PATH_PREFIX}/account/login_indication.png"
  noscript_img_tag = helpers.image_tag(noscript_img_src, size: '90x22', border: '0', alt: 'Log in or out')

  if self.respond_to?(:request)
    return_to_url = self.request.try(:original_url)

    if return_to_url.present?
      return_query = URI.encode_www_form({ return_to_url: return_to_url.to_s })
      ui_href << "?#{return_query}"
    end
  end

  logged_in_link   = helpers.link_to('Account',        ui_href, id: 'hubssolib_logged_in_link')
  logged_out_link  = helpers.link_to('Log in',         ui_href, id: 'hubssolib_logged_out_link')
  noscript_link    = helpers.link_to(noscript_img_tag, ui_href, id: 'hubssolib_login_noscript')

  # Yes, it's ugly, but yes, it works and it's a lot better for the server
  # to avoid the repeated image fetches. It probably works out as overall
  # more efficient for clients too - despite all the JS etc. work, there's
  # no network fetch overhead or image rendering. On mobile in particular,
  # the JS solution is likely to use less battery power.
  #
  safe_markup = <<~HTML
    <div id="hubssolib_login_indication">
      <noscript>
        #{noscript_link}
      </noscript>
    </div>
    <script type="text/javascript">
      const logged_in_html  = "#{helpers.j(logged_in_link)}";
      const logged_out_html = "#{helpers.j(logged_out_link)}";
      const container       = document.getElementById('hubssolib_login_indication')

      #{
        # No '?.' support in NetSurf's JS engine, so can't do the match
        # and pop in a single line via "?.pop() || ''".
      }
      function hubSsoLibLoginStateWriteLink() {
        const regexp = '#{helpers.j(HUB_LOGIN_INDICATOR_COOKIE)}\\s*=\\s*([^;]+)';
        const match  = document.cookie.match(regexp);
        const flag   = (match ? match.pop() : null) || '';

        if (flag === '#{HUB_LOGIN_INDICATOR_COOKIE_VALUE}') {
          container.innerHTML = logged_in_html;
        } else {
          container.innerHTML = logged_out_html;
        }
      }
      #{
        # Immediate update, plus on-load update - including fully cached
        # loads in the browser when the "Back" button is used. No stale
        # login indications should thus arise from cached data.
      }
      hubSsoLibLoginStateWriteLink();
      window.addEventListener('load',     hubSsoLibLoginStateWriteLink);
      window.addEventListener('pageshow', hubSsoLibLoginStateWriteLink);
    </script>
  HTML

  return safe_markup.html_safe()
end

#hubssolib_afterwards ⇒ Object

Mandatory controller “after_action” callback method to tidy up after Hub actions during a request. Usually invoked in ApplicationController.

# File 'lib/hub_sso_lib.rb', line 1398

def hubssolib_afterwards
  begin
    DRb.current_server
  rescue DRb::DRbServerNotFound
    # Nothing to do; no service is running.
  end
end

#hubssolib_authorized?(action = action_name, classname = self.class) ⇒ Boolean

Check if the user is authorized to perform the current action. If calling from a helper, pass the action name and class name; otherwise by default, the current action name and ‘self.class’ will be used.

Override this method in your controllers if you want to restrict access to a different set of actions. Presently, the current user’s roles are compared against the caller’s permissions hash and the action name.

Returns:

• (Boolean)

# File 'lib/hub_sso_lib.rb', line 1050

def hubssolib_authorized?(action = action_name, classname = self.class)

  # Classes with no permissions object always authorise everything.
  # Otherwise, ask the permissions object for its opinion.

  if (classname.respond_to? :hubssolib_permissions)
    return classname.hubssolib_permissions.permitted?(hubssolib_get_user_roles, action)
  else
    return true
  end
end

#hubssolib_beforehand ⇒ Object

Mandatory controller “before_action” callback method which activates HubSsoLib permissions management, session expiry and so-on. Usually invoked in ApplicationController.

# File 'lib/hub_sso_lib.rb', line 1304

def hubssolib_beforehand

  # Does this action require a logged in user?
  #
  if (self.class.respond_to? :hubssolib_permissions)
    login_is_required = !self.class.hubssolib_permissions.permitted?('', action_name)
  else
    login_is_required = false
  end

  # If we require login but we're logged out, redirect to Hub login.
  # NOTE EARLY EXIT
  #
  logged_in = hubssolib_logged_in?

  if logged_in == false
    cookies.delete(HUB_LOGIN_INDICATOR_COOKIE, domain: :all, path: '/')

    if login_is_required
      hubssolib_store_location()
      return hubssolib_must_login()
    else
      return true
    end
  end

  cookies[HUB_LOGIN_INDICATOR_COOKIE] = {
    value:    HUB_LOGIN_INDICATOR_COOKIE_VALUE,
    path:     '/',
    domain:   :all,
    expires:  1.year, # I.e. *not* session-scope
    secure:   ! hub_bypass_ssl?,
    httponly: false
  }

  # So we reach here knowing we're logged in, but the action may or
  # may not require authorisation.

  if (login_is_required)

    # Login *is* required for this action. If the session expires,
    # redirect to Hub's login page via its expiry action. Otherwise
    # check authorisation and allow action processing to continue
    # if OK, else indicate that access is denied.

    if (hubssolib_session_expired?)
      hubssolib_store_location()
      hubssolib_log_out()
      hubssolib_set_flash(:attention, 'Sorry, your session timed out; you need to log in again to continue.')

      # We mean this: redirect_to :controller => 'account', :action => 'login'
      # ...except for the Hub, rather than the current application (whatever
      # it may be).
      redirect_to HUB_PATH_PREFIX + '/account/login'
    else
      hubssolib_set_last_used(Time.now.utc)
      return hubssolib_authorized? ? true : hubssolib_access_denied()
    end

  else

    # We have to update session expiry even for actions that don't
    # need us to be logged in, since we *are* logged in and need to
    # maintain that state. If, though, the session expires, we just
    # quietly log out and let action processing carry on.

    if (hubssolib_session_expired?)
      hubssolib_log_out()
      hubssolib_set_flash(:attention, 'Your session timed out, so you are no longer logged in.')
    else
      hubssolib_set_last_used(Time.now.utc)
    end

    return true # true -> let action processing continue

  end

rescue Exception => e
  Sentry.capture_exception(e) if defined?(Sentry) && Sentry.respond_to?(:capture_exception)

  # At this point there tends to be no Session data, so we're going to have
  # to encode the exception data into the URI... It must be escaped twice,
  # as many servers treat "%2F" in a URI as a "/". Apache can then fail to
  # serve the page, raising a 404 error unless "AllowEncodedSlashes on" is
  # specified in its configuration.
  #
  suffix   = '/' + CGI::escape(CGI::escape(hubssolib_set_exception_data(e)))
  new_path = HUB_PATH_PREFIX + '/tasks/service'
  redirect_to(new_path + suffix) unless request.path.include?(new_path)
end

#hubssolib_clear_flash ⇒ Object

# File 'lib/hub_sso_lib.rb', line 1476

def hubssolib_clear_flash
  session = self.hubssolib_get_session()
  session.session_flash = {} unless session.nil?
end

#hubssolib_current_user ⇒ Object

Accesses the current user, via the DRb server if necessary. Returns a HubSsoLib::User object, or nil if none is available (this indicates that nobody is logged in, but #hubssolib_logged_in? should be used to check that, to allow for possible future more advanced logic within).

# File 'lib/hub_sso_lib.rb', line 945

def hubssolib_current_user
  hub_session = self.hubssolib_get_session()
  user        = hub_session&.session_user

  return (user&.user_id.nil? ? nil : user)
end

#hubssolib_current_user=(user) ⇒ Object

Sets the currently signed in user. Note that although this works and is maintained, it is recommended that #hubssolib_log_in gets called instead.

user

A valid HubSsoLib::User. This will replace any existing logged in user. If there is no session yet, one will be created.

# File 'lib/hub_sso_lib.rb', line 958

def hubssolib_current_user=(user)
  if user.nil?
    self.hubssolib_destroy_session!
  else
    hub_session = self.hubssolib_create_session()
    hub_session.session_user = user
  end
end

#hubssolib_destroy_user_sessions(hub_user_id) ⇒ Object

WARNING: Comparatively slow.

Remove all sessions under a given ID.

For information about performance limitations, see HubSsoLib::SessionFactory#destroy_sessions_by_user_id.

# File 'lib/hub_sso_lib.rb', line 1209

def hubssolib_destroy_user_sessions(hub_user_id)
  hubssolib_factory().destroy_sessions_by_user_id(hub_user_id) unless hub_user_id.nil?
end

#hubssolib_ensure_https ⇒ Object

Ensure the current request is carried out over HTTPS by redirecting back to the current URL with the HTTPS protocol if it isn’t. Returns ‘true’ if not redirected (already HTTPS), else ‘false’.

# File 'lib/hub_sso_lib.rb', line 1446

def hubssolib_ensure_https
  if request.ssl? || hub_bypass_ssl?
    return true
  else
    # This isn't reliable: redirect_to({ :protocol => 'https://' })
    redirect_to( hubssolib_promote_uri_to_ssl( request.request_uri, request.host ) )
    return false
  end
end

#hubssolib_enumerate_users ⇒ Object

WARNING: Slow.

Return an Array of HubSsoLib::User objects for all logged-in users, in an array. If a user is logged into more than one browser and thus has more than one session active, they will accordingly appear more than once in the returned data. This can also happen if a user loses key rotation and leaves an old, but not yet expired session behind when they log in anew.

In accordance with HubSsoLib::SessionFactory#enumerate_hub_session_ids documentation, a maximum of HUB_SESSION_ENUMERATION_KEY_MAX users can be returned here. If this is exceeded, an empty array is returned. If you are processing this information for display in a UI which itself requires a logged in user of some sort (which is very likely) and therefore know that at least one session does exist, you can treat an empty array as confirmation of “lots of sessions”. If you can’t be sure of at least one logged in user, then there is obvious arising ambiguity and this method does not solve it for you - it’s just “zero, or very many users”.

Users are ordered by least-recently-active first, most-recent last.

For information about performance limitations, see HubSsoLib::SessionFactory#enumerate_hub_session_ids.

# File 'lib/hub_sso_lib.rb', line 1162

def hubssolib_enumerate_users
  hub_session_info = hubssolib_factory().enumerate_hub_session_ids()
  hub_users        = []

  unless hub_session_info[:keys].nil? # (keyset too large, enumeration prohibited)
    hub_session_info[:keys].each do | key |
      session = hubssolib_factory().retrieve_session_by_key(key)
      hub_users << session.session_user unless session&.session_user&.user_id.nil?
    end
  end

  return hub_users
end

#hubssolib_flash_data ⇒ Object

Return flash data for known keys, then all remaining keys, from both the cross-application and standard standard flash hashes. The returned Hash is of the form:

{ 'hub' => ...data..., 'standard' => ...data... }

…where “…data…” is itself a Hash of flash keys yielding flash values. This allows both the Hub and standard flashes to have values inside them under the same key. All keys are strings.

# File 'lib/hub_sso_lib.rb', line 1491

def hubssolib_flash_data

  # These known key values are used to guarantee an order in the output
  # for cases where multiple messages are defined.
  #
  compiled_data = { 'hub' => {}, 'standard' => {} }
  ordered_keys  = [
    'notice',
    'attention',
    'alert'
  ]

  # Get an array of keys for the Hub flash with the ordered key items
  # first and store data from that flash; same again for standard.

  hash = hubssolib_get_flash()
  keys = ordered_keys | hash.keys

  keys.each do | key |
    compiled_data['hub'][key] = hash[key] if hash.key?(key)
  end

  if defined?( flash )
    hash = flash.to_h()
    keys = ordered_keys | hash.keys

    keys.each do | key |
      compiled_data['standard'][key] = hash[key] if hash.key?(key)
    end
  end

  hubssolib_clear_flash()
  flash.discard()

  return compiled_data
end

#hubssolib_get_exception_message(id_data) ⇒ Object

Retrieve the message of an exception stored as an object in the given string.

# File 'lib/hub_sso_lib.rb', line 1531

def hubssolib_get_exception_message(id_data)
  hubssolib_get_exception_data(CGI::unescape(id_data))
end

#hubssolib_get_flash ⇒ Object

Flash data can be carried across the Hub session, stored in the DRb server as a result, and is thus cleared automatically if a session gets dropped. However, we also want this to work without being logged in, so in that case it uses the normal flash as a backup when writing.

# File 'lib/hub_sso_lib.rb', line 1461

def hubssolib_get_flash
  session = self.hubssolib_get_session()
  session&.session_flash || {}
end

#hubssolib_get_user_address ⇒ Object

Public read-only accessor methods for common user activities: return the current user’s e-mail address, or nil if there’s no user.

# File 'lib/hub_sso_lib.rb', line 1123

def hubssolib_get_user_address
  self.hubssolib_current_user&.user_email
end

#hubssolib_get_user_id ⇒ Object

Public read-only accessor methods for common user activities: return the Hub database ID of the current user account, or nil if there’s no user. See also hubssolib_unique_name.

# File 'lib/hub_sso_lib.rb', line 1115

def hubssolib_get_user_id
  self.hubssolib_current_user&.user_id
end

#hubssolib_get_user_name ⇒ Object

Public read-only accessor methods for common user activities: return the current user’s name as a string, or nil if there’s no user. See also hubssolib_unique_name.

# File 'lib/hub_sso_lib.rb', line 1107

def hubssolib_get_user_name
  self.hubssolib_current_user&.user_real_name
end

#hubssolib_get_user_roles ⇒ Object

Public read-only accessor methods for common user activities: return the current user’s roles as a Roles object, or nil if there’s no user.

# File 'lib/hub_sso_lib.rb', line 1099

def hubssolib_get_user_roles
  self.hubssolib_current_user&.user_roles&.to_authenticated_roles
end

#hubssolib_log_in(user) ⇒ Object

Log in the user. This is just syntax sugar for setting the current user via #hubssolib_current_user, really. You can freely use either approach according to your preferred aesthetics, but this method is preferred.

user

A valid HubSsoLib::User instance. If this has a nil value for user_id, or if user is itself nil, you’ll cause the same effect as if explicitly logging out.

# File 'lib/hub_sso_lib.rb', line 921

def hubssolib_log_in(user)
  self.hubssolib_current_user = user # (which deals with all related session and cookie consequences)
end

#hubssolib_log_out ⇒ Object

Log out the user. Very few applications should ever need to call this, though Hub certainly does and it gets used internally too.

# File 'lib/hub_sso_lib.rb', line 928

def hubssolib_log_out
  self.hubssolib_current_user = nil # (which deals with all related session and cookie consequences)
  @hubssolib_session = nil
  cookies.delete(HUB_LOGIN_INDICATOR_COOKIE, domain: :all, path: '/')
end

#hubssolib_logged_in? ⇒ Boolean

Returns true or false if a user is logged in or not, respectively.

Returns:

• (Boolean)

# File 'lib/hub_sso_lib.rb', line 936

def hubssolib_logged_in?
  !!self.hubssolib_current_user
end

#hubssolib_privileged? ⇒ Boolean

Is the current user privileged? Anything other than normal user privileges will suffice. Can be called if not logged in. Returns ‘false’ for logged out or normal user privileges only, else ‘true’.

Returns:

• (Boolean)

# File 'lib/hub_sso_lib.rb', line 1066

def hubssolib_privileged?
  return false unless hubssolib_logged_in?

  pnormal = HubSsoLib::Roles.new(false).to_s
  puser   = hubssolib_get_user_roles().to_s

  return (puser && !puser.empty? && puser != pnormal)
end

#hubssolib_promote_uri_to_ssl(uri_str, host = nil) ⇒ Object

Take a URI and pass an optional host parameter. Decomposes the URI, sets the host you provide (or leaves it alone if you omit the parameter), then forces the scheme to ‘https’. Returns the result as a flat string.

# File 'lib/hub_sso_lib.rb', line 1435

def hubssolib_promote_uri_to_ssl(uri_str, host = nil)
  uri = URI.parse(uri_str)
  uri.host = host if host
  uri.scheme = hub_bypass_ssl? ? 'http' : 'https'
  return uri.to_s
end

#hubssolib_redirect_back_or_default(default) ⇒ Object

Redirect to the URI stored by the most recent store_location call or to the passed default.

# File 'lib/hub_sso_lib.rb', line 1423

def hubssolib_redirect_back_or_default(default)
  url = hubssolib_get_return_to()
  hubssolib_set_return_to(nil)

  redirect_to(url || default)
end

#hubssolib_register_user_change_handler(app_name:, app_root:, task_name:) ⇒ Object

If an application needs to know about changes of a user e-mail address or display name (e.g. because of sync to a local relational store of users related to other application-managed resources, with therefore a desire to keep that store up to date), it can register a task to run on-change here. When a user edits their information, Hub runs through all such commands, allowing external applications to manage their own state with no need for coupled configuration or other duplication.

The registered name must be a Rake task and the application must specify its location in the filesystem so that the PWD can be changed there, in order to execute the Rake task via “bundle exec”. The task is passed the following parameters, in the specified order:

• User’s old e-mail address

• User’s old unique display name (as returned by #hubssolib_unique_name)

• User’s new e-mail address (which might be the same as the old)

• User’s old unique display name (which might be unchanged too)

This is a newer Hub interface which uses named parameters rather than positional:

app_name

Application name, e.g. “beast”; make sure this is unique.

app_root

Application’s Rails root, e.g. “/home/fred/rails/beast”.

task_name

Rake task name, e.g. “hub:update_user”.

An example invocation in “config/application.rb” might look like this:

module Foo
  class Application < Rails::Application

  require HubSsoLib::Core

    hubssolib_register_user_change_handler(
      app_name:  Rails.application.name,
      app_root:  Rails.root,
      task_name: 'hub:update_user'
    )

    config.load_defaults 8.0 # ...etc...
  end
end

# File 'lib/hub_sso_lib.rb', line 1254

def hubssolib_register_user_change_handler(app_name:, app_root:, task_name:)
  File.open(HUB_COMMAND_REGISTRY, File::RDWR | File::CREAT) do |file|
    file.flock(File::LOCK_EX)

    commands_json   = file.read()
    commands_hash   = (JSON.parse(commands_json) rescue nil) if commands_json.present?
    commands_hash ||= {}

    file.rewind()

    commands_hash[app_name] = {
      root: app_root,
      task: task_name
    }

    file.write(JSON.fast_generate(commands_hash))
    file.truncate(file.pos)
  end
end

#hubssolib_registered_user_change_handlers ⇒ Object

Returns all change handlers registered by prior calls made to #hubssolib_register_user_change_handler. Returns a Hash, keyed by Rails application name, with values of another Hash:

• root => Rails application root

• task => Name of Rake task to be run

All keys are Strings.

This is usually called by the Hub application only, when it is processing a user’s request to change their information.

# File 'lib/hub_sso_lib.rb', line 1286

def hubssolib_registered_user_change_handlers
  commands_hash = {}

  File.open(HUB_COMMAND_REGISTRY, File::RDWR | File::CREAT) do |file|
    file.flock(File::LOCK_EX)

    commands_json   = file.read()
    commands_hash   = (JSON.parse(commands_json) rescue nil) if commands_json.present?
    commands_hash ||= {}
  end

  return commands_hash
end

#hubssolib_retrieve_user_sessions(hub_user_id) ⇒ Object

WARNING: Comparatively slow.

For a given HubSsoLib::User’s user ID, return any known sessions held by the DRb server, as an Hash of session keys with HubSsoLib::Session instances as values.

Returns an empty Hash if the given ID is nil.

Note that Hub sessions can disappear at any moment, so the session keys you find in the Hash might refer to extinct sessions by the time you get to do something with them. You can still access the data, but if you were to try and ask the DRb server for that key, it’d return nil.

Sessions are ordered by least-recently-active first, most-recent last.

For information about performance limitations, see HubSsoLib::SessionFactory#retrieve_sessions_by_user_id.

# File 'lib/hub_sso_lib.rb', line 1194

def hubssolib_retrieve_user_sessions(hub_user_id)
  if hub_user_id.nil?
    {}
  else
    hubssolib_factory().retrieve_sessions_by_user_id(hub_user_id)
  end
end

#hubssolib_review_action(**args) ⇒ Object

Convenience accessor to HubSsoLib::Trust.get_trust_object().review_action

• see that method for details. Note that the Trust object is implemented

in the Hub application, not here; see:

HubSsoLib::Trust::Server::review_action

…in “app/hub/lib/hub_sso_lib/trust/server.rb”.

# File 'lib/hub_sso_lib.rb', line 1091

def hubssolib_review_action(**args)
  HubSsoLib::Trust.get_trust_object().review_action(**args)
end

#hubssolib_set_flash(symbol, message) ⇒ Object

# File 'lib/hub_sso_lib.rb', line 1466

def hubssolib_set_flash(symbol, message)
  session = self.hubssolib_get_session()
  f       = hubssolib_get_flash() unless session.nil?
  f       = self.flash if f.nil? && self.respond_to?(:flash)

  f[symbol] = message

  session.session_flash = f unless session.nil?
end

#hubssolib_store_location(uri_str = request.url) ⇒ Object

Store the URI of the current request in the session, or store the optional supplied specific URI.

We can return to this location by calling #redirect_back_or_default.

# File 'lib/hub_sso_lib.rb', line 1411

def hubssolib_store_location(uri_str = request.url)
  if (uri_str && !uri_str.empty?)
    uri_str = hubssolib_promote_uri_to_ssl(uri_str, request.host) unless request.ssl?
    hubssolib_set_return_to(uri_str)
  else
    hubssolib_set_return_to(nil)
  end
end

#hubssolib_trusted? ⇒ Boolean

Convenience method that returns true if there’s a currently logged-in Hub user that has been flagged as trusted, else - whether there is no current user, or they haven’t been flagged as trusted - returns false.

Returns:

• (Boolean)

# File 'lib/hub_sso_lib.rb', line 1079

def hubssolib_trusted?
  self.hubssolib_current_user&.user_trusted == 'true'
end

#hubssolib_unique_name ⇒ Object

Return a human-readable unique ID for a user. We don’t want to have e-mail addresses all over the place, but don’t want to rely on real names as unique - they aren’t. Instead, produce a composite of the user’s account database ID (which must be unique by definition) and their real name. See also hubssolib_get_name.

# File 'lib/hub_sso_lib.rb', line 1134

def hubssolib_unique_name
  user = self.hubssolib_current_user
  user ? "#{user.user_real_name} (#{user.user_id})" : 'Anonymous'
end