Class: OmniAuth::Strategies::Latvija::Response

Inherits:
Object
  • Object
show all
Defined in:
lib/omniauth/strategies/latvija/response.rb

Constant Summary collapse

ASSERTION =
'urn:oasis:names:tc:SAML:1.0:assertion'.freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(response, **options) ⇒ Response

Returns a new instance of Response.

Raises:

  • (ArgumentError)

8
9
10
11
12
13
# File 'lib/omniauth/strategies/latvija/response.rb', line 8

def initialize(response, **options)
  raise ArgumentError, 'Response cannot be nil' if response.nil?
  @options  = options
  @response = response
  @document = OmniAuth::Strategies::Latvija::SignedDocument.new(response, private_key: options[:private_key])
end

Instance Attribute Details

#optionsObject

Returns the value of attribute options


6
7
8
# File 'lib/omniauth/strategies/latvija/response.rb', line 6

def options
  @options
end

#responseObject

Returns the value of attribute response


6
7
8
# File 'lib/omniauth/strategies/latvija/response.rb', line 6

def response
  @response
end

Instance Method Details

#attributesObject

A hash of all the attributes with the response. Assuming there is only one value for each key


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'lib/omniauth/strategies/latvija/response.rb', line 37

def attributes
  @attributes ||= begin
    attrs = {
      'not_valid_before' => not_valid_before,
      'not_valid_on_or_after' => not_valid_on_or_after,
      'historical_privatepersonalidentifier' => []
    }

    stmt_elements = xml.xpath('//saml:Attribute', saml: ASSERTION)

    return attrs if stmt_elements.nil?

    identifiers = stmt_elements.xpath("//saml:Attribute[@AttributeName='privatepersonalidentifier']", saml: ASSERTION)

    stmt_elements.each_with_object(attrs) do |element, result|
      name = element.attribute('AttributeName').value
      value = element.text

      case name
      when 'privatepersonalidentifier' # person can change their identifier, service will return all the versions
        if identifiers.length == 1 || element.attribute('OriginalIssuer') # this is the primary identifier, as returned by third party auth service
          result[name] = value
        else
          result['historical_privatepersonalidentifier'] << value
        end
      else
        result[name] = value
      end
    end
  end
end

#authentication_methodObject


23
24
25
26
27
# File 'lib/omniauth/strategies/latvija/response.rb', line 23

def authentication_method
  @authentication_method ||= begin
    xml.xpath('//saml:AuthenticationStatement', saml: ASSERTION).attribute('AuthenticationMethod')
  end
end

#name_identifierObject


29
30
31
32
33
# File 'lib/omniauth/strategies/latvija/response.rb', line 29

def name_identifier
  @name_identifier ||= begin
    xml.xpath('//saml:AuthenticationStatement/saml:Subject/saml:NameIdentifier', saml: ASSERTION).text()
  end
end

#validate!Object


15
16
17
# File 'lib/omniauth/strategies/latvija/response.rb', line 15

def validate!
  @document.validate!(fingerprint) && validate_conditions!
end

#xmlObject


19
20
21
# File 'lib/omniauth/strategies/latvija/response.rb', line 19

def xml
  @document.nokogiri_xml
end