Class: PrxAuth::Rails::SessionsController

Inherits:
ApplicationController
  • Object
show all
Defined in:
app/controllers/prx_auth/rails/sessions_controller.rb

Constant Summary collapse

ID_NONCE_SESSION_KEY = 
"id_prx_openid_nonce"
WILDCARD_SESSION_KEY = 
"prx.auth.wildcard"
DEFAULT_SCOPES = 
"openid apps"

Instance Method Summary collapse

Instance Method Details

#access_errorObject 



38
39
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 38

def access_error
end

#auth_errorObject 



41
42
43
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 41

def auth_error
  @auth_error_message = params.require(:error)
end

#createObject 



45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 45

def create
  valid_and_matching = valid_nonce? && users_match?
  clear_nonce!

  if valid_and_matching
    (access_token)
    redirect_to (current_user)
  else
    session.delete(WILDCARD_SESSION_KEY)
    redirect_to auth_error_sessions_path(error: params[:error] || "unknown_error")
  end
end

#destroyObject 



58
59
60
61
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 58

def destroy
  sign_out_user
  redirect_to after_sign_out_path, allow_other_host: true
end

#logoutObject 



63
64
65
66
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 63

def logout
  sign_out_user
  redirect_to "//#{id_host}/session/sign_out", allow_other_host: true
end

#newObject 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 13

def new
  config = PrxAuth::Rails.configuration

  id_auth_params = {
    client_id: config.prx_client_id,
    nonce: fetch_nonce,
    response_type: "id_token token",
    scope: "#{DEFAULT_SCOPES} #{config.prx_scope}".strip,
    prompt: "necessary"
  }

  if session[WILDCARD_SESSION_KEY]
    id_auth_params[:account] = "*"
    # TODO: what if they need more than _just_ read-private?
    id_auth_params[:scope] = "#{DEFAULT_SCOPES} read-private" if session[WILDCARD_SESSION_KEY] == "readonly"
  end

  url = "//" + config.id_host + "/authorize?" + id_auth_params.to_query

  redirect_to url, allow_other_host: true
end

#refreshObject 



68
69
70
71
72
73
74
75
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 68

def refresh
  wildcard = params[:wildcard] if current_user_admin?
  sign_out_user
  session[WILDCARD_SESSION_KEY] = wildcard

  (request.referer.presence || "/")
  redirect_to new_sessions_path
end

#showObject 



35
36
 
# File 'app/controllers/prx_auth/rails/sessions_controller.rb', line 35

def show
end