Class: RailsBase::Authentication::DecisionTwofaType

Inherits:

ServiceBase

• Object
• ServiceBase
• RailsBase::Authentication::DecisionTwofaType

Includes:

ActionView::Helpers::DateHelper

Defined in:

app/services/rails_base/authentication/decision_twofa_type.rb

Instance Method Summary

• #call ⇒ Object
• #check_success!(result:) ⇒ Object
• #log_exit ⇒ Object
• #sign_in_user_context! ⇒ Object
• #sms_enabled_context!(decision:) ⇒ Object
• #totp_enabled_context!(decision:) ⇒ Object
• #validate! ⇒ Object
• #validate_email_context! ⇒ Object

Methods inherited from ServiceBase

inherited, #internal_validate, #service_base_logging

Methods included from ServiceLogging

#aletered_message, #class_name, #log, #log_prefix, #logger, #service_id

Instance Method Details

#call ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 7

def call
  # default return values
  context.set_mfa_randomized_token = false
  context.sign_in_user = false
  unless user.email_validated
    email_context = validate_email_context!
    check_success!(result: email_context)
    log(level: :info, msg: "User #{user.id}: redirect_url: #{context.redirect_url}, sign_in_user: #{context.sign_in_user}, flash: #{context.flash}")
    log_exit
    return
  end

  unless RailsBase.config.mfa.enable?
    log(level: :info, msg: "MFA on app is not enabled. Bypassing")
    sign_in_user_context!
    context.flash = { notice: "Welcome. You have succesfully signed in." }
    log_exit
    return
  end

  mfa_decision = RailsBase::Mfa::Decision.(user: user)
  check_success!(result: mfa_decision)
  mfa_type_result = nil
  case mfa_decision.mfa_type
  when RailsBase::Mfa::SMS
    mfa_type_result = sms_enabled_context!(decision: mfa_decision)
  when RailsBase::Mfa::OTP
    totp_enabled_context!(decision: mfa_decision)
  when RailsBase::Mfa::NONE
    # no MFA type enabled on account
    sign_in_user_context!
    context.flash = { notice: "Welcome. You have succesfully signed in." }
    if RailsBase.config.mfa.enable?
      context.add_mfa_button = true
    end
  else
    raise "Unknown MFA type provided"
  end
  check_success!(result: mfa_type_result)
  log_exit
end

#check_success!(result:) ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 53

def check_success!(result:)
  return if result.nil?
  return if result.success?

  log(level: :error, msg: "Service error bubbled up. Failing with: #{result.message}")
  context.fail!(message: result.message)
end

#log_exit ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 49

def log_exit
  log(level: :info, msg: "User #{user.id}: redirect_url: #{context.redirect_url}, sign_in_user: #{context.sign_in_user}, flash: #{context.flash}")
end

#sign_in_user_context! ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 71

def sign_in_user_context!
  log(level: :warn, msg: "Will log in user #{user.id} and bypass 2fa")
  context.redirect_url = Constants::URL_HELPER.authenticated_root_path
  context.sign_in_user = true
end

#sms_enabled_context!(decision:) ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 90

def sms_enabled_context!(decision:)
  if decision.mfa_require
    log(level: :warn, msg: "SMS MFA required for user")
    context.redirect_url = RailsBase.url_routes.mfa_with_event_path(mfa_event: :login)
    context.flash = { notice: "Please check your mobile device. We sent an SMS for MFA verification" }
    result = RailsBase::Mfa::Sms::Send.call(user: user)
    context.token_ttl = result.short_lived_data.death_time if result.success?
    result
  else
    sign_in_user_context!
    context.flash = { notice: "Welcome. You have succesfully signed in" }
    nil
  end
end

#totp_enabled_context!(decision:) ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 77

def totp_enabled_context!(decision:)
  if decision.mfa_require
    log(level: :warn, msg: "TOTP MFA required for user")
    context.redirect_url = RailsBase.url_routes.mfa_with_event_path(mfa_event: :login)
    context.flash = { notice: "Additional Verification requested" }
    context.token_ttl = 2.minutes.from_now
  else
    sign_in_user_context!
    context.flash = { notice: "Welcome. You have succesfully signed in" }
    nil
  end
end

#validate! ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 105

def validate!
  raise "Expected user to be a User. Received #{user.class}" unless user.is_a? User
end

#validate_email_context! ⇒ Object

# File 'app/services/rails_base/authentication/decision_twofa_type.rb', line 61

def validate_email_context!
  # user has signed up but have not validated their email
  context.redirect_url = Constants::URL_HELPER.auth_static_path
  context.set_mfa_randomized_token = true
  context.mfa_purpose = Constants::SSOVE_PURPOSE
  context.flash = { notice: Constants::STATIC_WAIT_FLASH }
  context.token_ttl = Time.zone.now + 5.minutes
  SendVerificationEmail.call(user: user, reason: Constants::SVE_LOGIN_REASON)
end