Class: RailsBase::Mfa::Decision

Inherits:

ServiceBase

• Object
• ServiceBase
• RailsBase::Mfa::Decision

Defined in:

app/services/rails_base/mfa/decision.rb

Instance Method Summary

• #available_mfa_options! ⇒ Object
• #call ⇒ Object
• #context_clues(type:, require_mfa:) ⇒ Object
• #execute_nil(classify) ⇒ Object
• #execute_otp ⇒ Object
• #execute_sms ⇒ Object
• #force_mfa ⇒ Object
• #reauth_strategy_class ⇒ Object
• #validate! ⇒ Object

Methods inherited from ServiceBase

inherited, #internal_validate, #service_base_logging

Methods included from ServiceLogging

#aletered_message, #class_name, #log, #log_prefix, #logger, #service_id

Instance Method Details

#available_mfa_options! ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 24

def available_mfa_options!
  mfa_options = []
  mfa_options << OTP if user.mfa_otp_enabled
  mfa_options << SMS if user.mfa_sms_enabled

  context.mfa_options = mfa_options
end

#call ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 7

def call
  unless RailsBase.config.mfa.enable?
    execute_nil("Application")
    return
  end

  if user.mfa_otp_enabled
    execute_otp
  elsif user.mfa_sms_enabled
    execute_sms
  else
    execute_nil("User")
  end

  available_mfa_options!
end

#context_clues(type:, require_mfa:) ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 53

def context_clues(type:, require_mfa:)
  context.mfa_type = type
  context.mfa_require = require_mfa
end

#execute_nil(classify) ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 48

def execute_nil(classify)
  log(level: :info, msg: "#{classify} does not have any MFA type enabled. Skipping")
  context_clues(type: NONE, require_mfa: false)
end

#execute_otp ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 32

def execute_otp
  log(level: :info, msg: "MFA type OTP is enabled on user. Executing OTP workflow")
  result = reauth_strategy_class.(user: user, force: force_mfa, mfa_type: OTP, mfa_last_used: user.last_mfa_otp_login)
  require_mfa = result.request_mfa

  context_clues(type: OTP, require_mfa: require_mfa)
end

#execute_sms ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 40

def execute_sms
  log(level: :info, msg: "MFA type SMS is enabled on user. Executing SMS workflow")
  result = reauth_strategy_class.(user: user, force: force_mfa, mfa_type: SMS, mfa_last_used: user.last_mfa_sms_login)
  require_mfa = result.request_mfa

  context_clues(type: SMS, require_mfa: require_mfa)
end

#force_mfa ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 58

def force_mfa
  context.force_mfa.nil? ? false : context.force_mfa
end

#reauth_strategy_class ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 62

def reauth_strategy_class
  RailsBase.config.mfa.reauth_strategy
end

#validate! ⇒ Object

# File 'app/services/rails_base/mfa/decision.rb', line 66

def validate!
  raise "Expected user to be a User. Received #{user.class}" unless user.is_a? User
end