Class: OpenID::PAPE::Response

Inherits:

Extension

• Object
• Extension
• OpenID::PAPE::Response

Defined in:

lib/openid/extensions/pape.rb

Overview

A Provider Authentication Policy response, sent from a provider to a relying party

Instance Attribute Summary

• #auth_policies ⇒ Object

  Returns the value of attribute auth_policies.

• #auth_time ⇒ Object

  Returns the value of attribute auth_time.

• #nist_auth_level ⇒ Object

  Returns the value of attribute nist_auth_level.

• #ns_alias ⇒ Object

  Returns the value of attribute ns_alias.

Class Method Summary

• .from_success_response(success_response) ⇒ Object

  Create a Response object from an OpenID::Consumer::SuccessResponse.

Instance Method Summary

• #add_policy_uri(policy_uri) ⇒ Object

  Add a policy URI to the response see openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies.

• #get_extension_args ⇒ Object
• #initialize(auth_policies = [], auth_time = nil, nist_auth_level = nil) ⇒ Response constructor

  A new instance of Response.

• #parse_extension_args(args, strict = false) ⇒ Object

  parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered.

Methods inherited from Extension

#to_message

Constructor Details

#initialize(auth_policies = [], auth_time = nil, nist_auth_level = nil) ⇒ Response

Returns a new instance of Response.

# File 'lib/openid/extensions/pape.rb', line 86

def initialize(auth_policies = [], auth_time = nil, nist_auth_level = nil)
  @ns_alias = "pape"
  @ns_uri = NS_URI
  @auth_policies = auth_policies
  @auth_time = auth_time
  @nist_auth_level = nist_auth_level
end

Instance Attribute Details

#auth_policies ⇒ Object

Returns the value of attribute auth_policies.

# File 'lib/openid/extensions/pape.rb', line 84

def auth_policies
  @auth_policies
end

#auth_time ⇒ Object

Returns the value of attribute auth_time.

# File 'lib/openid/extensions/pape.rb', line 84

def auth_time
  @auth_time
end

#nist_auth_level ⇒ Object

Returns the value of attribute nist_auth_level.

# File 'lib/openid/extensions/pape.rb', line 84

def nist_auth_level
  @nist_auth_level
end

#ns_alias ⇒ Object

Returns the value of attribute ns_alias.

# File 'lib/openid/extensions/pape.rb', line 84

def ns_alias
  @ns_alias
end

Class Method Details

.from_success_response(success_response) ⇒ Object

Create a Response object from an OpenID::Consumer::SuccessResponse

# File 'lib/openid/extensions/pape.rb', line 101

def self.from_success_response(success_response)
  args = success_response.get_signed_ns(NS_URI)
  return if args.nil?

  pape_resp = new
  pape_resp.parse_extension_args(args)
  pape_resp
end

Instance Method Details

#add_policy_uri(policy_uri) ⇒ Object

Add a policy URI to the response see openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies

# File 'lib/openid/extensions/pape.rb', line 96

def add_policy_uri(policy_uri)
  @auth_policies << policy_uri unless @auth_policies.member?(policy_uri)
end

#get_extension_args ⇒ Object

# File 'lib/openid/extensions/pape.rb', line 146

def get_extension_args
  ns_args = {}
  ns_args["auth_policies"] = if @auth_policies.empty?
    "none"
  else
    @auth_policies.join(" ")
  end
  if @nist_auth_level
    unless (0..4).member?(@nist_auth_level)
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{@nist_auth_level.inspect}"
    end

    ns_args["nist_auth_level"] = @nist_auth_level.to_s
  end

  if @auth_time
    raise ArgumentError, "auth_time must be in RFC3339 format" unless TIME_VALIDATOR.match?(@auth_time)

    ns_args["auth_time"] = @auth_time
  end
  ns_args
end

#parse_extension_args(args, strict = false) ⇒ Object

parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered

# File 'lib/openid/extensions/pape.rb', line 114

def parse_extension_args(args, strict = false)
  policies_str = args["auth_policies"]
  @auth_policies = policies_str.split(" ") if policies_str and policies_str != "none"

  nist_level_str = args["nist_auth_level"]
  if nist_level_str
    # special handling of zero to handle to_i behavior
    if nist_level_str.strip == "0"
      nist_level = 0
    else
      nist_level = nist_level_str.to_i
      # if it's zero here we have a bad value
      nist_level = nil if nist_level == 0
    end
    if nist_level and nist_level >= 0 and nist_level < 5
      @nist_auth_level = nist_level
    elsif strict
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{nist_level_str.inspect}"
    end
  end

  auth_time_str = args["auth_time"]
  return unless auth_time_str

  # validate time string
  if TIME_VALIDATOR.match?(auth_time_str)
    @auth_time = auth_time_str
  elsif strict
    raise ArgumentError, "auth_time must be in RFC3339 format"
  end
end