Class: SpreeCmCommissioner::FirebaseIdTokenProvider

Inherits:

BaseInteractor

• Object
• BaseInteractor
• SpreeCmCommissioner::FirebaseIdTokenProvider

Defined in:

app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb

Instance Method Summary

• #call ⇒ Object

  :id_token.

• #cert_generation(kid) ⇒ Object
• #decode_id_token ⇒ Object

  firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library github.com/jwt/ruby-jwt/issues/216.

• #extract_provider_params ⇒ Object
• #fetch_cert_key ⇒ Object
• #refresh_fetch_cert_key ⇒ Object

Instance Method Details

#call ⇒ Object

:id_token

# File 'app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb', line 4

def call
  claim = decode_id_token

  if claim
    context.claim = claim
    context.provider = extract_provider_params
  else
    error_message = I18n.t('firebase_id_token.failure')
    context.fail!(message: error_message)
  end
end

#cert_generation(kid) ⇒ Object

# File 'app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb', line 57

def cert_generation(kid)
  json = fetch_cert_key
  cert = json[kid]

  if cert.nil?
    json = refresh_fetch_cert_key
    cert = json[kid]
  end

  cert
end

#decode_id_token ⇒ Object

firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library github.com/jwt/ruby-jwt/issues/216

# File 'app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb', line 45

def decode_id_token
  result = JWT.decode(id_token, nil, false, { algorithm: 'RS256' }) do |header|
    kid = header['kid']
    cert = cert_generation(kid)
    public_key = OpenSSL::X509::Certificate.new(cert).public_key
    public_key
  end
  result[0]
rescue StandardError => e
  context.fail!(message: e.message)
end

#extract_provider_params ⇒ Object

# File 'app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb', line 82

def extract_provider_params
  claim = context.claim

  return nil if claim.nil?

  provider_name = claim['firebase']['sign_in_provider']
  sub = claim['firebase']['identities'][provider_name].first
  email = claim['email']
  name = claim['name']

  {
    identity_type: provider_name.split('.').first,
    sub: sub,
    name: name,
    email: email
  }
end

#fetch_cert_key ⇒ Object

# File 'app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb', line 74

def fetch_cert_key
  Rails.cache.fetch('firebase-cert') do
    url = URI('https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com')
    content = Net::HTTP.get(url)
    JSON.parse(content)
  end
end

#refresh_fetch_cert_key ⇒ Object

# File 'app/interactors/spree_cm_commissioner/firebase_id_token_provider.rb', line 69

def refresh_fetch_cert_key
  Rails.cache.delete('firebase-cert')
  fetch_cert_key
end