Class: SSO::Server::Passport

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Benchmarking, Logging
Defined in:
lib/sso/server/passport.rb

Overview

This could be MongoDB or whatever

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Benchmarking

#benchmark

Methods included from Logging

#debug, #error, #fatal, #info, #logger, #progname, #warn

Instance Attribute Details

#chipObject (readonly)

Returns the value of attribute chip.



22
23
24
 
# File 'lib/sso/server/passport.rb', line 22

def chip
  @chip
end

#userObject

Returns the value of attribute user.



21
22
23
 
# File 'lib/sso/server/passport.rb', line 21

def user
  @user
end

Instance Method Details

#chip!Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/sso/server/passport.rb', line 64

def chip!
  benchmark 'Passport chip encryption' do
    ensure_secret
    cipher = chip_digest
    cipher.encrypt
    cipher.key = chip_key
    chip_iv = cipher.random_iv
    ciphertext = cipher.update chip_plaintext
    ciphertext << cipher.final
    debug { "The Passport chip plaintext #{chip_plaintext.inspect} was encrypted using key #{chip_key.inspect} and IV #{chip_iv.inspect} and resultet in ciphertext #{ciphertext.inspect}" }
    chip = [Base64.encode64(ciphertext).strip(), Base64.encode64(chip_iv).strip()].join('|')
    logger.debug { "Augmented passport #{id.inspect} with chip #{chip.inspect}" }
    chip
  end
end

#chip_digestObject 



84
85
86
 
# File 'lib/sso/server/passport.rb', line 84

def chip_digest
  OpenSSL::Cipher::AES256.new :CBC
end

#chip_keyObject 



88
89
90
 
# File 'lib/sso/server/passport.rb', line 88

def chip_key
  SSO.config.passport_chip_key
end

#chip_plaintextObject

Don’t get confused, the chip plaintext is the passport secret



93
94
95
 
# File 'lib/sso/server/passport.rb', line 93

def chip_plaintext
  [id, secret].join '|'
end

#create_chip!Object 



60
61
62
 
# File 'lib/sso/server/passport.rb', line 60

def create_chip!
  @chip = chip!
end

#exportObject 



24
25
26
27
28
29
30
31
32
33
 
# File 'lib/sso/server/passport.rb', line 24

def export
  debug { "Exporting Passport #{id} including the encapsulated user." }
  {
    id: id,
    secret: secret,
    state: state,
    chip: chip,
    user: user,
  }
end

#load_user!Object 



56
57
58
 
# File 'lib/sso/server/passport.rb', line 56

def load_user!
  @user = SSO.config.find_user_for_passport.call passport: reload
end

#stateObject 



39
40
41
42
43
44
45
46
 
# File 'lib/sso/server/passport.rb', line 39

def state
  if user
    @state ||= state!
  else
    warn { 'Wait a minute, this Passport is not encapsulating a user!' }
    'missing_user_for_state_calculation'
  end
end

#state!Object 



48
49
50
51
52
53
54
 
# File 'lib/sso/server/passport.rb', line 48

def state!
  result = benchmark 'Passport user state calculation' do
    OpenSSL::HMAC.hexdigest user_state_digest, user_state_key, user_state_base
  end
  debug { "The user state is #{result.inspect}" }
  result
end

#to_sObject 



35
36
37
 
# File 'lib/sso/server/passport.rb', line 35

def to_s
  ['Passport', owner_id, ip, activity_at].join ', '
end

#user_state_baseObject 



101
102
103
 
# File 'lib/sso/server/passport.rb', line 101

def user_state_base
  ::SSO.config.user_state_base.call user
end

#user_state_digestObject 



80
81
82
 
# File 'lib/sso/server/passport.rb', line 80

def user_state_digest
  OpenSSL::Digest.new 'sha1'
end

#user_state_keyObject 



97
98
99
 
# File 'lib/sso/server/passport.rb', line 97

def user_state_key
  ::SSO.config.user_state_key
end