Module: AuthenticationAndSSOConcerns
- Extended by:
- ActiveSupport::Concern
- Includes:
- ActionController::Cookies, SignIn::Authentication
- Included in:
- ApplicationController
- Defined in:
- app/controllers/concerns/authentication_and_sso_concerns.rb
Overview
This module only gets mixed in to one place, but is that cleanest way to organize everything in one place related to this responsibility alone.
Constant Summary
Constants included from SignIn::Authentication
SignIn::Authentication::BEARER_PATTERN
Instance Method Summary collapse
- #authenticate ⇒ Object protected
-
#clear_session ⇒ Object
protected
Destroys the user’s session in Redis.
-
#extend_session! ⇒ Object
protected
Extends the users session.
- #load_user(skip_terms_check: false) ⇒ Object protected
- #log_sso_info ⇒ Object protected
- #render_unauthorized ⇒ Object protected
-
#reset_session ⇒ Object
protected
Destroys the users session in 1) Redis, 2) the MHV SSO Cookie, 3) and the Session Cookie.
-
#set_api_cookie! ⇒ Object
protected
Sets a cookie “api_session” with all of the key/value pairs from session object.
- #set_session_expiration_header ⇒ Object protected
-
#sso_logging_info ⇒ Object
protected
Info for logging purposes related to SSO.
- #validate_inbound_login_params ⇒ Object protected
- #validate_session ⇒ Object protected
Methods included from SignIn::Authentication
Instance Method Details
#authenticate ⇒ Object (protected)
14 15 16 17 18 19 20 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 14 def authenticate if [SignIn::Constants::Auth::ACCESS_TOKEN_COOKIE_NAME] super else validate_session || end end |
#clear_session ⇒ Object (protected)
Destroys the user’s session in Redis
68 69 70 71 72 73 74 75 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 68 def clear_session Rails.logger.debug('SSO: ApplicationController#clear_session', sso_logging_info) @session_object&.destroy @current_user&.destroy @session_object = nil @current_user = nil end |
#extend_session! ⇒ Object (protected)
Extends the users session
90 91 92 93 94 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 90 def extend_session! @session_object.expire(Session.redis_namespace_ttl) @current_user&.identity&.expire(UserIdentity.redis_namespace_ttl) @current_user&.expire(User.redis_namespace_ttl) end |
#load_user(skip_terms_check: false) ⇒ Object (protected)
56 57 58 59 60 61 62 63 64 65 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 56 def load_user(skip_terms_check: false) skip_terms_check = true if Settings.vsp_environment == 'production' if [SignIn::Constants::Auth::ACCESS_TOKEN_COOKIE_NAME] super() else set_session_object set_current_user(skip_terms_check) end end |
#log_sso_info ⇒ Object (protected)
108 109 110 111 112 113 114 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 108 def log_sso_info action = "#{self.class}##{action_name}" Rails.logger.info( "#{action} request completed", sso_logging_info ) end |
#render_unauthorized ⇒ Object (protected)
22 23 24 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 22 def raise Common::Exceptions::Unauthorized end |
#reset_session ⇒ Object (protected)
Destroys the users session in 1) Redis, 2) the MHV SSO Cookie, 3) and the Session Cookie
78 79 80 81 82 83 84 85 86 87 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 78 def reset_session if Settings.test_user_dashboard.env == 'staging' && @current_user TestUserDashboard::UpdateUser.new(@current_user).call TestUserDashboard::AccountMetrics.new(@current_user).checkin end Rails.logger.info('SSO: ApplicationController#reset_session', sso_logging_info) clear_session super end |
#set_api_cookie! ⇒ Object (protected)
Sets a cookie “api_session” with all of the key/value pairs from session object.
97 98 99 100 101 102 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 97 def return unless @session_object session.delete :value @session_object.to_hash.each { |k, v| session[k] = v } end |
#set_session_expiration_header ⇒ Object (protected)
104 105 106 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 104 def set_session_expiration_header headers['X-Session-Expiration'] = @session_object.ttl_in_time.httpdate if @session_object.present? end |
#sso_logging_info ⇒ Object (protected)
Info for logging purposes related to SSO.
117 118 119 120 121 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 117 def sso_logging_info { user_uuid: @current_user&.uuid, sso_cookie_contents: , request_host: request.host } end |
#validate_inbound_login_params ⇒ Object (protected)
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 26 def validate_inbound_login_params csp_type = params[:csp_type] ||= '' if csp_type == SAML::User::LOGINGOV_CSID ial = params[:ial] raise Common::Exceptions::ParameterMissing, 'ial' if ial.blank? raise Common::Exceptions::InvalidFieldValue.new('ial', ial) if %w[1 2].exclude?(ial) ial == '1' ? IAL::LOGIN_GOV_IAL1 : IAL::LOGIN_GOV_IAL2 else authn = params[:authn] raise Common::Exceptions::ParameterMissing, 'authn' if authn.blank? raise Common::Exceptions::InvalidFieldValue.new('authn', authn) if SAML::User::AUTHN_CONTEXTS.keys.exclude?(authn) authn end end |
#validate_session ⇒ Object (protected)
43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'app/controllers/concerns/authentication_and_sso_concerns.rb', line 43 def validate_session load_user if @session_object.nil? Rails.logger.debug('SSO: INVALID SESSION', sso_logging_info) clear_session return false end extend_session! @current_user.present? end |