Class: UserSessionForm

Inherits:

Object

• Object
• UserSessionForm

Includes:

ActiveModel::Validations, SentryLogging

Defined in:

app/models/user_session_form.rb

Constant Summary

VALIDATIONS_FAILED_ERROR_CODE =

'004'

SAML_REPLAY_VALID_SESSION_ERROR_CODE =

'002'

ERRORS =

{ validations_failed: { code: VALIDATIONS_FAILED_ERROR_CODE,
                                   tag: :validations_failed,
                                   short_message: 'on User/Session Validation',
                                   level: :error },
             saml_replay_valid_session: { code: SAML_REPLAY_VALID_SESSION_ERROR_CODE,
tag: :saml_replay_valid_session,
short_message: 'SamlResponse is too late but user has current session',
level: :warn } }.freeze

Instance Attribute Summary

• #saml_uuid ⇒ Object readonly

  Returns the value of attribute saml_uuid.

• #session ⇒ Object readonly

  Returns the value of attribute session.

• #user ⇒ Object readonly

  Returns the value of attribute user.

• #user_identity ⇒ Object readonly

  Returns the value of attribute user_identity.

Instance Method Summary

• #add_csp_id_to_mpi(saml_user_attributes, idme_uuid) ⇒ Object
• #error_code ⇒ Object
• #error_instrumentation_code ⇒ Object
• #errors_context ⇒ Object
• #errors_hash ⇒ Object
• #errors_message ⇒ Object
• #get_session_errors ⇒ Object
• #initialize(saml_response) ⇒ UserSessionForm constructor

  rubocop:disable Metrics/MethodLength.

• #mvi_context ⇒ Object
• #normalize_saml(saml_user) ⇒ Object

  rubocop:enable Metrics/MethodLength.

• #persist ⇒ Object
• #save ⇒ Object
• #uuid_from_account(identifier) ⇒ Object
• #valid? ⇒ Boolean

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger

Constructor Details

#initialize(saml_response) ⇒ UserSessionForm

rubocop:disable Metrics/MethodLength

# File 'app/models/user_session_form.rb', line 22

def initialize(saml_response)
  @saml_uuid = saml_response.in_response_to
  saml_user = SAML::User.new(saml_response)
  normalized_attributes = normalize_saml(saml_user)
  existing_user = User.find(normalized_attributes[:uuid])
  @user_identity = UserIdentity.new(normalized_attributes)
  @user = User.new(uuid: @user_identity.attributes[:uuid])
  @user.instance_variable_set(:@identity, @user_identity)
  if saml_user.changing_multifactor?
    if existing_user.present?
      @user.mhv_last_signed_in = existing_user.last_signed_in
      @user.last_signed_in = existing_user.last_signed_in
    else
      @user.last_signed_in = Time.current.utc
      @user.mhv_last_signed_in = Time.current.utc
      log_message_to_sentry(
        "Couldn't locate exiting user after MFA establishment",
        :warn,
        { saml_uuid: normalized_attributes[:uuid], saml_icn: normalized_attributes[:mhv_icn] }
      )
    end
  else
    @user.last_signed_in = Time.current.utc
  end
  @session = Session.new(
    uuid: @user.uuid,
    ssoe_transactionid: saml_user.user_attributes.try(:transactionid)
  )
end

Instance Attribute Details

#saml_uuid ⇒ Object (readonly)

Returns the value of attribute saml_uuid.

# File 'app/models/user_session_form.rb', line 19

def saml_uuid
  @saml_uuid
end

#session ⇒ Object (readonly)

Returns the value of attribute session.

# File 'app/models/user_session_form.rb', line 19

def session
  @session
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'app/models/user_session_form.rb', line 19

def user
  @user
end

#user_identity ⇒ Object (readonly)

Returns the value of attribute user_identity.

# File 'app/models/user_session_form.rb', line 19

def user_identity
  @user_identity
end

Instance Method Details

#add_csp_id_to_mpi(saml_user_attributes, idme_uuid) ⇒ Object

# File 'app/models/user_session_form.rb', line 70

def add_csp_id_to_mpi(saml_user_attributes, idme_uuid)
  return unless saml_user_attributes[:loa][:current] == LOA::THREE

  Rails.logger.info("[UserSessionForm] Adding CSP ID to MPI, idme: #{idme_uuid}")
  mpi_response = MPI::Service.new.add_person_implicit_search(first_name: saml_user_attributes[:first_name],
                                                             last_name: saml_user_attributes[:last_name],
                                                             ssn: saml_user_attributes[:ssn],
                                                             birth_date: saml_user_attributes[:birth_date],
                                                             idme_uuid:)
  log_message_to_sentry("Failed Add CSP ID to MPI FAILED, idme: #{idme_uuid}", :warn) unless mpi_response.ok?
end

#error_code ⇒ Object

# File 'app/models/user_session_form.rb', line 156

def error_code
  errors_hash[:code] if errors.any?
end

#error_instrumentation_code ⇒ Object

# File 'app/models/user_session_form.rb', line 160

def error_instrumentation_code
  "error:#{errors_hash[:tag]}" if errors.any?
end

#errors_context ⇒ Object

# File 'app/models/user_session_form.rb', line 126

def errors_context
  errors_hash.merge(
    uuid: @user.uuid,
    user: {
      valid: @user&.valid?,
      errors: @user&.errors&.full_messages
    },
    session: {
      valid: (@session.valid? && !@session.uuid.nil?),
      errors: get_session_errors
    },
    identity: {
      valid: @user_identity&.valid?,
      errors: @user_identity&.errors&.full_messages,
      authn_context: @user_identity&.authn_context,
      loa: @user_identity&.loa
    },
    mvi: mvi_context
  )
end

#errors_hash ⇒ Object

# File 'app/models/user_session_form.rb', line 122

def errors_hash
  ERRORS[:validations_failed] if errors.any?
end

#errors_message ⇒ Object

# File 'app/models/user_session_form.rb', line 118

def errors_message
  @errors_message ||= "Login Failed! #{errors_hash[:short_message]}" if errors.any?
end

#get_session_errors ⇒ Object

# File 'app/models/user_session_form.rb', line 101

def get_session_errors
  @session.errors.add(:uuid, "can't be blank") if @session.uuid.nil?
  @session.errors&.full_messages
end

#mvi_context ⇒ Object

# File 'app/models/user_session_form.rb', line 147

def mvi_context
  latest_outage = MPI::Configuration.instance.breakers_service.latest_outage
  if latest_outage && !latest_outage.ended?
    'breakers is closed for MVI'
  else
    'breakers is open for MVI'
  end
end

#normalize_saml(saml_user) ⇒ Object

rubocop:enable Metrics/MethodLength

# File 'app/models/user_session_form.rb', line 53

def normalize_saml(saml_user)
  saml_user.validate!
  saml_user_attributes = saml_user.to_hash
  add_csp_id_to_mpi(saml_user_attributes, saml_user_attributes[:idme_uuid]) if saml_user.needs_csp_id_mpi_update?
  saml_user_attributes
rescue SAML::UserAttributeError => e
  raise unless e.code == SAML::UserAttributeError::UUID_MISSING_CODE

  idme_uuid = uuid_from_account(e&.identifier)
  raise if idme_uuid.blank?

  Rails.logger.info('Account UUID injected into user SAML attributes')
  saml_user_attributes = saml_user.to_hash
  add_csp_id_to_mpi(saml_user_attributes, idme_uuid)
  saml_user_attributes.merge({ uuid: idme_uuid, idme_uuid: })
end

#persist ⇒ Object

# File 'app/models/user_session_form.rb', line 110

def persist
  if save
    [user, session]
  else
    [nil, nil]
  end
end

#save ⇒ Object

# File 'app/models/user_session_form.rb', line 106

def save
  valid? && session.save && user.save && @user_identity.save
end

#uuid_from_account(identifier) ⇒ Object

# File 'app/models/user_session_form.rb', line 82

def uuid_from_account(identifier)
  return if identifier.blank?

  user_account = UserAccount.find_by(icn: identifier)
  return unless user_account

  idme_uuid_array = user_account.user_verifications.map(&:idme_uuid) +
                    user_account.user_verifications.map(&:backing_idme_uuid)

  idme_uuid_array.compact.first
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/user_session_form.rb', line 94

def valid?
  errors.add(:session, :invalid) unless session.valid?
  errors.add(:user, :invalid) unless user.valid?
  errors.add(:user_identity, :invalid) unless @user_identity.valid?
  errors.empty?
end