Class: V1::SessionsController

Inherits:

ApplicationController

• Object
• ActionController::API
• ApplicationController
• V1::SessionsController

Defined in:

app/controllers/v1/sessions_controller.rb

Constant Summary

REDIRECT_URLS =

%w[signup mhv mhv_verified dslogon dslogon_verified idme idme_verified idme_signup
idme_signup_verified logingov logingov_verified logingov_signup
logingov_signup_verified custom mfa verify slo].freeze

STATSD_SSO_NEW_KEY =

'api.auth.new'

STATSD_SSO_SAMLREQUEST_KEY =

'api.auth.saml_request'

STATSD_SSO_SAMLRESPONSE_KEY =

'api.auth.saml_response'

STATSD_SSO_CALLBACK_KEY =

'api.auth.saml_callback'

STATSD_SSO_CALLBACK_TOTAL_KEY =

'api.auth.login_callback.total'

STATSD_SSO_CALLBACK_FAILED_KEY =

'api.auth.login_callback.failed'

STATSD_LOGIN_NEW_USER_KEY =

'api.auth.new_user'

STATSD_LOGIN_STATUS_SUCCESS =

'api.auth.login.success'

STATSD_LOGIN_STATUS_FAILURE =

'api.auth.login.failure'

STATSD_LOGIN_LATENCY =

'api.auth.latency'

VERSION_TAG =

'version:v1'

FIM_INVALID_MESSAGE_TIMESTAMP =

'invalid_message_timestamp'

Constants inherited from ApplicationController

ApplicationController::VERSION_STATUS

Constants included from SignIn::Authentication

SignIn::Authentication::BEARER_PATTERN

Constants included from ExceptionHandling

ExceptionHandling::SKIP_SENTRY_EXCEPTION_TYPES

Instance Method Summary

• #metadata ⇒ Object
• #new ⇒ Object

  Collection Action: auth is required for certain types of requests For more details see SAML::SSOeSettingsService and SAML::URLService.

• #saml_callback ⇒ Object
• #ssoe_slo_callback ⇒ Object

Methods inherited from ApplicationController

#clear_saved_form, #cors_preflight, #routing_error

Methods included from Traceable

#set_trace_tags

Methods included from SentryLogging

#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger

Methods included from SignIn::Authentication

#authenticate_service_account, #load_user

Methods included from Headers

#block_unknown_hosts, #set_app_info_headers

Methods included from AuthenticationAndSSOConcerns

#clear_session, #extend_session!, #load_user, #log_sso_info, #render_unauthorized, #reset_session, #set_api_cookie!, #set_session_expiration_header, #sso_logging_info, #validate_inbound_login_params, #validate_session

Instance Method Details

#metadata ⇒ Object

# File 'app/controllers/v1/sessions_controller.rb', line 95

def metadata
  meta = OneLogin::RubySaml::Metadata.new
  render xml: meta.generate(saml_settings), content_type: 'application/xml'
end

#new ⇒ Object

Collection Action: auth is required for certain types of requests For more details see SAML::SSOeSettingsService and SAML::URLService

# File 'app/controllers/v1/sessions_controller.rb', line 35

def new
  type = params[:type]
  client_id = params[:application] || 'vaweb'

  # As a temporary measure while we have the ability to authenticate either through SessionsController
  # or through SignInController, we will delete all SignInController cookies when authenticating with SSOe
  # to prevent undefined authentication behavior
  delete_sign_in_service_cookies

  if type == 'slo'
    Rails.logger.info("SessionsController version:v1 LOGOUT of type #{type}", sso_logging_info)
    reset_session
    url = URI.parse(url_service.ssoe_slo_url)

    app_key = if ActiveModel::Type::Boolean.new.cast(params[:agreements_declined])
                Settings.saml_ssoe.tou_decline_logout_app_key
              else
                Settings.saml_ssoe.logout_app_key
              end

    query_strings = { appKey: CGI.escape(app_key), clientId: params[:client_id] }.compact

    url.query = query_strings.to_query

    redirect_to url.to_s
  else
    render_login(type)
  end
  new_stats(type, client_id)
end

#saml_callback ⇒ Object

# File 'app/controllers/v1/sessions_controller.rb', line 76

def saml_callback
  set_sentry_context_for_callback if html_escaped_relay_state['type'] == 'mfa'
  saml_response = SAML::Responses::Login.new(params[:SAMLResponse], settings: saml_settings)
  saml_response_stats(saml_response)
  raise_saml_error(saml_response) unless saml_response.valid?
  user_login(saml_response)
  callback_stats(:success, saml_response)
  Rails.logger.info("SessionsController version:v1 saml_callback complete, user_uuid=#{@current_user&.uuid}")
rescue SAML::SAMLError => e
  handle_callback_error(e, :failure, saml_response, e.level, e.context, e.code, e.tag)
rescue => e
  # the saml_response variable may or may not be defined depending on
  # where the exception was raised
  resp = defined?(saml_response) && saml_response
  handle_callback_error(e, :failed_unknown, resp)
ensure
  callback_stats(:total)
end

#ssoe_slo_callback ⇒ Object

# File 'app/controllers/v1/sessions_controller.rb', line 66

def ssoe_slo_callback
  Rails.logger.info("SessionsController version:v1 ssoe_slo_callback, user_uuid=#{@current_user&.uuid}")

  if ActiveModel::Type::Boolean.new.cast(params[:agreements_declined])
    redirect_to url_service.tou_declined_logout_redirect_url
  else
    redirect_to url_service.logout_redirect_url
  end
end