Class: V1::SessionsController
- Inherits:
-
ApplicationController
- Object
- ActionController::API
- ApplicationController
- V1::SessionsController
- Defined in:
- app/controllers/v1/sessions_controller.rb
Constant Summary collapse
- REDIRECT_URLS =
%w[signup mhv mhv_verified dslogon dslogon_verified idme idme_verified idme_signup idme_signup_verified logingov logingov_verified logingov_signup logingov_signup_verified custom mfa verify slo].freeze
- STATSD_SSO_NEW_KEY =
'api.auth.new'
- STATSD_SSO_SAMLREQUEST_KEY =
'api.auth.saml_request'
- STATSD_SSO_SAMLRESPONSE_KEY =
'api.auth.saml_response'
- STATSD_SSO_CALLBACK_KEY =
'api.auth.saml_callback'
- STATSD_SSO_CALLBACK_TOTAL_KEY =
'api.auth.login_callback.total'
- STATSD_SSO_CALLBACK_FAILED_KEY =
'api.auth.login_callback.failed'
- STATSD_LOGIN_NEW_USER_KEY =
'api.auth.new_user'
- STATSD_LOGIN_STATUS_SUCCESS =
'api.auth.login.success'
- STATSD_LOGIN_STATUS_FAILURE =
'api.auth.login.failure'
- STATSD_LOGIN_LATENCY =
'api.auth.latency'
- VERSION_TAG =
'version:v1'
- FIM_INVALID_MESSAGE_TIMESTAMP =
'invalid_message_timestamp'
Constants inherited from ApplicationController
ApplicationController::VERSION_STATUS
Constants included from SignIn::Authentication
SignIn::Authentication::BEARER_PATTERN
Constants included from ExceptionHandling
ExceptionHandling::SKIP_SENTRY_EXCEPTION_TYPES
Instance Method Summary collapse
- #metadata ⇒ Object
-
#new ⇒ Object
Collection Action: auth is required for certain types of requests For more details see SAML::SSOeSettingsService and SAML::URLService.
- #saml_callback ⇒ Object
- #ssoe_slo_callback ⇒ Object
Methods inherited from ApplicationController
#clear_saved_form, #cors_preflight, #routing_error
Methods included from Traceable
Methods included from SentryLogging
#log_exception_to_sentry, #log_message_to_sentry, #non_nil_hash?, #normalize_level, #rails_logger
Methods included from SignIn::Authentication
#authenticate_service_account, #load_user
Methods included from Headers
#block_unknown_hosts, #set_app_info_headers
Methods included from AuthenticationAndSSOConcerns
#clear_session, #extend_session!, #load_user, #log_sso_info, #render_unauthorized, #reset_session, #set_api_cookie!, #set_session_expiration_header, #sso_logging_info, #validate_inbound_login_params, #validate_session
Instance Method Details
#metadata ⇒ Object
95 96 97 98 |
# File 'app/controllers/v1/sessions_controller.rb', line 95 def = OneLogin::RubySaml::Metadata.new render xml: .generate(saml_settings), content_type: 'application/xml' end |
#new ⇒ Object
Collection Action: auth is required for certain types of requests For more details see SAML::SSOeSettingsService and SAML::URLService
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'app/controllers/v1/sessions_controller.rb', line 35 def new type = params[:type] client_id = params[:application] || 'vaweb' # As a temporary measure while we have the ability to authenticate either through SessionsController # or through SignInController, we will delete all SignInController cookies when authenticating with SSOe # to prevent undefined authentication behavior if type == 'slo' Rails.logger.info("SessionsController version:v1 LOGOUT of type #{type}", sso_logging_info) reset_session url = URI.parse(url_service.ssoe_slo_url) app_key = if ActiveModel::Type::Boolean.new.cast(params[:agreements_declined]) Settings.saml_ssoe.tou_decline_logout_app_key else Settings.saml_ssoe.logout_app_key end query_strings = { appKey: CGI.escape(app_key), clientId: params[:client_id] }.compact url.query = query_strings.to_query redirect_to url.to_s else render_login(type) end new_stats(type, client_id) end |
#saml_callback ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'app/controllers/v1/sessions_controller.rb', line 76 def saml_callback set_sentry_context_for_callback if html_escaped_relay_state['type'] == 'mfa' saml_response = SAML::Responses::Login.new(params[:SAMLResponse], settings: saml_settings) saml_response_stats(saml_response) raise_saml_error(saml_response) unless saml_response.valid? user_login(saml_response) callback_stats(:success, saml_response) Rails.logger.info("SessionsController version:v1 saml_callback complete, user_uuid=#{@current_user&.uuid}") rescue SAML::SAMLError => e handle_callback_error(e, :failure, saml_response, e.level, e.context, e.code, e.tag) rescue => e # the saml_response variable may or may not be defined depending on # where the exception was raised resp = defined?(saml_response) && saml_response handle_callback_error(e, :failed_unknown, resp) ensure callback_stats(:total) end |
#ssoe_slo_callback ⇒ Object
66 67 68 69 70 71 72 73 74 |
# File 'app/controllers/v1/sessions_controller.rb', line 66 def ssoe_slo_callback Rails.logger.info("SessionsController version:v1 ssoe_slo_callback, user_uuid=#{@current_user&.uuid}") if ActiveModel::Type::Boolean.new.cast(params[:agreements_declined]) redirect_to url_service.tou_declined_logout_redirect_url else redirect_to url_service.logout_redirect_url end end |