Skip to content

Instantly share code, notes, and snippets.

@ToniRib

ToniRib/idp_broker.rb

Last active January 3, 2018 20:45
Show Gist options
  • Save ToniRib/d10a32cd6c824741770a939c4a96118f to your computer and use it in GitHub Desktop.
Save ToniRib/d10a32cd6c824741770a939c4a96118f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
idp_broker.rb
module Gospotcheck
module Sso
class IdpBroker
def initialize(username, password, request_id)
@username = username
@password = password
@request_id = request_id
end
def sso_user?
log('sso_user?', 'requestStart', { username: @username })
if user_idp.success?
log('sso_user?', 'idpUserConfirmed', { idpId: user_idp.idp_id })
true
else
log('sso_user?', 'nonIdpUser')
false
end
end
def user_authenticated?
log('user_authenticated?', 'requestStart', { username: @username, idpId: user_idp.idp_id })
if user_idp.idp_id.nil?
log('user_authenticated?', 'idpNotPresent', { error: 'idp_id not returned from IdpBroker' })
end
response = HTTParty.post(idp_authn_path, auth_request_options) rescue nil
if response&.code == 200
log('user_authenticated?', 'userAuthenticated')
true
else
log('user_authenticated?', 'userNotAuthenticated', { responseCode: response&.code })
false
end
end
def sso_info
log('sso_info', 'requestStart', { username: @username })
if user_idp.success?
log('sso_info', 'ssoInfoConfirmed', { idpId: user_idp.idp_id })
user_idp
else
log('sso_info', 'nonIdpUser')
nil
end
end
def jwt_token
client = OpenStruct.new(uid: ENV['IDP_BROKER_CLIENT_ID'], scopes: ['public', 'internal'])
company = OpenStruct.new(id: '2', name: 'GoSpotCheck')
Gospotcheck::Jwt.company_encode(
client: client,
company: company,
audiences: [ 'https://idp.gospotcheck.com' ],
)
end
private
def user_idp
@user_idp ||= begin
response = HTTParty.get(user_idp_path, idp_request_options) rescue nil
if response
SuccessfulUserIdp.new(data: response)
else
FailedUserIdp.new
end
end
end
def user_idp_path
"#{api_url}user_idp/#{URI.encode(@username)}"
end
def idp_authn_path
"#{api_url}idps/#{user_idp.idp_id}/authn"
end
def api_url
ENV['IDP_BROKER_API_URL']
end
def idp_request_options
{
headers: {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'GSC-Correlation-Id' => @request_id,
'Authorization' => "Bearer #{jwt_token}"
}
}
end
def auth_request_options
{
headers: {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'GSC-Correlation-Id' => @request_id
},
body: { 'username' => @username, 'password' => @password }.to_json
}
end
def log(method, event, other={})
msg = {
requestType: "Gospotcheck::Sso::IdpBroker##{method}",
event: event
}.merge(other).to_json
Rails.logger.info(msg)
end
class SuccessfulUserIdp
def initialize(data: data)
@data = JSON.parse(data.body) rescue {}
end
def success?
idp_id != 0
end
def idp_id
data.dig('data', 'idp', 'id') || 0
end
def contact_name
data.dig('data', 'idp', 'contact_name')
end
def contact_email
data.dig('data', 'idp', 'contact_email')
end
def contact_phone
data.dig('data', 'idp', 'contact_phone')
end
def contact_notes
data.dig('data', 'idp', 'contact_notes')
end
private
attr_reader :data
end
class FailedUserIdp
def success?
false
end
def idp_id
0
end
def contact_name
end
def contact_email
end
def contact_phone
end
def contact_notes
end
end
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment