class Osso::SamlHandler

Attributes

attributes[RW]
provider[RW]
session[RW]

Public Class Methods

new(auth_hash:, provider_id:, session:) click to toggle source
# File lib/osso/lib/saml_handler.rb, line 11
def initialize(auth_hash:, provider_id:, session:)
  find_provider(provider_id)
  @attributes = auth_hash&.extra&.response_object&.attributes
  @session = session
end
perform(**attrs) click to toggle source
# File lib/osso/lib/saml_handler.rb, line 7
def self.perform(**attrs)
  new(attrs).perform
end

Public Instance Methods

perform() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 17
def perform
  validate_attributes
  provider.active!
  redirect_uri
end

Private Instance Methods

authorization_code() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 54
def authorization_code
  @authorization_code ||= user.authorization_codes.create!(
    oauth_client: provider.oauth_client,
    redirect_uri: redirect_uri_base,
    requested: requested_param,
  )
end
email_attribute() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 40
def email_attribute
  attributes[:email]
end
find_provider(id) click to toggle source
# File lib/osso/lib/saml_handler.rb, line 25
def find_provider(id)
  @provider ||= Models::IdentityProvider.find(id)
rescue ActiveRecord::RecordNotFound
  raise Osso::Error::InvalidACSURLError
end
id_attribute() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 36
def id_attribute
  @id_attribute ||= attributes[:id] || attributes[:idp_id]
end
provider_state() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 76
def provider_state
  return 'IDP_INITIATED' if valid_idp_initiated_flow

  session.delete(:osso_oauth_state)
end
redirect_uri() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 62
def redirect_uri
  redirect_uri_base + redirect_uri_querystring
end
redirect_uri_base() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 66
def redirect_uri_base
  return provider.oauth_client.primary_redirect_uri.uri if valid_idp_initiated_flow

  session[:osso_oauth_redirect_uri]
end
redirect_uri_querystring() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 72
def redirect_uri_querystring
  "?code=#{CGI.escape(authorization_code.token)}&state=#{provider_state}"
end
requested_param() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 86
def requested_param
  @session.delete(:osso_oauth_requested)
end
user() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 44
def user
  @user ||= Models::User.where(
    email: email_attribute,
    idp_id: id_attribute,
  ).first_or_create! do |new_user|
    new_user.enterprise_account_id = provider.enterprise_account_id
    new_user.identity_provider_id = provider.id
  end
end
valid_idp_initiated_flow() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 82
def valid_idp_initiated_flow
  !session[:osso_oauth_redirect_uri] && !session[:osso_oauth_state]
end
validate_attributes() click to toggle source
# File lib/osso/lib/saml_handler.rb, line 31
def validate_attributes
  raise Osso::Error::MissingSamlIdAttributeError unless id_attribute
  raise Osso::Error::MissingSamlEmailAttributeError unless email_attribute
end