class SSO::Client::Warden::Hooks::AfterFetch

This is a helpful `Warden::Manager.after_fetch` hook for Alpha and Beta. Whenever Carol is fetched out of the session, we also verify her passport.

Usage:

SSO::Client::Warden::Hooks::AfterFetch.activate scope: :vip

Attributes

options[R]
passport[R]
warden[R]

Public Class Methods

activate(warden_options) click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 21
def self.activate(warden_options)
  ::Warden::Manager.after_fetch(warden_options) do |passport, warden, options|
    ::SSO::Client::Warden::Hooks::AfterFetch.new(passport: passport, warden: warden, options: options).call
  end
end
new(passport:, warden:, options:) click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 27
def initialize(passport:, warden:, options:)
  @passport, @warden, @options = passport, warden, options
end

Public Instance Methods

call() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 31
def call
  return unless passport.is_a?(::SSO::Client::Passport)
  verify

rescue ::Timeout::Error
  error { 'SSO Server timed out. Continuing with last known authentication/authorization...' }
  meter :timeout, timeout_ms: verifier.human_readable_timeout_in_ms
  Operations.failure :server_request_timed_out

rescue => exception
  ::SSO.config.exception_handler.call exception
  Operations.failure :client_exception_caught
end

Private Instance Methods

agent() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 139
def agent
  request.user_agent
end
device_id() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 143
def device_id
  params['device_id']
end
ip() click to toggle source

TODO: Use ActionDispatch remote IP or you might get the Load Balancer's IP instead :(

# File lib/sso/client/warden/hooks/after_fetch.rb, line 135
def ip
  request.ip
end
meter(key, data = {}) click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 125
def meter(key, data = {})
  metrics = {}
  metrics[:key] = "client.warden.hooks.after_fetch.#{key}"
  metrics[:tags] = { scope: warden_scope }
  data[:passport_id] = passport.id
  metrics[:data] = data
  track metrics
end
passport_invalid!() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 94
def passport_invalid!
  info { 'Your Passport is not valid any more.' }
  warden.logout warden_scope
  meter :invalid
  Operations.failure :invalid
end
passport_valid!() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 87
def passport_valid!
  debug { 'Valid passport, no changes' }
  passport.verified!
  meter :valid
  Operations.success :valid
end
passport_valid_and_modified!(modified_passport) click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 77
def passport_valid_and_modified!(modified_passport)
  debug { 'Valid passport, but state changed' }
  passport.verified!
  passport.modified!
  passport.user = modified_passport.user
  passport.state = modified_passport.state
  meter :valid_and_modified
  Operations.success :valid_and_modified
end
server_response_missing_success_flag!() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 107
def server_response_missing_success_flag!
  error { 'SSO Server response did not include the expected success flag.' }
  meter :server_response_missing_success_flag
  Operations.failure :server_response_missing_success_flag
end
server_response_not_parseable!() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 119
def server_response_not_parseable!
  error { 'SSO Server response could not be parsed at all.' }
  meter :server_response_not_parseable
  Operations.failure :server_response_not_parseable
end
server_unreachable!() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 101
def server_unreachable!
  error { "SSO Server responded with an unexpected HTTP status code (#{verification_code.inspect} instead of 200). #{verification_object.inspect}" }
  meter :server_unreachable
  Operations.failure :server_unreachable
end
unexpected_server_response_status!() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 113
def unexpected_server_response_status!
  error { "SSO Server response did not include a known passport status code. #{verification_code.inspect}" }
  meter :unexpected_server_response_status
  Operations.failure :unexpected_server_response_status
end
verification() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 51
def verification
  @verification ||= verifier.call
end
verification_code() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 55
def verification_code
  verification.code
end
verification_object() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 59
def verification_object
  verification.object
end
verifier() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 47
def verifier
  ::SSO::Client::PassportVerifier.new passport_id: passport.id, passport_state: passport.state, passport_secret: passport.secret, user_ip: ip, user_agent: agent, device_id: device_id
end
verify() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 63
def verify
  debug { "Validating Passport #{passport.id.inspect} of logged in #{passport.user.class} in scope #{warden_scope.inspect}" }

  case verification_code
  when :server_unreachable                    then server_unreachable!
  when :server_response_not_parseable         then server_response_not_parseable!
  when :server_response_missing_success_flag  then server_response_missing_success_flag!
  when :passport_valid                        then passport_valid!
  when :passport_valid_and_modified           then passport_valid_and_modified!(verification.object)
  when :passport_invalid                      then passport_invalid!
  else                                             unexpected_server_response_status!
  end
end
warden_scope() click to toggle source
# File lib/sso/client/warden/hooks/after_fetch.rb, line 147
def warden_scope
  options[:scope]
end