class SSO::Server::Passport

This could be MongoDB or whatever

Attributes

chip[R]
user[RW]

Public Instance Methods

chip!() click to toggle source
# File lib/sso/server/passport.rb, line 64
def chip!
  benchmark(name: 'Passport chip encryption') do
    ensure_secret
    cipher = chip_digest
    cipher.encrypt
    cipher.key = chip_key
    chip_iv = cipher.random_iv
    ciphertext = cipher.update chip_plaintext
    ciphertext << cipher.final
    debug { "The Passport chip plaintext #{chip_plaintext.inspect} was encrypted using key #{chip_key.inspect} and IV #{chip_iv.inspect} and resultet in ciphertext #{ciphertext.inspect}" }
    chip = [Base64.encode64(ciphertext).strip, Base64.encode64(chip_iv).strip].join('|')
    logger.debug { "Augmented passport #{id.inspect} with chip #{chip.inspect}" }
    chip
  end
end
chip_digest() click to toggle source
# File lib/sso/server/passport.rb, line 84
def chip_digest
  OpenSSL::Cipher::AES256.new :CBC
end
chip_key() click to toggle source
# File lib/sso/server/passport.rb, line 88
def chip_key
  SSO.config.passport_chip_key
end
chip_plaintext() click to toggle source

Don't get confused, the chip plaintext is the passport secret

# File lib/sso/server/passport.rb, line 93
def chip_plaintext
  [id, secret].join '|'
end
create_chip!() click to toggle source
# File lib/sso/server/passport.rb, line 60
def create_chip!
  @chip = chip!
end
export() click to toggle source
# File lib/sso/server/passport.rb, line 24
def export
  debug { "Exporting Passport #{id} including the encapsulated user." }
  {
    id: id,
    secret: secret,
    state: state,
    chip: chip,
    user: user,
  }
end
load_user!() click to toggle source
# File lib/sso/server/passport.rb, line 56
def load_user!
  @user = SSO.config.find_user_for_passport.call passport: reload
end
state() click to toggle source
# File lib/sso/server/passport.rb, line 39
def state
  if user
    @state ||= state!
  else
    warn { 'Wait a minute, this Passport is not encapsulating a user!' }
    'missing_user_for_state_calculation'
  end
end
state!() click to toggle source
# File lib/sso/server/passport.rb, line 48
def state!
  result = benchmark(name: 'Passport user state calculation') do
    OpenSSL::HMAC.hexdigest user_state_digest, user_state_key, user_state_base
  end
  debug { "The user state is #{result.inspect}" }
  result
end
to_s() click to toggle source
# File lib/sso/server/passport.rb, line 35
def to_s
  ['Passport', owner_id, ip, activity_at].join ', '
end
user_state_base() click to toggle source
# File lib/sso/server/passport.rb, line 101
def user_state_base
  ::SSO.config.user_state_base.call user
end
user_state_digest() click to toggle source
# File lib/sso/server/passport.rb, line 80
def user_state_digest
  OpenSSL::Digest.new 'sha1'
end
user_state_key() click to toggle source
# File lib/sso/server/passport.rb, line 97
def user_state_key
  ::SSO.config.user_state_key
end

Private Instance Methods

ensure_activity_at() click to toggle source
# File lib/sso/server/passport.rb, line 111
def ensure_activity_at
  self.activity_at ||= Time.now
end
ensure_secret() click to toggle source
# File lib/sso/server/passport.rb, line 107
def ensure_secret
  self.secret ||= SecureRandom.uuid
end
update_location() click to toggle source
# File lib/sso/server/passport.rb, line 115
def update_location
  location_name = ::SSO.config.human_readable_location_for_ip.call(ip)
  debug { "Updating geolocation for #{ip} which is #{location_name}" }
  self.location = location_name
end