class SSO::Server::Passport
This could be MongoDB or whatever
Attributes
chip[R]
user[RW]
Public Instance Methods
chip!()
click to toggle source
# File lib/sso/server/passport.rb, line 64 def chip! benchmark(name: 'Passport chip encryption') do ensure_secret cipher = chip_digest cipher.encrypt cipher.key = chip_key chip_iv = cipher.random_iv ciphertext = cipher.update chip_plaintext ciphertext << cipher.final debug { "The Passport chip plaintext #{chip_plaintext.inspect} was encrypted using key #{chip_key.inspect} and IV #{chip_iv.inspect} and resultet in ciphertext #{ciphertext.inspect}" } chip = [Base64.encode64(ciphertext).strip, Base64.encode64(chip_iv).strip].join('|') logger.debug { "Augmented passport #{id.inspect} with chip #{chip.inspect}" } chip end end
chip_digest()
click to toggle source
# File lib/sso/server/passport.rb, line 84 def chip_digest OpenSSL::Cipher::AES256.new :CBC end
chip_key()
click to toggle source
# File lib/sso/server/passport.rb, line 88 def chip_key SSO.config.passport_chip_key end
chip_plaintext()
click to toggle source
Don't get confused, the chip plaintext is the passport secret
# File lib/sso/server/passport.rb, line 93 def chip_plaintext [id, secret].join '|' end
create_chip!()
click to toggle source
# File lib/sso/server/passport.rb, line 60 def create_chip! @chip = chip! end
export()
click to toggle source
# File lib/sso/server/passport.rb, line 24 def export debug { "Exporting Passport #{id} including the encapsulated user." } { id: id, secret: secret, state: state, chip: chip, user: user, } end
load_user!()
click to toggle source
# File lib/sso/server/passport.rb, line 56 def load_user! @user = SSO.config.find_user_for_passport.call passport: reload end
state()
click to toggle source
# File lib/sso/server/passport.rb, line 39 def state if user @state ||= state! else warn { 'Wait a minute, this Passport is not encapsulating a user!' } 'missing_user_for_state_calculation' end end
state!()
click to toggle source
# File lib/sso/server/passport.rb, line 48 def state! result = benchmark(name: 'Passport user state calculation') do OpenSSL::HMAC.hexdigest user_state_digest, user_state_key, user_state_base end debug { "The user state is #{result.inspect}" } result end
to_s()
click to toggle source
# File lib/sso/server/passport.rb, line 35 def to_s ['Passport', owner_id, ip, activity_at].join ', ' end
user_state_base()
click to toggle source
# File lib/sso/server/passport.rb, line 101 def user_state_base ::SSO.config.user_state_base.call user end
user_state_digest()
click to toggle source
# File lib/sso/server/passport.rb, line 80 def user_state_digest OpenSSL::Digest.new 'sha1' end
user_state_key()
click to toggle source
# File lib/sso/server/passport.rb, line 97 def user_state_key ::SSO.config.user_state_key end
Private Instance Methods
ensure_activity_at()
click to toggle source
# File lib/sso/server/passport.rb, line 111 def ensure_activity_at self.activity_at ||= Time.now end
ensure_secret()
click to toggle source
# File lib/sso/server/passport.rb, line 107 def ensure_secret self.secret ||= SecureRandom.uuid end
update_location()
click to toggle source
# File lib/sso/server/passport.rb, line 115 def update_location location_name = ::SSO.config.human_readable_location_for_ip.call(ip) debug { "Updating geolocation for #{ip} which is #{location_name}" } self.location = location_name end