Class: UuOidc::AuthenticationService

Inherits:
Object
  • Object
show all
Defined in:
lib/uu_oidc/authentication_service.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) ⇒ AuthenticationService

Creates new instance of uuOIDC authentication service.

Parameters:

  • opts (Hash) (defaults to: {})

    Service options

Options Hash (opts):

  • :uu_oidc_server_uri (String, UuApp::Uri)

    Base URL of uuOIDC server (defaults to “https://oidc.plus4u.net/uu-oidcg01-main”)

  • :uu_oidc_server_tenant_id (String)

    uuOIDC server workspace (defaults to “99923616732452117-4f06dafc03cb4c7f8c155aa53f0e86be”)

  • :uu_oidc_client_ssl_verify_mode (Integer)

    SSL Verification level



83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/uu_oidc/authentication_service.rb', line 83

def initialize(opts = {})
  opts = UuApp::Util::OptsReader.new(opts || {}, UuApp::Util::Config)
  provider_uri = opts[:uu_oidc_server_uri]
  if !provider_uri
    # TODO Handle trailing slashes from configuration parameters
    tenant = opts[:uu_oidc_server_tenant_id] || DEFAULT_OIDC_TENANT
    provider_uri = "#{DEFAULT_OIDC_BASE_URI}/#{tenant}"
  end
  verify_ssl = opts[:uu_oidc_client_ssl_verify_mode] != OpenSSL::SSL::VERIFY_NONE
  @provider_uri = provider_uri
  @oauth_client = UuOidc::Internal::OAuthClient.new(@provider_uri, verify_ssl)
  @oauth_code = UuOidc::Internal::OAuthCode.new(@provider_uri, verify_ssl)
end

Instance Attribute Details

#provider_uriString (readonly)

Returns uuOIDC server address.

Returns:

  • (String)

    uuOIDC server address



76
77
78
 
# File 'lib/uu_oidc/authentication_service.rb', line 76

def provider_uri
  @provider_uri
end

Class Method Details

.authenticate(credentials = nil) ⇒ UuApp::Authentication::Session

Authenticates user.

Parameters:

  • credentials (Hash) (defaults to: nil)

    User credentials to be verified (data object or token string)

Options Hash (credentials):

  • :access_code1 (String)

    User access code 1

  • :access_code2 (String)

    User access code 2

  • :code (String)

    Value for OAuth code flow

Returns:

  • (UuApp::Authentication::Session)

    User session for passed user credentials

Raises:

  • (UuApp::Authentication::Error::InvalidCredentials)

    In case credentials are not valid.

  • (UuApp::Authentication::Error::AuthenticationError)

    In case authentication fails.



52
53
54
 
# File 'lib/uu_oidc/authentication_service.rb', line 52

def self.authenticate(credentials = nil)
  UuApp::Authentication::AuthenticationService.get(DEFAULT_SERVICE_NAME).authenticate(credentials)
end

.create(name, opts = {}) ⇒ Object

Creates new instance of uuOIDC authentication service and registers it as authentication service with given name.

Parameters:

  • name (String)

    Service name

  • opts (Hash) (defaults to: {})

    Service options

Options Hash (opts):

  • :uu_oidc_server_uri (String, UuApp::Uri)

    Base URL of uuOIDC server (defaults to “https://oidc.plus4u.net/uu-oidcg01-main”)

  • :uu_oidc_server_tenant_id (String)

    uuOIDC server workspace (defaults to “99923616732452117-4f06dafc03cb4c7f8c155aa53f0e86be”)

  • :uu_oidc_client_ssl_verify_mode (Integer)

    SSL Verification level



69
70
71
72
 
# File 'lib/uu_oidc/authentication_service.rb', line 69

def self.create(name, opts = {})
  auth_service = self.new(opts)
  UuApp::Authentication::AuthenticationService.register(name, auth_service)
end

.provider_uriString

Returns uuOIDC server address.

Returns:

  • (String)

    uuOIDC server address



58
59
60
 
# File 'lib/uu_oidc/authentication_service.rb', line 58

def self.provider_uri
  UuApp::Authentication::AuthenticationService.get(DEFAULT_SERVICE_NAME).provider_uri
end

Instance Method Details

#authenticate(credentials = nil) ⇒ Object

Authenticates user.

See Also:

  • UuOidc::AAuthenticationService.authenticate


99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'lib/uu_oidc/authentication_service.rb', line 99

def authenticate(credentials = nil)
  session = nil
  if !credentials
    if !@oauth_code.supported?
      raise UuApp::Authentication::Error::InvalidCredentials, "Missing credentials."
    end
    begin
      code = @oauth_code.get(UuOidc::Internal::ClientCredentials.get_credentials)
    rescue => e
      raise UuApp::Authentication::Error::AuthenticationError, "Authentication failed."
    end
    session = authenticate(OAUTH_CODE => code)
  elsif credentials.kind_of?(String)
    if credentials =~ ID_TOKEN_REGEX
      claims = @oauth_client.parse_token(credentials)
      session = UuOidc::Session.new(@provider_uri, @oauth_client, claims, credentials, nil)
    else
      claims = @oauth_client.parse_token(credentials)
      session = UuOidc::Session.new(@provider_uri, @oauth_client, claims, nil, credentials)
    end
  else
    if credentials[OAUTH_CODE]
      client_credentials = credentials[:client_credentials] || UuOidc::Internal::ClientCredentials.get_credentials
      token = @oauth_client.grant_authorization_code_token(credentials[OAUTH_CODE], client_credentials)
      claims = @oauth_client.parse_token(token[:id_token])
      session = UuOidc::Session.new(@provider_uri, @oauth_client, claims, token[:id_token], token[:access_token])
    else
      username = credentials[:username] || credentials[:accessCode1] || credentials[:access_code1]
      password = credentials[:password] || credentials[:accessCode2] || credentials[:access_code2]
      if !username || !password
        raise UuApp::Authentication::Error::InvalidCredentials, "Unsupported credentials."
      end
      client_credentials = credentials[:client_credentials]
      if client_credentials
        UuOidc::Internal::ClientCredentials.get_credentials(client_credentials)
      end
      token = @oauth_client.grant_resource_owner_password_credentials_token(username, password, client_credentials)
      claims = @oauth_client.parse_token(token[:id_token])
      session = UuOidc::Session.new(@provider_uri, @oauth_client, claims, token[:id_token], token[:access_token])
    end
  end
  return session
end