Module: AtlasRb::System

Defined in:

lib/atlas_rb/system/user.rb

Overview

System-context callers — calls that authenticate as the seeded Atlas :system fixture rather than as a real user. The only client of this namespace today is the SSO callback in Cerberus, which provisions / refreshes the User row for a freshly-signed-in person.

Why a separate namespace

The :system principal needs a different bearer token (carried in Rails.application.credentials.atlas_system_token, not the user-side ENV["ATLAS_TOKEN"]) and pairs with a different User: header (always NUID, never the acting user). Atlas's require_auth enforces the pairing — a user token paired with the system NUID, or the system token paired with a real user NUID, both 401.

Routing system calls through their own class makes the carve-out structural: there is no kwarg that flips a regular call into a system call. The class itself is the marker.

Defined Under Namespace

Classes: User

Constant Summary

NUID =

The NUID of Atlas's seeded :system fixture. Atlas's find_by_role(:system) returns the row with this NUID; pairing validation in require_auth is role-based, but the seed convention is stable and is the value carried in the User: header on every #system_connection request.

"000000000"