Class: AtlasRb::Authentication

Inherits:
Object
  • Object
show all
Extended by:
FaradayHelper
Defined in:
lib/atlas_rb/authentication.rb

Overview

User-facing identity lookups against the Atlas API.

Unlike the resource classes, Authentication threads a real NUID into FaradayHelper#connection's second positional argument. On the relay-signing path that NUID is signed into the assertion sub; Atlas resolves the acting user and their group memberships from the proven sub.

No login round-trip happens here today; auth is assumed to be already provisioned out-of-band (a configured signing key, or ATLAS_JWT). The commented-out code in this file reflects an older flow where a /token endpoint exchanged an NUID for a session token.

Constant Summary

Constants included from FaradayHelper

FaradayHelper::ASSERTION_AUDIENCE, FaradayHelper::ASSERTION_ISSUER, FaradayHelper::ASSERTION_TTL, FaradayHelper::INSTRUMENTATION_EVENT

Class Method Summary collapse

Methods included from FaradayHelper

connection, multipart, system_connection, with_file_part

Class Method Details

.groups(nuid) ⇒ Array<Hash>

Fetch only the group memberships for an NUID.

Convenience wrapper around the same GET /user call as login; useful when authorization checks only need group names.

Examples:

AtlasRb::Authentication.groups("001234567")
# => [{ "id" => 7, "name" => "Library Staff" }, ...]

Parameters:

  • nuid (String)

    the user's Northeastern University ID.

Returns:

  • (Array<Hash>)

    the "groups" array from the user record.

Raises:

  • (JSON::ParserError)

    if the response body is not valid JSON.



52
53
54
55
56
57
58
# File 'lib/atlas_rb/authentication.rb', line 52

def self.groups(nuid)
  # user_details = login(nuid)
  # token = user_details[:token] ...
  # TODO - need to update atlas login to give back name, id, and token upon logging in
  # result = JSON.parse(connection({ token: token }).post('/users/2/groups')&.body)["user"]["groups"]
  AtlasRb::Mash.new(JSON.parse(connection({}, nuid).get('/user')&.body))["groups"]
end

.login(nuid, email: nil) ⇒ Hash

Look up the Atlas user record for an NUID.

A NUID can hold several accounts (a person's staff/student logins). Pass email: to act as — and read back — a specific one; it rides as a signed acct claim so GET /user resolves that account. Omit it and Atlas returns the person's preferred account.

Examples:

AtlasRb::Authentication.("001234567")
# => { "id" => 42, "name" => "Jane Doe", "groups" => [...] }

Parameters:

  • nuid (String)

    the user's Northeastern University ID.

  • email (String, nil) (defaults to: nil)

    optional account email to act as (the acct selector); nil resolves the preferred account.

Returns:

  • (Hash)

    the user record returned by GET /user, including at minimum "id", "name", and "groups".

Raises:

  • (JSON::ParserError)

    if the response body is not valid JSON (typically caused by an auth failure returning HTML).



36
37
38
# File 'lib/atlas_rb/authentication.rb', line 36

def self.(nuid, email: nil)
  AtlasRb::Mash.new(JSON.parse(connection({}, nuid, account: email).get('/user')&.body))
end