Class: Himari::Services::OidcUserinfoEndpoint::Handler

Inherits:

Object

Object
Himari::Services::OidcUserinfoEndpoint::Handler

show all

Defined in:: lib/himari/services/oidc_userinfo_endpoint.rb

Defined Under Namespace

Classes: InvalidToken

Instance Method Summary collapse

#given_token ⇒ Object
#initialize(storage:, env:, logger:, signing_key_provider: nil) ⇒ Handler constructor

A new instance of Handler.
#response ⇒ Object

Constructor Details

#initialize(storage:, env:, logger:, signing_key_provider: nil) ⇒ `Handler`

Returns a new instance of Handler.

# File 'lib/himari/services/oidc_userinfo_endpoint.rb', line 31

def initialize(storage:, env:, logger:, signing_key_provider: nil)
  @storage = storage
  @signing_key_provider = signing_key_provider
  @env = env
  @logger = logger
end

Instance Method Details

#given_token ⇒ `Object`

# File 'lib/himari/services/oidc_userinfo_endpoint.rb', line 67

def given_token
  # Only supports Authorization Request Header Field method https://www.rfc-editor.org/rfc/rfc6750.html#section-2.1
  @given_token ||= begin
    ah = @env['HTTP_AUTHORIZATION']
    method, token = ah&.split(/\s+/, 2) # https://www.rfc-editor.org/rfc/rfc9110#name-credentials
    if method&.downcase == 'bearer' && token && !token.empty?
      token
    end
  end
end

#response ⇒ `Object`

# File 'lib/himari/services/oidc_userinfo_endpoint.rb', line 38

def response
  # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
  return [404, {'Content-Type' => 'application/json'}, ['{"error": "not_found"}']] unless %w(GET POST).include?(@env['REQUEST_METHOD'])

  raise InvalidToken unless given_token

  given_parsed_token = Himari::AccessToken.parse(given_token, signing_key_provider: @signing_key_provider)

  token = @storage.find_token(given_parsed_token.handle)
  raise InvalidToken unless token

  token.verify_expiry!
  token.verify_secret!(given_parsed_token.secret)

  @logger&.info(Himari::LogLine.new('OidcUserinfoEndpoint: returning', req: @env['himari.request_as_log'], token: token.as_log))
  [
    200,
    {'Content-Type' => 'application/json; charset=utf-8'},
    [JSON.pretty_generate(token.userinfo), "\n"],
  ]
rescue InvalidToken, Himari::TokenString::SecretIncorrect, Himari::TokenString::InvalidFormat, Himari::TokenString::TokenExpired => e
  @logger&.warn(Himari::LogLine.new('OidcUserinfoEndpoint: invalid_token', req: @env['himari.request_as_log'], err: e.class.inspect, token: token&.as_log))
  [
    401,
    {'Content-Type' => 'application/json', 'WWW-Authenticate' => 'error="invalid_token", error_description="invalid access token"'},
    [JSON.pretty_generate(error: 'invalid_token'), "\n"],
  ]
end

Class: Himari::Services::OidcUserinfoEndpoint::Handler

Defined Under Namespace

Instance Method Summary collapse

Constructor Details

#initialize(storage:, env:, logger:, signing_key_provider: nil) ⇒ Handler

Instance Method Details

#given_token ⇒ Object

#response ⇒ Object

#initialize(storage:, env:, logger:, signing_key_provider: nil) ⇒ `Handler`

#given_token ⇒ `Object`

#response ⇒ `Object`