Class: LcpRuby::Authentication::Provider

Inherits:

Struct

• Object
• Struct
• LcpRuby::Authentication::Provider

Defined in:

lib/lcp_ruby/authentication/provider.rb

Overview

Value object representing one entry under ‘auth.providers` in auth.yml. Built by ProviderRegistry; consumed by OmniAuthBuilder, UserResolver, RoleMapper, and the login view.

Constant Summary

VALID_TYPES =

%i[oidc devise].freeze

VALID_ROLE_SOURCES =

%i[yaml host db].freeze

DEFAULTS =

{
  scopes: %w[openid profile email].freeze,
  pkce: true,
  response_type: "code",
  response_mode: "query",
  role_source: :yaml,
  provisioning: { auto_create: true, update_on_login: [], reject_if_host_missing: false }.freeze,
  logout: { mode: :local }.freeze
}.freeze

Instance Attribute Summary

• #audience ⇒ Object

  Returns the value of attribute audience.

• #button_style ⇒ Object

  Returns the value of attribute button_style.

• #claim_mappings ⇒ Object

  Returns the value of attribute claim_mappings.

• #client_id ⇒ Object

  Returns the value of attribute client_id.

• #client_secret ⇒ Object

  Returns the value of attribute client_secret.

• #default_role ⇒ Object

  Returns the value of attribute default_role.

• #discovery_url ⇒ Object

  Returns the value of attribute discovery_url.

• #display_name ⇒ Object

  Returns the value of attribute display_name.

• #icon ⇒ Object

  Returns the value of attribute icon.

• #logout ⇒ Object

  Returns the value of attribute logout.

• #name ⇒ Object

  Returns the value of attribute name.

• #pkce ⇒ Object

  Returns the value of attribute pkce.

• #provisioning ⇒ Object

  Returns the value of attribute provisioning.

• #redirect_uri ⇒ Object

  Returns the value of attribute redirect_uri.

• #response_mode ⇒ Object

  Returns the value of attribute response_mode.

• #response_type ⇒ Object

  Returns the value of attribute response_type.

• #role_mapping ⇒ Object

  Returns the value of attribute role_mapping.

• #role_source ⇒ Object

  Returns the value of attribute role_source.

• #scopes ⇒ Object

  Returns the value of attribute scopes.

• #type ⇒ Object

  Returns the value of attribute type.

Class Method Summary

• .from_hash(raw) ⇒ Object
• .symbolize_claim_mappings(mappings) ⇒ Object
• .symbolize_logout(raw) ⇒ Object
• .whitelist(value, allowed, field) ⇒ Object

Instance Method Summary

• #devise? ⇒ Boolean
• #oidc? ⇒ Boolean
• #with(**overrides) ⇒ Object

  Returns a new frozen Provider with the given attribute overrides.

Instance Attribute Details

#audience ⇒ Object

Returns the value of attribute audience

Returns:

• (Object) —

  the current value of audience

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def audience
  @audience
end

#button_style ⇒ Object

Returns the value of attribute button_style

Returns:

• (Object) —

  the current value of button_style

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def button_style
  @button_style
end

#claim_mappings ⇒ Object

Returns the value of attribute claim_mappings

Returns:

• (Object) —

  the current value of claim_mappings

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def claim_mappings
  @claim_mappings
end

#client_id ⇒ Object

Returns the value of attribute client_id

Returns:

• (Object) —

  the current value of client_id

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def client_id
  @client_id
end

#client_secret ⇒ Object

Returns the value of attribute client_secret

Returns:

• (Object) —

  the current value of client_secret

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def client_secret
  @client_secret
end

#default_role ⇒ Object

Returns the value of attribute default_role

Returns:

• (Object) —

  the current value of default_role

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def default_role
  @default_role
end

#discovery_url ⇒ Object

Returns the value of attribute discovery_url

Returns:

• (Object) —

  the current value of discovery_url

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def discovery_url
  @discovery_url
end

#display_name ⇒ Object

Returns the value of attribute display_name

Returns:

• (Object) —

  the current value of display_name

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def display_name
  @display_name
end

#icon ⇒ Object

Returns the value of attribute icon

Returns:

• (Object) —

  the current value of icon

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def icon
  @icon
end

#logout ⇒ Object

Returns the value of attribute logout

Returns:

• (Object) —

  the current value of logout

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def logout
  @logout
end

#name ⇒ Object

Returns the value of attribute name

Returns:

• (Object) —

  the current value of name

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def name
  @name
end

#pkce ⇒ Object

Returns the value of attribute pkce

Returns:

• (Object) —

  the current value of pkce

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def pkce
  @pkce
end

#provisioning ⇒ Object

Returns the value of attribute provisioning

Returns:

• (Object) —

  the current value of provisioning

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def provisioning
  @provisioning
end

#redirect_uri ⇒ Object

Returns the value of attribute redirect_uri

Returns:

• (Object) —

  the current value of redirect_uri

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def redirect_uri
  @redirect_uri
end

#response_mode ⇒ Object

Returns the value of attribute response_mode

Returns:

• (Object) —

  the current value of response_mode

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def response_mode
  @response_mode
end

#response_type ⇒ Object

Returns the value of attribute response_type

Returns:

• (Object) —

  the current value of response_type

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def response_type
  @response_type
end

#role_mapping ⇒ Object

Returns the value of attribute role_mapping

Returns:

• (Object) —

  the current value of role_mapping

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def role_mapping
  @role_mapping
end

#role_source ⇒ Object

Returns the value of attribute role_source

Returns:

• (Object) —

  the current value of role_source

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def role_source
  @role_source
end

#scopes ⇒ Object

Returns the value of attribute scopes

Returns:

• (Object) —

  the current value of scopes

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def scopes
  @scopes
end

#type ⇒ Object

Returns the value of attribute type

Returns:

• (Object) —

  the current value of type

# File 'lib/lcp_ruby/authentication/provider.rb', line 8

def type
  @type
end

Class Method Details

.from_hash(raw) ⇒ Object

# File 'lib/lcp_ruby/authentication/provider.rb', line 49

def self.from_hash(raw)
  h = raw.transform_keys(&:to_sym)
  instance = new(
    name:                h.fetch(:name).to_s.freeze,
    type:                whitelist(h.fetch(:type).to_sym, VALID_TYPES, "type"),
    display_name:        (h[:display_name] || h.fetch(:name).to_s.titleize).freeze,
    icon:                h[:icon]&.freeze,
    button_style:        (h[:button_style] || "secondary").freeze,
    discovery_url:       h[:discovery_url]&.freeze,
    client_id:           h[:client_id]&.freeze,
    client_secret:       h[:client_secret]&.freeze,
    scopes:              Array(h[:scopes].presence || DEFAULTS[:scopes]).map { |s| s.to_s.freeze }.freeze,
    pkce:                h.fetch(:pkce, DEFAULTS[:pkce]),
    response_type:       (h[:response_type] || DEFAULTS[:response_type]).to_s.freeze,
    response_mode:       (h[:response_mode] || DEFAULTS[:response_mode]).to_s.freeze,
    audience:            h[:audience]&.freeze,
    redirect_uri:        h[:redirect_uri]&.freeze,
    claim_mappings:      symbolize_claim_mappings(h[:claim_mappings] || {}).freeze,
    role_source:         whitelist((h[:role_source] || DEFAULTS[:role_source]).to_sym, VALID_ROLE_SOURCES, "role_source"),
    role_mapping:        (h[:role_mapping] || {}).freeze,
    default_role:        h[:default_role]&.freeze,
    provisioning:        DEFAULTS[:provisioning].merge((h[:provisioning] || {}).transform_keys(&:to_sym)).freeze,
    logout:              symbolize_logout(h[:logout]).freeze
  )
  instance.freeze
end

.symbolize_claim_mappings(mappings) ⇒ Object

# File 'lib/lcp_ruby/authentication/provider.rb', line 84

def self.symbolize_claim_mappings(mappings)
  mappings.transform_keys(&:to_sym).transform_values(&:to_s)
end

.symbolize_logout(raw) ⇒ Object

# File 'lib/lcp_ruby/authentication/provider.rb', line 88

def self.symbolize_logout(raw)
  merged = DEFAULTS[:logout].merge((raw || {}).transform_keys(&:to_sym))
  merged.merge(mode: merged[:mode].to_sym)
end

.whitelist(value, allowed, field) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/lcp_ruby/authentication/provider.rb', line 93

def self.whitelist(value, allowed, field)
  return value if allowed.include?(value)

  raise ArgumentError, "#{field} must be one of #{allowed.inspect} (got #{value.inspect})"
end

Instance Method Details

#devise? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lcp_ruby/authentication/provider.rb', line 103

def devise?
  type == :devise
end

#oidc? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lcp_ruby/authentication/provider.rb', line 99

def oidc?
  type == :oidc
end

#with(**overrides) ⇒ Object

Returns a new frozen Provider with the given attribute overrides. Used by tests so they don’t mutate the registry-held singleton.

# File 'lib/lcp_ruby/authentication/provider.rb', line 78

def with(**overrides)
  attrs = members.each_with_object({}) { |m, h| h[m] = self[m] }
  attrs.merge!(overrides)
  self.class.new(**attrs).freeze
end