Module: Legion::Identity::Resolver

Defined in:
lib/legion/identity/resolver.rb

Constant Summary collapse

TIMEOUT_SECONDS = 
5

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.session_idObject (readonly)

Returns the value of attribute session_id.



127
128
129
 
# File 'lib/legion/identity/resolver.rb', line 127

def session_id
  @session_id
end

Class Method Details

.compositeObject 



119
120
121
 
# File 'lib/legion/identity/resolver.rb', line 119

def composite
  @composite.get
end

.providersObject 



123
124
125
 
# File 'lib/legion/identity/resolver.rb', line 123

def providers
  @providers.dup
end

.register(provider) ⇒ Object 



16
17
18
19
20
 
# File 'lib/legion/identity/resolver.rb', line 16

def register(provider)
  return if @providers.any? { |p| p.provider_name == provider.provider_name }

  @providers << provider
end

.reset!Object 



129
130
131
132
133
 
# File 'lib/legion/identity/resolver.rb', line 129

def reset!
  @composite  = Concurrent::AtomicReference.new(nil)
  @resolved   = Concurrent::AtomicBoolean.new(false)
  @session_id = SecureRandom.uuid
end

.reset_all!Object 



135
136
137
138
 
# File 'lib/legion/identity/resolver.rb', line 135

def reset_all!
  reset!
  @providers = Concurrent::Array.new
end

.resolve!(timeout: TIMEOUT_SECONDS) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/legion/identity/resolver.rb', line 22

def resolve!(timeout: TIMEOUT_SECONDS)
  drain_pending_registrations

  auth_providers, profile_providers, fallback_providers = partition_providers

  winning_provider, winning_result, provider_results = resolve_auth(auth_providers, timeout: timeout)

  if winning_provider.nil?
    winning_provider, winning_result, fallback_results = resolve_auth(fallback_providers, timeout: timeout)
    provider_results.merge!(fallback_results) if fallback_results
  end

  unless winning_provider
    @resolved.make_false
    @composite.set(nil)
    return nil
  end

  canonical = winning_result[:canonical_name]
  trust_level = winning_provider.trust_level
  source = winning_provider.provider_name

  profile_data = resolve_profiles(profile_providers, canonical, timeout: timeout)

  composite = assemble_composite(
    provider_results, profile_data,
    winning_result: winning_result,
    trust_level:    trust_level,
    source:         source
  )

  bind_and_persist(winning_provider, composite, trust_level)
  composite
end

.resolved?Boolean

Returns:

  • (Boolean) 


115
116
117
 
# File 'lib/legion/identity/resolver.rb', line 115

def resolved?
  @resolved.true?
end

.upgrade!(provider, result) ⇒ Object 



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/legion/identity/resolver.rb', line 57

def upgrade!(provider, result)
  current = @composite.get
  return unless current

  new_trust = provider.trust_level
  new_canonical = result[:canonical_name] || current[:canonical_name]
  canonical_changed = new_canonical != current[:canonical_name]

  # Only promote the composite trust level when the new provider's trust
  # is strictly higher (lower rank index) than the current level.
  # This prevents an accidental downgrade if upgrade! is called with a
  # lower-trust provider such as one with :unverified trust.
  current_trust = current[:trust]
  effective_trust = if defined?(Legion::Identity::Trust) &&
                       Legion::Identity::Trust.respond_to?(:above?) &&
                       Legion::Identity::Trust.above?(new_trust, current_trust)
                      new_trust
                    else
                      current_trust
                    end

  new_aliases = current[:aliases].dup
  provider_identity = result[:provider_identity]
  if provider_identity
    existing = Array(new_aliases[provider.provider_name])
    new_aliases[provider.provider_name] = (existing + [provider_identity]).uniq
  end

  new_providers = current[:providers].dup
  new_providers[provider.provider_name] = {
    status:      :resolved,
    trust:       new_trust,
    resolved_at: Time.now
  }

  updated = current.merge(
    canonical_name: new_canonical,
    trust:          effective_trust,
    source:         provider.provider_name,
    aliases:        new_aliases,
    providers:      new_providers
  )

  handle_canonical_change(current[:canonical_name], new_canonical, updated) if canonical_changed

  @composite.set(updated)
  Legion::Identity::Process.bind!(provider, updated) if defined?(Legion::Identity::Process)

  if defined?(Legion::Settings) && Legion::Settings.respond_to?(:loader) && Legion::Settings.loader.respond_to?(:settings)
    Legion::Settings.loader.settings[:client] ||= {}
    Legion::Settings.loader.settings[:client][:name] = Legion::Identity::Process.queue_prefix
  end

  persist_identity_json(new_canonical, updated[:kind]) unless new_trust == :unverified

  updated
end