Module: Legion::Extensions::Identity::Entra::Delegated::Identity

Extended by:: Identity

Includes:: Logging::Helper, Settings::Helper

Included in:: Identity

Defined in:: lib/legion/extensions/identity/entra/delegated/identity.rb

Instance Method Summary collapse

#capabilities ⇒ Object
#normalize(val) ⇒ Object
#priority ⇒ Object
#provide_token(qualifier: :delegated) ⇒ Object
#provider_name ⇒ Object
#provider_type ⇒ Object
#refresh ⇒ Object
#resolve ⇒ Object
#resolve_all ⇒ Object
#trust_level ⇒ Object
#trust_weight ⇒ Object

Instance Method Details

#capabilities ⇒ `Object`

18	# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 18 def capabilities = %i[authenticate profile interactive outbound_auth]

#normalize(val) ⇒ `Object`

# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 75

def normalize(val)
  str = val.to_s.downcase.strip
  str = str.split('@', 2).first if str.include?('@')
  str.gsub(/[^a-z0-9_-]/, '')
end

#priority ⇒ `Object`

15	# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 15 def priority = 100

#provide_token(qualifier: :delegated) ⇒ `Object`

# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 81

def provide_token(qualifier: :delegated)
  token = find_cached_token(qualifier)
  return nil unless token

  data = Legion::Extensions::Identity::Entra::Helpers::TokenManager.token_data(qualifier, refresh: false)
  build_lease(
    provider:   :entra_delegated,
    credential: token,
    expires_at: data&.dig(:expires_at) || (Time.now + 3600),
    renewable:  !data&.dig(:refresh_token).nil?,
    metadata:   { qualifier: qualifier, scopes: data&.dig(:scopes) }.compact
  )
end

#provider_name ⇒ `Object`

13	# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 13 def provider_name = :entra_delegated

#provider_type ⇒ `Object`

14	# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 14 def provider_type = :auth

#refresh ⇒ `Object`

# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 59

def refresh
  log.debug('Delegated::Identity.refresh: attempting token refresh')
  data = Legion::Extensions::Identity::Entra::Helpers::TokenManager.token_data(:delegated, refresh: true)
  if data && !Legion::Extensions::Identity::Entra::Helpers::TokenManager.expired?(data)
    Legion::Extensions::Identity::Entra::Client.reset!(pattern: :delegated)
    log.info('Delegated::Identity.refresh: token refreshed successfully')
    true
  else
    log.warn('Delegated::Identity.refresh: token refresh returned expired or nil data')
    false
  end
rescue StandardError => e
  handle_exception(e, level: :warn, operation: 'delegated.identity.refresh')
  false
end

#resolve ⇒ `Object`

# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 20

def resolve
  log.debug('Delegated::Identity.resolve: starting identity resolution')
  token = find_cached_token
  unless token
    log.debug('Delegated::Identity.resolve: no cached token, cannot resolve')
    return nil
  end

  profile = Legion::Extensions::Identity::Entra::Helpers::GraphClient.fetch_me(token)
  unless profile
    log.warn('Delegated::Identity.resolve: Graph /me returned nil')
    return nil
  end

  canonical = profile[:on_premises_sam_account_name] || profile[:mail_nickname]
  if canonical.nil? || canonical.empty?
    log.warn('Delegated::Identity.resolve: no canonical name in profile')
    return nil
  end

  log.info("Delegated::Identity.resolve: resolved identity canonical=#{normalize(canonical)}")
  {
    canonical_name:    normalize(canonical),
    kind:              :human,
    source:            :entra_delegated,
    provider_identity: profile[:id],
    profile:           profile,
    employee_id:       profile[:employee_id]
  }
end

#resolve_all ⇒ `Object`

# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 51

def resolve_all
  accounts = Legion::Extensions::Identity::Entra::Helpers::AccountDiscovery.resolve_all_accounts
  return accounts unless accounts.empty?

  result = resolve
  result ? [result] : []
end

#trust_level ⇒ `Object`

17	# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 17 def trust_level = :verified

#trust_weight ⇒ `Object`

16	# File 'lib/legion/extensions/identity/entra/delegated/identity.rb', line 16 def trust_weight = 40

Module: Legion::Extensions::Identity::Entra::Delegated::Identity

Instance Method Summary collapse

Instance Method Details

#capabilities ⇒ Object

#normalize(val) ⇒ Object

#priority ⇒ Object

#provide_token(qualifier: :delegated) ⇒ Object

#provider_name ⇒ Object

#provider_type ⇒ Object

#refresh ⇒ Object

#resolve ⇒ Object

#resolve_all ⇒ Object

#trust_level ⇒ Object

#trust_weight ⇒ Object

#capabilities ⇒ `Object`

#normalize(val) ⇒ `Object`

#priority ⇒ `Object`

#provide_token(qualifier: :delegated) ⇒ `Object`

#provider_name ⇒ `Object`

#provider_type ⇒ `Object`

#refresh ⇒ `Object`

#resolve ⇒ `Object`

#resolve_all ⇒ `Object`

#trust_level ⇒ `Object`

#trust_weight ⇒ `Object`