Class: Legion::Extensions::Identity::Entra::Helpers::BrowserAuth

Inherits:

Object

• Object
• Legion::Extensions::Identity::Entra::Helpers::BrowserAuth

Includes:

Logging::Helper, Settings::Helper

Defined in:

lib/legion/extensions/identity/entra/helpers/browser_auth.rb

Instance Attribute Summary

• #client_id ⇒ Object readonly

  Returns the value of attribute client_id.

• #scopes ⇒ Object readonly

  Returns the value of attribute scopes.

• #tenant_id ⇒ Object readonly

  Returns the value of attribute tenant_id.

Class Method Summary

• .default_scopes ⇒ Object

Instance Method Summary

• #api_hook_available? ⇒ Boolean
• #authenticate ⇒ Object
• #generate_pkce ⇒ Object
• #gui_available? ⇒ Boolean
• #hook_redirect_uri ⇒ Object
• #initialize(tenant_id:, client_id:, scopes: self.class.default_scopes, auth: nil, force_local_server: false) ⇒ BrowserAuth constructor

  A new instance of BrowserAuth.

• #open_browser(url) ⇒ Object

Constructor Details

#initialize(tenant_id:, client_id:, scopes: self.class.default_scopes, auth: nil, force_local_server: false) ⇒ BrowserAuth

Returns a new instance of BrowserAuth.

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 26

def initialize(tenant_id:, client_id:, scopes: self.class.default_scopes, auth: nil, force_local_server: false, **)
  @tenant_id = tenant_id
  @client_id = client_id
  @scopes = scopes
  @auth = auth || Object.new.extend(Legion::Extensions::Identity::Entra::Delegated::Runners::Login)
  @force_local_server = force_local_server
  log.debug("BrowserAuth initialized: tenant=#{tenant_id} client=#{client_id} force_local=#{force_local_server}")
  log.info("BrowserAuth scopes: #{@scopes}")
end

Instance Attribute Details

#client_id ⇒ Object (readonly)

Returns the value of attribute client_id.

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 24

def client_id
  @client_id
end

#scopes ⇒ Object (readonly)

Returns the value of attribute scopes.

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 24

def scopes
  @scopes
end

#tenant_id ⇒ Object (readonly)

Returns the value of attribute tenant_id.

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 24

def tenant_id
  @tenant_id
end

Class Method Details

.default_scopes ⇒ Object

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 20

def self.default_scopes
  Legion::Extensions::Identity::Entra::Helpers::Scopes.resolve(pattern: :delegated)
end

Instance Method Details

#api_hook_available? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 46

def api_hook_available?
  return false if @force_local_server
  return false unless defined?(Legion::API) && defined?(Legion::Events)
  return false unless defined?(Legion::Extensions::Hooks::Base)

  hook_route_registered?
end

#authenticate ⇒ Object

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 36

def authenticate
  if gui_available?
    log.info('BrowserAuth: GUI available, using browser auth')
    authenticate_browser
  else
    log.info('BrowserAuth: no GUI detected, using device code flow')
    authenticate_device_code
  end
end

#generate_pkce ⇒ Object

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 59

def generate_pkce
  verifier = SecureRandom.hex(32)
  challenge = [Digest::SHA256.digest(verifier)].pack('m0').tr('+/', '-_').delete('=')
  log.debug('BrowserAuth: PKCE challenge generated')
  [verifier, challenge]
end

#gui_available? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 66

def gui_available?
  os = host_os
  return true if /darwin|mswin|mingw/.match?(os)

  !ENV['DISPLAY'].nil? || !ENV['WAYLAND_DISPLAY'].nil?
end

#hook_redirect_uri ⇒ Object

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 54

def hook_redirect_uri
  port = Legion::Settings.dig(:api, :port) || 4567
  "http://127.0.0.1:#{port}/api/extensions/identity/entra/hooks/auth/handle"
end

#open_browser(url) ⇒ Object

# File 'lib/legion/extensions/identity/entra/helpers/browser_auth.rb', line 73

def open_browser(url)
  cmd = case host_os
        when /darwin/ then 'open'
        when /linux/ then 'xdg-open'
        when /mswin|mingw/ then 'start'
        end
  unless cmd
    log.warn('BrowserAuth: no browser command found for this OS')
    return false
  end

  log.debug("BrowserAuth: opening browser with #{cmd}")
  system(cmd, url)
end