Module: Legion::Extensions::Identity::Kerberos::Helpers::Resolver

Defined in:
lib/legion/extensions/identity/kerberos/helpers/resolver.rb

Class Method Summary collapse

Class Method Details

.extract_realm(principal_str) ⇒ Object

Extracts the realm portion (after @) from a principal string, or nil.



29
30
31
32
 
# File 'lib/legion/extensions/identity/kerberos/helpers/resolver.rb', line 29

def extract_realm(principal_str)
  parts = principal_str.to_s.split('@', 2)
  parts.length > 1 ? parts.last : nil
end

.extract_username(principal_str) ⇒ Object

Extracts the username portion (before @REALM) from a principal string.



21
22
23
24
25
26
 
# File 'lib/legion/extensions/identity/kerberos/helpers/resolver.rb', line 21

def extract_username(principal_str)
  str = principal_str.to_s
  return str if str.empty?

  str.split('@', 2).first || str
end

.principalObject

Returns the raw Kerberos principal string (e.g. “miverso2@MS.DS.UHC.COM”) from Legion::Crypt if available, or nil.



13
14
15
16
17
18
 
# File 'lib/legion/extensions/identity/kerberos/helpers/resolver.rb', line 13

def principal
  return nil unless defined?(Legion::Crypt)
  return nil unless Legion::Crypt.respond_to?(:kerberos_principal)

  Legion::Crypt.kerberos_principal
end

.resolve_identityObject

Returns a resolved identity hash or nil when no principal is available.



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/legion/extensions/identity/kerberos/helpers/resolver.rb', line 35

def resolve_identity
  raw = principal
  return nil if raw.nil? || raw.empty?

  username = extract_username(raw)
  realm    = extract_realm(raw)

  canonical = username.downcase.strip.gsub(/[^a-z0-9_-]/, '')
  return nil if canonical.empty?

  {
    canonical_name: canonical,
    kind:           :human,
    source:         :kerberos,
    principal:      raw,
    realm:          realm,
    groups:         []
  }
end