module Maestrano module SSO class Session include Preset attr_accessor :session, :uid, :session_token, :recheck, :group_uid, :preset # Load a Maestrano::SSO::Session object from a # hash generated by Maestrano::SSO::BaseUser#to_hash def self.from_user_auth_hash(session, auth) instance = self.new({}) instance.session = session if (extra = (auth[:extra] || auth['extra'])) && (sso_session = (extra[:session] || extra['session'])) instance.uid = (sso_session[:uid] || sso_session['uid']) instance.session_token = (sso_session[:token] || sso_session['token']) instance.group_uid = (sso_session[:group_uid] || sso_session['group_uid']) instance.preset = self.preset if recheck = (sso_session[:recheck] || sso_session['recheck']) instance.recheck = recheck end end return instance end def initialize(session) self.session = session if (self.session = session) begin if mno_session = (self.session[:maestrano] || self.session['maestrano']) decrypted_session = JSON.parse(Base64.decode64(mno_session)) self.uid = decrypted_session['uid'] self.session_token = decrypted_session['session'] self.recheck = Time.iso8601(decrypted_session['session_recheck']) self.group_uid = decrypted_session['group_uid'] self.preset = decrypted_session['preset'] end rescue end end end def remote_check_required? if self.uid && self.session_token && self.recheck return (self.recheck <= Time.now) end return true end # Check remote maestrano session and update the # recheck attribute if the session is still valid # Return true if the session is still valid and # false otherwise def perform_remote_check # Get remote session info url = Maestrano::SSO[self.preset].session_check_url(self.uid, self.session_token) begin response = RestClient.get(url) response = JSON.parse(response) rescue Exception => e response = {} end # Process response if response['valid'] && response['recheck'] self.recheck = Time.iso8601(response['recheck']) return true end return false end # Check whether this mno session is valid or not # Return true if SLO is disabled (via sso.slo_enabled config # param) # Return false if no session defined # --- # opts: # if_session: if true then the session will be # considered valid if the http session is nil or does # not have a maestrano key. Useful when the validity of # a session should be restricted to maestrano users only # within an application def valid?(opts = {}) return true unless Maestrano[self.class.preset].param('sso.slo_enabled') return true if opts[:if_session] && (!self.session || (!self.session[:maestrano] && !self.session['maestrano'])) return false unless self.session if self.remote_check_required? if perform_remote_check self.save return true else return false end end return true end def save self.session[:maestrano] = Base64.encode64({ uid: self.uid, session: self.session_token, session_recheck: self.recheck.utc.iso8601, group_uid: self.group_uid, preset: self.preset }.to_json) end end end end