Class: UU::OS::Security::Session

Inherits:
Object
  • Object
show all
Extended by:
Encryption
Defined in:
uu_os_framework-0.10.6/lib/uu/os/security/session.rb

Overview

Service representing session.

Constant Summary

Class Method Summary (collapse)

Methods included from Encryption

decrypt, encrypt

Class Method Details

+ (UU::OS::UESURI) get_access_role(territory_uri)

Returns access role URI of authenticated user in given territory. May return nil in case user has no access role in territory.

Parameters:

  • territory_uri (String, UU::OS::UESURI)

    URI of territory for which to get access role

Returns:



183
184
185
186
187
188
189
190
191
192
193
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 183

def self.get_access_role(territory_uri)
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getAccessRole, territory_uri)
    if (res && res != @@NULL_URI_VALUE)
      return UU::OS::UESURI.new(res)
    else
      return nil
    end
  end
end

+ (UU::OS::UESURI) get_initiator_access_role(territory_uri)

Returns access role URI of user who initiated session in given territory. May return nil in case user has no access role in territory.

Parameters:

  • territory_uri (String, UU::OS::UESURI)

    URI of territory for which to get access role

Returns:



200
201
202
203
204
205
206
207
208
209
210
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 200

def self.get_initiator_access_role(territory_uri)
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getInitiatorAccessRole, territory_uri)
    if (res && res != @@NULL_URI_VALUE)
      return UU::OS::UESURI.new(res)
    else
      return nil
    end
  end
end

+ (UU::OS::UESURI) get_initiator_personal_role

Returns personal role URI of user who initiated session (did the first login).

Returns:



170
171
172
173
174
175
176
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 170

def self.get_initiator_personal_role
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getInitiatorPersonalRole)
    return UU::OS::UESURI.new(res)
  end
end

+ (UU::OS::UESURI) get_personal_role

Returns personal role URI of the authenticated user.

Returns:



159
160
161
162
163
164
165
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 159

def self.get_personal_role
  svc = UU::OS::REST::RemoteClient.new(Session)
  UU::OS::QoS::QoSHandler.auto_retry do
    res = svc.get(:getPersonalRole)
    return UU::OS::UESURI.new(res)
  end
end

+ (Boolean) logged_in?

Check if user is logged in.

Returns:

  • (Boolean) 


148
149
150
151
152
153
154
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 148

def self.logged_in?
  if (Thread.current[@@AUTHN_TOKEN_PARAM]) && (Thread.current[@@AUTHN_TOKEN_PARAM].size > 0)
    true
  else
    false
  end
end

+ (Object) login(*credentials)

Log user in.

Parameters:

  • credentials (*String)

    Valid parameters are:

    • Security realm, access code 1, access code 2

    • access code 1, access code 2 (uses default security realm)

    • Path to password file (absolute or relative to uu home)

    • HTTP authorization token



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 63

def self.(*credentials)
  # TODO Since there are many problems with masking of user input, interactive login prompt is temporarily disabled
  #if (credentials.nil?) || (credentials.size == 0)
  #  # Read credentials from user input
  #  begin
  #    Timeout::timeout(120) do
  #      credentials = get_credentials
  #    end
  #  rescue Timeout::Error
  #    raise 'Access codes were not provided in given time of 2 minutes.'
  #  end
  #end
  # Check input parameters
  if (credentials.nil?) || (credentials.size < 1) || (credentials.size > 3)
    raise ArgumentError.new('Wrong number of arguments. Valid parameters are "securityRealm, accessCode1, accessCode2", "accessCode1, accessCode2", "authToken" or "passwdFile"')
  end
  if credentials.size == 1  # Input is auth token or password file
    path = credentials[0]
    if !File.exists?path
      path = File.join(password_files_dir, path)
    end
    if File.file?path # password file
      crd = UU::OS::Env::Environment.load_configuration(path)
      unless crd['accessCode1']
        # the file probably contains encrypted data
        crd = decrypt_passwd_file(path)
      end
      acc1 = crd['accessCode1']
      acc2 = crd['accessCode2']
      realm = crd['securityRealm']

      if realm.nil?
        tmpToken = acc1 << ':' << acc2
      else
        acc1 = acc1.gsub('@', '\@')
        # if realm is "untrusted" => try to load app secret and switch to trusted
        app_secret = get_app_secret if realm == app_secret_untrusted_realm
        if app_secret.nil?
          tmpToken = acc1 << '@' << realm << ':' << acc2
        else
          tmpToken = acc1 << '@' << app_secret_trusted_realm << ':' << acc2 << app_secret
        end
      end
      tmpToken = "Basic #{Base64.strict_encode64(tmpToken)}"
    else # auth token
      tmpToken = credentials[0]
    end
  elsif credentials.size == 2 # Input is access code 1 and 2
    acc1 = credentials[0].to_s.dup
    acc2 = credentials[1].to_s.dup
    tmpToken = "Basic #{Base64.strict_encode64(acc1 << ':' << acc2)}"
  elsif credentials.size == 3 # Input is security realm, access code 1 and 2
    realm = credentials[0].to_s.dup
    acc1 = credentials[1].to_s.gsub('@', '\@')
    acc2 = credentials[2].to_s.dup

    # if realm is "untrusted" => try to load app secret and switch to trusted
    app_secret = get_app_secret if realm == app_secret_untrusted_realm
    if app_secret.nil?
      tmpToken = acc1 << '@' << realm << ':' << acc2
    else
      tmpToken = acc1 << '@' << app_secret_trusted_realm << ':' << acc2 << app_secret
    end
    tmpToken = "Basic #{Base64.strict_encode64(tmpToken)}"
  end
  if tmpToken[/^[bB][eE][aA][rR][eE][rR]/]
    # TODO Until UDS and AppLog relies on application URI in JWT
    # token, we cannot generate new chained JTW token replacing
    # existing one. So we only evaluate original token.
    svc = UU::OS::REST::RemoteClient.new(UU::OS::Security, @@HANDSHAKE_PATH)
    svc.auth_token=tmpToken
    svc.get(:handshake, nil)
  else
    # Evaluate token, and obtain new JWT token
    # Send also previous token (if available) to create auth chain
    svc = UU::OS::REST::RemoteClient.new(Session)
    svc.auth_token=tmpToken
    tmpToken = svc.post(:login, nil, get_authn_token).gsub('"', '')
  end
  # Obtaining of JWT token passed - We have valid token
  put_authn_token(tmpToken)
  return true
end

+ (Object) logout(all = false)

Log user out.

Parameters:

  • all (TrueClass, FalseClass) (defaults to: false)

    If true, logout removes all tokens (otherwise only the last one)



215
216
217
218
219
220
221
222
223
224
 
# File 'uu_os_framework-0.10.6/lib/uu/os/security/session.rb', line 215

def self.logout(all = false)
  # TODO We should also call logout on server once service is implemented.
  if all
    Thread.current[@@AUTHN_TOKEN_PARAM] = nil
  elsif self.logged_in?
    Thread.current[@@AUTHN_TOKEN_PARAM][-1] = nil
    Thread.current[@@AUTHN_TOKEN_PARAM].compact!
  end
  return
end