class OpenID::PAPE::Response

A Provider Authentication Policy response, sent from a provider to a relying party

Attributes

auth_policies [RW]

auth_time [RW]

nist_auth_level [RW]

ns_alias [RW]

Public Class Methods

from_success_response (success_response)

Source

# File lib/openid/extensions/pape.rb, line 105
def self.from_success_response(success_response)
  args = success_response.get_signed_ns(NS_URI)
  return nil if args.nil?
  pape_resp = new
  pape_resp.parse_extension_args(args)
  return pape_resp
end

Create a Response object from an OpenID::Consumer::SuccessResponse

new (auth_policies=[], auth_time=nil, nist_auth_level=nil)

Source

# File lib/openid/extensions/pape.rb, line 90
def initialize(auth_policies=[], auth_time=nil, nist_auth_level=nil)
  @ns_alias = 'pape'
  @ns_uri = NS_URI
  @auth_policies = auth_policies
  @auth_time = auth_time
  @nist_auth_level = nist_auth_level
end

Public Instance Methods

add_policy_uri (policy_uri)

Source

# File lib/openid/extensions/pape.rb, line 100
def add_policy_uri(policy_uri)
  @auth_policies << policy_uri unless @auth_policies.member?(policy_uri)
end

Add a policy URI to the response see openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies

get_extension_args ()

Source

# File lib/openid/extensions/pape.rb, line 153
def get_extension_args
  ns_args = {}
  if @auth_policies.empty?
    ns_args['auth_policies'] = 'none'
  else
    ns_args['auth_policies'] = @auth_policies.join(' ')
  end
  if @nist_auth_level
    unless (0..4).member? @nist_auth_level
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{@nist_auth_level.inspect}"
    end
    ns_args['nist_auth_level'] = @nist_auth_level.to_s
  end

  if @auth_time
    unless @auth_time =~ TIME_VALIDATOR
      raise ArgumentError, "auth_time must be in RFC3339 format"
    end
    ns_args['auth_time'] = @auth_time
  end
  return ns_args
end

parse_extension_args (args, strict=false)

Source

# File lib/openid/extensions/pape.rb, line 117
def parse_extension_args(args, strict=false)
  policies_str = args['auth_policies']
  if policies_str and policies_str != 'none'
    @auth_policies = policies_str.split(' ')
  end

  nist_level_str = args['nist_auth_level']
  if nist_level_str
    # special handling of zero to handle to_i behavior
    if nist_level_str.strip == '0'
      nist_level = 0
    else
      nist_level = nist_level_str.to_i
      # if it's zero here we have a bad value
      if nist_level == 0
        nist_level = nil
      end
    end
    if nist_level and nist_level >= 0 and nist_level < 5
      @nist_auth_level = nist_level
    elsif strict
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{nist_level_str.inspect}"
    end
  end

  auth_time_str = args['auth_time']
  if auth_time_str
    # validate time string
    if auth_time_str =~ TIME_VALIDATOR
      @auth_time = auth_time_str
    elsif strict
      raise ArgumentError, "auth_time must be in RFC3339 format"
    end
  end
end

parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered