authlete 0.3.6 → 0.3.7

data/lib/authlete/model/response/authentication-callback-response.rb

@@ -0,0 +1,54 @@
+# :nodoc:
+#
+# Copyright (C) 2014-2015 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Authlete
+  module Model
+    module Response
+      # == Authlete::Model::Response::AuthenticationCallbackResponse class
+      #
+      # This class represents a response from an authentication callback endpoint.
+      class AuthenticationCallbackResponse
+        include Authlete::Utility
+        # True when the end-user has been authenticated (= is a valid user).
+        attr_accessor :authenticated
+
+        # The unique identifier of the end-user.
+        attr_accessor :subject
+
+        # Pieces of information about the end-user in JSON format.
+        attr_accessor :claims
+
+        # The constructor which takes a hash that represents a JSON response
+        # from an authentication callback endpoint.
+        def initialize(hash = {})
+          @authenticated = extract_boolean_value(hash, :authenticated)
+          @subject       = extract_value(hash, :subject)
+          @claims        = extract_value(hash, :claims)
+        end
+
+        # Generate an array which is usable as a Rack response from this instance.
+        def to_rack_response
+          to_rack_response_json(200, JSON.generate(
+            :authenticated => @authenticated,
+            :subject       => @subject,
+            :claims        => @claims
+          ))
+        end
+      end
+    end
+  end
+end

data/lib/authlete/model/response/authorization-fail-response.rb

@@ -0,0 +1,47 @@
+# :nodoc:
+#
+# Copyright (C) 2014-2015 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Authlete
+  module Model
+    module Response
+      # == Authlete::Model::Response::AuthorizationFailResponse class
+      #
+      # This class represents a response from Authlete's /api/auth/authorization/fail API.
+      class AuthorizationFailResponse < Authlete::Model::Response::Result
+        # The next action that the service implementation should take.
+        # (String)
+        attr_accessor :action
+
+        # The response content which can be used to generate a response
+        # to the client application. The format of the value varies
+        # depending on the value of "action". (String)
+        attr_accessor :response_content
+
+        private
+
+        # The constructor which takes a hash that represents a JSON response
+        # from Authlete's /api/auth/authorization/fail API.
+        def initialize(hash = {})
+          super(hash)
+
+          @action           = extract_value(hash, :action)
+          @response_content = extract_value(hash, :responseContent)
+        end
+      end
+    end
+  end
+end

data/lib/authlete/model/response/authorization-issue-response.rb

@@ -0,0 +1,47 @@
+# :nodoc:
+#
+# Copyright (C) 2014-2015 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Authlete
+  module Model
+    module Response
+      # == Authlete::Model::Response::AuthorizationIssueResponse class
+      #
+      # This class represents a response from Authlete's /api/auth/authorization/issue API.
+      class AuthorizationIssueResponse < Authlete::Model::Response::Result
+        # The next action that the service implementation should take.
+        # (String)
+        attr_accessor :action
+
+        # The response content which can be used to generate a response
+        # to the client application. The format of the value varies
+        # depending on the value of "action". (String)
+        attr_accessor :response_content
+
+        private
+
+        # The constructor which takes a hash that represents a JSON response
+        # from Authlete's /api/auth/authorization/issue API.
+        def initialize(hash = {})
+          super(hash)
+
+          @action           = extract_value(hash, :action)
+          @response_content = extract_value(hash, :responseContent)
+        end
+      end
+    end
+  end
+end

data/lib/authlete/model/response/authorization-response.rb

@@ -0,0 +1,146 @@
+# :nodoc:
+#
+# Copyright (C) 2014-2015 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Authlete
+  module Model
+    module Response
+      # == Authlete::Model::Response::AuthorizationResponse class
+      #
+      # This class represents a response from Authlete's /api/auth/authorization API.
+      class AuthorizationResponse < Authlete::Model::Response::Result
+        # The flag which indicates whether the end-user authentication
+        # must satisfy one of the requested ACRs. (BOOLEAN)
+        attr_accessor :acr_essential
+
+        # The list of ACRs (Authentication Context Class References)
+        # requested by the client application.
+        # The value come from (1) "acr" claim in "claims" request parameter,
+        # (2) "acr_values" request parameter or (3) "default_acr_values"
+        # configuration parameter of the client application.
+        # (String array)
+        attr_accessor :acrs
+
+        # The next action that the service implementation should take.
+        # (String)
+        attr_accessor :action
+
+        # The list of preferred languages and scripts for claim
+        # values contained in the ID token. The value comes from
+        # "claims_locales" request parameter. (String array)
+        attr_accessor :claim_locales
+
+        # The list of claims that the client application requests
+        # to be embedded in the ID token. The value comes from
+        # "scope" and "claims" request parameters of
+        # the original authorization request. (String array)
+        attr_accessor :claims
+
+        # The information about the client application which has made
+        # the authorization request. (Client)
+        attr_accessor :client
+
+        # The display mode which the client application requests
+        # by "display" request parameter. When the authorization
+        # request does not contain "display" request parameter,
+        # this method returns "PAGE" as the default value.
+        # (String)
+        attr_accessor :display
+
+        # The value of login hint, which is specified by the client
+        # application using "login_hint" request parameter.
+        # (String)
+        attr_accessor :login_hint
+
+        # The prompt that the UI displayed to the end-user must satisfy
+        # at least. The value comes from "prompt" request parameter.
+        # When the authorization request does not contain "prompt"
+        # parameter, this method returns "CONSENT CONSENT" as
+        # the default value. (String)
+        attr_accessor :lowest_prompt
+
+        # The maximum authentication age which is the allowable
+        # elapsed time in seconds since the last time the end-user
+        # was actively authenticated by the service implementation.
+        # The value comes from "max_age" request parameter
+        # or "default_max_age" configuration parameter of
+        # the client application. 0 may be returned which means
+        # that the max age constraint does not have to be imposed.
+        # (Integer)
+        attr_accessor :max_age
+
+        # The response content which can be used to generate a response
+        # to the client application. The format of the value varies
+        # depending on the value of "action". (String)
+        attr_accessor :response_content
+
+        # The scopes which the client application requests by "scope"
+        # request parameter. When the authorization request does
+        # not contain "scope" request parameter, this method
+        # returns a list of scopes which are marked as default by the
+        # service implementation. "null" may be returned if the
+        # authorization request does not contain valid scopes and none
+        # of registered scopes is marked as default.
+        # (Scope array)
+        attr_accessor :scopes
+
+        # The subject (= end-user's login ID) that the client
+        # application requests. The value comes from "sub"
+        # claim in "claims" request parameter. This method
+        # may return null (probably in most cases).
+        # (String)
+        attr_accessor :subject
+
+        # The ticket which has been issued to the service implementation
+        # from Authlete's /api/auth/authorization API. This ticket is
+        # needed for /api/auth/authorization/issue API and
+        # /api/auth/authorization/fail API. (String)
+        attr_accessor :ticket
+
+        # The list of preferred languages and scripts for the user
+        # interface. The value comes from "ui_locales" request
+        # parameter. (String array)
+        attr_accessor :ui_locales
+
+        private
+
+        # The constructor which takes a hash that represents a JSON response
+        # from Authlete's /api/auth/authorization API.
+        def initialize(hash = {})
+          super(hash)
+
+          @acr_essential    = extract_value(hash, :acrEssential)
+          @acrs             = extract_value(hash, :acrs)
+          @action           = extract_value(hash, :action)
+          @claim_locales    = extract_value(hash, :claimLocales)
+          @claims           = extract_value(hash, :claims)
+          @client           = Authlete::Model::Client.new(extract_value(hash, :client))
+          @display          = extract_value(hash, :display)
+          @login_hint       = extract_value(hash, :loginHint)
+          @lowest_prompt    = extract_value(hash, :lowestPrompt)
+          @max_age          = extract_value(hash, :maxAge)
+          @response_content = extract_value(hash, :responseContent)
+          @scopes           = extract_array_value(hash, :scopes) do |element|
+            Authlete::Model::Scope.parse(element)
+          end
+          @subject          = extract_value(hash, :subject)
+          @ticket           = extract_value(hash, :ticket)
+          @ui_locales       = extract_value(hash, :uiLocales)
+        end
+      end
+    end
+  end
+end

data/lib/authlete/model/response/developer-authentication-callback-response.rb

@@ -0,0 +1,56 @@
+# :nodoc:
+#
+# Copyright (C) 2014-2015 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Authlete
+  module Model
+    module Response
+      # == Authlete::Model::Response::DeveloperAuthenticationCallbackResponse class
+      #
+      # This class represents a response from a developer authentication callback endpoint.
+      class DeveloperAuthenticationCallbackResponse
+        include Authlete::Utility
+        # True when the developer has been authenticated (= is a valid developer).
+        attr_accessor :authenticated
+
+        # The unique identifier of the developer.
+        attr_accessor :subject
+
+        # The display name of the developer.
+        attr_accessor :displayName
+        alias_method  :display_name,  :displayName
+        alias_method  :display_name=, :displayName=
+
+        # The constructor which takes a hash that represents a JSON response
+        # from a developer authentication callback endpoint.
+        def initialize(hash = {})
+          @authenticated = extract_boolean_value(hash, :authenticated)
+          @subject       = extract_value(hash, :subject)
+          @displayName   = extract_value(hash, :displayName)
+        end
+
+        # Generate an array which is usable as a Rack response from this instance.
+        def to_rack_response
+          to_rack_response_json(200, JSON.generate(
+            :authenticated => @authenticated,
+            :subject       => @subject,
+            :displayName   => @displayName
+          ))
+        end
+      end
+    end
+  end
+end

data/lib/authlete/model/response/introspection-response.rb

@@ -0,0 +1,129 @@
+# :nodoc:
+#
+# Copyright (C) 2014-2015 Authlete, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Authlete
+  module Model
+    module Response
+      # == Authlete::Model::Response::IntrospectionResponse class
+      #
+      # A class that represents a response from Authlete's
+      # /api/auth/introspection API.
+      class IntrospectionResponse < Authlete::Model::Response::Result
+        # The next action which the caller of the API should take next.
+        attr_accessor :action
+
+        # The ID of the client application which is associated with
+        # the access token.
+        attr_accessor :client_id
+
+        # The subject which is associated with the access token.
+        # This is <tt>nil</tt> if the access token was created
+        # through {Client Credentials Flow}[https://tools.ietf.org/html/rfc6749#section-4.4].
+        attr_accessor :subject
+
+        # The scopes which is associated with the access token.
+        attr_accessor :scopes
+
+        # True when the access token exists.
+        attr_accessor :existent
+
+        # True when the access token is usable (= exists and has not expired).
+        attr_accessor :usable
+
+        # True when the access token covers all the scopes (if specified).
+        attr_accessor :sufficient
+
+        # True when the access token can be refreshed using its corresponding
+        # refresh token.
+        attr_accessor :refreshable
+
+        # The content of the error response that the service implementation
+        # should return to the client application.
+        attr_accessor :response_content
+
+        # The constructor which takes a hash that represents a JSON response
+        # from /api/auth/introspection API.
+        def initialize(hash = {})
+          super(hash)
+
+          @action           = extract_value(hash, :action)
+          @client_id        = extract_value(hash, :clientId)
+          @subject          = extract_value(hash, :subject)
+          @scopes           = extract_value(hash, :scopes)
+          @existent         = extract_boolean_value(hash, :existent)
+          @usable           = extract_boolean_value(hash, :usable)
+          @sufficient       = extract_boolean_value(hash, :sufficient)
+          @refreshable      = extract_boolean_value(hash, :refreshable)
+          @response_content = extract_value(hash, :responseContent)
+        end
+
+        alias_method :existent?,    :existent
+        alias_method :exists,       :existent
+        alias_method :exists?,      :existent
+        alias_method :exist,        :existent
+        alias_method :exist?,       :existent
+        alias_method :usable?,      :usable
+        alias_method :sufficient?,  :sufficient
+        alias_method :refreshable?, :refreshable
+
+        # Generate an array which is usable as a Rack response from this instance.
+        # When <tt>action</tt> method returns other value than 'OK', the array
+        # returned from this method satisfies RFC 6750.
+        def to_rack_response
+          # 'action' denotes the next action.
+          case @action
+            when 'INTERNAL_SERVER_ERROR'
+              # 500 Internal Server Error
+              #   The API request from this implementation was wrong
+              #   or an error occurred in Authlete.
+              return to_rack_response_www_authenticate(500, @response_content)
+
+            when 'BAD_REQUEST'
+              # 400 Bad Request
+              #   The request from the client application does not
+              #   contain an access token.
+              return to_rack_response_www_authenticate(400, @response_content)
+
+            when 'UNAUTHORIZED'
+              # 401 Unauthorized
+              #   The presented access token does not exist or has expired.
+              return to_rack_response_www_authenticate(401, @response_content)
+
+            when 'FORBIDDEN'
+              # 403 Forbidden
+              #   The access token does not cover the required scopes
+              #   or the subject associated with the access token is
+              #   different.
+              return to_rack_response_www_authenticate(403, @response_content)
+
+            when 'OK'
+              # The access token is valid (= exists and has not expired).
+              # Basically, the caller won't use the array returned from here.
+              # Instead, it will return the protected resource to the client
+              # application which has presented the valid access token.
+              return [ 200, nil, nil ]
+
+            else
+              # This should not happen.
+              return to_rack_response_www_authenticate(500,
+                'Bearer error="server_error",error_description="Unknown action"')
+          end
+        end
+      end
+    end
+  end
+end