class OpenID::PAPE::Response

A Provider Authentication Policy response, sent from a provider to a relying party

Attributes

auth_policies[RW]
auth_time[RW]
nist_auth_level[RW]
ns_alias[RW]

Public Class Methods

from_success_response(success_response) click to toggle source

Create a Response object from an OpenID::Consumer::SuccessResponse

# File lib/openid/extensions/pape.rb, line 105
def self.from_success_response(success_response)
  args = success_response.get_signed_ns(NS_URI)
  return nil if args.nil?
  pape_resp = new
  pape_resp.parse_extension_args(args)
  return pape_resp
end
new(auth_policies=[], auth_time=nil, nist_auth_level=nil) click to toggle source
# File lib/openid/extensions/pape.rb, line 90
def initialize(auth_policies=[], auth_time=nil, nist_auth_level=nil)
  @ns_alias = 'pape'
  @ns_uri = NS_URI
  @auth_policies = auth_policies
  @auth_time = auth_time
  @nist_auth_level = nist_auth_level
end

Public Instance Methods

add_policy_uri(policy_uri) click to toggle source

Add a policy URI to the response see openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies

# File lib/openid/extensions/pape.rb, line 100
def add_policy_uri(policy_uri)
  @auth_policies << policy_uri unless @auth_policies.member?(policy_uri)
end
get_extension_args() click to toggle source
# File lib/openid/extensions/pape.rb, line 153
def get_extension_args
  ns_args = {}
  if @auth_policies.empty?
    ns_args['auth_policies'] = 'none'
  else
    ns_args['auth_policies'] = @auth_policies.join(' ')
  end
  if @nist_auth_level
    unless (0..4).member? @nist_auth_level
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{@nist_auth_level.inspect}"
    end
    ns_args['nist_auth_level'] = @nist_auth_level.to_s
  end

  if @auth_time
    unless @auth_time =~ TIME_VALIDATOR
      raise ArgumentError, "auth_time must be in RFC3339 format"
    end
    ns_args['auth_time'] = @auth_time
  end
  return ns_args
end
parse_extension_args(args, strict=false) click to toggle source

parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered

# File lib/openid/extensions/pape.rb, line 117
def parse_extension_args(args, strict=false)
  policies_str = args['auth_policies']
  if policies_str and policies_str != 'none'
    @auth_policies = policies_str.split(' ')
  end

  nist_level_str = args['nist_auth_level']
  if nist_level_str
    # special handling of zero to handle to_i behavior
    if nist_level_str.strip == '0'
      nist_level = 0
    else
      nist_level = nist_level_str.to_i
      # if it's zero here we have a bad value
      if nist_level == 0
        nist_level = nil
      end
    end
    if nist_level and nist_level >= 0 and nist_level < 5
      @nist_auth_level = nist_level
    elsif strict
      raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{nist_level_str.inspect}"
    end
  end

  auth_time_str = args['auth_time']
  if auth_time_str
    # validate time string
    if auth_time_str =~ TIME_VALIDATOR
      @auth_time = auth_time_str
    elsif strict
      raise ArgumentError, "auth_time must be in RFC3339 format"
    end
  end
end