gitlabhq/step_up_authentication_flow.rb at master

mirror of https://github.com/gitlabhq/gitlabhq.git synced 2025-08-06 11:10:08 +00:00

Files

GitLab Bot 7f6d9b793d Add latest changes from gitlab-org/gitlab@master

2025-07-23 00:16:21 +00:00

90 lines

2.4 KiB

Ruby

Raw Permalink Blame History

 # frozen_string_literal: true
 module Gitlab
   module Auth
     module Oidc
       class StepUpAuthenticationFlow
         STATE_REQUESTED = :requested
         STATE_SUCCEEDED = :succeeded
         STATE_FAILED = :failed
         attr_reader :session, :provider, :scope
         def initialize(session:, provider:, scope:)
           @session = session
           @provider = provider
           @scope = scope
         end
         def requested?
           state.to_s == STATE_REQUESTED.to_s
         end
         def succeeded?
           state.to_s == STATE_SUCCEEDED.to_s
         end
         def rejected?
           state.to_s == STATE_FAILED.to_s
         end
         def enabled_by_config?
           ::Gitlab::Auth::Oidc::StepUpAuthentication.enabled_for_provider?(provider_name: provider, scope: scope)
         end
         def evaluate!(oidc_id_token_claims)
           oidc_id_token_claims =
             ::Gitlab::Auth::Oidc::StepUpAuthentication.slice_relevant_id_token_claims(
               oauth_raw_info: oidc_id_token_claims,
               provider: provider,
               scope: scope
             )
           if conditions_fulfilled?(oidc_id_token_claims)
             succeed!
           else
             fail!
           end
         end
         def request!
           update_session_state(STATE_REQUESTED)
         end
         def succeed!
           update_session_state(STATE_SUCCEEDED)
         end
         def fail!
           update_session_state(STATE_FAILED)
         end
         private
         def state
           provider_scope_session_data&.[]('state').to_s.presence
         end
         def provider_scope_session_data
           omniauth_step_up_auth_session_data&.[](provider.to_s)&.[](scope.to_s)
         end
         def update_session_state(new_state)
           omniauth_step_up_auth_session_data[provider.to_s] ||= {}
           omniauth_step_up_auth_session_data[provider.to_s][scope.to_s] ||= {}
           omniauth_step_up_auth_session_data[provider.to_s][scope.to_s]['state'] = new_state.to_s
         end
         def omniauth_step_up_auth_session_data
           ::Gitlab::Auth::Oidc::StepUpAuthentication.omniauth_step_up_auth_session_data(session)
         end
         def conditions_fulfilled?(oidc_id_token_claims)
           ::Gitlab::Auth::Oidc::StepUpAuthentication
             .conditions_fulfilled?(oauth_extra_metadata: oidc_id_token_claims, provider: provider, scope: scope)
         end
       end
     end
   end
 end

90 lines 2.4 KiB Ruby Raw Permalink Blame History

90 lines

2.4 KiB

Ruby

Raw Permalink Blame History