@@ -32,9 +32,33 @@ def initialize(
3232 end
3333
3434 def call ( parameters :, request_ip :, role :)
35+ # Verify service_id is present in the request params
36+ raise Errors ::Authentication ::AuthnJwt ::ServiceIdMissing unless parameters [ :service_id ] . present?
37+
38+ identifier = "#{ @authenticator_type } #{ parameters [ :service_id ] }
39+
40+ role_permitted? ( role : role , authenticator_identifier : identifier , request_ip : request_ip , account : parameters [ :account ] )
41+
42+ # Load Authenticator policy and values (validates data stored as variables)
43+ unless ( authenticator = @authn_repo . find ( type : @authenticator_type , account : parameters [ :account ] , service_id : parameters [ :service_id ] ) )
44+ raise (
45+ Errors ::Conjur ::RequestedResourceNotFound ,
46+ "Unable to find authenticator with account: #{ parameters [ :account ] } #{ parameters [ :service_id ] }
47+ )
48+ end
49+
50+ # Run checks on authenticator strategy
51+ @strategy . new (
52+ authenticator : authenticator
53+ ) . verify_status
54+ end
55+
56+ private
57+
58+ def role_permitted? ( authenticator_identifier :, request_ip :, account :, role :)
3559 # verify authenticator is whitelisted....
36- unless @available_authenticators . enabled_authenticators . include? ( " #{ parameters [ :authenticator ] } / #{ parameters [ :service_id ] } " )
37- raise Errors ::Authentication ::Security ::AuthenticatorNotWhitelisted , " #{ parameters [ :authenticator ] } / #{ parameters [ :service_id ] } "
60+ unless @available_authenticators . enabled_authenticators . include? ( authenticator_identifier )
61+ raise Errors ::Authentication ::Security ::AuthenticatorNotWhitelisted , authenticator_identifier
3862 end
3963
4064 # Verify request IP is valid
@@ -43,42 +67,24 @@ def call(parameters:, request_ip:, role:)
4367 raise Errors ::Authentication ::InvalidOrigin
4468 end
4569
46- # Verify service_id is present in the request params
47- unless parameters [ :service_id ] . present?
48- raise Errors ::Authentication ::AuthnJwt ::ServiceIdMissing
49- end
50-
5170 # Verify webservices exists for authenticator and authenticator status
52- authenticator_webservice = "#{ parameters [ : account] } #{ @authenticator_type } / #{ parameters [ :service_id ] }
71+ authenticator_webservice = "#{ account } #{ authenticator_identifier }
5372 if @resource [ authenticator_webservice ] . blank?
5473 raise Errors ::Authentication ::Security ::WebserviceNotFound , authenticator_webservice
5574 end
5675
5776 unless ( status_webservice = @resource [ "#{ authenticator_webservice } ] )
58- raise Errors ::Authentication ::Security ::WebserviceNotFound , "#{ @authenticator_type } / #{ parameters [ :service_id ] }
77+ raise Errors ::Authentication ::Security ::WebserviceNotFound , "#{ authenticator_identifier }
5978 end
6079
6180 # Verify role is allowed to use the Status endpoint
62- unless role . allowed_to? ( :read , status_webservice )
63- raise Errors ::Authentication ::Security ::RoleNotAuthorizedOnResource . new (
64- role . identifier ,
65- :read ,
66- status_webservice . id
67- )
68- end
69-
70- # Load Authenticator policy and values (validates data stored as variables)
71- unless ( authenticator = @authn_repo . find ( type : @authenticator_type , account : parameters [ :account ] , service_id : parameters [ :service_id ] ) )
72- raise (
73- Errors ::Conjur ::RequestedResourceNotFound ,
74- "Unable to find authenticator with account: #{ parameters [ :account ] } #{ parameters [ :service_id ] }
75- )
76- end
81+ return true if role . allowed_to? ( :read , status_webservice )
7782
78- # Run checks on authenticator strategy
79- @strategy . new (
80- authenticator : authenticator
81- ) . verify_status
83+ raise Errors ::Authentication ::Security ::RoleNotAuthorizedOnResource . new (
84+ role . identifier ,
85+ :read ,
86+ status_webservice . id
87+ )
8288 end
8389 end
8490 end
0 commit comments