-
Notifications
You must be signed in to change notification settings - Fork 246
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial work for custom lrs integration (#1035)
* Initial work for custom lrs integration * Added tests
- Loading branch information
1 parent
6116ab5
commit 5e36183
Showing
8 changed files
with
216 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# frozen_string_literal: true | ||
|
||
class LrsPayloadService | ||
def initialize(tenant:, secret:) | ||
@tenant = tenant | ||
@secret = secret | ||
end | ||
|
||
def call | ||
Rails.logger.debug { "Fetching LRS token from #{@tenant.kc_token_url}" } | ||
|
||
url = URI.parse(@tenant.kc_token_url) | ||
http = Net::HTTP.new(url.host, url.port) | ||
http.use_ssl = (url.scheme == 'https') | ||
|
||
payload = { | ||
client_id: @tenant.kc_client_id, | ||
client_secret: @tenant.kc_client_secret, | ||
username: @tenant.kc_username, | ||
password: @tenant.kc_password, | ||
grant_type: 'password' | ||
} | ||
|
||
request = Net::HTTP::Post.new(url.path) | ||
request.set_form_data(payload) | ||
|
||
response = http.request(request) | ||
|
||
if response.code.to_i != 200 | ||
Rails.logger.warn("Error #{response.message} when trying to fetch LRS Access Token") | ||
return nil | ||
end | ||
|
||
parsed_response = JSON.parse(response.body) | ||
kc_access_token = parsed_response['access_token'] | ||
|
||
lrs_payload = { | ||
lrs_endpoint: @tenant.lrs_endpoint, | ||
lrs_token: kc_access_token | ||
} | ||
|
||
# Generate a random salt | ||
salt = SecureRandom.random_bytes(8) | ||
|
||
# Generate a key and initialization vector (IV) using PBKDF2 with SHA-256 | ||
key_iv = OpenSSL::PKCS5.pbkdf2_hmac(@secret, salt, 10_000, 48, OpenSSL::Digest.new('SHA256')) | ||
key = key_iv[0, 32] # 32 bytes for the key | ||
iv = key_iv[32, 16] # 16 bytes for the IV | ||
|
||
# Encrypt the data using AES-256-CBC | ||
cipher = OpenSSL::Cipher.new('AES-256-CBC') | ||
cipher.encrypt | ||
cipher.key = key | ||
cipher.iv = iv | ||
|
||
# Encrypt and Base64 encode the data | ||
Base64.strict_encode64(Random.random_bytes(8) + salt + cipher.update(lrs_payload.to_json) + cipher.final) | ||
rescue StandardError => e | ||
Rails.logger.warn("Error #{e} when trying to compute LRS Payload") | ||
|
||
nil | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# frozen_string_literal: true | ||
|
||
require 'rails_helper' | ||
|
||
RSpec.describe LrsPayloadService, type: :service do | ||
let!(:tenant) do | ||
create(:tenant, | ||
name: 'bn', | ||
lrs_endpoint: 'https://lrs_endpoint.com', | ||
kc_token_url: 'https://token_url.com/auth/token', | ||
kc_client_id: 'client_id', | ||
kc_client_secret: 'client_secret', | ||
kc_username: 'kc_username', | ||
kc_password: 'kc_password') | ||
end | ||
|
||
describe '#call' do | ||
it 'makes a call to kc_token_url with the correct payload' do | ||
payload = { | ||
client_id: tenant.kc_client_id, | ||
client_secret: tenant.kc_client_secret, | ||
username: tenant.kc_username, | ||
password: tenant.kc_password, | ||
grant_type: 'password' | ||
} | ||
|
||
stub_create = stub_request(:post, tenant.kc_token_url) | ||
.with(body: payload).to_return(body: "kc_access_token") | ||
|
||
described_class.new(tenant: tenant, secret: 'server-secret').call | ||
|
||
expect(stub_create).to have_been_requested | ||
end | ||
|
||
it 'logs a warning and returns nil if kc_token_url returns an error' do | ||
stub_request(:post, tenant.kc_token_url) | ||
.to_return(status: 500, body: 'Internal Server Error', headers: {}) | ||
|
||
expect(Rails.logger).to receive(:warn) | ||
|
||
expect(described_class.new(tenant: tenant, secret: 'server-secret').call).to be_nil | ||
end | ||
end | ||
end |