app/controllers/responses_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

# frozen_string_literal: true

class ResponsesController < ApplicationController
  def show
    if session[:saml].present?
      saml = Saml::Kit::Document.to_saml_document(session[:saml][:xml])
      return render_error(:forbidden, model: saml) if saml.invalid?

      post_back(saml, session[:saml][:params][:RelayState])
    else
      redirect_to my_dashboard_path
    end
  end

  private

  def post_back(saml, relay_state)
    if saml.is_a?(Saml::Kit::AuthenticationRequest)
      @url, @saml_params = saml.response_for(
        current_user, binding: :http_post, relay_state: relay_state
      ) do |builder|
        @saml_response_builder = builder
      end
      mfa_issued_at = session[:mfa].present? ? session[:mfa][:issued_at] : nil
      reset_session
      session[:user_session_key] = Current.user_session.key
      session[:mfa] = { issued_at: mfa_issued_at } if mfa_issued_at.present?
    else
      @url, @saml_params = saml.response_for(
        binding: :http_post, relay_state: relay_state
      ) do |builder|
        @saml_response_builder = builder
      end
      reset_session
    end
  end
end