Created
May 14, 2019 10:04
-
-
Save oddlyfunctional/5dd0ac198fcfcd7bf39ae15bf373dfa5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| open Task; | |
| type task('a) = Task.t('a); | |
| type issuer; | |
| type nameId; | |
| type email; | |
| type user; | |
| type validatedUser = ValidatedUser(user); | |
| type unvalidatedUser; | |
| type session; | |
| type validateIssuerAllowSAML = issuer => task(unit); | |
| type tryGetValidatedUserOfIdP = (issuer, nameId) => task(option(validatedUser)); | |
| type getUnvalidatedUserOfEmail = email => task(unvalidatedUser); | |
| type checkIsFirstSAMLLogin = unvalidatedUser => task(unit); | |
| type checkBelongsToIssuer = (issuer, unvalidatedUser) => task(unit); | |
| type saveIdP = (issuer, nameId, unvalidatedUser) => task(validatedUser); | |
| type createSession = validatedUser => task(session); | |
| type updateAuthenticatedUserLastOrgAccess = validatedUser => task(unit); | |
| type steps = { | |
| validateIssuerAllowSAML, | |
| tryGetValidatedUserOfIdP, | |
| getUnvalidatedUserOfEmail, | |
| checkIsFirstSAMLLogin, | |
| checkBelongsToIssuer, | |
| saveIdP, | |
| createSession, | |
| updateAuthenticatedUserLastOrgAccess, | |
| }; | |
| type consumeSAMLCommandInfo = { | |
| issuer, | |
| nameId, | |
| email, | |
| }; | |
| let consumeSAMLWorkflow: (steps, consumeSAMLCommandInfo) => AuthenticationDomain.loggedInEventInfo = (steps: steps, cmd: consumeSAMLCommandInfo) => { | |
| let%Task _ = steps.validateIssuerAllowSAML(cmd.issuer); | |
| let%Task maybeUser = steps.tryGetValidatedUserOfIdP(cmd.issuer, cmd.nameId); | |
| let%Task ValidatedUser(user) as validatedUser = switch maybeUser { | |
| | Some(validatedUser) => Task.return(validatedUser) | |
| | None => | |
| steps.getUnvalidatedUserOfEmail(cmd.email) | |
| <<= steps.checkIsFirstSAMLLogin | |
| <<= steps.checkBelongsToIssuer(cmd.issuer) | |
| >>= steps.saveIdP(cmd.issuer, cmd.nameId); | |
| }; | |
| /* Same as LoginWorkflow, probably can extract to common workflow */ | |
| let%Task session = | |
| steps.createSession(validatedUser) | |
| << steps.updateAuthenticatedUserLastOrgAccess(validatedUser); | |
| { | |
| userId: user.userId, | |
| language: user.language, | |
| email: cmd.email, | |
| sessionId: session.sessionId, | |
| } | |
| ->Task.return; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment