main/js/policy-condition.js

305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste/**
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * This is a Policy Condition example script. It demonstrates how to access a user's information,
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * use that information in external HTTP calls and make a policy decision based on the outcome.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste */
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joostevar userAddress, userIP, resourceHost;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joosteif (validateAndInitializeParameters()) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var countryFromUserAddress = getCountryFromUserAddress();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("Country retrieved from user's address: " + countryFromUserAddress);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var countryFromUserIP = getCountryFromUserIP();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("Country retrieved from user's IP: " + countryFromUserIP);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var countryFromResourceURI = getCountryFromResourceURI();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("Country retrieved from resource URI: " + countryFromResourceURI);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (countryFromUserAddress === countryFromUserIP && countryFromUserAddress === countryFromResourceURI) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        logger.message("Authorization Succeeded");
582e60f5478cf04cad2b208c3e8013fef3617942Jaco Jooste        responseAttributes.put("countryOfOrigin", [countryFromUserAddress]);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        authorized = true;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    } else {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        logger.message("Authorization Failed");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        authorized = false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste} else {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("Required parameters not found. Authorization Failed.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    authorized = false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste}
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste/**
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Use the user's address to lookup their country of residence.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste *
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {*} The user's country of residence.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste */
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joostefunction getCountryFromUserAddress() {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var response = httpClient.get("http://maps.googleapis.com/maps/api/geocode/json?address=" +
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        encodeURIComponent(userAddress), {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        cookies: [],
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        headers: []
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    });
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logResponse(response);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var geocode = JSON.parse(response.getEntity());
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var i;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    for (i = 0; i < geocode.results.length; i++) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        var result = geocode.results[i];
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        var j;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        for (j = 0; j < result.address_components.length; i++) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste            if (result.address_components[i].types[0] == "country") {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste                return result.address_components[i].long_name;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste            }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste}
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste/**
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Use the user's IP to lookup the country from which the request originated.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste *
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {*} The country from which the request originated.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste */
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joostefunction getCountryFromUserIP() {
582e60f5478cf04cad2b208c3e8013fef3617942Jaco Jooste    var response = httpClient.get("http://ip-api.com/json/" + userIP, {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        cookies: [],
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        headers: []
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    });
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logResponse(response);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var result = JSON.parse(response.getEntity());
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (result) {
582e60f5478cf04cad2b208c3e8013fef3617942Jaco Jooste        return result.country;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste}
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste/**
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Use the requested resource's host name to lookup the country where the resource is hosted.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste *
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {*} The country in which the resource is hosted.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste */
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joostefunction getCountryFromResourceURI() {
582e60f5478cf04cad2b208c3e8013fef3617942Jaco Jooste    response = httpClient.get("http://ip-api.com/json/" + encodeURIComponent(resourceHost), {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        cookies: [],
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        headers: []
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    });
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logResponse(response);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var result = JSON.parse(response.getEntity());
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (result) {
582e60f5478cf04cad2b208c3e8013fef3617942Jaco Jooste        return result.country;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste}
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste/**
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Retrieve and validate the variables required to make the external HTTP calls.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste *
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {boolean} Will be true if validation was successful.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste */
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joostefunction validateAndInitializeParameters() {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var userAddressSet = identity.getAttribute("postalAddress");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (userAddressSet == null || userAddressSet.isEmpty()) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        logger.warning("No address specified for user: " + username);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    userAddress = userAddressSet.iterator().next();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("User address: " + userAddress);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (!environment) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        logger.warning("No environment parameters specified in the evaluation request.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    var ipSet = environment.get("IP");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (ipSet == null || ipSet.isEmpty()) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        logger.warning("No IP specified in the evaluation request environment parameters.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    userIP = ipSet.iterator().next();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("User IP: " + userIP);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    if (!resourceURI) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        logger.warning("No resource URI specified.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste        return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    }
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    resourceHost = resourceURI.match(/^(.*:\/\/)(www\.)?([A-Za-z0-9\-\.]+)(:[0-9]+)?(.*)$/)[3];
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("Resource host: " + resourceHost);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    return true;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste}
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Joostefunction logResponse(response) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste    logger.message("User REST Call. Status: " + response.getStatusCode() + ", Body: " + response.getEntity());
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste}