18F · zachmargolis · May 29, 2024 · May 29, 2024 · May 29, 2024 · May 29, 2024
diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb
@@ -74,7 +74,7 @@ def check_sp_active
     end
 
     def check_sp_handoff_bounced
-      return unless SpHandoffBounce::IsBounced.call(sp_session)
+      return unless sp_handoff_bouncer.bounced?
       analytics.sp_handoff_bounced_detected
       redirect_to bounced_url
       true
@@ -120,7 +120,7 @@ def resolved_authn_context_int_ial
 
     def handle_successful_handoff
       track_events
-      SpHandoffBounce::AddHandoffTimeToSession.call(sp_session)
+      sp_handoff_bouncer.add_handoff_time!
 
       redirect_user(
         @authorize_form.success_redirect_uri,
@@ -261,5 +261,9 @@ def redirect_user(redirect_uri, issuer, user_uuid)
         )
       end
     end
+
+    def sp_handoff_bouncer
+      @sp_handoff_bouncer ||= SpHandoffBouncer.new(sp_session)
+    end
   end
 end
diff --git a/app/services/sp_handoff_bounce/add_handoff_time_to_session.rb b/app/services/sp_handoff_bounce/add_handoff_time_to_session.rb
diff --git a/app/services/sp_handoff_bounce/is_bounced.rb b/app/services/sp_handoff_bounce/is_bounced.rb
diff --git a/app/services/sp_handoff_bouncer.rb b/app/services/sp_handoff_bouncer.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class SpHandoffBouncer
+  attr_reader :sp_session
+
+  def initialize(sp_session)
+    @sp_session = sp_session
+  end
+
+  def add_handoff_time!(now = Time.zone.now)
+    sp_session[:sp_handoff_start_time] = now
+  end
+
+  def bounced?(now = Time.zone.now)
+    start_time = sp_session[:sp_handoff_start_time]
+    return false if start_time.blank?
+    start_time = Time.zone.parse(start_time) if start_time.instance_of?(String)
+    now <= (start_time + IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds)
+  end
+end