decidim-mpassid 0.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE-AGPLv3.txt +661 -0
- data/README.md +207 -0
- data/Rakefile +17 -0
- data/app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb +247 -0
- data/app/controllers/decidim/mpassid/verification/authorizations_controller.rb +19 -0
- data/config/locales/en.yml +21 -0
- data/config/locales/fi.yml +20 -0
- data/config/locales/sv.yml +20 -0
- data/lib/decidim/mpassid.rb +105 -0
- data/lib/decidim/mpassid/engine.rb +101 -0
- data/lib/decidim/mpassid/mail_interceptors.rb +9 -0
- data/lib/decidim/mpassid/mail_interceptors/generated_recipients_interceptor.rb +25 -0
- data/lib/decidim/mpassid/test/cert_store.rb +21 -0
- data/lib/decidim/mpassid/test/runtime.rb +48 -0
- data/lib/decidim/mpassid/verification.rb +5 -0
- data/lib/decidim/mpassid/verification/engine.rb +43 -0
- data/lib/decidim/mpassid/verification/manager.rb +17 -0
- data/lib/decidim/mpassid/verification/metadata_collector.rb +58 -0
- data/lib/decidim/mpassid/version.rb +8 -0
- data/lib/generators/decidim/mpassid/install_generator.rb +127 -0
- data/lib/generators/templates/mpassid_initializer.rb +10 -0
- data/lib/generators/templates/mpassid_initializer_test.rb +3 -0
- metadata +107 -0
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Decidim
|
4
|
+
module Mpassid
|
5
|
+
module Verification
|
6
|
+
class Manager
|
7
|
+
def self.configure_workflow(workflow)
|
8
|
+
Decidim::Mpassid.workflow_configurator.call(workflow)
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.metadata_collector_for(saml_attributes)
|
12
|
+
Decidim::Mpassid.metadata_collector_class.new(saml_attributes)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Decidim
|
4
|
+
module Mpassid
|
5
|
+
module Verification
|
6
|
+
class MetadataCollector
|
7
|
+
def initialize(saml_attributes)
|
8
|
+
@saml_attributes = saml_attributes
|
9
|
+
end
|
10
|
+
|
11
|
+
def metadata
|
12
|
+
{
|
13
|
+
# Straight forward fetching of the "single" value attributes
|
14
|
+
first_name: saml_attributes[:first_names] || saml_attributes[:given_name],
|
15
|
+
given_name: saml_attributes[:given_name],
|
16
|
+
last_name: saml_attributes[:last_name]
|
17
|
+
}.tap do |data|
|
18
|
+
# Map the SAML attribute keys to specific metadata attribute keys.
|
19
|
+
{
|
20
|
+
municipality: :municipality_code,
|
21
|
+
municipality_name: :municipality_name,
|
22
|
+
school_code: :school_code,
|
23
|
+
school_name: :school_name,
|
24
|
+
student_class: :class,
|
25
|
+
student_class_level: :class_level
|
26
|
+
}.each do |key, saml_key|
|
27
|
+
# For all the "multi" value attributes, join the values with a
|
28
|
+
# comma.
|
29
|
+
val = saml_attributes[saml_key]
|
30
|
+
val = val.join(",") if val
|
31
|
+
data[key] = val
|
32
|
+
end
|
33
|
+
|
34
|
+
full_role = saml_attributes[:role]
|
35
|
+
if full_role
|
36
|
+
data[:role] = full_role.map do |role_string|
|
37
|
+
# The fole string consists of four parts with the following
|
38
|
+
# indexes:
|
39
|
+
# - 0: Municipality name (same as `:municipality_name`)
|
40
|
+
# - 1: School code (same as `:school_code`)
|
41
|
+
# - 2: Group (same as `:class`)
|
42
|
+
# - 3: User's role in the group
|
43
|
+
role_parts = role_string.split(";")
|
44
|
+
role_parts[3] if role_parts.length > 3
|
45
|
+
end.join(",")
|
46
|
+
# Do not store anything in case no roles were found
|
47
|
+
data[:role] = nil if data[:role].empty?
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
protected
|
53
|
+
|
54
|
+
attr_reader :saml_attributes
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,127 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "rails/generators/base"
|
4
|
+
|
5
|
+
module Decidim
|
6
|
+
module Mpassid
|
7
|
+
module Generators
|
8
|
+
class InstallGenerator < Rails::Generators::Base
|
9
|
+
source_root File.expand_path("../../templates", __dir__)
|
10
|
+
|
11
|
+
desc "Creates a Devise initializer and copy locale files to your application."
|
12
|
+
|
13
|
+
class_option(
|
14
|
+
:dummy_cert,
|
15
|
+
desc: "Defines whether to create a dummy certificate for localhost.",
|
16
|
+
type: :boolean,
|
17
|
+
default: false
|
18
|
+
)
|
19
|
+
|
20
|
+
class_option(
|
21
|
+
:test_initializer,
|
22
|
+
desc: "Copies the test initializer instead of the actual one (for test dummy app).",
|
23
|
+
type: :boolean,
|
24
|
+
default: false,
|
25
|
+
hide: true
|
26
|
+
)
|
27
|
+
|
28
|
+
def copy_initializer
|
29
|
+
if options[:test_initializer]
|
30
|
+
copy_file "mpassid_initializer_test.rb", "config/initializers/mpassid.rb"
|
31
|
+
else
|
32
|
+
copy_file "mpassid_initializer.rb", "config/initializers/mpassid.rb"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def enable_authentication
|
37
|
+
secrets_path = Rails.application.root.join("config", "secrets.yml")
|
38
|
+
secrets = YAML.safe_load(File.read(secrets_path), [], [], true)
|
39
|
+
|
40
|
+
if secrets["default"]["omniauth"]["mpassid"]
|
41
|
+
say_status :identical, "config/secrets.yml", :blue
|
42
|
+
else
|
43
|
+
mod = SecretsModifier.new(secrets_path)
|
44
|
+
final = mod.modify
|
45
|
+
|
46
|
+
target_path = Rails.application.root.join("config", "secrets.yml")
|
47
|
+
File.open(target_path, "w") { |f| f.puts final }
|
48
|
+
|
49
|
+
say_status :insert, "config/secrets.yml", :green
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
class SecretsModifier
|
54
|
+
def initialize(filepath)
|
55
|
+
@filepath = filepath
|
56
|
+
end
|
57
|
+
|
58
|
+
def modify
|
59
|
+
self.inside_config = false
|
60
|
+
self.inside_omniauth = false
|
61
|
+
self.config_branch = nil
|
62
|
+
@final = ""
|
63
|
+
|
64
|
+
@empty_line_count = 0
|
65
|
+
File.readlines(filepath).each do |line|
|
66
|
+
if line =~ /^$/
|
67
|
+
@empty_line_count += 1
|
68
|
+
next
|
69
|
+
else
|
70
|
+
handle_line line
|
71
|
+
insert_empty_lines
|
72
|
+
end
|
73
|
+
|
74
|
+
@final += line
|
75
|
+
end
|
76
|
+
insert_empty_lines
|
77
|
+
|
78
|
+
@final
|
79
|
+
end
|
80
|
+
|
81
|
+
private
|
82
|
+
|
83
|
+
attr_accessor :filepath, :empty_line_count, :inside_config, :inside_omniauth, :config_branch
|
84
|
+
|
85
|
+
def handle_line(line)
|
86
|
+
if inside_config && line =~ /^ omniauth:/
|
87
|
+
self.inside_omniauth = true
|
88
|
+
elsif inside_omniauth && line =~ /^( )?[a-z]+/
|
89
|
+
inject_mpassid_config
|
90
|
+
self.inside_omniauth = false
|
91
|
+
end
|
92
|
+
|
93
|
+
return unless line =~ /^[a-z]+/
|
94
|
+
|
95
|
+
# A new root configuration block starts
|
96
|
+
self.inside_config = false
|
97
|
+
self.inside_omniauth = false
|
98
|
+
|
99
|
+
if line =~ /^default:/
|
100
|
+
self.inside_config = true
|
101
|
+
self.config_branch = :default
|
102
|
+
elsif line =~ /^development:/
|
103
|
+
self.inside_config = true
|
104
|
+
self.config_branch = :development
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def insert_empty_lines
|
109
|
+
@final += "\n" * empty_line_count
|
110
|
+
@empty_line_count = 0
|
111
|
+
end
|
112
|
+
|
113
|
+
def inject_mpassid_config
|
114
|
+
@final += " mpassid:\n"
|
115
|
+
if config_branch == :development
|
116
|
+
@final += " enabled: true\n"
|
117
|
+
@final += " mode: test\n"
|
118
|
+
else
|
119
|
+
@final += " enabled: false\n"
|
120
|
+
end
|
121
|
+
@final += " icon: account-login\n"
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
Decidim::Mpassid.configure do |config|
|
4
|
+
# Define the service provider entity ID:
|
5
|
+
# config.sp_entity_id = "https://www.example.org/users/auth/mpassid/metadata"
|
6
|
+
# Or define it in your application configuration and apply it here:
|
7
|
+
# config.sp_entity_id = Rails.application.config.mpassid_entity_id
|
8
|
+
# Enable automatically assigned emails
|
9
|
+
config.auto_email_domain = "example.org"
|
10
|
+
end
|
metadata
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: decidim-mpassid
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.18.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Antti Hukkanen
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-10-08 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: decidim-core
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.18.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.18.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: omniauth-mpassid
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.2.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.2.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: decidim-dev
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.18.0
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.18.0
|
55
|
+
description: Adds MPASSid authentication provider to Decidim.
|
56
|
+
email:
|
57
|
+
- antti.hukkanen@mainiotech.fi
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- LICENSE-AGPLv3.txt
|
63
|
+
- README.md
|
64
|
+
- Rakefile
|
65
|
+
- app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb
|
66
|
+
- app/controllers/decidim/mpassid/verification/authorizations_controller.rb
|
67
|
+
- config/locales/en.yml
|
68
|
+
- config/locales/fi.yml
|
69
|
+
- config/locales/sv.yml
|
70
|
+
- lib/decidim/mpassid.rb
|
71
|
+
- lib/decidim/mpassid/engine.rb
|
72
|
+
- lib/decidim/mpassid/mail_interceptors.rb
|
73
|
+
- lib/decidim/mpassid/mail_interceptors/generated_recipients_interceptor.rb
|
74
|
+
- lib/decidim/mpassid/test/cert_store.rb
|
75
|
+
- lib/decidim/mpassid/test/runtime.rb
|
76
|
+
- lib/decidim/mpassid/verification.rb
|
77
|
+
- lib/decidim/mpassid/verification/engine.rb
|
78
|
+
- lib/decidim/mpassid/verification/manager.rb
|
79
|
+
- lib/decidim/mpassid/verification/metadata_collector.rb
|
80
|
+
- lib/decidim/mpassid/version.rb
|
81
|
+
- lib/generators/decidim/mpassid/install_generator.rb
|
82
|
+
- lib/generators/templates/mpassid_initializer.rb
|
83
|
+
- lib/generators/templates/mpassid_initializer_test.rb
|
84
|
+
homepage: https://github.com/mainio/decidim-module-mpassid
|
85
|
+
licenses:
|
86
|
+
- AGPL-3.0
|
87
|
+
metadata: {}
|
88
|
+
post_install_message:
|
89
|
+
rdoc_options: []
|
90
|
+
require_paths:
|
91
|
+
- lib
|
92
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - ">="
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
requirements: []
|
103
|
+
rubygems_version: 3.0.3
|
104
|
+
signing_key:
|
105
|
+
specification_version: 4
|
106
|
+
summary: Provides possibility to bind MPASSid authentication provider to Decidim.
|
107
|
+
test_files: []
|