decidim-mpassid 0.18.0

data/lib/decidim/mpassid/verification/manager.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Mpassid
+    module Verification
+      class Manager
+        def self.configure_workflow(workflow)
+          Decidim::Mpassid.workflow_configurator.call(workflow)
+        end
+
+        def self.metadata_collector_for(saml_attributes)
+          Decidim::Mpassid.metadata_collector_class.new(saml_attributes)
+        end
+      end
+    end
+  end
+end

data/lib/decidim/mpassid/verification/metadata_collector.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Mpassid
+    module Verification
+      class MetadataCollector
+        def initialize(saml_attributes)
+          @saml_attributes = saml_attributes
+        end
+
+        def metadata
+          {
+            # Straight forward fetching of the "single" value attributes
+            first_name: saml_attributes[:first_names] || saml_attributes[:given_name],
+            given_name: saml_attributes[:given_name],
+            last_name: saml_attributes[:last_name]
+          }.tap do |data|
+            # Map the SAML attribute keys to specific metadata attribute keys.
+            {
+              municipality: :municipality_code,
+              municipality_name: :municipality_name,
+              school_code: :school_code,
+              school_name: :school_name,
+              student_class: :class,
+              student_class_level: :class_level
+            }.each do |key, saml_key|
+              # For all the "multi" value attributes, join the values with a
+              # comma.
+              val = saml_attributes[saml_key]
+              val = val.join(",") if val
+              data[key] = val
+            end
+
+            full_role = saml_attributes[:role]
+            if full_role
+              data[:role] = full_role.map do |role_string|
+                # The fole string consists of four parts with the following
+                # indexes:
+                # - 0: Municipality name (same as `:municipality_name`)
+                # - 1: School code (same as `:school_code`)
+                # - 2: Group (same as `:class`)
+                # - 3: User's role in the group
+                role_parts = role_string.split(";")
+                role_parts[3] if role_parts.length > 3
+              end.join(",")
+              # Do not store anything in case no roles were found
+              data[:role] = nil if data[:role].empty?
+            end
+          end
+        end
+
+        protected
+
+        attr_reader :saml_attributes
+      end
+    end
+  end
+end

data/lib/decidim/mpassid/version.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Mpassid
+    VERSION = "0.18.0"
+    DECIDIM_VERSION = "~> 0.18.0"
+  end
+end

data/lib/generators/decidim/mpassid/install_generator.rb

@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+
+module Decidim
+  module Mpassid
+    module Generators
+      class InstallGenerator < Rails::Generators::Base
+        source_root File.expand_path("../../templates", __dir__)
+
+        desc "Creates a Devise initializer and copy locale files to your application."
+
+        class_option(
+          :dummy_cert,
+          desc: "Defines whether to create a dummy certificate for localhost.",
+          type: :boolean,
+          default: false
+        )
+
+        class_option(
+          :test_initializer,
+          desc: "Copies the test initializer instead of the actual one (for test dummy app).",
+          type: :boolean,
+          default: false,
+          hide: true
+        )
+
+        def copy_initializer
+          if options[:test_initializer]
+            copy_file "mpassid_initializer_test.rb", "config/initializers/mpassid.rb"
+          else
+            copy_file "mpassid_initializer.rb", "config/initializers/mpassid.rb"
+          end
+        end
+
+        def enable_authentication
+          secrets_path = Rails.application.root.join("config", "secrets.yml")
+          secrets = YAML.safe_load(File.read(secrets_path), [], [], true)
+
+          if secrets["default"]["omniauth"]["mpassid"]
+            say_status :identical, "config/secrets.yml", :blue
+          else
+            mod = SecretsModifier.new(secrets_path)
+            final = mod.modify
+
+            target_path = Rails.application.root.join("config", "secrets.yml")
+            File.open(target_path, "w") { |f| f.puts final }
+
+            say_status :insert, "config/secrets.yml", :green
+          end
+        end
+
+        class SecretsModifier
+          def initialize(filepath)
+            @filepath = filepath
+          end
+
+          def modify
+            self.inside_config = false
+            self.inside_omniauth = false
+            self.config_branch = nil
+            @final = ""
+
+            @empty_line_count = 0
+            File.readlines(filepath).each do |line|
+              if line =~ /^$/
+                @empty_line_count += 1
+                next
+              else
+                handle_line line
+                insert_empty_lines
+              end
+
+              @final += line
+            end
+            insert_empty_lines
+
+            @final
+          end
+
+          private
+
+          attr_accessor :filepath, :empty_line_count, :inside_config, :inside_omniauth, :config_branch
+
+          def handle_line(line)
+            if inside_config && line =~ /^  omniauth:/
+              self.inside_omniauth = true
+            elsif inside_omniauth && line =~ /^(  )?[a-z]+/
+              inject_mpassid_config
+              self.inside_omniauth = false
+            end
+
+            return unless line =~ /^[a-z]+/
+
+            # A new root configuration block starts
+            self.inside_config = false
+            self.inside_omniauth = false
+
+            if line =~ /^default:/
+              self.inside_config = true
+              self.config_branch = :default
+            elsif line =~ /^development:/
+              self.inside_config = true
+              self.config_branch = :development
+            end
+          end
+
+          def insert_empty_lines
+            @final += "\n" * empty_line_count
+            @empty_line_count = 0
+          end
+
+          def inject_mpassid_config
+            @final += "    mpassid:\n"
+            if config_branch == :development
+              @final += "      enabled: true\n"
+              @final += "      mode: test\n"
+            else
+              @final += "      enabled: false\n"
+            end
+            @final += "      icon: account-login\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/templates/mpassid_initializer.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+Decidim::Mpassid.configure do |config|
+  # Define the service provider entity ID:
+  # config.sp_entity_id = "https://www.example.org/users/auth/mpassid/metadata"
+  # Or define it in your application configuration and apply it here:
+  # config.sp_entity_id = Rails.application.config.mpassid_entity_id
+  # Enable automatically assigned emails
+  config.auto_email_domain = "example.org"
+end

data/lib/generators/templates/mpassid_initializer_test.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+Decidim::Mpassid::Test::Runtime.initialize

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: decidim-mpassid
+version: !ruby/object:Gem::Version
+  version: 0.18.0
+platform: ruby
+authors:
+- Antti Hukkanen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-10-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: decidim-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.0
+- !ruby/object:Gem::Dependency
+  name: omniauth-mpassid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: decidim-dev
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.0
+description: Adds MPASSid authentication provider to Decidim.
+email:
+- antti.hukkanen@mainiotech.fi
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE-AGPLv3.txt
+- README.md
+- Rakefile
+- app/controllers/decidim/mpassid/omniauth_callbacks_controller.rb
+- app/controllers/decidim/mpassid/verification/authorizations_controller.rb
+- config/locales/en.yml
+- config/locales/fi.yml
+- config/locales/sv.yml
+- lib/decidim/mpassid.rb
+- lib/decidim/mpassid/engine.rb
+- lib/decidim/mpassid/mail_interceptors.rb
+- lib/decidim/mpassid/mail_interceptors/generated_recipients_interceptor.rb
+- lib/decidim/mpassid/test/cert_store.rb
+- lib/decidim/mpassid/test/runtime.rb
+- lib/decidim/mpassid/verification.rb
+- lib/decidim/mpassid/verification/engine.rb
+- lib/decidim/mpassid/verification/manager.rb
+- lib/decidim/mpassid/verification/metadata_collector.rb
+- lib/decidim/mpassid/version.rb
+- lib/generators/decidim/mpassid/install_generator.rb
+- lib/generators/templates/mpassid_initializer.rb
+- lib/generators/templates/mpassid_initializer_test.rb
+homepage: https://github.com/mainio/decidim-module-mpassid
+licenses:
+- AGPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Provides possibility to bind MPASSid authentication provider to Decidim.
+test_files: []