mumukit-login 5.3.2 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mumukit/login.rb +6 -2
- data/lib/mumukit/login/framework/rails.rb +0 -1
- data/lib/mumukit/login/helpers/authentication_helpers.rb +1 -1
- data/lib/mumukit/login/provider.rb +31 -3
- data/lib/mumukit/login/provider/auth0.rb +1 -2
- data/lib/mumukit/login/provider/base.rb +7 -4
- data/lib/mumukit/login/provider/developer.rb +0 -3
- data/lib/mumukit/login/provider/google.rb +17 -0
- data/lib/mumukit/login/provider/saml.rb +6 -8
- data/lib/mumukit/login/settings.rb +1 -1
- data/lib/mumukit/login/version.rb +1 -1
- metadata +19 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8bb86f9086ebb051c3220e522f000cdf86f51ac5afb4385430f0a23a3a631ef4
|
|
4
|
+
data.tar.gz: f360003953411c4a1fe8174bbcb428427a70bdc49f653a22c039de0633a0ea24
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b33e7bf8cc1ed64854aeaed0de4d99a390378c272f0e39a893d95972ece9f9c0fa6d21ba34d7176f0610aa96425c2966f5b43db57d1de0f2c902d2506c6a57c7
|
|
7
|
+
data.tar.gz: 4d685044b1abcd5ec40c63792a942f3844a28a375ce37116c25cffedad278915971304e4a1d353bfa269b6d0593bb154773aea52ac3348516311c17838f3b994
|
data/lib/mumukit/login.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'addressable/uri'
|
|
|
4
4
|
require 'omniauth'
|
|
5
5
|
require 'omniauth-auth0'
|
|
6
6
|
require 'omniauth-saml'
|
|
7
|
+
require 'omniauth-google-oauth2'
|
|
7
8
|
|
|
8
9
|
require 'mumukit/core'
|
|
9
10
|
require 'mumukit/auth'
|
|
@@ -29,6 +30,7 @@ module Mumukit::Login
|
|
|
29
30
|
config.mucookie_duration = ENV['MUMUKI_MUCOOKIE_DURATION'].defaulting(14, &:to_i)
|
|
30
31
|
|
|
31
32
|
config.provider = Mumukit::Login::Provider.from_env
|
|
33
|
+
|
|
32
34
|
config.saml = struct base_url: ENV['MUMUKI_SAML_BASE_URL'],
|
|
33
35
|
idp_sso_target_url: ENV['MUMUKI_SAML_IDP_SSO_TARGET_URL'],
|
|
34
36
|
idp_slo_target_url: ENV['MUMUKI_SAML_IDP_SLO_TARGET_URL'],
|
|
@@ -38,6 +40,8 @@ module Mumukit::Login
|
|
|
38
40
|
config.auth0 = struct client_id: ENV['MUMUKI_AUTH0_CLIENT_ID'],
|
|
39
41
|
client_secret: ENV['MUMUKI_AUTH0_CLIENT_SECRET'],
|
|
40
42
|
domain: ENV['MUMUKI_AUTH0_DOMAIN']
|
|
43
|
+
config.google = struct client_id: ENV['MUMUKI_GOOGLE_CLIENT_ID'],
|
|
44
|
+
client_secret: ENV['MUMUKI_GOOGLE_CLIENT_SECRET']
|
|
41
45
|
end
|
|
42
46
|
end
|
|
43
47
|
|
|
@@ -71,7 +75,7 @@ module Mumukit::Login
|
|
|
71
75
|
# @param [OmniAuth::Builder] omniauth
|
|
72
76
|
#
|
|
73
77
|
def self.configure_omniauth!(omniauth)
|
|
74
|
-
|
|
78
|
+
Mumukit::Login::Provider.setup_providers! omniauth
|
|
75
79
|
end
|
|
76
80
|
|
|
77
81
|
def self.configure_login_routes!(native)
|
|
@@ -93,7 +97,7 @@ module Mumukit::Login
|
|
|
93
97
|
end
|
|
94
98
|
|
|
95
99
|
def self.provider
|
|
96
|
-
Mumukit::
|
|
100
|
+
Mumukit::Platform::Organization.current.login_provider_object || config.provider
|
|
97
101
|
end
|
|
98
102
|
end
|
|
99
103
|
|
|
@@ -64,7 +64,6 @@ module Mumukit::Platform::WebFramework::Rails
|
|
|
64
64
|
# @param [ActionController::Base::Class] controller_class
|
|
65
65
|
#
|
|
66
66
|
def self.configure_controller!(controller_class)
|
|
67
|
-
Mumukit::Login.config.provider.configure_rails_forgery_protection!(controller_class)
|
|
68
67
|
controller_class.class_eval do
|
|
69
68
|
include Mumukit::Login::AuthenticationHelpers
|
|
70
69
|
include Mumukit::Login::AuthorizationHelpers
|
|
@@ -1,8 +1,23 @@
|
|
|
1
1
|
module Mumukit::Login::Provider
|
|
2
|
+
PROVIDERS = %w(
|
|
3
|
+
developer
|
|
4
|
+
saml
|
|
5
|
+
auth0
|
|
6
|
+
google
|
|
7
|
+
)
|
|
8
|
+
|
|
2
9
|
def self.from_env
|
|
3
10
|
parse_login_provider(login_provider_string)
|
|
4
11
|
end
|
|
5
12
|
|
|
13
|
+
def self.enabled_providers
|
|
14
|
+
if ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].blank?
|
|
15
|
+
PROVIDERS
|
|
16
|
+
else
|
|
17
|
+
ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ', '
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
6
21
|
def self.login_provider_string
|
|
7
22
|
if ENV['MUMUKI_LOGIN_PROVIDER'].blank? || ENV['RACK_ENV'] == 'test' || ENV['RAILS_ENV'] == 'test'
|
|
8
23
|
'developer'
|
|
@@ -19,13 +34,26 @@ module Mumukit::Login::Provider
|
|
|
19
34
|
Mumukit::Login::Provider::Saml.new
|
|
20
35
|
when 'auth0'
|
|
21
36
|
Mumukit::Login::Provider::Auth0.new
|
|
37
|
+
when 'google'
|
|
38
|
+
Mumukit::Login::Provider::Google.new
|
|
22
39
|
else
|
|
23
40
|
raise "Unknown login_provider `#{login_provider}`"
|
|
24
41
|
end
|
|
25
42
|
end
|
|
43
|
+
|
|
44
|
+
def self.setup_providers!(omniauth)
|
|
45
|
+
enabled_providers.each { |it| parse_login_provider(it).configure_omniauth!(omniauth) }
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
module Mumukit::Platform::Organization::Helpers
|
|
50
|
+
def login_provider_object
|
|
51
|
+
@login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it } # add provider settings in the future
|
|
52
|
+
end
|
|
26
53
|
end
|
|
27
54
|
|
|
28
55
|
require_relative './provider/base'
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
require_relative
|
|
56
|
+
|
|
57
|
+
Mumukit::Login::Provider.enabled_providers.each do |it|
|
|
58
|
+
require_relative "./provider/#{it}"
|
|
59
|
+
end
|
|
@@ -15,8 +15,7 @@ class Mumukit::Login::Provider::Auth0 < Mumukit::Login::Provider::Base
|
|
|
15
15
|
|
|
16
16
|
def header_html(*)
|
|
17
17
|
<<HTML
|
|
18
|
-
<script src="https://cdn.auth0.com/js/lock/11.5.2/lock.min.js"></script>
|
|
19
|
-
</script>
|
|
18
|
+
<script src="https://cdn.auth0.com/js/lock/11.5.2/lock.min.js"></script>
|
|
20
19
|
HTML
|
|
21
20
|
end
|
|
22
21
|
|
|
@@ -9,12 +9,15 @@ class Mumukit::Login::Provider::Base
|
|
|
9
9
|
controller.redirect! auth_path
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def
|
|
13
|
-
|
|
12
|
+
def login_path(controller)
|
|
13
|
+
create_uri '/login', login_path_params(controller)
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
def
|
|
17
|
-
|
|
16
|
+
def login_path_params(controller)
|
|
17
|
+
{
|
|
18
|
+
origin: create_uri(controller.request.path, controller.request.params),
|
|
19
|
+
organization: Mumukit::Platform::Organization.current.name
|
|
20
|
+
}
|
|
18
21
|
end
|
|
19
22
|
|
|
20
23
|
def auth_path
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
|
|
2
|
+
def configure_omniauth!(omniauth)
|
|
3
|
+
omniauth.provider :google_oauth2,
|
|
4
|
+
google_config.client_id,
|
|
5
|
+
google_config.client_secret
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def name
|
|
9
|
+
'google_oauth2'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def google_config
|
|
15
|
+
Mumukit::Login.config.google
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -14,9 +14,6 @@ class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
|
|
|
14
14
|
idp_sso_target_url: saml_config.idp_sso_target_url,
|
|
15
15
|
idp_slo_target_url: saml_config.idp_slo_target_url,
|
|
16
16
|
slo_default_relay_state: saml_config.base_url,
|
|
17
|
-
idp_cert: File.read('./saml_idp.crt'),
|
|
18
|
-
certificate: File.read('./saml.crt'),
|
|
19
|
-
private_key: File.read('./saml.key'),
|
|
20
17
|
attribute_service_name: 'Mumuki',
|
|
21
18
|
request_attributes: [
|
|
22
19
|
{name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
|
|
@@ -27,14 +24,15 @@ class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
|
|
|
27
24
|
name: [saml_config.translation_name],
|
|
28
25
|
email: [saml_config.translation_email],
|
|
29
26
|
image: [saml_config.translation_image]
|
|
27
|
+
},
|
|
28
|
+
setup: lambda { |env|
|
|
29
|
+
options = env['omniauth.strategy'].options
|
|
30
|
+
options[:idp_cert] = File.read('./saml_idp.crt') # This is just a quickfix to avoid breaking if there are no saml configuration files.
|
|
31
|
+
options[:certificate] = File.read('./saml.crt') # It could also serve to parametrize these files by organization
|
|
32
|
+
options[:private_key] = File.read('./saml.key') # and have multiple organizations with different saml providers though.
|
|
30
33
|
}
|
|
31
34
|
end
|
|
32
35
|
|
|
33
|
-
def configure_rails_forgery_protection!(_controller_class)
|
|
34
|
-
# FIXME this is big security issue
|
|
35
|
-
# Do nothing (do not protect): the IdP calls the assertion_url via POST and without the CSRF token
|
|
36
|
-
end
|
|
37
|
-
|
|
38
36
|
def logout_redirection_path
|
|
39
37
|
"#{auth_path}/spslo"
|
|
40
38
|
end
|
|
@@ -7,7 +7,7 @@ class Mumukit::Login::Settings
|
|
|
7
7
|
user_pass: 'Username-Password-Authentication'
|
|
8
8
|
}
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
attr_reader :login_methods
|
|
11
11
|
|
|
12
12
|
def initialize(login_methods = Mumukit::Login::Settings.default_methods)
|
|
13
13
|
@login_methods = login_methods.map(&:to_sym)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mumukit-login
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 6.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Franco Leonardo Bulgarelli
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -150,6 +150,20 @@ dependencies:
|
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
152
|
version: '1.6'
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: omniauth-google-oauth2
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: '0.5'
|
|
160
|
+
type: :runtime
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: '0.5'
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: mumukit-core
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -184,14 +198,14 @@ dependencies:
|
|
|
184
198
|
requirements:
|
|
185
199
|
- - "~>"
|
|
186
200
|
- !ruby/object:Gem::Version
|
|
187
|
-
version: '2.
|
|
201
|
+
version: '2.5'
|
|
188
202
|
type: :runtime
|
|
189
203
|
prerelease: false
|
|
190
204
|
version_requirements: !ruby/object:Gem::Requirement
|
|
191
205
|
requirements:
|
|
192
206
|
- - "~>"
|
|
193
207
|
- !ruby/object:Gem::Version
|
|
194
|
-
version: '2.
|
|
208
|
+
version: '2.5'
|
|
195
209
|
description:
|
|
196
210
|
email:
|
|
197
211
|
- franco@mumuki.org
|
|
@@ -219,6 +233,7 @@ files:
|
|
|
219
233
|
- lib/mumukit/login/provider/auth0.rb
|
|
220
234
|
- lib/mumukit/login/provider/base.rb
|
|
221
235
|
- lib/mumukit/login/provider/developer.rb
|
|
236
|
+
- lib/mumukit/login/provider/google.rb
|
|
222
237
|
- lib/mumukit/login/provider/saml.rb
|
|
223
238
|
- lib/mumukit/login/settings.rb
|
|
224
239
|
- lib/mumukit/login/shared_session.rb
|