mumukit-login 6.0.0 → 6.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mumukit/login.rb +4 -0
- data/lib/mumukit/login/provider.rb +19 -14
- data/lib/mumukit/login/provider/base.rb +36 -0
- data/lib/mumukit/login/provider/cas.rb +33 -0
- data/lib/mumukit/login/provider/google.rb +2 -4
- data/lib/mumukit/login/provider/saml.rb +38 -30
- data/lib/mumukit/login/version.rb +1 -1
- metadata +19 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fe52c3b70549d1524064047a8b327993045b77494dd2595c099b5cbe3a3c629f
|
|
4
|
+
data.tar.gz: 5a4e310ef3fc43944f24b71f0629600d1e62d6e888b30c8503b24a9824ba0204
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41d1230b11a4b8baa99adfaa25b41b31f007d64b097097650540ce46ee1ef6fd702028403eb794c7ff1791000625a7dc1bba70226df0879656d629af22498081
|
|
7
|
+
data.tar.gz: 39a87397c1f89c9f3378c840a22b0de9fda8208887a031ae68e3c216e59a207767fd262fc86ec53d50b3ec2e8790cd04982b24af1030b52a170b3acc06462eb1
|
data/lib/mumukit/login.rb
CHANGED
|
@@ -4,6 +4,7 @@ require 'addressable/uri'
|
|
|
4
4
|
require 'omniauth'
|
|
5
5
|
require 'omniauth-auth0'
|
|
6
6
|
require 'omniauth-saml'
|
|
7
|
+
require 'omniauth-cas'
|
|
7
8
|
require 'omniauth-google-oauth2'
|
|
8
9
|
|
|
9
10
|
require 'mumukit/core'
|
|
@@ -37,6 +38,9 @@ module Mumukit::Login
|
|
|
37
38
|
translation_name: ENV['MUMUKI_SAML_TRANSLATION_NAME'] || 'name',
|
|
38
39
|
translation_email: ENV['MUMUKI_SAML_TRANSLATION_EMAIL'] || 'email',
|
|
39
40
|
translation_image: ENV['MUMUKI_SAML_TRANSLATION_IMAGE'] || 'image'
|
|
41
|
+
config.cas = struct url: ENV['MUMUKI_CAS_URL'],
|
|
42
|
+
host: ENV['MUMUKI_CAS_HOST'],
|
|
43
|
+
disable_ssl_verification: ENV['MUMUKI_CAS_DISABLE_SSL_VERIFICATION'] == 'true'
|
|
40
44
|
config.auth0 = struct client_id: ENV['MUMUKI_AUTH0_CLIENT_ID'],
|
|
41
45
|
client_secret: ENV['MUMUKI_AUTH0_CLIENT_SECRET'],
|
|
42
46
|
domain: ENV['MUMUKI_AUTH0_DOMAIN']
|
|
@@ -2,6 +2,7 @@ module Mumukit::Login::Provider
|
|
|
2
2
|
PROVIDERS = %w(
|
|
3
3
|
developer
|
|
4
4
|
saml
|
|
5
|
+
cas
|
|
5
6
|
auth0
|
|
6
7
|
google
|
|
7
8
|
)
|
|
@@ -10,11 +11,22 @@ module Mumukit::Login::Provider
|
|
|
10
11
|
parse_login_provider(login_provider_string)
|
|
11
12
|
end
|
|
12
13
|
|
|
14
|
+
def self.default_enabled_providers
|
|
15
|
+
case ENV['RACK_ENV'] || ENV['RAILS_ENV']
|
|
16
|
+
when 'production'
|
|
17
|
+
PROVIDERS - %w(developer)
|
|
18
|
+
when 'test'
|
|
19
|
+
PROVIDERS
|
|
20
|
+
else
|
|
21
|
+
%w(developer)
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
13
25
|
def self.enabled_providers
|
|
14
26
|
if ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].blank?
|
|
15
|
-
|
|
27
|
+
default_enabled_providers
|
|
16
28
|
else
|
|
17
|
-
ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ',
|
|
29
|
+
ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ','
|
|
18
30
|
end
|
|
19
31
|
end
|
|
20
32
|
|
|
@@ -27,17 +39,10 @@ module Mumukit::Login::Provider
|
|
|
27
39
|
end
|
|
28
40
|
|
|
29
41
|
def self.parse_login_provider(login_provider)
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
Mumukit::Login::Provider::Saml.new
|
|
35
|
-
when 'auth0'
|
|
36
|
-
Mumukit::Login::Provider::Auth0.new
|
|
37
|
-
when 'google'
|
|
38
|
-
Mumukit::Login::Provider::Google.new
|
|
39
|
-
else
|
|
40
|
-
raise "Unknown login_provider `#{login_provider}`"
|
|
42
|
+
if enabled_providers.include? login_provider
|
|
43
|
+
"Mumukit::Login::Provider::#{login_provider.capitalize}".constantize.new
|
|
44
|
+
else
|
|
45
|
+
raise "Unknown login_provider `#{login_provider}`"
|
|
41
46
|
end
|
|
42
47
|
end
|
|
43
48
|
|
|
@@ -48,7 +53,7 @@ end
|
|
|
48
53
|
|
|
49
54
|
module Mumukit::Platform::Organization::Helpers
|
|
50
55
|
def login_provider_object
|
|
51
|
-
@login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it }
|
|
56
|
+
@login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it }
|
|
52
57
|
end
|
|
53
58
|
end
|
|
54
59
|
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
class Mumukit::Login::Provider::Base
|
|
2
|
+
|
|
2
3
|
def name
|
|
3
4
|
@name ||= self.class.name.demodulize.downcase
|
|
4
5
|
end
|
|
@@ -44,6 +45,41 @@ class Mumukit::Login::Provider::Base
|
|
|
44
45
|
nil
|
|
45
46
|
end
|
|
46
47
|
|
|
48
|
+
def setup_proc
|
|
49
|
+
proc do |env|
|
|
50
|
+
options = env['omniauth.strategy'].options
|
|
51
|
+
|
|
52
|
+
effective_settings = default_settings.to_h.merge(current_organization_settings)
|
|
53
|
+
options.merge!(effective_settings)
|
|
54
|
+
options.merge!(computed_settings(effective_settings.to_struct))
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def current_organization_settings
|
|
59
|
+
Mumukit::Platform::Organization.current.login_provider_settings || {}
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# Default provider settings that come from the environment
|
|
63
|
+
#
|
|
64
|
+
# Override this method in order to read ENV and in order to provide default settings
|
|
65
|
+
#
|
|
66
|
+
# These setting can be overriden by organization's `provider_settings`
|
|
67
|
+
# and by the provider's `computed_settings`
|
|
68
|
+
def default_settings
|
|
69
|
+
{}
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
# Provider settings that are computed based on effective settings - that is,
|
|
73
|
+
# the default settings merged with the organizations settings.
|
|
74
|
+
#
|
|
75
|
+
# Override this method in order to provide settings that depend not only on the organization
|
|
76
|
+
# or defaults, but also commputed expressions.
|
|
77
|
+
#
|
|
78
|
+
# These settings can not be overriden.
|
|
79
|
+
def computed_settings(effective_settings)
|
|
80
|
+
{}
|
|
81
|
+
end
|
|
82
|
+
|
|
47
83
|
private
|
|
48
84
|
|
|
49
85
|
def create_uri(path, query_values)
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
class Mumukit::Login::Provider::Cas < Mumukit::Login::Provider::Base
|
|
2
|
+
def configure_omniauth!(omniauth)
|
|
3
|
+
omniauth.provider :cas, setup: setup_proc
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
private
|
|
7
|
+
|
|
8
|
+
def default_settings
|
|
9
|
+
Mumukit::Login.config.cas
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def computed_settings(_cas)
|
|
13
|
+
{ ca_path: '.' }
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# Monkey-patching to support phpCAS implementation
|
|
18
|
+
# where the first time the 'ticket' param is not sent.
|
|
19
|
+
module OmniAuth
|
|
20
|
+
module Strategies
|
|
21
|
+
class CAS
|
|
22
|
+
alias_method :__callback_phase__, :callback_phase
|
|
23
|
+
|
|
24
|
+
def callback_phase
|
|
25
|
+
if !on_sso_path? && !request.params['ticket']
|
|
26
|
+
return request_phase
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
__callback_phase__
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
|
|
2
2
|
def configure_omniauth!(omniauth)
|
|
3
|
-
omniauth.provider :google_oauth2,
|
|
4
|
-
google_config.client_id,
|
|
5
|
-
google_config.client_secret
|
|
3
|
+
omniauth.provider :google_oauth2, setup: setup_proc
|
|
6
4
|
end
|
|
7
5
|
|
|
8
6
|
def name
|
|
@@ -11,7 +9,7 @@ class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
|
|
|
11
9
|
|
|
12
10
|
private
|
|
13
11
|
|
|
14
|
-
def
|
|
12
|
+
def default_settings
|
|
15
13
|
Mumukit::Login.config.google
|
|
16
14
|
end
|
|
17
15
|
end
|
|
@@ -1,36 +1,44 @@
|
|
|
1
1
|
class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
|
|
2
|
-
def saml_config
|
|
3
|
-
Mumukit::Login.config.saml
|
|
4
|
-
end
|
|
5
2
|
|
|
6
3
|
def configure_omniauth!(omniauth)
|
|
7
|
-
omniauth.provider :saml,
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
4
|
+
omniauth.provider :saml, setup: setup_proc
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
private
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
def default_settings
|
|
11
|
+
saml = Mumukit::Login.config.saml
|
|
12
|
+
# TODO: change the :assertion_consumer_service_url, the :issuer and the :slo_default_relay_state:
|
|
13
|
+
# => 1. we can not call any Organization method since there is none instantiated yet and
|
|
14
|
+
# => 2. we must use the absolut path to generate the right SAML metadata to set up the federation with the IdP
|
|
15
|
+
{
|
|
16
|
+
idp_cert: File.read('./saml_idp.crt'),
|
|
17
|
+
certificate: File.read('./saml.crt'),
|
|
18
|
+
private_key: File.read('./saml.key'),
|
|
19
|
+
idp_sso_target_url: saml.idp_sso_target_url,
|
|
20
|
+
idp_slo_target_url: saml.idp_slo_target_url,
|
|
21
|
+
slo_default_relay_state: saml.base_url,
|
|
22
|
+
attribute_service_name: 'Mumuki',
|
|
23
|
+
request_attributes: [
|
|
24
|
+
{name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
|
|
25
|
+
{name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name'},
|
|
26
|
+
{name: 'image', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Avatar image'}
|
|
27
|
+
],
|
|
28
|
+
attribute_statements: {
|
|
29
|
+
name: [saml.translation_name],
|
|
30
|
+
email: [saml.translation_email],
|
|
31
|
+
image: [saml.translation_image]
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def computed_settings(saml)
|
|
37
|
+
{
|
|
38
|
+
assertion_consumer_service_url: "#{saml.base_url}#{callback_path}",
|
|
39
|
+
single_logout_service_url: "#{saml.base_url}#{auth_path}/slo",
|
|
40
|
+
issuer: "#{saml.base_url}#{auth_path}"
|
|
41
|
+
}
|
|
34
42
|
end
|
|
35
43
|
|
|
36
44
|
def logout_redirection_path
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mumukit-login
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Franco Leonardo Bulgarelli
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -150,6 +150,20 @@ dependencies:
|
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
152
|
version: '1.6'
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: omniauth-cas
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: '1.1'
|
|
160
|
+
type: :runtime
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: '1.1'
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: omniauth-google-oauth2
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -198,14 +212,14 @@ dependencies:
|
|
|
198
212
|
requirements:
|
|
199
213
|
- - "~>"
|
|
200
214
|
- !ruby/object:Gem::Version
|
|
201
|
-
version: '2.
|
|
215
|
+
version: '2.6'
|
|
202
216
|
type: :runtime
|
|
203
217
|
prerelease: false
|
|
204
218
|
version_requirements: !ruby/object:Gem::Requirement
|
|
205
219
|
requirements:
|
|
206
220
|
- - "~>"
|
|
207
221
|
- !ruby/object:Gem::Version
|
|
208
|
-
version: '2.
|
|
222
|
+
version: '2.6'
|
|
209
223
|
description:
|
|
210
224
|
email:
|
|
211
225
|
- franco@mumuki.org
|
|
@@ -232,6 +246,7 @@ files:
|
|
|
232
246
|
- lib/mumukit/login/provider.rb
|
|
233
247
|
- lib/mumukit/login/provider/auth0.rb
|
|
234
248
|
- lib/mumukit/login/provider/base.rb
|
|
249
|
+
- lib/mumukit/login/provider/cas.rb
|
|
235
250
|
- lib/mumukit/login/provider/developer.rb
|
|
236
251
|
- lib/mumukit/login/provider/google.rb
|
|
237
252
|
- lib/mumukit/login/provider/saml.rb
|