mumukit-login 5.3.2 → 6.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e36fd2e076cfae5452b64673fb12a977f0b55e7d39d393268d36a3ab92a44c7
4
- data.tar.gz: be2b007c7cad4d8a6ccef8eb04a591d6d2668fa03ad03ee9c9811d738d947991
3
+ metadata.gz: 8bb86f9086ebb051c3220e522f000cdf86f51ac5afb4385430f0a23a3a631ef4
4
+ data.tar.gz: f360003953411c4a1fe8174bbcb428427a70bdc49f653a22c039de0633a0ea24
5
5
  SHA512:
6
- metadata.gz: 4a2b6c4add2e22f9584d16580da9580eb37d7dc6eb48dec741a3bb67ca6d8dfa2208954f4bad68c67dfefec82f87329403dcebe337913664e6aee392d1f9580b
7
- data.tar.gz: 153b01a9d3b5411bd57a5bbdab4cde35a84f395c1b72ead874208011da52673f309c6a4edede805bc102c9d76f62d1ca84ca94858f0356b1cd275768ea76e61a
6
+ metadata.gz: b33e7bf8cc1ed64854aeaed0de4d99a390378c272f0e39a893d95972ece9f9c0fa6d21ba34d7176f0610aa96425c2966f5b43db57d1de0f2c902d2506c6a57c7
7
+ data.tar.gz: 4d685044b1abcd5ec40c63792a942f3844a28a375ce37116c25cffedad278915971304e4a1d353bfa269b6d0593bb154773aea52ac3348516311c17838f3b994
data/lib/mumukit/login.rb CHANGED
@@ -4,6 +4,7 @@ require 'addressable/uri'
4
4
  require 'omniauth'
5
5
  require 'omniauth-auth0'
6
6
  require 'omniauth-saml'
7
+ require 'omniauth-google-oauth2'
7
8
 
8
9
  require 'mumukit/core'
9
10
  require 'mumukit/auth'
@@ -29,6 +30,7 @@ module Mumukit::Login
29
30
  config.mucookie_duration = ENV['MUMUKI_MUCOOKIE_DURATION'].defaulting(14, &:to_i)
30
31
 
31
32
  config.provider = Mumukit::Login::Provider.from_env
33
+
32
34
  config.saml = struct base_url: ENV['MUMUKI_SAML_BASE_URL'],
33
35
  idp_sso_target_url: ENV['MUMUKI_SAML_IDP_SSO_TARGET_URL'],
34
36
  idp_slo_target_url: ENV['MUMUKI_SAML_IDP_SLO_TARGET_URL'],
@@ -38,6 +40,8 @@ module Mumukit::Login
38
40
  config.auth0 = struct client_id: ENV['MUMUKI_AUTH0_CLIENT_ID'],
39
41
  client_secret: ENV['MUMUKI_AUTH0_CLIENT_SECRET'],
40
42
  domain: ENV['MUMUKI_AUTH0_DOMAIN']
43
+ config.google = struct client_id: ENV['MUMUKI_GOOGLE_CLIENT_ID'],
44
+ client_secret: ENV['MUMUKI_GOOGLE_CLIENT_SECRET']
41
45
  end
42
46
  end
43
47
 
@@ -71,7 +75,7 @@ module Mumukit::Login
71
75
  # @param [OmniAuth::Builder] omniauth
72
76
  #
73
77
  def self.configure_omniauth!(omniauth)
74
- provider.configure_omniauth! omniauth
78
+ Mumukit::Login::Provider.setup_providers! omniauth
75
79
  end
76
80
 
77
81
  def self.configure_login_routes!(native)
@@ -93,7 +97,7 @@ module Mumukit::Login
93
97
  end
94
98
 
95
99
  def self.provider
96
- Mumukit::Login.config.provider
100
+ Mumukit::Platform::Organization.current.login_provider_object || config.provider
97
101
  end
98
102
  end
99
103
 
@@ -64,7 +64,6 @@ module Mumukit::Platform::WebFramework::Rails
64
64
  # @param [ActionController::Base::Class] controller_class
65
65
  #
66
66
  def self.configure_controller!(controller_class)
67
- Mumukit::Login.config.provider.configure_rails_forgery_protection!(controller_class)
68
67
  controller_class.class_eval do
69
68
  include Mumukit::Login::AuthenticationHelpers
70
69
  include Mumukit::Login::AuthorizationHelpers
@@ -37,6 +37,6 @@ module Mumukit::Login::AuthenticationHelpers
37
37
  end
38
38
 
39
39
  def login_provider
40
- Mumukit::Login.config.provider
40
+ Mumukit::Login.provider
41
41
  end
42
42
  end
@@ -1,8 +1,23 @@
1
1
  module Mumukit::Login::Provider
2
+ PROVIDERS = %w(
3
+ developer
4
+ saml
5
+ auth0
6
+ google
7
+ )
8
+
2
9
  def self.from_env
3
10
  parse_login_provider(login_provider_string)
4
11
  end
5
12
 
13
+ def self.enabled_providers
14
+ if ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].blank?
15
+ PROVIDERS
16
+ else
17
+ ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ', '
18
+ end
19
+ end
20
+
6
21
  def self.login_provider_string
7
22
  if ENV['MUMUKI_LOGIN_PROVIDER'].blank? || ENV['RACK_ENV'] == 'test' || ENV['RAILS_ENV'] == 'test'
8
23
  'developer'
@@ -19,13 +34,26 @@ module Mumukit::Login::Provider
19
34
  Mumukit::Login::Provider::Saml.new
20
35
  when 'auth0'
21
36
  Mumukit::Login::Provider::Auth0.new
37
+ when 'google'
38
+ Mumukit::Login::Provider::Google.new
22
39
  else
23
40
  raise "Unknown login_provider `#{login_provider}`"
24
41
  end
25
42
  end
43
+
44
+ def self.setup_providers!(omniauth)
45
+ enabled_providers.each { |it| parse_login_provider(it).configure_omniauth!(omniauth) }
46
+ end
47
+ end
48
+
49
+ module Mumukit::Platform::Organization::Helpers
50
+ def login_provider_object
51
+ @login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it } # add provider settings in the future
52
+ end
26
53
  end
27
54
 
28
55
  require_relative './provider/base'
29
- require_relative './provider/saml'
30
- require_relative './provider/auth0'
31
- require_relative './provider/developer'
56
+
57
+ Mumukit::Login::Provider.enabled_providers.each do |it|
58
+ require_relative "./provider/#{it}"
59
+ end
@@ -15,8 +15,7 @@ class Mumukit::Login::Provider::Auth0 < Mumukit::Login::Provider::Base
15
15
 
16
16
  def header_html(*)
17
17
  <<HTML
18
- <script src="https://cdn.auth0.com/js/lock/11.5.2/lock.min.js"></script>
19
- </script>
18
+ <script src="https://cdn.auth0.com/js/lock/11.5.2/lock.min.js"></script>
20
19
  HTML
21
20
  end
22
21
 
@@ -9,12 +9,15 @@ class Mumukit::Login::Provider::Base
9
9
  controller.redirect! auth_path
10
10
  end
11
11
 
12
- def configure_rails_forgery_protection!(action_controller)
13
- action_controller.protect_from_forgery with: :exception
12
+ def login_path(controller)
13
+ create_uri '/login', login_path_params(controller)
14
14
  end
15
15
 
16
- def login_path(controller)
17
- create_uri '/login', origin: create_uri(controller.request.path, controller.request.params)
16
+ def login_path_params(controller)
17
+ {
18
+ origin: create_uri(controller.request.path, controller.request.params),
19
+ organization: Mumukit::Platform::Organization.current.name
20
+ }
18
21
  end
19
22
 
20
23
  def auth_path
@@ -2,7 +2,4 @@ class Mumukit::Login::Provider::Developer < Mumukit::Login::Provider::Base
2
2
  def configure_omniauth!(omniauth)
3
3
  omniauth.provider :developer
4
4
  end
5
-
6
- def configure_rails_forgery_protection!(*)
7
- end
8
5
  end
@@ -0,0 +1,17 @@
1
+ class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
2
+ def configure_omniauth!(omniauth)
3
+ omniauth.provider :google_oauth2,
4
+ google_config.client_id,
5
+ google_config.client_secret
6
+ end
7
+
8
+ def name
9
+ 'google_oauth2'
10
+ end
11
+
12
+ private
13
+
14
+ def google_config
15
+ Mumukit::Login.config.google
16
+ end
17
+ end
@@ -14,9 +14,6 @@ class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
14
14
  idp_sso_target_url: saml_config.idp_sso_target_url,
15
15
  idp_slo_target_url: saml_config.idp_slo_target_url,
16
16
  slo_default_relay_state: saml_config.base_url,
17
- idp_cert: File.read('./saml_idp.crt'),
18
- certificate: File.read('./saml.crt'),
19
- private_key: File.read('./saml.key'),
20
17
  attribute_service_name: 'Mumuki',
21
18
  request_attributes: [
22
19
  {name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
@@ -27,14 +24,15 @@ class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
27
24
  name: [saml_config.translation_name],
28
25
  email: [saml_config.translation_email],
29
26
  image: [saml_config.translation_image]
27
+ },
28
+ setup: lambda { |env|
29
+ options = env['omniauth.strategy'].options
30
+ options[:idp_cert] = File.read('./saml_idp.crt') # This is just a quickfix to avoid breaking if there are no saml configuration files.
31
+ options[:certificate] = File.read('./saml.crt') # It could also serve to parametrize these files by organization
32
+ options[:private_key] = File.read('./saml.key') # and have multiple organizations with different saml providers though.
30
33
  }
31
34
  end
32
35
 
33
- def configure_rails_forgery_protection!(_controller_class)
34
- # FIXME this is big security issue
35
- # Do nothing (do not protect): the IdP calls the assertion_url via POST and without the CSRF token
36
- end
37
-
38
36
  def logout_redirection_path
39
37
  "#{auth_path}/spslo"
40
38
  end
@@ -7,7 +7,7 @@ class Mumukit::Login::Settings
7
7
  user_pass: 'Username-Password-Authentication'
8
8
  }
9
9
 
10
- attr_accessor :login_methods
10
+ attr_reader :login_methods
11
11
 
12
12
  def initialize(login_methods = Mumukit::Login::Settings.default_methods)
13
13
  @login_methods = login_methods.map(&:to_sym)
@@ -1,5 +1,5 @@
1
1
  module Mumukit
2
2
  module Login
3
- VERSION = '5.3.2'
3
+ VERSION = '6.0.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mumukit-login
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.3.2
4
+ version: 6.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Franco Leonardo Bulgarelli
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-01 00:00:00.000000000 Z
11
+ date: 2018-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -150,6 +150,20 @@ dependencies:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
152
  version: '1.6'
153
+ - !ruby/object:Gem::Dependency
154
+ name: omniauth-google-oauth2
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '0.5'
160
+ type: :runtime
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: '0.5'
153
167
  - !ruby/object:Gem::Dependency
154
168
  name: mumukit-core
155
169
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +198,14 @@ dependencies:
184
198
  requirements:
185
199
  - - "~>"
186
200
  - !ruby/object:Gem::Version
187
- version: '2.0'
201
+ version: '2.5'
188
202
  type: :runtime
189
203
  prerelease: false
190
204
  version_requirements: !ruby/object:Gem::Requirement
191
205
  requirements:
192
206
  - - "~>"
193
207
  - !ruby/object:Gem::Version
194
- version: '2.0'
208
+ version: '2.5'
195
209
  description:
196
210
  email:
197
211
  - franco@mumuki.org
@@ -219,6 +233,7 @@ files:
219
233
  - lib/mumukit/login/provider/auth0.rb
220
234
  - lib/mumukit/login/provider/base.rb
221
235
  - lib/mumukit/login/provider/developer.rb
236
+ - lib/mumukit/login/provider/google.rb
222
237
  - lib/mumukit/login/provider/saml.rb
223
238
  - lib/mumukit/login/settings.rb
224
239
  - lib/mumukit/login/shared_session.rb