RubyGems - mumukit-login - Versions diffs - 6.0.0 → 6.1.0 - Mend

mumukit-login 6.0.0 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/mumukit/login.rb +4 -0
data/lib/mumukit/login/provider.rb +19 -14
data/lib/mumukit/login/provider/base.rb +36 -0
data/lib/mumukit/login/provider/cas.rb +33 -0
data/lib/mumukit/login/provider/google.rb +2 -4
data/lib/mumukit/login/provider/saml.rb +38 -30
data/lib/mumukit/login/version.rb +1 -1
metadata +19 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8bb86f9086ebb051c3220e522f000cdf86f51ac5afb4385430f0a23a3a631ef4
-  data.tar.gz: f360003953411c4a1fe8174bbcb428427a70bdc49f653a22c039de0633a0ea24
+  metadata.gz: fe52c3b70549d1524064047a8b327993045b77494dd2595c099b5cbe3a3c629f
+  data.tar.gz: 5a4e310ef3fc43944f24b71f0629600d1e62d6e888b30c8503b24a9824ba0204
 SHA512:
-  metadata.gz: b33e7bf8cc1ed64854aeaed0de4d99a390378c272f0e39a893d95972ece9f9c0fa6d21ba34d7176f0610aa96425c2966f5b43db57d1de0f2c902d2506c6a57c7
-  data.tar.gz: 4d685044b1abcd5ec40c63792a942f3844a28a375ce37116c25cffedad278915971304e4a1d353bfa269b6d0593bb154773aea52ac3348516311c17838f3b994
+  metadata.gz: 41d1230b11a4b8baa99adfaa25b41b31f007d64b097097650540ce46ee1ef6fd702028403eb794c7ff1791000625a7dc1bba70226df0879656d629af22498081
+  data.tar.gz: 39a87397c1f89c9f3378c840a22b0de9fda8208887a031ae68e3c216e59a207767fd262fc86ec53d50b3ec2e8790cd04982b24af1030b52a170b3acc06462eb1

data/lib/mumukit/login.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require 'addressable/uri'
 require 'omniauth'
 require 'omniauth-auth0'
 require 'omniauth-saml'
+require 'omniauth-cas'
 require 'omniauth-google-oauth2'
 require 'mumukit/core'
@@ -37,6 +38,9 @@ module Mumukit::Login
                            translation_name: ENV['MUMUKI_SAML_TRANSLATION_NAME'] || 'name',
                            translation_email: ENV['MUMUKI_SAML_TRANSLATION_EMAIL'] || 'email',
                            translation_image: ENV['MUMUKI_SAML_TRANSLATION_IMAGE'] || 'image'
+      config.cas = struct url: ENV['MUMUKI_CAS_URL'],
+                          host: ENV['MUMUKI_CAS_HOST'],
+                          disable_ssl_verification: ENV['MUMUKI_CAS_DISABLE_SSL_VERIFICATION'] == 'true'
       config.auth0 = struct client_id: ENV['MUMUKI_AUTH0_CLIENT_ID'],
                             client_secret: ENV['MUMUKI_AUTH0_CLIENT_SECRET'],
                             domain: ENV['MUMUKI_AUTH0_DOMAIN']

data/lib/mumukit/login/provider.rb CHANGED Viewed

@@ -2,6 +2,7 @@ module Mumukit::Login::Provider
   PROVIDERS = %w(
     developer
     saml
+    cas
     auth0
     google
   )
@@ -10,11 +11,22 @@ module Mumukit::Login::Provider
     parse_login_provider(login_provider_string)
   end
+  def self.default_enabled_providers
+    case ENV['RACK_ENV'] || ENV['RAILS_ENV']
+      when 'production'
+        PROVIDERS - %w(developer)
+      when 'test'
+        PROVIDERS
+      else
+        %w(developer)
+    end
+  end
   def self.enabled_providers
     if ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].blank?
-      PROVIDERS
+      default_enabled_providers
     else
-      ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ', '
+      ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ','
     end
   end
@@ -27,17 +39,10 @@ module Mumukit::Login::Provider
   end
   def self.parse_login_provider(login_provider)
-    case login_provider
-      when 'developer'
-        Mumukit::Login::Provider::Developer.new
-      when 'saml'
-        Mumukit::Login::Provider::Saml.new
-      when 'auth0'
-        Mumukit::Login::Provider::Auth0.new
-      when 'google'
-        Mumukit::Login::Provider::Google.new
-      else
-        raise "Unknown login_provider `#{login_provider}`"
+    if enabled_providers.include? login_provider
+      "Mumukit::Login::Provider::#{login_provider.capitalize}".constantize.new
+    else
+      raise "Unknown login_provider `#{login_provider}`"
     end
   end
@@ -48,7 +53,7 @@ end
 module Mumukit::Platform::Organization::Helpers
   def login_provider_object
-    @login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it } # add provider settings in the future
+    @login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it }
   end
 end

data/lib/mumukit/login/provider/base.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 class Mumukit::Login::Provider::Base
   def name
     @name ||= self.class.name.demodulize.downcase
   end
@@ -44,6 +45,41 @@ class Mumukit::Login::Provider::Base
     nil
   end
+  def setup_proc
+    proc do |env|
+      options = env['omniauth.strategy'].options
+      effective_settings = default_settings.to_h.merge(current_organization_settings)
+      options.merge!(effective_settings)
+      options.merge!(computed_settings(effective_settings.to_struct))
+    end
+  end
+  def current_organization_settings
+    Mumukit::Platform::Organization.current.login_provider_settings || {}
+  end
+  # Default provider settings that come from the environment
+  #
+  # Override this method in order to read ENV and in order to provide default settings
+  #
+  # These setting can be overriden by organization's `provider_settings`
+  # and by the provider's `computed_settings`
+  def default_settings
+    {}
+  end
+  # Provider settings that are computed based on effective settings - that is,
+  # the default settings merged with the organizations settings.
+  #
+  # Override this method in order to provide settings that depend not only on the organization
+  # or defaults, but also commputed expressions.
+  #
+  # These settings can not be overriden.
+  def computed_settings(effective_settings)
+    {}
+  end
   private
   def create_uri(path, query_values)

data/lib/mumukit/login/provider/cas.rb ADDED Viewed

@@ -0,0 +1,33 @@
+class Mumukit::Login::Provider::Cas < Mumukit::Login::Provider::Base
+  def configure_omniauth!(omniauth)
+    omniauth.provider :cas, setup: setup_proc
+  end
+  private
+  def default_settings
+    Mumukit::Login.config.cas
+  end
+  def computed_settings(_cas)
+    { ca_path: '.' }
+  end
+end
+# Monkey-patching to support phpCAS implementation
+# where the first time the 'ticket' param is not sent.
+module OmniAuth
+  module Strategies
+    class CAS
+      alias_method :__callback_phase__, :callback_phase
+      def callback_phase
+        if !on_sso_path? && !request.params['ticket']
+          return request_phase
+        end
+        __callback_phase__
+      end
+    end
+  end
+end

data/lib/mumukit/login/provider/google.rb CHANGED Viewed

@@ -1,8 +1,6 @@
 class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
   def configure_omniauth!(omniauth)
-    omniauth.provider :google_oauth2,
-                      google_config.client_id,
-                      google_config.client_secret
+    omniauth.provider :google_oauth2, setup: setup_proc
   end
   def name
@@ -11,7 +9,7 @@ class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
   private
-  def google_config
+  def default_settings
     Mumukit::Login.config.google
   end
 end

data/lib/mumukit/login/provider/saml.rb CHANGED Viewed

@@ -1,36 +1,44 @@
 class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
-  def saml_config
-    Mumukit::Login.config.saml
-  end
   def configure_omniauth!(omniauth)
-    omniauth.provider :saml,
-                      # TODO: change the :assertion_consumer_service_url, the :issuer and the :slo_default_relay_state:
-                      # =>  1. we can not call any Organization method since there is none instantiated yet and
-                      # =>  2. we must use the absolut path to generate the right SAML metadata to set up the federation with the IdP
-                      assertion_consumer_service_url: "#{saml_config.base_url}#{callback_path}",
-                      single_logout_service_url: "#{saml_config.base_url}#{auth_path}/slo",
-                      issuer: "#{saml_config.base_url}#{auth_path}",
-                      idp_sso_target_url: saml_config.idp_sso_target_url,
-                      idp_slo_target_url: saml_config.idp_slo_target_url,
-                      slo_default_relay_state: saml_config.base_url,
-                      attribute_service_name: 'Mumuki',
-                      request_attributes: [
-                          {name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
-                          {name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name'},
-                          {name: 'image', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Avatar image'}
-                      ],
-                      attribute_statements: {
-                          name: [saml_config.translation_name],
-                          email: [saml_config.translation_email],
-                          image: [saml_config.translation_image]
-                      },
-                      setup: lambda { |env|
-                        options = env['omniauth.strategy'].options
-                        options[:idp_cert] = File.read('./saml_idp.crt')  # This is just a quickfix to avoid breaking if there are no saml configuration files.
-                        options[:certificate] = File.read('./saml.crt')   # It could also serve to parametrize these files by organization
-                        options[:private_key] = File.read('./saml.key')   # and have multiple organizations with different saml providers though.
-                      }
+    omniauth.provider :saml, setup: setup_proc
+  end
+  private
+  def default_settings
+    saml = Mumukit::Login.config.saml
+    # TODO: change the :assertion_consumer_service_url, the :issuer and the :slo_default_relay_state:
+    # =>  1. we can not call any Organization method since there is none instantiated yet and
+    # =>  2. we must use the absolut path to generate the right SAML metadata to set up the federation with the IdP
+    {
+      idp_cert: File.read('./saml_idp.crt'),
+      certificate: File.read('./saml.crt'),
+      private_key: File.read('./saml.key'),
+      idp_sso_target_url: saml.idp_sso_target_url,
+      idp_slo_target_url: saml.idp_slo_target_url,
+      slo_default_relay_state: saml.base_url,
+      attribute_service_name: 'Mumuki',
+      request_attributes: [
+        {name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
+        {name: 'name', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Full name'},
+        {name: 'image', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Avatar image'}
+      ],
+      attribute_statements: {
+        name: [saml.translation_name],
+        email: [saml.translation_email],
+        image: [saml.translation_image]
+      }
+    }
+  end
+  def computed_settings(saml)
+    {
+      assertion_consumer_service_url: "#{saml.base_url}#{callback_path}",
+      single_logout_service_url: "#{saml.base_url}#{auth_path}/slo",
+      issuer: "#{saml.base_url}#{auth_path}"
+    }
   end
   def logout_redirection_path

data/lib/mumukit/login/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Mumukit
   module Login
-    VERSION = '6.0.0'
+    VERSION = '6.1.0'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-login
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.1.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-14 00:00:00.000000000 Z
+date: 2018-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -150,6 +150,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: omniauth-cas
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: omniauth-google-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -198,14 +212,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.5'
+        version: '2.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.5'
+        version: '2.6'
 description:
 email:
 - franco@mumuki.org
@@ -232,6 +246,7 @@ files:
 - lib/mumukit/login/provider.rb
 - lib/mumukit/login/provider/auth0.rb
 - lib/mumukit/login/provider/base.rb
+- lib/mumukit/login/provider/cas.rb
 - lib/mumukit/login/provider/developer.rb
 - lib/mumukit/login/provider/google.rb
 - lib/mumukit/login/provider/saml.rb