okta_saml 3.0.1 → 4.0.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    OTVkYzI2MTk5NjliMDhiN2VkMWZhYjJlNDA0NzU3Yzg3NGJiY2JiOQ==
-  data.tar.gz: !binary |-
-    ZTJmYTczNTQwZWVhNmZlYTMxNWUwMWY1ZWMzNjA2NjQxMGJhZjlmMw==
+SHA1:
+  metadata.gz: cb1e64c45b5e58f72d2388a23890625d39cb2c3a
+  data.tar.gz: 72b22d10a35ee1eeee728e496b2d7d0e99d0ce2b
 SHA512:
-  metadata.gz: !binary |-
-    NzlmYzQ0ZTk1M2QxMTg2Yjc5NGZkZTk5YmYyOTIwNmQxYzY2YTM5YmVmOTcz
-    YTUzYzZkNGQ0NWIwNzZiYWQyMmI5YTVkM2ZlOTNmOWJlYWI2OWIwMzJkNjk2
-    YWVjZjQwZjZkYzVmYjBkNTU5YjM4ZDZiOWE1ZTEyODU5YWU2NmU=
-  data.tar.gz: !binary |-
-    OWEyODU3MGEyNTI3YjIyNGRjY2Y1MzVjMzMwZTY0NTI4NjdkMDJlNjczZTk2
-    NWY0NDNmZDIxNTdjOThiNDdmYmJhNjUyYzZhMmRhODA1MjZlOGQxOTNmMzNi
-    NmY1ZjUxOTM0YjU3ZTZkZjg5MDAwYmU2MjBlODE3ZGI1Y2JkMTY=
+  metadata.gz: ea662074d17d0bd8da667f1e1566c30353342d0719550a680084ff0ef5b278d5f83f4faf30def4515f4f46f6ee827ccd6a56079a7e3295ea3ce894e188beebda
+  data.tar.gz: d3214772254bf46ea268c5c7bcf56ac1a807248790c5146e03ab1225edd0b4e53df2c127fa9ca0c9e1d0d77127bb1e0143e23ac612f15358f600cc253bd7ac31

data/README.md

@@ -1,5 +1,9 @@
 # OktaSaml
 
+# Not maintained / Seeking a new maintainer
+Rentpath doesn't use SAML in our ruby applications anymore so keeping this project up today isn't likely.
+If you are interested in taking over this project please reach out to us.
+
 [![Gem Version](https://badge.fury.io/rb/okta_saml.svg)](http://badge.fury.io/rb/okta_saml)
 [![Code Climate](https://codeclimate.com/repos/5175815b56b1020c56000864/badges/aec34f2ab248de6035e0/gpa.png)](https://codeclimate.com/repos/5175815b56b1020c56000864/feed)
 [![Build Status](https://travis-ci.org/primedia/okta_saml.svg?branch=dev)](https://travis-ci.org/primedia/okta_saml)
@@ -63,6 +67,11 @@ The following steps are required when using the okta_saml gem
 2. Add a `before_filter` using okta_authenticate! in the controllers where authentication is required
 
 
+## TODO:
+
+- update setting configs from YAML to configuration block
+- rails 4 support
+
 ## Contributing
 
 1. Fork it

data/app/controllers/saml_controller.rb

@@ -11,10 +11,10 @@ class SamlController < ApplicationController
     response = idp_response(params)
     response.settings = saml_settings(request)
     if response.is_valid?
-      sign_in(OktaUser.new({:email => response.name_id}))
+      sign_in(OktaUser.new(email: response.name_id, attributes: response.attributes, issuer: response.issuer))
       redirect_to redirect_url
     else
-      render :text => "Failure"
+      render text: "Failure"
     end
   end
 

data/app/helpers/okta_application_helper.rb

@@ -1,11 +1,11 @@
 module OktaApplicationHelper
 
   def idp_response(params)
-    Onelogin::Saml::Response.new(params[:SAMLResponse])
+    OneLogin::RubySaml::Response.new(params[:SAMLResponse])
   end
 
   def saml_settings(request)
-    settings = Onelogin::Saml::Settings.new
+    settings = OneLogin::RubySaml::Settings.new
 
     settings.assertion_consumer_service_url = saml_consume_url(host: request.host)
     settings.issuer                         = "http://#{request.port == 80 ? request.host : request.host_with_port}"
@@ -19,7 +19,7 @@ module OktaApplicationHelper
   end
 
   def idp_login_request_url(request)
-    idp_request = Onelogin::Saml::Authrequest.new
+    idp_request = OneLogin::RubySaml::Authrequest.new
     idp_request.create(saml_settings(request))
   end
 

data/app/models/okta_user.rb

@@ -1,5 +1,5 @@
 class OktaUser
-  attr_accessor :email
+  attr_accessor :email, :attributes, :issuer
 
   def initialize(params)
     populate(params)
@@ -14,7 +14,7 @@ class OktaUser
   end
 
   def self.retrieve_from_cookie(remember_token)
-    OktaUser.new(:email => remember_token) unless remember_token.blank?
+    self.new(:email => remember_token) unless remember_token.blank?
   end
 
 end

data/lib/okta_saml/constants.rb

@@ -2,8 +2,8 @@ if defined?(Rails)
   begin
     saml = YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
     SAML_SETTINGS = {
-      :idp_sso_target_url => saml[Rails.env]['idp_sso_target_url'],
-      :idp_cert_fingerprint => saml[Rails.env]['idp_cert_fingerprint']
+      idp_sso_target_url:   saml[Rails.env]['idp_sso_target_url'],
+      idp_cert_fingerprint: saml[Rails.env]['idp_cert_fingerprint']
     }
   rescue Errno::ENOENT
     p "Missing okta_saml.yml file in Rails.root/config"

data/lib/okta_saml/engine.rb

@@ -10,72 +10,12 @@ class ActionController::Base
 
   def okta_authenticate!
     session[:redirect_url] = params[:app_referer] || "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
-
-    session[:referrer]  = params[:referrer]  if params[:referrer]
-    session[:auth_code] = params[:auth_code] if params[:auth_code]
-    auth_code = session[:auth_code]
-
-    # if no auth_code from propsol, auth using okta
-    if auth_code.blank?
-      redirect_to login_path unless signed_in?
-
-    else
-      ps_user_info = get_user_info(auth_code)
-      ps_user_id = ps_user_info["user-id"]
-      ps_token = ps_user_info["token"]
-      email = get_cr3_email(ps_user_id, ps_token)
-
-      if email.present?
-        # They have auth_code and mapping already exists (since email present)
-        # so log them in.
-        sign_in(OktaUser.new({:email => email}))
-
-      else # no mapping exists
-        if signed_in? # if already signed into okta, but does have
-                      # auth_code create the mapping.
-          create_ps_to_cr3_mapping(ps_user_id, current_user.email, ps_token)
-
-        else # since not signed into okta, send them to okta login.
-          redirect_to login_path
-        end
-      end
-    end
+    redirect_to saml_init_path unless signed_in?
   end
 
   def okta_logout
     redirect_to saml_logout_path
   end
-
-  def create_ps_to_cr3_mapping(ps_user_id, email, token)
-    randr_uri = randr_uri("/portalsvc/propsol/add-user-mapping")
-    params = {"ps-user-id" => ps_user_id, "cr3-email" => email, "token" => token}
-    res = http_get(randr_uri, params)
-    res["result"]
-  end
-
-  def get_cr3_email(ps_user_id, ps_token)
-    randr_uri = randr_uri("/portalsvc/propsol/get-cr3-user")
-    params = {"ps-user-id" => ps_user_id, "token" => ps_token}
-    res = http_get(randr_uri, params)
-    res["email"]
-  end
-
-  def get_user_info(auth_code)
-    randr_uri = randr_uri("/portalsvc/propsol/get-ps-user-id")
-    params = {"auth-code" => auth_code}
-    res = http_get(randr_uri, params)
-  end
-
-  def http_get(uri, params)
-    uri = URI.parse(uri)
-    uri.query = URI.encode_www_form(params)
-    res = Net::HTTP.get_response(uri)
-    JSON.parse(res.body)
-  end
-
-  def randr_uri(path)
-    uri = Rails.application.config.randr_service + path
-  end
 end
 
 module OktaSaml

data/lib/okta_saml/session_helper.rb

@@ -2,7 +2,11 @@ module OktaSaml
   module SessionHelper
     def sign_in(user)
       cookies.signed[:remember_token] = {
-        :value => user.email
+        value: {
+          email: user.email,
+          attributes: user.attributes,
+          issuer: user.issuer
+        }
       }
       self.current_user = user
     end

data/lib/okta_saml/version.rb

@@ -1,3 +1,3 @@
 module OktaSaml
-  VERSION = "3.0.1"
+  VERSION = "4.0.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: okta_saml
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 4.0.0
 platform: ruby
 authors:
 - Michael Hoitomt
@@ -17,48 +17,54 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-13 00:00:00.000000000 Z
+date: 2015-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.13
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.13
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.9.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.9.1
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: The okta_saml gem helps Ruby on Rails applications communicate with Okta
@@ -100,12 +106,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -117,3 +123,4 @@ summary: The okta_saml gem helps Ruby on Rails applications communicate with Okt
   The gem properly contstructs the request to Okta and handles the response back from
   Okta.
 test_files: []
+has_rdoc: