okta_saml 0.0.6 → 3.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c75f4693aef436cf69cfd2d7b63ac4bacb42f397
+  data.tar.gz: f01778c3f18cf909d9ecc927a5c73469340f162a
+SHA512:
+  metadata.gz: cd25ad264353c69513000f4d6d6b2027e2b921b063e20c2cf8f736cba8fbb5431093359a98cdaf56e920f4496cf012dae2236d4239e8afd7f5c7f3078c89cc7f
+  data.tar.gz: afed5cd8f440331994fc18be18da01bc841cc7f7a3a85bfa13466eec12e0281b919578228823d0087345ac465d294841e44e946888bc9cdbcbd6dee47b4f5304

data/CONTRIBUTORS

@@ -0,0 +1,11 @@
+Michael Hoitomt
+Jared Branum
+Ed Leung
+Luke Fender
+Thomas Stankus
+Jeb Beich
+Eric Caspary
+Phong Si
+Eric Toulson
+Colin Rymer
+Jordi Noguera

data/{LICENSE.txt → LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2012 Jared Branum
+Copyright (c) 2014 RentPath, Inc.
 
 MIT License
 
@@ -19,4 +19,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,5 +1,7 @@
 # OktaSaml
 
+[![Code Climate](https://codeclimate.com/repos/5175815b56b1020c56000864/badges/aec34f2ab248de6035e0/gpa.png)](https://codeclimate.com/repos/5175815b56b1020c56000864/feed)
+
 [Okta](http://www.okta.com) is an IDP (Identity Provider) that offers enterprise authentication solutions. Okta works by redirecting visitors to your application to a login page that is hosted by Okta. Upon successful authentication Okta sends a POST request with a SAML payload to a Post Back URL (configured by you at setup). The okta_saml gem helps Ruby on Rails applications communicate with Okta.
 
 It is an engine that adds the following features to your application

data/Rakefile

@@ -12,6 +12,8 @@ rescue LoadError
   RDoc::Task = Rake::RDocTask
 end
 
+require 'bundler/gem_tasks'
+
 RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title    = 'OktaSaml'
@@ -23,12 +25,6 @@ end
 APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
 load 'rails/tasks/engine.rake'
 
-
-
-Bundler::GemHelper.install_tasks
-
-Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each{|f| load f}
-
 require 'rspec/core'
 require 'rspec/core/rake_task'
 
@@ -37,14 +33,3 @@ RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec
 
-namespace :gem do
-  task :build do
-    output = IO.popen("gem build okta_saml.gemspec")
-    a = output.readlines
-    a.keep_if{|line| line =~ /File:/}
-    a[0].match(/File:/)
-    filename = $'.strip
-    # puts `echo #{filename}`
-    puts `gem inabox #{filename}`
-  end
-end

data/app/controllers/saml_controller.rb

@@ -21,7 +21,7 @@ class SamlController < ApplicationController
   private
 
   def redirect_url
-    session[:redirect_url]
+    session[:redirect_url] || root_url
   end
 
   # Rails override to handle unverified post requests from Okta

data/config/routes.rb

@@ -1,4 +1,4 @@
 Rails.application.routes.draw do
   get '/saml/init' => 'saml#init'
-  match '/saml/consume' => 'saml#consume'
-end
+  post '/saml/consume' => 'saml#consume'
+end

data/lib/okta_saml.rb

@@ -2,7 +2,7 @@ require "okta_saml/version"
 require "okta_saml/session_helper"
 
 module OktaSaml
-  if defined?(Rails) && Rails::VERSION::MAJOR == 3
+  if defined?(Rails) && Rails::VERSION::MAJOR >= 3
     require "okta_saml/engine"
   end
 end

data/lib/okta_saml/constants.rb

@@ -1,11 +1,12 @@
 if defined?(Rails)
-  saml = begin
-    YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
+  begin
+    saml = YAML::load_file(Rails.root.join("config/okta_saml.yml").to_s)
+    SAML_SETTINGS = {
+      :idp_sso_target_url => saml[Rails.env]['idp_sso_target_url'],
+      :idp_cert_fingerprint => saml[Rails.env]['idp_cert_fingerprint']
+    }
   rescue Errno::ENOENT
     p "Missing okta_saml.yml file in Rails.root/config"
+    SAML_SETTINGS = {}
   end
-  SAML_SETTINGS = {
-    :idp_sso_target_url => saml[Rails.env]['idp_sso_target_url'],
-    :idp_cert_fingerprint => saml[Rails.env]['idp_cert_fingerprint']
-  }
-end
+end

data/lib/okta_saml/engine.rb

@@ -1,5 +1,8 @@
 require 'rubygems'
 require 'ruby-saml'
+require "net/http"
+require "uri"
+require "json"
 require_relative 'session_helper'
 
 class ActionController::Base
@@ -7,13 +10,72 @@ class ActionController::Base
 
   def okta_authenticate!
     session[:redirect_url] = params[:app_referer] || "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
-    redirect_to saml_init_path unless signed_in?
+
+    session[:referrer]  = params[:referrer]  if params[:referrer]
+    session[:auth_code] = params[:auth_code] if params[:auth_code]
+    auth_code = session[:auth_code]
+
+    # if no auth_code from propsol, auth using okta
+    if auth_code.blank?
+      redirect_to login_path unless signed_in?
+
+    else
+      ps_user_info = get_user_info(auth_code)
+      ps_user_id = ps_user_info["user-id"]
+      ps_token = ps_user_info["token"]
+      email = get_cr3_email(ps_user_id, ps_token)
+
+      if email.present?
+        # They have auth_code and mapping already exists (since email present)
+        # so log them in.
+        sign_in(OktaUser.new({:email => email}))
+
+      else # no mapping exists
+        if signed_in? # if already signed into okta, but does have
+                      # auth_code create the mapping.
+          create_ps_to_cr3_mapping(ps_user_id, current_user.email, ps_token)
+
+        else # since not signed into okta, send them to okta login.
+          redirect_to login_path
+        end
+      end
+    end
   end
 
   def okta_logout
     redirect_to saml_logout_path
   end
 
+  def create_ps_to_cr3_mapping(ps_user_id, email, token)
+    randr_uri = randr_uri("/portalsvc/propsol/add-user-mapping")
+    params = {"ps-user-id" => ps_user_id, "cr3-email" => email, "token" => token}
+    res = http_get(randr_uri, params)
+    res["result"]
+  end
+
+  def get_cr3_email(ps_user_id, ps_token)
+    randr_uri = randr_uri("/portalsvc/propsol/get-cr3-user")
+    params = {"ps-user-id" => ps_user_id, "token" => ps_token}
+    res = http_get(randr_uri, params)
+    res["email"]
+  end
+
+  def get_user_info(auth_code)
+    randr_uri = randr_uri("/portalsvc/propsol/get-ps-user-id")
+    params = {"auth-code" => auth_code}
+    res = http_get(randr_uri, params)
+  end
+
+  def http_get(uri, params)
+    uri = URI.parse(uri)
+    uri.query = URI.encode_www_form(params)
+    res = Net::HTTP.get_response(uri)
+    JSON.parse(res.body)
+  end
+
+  def randr_uri(path)
+    uri = Rails.application.config.randr_service + path
+  end
 end
 
 module OktaSaml
@@ -30,4 +92,4 @@ module OktaSaml
       end
     end
   end
-end
+end

data/lib/okta_saml/session_helper.rb

@@ -2,8 +2,7 @@ module OktaSaml
   module SessionHelper
     def sign_in(user)
       cookies.signed[:remember_token] = {
-        :value => user.email,
-        :expires => 3.hours.from_now
+        :value => user.email
       }
       current_user = user
     end

data/lib/okta_saml/version.rb

@@ -1,3 +1,3 @@
 module OktaSaml
-  VERSION = "0.0.6"
+  VERSION = "3.0.0"
 end

metadata

@@ -1,130 +1,118 @@
 --- !ruby/object:Gem::Specification
 name: okta_saml
 version: !ruby/object:Gem::Version
-  version: 0.0.6
-  prerelease: 
+  version: 3.0.0
 platform: ruby
 authors:
 - Michael Hoitomt
 - Jared Branum
 - Ed Leung
 - Luke Fender
+- Thomas Stankus
+- Jeb Beich
+- Eric Caspary
+- Phong Si
+- Eric Toulson
+- Jordi Noguera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-30 00:00:00.000000000 Z
+date: 2014-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.13
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.13
 - !ruby/object:Gem::Dependency
   name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.7.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.7.2
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: geminabox
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: The okta_saml gem helps Ruby on Rails applications communicate with Okta
 email:
-- mhoitomt@primedia.com
+- mhoitomt@rentpath.com
 - jbranum@primedia.com
 - eleung@primedia.com
 - lfender@primedia.com
+- tstankus@rentpath.com
+- jbeich@rentpath.com
+- ecaspary@rentpath.com
+- phong.si@gmail.com
+- etoulson@rentpath.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CONTRIBUTORS
+- LICENSE
+- README.md
+- Rakefile
 - app/controllers/saml_controller.rb
 - app/helpers/okta_application_helper.rb
 - app/models/okta_user.rb
 - config/okta_saml.sample.yml
 - config/routes.rb
 - lib/generators/okta_saml_generator.rb
+- lib/okta_saml.rb
 - lib/okta_saml/constants.rb
 - lib/okta_saml/engine.rb
 - lib/okta_saml/session_helper.rb
 - lib/okta_saml/version.rb
-- lib/okta_saml.rb
-- LICENSE.txt
-- Rakefile
-- README.md
 homepage: https://github.com/primedia/okta_saml
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: The okta_saml gem helps Ruby on Rails applications communicate with Okta.
   The gem properly contstructs the request to Okta and handles the response back from
   Okta.