RubyGems - omniauth-aai - Versions diffs - 0.5.2 → 0.6.3 - Mend

omniauth-aai 0.5.2 → 0.6.3

Files changed (245) hide show

data/lib/generators/aai/templates/migration.rb CHANGED Viewed

@@ -1,10 +1,26 @@
-class AaiCreateUser < ActiveRecord::Migration
+class CreateAaiUser < ActiveRecord::Migration
   def change
     create_table(:users) do |t|
       t.string :uid
+      t.string :unique_id
+      t.string :persistent_id
+      t.string :email
+      t.string :first_name
+      t.string :last_name
+      t.string :home_organization
+      t.text :raw_data
       t.timestamps
     end
-    add_index :users, :uid, :unique => true
+    # if ActiveRecord::Base.connection.adapter_name == "PostgreSQL"
+    #   add_column :users, :raw_data, :json
+    # else
+    #   add_column :users, :raw_data, :string
+    # end
+    add_index :users, :uid, unique: true
+    add_index :users, :unique_id, unique: true
+    add_index :users, :persistent_id, unique: true
   end
 end

data/lib/generators/aai/templates/omniauth.rb CHANGED Viewed

@@ -1,11 +1,23 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
   if Rails.env.development?
     provider :developer, {
-      :uid_field => :swiss_ep_uid, #:'persistent-id', swiss_ep_uid
-      :fields => OmniAuth::Strategies::Aai::DEFAULT_FIELDS,
-      :extra_fields => OmniAuth::Strategies::Aai::DEFAULT_EXTRA_FIELDS
-    }
+      uid_field: 'persistent-id',
+      fields: [:name, :email, :persistent_id, :unique_id]
+    }
   else
-    provider :aai
+    provider :aai, {
+      uid_field:      "uid", # Defaults to :'persistent-id'. Alternative :unique_id
+      name_field:     "displayName",
+      info_fields: {
+        unique_id:            "uniqueID",
+        persistent_id:        "persistent-id",
+        email:                "mail",
+        first_name:           "givenName",
+        last_name:            "surname",
+        home_organization:    "homeOrganization",
+        preferred_language:   "preferredLanguage",
+        affiliation:          "affiliation"
+      }
+    }
   end
-end
+end

data/lib/generators/aai/templates/session_controller.rb CHANGED Viewed

@@ -1,12 +1,11 @@
 class SessionController < ApplicationController
+  skip_before_filter :verify_authenticity_token, only: :create, if: Rails.env.development?
   def create
   <% if options[:persist] %>
-    #Add  whatever fields you want to save
-    self.current_user = User.find_or_create_by_uid( auth_hash[:uid] )
-    #Auth Hash is not persistent
-    self.current_user.aai = auth_hash
+    self.current_user = User.update_or_create_with_omniauth_aai(auth_hash)
   <% else %>
     user = User.new
     user.uid = auth_hash[:uid]
@@ -30,11 +29,10 @@ class SessionController < ApplicationController
     redirect_to(root_path)
   end
-  protected
+  private
   def auth_hash
     request.env['omniauth.auth']
   end
-end
+end

data/lib/generators/aai/templates/user.rb CHANGED Viewed

@@ -1,8 +1,32 @@
 class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
 <% if options[:persist] %>
-  attr_accessible :uid
+  # attr_accessible :uid
   attr_accessor :aai
   PERSISTENT = true
+  def self.update_or_create_with_omniauth_aai(omniauth_aai)
+    user = find_or_build_with_uid(omniauth_aai['uid'])
+    user.attributes = {
+      unique_id:          omniauth_aai.info.unique_id,
+      persistent_id:      omniauth_aai.info.persistent_id,
+      email:              omniauth_aai.info.email,
+      first_name:         omniauth_aai.info.first_name,
+      last_name:          omniauth_aai.info.last_name,
+      home_organization:  omniauth_aai.info.home_organization,
+      # affiliation: omniauth_aai.info.affiliation,
+      raw_data:           omniauth_aai.respond_to?(:to_hash) ? omniauth_aai.to_hash : omniauth_aai.inspect
+    }
+    user.save
+    user
+  end
+  def self.find_or_build_with_uid(aai_uid)
+    if aai_uid.present?
+      where(uid: aai_uid).first || new(uid: aai_uid)
+    else
+      new
+    end
+  end
 <% else %>
   attr_accessor :aai, :uid
   PERSISTENT = false
@@ -21,7 +45,6 @@ class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
   end
 <% if options[:persist] %>
   def marshal
     self.uid
   end
@@ -33,7 +56,6 @@ class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
   def unmarshal(session_data)
     self.reload
   end
 <% else %>
   def marshal
     {
@@ -52,11 +74,5 @@ class User <%= options[:persist]  ? "< ActiveRecord::Base" : "" %>
     self.uid = session_data[:id]
     self.aai = session_data[:aai]
   end
  <% end %>
-  #def shib_session_id
-  #  aai["extra"]["raw_info"]['Shib-Session-ID']
-  #end
-  #
 end

data/lib/omniauth-aai.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 require "omniauth-aai/version"
 require "omniauth"
-require "action_controller/has_current_user"
+require "omniauth/has_current_user"
+# require "action_controller/has_current_user"
 module OmniAuth
   module Strategies

data/lib/omniauth-aai/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OmniAuth
   module Aai
-    VERSION = "0.5.2"
+    VERSION = "0.6.3"
   end
 end

data/lib/omniauth/has_current_user.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'active_support/concern'
+module Omniauth
+  module HasCurrentUser
+    extend ActiveSupport::Concern
+    included do
+      helper_method :current_user
+    end
+    module ClassMethods
+      def has_current_user
+        include Omniauth::HasCurrentUser::InstanceMethods
+      end
+    end
+    module InstanceMethods
+      @user = nil
+      def current_user
+        return nil unless @user.present? || session[:current_user].present?
+        @user = @user || User.unmarshal( session[:current_user] )
+        @user
+      end
+      # Set the current user
+      def current_user=(user)
+        @user = user
+        session[:current_user] = @user.marshal unless @user.nil?
+      end
+      # Authenticate User
+      def authenticate!
+        return if authenticated?
+        session[:return_to] = request.url
+        if Rails.env.development?
+          redirect_to "/auth/developer"
+        else
+          redirect_to "/auth/aai"
+        end
+      end
+      # User authenticated?
+      def authenticated?
+        return true if self.current_user.present? && self.current_user.uid.present?
+        return false
+      end
+    end
+  end
+end
+begin
+  ActionController::Base.send :include, Omniauth::HasCurrentUser
+rescue NameError => e
+  puts "ActionController undefined"
+end

data/lib/omniauth/strategies/aai.rb CHANGED Viewed

@@ -3,80 +3,71 @@ module OmniAuth
   module Strategies
     class Aai < OmniAuth::Strategies::Shibboleth
-      # 8 core attributes, which must be available for all users
+      # 8 core attributes available for all users
       CORE_ATTRIBUTES = {
-        swiss_ep_uid:          [:'uniqueID'],
-        surname:               [:'surname'],
-        first_name:            [:'givenName'],
-        mail:                  [:'mail'],
-        homeOrganization:      [:'homeOrganization'],
-        homeOrganizationType:  [:'homeOrganizationType'],
-        affiliation:           [:'affiliation']
-        # swiss_ep_uid:          [:'Shib-SwissEP-UniqueID'],
-        # first_name:            [:'Shib-InetOrgPerson-givenName'],
-        # surname:               [:'Shib-Person-surname'],
-        # mail:                  [:'Shib-InetOrgPerson-mail'],
-        # homeOrganization:      [:'Shib-SwissEP-HomeOrganization'],
-        # homeOrganizationType:  [:'Shib-SwissEP-HomeOrganizationType'],
-        # affiliation:           [:'Shib-EP-Affiliation']
+        unique_id:                "uniqueID",
+        persistent_id:            "persistent-id",
+        email:                    "mail",
+        first_name:               "givenName",
+        last_name:                "surname",
+        home_organization:        "homeOrganization",
+        home_organization_type:   "homeOrganizationType",
+        affiliation:              "affiliation"
       }
-      # 8 or more Shibboleth attributes, set by the Service Provider automatically if a user has a valid session
+      # 8 or more Shibboleth attributes, set by the Service Provider automatically for users with a valid session
       SHIBBOLETH_ATTRIBUTES = {
-        :entitlement => [:'entitlement'],
-        :preferredLanguage => [:'preferredLanguage'],
-        :'Shib-Application-ID' => [],
-        :'Shib-Assertion-01' => [],
-        :'Shib-Assertion-Count' => [],
-        :'Shib-Authentication-Instant' => [],
-        :'Shib-Authentication-Method' => [],
-        :'Shib-AuthnContext-Class' => [],
-        :'Shib-Identity-Provider' => [],
-        :'Shib-Session-ID' => []
-        # :entitlement => [:'Shib-EP-Entitlement'],
-        # :preferredLanguage => [:'Shib-InetOrgPerson-preferredLanguage'],
-        # :'Shib-Application-ID' => [],
-        # :'Shib-Assertion-01' => [],
-        # :'Shib-Assertion-Count' => [],
-        # :'Shib-Authentication-Instant' => [],
-        # :'Shib-Authentication-Method' => [],
-        # :'Shib-AuthnContext-Class' => [],
-        # :'Shib-Identity-Provider' => [],
-        # :'Shib-Session-ID' => []
+        entitlement: 'entitlement',
+        preferredLanguage: 'preferredLanguage'
+        #   :'Shib-Application-ID' => [],
+        #   :'Shib-Assertion-01' => [],
+        #   :'Shib-Assertion-Count' => [],
+        #   :'Shib-Authentication-Instant' => [],
+        #   :'Shib-Authentication-Method' => [],
+        #   :'Shib-AuthnContext-Class' => [],
+        #   :'Shib-Identity-Provider' => [],
+        #   :'Shib-Session-ID' => []
       }
-      DEFAULT_EXTRA_FIELDS = (CORE_ATTRIBUTES.keys + SHIBBOLETH_ATTRIBUTES.keys)
-      DEFAULT_FIELDS = [:name, :email, :swiss_ep_uid ]
-      # persistent-id is default uid
-      option :uid_field, :'persistent-id'
+      # DEFAULT_FIELDS = [:name, :email, :persistent_id, :unique_id]
+      DEFAULT_EXTRA_FIELDS = (SHIBBOLETH_ATTRIBUTES.keys)
+      # DEFAULT_EXTRA_FIELDS = (CORE_ATTRIBUTES.keys + SHIBBOLETH_ATTRIBUTES.keys)
-      option :debug, false
+      option :uid_field, 'persistent-id'
+      option :name_field, 'displayName'
+      option :email_field, 'mail'
+      # option :fields, DEFAULT_FIELDS
+      # option :info_fields, {}
+      option :info_fields, CORE_ATTRIBUTES
+      option :extra_fields, DEFAULT_EXTRA_FIELDS
+      # option :aai_fields, CORE_ATTRIBUTES
+      # option :aai_extra_fields, SHIBBOLETH_ATTRIBUTES
-      option :aai_fields, CORE_ATTRIBUTES
+      # Attributes checked to find out if there is a valid shibboleth session
+      option :shib_session_id_field, 'Shib-Session-ID'
+      option :shib_application_id_field, 'Shib-Application-ID'
-      option :aai_extra_fields, SHIBBOLETH_ATTRIBUTES
+      option :request_type, :env
+      option :debug, false
-      option :fields, DEFAULT_FIELDS
-      option :extra_fields, DEFAULT_EXTRA_FIELDS
       # # # # #
       # Helper Methods
       # # # # #
-      def aai_attributes
-        options.aai_extra_fields.merge(options.aai_fields)
-      end
-      def read_env( attribute_key )
-        ([attribute_key] + (aai_attributes[attribute_key] || [])).each do | a |
-          v = request.env[a.to_s]
-          return v unless v.nil? || v.strip == ""
-        end
-      end
+      # def aai_attributes
+      #   options.aai_extra_fields.merge(options.aai_fields)
+      # end
+      # def read_env( attribute_key )
+      #   ([attribute_key] + (aai_attributes[attribute_key] || [])).each do | a |
+      #     v = request.env[a.to_s]
+      #     return v unless v.nil? || v.strip == ""
+      #   end
+      # end
-      # # # # #
-      # Rack
-      # # # # #
       def request_phase
         [
           302,
@@ -84,39 +75,77 @@ module OmniAuth
             'Location' => script_name + callback_path + query_string,
             'Content-Type' => 'text/plain'
           },
-          ["You are being redirected to Shibboleth SP/IdP for sign-in."]
+          ["You are being redirected to your SWITCHaai IdP for sign-in."]
         ]
       end
-      def callback_phase
-        super
-      end
-      uid do
-        # persistent-id is default uid
-        request.env[options.uid_field.to_s]
-      end
-      info do
-        options.fields.inject({}) do |hash, field|
-          case field
-          when :name
-            hash[field] = "#{read_env(:first_name)} #{read_env(:surname)}"
-          when :email
-            hash[:email] = read_env(:mail)
-          else
-            hash[field] = read_env(field.to_s)
-          end
-          hash
-        end
-      end
-      extra do
-        options.extra_fields.inject({:raw_info => {}}) do |hash, field|
-          hash[:raw_info][field] = read_env(field.to_s)
-          hash
-        end
-      end
+      # def request_params
+      #   case options[:request_type]
+      #   when :env, 'env', :header, 'header'
+      #     request.env
+      #   when :params, 'params'
+      #     request.params
+      #   end
+      # end
+      # def request_param(key)
+      #   case options[:request_type]
+      #   when :env, 'env'
+      #     request.env[key]
+      #   when :header, 'header'
+      #     request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
+      #   when :params, 'params'
+      #     request.params[key]
+      #   end
+      # end
+      # def callback_phase
+      #   if options[:debug]
+      #     # dump attributes
+      #     return [
+      #       200,
+      #       {
+      #         'Content-Type' => 'text/plain'
+      #       },
+      #       ["!!!!! This message is generated by omniauth-aai. To remove it set :debug to false. !!!!!\n#{request_params.sort.map {|i| "#{i[0]}: #{i[1]}" }.join("\n")}"]
+      #     ]
+      #   end
+      #   return fail!(:no_aai_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
+      #   super
+      # end
+      # def option_handler(option_field)
+      #   if option_field.class == String ||
+      #     option_field.class == Symbol
+      #     request_param(option_field.to_s)
+      #   elsif option_field.class == Proc
+      #     option_field.call(self.method(:request_param))
+      #   end
+      # end
+      # uid do
+      #   option_handler(options.uid_field)
+      #   # persistent-id is default uid
+      #   # request.env[options.uid_field.to_s]
+      # end
+      # info do
+      #   res = {
+      #     name: option_handler(options.name_field),
+      #     email: option_handler(options.email_field)
+      #   }
+      #   options.info_fields.each_pair do |key, field|
+      #     res[key] = option_handler(field)
+      #   end
+      #   res
+      # end
+      # extra do
+      #   options.extra_fields.inject({:raw_info => {}}) do |hash, field|
+      #     hash[:raw_info][field] = request_param(field.to_s)
+      #     hash
+      #   end
+      # end
     end
   end