omniauth-citadele 0.0.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c50abe4891bbc8de59fda34ef6363d6512781131ba01f190df835659f1ba941f
4
- data.tar.gz: eced906c16eacd3a47d348e8bf36924b85b319b1be0e6be79333e4c6cb635cc1
3
+ metadata.gz: 5dca1473dfe08d686501cf3a577eb814057163aba341488436dd49d8145330c5
4
+ data.tar.gz: 34d8dfd9f45b70de9afac13c1f8a6e5410513123a6edc97a54056381758bfb43
5
5
  SHA512:
6
- metadata.gz: 8e082a3f0960abc213a177f35ce487841573540f9551262faea4d7b72b8e6cfb05a05977ee91dd1e00a40a25f04a93df56646ab897dd46fca0ebc7018d7b7982
7
- data.tar.gz: d3bb5d584cffe000098228e7cca7efcbe94b785b85e1e8794d9645235a70c916c1e45f8b3a1019438c8dc22ae98661ea08d88025688c0dd4e3bcdef78d44863a
6
+ metadata.gz: 962dda703cb543299df8b12fbe963136a99161a752d54d6ee9513e061cce3c82c834062a07beea6b2ab18e9360d3053e2ae57fd6714bc2a0698a389fb81d0d85
7
+ data.tar.gz: '0977fbd5f6529646240b1fba5813935bd14a1a96ded3e907a80ecb737470aab63bee45f979a1c328e11b7e13cd8776c0fc1983b725f3ed044e2d62c8f5e29552'
@@ -0,0 +1,24 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - main
7
+ pull_request:
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ ruby-version: ['2.7', '3.0', '3.1', '3.2']
15
+
16
+ steps:
17
+ - uses: actions/checkout@v4
18
+ - name: Set up Ruby
19
+ uses: ruby/setup-ruby@v1
20
+ with:
21
+ ruby-version: ${{ matrix.ruby-version }}
22
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
23
+ - name: Run tests
24
+ run: bundle exec rspec
data/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2017 MAK IT, Jānis Kiršteins
1
+ Copyright (c) 2017 Mitigate, Jānis Kiršteins
2
2
 
3
3
  MIT License
4
4
 
data/README.md CHANGED
@@ -2,22 +2,20 @@
2
2
 
3
3
  Omniauth strategy for using Citadele as an authentication service provider.
4
4
 
5
- [![Build Status](https://travis-ci.org/mak-it/omniauth-citadele.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-citadele)
6
-
7
- Supported Ruby versions: 2.3+
5
+ Supported Ruby versions: 2.7+
8
6
 
9
7
  ## Related projects
10
8
 
11
- - [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
12
- - [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
13
- - [omniauth-seb-elink](https://github.com/mak-it/omniauth-seb-elink) - strategy for authenticating with SEB
14
- - [omniauth-swedbank](https://github.com/mak-it/omniauth-swedbank) - strategy for authenticating with Swedbank
15
-
9
+ - [omniauth-dnb](https://github.com/mitigate-dev/omniauth-dnb) - strategy for authenticating with DNB
10
+ - [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea
11
+ - [omniauth-seb-elink](https://github.com/mitigate-dev/omniauth-seb-elink) - strategy for authenticating with SEB
12
+ - [omniauth-swedbank](https://github.com/mitigate-dev/omniauth-swedbank) - strategy for authenticating with Swedbank
16
13
 
17
14
  ## Installation
18
15
 
19
- Add this line to your application's Gemfile:
16
+ Add these lines to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails):
20
17
 
18
+ gem 'omniauth-rails_csrf_protection'
21
19
  gem 'omniauth-citadele'
22
20
 
23
21
  And then execute:
@@ -26,7 +24,7 @@ And then execute:
26
24
 
27
25
  Or install it yourself as:
28
26
 
29
- $ gem install omniauth-citadele
27
+ $ gem install omniauth-rails_csrf_protection omniauth-citadele
30
28
 
31
29
  ## Usage
32
30
 
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Citadele
3
- VERSION = '0.0.1'
3
+ VERSION = '0.2.0'
4
4
  end
5
5
  end
@@ -13,6 +13,14 @@ module OmniAuth
13
13
  AUTH_REQUEST = 'AUTHREQ'
14
14
  AUTH_VERSION = '5.0'
15
15
 
16
+ def self.render_nonce?
17
+ defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
18
+ end
19
+ if render_nonce?
20
+ include ActionDispatch::ContentSecurityPolicy::Request
21
+ delegate :get_header, :set_header, to: :request
22
+ end
23
+
16
24
  args [:private_key, :private_crt, :public_crt, :from]
17
25
 
18
26
  option :private_key, nil
@@ -158,13 +166,15 @@ module OmniAuth
158
166
  x509_subject_name = private_crt.subject.to_s
159
167
  x509_certificate = private_crt.to_s.gsub(/[-]{5}(BEGIN|END).*?[-]{5}/, '').gsub('\n', '')
160
168
 
169
+ set_locale_from_query_param
170
+
161
171
  request_data = {
162
172
  timestamp: timestamp, # '20170905175959000'
163
173
  from: options.from,
164
174
  request: AUTH_REQUEST,
165
175
  request_uid: request_uid, # '7387bf5b-fa27-4fdd-add6-a6bfb2599f77'
166
176
  version: AUTH_VERSION,
167
- language: 'LV',
177
+ language: resolve_bank_ui_language,
168
178
  return_url: callback_url,
169
179
  x509_subject_name: x509_subject_name,
170
180
  x509_certificate: x509_certificate
@@ -176,10 +186,38 @@ module OmniAuth
176
186
  form.html "<input id=\"xmldata\" name=\"xmldata\" type=\"hidden\" value=\"#{field_value}\" />"
177
187
  form.button I18n.t('omniauth.citadele.click_here_if_not_redirected')
178
188
 
189
+ nonce_attribute = nil
190
+ if self.class.render_nonce?
191
+ nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
192
+ end
193
+
179
194
  form.instance_variable_set('@html',
180
- form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
195
+ form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
181
196
  form.to_response
182
197
  end
198
+
199
+ private
200
+
201
+ def set_locale_from_query_param
202
+ locale = request.params['locale']
203
+ if (locale != nil && locale.strip != '' && I18n.locale_available?(locale))
204
+ I18n.locale = locale
205
+ end
206
+ end
207
+
208
+ def resolve_bank_ui_language
209
+ case I18n.locale
210
+ when :ru then 'RU'
211
+ when :en then 'EN'
212
+ when :et then 'ET'
213
+ when :lt then 'LT'
214
+ else 'LV'
215
+ end
216
+ end
217
+
218
+ def escape(html_attribute_value)
219
+ CGI.escapeHTML(html_attribute_value) unless html_attribute_value.nil?
220
+ end
183
221
  end
184
222
  end
185
223
  end
@@ -6,11 +6,11 @@ require 'omniauth/citadele/version'
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = 'omniauth-citadele'
8
8
  spec.version = Omniauth::Citadele::VERSION
9
- spec.authors = ['MAK IT']
10
- spec.email = ['admin@makit.lv' ]
9
+ spec.authors = ['Mitigate']
10
+ spec.email = ['admin@mitigate.dev' ]
11
11
  spec.description = %q{OmniAuth strategy for Citadele Banklink}
12
12
  spec.summary = %q{OmniAuth strategy for Citadele Banklink}
13
- spec.homepage = 'https://github.com/mak-it/omniauth-citadele'
13
+ spec.homepage = 'https://github.com/mitigate-dev/omniauth-citadele'
14
14
  spec.license = 'MIT'
15
15
 
16
16
  spec.files = `git ls-files`.split($/)
@@ -18,15 +18,17 @@ Gem::Specification.new do |spec|
18
18
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
19
  spec.require_paths = ['lib']
20
20
 
21
- spec.required_ruby_version = '>= 2.3.0'
21
+ spec.required_ruby_version = '>= 2.7'
22
22
 
23
- spec.add_runtime_dependency 'omniauth', '~> 1.0'
23
+ spec.add_runtime_dependency 'omniauth', '~> 2.1'
24
24
  spec.add_runtime_dependency 'i18n'
25
25
 
26
+ spec.add_development_dependency 'rack'
26
27
  spec.add_development_dependency 'rack-test'
27
28
  spec.add_development_dependency 'rspec'
28
29
  spec.add_development_dependency 'bundler'
29
30
  spec.add_development_dependency 'rake'
31
+ spec.add_development_dependency 'rack-session'
30
32
 
31
33
  spec.add_dependency 'xmldsig'
32
34
  spec.add_dependency 'nokogiri'
@@ -1,4 +1,6 @@
1
1
  require 'spec_helper'
2
+ require 'rack-protection'
3
+ require 'rack/session'
2
4
 
3
5
  describe OmniAuth::Strategies::Citadele do
4
6
  PRIVATE_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'request.key'))
@@ -6,11 +8,13 @@ describe OmniAuth::Strategies::Citadele do
6
8
  PUBLIC_CRT = File.read(File.join(RSpec.configuration.cert_folder, 'response.crt'))
7
9
 
8
10
  let(:app){ Rack::Builder.new do |b|
9
- b.use Rack::Session::Cookie, {secret: 'abc123'}
11
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
10
12
  b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, PRIVATE_CRT, PUBLIC_CRT, 'MY_FROM')
11
13
  b.run lambda{|env| [404, {}, ['Not Found']]}
12
14
  end.to_app }
13
15
 
16
+ let(:token){ Rack::Protection::AuthenticityToken.random_token }
17
+
14
18
  let(:last_response_xmldata) { last_response.body.match(/name="xmldata" type="hidden" value="([^"]*)"/)[1] }
15
19
 
16
20
  context 'request phase' do
@@ -18,20 +22,20 @@ describe OmniAuth::Strategies::Citadele do
18
22
  let!(:request_uid) { '7387bf5b-fa27-4fdd-add6-a6bfb2599f77' }
19
23
 
20
24
  it 'displays a single form' do
21
- get '/auth/citadele'
25
+ post_to_request_phase_path
22
26
  expect(last_response.status).to eq(200)
23
27
  expect(last_response.body.scan('<form').size).to eq(1)
24
28
  end
25
29
 
26
30
  it 'has JavaScript code to submit the form after it is created' do
27
- get '/auth/citadele'
31
+ post_to_request_phase_path
28
32
  expect(last_response.body).to be_include('</form><script type="text/javascript">document.forms[0].submit();</script>')
29
33
  end
30
34
 
31
35
  it 'has hidden input field xmldata with required data' do
32
36
  allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:timestamp).and_return(timestamp)
33
37
  allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:request_uid).and_return(request_uid)
34
- get '/auth/citadele'
38
+ post_to_request_phase_path
35
39
 
36
40
  priv_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
37
41
  priv_crt = OpenSSL::X509::Certificate.new(PRIVATE_CRT)
@@ -56,7 +60,7 @@ describe OmniAuth::Strategies::Citadele do
56
60
  expect(sent_values[:request]).to eq 'AUTHREQ'
57
61
  expect(sent_values[:request_uid]).to eq request_uid
58
62
  expect(sent_values[:version]).to eq '5.0'
59
- expect(sent_values[:language]).to eq 'LV'
63
+ expect(sent_values[:language]).to eq 'EN'
60
64
  expect(sent_values[:return_url]).to eq 'http://example.org/auth/citadele/callback'
61
65
  expect(sent_values[:x509_subject_name]).to eq x509_subject_name
62
66
  expect(sent_values[:x509_certificate]).to eq x509_certificate
@@ -65,7 +69,7 @@ describe OmniAuth::Strategies::Citadele do
65
69
  it 'xmldata has a correct signature' do
66
70
  allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:timestamp).and_return(timestamp)
67
71
  allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:request_uid).and_return(request_uid)
68
- get '/auth/citadele'
72
+ post_to_request_phase_path
69
73
 
70
74
  signed_xml = <<~XML
71
75
  #{last_response_xmldata.gsub('&quot;','"')}
@@ -77,34 +81,34 @@ describe OmniAuth::Strategies::Citadele do
77
81
 
78
82
  context 'with default options' do
79
83
  it 'has the default action tag value' do
80
- get '/auth/citadele'
84
+ post_to_request_phase_path
81
85
  expect(last_response.body).to be_include("action='https://online.citadele.lv/amai/start.htm'")
82
86
  end
83
87
  end
84
88
 
85
89
  context 'with custom options' do
86
90
  let(:app){ Rack::Builder.new do |b|
87
- b.use Rack::Session::Cookie, {secret: 'abc123'}
91
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
88
92
  b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, PRIVATE_CRT, PUBLIC_CRT, 'MY_FROM',
89
93
  site: 'https://test.lv/banklink')
90
94
  b.run lambda{|env| [404, {}, ['Not Found']]}
91
95
  end.to_app }
92
96
 
93
97
  it 'has the custom action tag value' do
94
- get '/auth/citadele'
98
+ post_to_request_phase_path
95
99
  expect(last_response.body).to be_include("action='https://test.lv/banklink'")
96
100
  end
97
101
  end
98
102
 
99
103
  context 'with non-existant private key file' do
100
104
  let(:app){ Rack::Builder.new do |b|
101
- b.use Rack::Session::Cookie, {secret: 'abc123'}
105
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
102
106
  b.use(OmniAuth::Strategies::Citadele, 'missing-private-key-file.pem', PRIVATE_CRT, PUBLIC_CRT, 'MY_FROM')
103
107
  b.run lambda{|env| [404, {}, ['Not Found']]}
104
108
  end.to_app }
105
109
 
106
110
  it 'redirects to /auth/failure with appropriate query params' do
107
- get '/auth/citadele'
111
+ post_to_request_phase_path
108
112
  expect(last_response.status).to eq(302)
109
113
  expect(last_response.headers['Location']).to eq('/auth/failure?message=private_key_load_err&strategy=citadele')
110
114
  end
@@ -112,17 +116,26 @@ describe OmniAuth::Strategies::Citadele do
112
116
 
113
117
  context 'with non-existant private certificate file' do
114
118
  let(:app){ Rack::Builder.new do |b|
115
- b.use Rack::Session::Cookie, {secret: 'abc123'}
119
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
116
120
  b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, 'missing-private-crt-file.pem', PUBLIC_CRT, 'MY_FROM')
117
121
  b.run lambda{|env| [404, {}, ['Not Found']]}
118
122
  end.to_app }
119
123
 
120
124
  it 'redirects to /auth/failure with appropriate query params' do
121
- get '/auth/citadele'
125
+ post_to_request_phase_path
122
126
  expect(last_response.status).to eq(302)
123
127
  expect(last_response.headers['Location']).to eq('/auth/failure?message=private_crt_load_err&strategy=citadele')
124
128
  end
125
129
  end
130
+
131
+ def post_to_request_phase_path
132
+ post(
133
+ '/auth/citadele',
134
+ {},
135
+ 'rack.session' => {csrf: token},
136
+ 'HTTP_X_CSRF_TOKEN' => token
137
+ )
138
+ end
126
139
  end
127
140
 
128
141
  context 'callback phase' do
@@ -149,7 +162,7 @@ describe OmniAuth::Strategies::Citadele do
149
162
 
150
163
  context 'with non-existant public key file' do
151
164
  let(:app){ Rack::Builder.new do |b|
152
- b.use Rack::Session::Cookie, {secret: 'abc123'}
165
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
153
166
  b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, PRIVATE_CRT, 'missing-public-key-file.pem' )
154
167
  b.run lambda{|env| [404, {}, ['Not Found']]}
155
168
  end.to_app }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-citadele
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
- - MAK IT
8
- autorequire:
7
+ - Mitigate
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-14 00:00:00.000000000 Z
11
+ date: 2023-09-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '2.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '2.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: i18n
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rack
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rack-test
43
57
  requirement: !ruby/object:Gem::Requirement
@@ -94,6 +108,20 @@ dependencies:
94
108
  - - ">="
95
109
  - !ruby/object:Gem::Version
96
110
  version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rack-session
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
97
125
  - !ruby/object:Gem::Dependency
98
126
  name: xmldsig
99
127
  requirement: !ruby/object:Gem::Requirement
@@ -124,13 +152,13 @@ dependencies:
124
152
  version: '0'
125
153
  description: OmniAuth strategy for Citadele Banklink
126
154
  email:
127
- - admin@makit.lv
155
+ - admin@mitigate.dev
128
156
  executables: []
129
157
  extensions: []
130
158
  extra_rdoc_files: []
131
159
  files:
160
+ - ".github/workflows/ruby.yml"
132
161
  - ".gitignore"
133
- - ".travis.yml"
134
162
  - Gemfile
135
163
  - LICENSE.txt
136
164
  - README.md
@@ -148,11 +176,11 @@ files:
148
176
  - spec/certs/response.key
149
177
  - spec/omniauth/strategies/citadele_spec.rb
150
178
  - spec/spec_helper.rb
151
- homepage: https://github.com/mak-it/omniauth-citadele
179
+ homepage: https://github.com/mitigate-dev/omniauth-citadele
152
180
  licenses:
153
181
  - MIT
154
182
  metadata: {}
155
- post_install_message:
183
+ post_install_message:
156
184
  rdoc_options: []
157
185
  require_paths:
158
186
  - lib
@@ -160,15 +188,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
160
188
  requirements:
161
189
  - - ">="
162
190
  - !ruby/object:Gem::Version
163
- version: 2.3.0
191
+ version: '2.7'
164
192
  required_rubygems_version: !ruby/object:Gem::Requirement
165
193
  requirements:
166
194
  - - ">="
167
195
  - !ruby/object:Gem::Version
168
196
  version: '0'
169
197
  requirements: []
170
- rubygems_version: 3.0.1
171
- signing_key:
198
+ rubygems_version: 3.3.26
199
+ signing_key:
172
200
  specification_version: 4
173
201
  summary: OmniAuth strategy for Citadele Banklink
174
202
  test_files:
data/.travis.yml DELETED
@@ -1,7 +0,0 @@
1
- language: ruby
2
- rvm:
3
- - 2.3
4
- - 2.4
5
- - 2.5
6
- - 2.6
7
- script: bundle exec rspec