omniauth-dice 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/omniauth/dice/version.rb +1 -1
- data/lib/omniauth/strategies/dice.rb +68 -97
- data/spec/omniauth/strategies/dice_integrations_spec.rb +2 -6
- data/spec/omniauth/strategies/dice_spec.rb +23 -2
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bcc625a7b838b312fb211a4aa76ffa8bd9c4ccc3
|
|
4
|
+
data.tar.gz: 17b2c9a77c4d26fe27e489ac6eaeb48fbd918d63
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a8ab0e5c280d041f0b3499542bc1144151b4c8bc0ecf6833eee10cd05aeb82b94fd1a29d59430ae7842cd84d7ba4a813e729678ffa2b38572faae4cfe3dbb21f
|
|
7
|
+
data.tar.gz: 3301e4f10c98985c9fec9f84c426f90d963e55444fc8d42b9b5253bca5bd2d02a8b1570e89663aa2480feb3ad388d2f7db176c930c41a19106585f42b04a3484
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
|
@@ -30,17 +30,10 @@ module OmniAuth
|
|
|
30
30
|
# @option name_format [Symbol] Format for auth_hash['info']['name']
|
|
31
31
|
# Defaults to attempting DN common name -> full name -> first & last name
|
|
32
32
|
# Valid options are: :cn, :full_name, :first_last_name to override
|
|
33
|
-
# @option
|
|
33
|
+
# @option primary_visa [String] String to trigger primary visa boolean
|
|
34
34
|
class Dice
|
|
35
35
|
include OmniAuth::Strategy
|
|
36
36
|
attr_accessor :dn, :raw_dn, :data
|
|
37
|
-
args [:cas_server, :authentication_path]
|
|
38
|
-
|
|
39
|
-
def initialize(app, *args, &block)
|
|
40
|
-
required_params_defined?(args)
|
|
41
|
-
|
|
42
|
-
super
|
|
43
|
-
end
|
|
44
37
|
|
|
45
38
|
option :dnc_options, {}
|
|
46
39
|
option :cas_server, nil
|
|
@@ -53,31 +46,32 @@ module OmniAuth
|
|
|
53
46
|
option :subject_dn_header, 'HTTP_SSL_CLIENT_S_DN'
|
|
54
47
|
option :issuer_dn_header, 'HTTP_SSL_CLIENT_I_DN'
|
|
55
48
|
option :name_format
|
|
56
|
-
option :
|
|
49
|
+
option :primary_visa
|
|
57
50
|
|
|
58
51
|
# Reformat DN to expected element order for CAS DN server (via dnc gem).
|
|
59
52
|
def format_dn(dn_str)
|
|
60
53
|
get_dn(dn_str).to_s
|
|
61
54
|
end
|
|
62
55
|
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
def unhashie(hash)
|
|
67
|
-
tmp_hash = {}
|
|
68
|
-
hash.each do |key, value|
|
|
69
|
-
tmp_hash[key.to_sym] = value
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
tmp_hash
|
|
56
|
+
# Specifies which attributes are required arguments to initialize
|
|
57
|
+
def required_params
|
|
58
|
+
[:cas_server, :authentication_path]
|
|
73
59
|
end
|
|
74
60
|
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
61
|
+
# Determine if required arguments are present or fail hard
|
|
62
|
+
# NOTE: CANNOT call "log" method from within init block methods
|
|
63
|
+
def validate_required_params
|
|
64
|
+
log :error, '.validate_required_params'
|
|
65
|
+
required_params.each do |param|
|
|
66
|
+
unless options.send(param)
|
|
67
|
+
error_msg = "omniauth-dice error: #{param} is required"
|
|
68
|
+
fail RequiredCustomParamError, error_msg
|
|
69
|
+
end
|
|
70
|
+
end
|
|
78
71
|
end
|
|
79
72
|
|
|
80
73
|
def request_phase
|
|
74
|
+
validate_required_params
|
|
81
75
|
subject_dn = get_dn_by_type('subject')
|
|
82
76
|
return fail!('You need a valid DN to authenticate.') unless subject_dn
|
|
83
77
|
user_dn = format_dn(subject_dn)
|
|
@@ -103,72 +97,65 @@ module OmniAuth
|
|
|
103
97
|
log :error, response.inspect
|
|
104
98
|
return fail!(:invalid_credentials)
|
|
105
99
|
end
|
|
106
|
-
@
|
|
107
|
-
|
|
100
|
+
@raw_data = response.body
|
|
101
|
+
@data = parse_response_data
|
|
102
|
+
session['omniauth.auth'] ||= auth_hash
|
|
108
103
|
|
|
109
104
|
redirect request.env['omniauth.origin'] || '/'
|
|
110
105
|
end
|
|
111
106
|
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
parse_response_data
|
|
120
|
-
create_auth_info
|
|
121
|
-
end
|
|
122
|
-
|
|
123
|
-
# Initialize the auth_hash expected fields
|
|
124
|
-
def init_auth_hash
|
|
125
|
-
log :debug, '.init_auth_hash'
|
|
126
|
-
session['omniauth.auth'] ||= {
|
|
127
|
-
'provider' => 'Dice',
|
|
128
|
-
'uid' => nil,
|
|
129
|
-
'info' => nil,
|
|
130
|
-
'extra' => {
|
|
131
|
-
'raw_info' => nil
|
|
132
|
-
}
|
|
107
|
+
def auth_hash
|
|
108
|
+
log :debug, '.auth_hash'
|
|
109
|
+
{
|
|
110
|
+
'provider' => name,
|
|
111
|
+
'uid' => uid,
|
|
112
|
+
'info' => info,
|
|
113
|
+
'extra' => extra
|
|
133
114
|
}
|
|
134
115
|
end
|
|
135
116
|
|
|
136
117
|
# Set the user's uid field for the auth_hash
|
|
137
|
-
|
|
138
|
-
log :debug, '.
|
|
139
|
-
|
|
118
|
+
uid do
|
|
119
|
+
log :debug, '.uid'
|
|
120
|
+
env['omniauth.params']['user_dn']
|
|
140
121
|
end
|
|
141
122
|
|
|
142
123
|
# Detect data format, parse with appropriate library
|
|
143
|
-
|
|
144
|
-
log :debug, '.
|
|
145
|
-
|
|
146
|
-
log :debug, "cas_server response.body:\r\n#{@data}"
|
|
147
|
-
unless @data.class == Hash # Webmock hack
|
|
148
|
-
case options.format.to_sym
|
|
149
|
-
when :json
|
|
150
|
-
@data = JSON.parse(@data, symbolize_names: true)
|
|
151
|
-
when :xml
|
|
152
|
-
@data = MultiXml.parse(@data)['userinfo']
|
|
153
|
-
end
|
|
154
|
-
log :debug, "Formatted response.body data: #{@data}"
|
|
155
|
-
end
|
|
156
|
-
|
|
157
|
-
@data
|
|
124
|
+
extra do
|
|
125
|
+
log :debug, '.extra'
|
|
126
|
+
{ 'raw_info' => @raw_data }
|
|
158
127
|
end
|
|
159
128
|
|
|
160
|
-
|
|
161
129
|
# Parse CAS server response and assign values as appropriate
|
|
162
|
-
|
|
163
|
-
log :debug, '.
|
|
130
|
+
info do
|
|
131
|
+
log :debug, '.info'
|
|
164
132
|
info = {}
|
|
133
|
+
log :debug, info.inspect
|
|
165
134
|
info = auth_info_defaults(info)
|
|
135
|
+
log :debug, info.inspect
|
|
166
136
|
info = auth_info_dynamic(info)
|
|
137
|
+
log :debug, info.inspect
|
|
167
138
|
info = auth_info_custom(info)
|
|
139
|
+
log :debug, info.inspect
|
|
168
140
|
|
|
169
|
-
session['omniauth.auth']['info'] = info
|
|
141
|
+
#session['omniauth.auth']['info'] = info
|
|
142
|
+
log :error, info.inspect
|
|
143
|
+
info
|
|
170
144
|
end
|
|
171
145
|
|
|
146
|
+
private
|
|
147
|
+
|
|
148
|
+
# Change Hashie indifferent access keys back to symbols
|
|
149
|
+
def unhashie(hash)
|
|
150
|
+
tmp_hash = {}
|
|
151
|
+
hash.each do |key, value|
|
|
152
|
+
tmp_hash[key.to_sym] = value
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
tmp_hash
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
# Default ['omniauth.auth']['info'] field names
|
|
172
159
|
def info_defaults
|
|
173
160
|
[:dn, :email, :firstName, :lastName, :fullName, :citizenshipStatus,
|
|
174
161
|
:country, :grantBy, :organizations, :uid, :dutyorg, :visas,
|
|
@@ -221,8 +208,8 @@ module OmniAuth
|
|
|
221
208
|
|
|
222
209
|
# Determine if client has the primary visa
|
|
223
210
|
def has_primary_visa?(info)
|
|
224
|
-
return info['primary_visa?'] =
|
|
225
|
-
return info['primary_visa?'] =
|
|
211
|
+
return info['primary_visa?'] = false unless info['visas']
|
|
212
|
+
return info['primary_visa?'] = false unless options.primary_visa
|
|
226
213
|
info['primary_visa?'] = info['visas'].include?(options.primary_visa)
|
|
227
214
|
end
|
|
228
215
|
|
|
@@ -333,37 +320,21 @@ module OmniAuth
|
|
|
333
320
|
URI::encode(build_query)
|
|
334
321
|
end
|
|
335
322
|
|
|
336
|
-
#
|
|
337
|
-
def
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
required_hash[key] = false
|
|
347
|
-
end
|
|
348
|
-
args.each do |arg|
|
|
349
|
-
if arg.class == Hash
|
|
350
|
-
arg.each do |sub_arg, value|
|
|
351
|
-
required_hash[sub_arg] = true if required_hash[sub_arg] == false
|
|
352
|
-
end
|
|
353
|
-
else
|
|
354
|
-
required_hash[arg.to_sym] = true if required_hash[sub_arg] == false
|
|
323
|
+
# Detect data format, parse with appropriate library
|
|
324
|
+
def parse_response_data
|
|
325
|
+
log :debug, '.parse_response_data'
|
|
326
|
+
log :debug, "cas_server response.body:\r\n#{@raw_data}"
|
|
327
|
+
unless @raw_data.class == Hash # Webmock hack
|
|
328
|
+
case options.format.to_sym
|
|
329
|
+
when :json
|
|
330
|
+
formatted_data = JSON.parse(@raw_data, symbolize_names: true)
|
|
331
|
+
when :xml
|
|
332
|
+
formatted_data = MultiXml.parse(@raw_data)['userinfo']
|
|
355
333
|
end
|
|
334
|
+
log :debug, "Formatted response.body data: #{formatted_data}"
|
|
356
335
|
end
|
|
357
|
-
required_hash.reject!{ |arg, val| arg if val == true }
|
|
358
|
-
fail_on_invalid_params(required_hash.keys) unless required_hash.empty?
|
|
359
|
-
end
|
|
360
336
|
|
|
361
|
-
|
|
362
|
-
error_msg = ""
|
|
363
|
-
missing_params.each do |param|
|
|
364
|
-
error_msg += "omniauth-dice error: #{param} is required\r\n"
|
|
365
|
-
end
|
|
366
|
-
fail RequiredCustomParamError, error_msg
|
|
337
|
+
formatted_data
|
|
367
338
|
end
|
|
368
339
|
|
|
369
340
|
def set_session_dn(dn_string, type='subject')
|
|
@@ -15,7 +15,7 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
|
15
15
|
|
|
16
16
|
def full_auth_hash
|
|
17
17
|
{
|
|
18
|
-
"provider"=>"
|
|
18
|
+
"provider"=>"dice",
|
|
19
19
|
"uid"=>"cn=ruby certificate rbcert,dc=ruby-lang,dc=org",
|
|
20
20
|
"extra" => {
|
|
21
21
|
"raw_info" => valid_user_json
|
|
@@ -62,7 +62,6 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
|
62
62
|
self.app = Rack::Builder.app do
|
|
63
63
|
use Rack::Session::Cookie, :secret => '1337geeks'
|
|
64
64
|
use RackSessionAccess::Middleware
|
|
65
|
-
ap '-'*80
|
|
66
65
|
ap dice_options
|
|
67
66
|
use OmniAuth::Strategies::Dice, dice_options
|
|
68
67
|
run lambda{|env| [404, {'env' => env}, ["HELLO!"]]}
|
|
@@ -144,6 +143,7 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
|
144
143
|
get '/auth/dice'
|
|
145
144
|
follow_redirect!
|
|
146
145
|
expect(last_response.location).to eq('/')
|
|
146
|
+
ap last_request.env['rack.session']['omniauth.auth'].inspect
|
|
147
147
|
raw_info = last_request.env['rack.session']['omniauth.auth']['extra']['raw_info']
|
|
148
148
|
expect(raw_info).to eq(valid_user_json)
|
|
149
149
|
end
|
|
@@ -155,10 +155,6 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
|
155
155
|
expect(last_response.location).to eq('/')
|
|
156
156
|
raw_info = last_request.env['rack.session']['omniauth.auth']['extra']['raw_info']
|
|
157
157
|
expect(last_request.env['rack.session']['omniauth.auth']).to be_kind_of(Hash)
|
|
158
|
-
ap '>'*40
|
|
159
|
-
ap last_request.env['rack.session']['omniauth.auth'].sort
|
|
160
|
-
ap '<'*40
|
|
161
|
-
ap auth_hash.sort
|
|
162
158
|
expect(last_request.env['rack.session']['omniauth.auth'].sort).to eq(auth_hash.sort)
|
|
163
159
|
end
|
|
164
160
|
|
|
@@ -25,11 +25,11 @@ describe OmniAuth::Strategies::Dice do
|
|
|
25
25
|
let(:subject_without_authentication_path) { OmniAuth::Strategies::Dice.new(app, cas_server: 'https://dice.dev') }
|
|
26
26
|
|
|
27
27
|
it 'should require a cas server url' do
|
|
28
|
-
expect{ subject }.to raise_error(RequiredCustomParamError)
|
|
28
|
+
expect{ subject.request_phase }.to raise_error(RequiredCustomParamError, "omniauth-dice error: cas_server is required")
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
it 'should require an authentication path' do
|
|
32
|
-
expect{ subject_without_authentication_path }.to raise_error(RequiredCustomParamError)
|
|
32
|
+
expect{ subject_without_authentication_path.request_phase }.to raise_error(RequiredCustomParamError, "omniauth-dice error: authentication_path is required")
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -158,4 +158,25 @@ describe OmniAuth::Strategies::Dice do
|
|
|
158
158
|
end
|
|
159
159
|
end
|
|
160
160
|
end
|
|
161
|
+
|
|
162
|
+
context ".primary_visa?" do
|
|
163
|
+
it 'should return false if no visas are defined' do
|
|
164
|
+
dice = OmniAuth::Strategies::Dice.new( app, dice_default_opts.merge({primary_visa: 'EQUESTRIA'}) )
|
|
165
|
+
visa_present = dice.send( :has_primary_visa?, { } )
|
|
166
|
+
expect(visa_present).to eq(false)
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
it "should return false if the visa is not present in ['info']['visas']" do
|
|
170
|
+
dice = OmniAuth::Strategies::Dice.new( app, dice_default_opts.merge({primary_visa: 'EQUESTRIA'}) )
|
|
171
|
+
visa_present = dice.send( :has_primary_visa?, {'visas' => ['CLOUDSDALE','PONYVILLE']} )
|
|
172
|
+
expect(visa_present).to eq(false)
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
it "should return true if the visa is present in ['info']['visas']" do
|
|
176
|
+
dice = OmniAuth::Strategies::Dice.new( app, dice_default_opts.merge({primary_visa: 'EQUESTRIA'}) )
|
|
177
|
+
visa_present = dice.send( :has_primary_visa?, {'visas' => ['CLOUDSDALE','EQUESTRIA'] } )
|
|
178
|
+
expect(visa_present).to eq(true)
|
|
179
|
+
end
|
|
180
|
+
end
|
|
181
|
+
|
|
161
182
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-dice
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Steven Haddox
|
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
|
30
30
|
42qdwEXvvkODZAD6KAIXPdmbMfBgPbcd+B/4eUA0PyKo+4dgL1NuqX4MPWToevIZ
|
|
31
31
|
O8EKLF2X7NmC6FY1bOsSj/J8r1SOkx0rxgF+geRvY1P+hfNjDfxTsjU=
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2015-
|
|
33
|
+
date: 2015-02-03 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: awesome_print
|
metadata.gz.sig
CHANGED
|
Binary file
|