omniauth-dice 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/omniauth/dice/version.rb +1 -1
- data/lib/omniauth/strategies/dice.rb +68 -97
- data/spec/omniauth/strategies/dice_integrations_spec.rb +2 -6
- data/spec/omniauth/strategies/dice_spec.rb +23 -2
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bcc625a7b838b312fb211a4aa76ffa8bd9c4ccc3
|
4
|
+
data.tar.gz: 17b2c9a77c4d26fe27e489ac6eaeb48fbd918d63
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a8ab0e5c280d041f0b3499542bc1144151b4c8bc0ecf6833eee10cd05aeb82b94fd1a29d59430ae7842cd84d7ba4a813e729678ffa2b38572faae4cfe3dbb21f
|
7
|
+
data.tar.gz: 3301e4f10c98985c9fec9f84c426f90d963e55444fc8d42b9b5253bca5bd2d02a8b1570e89663aa2480feb3ad388d2f7db176c930c41a19106585f42b04a3484
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
@@ -30,17 +30,10 @@ module OmniAuth
|
|
30
30
|
# @option name_format [Symbol] Format for auth_hash['info']['name']
|
31
31
|
# Defaults to attempting DN common name -> full name -> first & last name
|
32
32
|
# Valid options are: :cn, :full_name, :first_last_name to override
|
33
|
-
# @option
|
33
|
+
# @option primary_visa [String] String to trigger primary visa boolean
|
34
34
|
class Dice
|
35
35
|
include OmniAuth::Strategy
|
36
36
|
attr_accessor :dn, :raw_dn, :data
|
37
|
-
args [:cas_server, :authentication_path]
|
38
|
-
|
39
|
-
def initialize(app, *args, &block)
|
40
|
-
required_params_defined?(args)
|
41
|
-
|
42
|
-
super
|
43
|
-
end
|
44
37
|
|
45
38
|
option :dnc_options, {}
|
46
39
|
option :cas_server, nil
|
@@ -53,31 +46,32 @@ module OmniAuth
|
|
53
46
|
option :subject_dn_header, 'HTTP_SSL_CLIENT_S_DN'
|
54
47
|
option :issuer_dn_header, 'HTTP_SSL_CLIENT_I_DN'
|
55
48
|
option :name_format
|
56
|
-
option :
|
49
|
+
option :primary_visa
|
57
50
|
|
58
51
|
# Reformat DN to expected element order for CAS DN server (via dnc gem).
|
59
52
|
def format_dn(dn_str)
|
60
53
|
get_dn(dn_str).to_s
|
61
54
|
end
|
62
55
|
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
def unhashie(hash)
|
67
|
-
tmp_hash = {}
|
68
|
-
hash.each do |key, value|
|
69
|
-
tmp_hash[key.to_sym] = value
|
70
|
-
end
|
71
|
-
|
72
|
-
tmp_hash
|
56
|
+
# Specifies which attributes are required arguments to initialize
|
57
|
+
def required_params
|
58
|
+
[:cas_server, :authentication_path]
|
73
59
|
end
|
74
60
|
|
75
|
-
|
76
|
-
|
77
|
-
|
61
|
+
# Determine if required arguments are present or fail hard
|
62
|
+
# NOTE: CANNOT call "log" method from within init block methods
|
63
|
+
def validate_required_params
|
64
|
+
log :error, '.validate_required_params'
|
65
|
+
required_params.each do |param|
|
66
|
+
unless options.send(param)
|
67
|
+
error_msg = "omniauth-dice error: #{param} is required"
|
68
|
+
fail RequiredCustomParamError, error_msg
|
69
|
+
end
|
70
|
+
end
|
78
71
|
end
|
79
72
|
|
80
73
|
def request_phase
|
74
|
+
validate_required_params
|
81
75
|
subject_dn = get_dn_by_type('subject')
|
82
76
|
return fail!('You need a valid DN to authenticate.') unless subject_dn
|
83
77
|
user_dn = format_dn(subject_dn)
|
@@ -103,72 +97,65 @@ module OmniAuth
|
|
103
97
|
log :error, response.inspect
|
104
98
|
return fail!(:invalid_credentials)
|
105
99
|
end
|
106
|
-
@
|
107
|
-
|
100
|
+
@raw_data = response.body
|
101
|
+
@data = parse_response_data
|
102
|
+
session['omniauth.auth'] ||= auth_hash
|
108
103
|
|
109
104
|
redirect request.env['omniauth.origin'] || '/'
|
110
105
|
end
|
111
106
|
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
parse_response_data
|
120
|
-
create_auth_info
|
121
|
-
end
|
122
|
-
|
123
|
-
# Initialize the auth_hash expected fields
|
124
|
-
def init_auth_hash
|
125
|
-
log :debug, '.init_auth_hash'
|
126
|
-
session['omniauth.auth'] ||= {
|
127
|
-
'provider' => 'Dice',
|
128
|
-
'uid' => nil,
|
129
|
-
'info' => nil,
|
130
|
-
'extra' => {
|
131
|
-
'raw_info' => nil
|
132
|
-
}
|
107
|
+
def auth_hash
|
108
|
+
log :debug, '.auth_hash'
|
109
|
+
{
|
110
|
+
'provider' => name,
|
111
|
+
'uid' => uid,
|
112
|
+
'info' => info,
|
113
|
+
'extra' => extra
|
133
114
|
}
|
134
115
|
end
|
135
116
|
|
136
117
|
# Set the user's uid field for the auth_hash
|
137
|
-
|
138
|
-
log :debug, '.
|
139
|
-
|
118
|
+
uid do
|
119
|
+
log :debug, '.uid'
|
120
|
+
env['omniauth.params']['user_dn']
|
140
121
|
end
|
141
122
|
|
142
123
|
# Detect data format, parse with appropriate library
|
143
|
-
|
144
|
-
log :debug, '.
|
145
|
-
|
146
|
-
log :debug, "cas_server response.body:\r\n#{@data}"
|
147
|
-
unless @data.class == Hash # Webmock hack
|
148
|
-
case options.format.to_sym
|
149
|
-
when :json
|
150
|
-
@data = JSON.parse(@data, symbolize_names: true)
|
151
|
-
when :xml
|
152
|
-
@data = MultiXml.parse(@data)['userinfo']
|
153
|
-
end
|
154
|
-
log :debug, "Formatted response.body data: #{@data}"
|
155
|
-
end
|
156
|
-
|
157
|
-
@data
|
124
|
+
extra do
|
125
|
+
log :debug, '.extra'
|
126
|
+
{ 'raw_info' => @raw_data }
|
158
127
|
end
|
159
128
|
|
160
|
-
|
161
129
|
# Parse CAS server response and assign values as appropriate
|
162
|
-
|
163
|
-
log :debug, '.
|
130
|
+
info do
|
131
|
+
log :debug, '.info'
|
164
132
|
info = {}
|
133
|
+
log :debug, info.inspect
|
165
134
|
info = auth_info_defaults(info)
|
135
|
+
log :debug, info.inspect
|
166
136
|
info = auth_info_dynamic(info)
|
137
|
+
log :debug, info.inspect
|
167
138
|
info = auth_info_custom(info)
|
139
|
+
log :debug, info.inspect
|
168
140
|
|
169
|
-
session['omniauth.auth']['info'] = info
|
141
|
+
#session['omniauth.auth']['info'] = info
|
142
|
+
log :error, info.inspect
|
143
|
+
info
|
170
144
|
end
|
171
145
|
|
146
|
+
private
|
147
|
+
|
148
|
+
# Change Hashie indifferent access keys back to symbols
|
149
|
+
def unhashie(hash)
|
150
|
+
tmp_hash = {}
|
151
|
+
hash.each do |key, value|
|
152
|
+
tmp_hash[key.to_sym] = value
|
153
|
+
end
|
154
|
+
|
155
|
+
tmp_hash
|
156
|
+
end
|
157
|
+
|
158
|
+
# Default ['omniauth.auth']['info'] field names
|
172
159
|
def info_defaults
|
173
160
|
[:dn, :email, :firstName, :lastName, :fullName, :citizenshipStatus,
|
174
161
|
:country, :grantBy, :organizations, :uid, :dutyorg, :visas,
|
@@ -221,8 +208,8 @@ module OmniAuth
|
|
221
208
|
|
222
209
|
# Determine if client has the primary visa
|
223
210
|
def has_primary_visa?(info)
|
224
|
-
return info['primary_visa?'] =
|
225
|
-
return info['primary_visa?'] =
|
211
|
+
return info['primary_visa?'] = false unless info['visas']
|
212
|
+
return info['primary_visa?'] = false unless options.primary_visa
|
226
213
|
info['primary_visa?'] = info['visas'].include?(options.primary_visa)
|
227
214
|
end
|
228
215
|
|
@@ -333,37 +320,21 @@ module OmniAuth
|
|
333
320
|
URI::encode(build_query)
|
334
321
|
end
|
335
322
|
|
336
|
-
#
|
337
|
-
def
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
required_hash[key] = false
|
347
|
-
end
|
348
|
-
args.each do |arg|
|
349
|
-
if arg.class == Hash
|
350
|
-
arg.each do |sub_arg, value|
|
351
|
-
required_hash[sub_arg] = true if required_hash[sub_arg] == false
|
352
|
-
end
|
353
|
-
else
|
354
|
-
required_hash[arg.to_sym] = true if required_hash[sub_arg] == false
|
323
|
+
# Detect data format, parse with appropriate library
|
324
|
+
def parse_response_data
|
325
|
+
log :debug, '.parse_response_data'
|
326
|
+
log :debug, "cas_server response.body:\r\n#{@raw_data}"
|
327
|
+
unless @raw_data.class == Hash # Webmock hack
|
328
|
+
case options.format.to_sym
|
329
|
+
when :json
|
330
|
+
formatted_data = JSON.parse(@raw_data, symbolize_names: true)
|
331
|
+
when :xml
|
332
|
+
formatted_data = MultiXml.parse(@raw_data)['userinfo']
|
355
333
|
end
|
334
|
+
log :debug, "Formatted response.body data: #{formatted_data}"
|
356
335
|
end
|
357
|
-
required_hash.reject!{ |arg, val| arg if val == true }
|
358
|
-
fail_on_invalid_params(required_hash.keys) unless required_hash.empty?
|
359
|
-
end
|
360
336
|
|
361
|
-
|
362
|
-
error_msg = ""
|
363
|
-
missing_params.each do |param|
|
364
|
-
error_msg += "omniauth-dice error: #{param} is required\r\n"
|
365
|
-
end
|
366
|
-
fail RequiredCustomParamError, error_msg
|
337
|
+
formatted_data
|
367
338
|
end
|
368
339
|
|
369
340
|
def set_session_dn(dn_string, type='subject')
|
@@ -15,7 +15,7 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
15
15
|
|
16
16
|
def full_auth_hash
|
17
17
|
{
|
18
|
-
"provider"=>"
|
18
|
+
"provider"=>"dice",
|
19
19
|
"uid"=>"cn=ruby certificate rbcert,dc=ruby-lang,dc=org",
|
20
20
|
"extra" => {
|
21
21
|
"raw_info" => valid_user_json
|
@@ -62,7 +62,6 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
62
62
|
self.app = Rack::Builder.app do
|
63
63
|
use Rack::Session::Cookie, :secret => '1337geeks'
|
64
64
|
use RackSessionAccess::Middleware
|
65
|
-
ap '-'*80
|
66
65
|
ap dice_options
|
67
66
|
use OmniAuth::Strategies::Dice, dice_options
|
68
67
|
run lambda{|env| [404, {'env' => env}, ["HELLO!"]]}
|
@@ -144,6 +143,7 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
144
143
|
get '/auth/dice'
|
145
144
|
follow_redirect!
|
146
145
|
expect(last_response.location).to eq('/')
|
146
|
+
ap last_request.env['rack.session']['omniauth.auth'].inspect
|
147
147
|
raw_info = last_request.env['rack.session']['omniauth.auth']['extra']['raw_info']
|
148
148
|
expect(raw_info).to eq(valid_user_json)
|
149
149
|
end
|
@@ -155,10 +155,6 @@ describe OmniAuth::Strategies::Dice, type: :strategy do
|
|
155
155
|
expect(last_response.location).to eq('/')
|
156
156
|
raw_info = last_request.env['rack.session']['omniauth.auth']['extra']['raw_info']
|
157
157
|
expect(last_request.env['rack.session']['omniauth.auth']).to be_kind_of(Hash)
|
158
|
-
ap '>'*40
|
159
|
-
ap last_request.env['rack.session']['omniauth.auth'].sort
|
160
|
-
ap '<'*40
|
161
|
-
ap auth_hash.sort
|
162
158
|
expect(last_request.env['rack.session']['omniauth.auth'].sort).to eq(auth_hash.sort)
|
163
159
|
end
|
164
160
|
|
@@ -25,11 +25,11 @@ describe OmniAuth::Strategies::Dice do
|
|
25
25
|
let(:subject_without_authentication_path) { OmniAuth::Strategies::Dice.new(app, cas_server: 'https://dice.dev') }
|
26
26
|
|
27
27
|
it 'should require a cas server url' do
|
28
|
-
expect{ subject }.to raise_error(RequiredCustomParamError)
|
28
|
+
expect{ subject.request_phase }.to raise_error(RequiredCustomParamError, "omniauth-dice error: cas_server is required")
|
29
29
|
end
|
30
30
|
|
31
31
|
it 'should require an authentication path' do
|
32
|
-
expect{ subject_without_authentication_path }.to raise_error(RequiredCustomParamError)
|
32
|
+
expect{ subject_without_authentication_path.request_phase }.to raise_error(RequiredCustomParamError, "omniauth-dice error: authentication_path is required")
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
@@ -158,4 +158,25 @@ describe OmniAuth::Strategies::Dice do
|
|
158
158
|
end
|
159
159
|
end
|
160
160
|
end
|
161
|
+
|
162
|
+
context ".primary_visa?" do
|
163
|
+
it 'should return false if no visas are defined' do
|
164
|
+
dice = OmniAuth::Strategies::Dice.new( app, dice_default_opts.merge({primary_visa: 'EQUESTRIA'}) )
|
165
|
+
visa_present = dice.send( :has_primary_visa?, { } )
|
166
|
+
expect(visa_present).to eq(false)
|
167
|
+
end
|
168
|
+
|
169
|
+
it "should return false if the visa is not present in ['info']['visas']" do
|
170
|
+
dice = OmniAuth::Strategies::Dice.new( app, dice_default_opts.merge({primary_visa: 'EQUESTRIA'}) )
|
171
|
+
visa_present = dice.send( :has_primary_visa?, {'visas' => ['CLOUDSDALE','PONYVILLE']} )
|
172
|
+
expect(visa_present).to eq(false)
|
173
|
+
end
|
174
|
+
|
175
|
+
it "should return true if the visa is present in ['info']['visas']" do
|
176
|
+
dice = OmniAuth::Strategies::Dice.new( app, dice_default_opts.merge({primary_visa: 'EQUESTRIA'}) )
|
177
|
+
visa_present = dice.send( :has_primary_visa?, {'visas' => ['CLOUDSDALE','EQUESTRIA'] } )
|
178
|
+
expect(visa_present).to eq(true)
|
179
|
+
end
|
180
|
+
end
|
181
|
+
|
161
182
|
end
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-dice
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Steven Haddox
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
30
30
|
42qdwEXvvkODZAD6KAIXPdmbMfBgPbcd+B/4eUA0PyKo+4dgL1NuqX4MPWToevIZ
|
31
31
|
O8EKLF2X7NmC6FY1bOsSj/J8r1SOkx0rxgF+geRvY1P+hfNjDfxTsjU=
|
32
32
|
-----END CERTIFICATE-----
|
33
|
-
date: 2015-
|
33
|
+
date: 2015-02-03 00:00:00.000000000 Z
|
34
34
|
dependencies:
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: awesome_print
|
metadata.gz.sig
CHANGED
Binary file
|