omniauth-dnb 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: afb3d17a4c695e6756e167b7c2dc0fb518dbcab3
+  data.tar.gz: d7fda4c9b2c7cfda35c02a83361a35c9b2d230ba
+SHA512:
+  metadata.gz: 4dc9f4bab2599bc0f5c98bc430983acb529c59e138bc5b3e59f552a103c5b157f2208656a47d7482da224b2923d12c6f1119f83620c9506509647ac1ef4a7348
+  data.tar.gz: 29c699729f0c7b4748fa600500e287e8e3424dcc1cfb91703b960784a722f0e3a86ee760df17de25d374b217d2676d3363f8a7a3ad2d1e9e1e88850612949cbe

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.ruby-gemset
+.ruby-version

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 2.2.6
+  - 2.3.3
+  - 2.4.1
+before_install:
+  - gem install bundler

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-dnb.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2017 MAK IT
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,74 @@
+# OmniAuth DNB
+
+[![Build Status](https://travis-ci.org/mak-it/omniauth-dnb.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-dnb)
+
+Omniauth strategy for using [DNB Link](https://www.dnb.lv/en/business/acceptance-payments-and-customer-authentication-online-dnb-link) as an authentication service provider.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'omniauth-dnb'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-dnb
+
+## Usage
+
+Here's a quick example, adding the middleware to a Rails app
+in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :dnb,
+    File.read("path/to/private.key"),
+    File.read("path/to/bank.crt"),
+    ENV['DNB_SND_ID'],
+    site: ENV['DNB_SITE'] || OmniAuth::Strategies::Dnb::PRODUCTION_ENDPOINT
+end
+```
+
+## Auth Hash
+
+Here's an example Auth Hash available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  provider: 'dnb',
+  uid: '374042-80367',
+  info: {
+    full_name: 'ARNIS RAITUMS'
+  },
+  extra: {
+    raw_info: {
+      VK_SERVICE: '2001',
+      VK_VERSION: '101',
+      VK_SND_ID: 'RIKOLV2X',
+      VK_REC_ID: '10..',
+      VK_STAMP: '20170403112855087471',
+      VK_T_NO: '616365957',
+      VK_PER_CODE: '374042-80367',
+      VK_PER_FNAME: 'ARNIS',
+      VK_PER_LNAME: 'RAITUMS',
+      VK_COM_CODE: '',
+      VK_COM_NAME: '',
+      VK_TIME: '20170403113328',
+      VK_MAC: 'SkYmH5AFI6Av ...',
+      VK_LANG: 'LAT'
+    }
+  }
+}
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require "rspec/core/rake_task"
+
+Bundler::GemHelper.install_tasks
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/lib/omniauth-dnb.rb

@@ -0,0 +1,4 @@
+require 'omniauth/dnb'
+require 'i18n'
+
+I18n.load_path += Dir[File.join(File.dirname(__FILE__), 'omniauth', 'locales', '*.yml')]

data/lib/omniauth/dnb.rb

@@ -0,0 +1,2 @@
+require 'omniauth/dnb/version'
+require 'omniauth/strategies/dnb'

data/lib/omniauth/dnb/version.rb

@@ -0,0 +1,5 @@
+module Omniauth
+  module Dnb
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth/locales/omniauth.en.yml

@@ -0,0 +1,5 @@
+en:
+  omniauth:
+    dnb:
+      please_wait: Please wait...
+      click_here_if_not_redirected: Click here, if not redirected automatically

data/lib/omniauth/locales/omniauth.lv.yml

@@ -0,0 +1,5 @@
+lv:
+  omniauth:
+    dnb:
+      please_wait: Lūdzu uzgaidiet...
+      click_here_if_not_redirected: Spiediet šeit, ja pāradresācija nenotiek automātiski

data/lib/omniauth/strategies/dnb.rb

@@ -0,0 +1,143 @@
+require 'omniauth'
+require 'base64'
+
+module OmniAuth
+  module Strategies
+    class Dnb
+      include OmniAuth::Strategy
+
+      PRODUCTION_ENDPOINT = 'https://ib.dnb.lv/login/index.php'
+      TEST_ENDPOINT = 'https://link.securet.dnb.lv/login/rid_login.php'
+
+      AUTH_SERVICE = '3001'
+      AUTH_VERSION = '101'
+
+      args [:private_key, :public_key, :snd_id]
+
+      option :private_key, nil
+      option :public_key, nil
+      option :snd_id, nil
+
+      option :name, 'dnb'
+      option :site, PRODUCTION_ENDPOINT
+
+      def stamp
+        return @stamp if @stamp
+        @stamp = Time.now.strftime('%Y%m%d%H%M%S') + SecureRandom.random_number(999999).to_s.rjust(6, '0')
+      end
+
+      def prepend_length(value)
+        # prepend length to string in 0xx format
+        [ value.to_s.length.to_s.rjust(3, '0'), value.dup.to_s.force_encoding('ascii')].join
+      end
+
+      def signature_input
+        [
+          AUTH_SERVICE,                 # VK_SERVICE
+          AUTH_VERSION,                 # VK_VERSION
+          options.snd_id,               # VK_SND_ID
+          stamp,                        # VK_STAMP
+          callback_url                  # VK_RETURN
+        ].map{|v| prepend_length(v)}.join
+      end
+
+      def signature(priv_key)
+        Base64.encode64(priv_key.sign(OpenSSL::Digest::SHA1.new, signature_input))
+      end
+
+      uid do
+        if request.params['VK_PER_CODE']
+          request.params['VK_PER_CODE']
+        else
+          request.params['VK_COM_CODE']
+        end
+      end
+
+      info do
+        full_name = if request.params['VK_PER_FNAME']
+          [request.params['VK_PER_FNAME'], request.params['VK_PER_LNAME']].join(' ')
+        else
+          request.params['VK_COM_NAME']
+        end
+        {
+          full_name: full_name,
+          first_name: request.params['VK_PER_FNAME'],
+          last_name: request.params['VK_PER_LNAME'],
+          company_code: request.params['VK_COM_CODE'],
+          company_name: request.params['VK_COM_NAME'],
+        }
+      end
+
+      extra do
+        { raw_info: request.params }
+      end
+
+      def callback_phase
+        begin
+          pub_key = OpenSSL::X509::Certificate.new(options.public_key).public_key
+        rescue => e
+          return fail!(:public_key_load_err, e)
+        end
+
+        if request.params['VK_SERVICE'] != '2001'
+          return fail!(:unsupported_response_service_err)
+        end
+
+        if request.params['VK_VERSION'] != '101'
+          return fail!(:unsupported_response_version_err)
+        end
+
+        sig_str = [
+          request.params['VK_SERVICE'],
+          request.params['VK_VERSION'],
+          request.params['VK_SND_ID'],
+          request.params['VK_REC_ID'],
+          request.params['VK_STAMP'],
+          request.params['VK_T_NO'],
+          request.params['VK_PER_CODE'],
+          request.params['VK_PER_FNAME'],
+          request.params['VK_PER_LNAME'],
+          request.params['VK_COM_CODE'],
+          request.params['VK_COM_NAME'],
+          request.params['VK_TIME']
+        ].map{|v| prepend_length(v)}.join
+
+        raw_signature = Base64.decode64(request.params['VK_MAC'])
+
+        if !pub_key.verify(OpenSSL::Digest::SHA1.new, raw_signature, sig_str)
+          return fail!(:invalid_response_signature_err)
+        end
+
+        super
+      end
+
+      def request_phase
+        begin
+          priv_key = OpenSSL::PKey::RSA.new(options.private_key)
+        rescue => e
+          return fail!(:private_key_load_err, e)
+        end
+
+        form = OmniAuth::Form.new(:title => I18n.t('omniauth.dnb.please_wait'), :url => options.site)
+
+        {
+          'VK_SERVICE' => AUTH_SERVICE,
+          'VK_VERSION' => AUTH_VERSION,
+          'VK_SND_ID' => options.snd_id,
+          'VK_STAMP' => stamp,
+          'VK_RETURN' => callback_url,
+          'VK_MAC' => signature(priv_key),
+          'VK_LANG' => 'LAT',
+        }.each do |name, val|
+          form.html "<input type=\"hidden\" name=\"#{name}\" value=\"#{val}\" />"
+        end
+
+        form.button I18n.t('omniauth.dnb.click_here_if_not_redirected')
+
+        form.instance_variable_set('@html',
+          form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
+        form.to_response
+      end
+    end
+  end
+end

data/omniauth-dnb.gemspec

@@ -0,0 +1,30 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/dnb/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'omniauth-dnb'
+  spec.version       = Omniauth::Dnb::VERSION
+  spec.authors       = ['MAK IT']
+  spec.email         = ['admin@makit.lv']
+  spec.description   = %q{OmniAuth strategy for DNB Link}
+  spec.summary       = %q{OmniAuth strategy for DNB Link}
+  spec.homepage      = ''
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 2.2.2'
+
+  spec.add_runtime_dependency 'omniauth', '~> 1.0'
+  spec.add_runtime_dependency 'i18n'
+
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'bundler', '~> 1.13'
+  spec.add_development_dependency 'rake', '~> 12.0'
+  spec.add_development_dependency 'byebug'
+end

data/spec/certs/bank.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIJAJ5auG0KG8WMMA0GCSqGSIb3DQEBCwUAMB8xEDAOBgNV
+BAMTB0ROQlRFU1QxCzAJBgNVBAYTAkxWMB4XDTE3MDQwMzEwMDQzM1oXDTM3MDMy
+OTEwMDQzM1owHzEQMA4GA1UEAxMHRE5CVEVTVDELMAkGA1UEBhMCTFYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRYJ0rKoiMbUDxiiXT0xaf8yOMu59
+m5DFe1A5I/1X9IZCaVEMXcd7ZJoovupOU340n2Kq5ez8zeS3mLY3WK+78MFIysc9
+nM7/MrTB2KYVaEnpzgN0c9MkiUq8G7LTtcLCbK/eEYmXf4vQIAXwHr6JnP7+sPd7
+XZhgTNbeugxyqL9Nj1zzLUBOH2v1/PzFH2KnSe/srCSb/PQs+YPpNvx8nWu4FY9E
+S09idp59hKnWS1M5SRWKYrc3YhLYDinV3Tjwe0uSGJIC4DNijP/QgkZ6TSIiSOua
+TIQofTkFxT9r32SCTjm8oLzK6w8dvPmx2e9Q9urfD99jmiLh7N7hII7TAgMBAAGj
+gYAwfjAdBgNVHQ4EFgQU3vSU9SHIDGRYCE/bfS9Y27kPKuowTwYDVR0jBEgwRoAU
+3vSU9SHIDGRYCE/bfS9Y27kPKuqhI6QhMB8xEDAOBgNVBAMTB0ROQlRFU1QxCzAJ
+BgNVBAYTAkxWggkAnlq4bQobxYwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEApoS7dHifbvMluHL9ypLgJ+SVr/RaAYy8WYE9lfK7CBX0cLzn4pxZm69W
+pWqp3qB4FxEQS2PNt6TAwexNUeWkKUrMxdnSRRw5gnMM0ELNpWd/xWvu3MHZfR0w
+hfyQyweipttgcaCOMQoRH/DS2HeS3GcRk5ljHzRhavqqgnLY8WZ/YGtnBqFlanMz
+F2dfWQqld/73S0v9ygwKaC+SwVHIQ8XwgZkwxM3MxyXOuE4sx5p+KaQ7n/aRRseb
+EZhMUzYXd0+ekN8cNjefBmCJlkV+VxeZwo7s97A4qYMku6Ac3Zji8SUi+Qz9RD0q
+E8Sjrn8obEY8rDfkGoPZf+ygH4MkOA==
+-----END CERTIFICATE-----

data/spec/certs/bank.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzEWCdKyqIjG1A8Yol09MWn/MjjLufZuQxXtQOSP9V/SGQmlR
+DF3He2SaKL7qTlN+NJ9iquXs/M3kt5i2N1ivu/DBSMrHPZzO/zK0wdimFWhJ6c4D
+dHPTJIlKvBuy07XCwmyv3hGJl3+L0CAF8B6+iZz+/rD3e12YYEzW3roMcqi/TY9c
+8y1ATh9r9fz8xR9ip0nv7Kwkm/z0LPmD6Tb8fJ1ruBWPREtPYnaefYSp1ktTOUkV
+imK3N2IS2A4p1d048HtLkhiSAuAzYoz/0IJGek0iIkjrmkyEKH05BcU/a99kgk45
+vKC8yusPHbz5sdnvUPbq3w/fY5oi4eze4SCO0wIDAQABAoIBAQCUmpi+QoJ+38R9
+G2KaOREl4UUxybGgZVTbpcsF1r3Oh9BIbg+NPIgLp3NS4xjXpHvy0mTYSO6wNyUF
+v64H85fc1Nf4GbT6iKI6G2xOfUrN1hG3aq0uwbhAIzTgRhJBXEB0atdCaWW8dgiD
+f1hyiBs7R6BmLt3LvJpGrH/Ahn7ZxcVSwTNb485fl4bAmR1uc3QRi1RUVA/d6BuQ
+Swm9ahBzgCl66uXDTCwjjOv+JTU1Bn8iMZws4e0A4sfbT/Fs5eoSLEnMQUWjIyQ/
+/+3YTyohi97sbliA3VNbyHqPOyvgQSrNppdxl75KgBhDXVLBvijBokQWJmPGNEDr
+efXquhABAoGBAPqCLttuFDFU0pwcZd2JKXCOiylSeywMvozC14c3qG+fPVOTkRWT
+tGBoe83THAh1d1thwXQCjwU+voTP3HA9gd58SVjElFneAKKjhLg/4QcdlJ8JFdRw
+itV4pqSzvxkzH+OTvZWa+yxmg2BTP1dDa7RjlNf2LnmhGvs5gW98QlbTAoGBANC/
+2e4vyXRqwIREyXtopsJns3lHSj50PEkurcaLo4NsFOwBVbAC+qBC+NCS8s0KnhGO
+1YCaNMEXuVAyXfnlNUtzfWJce8YSqqhyP36d5zQzXBiAj3IVSKHHMN12/oYqlqsl
+ya+SoUkCXKOZOmcb8f/iwF5ZM6W6dr2ECAyxtegBAoGAUa5LCv9clC09MuvLhy2n
+Fm1UENg1E0rggtMxJYTPZf39KBgwsWFk6h6HZ7hTJqrujRxV0LbY3XP0+ScxkGNt
+yhaqb8hBOwA5Is7AgrdJb2GEyUpUFN3RVwOtCn0VbWkPF8xff7118qdGZQ0f1RtF
+rh7eNICv7LbMLmg0vR4+H0MCgYEAjvCP/fVi8QCYSvn/LS3/4ma4EneqcxGMpl/8
+RlQf50H/IYvYbOndTBgP4GJ/N7/pdQRlVeZB8WaZUjzq9M7qq3utg8joSD1H9ogk
+ykK9qpTwnyaJEwlX7s9CuqNcrepDuXXqoPq6zg9799pYj3onP5y5NOHH59fCrwrV
+qDuX4AECgYEAt/mpBWRilnnnYYoSyiBW9N4MS3t6N88rfR3a0sftfhXEEFBwIIjX
+gB4xAcbZ/EhghKrnKXh3tTbWkf/46Kscl+BvPLRAVUykAEtRlG/Kt/jvyJtKjfzy
+9iWKuayWsllLm9q0Os9E8z4g4n8VbtLnCbyN07P+ghRZTB17tk8qJ2Y=
+-----END RSA PRIVATE KEY-----

data/spec/omniauth/strategies/dnb_spec.rb

@@ -0,0 +1,207 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::Dnb do
+
+  PRIVATE_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'bank.key'))
+  PUBLIC_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'bank.crt'))
+
+  let(:app){ Rack::Builder.new do |b|
+    b.use Rack::Session::Cookie, { secret: 'abc123'}
+    b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID')
+    b.run lambda{|env| [404, {}, ['Not Found']]}
+  end.to_app }
+  let(:last_response_stamp) { last_response.body.match(/name="VK_STAMP" value="([^"]*)"/)[1] }
+  let(:last_response_mac)   { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] }
+
+  context 'request phase' do
+    before(:each){ get '/auth/dnb' }
+
+    it 'displays a single form' do
+      expect(last_response.status).to eq(200)
+      expect(last_response.body.scan('<form').size).to eq(1)
+    end
+
+    it 'has JavaScript code to submit the form after it is created' do
+      expect(last_response.body).to be_include('</form><script type="text/javascript">document.forms[0].submit();</script>')
+    end
+
+    EXPECTED_VALUES = {
+      VK_SERVICE: '3001',
+      VK_VERSION: '101',
+      VK_SND_ID:  'MY_SND_ID',
+      VK_RETURN:  'http://example.org/auth/dnb/callback'
+    }
+
+    EXPECTED_VALUES.each_pair do |k,v|
+      it 'has hidden input field #{k} => #{v}' do
+        expect(last_response.body.scan("<input type=\"hidden\" name=\"#{k}\" value=\"#{v}\"").size).to eq(1)
+      end
+    end
+
+    it 'has a VK_STAMP hidden field with 20 byte long value' do
+      expect(last_response_stamp.bytesize).to eq(20)
+    end
+
+    it 'has a correct VK_MAC signature' do
+      sig_str =
+        "004#{EXPECTED_VALUES[:VK_SERVICE]}" +
+        "003#{EXPECTED_VALUES[:VK_VERSION]}" +
+        "009#{EXPECTED_VALUES[:VK_SND_ID]}" +
+        "020" + last_response_stamp +  # VK_STAMP
+        "036#{EXPECTED_VALUES[:VK_RETURN]}"
+
+      private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
+      expected_mac = Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, sig_str))
+      expect(last_response_mac).to eq(expected_mac)
+    end
+
+    context 'with default options' do
+      it 'has the default action tag value' do
+        expect(last_response.body).to be_include("action='#{OmniAuth::Strategies::Dnb::PRODUCTION_ENDPOINT}'")
+      end
+
+      it 'has the default VK_LANG value' do
+        expect(last_response.body.scan('<input type="hidden" name="VK_LANG" value="LAT"').size).to eq(1)
+      end
+    end
+
+    context 'with custom options' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, { secret: 'abc123' }
+        b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID',
+          site: 'https://test.lv/banklink')
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'has the custom action tag value' do
+        expect(last_response.body).to be_include("action='https://test.lv/banklink'")
+      end
+    end
+
+    context 'with non-existant private key files' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, { secret: 'abc123' }
+        b.use(OmniAuth::Strategies::Dnb, 'invalid_key', PUBLIC_KEY, 'MY_SND_ID')
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'redirects to /auth/failure with appropriate query params' do
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=private_key_load_err&strategy=dnb')
+      end
+    end
+  end
+
+  context 'callback phase' do
+    let(:auth_hash){ last_request.env['omniauth.auth'] }
+    context 'with valid response' do
+      before do
+        post '/auth/dnb/callback',
+          'VK_SERVICE': '2001',
+          'VK_VERSION': '101',
+          'VK_SND_ID': 'RIKOLV2X',
+          'VK_REC_ID': 'MY_SND_ID',
+          'VK_STAMP': '20170403112855087471',
+          'VK_T_NO': '616365957',
+          'VK_PER_CODE': '121200-00005',
+          'VK_PER_FNAME': 'USER_5',
+          'VK_PER_LNAME': 'TEST',
+          'VK_COM_CODE': '',
+          'VK_COM_NAME': '',
+          'VK_TIME': '20170403113328',
+          'VK_MAC': 'dNj8PfJhwK8wm2UXRegkknqzIDmiHb+13UOJ2j1cI5dnC31kcosDQGJQrh9AJdUGtD9CHX8FIXtwPI0B+HAdiO3rdJxmc1vi68czGX79YQnbgl9pAc7WVLV6Lpv01bdAkVowGBvac6JlcFangx1e6dRqDQjCK5Q1p9PFqDcxBRtOkKMOlfBSFRQ4GNTC+t2AvXycQtFWScB3Z9GSA04xZrPA7yeEY1RtrkCxCbIGpr9vPN4wAdhCMeHqW8BHH5ir/ripo5krOynnmwHEJkj5sSq0cLsffbEP+15i3VuVp+S95/qmr9WQpS/F9tgGWDnZ0y+tsYs4BH5hQZxI+zH05Q==',
+          'VK_LANG': 'LAT'
+      end
+
+      it 'sets the correct uid value in the auth hash' do
+        expect(auth_hash.uid).to eq('121200-00005')
+      end
+
+      it 'sets the correct info.full_name value in the auth hash' do
+        expect(auth_hash.info.full_name).to eq('USER_5 TEST')
+      end
+    end
+
+    context 'with non-existant public key file' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, { secret: 'abc123' }
+        b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, 'invalid_crt', 'MY_SND_ID')
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'redirects to /auth/failure with appropriate query params' do
+        post '/auth/dnb/callback' # Params are not important, because we're testing public key loading
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=public_key_load_err&strategy=dnb')
+      end
+    end
+
+    context 'with invalid response' do
+      it 'detects invalid signature' do
+        post '/auth/dnb/callback',
+          'VK_SERVICE': '2001',
+          'VK_VERSION': '101',
+          'VK_SND_ID': 'RIKOLV2X',
+          'VK_REC_ID': 'MY_SND_ID',
+          'VK_STAMP': '20170403112855087471',
+          'VK_T_NO': '616365957',
+          'VK_PER_CODE': '121200-00005',
+          'VK_PER_FNAME': 'USER_5',
+          'VK_PER_LNAME': 'TEST',
+          'VK_COM_CODE': '',
+          'VK_COM_NAME': '',
+          'VK_TIME': '20170403113328',
+          'VK_MAC': 'invalid_signature',
+          'VK_LANG': 'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=invalid_response_signature_err&strategy=dnb')
+        expect(auth_hash).to be_nil
+      end
+
+      it 'detects unsupported VK_SERVICE values' do
+        post '/auth/dnb/callback',
+          'VK_SERVICE': '2004',
+          'VK_VERSION': '101',
+          'VK_SND_ID': 'RIKOLV2X',
+          'VK_REC_ID': 'MY_SND_ID',
+          'VK_STAMP': '20170403112855087471',
+          'VK_T_NO': '616365957',
+          'VK_PER_CODE': '121200-00005',
+          'VK_PER_FNAME': 'USER_5',
+          'VK_PER_LNAME': 'TEST',
+          'VK_COM_CODE': '',
+          'VK_COM_NAME': '',
+          'VK_TIME': '20170403113328',
+          'VK_MAC': 'dNj8PfJhwK8wm2UXRegkknqzIDmiHb+13UOJ2j1cI5dnC31kcosDQGJQrh9AJdUGtD9CHX8FIXtwPI0B+HAdiO3rdJxmc1vi68czGX79YQnbgl9pAc7WVLV6Lpv01bdAkVowGBvac6JlcFangx1e6dRqDQjCK5Q1p9PFqDcxBRtOkKMOlfBSFRQ4GNTC+t2AvXycQtFWScB3Z9GSA04xZrPA7yeEY1RtrkCxCbIGpr9vPN4wAdhCMeHqW8BHH5ir/ripo5krOynnmwHEJkj5sSq0cLsffbEP+15i3VuVp+S95/qmr9WQpS/F9tgGWDnZ0y+tsYs4BH5hQZxI+zH05Q==',
+          'VK_LANG': 'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_service_err&strategy=dnb')
+        expect(auth_hash).to be_nil
+      end
+
+      it 'detects unsupported VK_VERSION values' do
+        post '/auth/dnb/callback',
+          'VK_SERVICE': '2001',
+          'VK_VERSION': '109',
+          'VK_SND_ID': 'RIKOLV2X',
+          'VK_REC_ID': 'MY_SND_ID',
+          'VK_STAMP': '20170403112855087471',
+          'VK_T_NO': '616365957',
+          'VK_PER_CODE': '121200-00005',
+          'VK_PER_FNAME': 'USER_5',
+          'VK_PER_LNAME': 'TEST',
+          'VK_COM_CODE': '',
+          'VK_COM_NAME': '',
+          'VK_TIME': '20170403113328',
+          'VK_MAC': 'dNj8PfJhwK8wm2UXRegkknqzIDmiHb+13UOJ2j1cI5dnC31kcosDQGJQrh9AJdUGtD9CHX8FIXtwPI0B+HAdiO3rdJxmc1vi68czGX79YQnbgl9pAc7WVLV6Lpv01bdAkVowGBvac6JlcFangx1e6dRqDQjCK5Q1p9PFqDcxBRtOkKMOlfBSFRQ4GNTC+t2AvXycQtFWScB3Z9GSA04xZrPA7yeEY1RtrkCxCbIGpr9vPN4wAdhCMeHqW8BHH5ir/ripo5krOynnmwHEJkj5sSq0cLsffbEP+15i3VuVp+S95/qmr9WQpS/F9tgGWDnZ0y+tsYs4BH5hQZxI+zH05Q==',
+          'VK_LANG': 'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_version_err&strategy=dnb')
+        expect(auth_hash).to be_nil
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,19 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'rspec'
+require 'rack/test'
+require 'omniauth'
+require 'omniauth-dnb'
+
+RSpec.configure do |config|
+  config.add_setting('cert_folder')
+  config.cert_folder = File.expand_path('../certs', __FILE__)
+
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end
+
+I18n.enforce_available_locales = false

metadata

@@ -0,0 +1,163 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-dnb
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- MAK IT
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-04-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for DNB Link
+email:
+- admin@makit.lv
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-dnb.rb
+- lib/omniauth/dnb.rb
+- lib/omniauth/dnb/version.rb
+- lib/omniauth/locales/omniauth.en.yml
+- lib/omniauth/locales/omniauth.lv.yml
+- lib/omniauth/strategies/dnb.rb
+- omniauth-dnb.gemspec
+- spec/certs/bank.crt
+- spec/certs/bank.key
+- spec/omniauth/strategies/dnb_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.2.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for DNB Link
+test_files:
+- spec/certs/bank.crt
+- spec/certs/bank.key
+- spec/omniauth/strategies/dnb_spec.rb
+- spec/spec_helper.rb