omniauth-dnb 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +19 -0
- data/.travis.yml +7 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +74 -0
- data/Rakefile +8 -0
- data/lib/omniauth-dnb.rb +4 -0
- data/lib/omniauth/dnb.rb +2 -0
- data/lib/omniauth/dnb/version.rb +5 -0
- data/lib/omniauth/locales/omniauth.en.yml +5 -0
- data/lib/omniauth/locales/omniauth.lv.yml +5 -0
- data/lib/omniauth/strategies/dnb.rb +143 -0
- data/omniauth-dnb.gemspec +30 -0
- data/spec/certs/bank.crt +20 -0
- data/spec/certs/bank.key +27 -0
- data/spec/omniauth/strategies/dnb_spec.rb +207 -0
- data/spec/spec_helper.rb +19 -0
- metadata +163 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: afb3d17a4c695e6756e167b7c2dc0fb518dbcab3
|
4
|
+
data.tar.gz: d7fda4c9b2c7cfda35c02a83361a35c9b2d230ba
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4dc9f4bab2599bc0f5c98bc430983acb529c59e138bc5b3e59f552a103c5b157f2208656a47d7482da224b2923d12c6f1119f83620c9506509647ac1ef4a7348
|
7
|
+
data.tar.gz: 29c699729f0c7b4748fa600500e287e8e3424dcc1cfb91703b960784a722f0e3a86ee760df17de25d374b217d2676d3363f8a7a3ad2d1e9e1e88850612949cbe
|
data/.gitignore
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2017 MAK IT
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# OmniAuth DNB
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/mak-it/omniauth-dnb.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-dnb)
|
4
|
+
|
5
|
+
Omniauth strategy for using [DNB Link](https://www.dnb.lv/en/business/acceptance-payments-and-customer-authentication-online-dnb-link) as an authentication service provider.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
gem 'omniauth-dnb'
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install omniauth-dnb
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
Here's a quick example, adding the middleware to a Rails app
|
24
|
+
in `config/initializers/omniauth.rb`:
|
25
|
+
|
26
|
+
```ruby
|
27
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
28
|
+
provider :dnb,
|
29
|
+
File.read("path/to/private.key"),
|
30
|
+
File.read("path/to/bank.crt"),
|
31
|
+
ENV['DNB_SND_ID'],
|
32
|
+
site: ENV['DNB_SITE'] || OmniAuth::Strategies::Dnb::PRODUCTION_ENDPOINT
|
33
|
+
end
|
34
|
+
```
|
35
|
+
|
36
|
+
## Auth Hash
|
37
|
+
|
38
|
+
Here's an example Auth Hash available in `request.env['omniauth.auth']`:
|
39
|
+
|
40
|
+
```ruby
|
41
|
+
{
|
42
|
+
provider: 'dnb',
|
43
|
+
uid: '374042-80367',
|
44
|
+
info: {
|
45
|
+
full_name: 'ARNIS RAITUMS'
|
46
|
+
},
|
47
|
+
extra: {
|
48
|
+
raw_info: {
|
49
|
+
VK_SERVICE: '2001',
|
50
|
+
VK_VERSION: '101',
|
51
|
+
VK_SND_ID: 'RIKOLV2X',
|
52
|
+
VK_REC_ID: '10..',
|
53
|
+
VK_STAMP: '20170403112855087471',
|
54
|
+
VK_T_NO: '616365957',
|
55
|
+
VK_PER_CODE: '374042-80367',
|
56
|
+
VK_PER_FNAME: 'ARNIS',
|
57
|
+
VK_PER_LNAME: 'RAITUMS',
|
58
|
+
VK_COM_CODE: '',
|
59
|
+
VK_COM_NAME: '',
|
60
|
+
VK_TIME: '20170403113328',
|
61
|
+
VK_MAC: 'SkYmH5AFI6Av ...',
|
62
|
+
VK_LANG: 'LAT'
|
63
|
+
}
|
64
|
+
}
|
65
|
+
}
|
66
|
+
```
|
67
|
+
|
68
|
+
## Contributing
|
69
|
+
|
70
|
+
1. Fork it
|
71
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
72
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
73
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
74
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
data/lib/omniauth-dnb.rb
ADDED
data/lib/omniauth/dnb.rb
ADDED
@@ -0,0 +1,143 @@
|
|
1
|
+
require 'omniauth'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
module OmniAuth
|
5
|
+
module Strategies
|
6
|
+
class Dnb
|
7
|
+
include OmniAuth::Strategy
|
8
|
+
|
9
|
+
PRODUCTION_ENDPOINT = 'https://ib.dnb.lv/login/index.php'
|
10
|
+
TEST_ENDPOINT = 'https://link.securet.dnb.lv/login/rid_login.php'
|
11
|
+
|
12
|
+
AUTH_SERVICE = '3001'
|
13
|
+
AUTH_VERSION = '101'
|
14
|
+
|
15
|
+
args [:private_key, :public_key, :snd_id]
|
16
|
+
|
17
|
+
option :private_key, nil
|
18
|
+
option :public_key, nil
|
19
|
+
option :snd_id, nil
|
20
|
+
|
21
|
+
option :name, 'dnb'
|
22
|
+
option :site, PRODUCTION_ENDPOINT
|
23
|
+
|
24
|
+
def stamp
|
25
|
+
return @stamp if @stamp
|
26
|
+
@stamp = Time.now.strftime('%Y%m%d%H%M%S') + SecureRandom.random_number(999999).to_s.rjust(6, '0')
|
27
|
+
end
|
28
|
+
|
29
|
+
def prepend_length(value)
|
30
|
+
# prepend length to string in 0xx format
|
31
|
+
[ value.to_s.length.to_s.rjust(3, '0'), value.dup.to_s.force_encoding('ascii')].join
|
32
|
+
end
|
33
|
+
|
34
|
+
def signature_input
|
35
|
+
[
|
36
|
+
AUTH_SERVICE, # VK_SERVICE
|
37
|
+
AUTH_VERSION, # VK_VERSION
|
38
|
+
options.snd_id, # VK_SND_ID
|
39
|
+
stamp, # VK_STAMP
|
40
|
+
callback_url # VK_RETURN
|
41
|
+
].map{|v| prepend_length(v)}.join
|
42
|
+
end
|
43
|
+
|
44
|
+
def signature(priv_key)
|
45
|
+
Base64.encode64(priv_key.sign(OpenSSL::Digest::SHA1.new, signature_input))
|
46
|
+
end
|
47
|
+
|
48
|
+
uid do
|
49
|
+
if request.params['VK_PER_CODE']
|
50
|
+
request.params['VK_PER_CODE']
|
51
|
+
else
|
52
|
+
request.params['VK_COM_CODE']
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
info do
|
57
|
+
full_name = if request.params['VK_PER_FNAME']
|
58
|
+
[request.params['VK_PER_FNAME'], request.params['VK_PER_LNAME']].join(' ')
|
59
|
+
else
|
60
|
+
request.params['VK_COM_NAME']
|
61
|
+
end
|
62
|
+
{
|
63
|
+
full_name: full_name,
|
64
|
+
first_name: request.params['VK_PER_FNAME'],
|
65
|
+
last_name: request.params['VK_PER_LNAME'],
|
66
|
+
company_code: request.params['VK_COM_CODE'],
|
67
|
+
company_name: request.params['VK_COM_NAME'],
|
68
|
+
}
|
69
|
+
end
|
70
|
+
|
71
|
+
extra do
|
72
|
+
{ raw_info: request.params }
|
73
|
+
end
|
74
|
+
|
75
|
+
def callback_phase
|
76
|
+
begin
|
77
|
+
pub_key = OpenSSL::X509::Certificate.new(options.public_key).public_key
|
78
|
+
rescue => e
|
79
|
+
return fail!(:public_key_load_err, e)
|
80
|
+
end
|
81
|
+
|
82
|
+
if request.params['VK_SERVICE'] != '2001'
|
83
|
+
return fail!(:unsupported_response_service_err)
|
84
|
+
end
|
85
|
+
|
86
|
+
if request.params['VK_VERSION'] != '101'
|
87
|
+
return fail!(:unsupported_response_version_err)
|
88
|
+
end
|
89
|
+
|
90
|
+
sig_str = [
|
91
|
+
request.params['VK_SERVICE'],
|
92
|
+
request.params['VK_VERSION'],
|
93
|
+
request.params['VK_SND_ID'],
|
94
|
+
request.params['VK_REC_ID'],
|
95
|
+
request.params['VK_STAMP'],
|
96
|
+
request.params['VK_T_NO'],
|
97
|
+
request.params['VK_PER_CODE'],
|
98
|
+
request.params['VK_PER_FNAME'],
|
99
|
+
request.params['VK_PER_LNAME'],
|
100
|
+
request.params['VK_COM_CODE'],
|
101
|
+
request.params['VK_COM_NAME'],
|
102
|
+
request.params['VK_TIME']
|
103
|
+
].map{|v| prepend_length(v)}.join
|
104
|
+
|
105
|
+
raw_signature = Base64.decode64(request.params['VK_MAC'])
|
106
|
+
|
107
|
+
if !pub_key.verify(OpenSSL::Digest::SHA1.new, raw_signature, sig_str)
|
108
|
+
return fail!(:invalid_response_signature_err)
|
109
|
+
end
|
110
|
+
|
111
|
+
super
|
112
|
+
end
|
113
|
+
|
114
|
+
def request_phase
|
115
|
+
begin
|
116
|
+
priv_key = OpenSSL::PKey::RSA.new(options.private_key)
|
117
|
+
rescue => e
|
118
|
+
return fail!(:private_key_load_err, e)
|
119
|
+
end
|
120
|
+
|
121
|
+
form = OmniAuth::Form.new(:title => I18n.t('omniauth.dnb.please_wait'), :url => options.site)
|
122
|
+
|
123
|
+
{
|
124
|
+
'VK_SERVICE' => AUTH_SERVICE,
|
125
|
+
'VK_VERSION' => AUTH_VERSION,
|
126
|
+
'VK_SND_ID' => options.snd_id,
|
127
|
+
'VK_STAMP' => stamp,
|
128
|
+
'VK_RETURN' => callback_url,
|
129
|
+
'VK_MAC' => signature(priv_key),
|
130
|
+
'VK_LANG' => 'LAT',
|
131
|
+
}.each do |name, val|
|
132
|
+
form.html "<input type=\"hidden\" name=\"#{name}\" value=\"#{val}\" />"
|
133
|
+
end
|
134
|
+
|
135
|
+
form.button I18n.t('omniauth.dnb.click_here_if_not_redirected')
|
136
|
+
|
137
|
+
form.instance_variable_set('@html',
|
138
|
+
form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
|
139
|
+
form.to_response
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
lib = File.expand_path('../lib', __FILE__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
require 'omniauth/dnb/version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = 'omniauth-dnb'
|
7
|
+
spec.version = Omniauth::Dnb::VERSION
|
8
|
+
spec.authors = ['MAK IT']
|
9
|
+
spec.email = ['admin@makit.lv']
|
10
|
+
spec.description = %q{OmniAuth strategy for DNB Link}
|
11
|
+
spec.summary = %q{OmniAuth strategy for DNB Link}
|
12
|
+
spec.homepage = ''
|
13
|
+
spec.license = 'MIT'
|
14
|
+
|
15
|
+
spec.files = `git ls-files`.split($/)
|
16
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
17
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
18
|
+
spec.require_paths = ['lib']
|
19
|
+
|
20
|
+
spec.required_ruby_version = '>= 2.2.2'
|
21
|
+
|
22
|
+
spec.add_runtime_dependency 'omniauth', '~> 1.0'
|
23
|
+
spec.add_runtime_dependency 'i18n'
|
24
|
+
|
25
|
+
spec.add_development_dependency 'rack-test'
|
26
|
+
spec.add_development_dependency 'rspec', '~> 3.0'
|
27
|
+
spec.add_development_dependency 'bundler', '~> 1.13'
|
28
|
+
spec.add_development_dependency 'rake', '~> 12.0'
|
29
|
+
spec.add_development_dependency 'byebug'
|
30
|
+
end
|
data/spec/certs/bank.crt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIDQjCCAiqgAwIBAgIJAJ5auG0KG8WMMA0GCSqGSIb3DQEBCwUAMB8xEDAOBgNV
|
3
|
+
BAMTB0ROQlRFU1QxCzAJBgNVBAYTAkxWMB4XDTE3MDQwMzEwMDQzM1oXDTM3MDMy
|
4
|
+
OTEwMDQzM1owHzEQMA4GA1UEAxMHRE5CVEVTVDELMAkGA1UEBhMCTFYwggEiMA0G
|
5
|
+
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRYJ0rKoiMbUDxiiXT0xaf8yOMu59
|
6
|
+
m5DFe1A5I/1X9IZCaVEMXcd7ZJoovupOU340n2Kq5ez8zeS3mLY3WK+78MFIysc9
|
7
|
+
nM7/MrTB2KYVaEnpzgN0c9MkiUq8G7LTtcLCbK/eEYmXf4vQIAXwHr6JnP7+sPd7
|
8
|
+
XZhgTNbeugxyqL9Nj1zzLUBOH2v1/PzFH2KnSe/srCSb/PQs+YPpNvx8nWu4FY9E
|
9
|
+
S09idp59hKnWS1M5SRWKYrc3YhLYDinV3Tjwe0uSGJIC4DNijP/QgkZ6TSIiSOua
|
10
|
+
TIQofTkFxT9r32SCTjm8oLzK6w8dvPmx2e9Q9urfD99jmiLh7N7hII7TAgMBAAGj
|
11
|
+
gYAwfjAdBgNVHQ4EFgQU3vSU9SHIDGRYCE/bfS9Y27kPKuowTwYDVR0jBEgwRoAU
|
12
|
+
3vSU9SHIDGRYCE/bfS9Y27kPKuqhI6QhMB8xEDAOBgNVBAMTB0ROQlRFU1QxCzAJ
|
13
|
+
BgNVBAYTAkxWggkAnlq4bQobxYwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
|
14
|
+
AAOCAQEApoS7dHifbvMluHL9ypLgJ+SVr/RaAYy8WYE9lfK7CBX0cLzn4pxZm69W
|
15
|
+
pWqp3qB4FxEQS2PNt6TAwexNUeWkKUrMxdnSRRw5gnMM0ELNpWd/xWvu3MHZfR0w
|
16
|
+
hfyQyweipttgcaCOMQoRH/DS2HeS3GcRk5ljHzRhavqqgnLY8WZ/YGtnBqFlanMz
|
17
|
+
F2dfWQqld/73S0v9ygwKaC+SwVHIQ8XwgZkwxM3MxyXOuE4sx5p+KaQ7n/aRRseb
|
18
|
+
EZhMUzYXd0+ekN8cNjefBmCJlkV+VxeZwo7s97A4qYMku6Ac3Zji8SUi+Qz9RD0q
|
19
|
+
E8Sjrn8obEY8rDfkGoPZf+ygH4MkOA==
|
20
|
+
-----END CERTIFICATE-----
|
data/spec/certs/bank.key
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIEpQIBAAKCAQEAzEWCdKyqIjG1A8Yol09MWn/MjjLufZuQxXtQOSP9V/SGQmlR
|
3
|
+
DF3He2SaKL7qTlN+NJ9iquXs/M3kt5i2N1ivu/DBSMrHPZzO/zK0wdimFWhJ6c4D
|
4
|
+
dHPTJIlKvBuy07XCwmyv3hGJl3+L0CAF8B6+iZz+/rD3e12YYEzW3roMcqi/TY9c
|
5
|
+
8y1ATh9r9fz8xR9ip0nv7Kwkm/z0LPmD6Tb8fJ1ruBWPREtPYnaefYSp1ktTOUkV
|
6
|
+
imK3N2IS2A4p1d048HtLkhiSAuAzYoz/0IJGek0iIkjrmkyEKH05BcU/a99kgk45
|
7
|
+
vKC8yusPHbz5sdnvUPbq3w/fY5oi4eze4SCO0wIDAQABAoIBAQCUmpi+QoJ+38R9
|
8
|
+
G2KaOREl4UUxybGgZVTbpcsF1r3Oh9BIbg+NPIgLp3NS4xjXpHvy0mTYSO6wNyUF
|
9
|
+
v64H85fc1Nf4GbT6iKI6G2xOfUrN1hG3aq0uwbhAIzTgRhJBXEB0atdCaWW8dgiD
|
10
|
+
f1hyiBs7R6BmLt3LvJpGrH/Ahn7ZxcVSwTNb485fl4bAmR1uc3QRi1RUVA/d6BuQ
|
11
|
+
Swm9ahBzgCl66uXDTCwjjOv+JTU1Bn8iMZws4e0A4sfbT/Fs5eoSLEnMQUWjIyQ/
|
12
|
+
/+3YTyohi97sbliA3VNbyHqPOyvgQSrNppdxl75KgBhDXVLBvijBokQWJmPGNEDr
|
13
|
+
efXquhABAoGBAPqCLttuFDFU0pwcZd2JKXCOiylSeywMvozC14c3qG+fPVOTkRWT
|
14
|
+
tGBoe83THAh1d1thwXQCjwU+voTP3HA9gd58SVjElFneAKKjhLg/4QcdlJ8JFdRw
|
15
|
+
itV4pqSzvxkzH+OTvZWa+yxmg2BTP1dDa7RjlNf2LnmhGvs5gW98QlbTAoGBANC/
|
16
|
+
2e4vyXRqwIREyXtopsJns3lHSj50PEkurcaLo4NsFOwBVbAC+qBC+NCS8s0KnhGO
|
17
|
+
1YCaNMEXuVAyXfnlNUtzfWJce8YSqqhyP36d5zQzXBiAj3IVSKHHMN12/oYqlqsl
|
18
|
+
ya+SoUkCXKOZOmcb8f/iwF5ZM6W6dr2ECAyxtegBAoGAUa5LCv9clC09MuvLhy2n
|
19
|
+
Fm1UENg1E0rggtMxJYTPZf39KBgwsWFk6h6HZ7hTJqrujRxV0LbY3XP0+ScxkGNt
|
20
|
+
yhaqb8hBOwA5Is7AgrdJb2GEyUpUFN3RVwOtCn0VbWkPF8xff7118qdGZQ0f1RtF
|
21
|
+
rh7eNICv7LbMLmg0vR4+H0MCgYEAjvCP/fVi8QCYSvn/LS3/4ma4EneqcxGMpl/8
|
22
|
+
RlQf50H/IYvYbOndTBgP4GJ/N7/pdQRlVeZB8WaZUjzq9M7qq3utg8joSD1H9ogk
|
23
|
+
ykK9qpTwnyaJEwlX7s9CuqNcrepDuXXqoPq6zg9799pYj3onP5y5NOHH59fCrwrV
|
24
|
+
qDuX4AECgYEAt/mpBWRilnnnYYoSyiBW9N4MS3t6N88rfR3a0sftfhXEEFBwIIjX
|
25
|
+
gB4xAcbZ/EhghKrnKXh3tTbWkf/46Kscl+BvPLRAVUykAEtRlG/Kt/jvyJtKjfzy
|
26
|
+
9iWKuayWsllLm9q0Os9E8z4g4n8VbtLnCbyN07P+ghRZTB17tk8qJ2Y=
|
27
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,207 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe OmniAuth::Strategies::Dnb do
|
4
|
+
|
5
|
+
PRIVATE_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'bank.key'))
|
6
|
+
PUBLIC_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'bank.crt'))
|
7
|
+
|
8
|
+
let(:app){ Rack::Builder.new do |b|
|
9
|
+
b.use Rack::Session::Cookie, { secret: 'abc123'}
|
10
|
+
b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID')
|
11
|
+
b.run lambda{|env| [404, {}, ['Not Found']]}
|
12
|
+
end.to_app }
|
13
|
+
let(:last_response_stamp) { last_response.body.match(/name="VK_STAMP" value="([^"]*)"/)[1] }
|
14
|
+
let(:last_response_mac) { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] }
|
15
|
+
|
16
|
+
context 'request phase' do
|
17
|
+
before(:each){ get '/auth/dnb' }
|
18
|
+
|
19
|
+
it 'displays a single form' do
|
20
|
+
expect(last_response.status).to eq(200)
|
21
|
+
expect(last_response.body.scan('<form').size).to eq(1)
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'has JavaScript code to submit the form after it is created' do
|
25
|
+
expect(last_response.body).to be_include('</form><script type="text/javascript">document.forms[0].submit();</script>')
|
26
|
+
end
|
27
|
+
|
28
|
+
EXPECTED_VALUES = {
|
29
|
+
VK_SERVICE: '3001',
|
30
|
+
VK_VERSION: '101',
|
31
|
+
VK_SND_ID: 'MY_SND_ID',
|
32
|
+
VK_RETURN: 'http://example.org/auth/dnb/callback'
|
33
|
+
}
|
34
|
+
|
35
|
+
EXPECTED_VALUES.each_pair do |k,v|
|
36
|
+
it 'has hidden input field #{k} => #{v}' do
|
37
|
+
expect(last_response.body.scan("<input type=\"hidden\" name=\"#{k}\" value=\"#{v}\"").size).to eq(1)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'has a VK_STAMP hidden field with 20 byte long value' do
|
42
|
+
expect(last_response_stamp.bytesize).to eq(20)
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'has a correct VK_MAC signature' do
|
46
|
+
sig_str =
|
47
|
+
"004#{EXPECTED_VALUES[:VK_SERVICE]}" +
|
48
|
+
"003#{EXPECTED_VALUES[:VK_VERSION]}" +
|
49
|
+
"009#{EXPECTED_VALUES[:VK_SND_ID]}" +
|
50
|
+
"020" + last_response_stamp + # VK_STAMP
|
51
|
+
"036#{EXPECTED_VALUES[:VK_RETURN]}"
|
52
|
+
|
53
|
+
private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
|
54
|
+
expected_mac = Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, sig_str))
|
55
|
+
expect(last_response_mac).to eq(expected_mac)
|
56
|
+
end
|
57
|
+
|
58
|
+
context 'with default options' do
|
59
|
+
it 'has the default action tag value' do
|
60
|
+
expect(last_response.body).to be_include("action='#{OmniAuth::Strategies::Dnb::PRODUCTION_ENDPOINT}'")
|
61
|
+
end
|
62
|
+
|
63
|
+
it 'has the default VK_LANG value' do
|
64
|
+
expect(last_response.body.scan('<input type="hidden" name="VK_LANG" value="LAT"').size).to eq(1)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
context 'with custom options' do
|
69
|
+
let(:app){ Rack::Builder.new do |b|
|
70
|
+
b.use Rack::Session::Cookie, { secret: 'abc123' }
|
71
|
+
b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID',
|
72
|
+
site: 'https://test.lv/banklink')
|
73
|
+
b.run lambda{|env| [404, {}, ['Not Found']]}
|
74
|
+
end.to_app }
|
75
|
+
|
76
|
+
it 'has the custom action tag value' do
|
77
|
+
expect(last_response.body).to be_include("action='https://test.lv/banklink'")
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
context 'with non-existant private key files' do
|
82
|
+
let(:app){ Rack::Builder.new do |b|
|
83
|
+
b.use Rack::Session::Cookie, { secret: 'abc123' }
|
84
|
+
b.use(OmniAuth::Strategies::Dnb, 'invalid_key', PUBLIC_KEY, 'MY_SND_ID')
|
85
|
+
b.run lambda{|env| [404, {}, ['Not Found']]}
|
86
|
+
end.to_app }
|
87
|
+
|
88
|
+
it 'redirects to /auth/failure with appropriate query params' do
|
89
|
+
expect(last_response.status).to eq(302)
|
90
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=private_key_load_err&strategy=dnb')
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
context 'callback phase' do
|
96
|
+
let(:auth_hash){ last_request.env['omniauth.auth'] }
|
97
|
+
context 'with valid response' do
|
98
|
+
before do
|
99
|
+
post '/auth/dnb/callback',
|
100
|
+
'VK_SERVICE': '2001',
|
101
|
+
'VK_VERSION': '101',
|
102
|
+
'VK_SND_ID': 'RIKOLV2X',
|
103
|
+
'VK_REC_ID': 'MY_SND_ID',
|
104
|
+
'VK_STAMP': '20170403112855087471',
|
105
|
+
'VK_T_NO': '616365957',
|
106
|
+
'VK_PER_CODE': '121200-00005',
|
107
|
+
'VK_PER_FNAME': 'USER_5',
|
108
|
+
'VK_PER_LNAME': 'TEST',
|
109
|
+
'VK_COM_CODE': '',
|
110
|
+
'VK_COM_NAME': '',
|
111
|
+
'VK_TIME': '20170403113328',
|
112
|
+
'VK_MAC': 'dNj8PfJhwK8wm2UXRegkknqzIDmiHb+13UOJ2j1cI5dnC31kcosDQGJQrh9AJdUGtD9CHX8FIXtwPI0B+HAdiO3rdJxmc1vi68czGX79YQnbgl9pAc7WVLV6Lpv01bdAkVowGBvac6JlcFangx1e6dRqDQjCK5Q1p9PFqDcxBRtOkKMOlfBSFRQ4GNTC+t2AvXycQtFWScB3Z9GSA04xZrPA7yeEY1RtrkCxCbIGpr9vPN4wAdhCMeHqW8BHH5ir/ripo5krOynnmwHEJkj5sSq0cLsffbEP+15i3VuVp+S95/qmr9WQpS/F9tgGWDnZ0y+tsYs4BH5hQZxI+zH05Q==',
|
113
|
+
'VK_LANG': 'LAT'
|
114
|
+
end
|
115
|
+
|
116
|
+
it 'sets the correct uid value in the auth hash' do
|
117
|
+
expect(auth_hash.uid).to eq('121200-00005')
|
118
|
+
end
|
119
|
+
|
120
|
+
it 'sets the correct info.full_name value in the auth hash' do
|
121
|
+
expect(auth_hash.info.full_name).to eq('USER_5 TEST')
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
context 'with non-existant public key file' do
|
126
|
+
let(:app){ Rack::Builder.new do |b|
|
127
|
+
b.use Rack::Session::Cookie, { secret: 'abc123' }
|
128
|
+
b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, 'invalid_crt', 'MY_SND_ID')
|
129
|
+
b.run lambda{|env| [404, {}, ['Not Found']]}
|
130
|
+
end.to_app }
|
131
|
+
|
132
|
+
it 'redirects to /auth/failure with appropriate query params' do
|
133
|
+
post '/auth/dnb/callback' # Params are not important, because we're testing public key loading
|
134
|
+
expect(last_response.status).to eq(302)
|
135
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=public_key_load_err&strategy=dnb')
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
context 'with invalid response' do
|
140
|
+
it 'detects invalid signature' do
|
141
|
+
post '/auth/dnb/callback',
|
142
|
+
'VK_SERVICE': '2001',
|
143
|
+
'VK_VERSION': '101',
|
144
|
+
'VK_SND_ID': 'RIKOLV2X',
|
145
|
+
'VK_REC_ID': 'MY_SND_ID',
|
146
|
+
'VK_STAMP': '20170403112855087471',
|
147
|
+
'VK_T_NO': '616365957',
|
148
|
+
'VK_PER_CODE': '121200-00005',
|
149
|
+
'VK_PER_FNAME': 'USER_5',
|
150
|
+
'VK_PER_LNAME': 'TEST',
|
151
|
+
'VK_COM_CODE': '',
|
152
|
+
'VK_COM_NAME': '',
|
153
|
+
'VK_TIME': '20170403113328',
|
154
|
+
'VK_MAC': 'invalid_signature',
|
155
|
+
'VK_LANG': 'LAT'
|
156
|
+
|
157
|
+
expect(last_response.status).to eq(302)
|
158
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=invalid_response_signature_err&strategy=dnb')
|
159
|
+
expect(auth_hash).to be_nil
|
160
|
+
end
|
161
|
+
|
162
|
+
it 'detects unsupported VK_SERVICE values' do
|
163
|
+
post '/auth/dnb/callback',
|
164
|
+
'VK_SERVICE': '2004',
|
165
|
+
'VK_VERSION': '101',
|
166
|
+
'VK_SND_ID': 'RIKOLV2X',
|
167
|
+
'VK_REC_ID': 'MY_SND_ID',
|
168
|
+
'VK_STAMP': '20170403112855087471',
|
169
|
+
'VK_T_NO': '616365957',
|
170
|
+
'VK_PER_CODE': '121200-00005',
|
171
|
+
'VK_PER_FNAME': 'USER_5',
|
172
|
+
'VK_PER_LNAME': 'TEST',
|
173
|
+
'VK_COM_CODE': '',
|
174
|
+
'VK_COM_NAME': '',
|
175
|
+
'VK_TIME': '20170403113328',
|
176
|
+
'VK_MAC': 'dNj8PfJhwK8wm2UXRegkknqzIDmiHb+13UOJ2j1cI5dnC31kcosDQGJQrh9AJdUGtD9CHX8FIXtwPI0B+HAdiO3rdJxmc1vi68czGX79YQnbgl9pAc7WVLV6Lpv01bdAkVowGBvac6JlcFangx1e6dRqDQjCK5Q1p9PFqDcxBRtOkKMOlfBSFRQ4GNTC+t2AvXycQtFWScB3Z9GSA04xZrPA7yeEY1RtrkCxCbIGpr9vPN4wAdhCMeHqW8BHH5ir/ripo5krOynnmwHEJkj5sSq0cLsffbEP+15i3VuVp+S95/qmr9WQpS/F9tgGWDnZ0y+tsYs4BH5hQZxI+zH05Q==',
|
177
|
+
'VK_LANG': 'LAT'
|
178
|
+
|
179
|
+
expect(last_response.status).to eq(302)
|
180
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_service_err&strategy=dnb')
|
181
|
+
expect(auth_hash).to be_nil
|
182
|
+
end
|
183
|
+
|
184
|
+
it 'detects unsupported VK_VERSION values' do
|
185
|
+
post '/auth/dnb/callback',
|
186
|
+
'VK_SERVICE': '2001',
|
187
|
+
'VK_VERSION': '109',
|
188
|
+
'VK_SND_ID': 'RIKOLV2X',
|
189
|
+
'VK_REC_ID': 'MY_SND_ID',
|
190
|
+
'VK_STAMP': '20170403112855087471',
|
191
|
+
'VK_T_NO': '616365957',
|
192
|
+
'VK_PER_CODE': '121200-00005',
|
193
|
+
'VK_PER_FNAME': 'USER_5',
|
194
|
+
'VK_PER_LNAME': 'TEST',
|
195
|
+
'VK_COM_CODE': '',
|
196
|
+
'VK_COM_NAME': '',
|
197
|
+
'VK_TIME': '20170403113328',
|
198
|
+
'VK_MAC': 'dNj8PfJhwK8wm2UXRegkknqzIDmiHb+13UOJ2j1cI5dnC31kcosDQGJQrh9AJdUGtD9CHX8FIXtwPI0B+HAdiO3rdJxmc1vi68czGX79YQnbgl9pAc7WVLV6Lpv01bdAkVowGBvac6JlcFangx1e6dRqDQjCK5Q1p9PFqDcxBRtOkKMOlfBSFRQ4GNTC+t2AvXycQtFWScB3Z9GSA04xZrPA7yeEY1RtrkCxCbIGpr9vPN4wAdhCMeHqW8BHH5ir/ripo5krOynnmwHEJkj5sSq0cLsffbEP+15i3VuVp+S95/qmr9WQpS/F9tgGWDnZ0y+tsYs4BH5hQZxI+zH05Q==',
|
199
|
+
'VK_LANG': 'LAT'
|
200
|
+
|
201
|
+
expect(last_response.status).to eq(302)
|
202
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_version_err&strategy=dnb')
|
203
|
+
expect(auth_hash).to be_nil
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
207
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
$:.unshift File.expand_path('..', __FILE__)
|
2
|
+
$:.unshift File.expand_path('../../lib', __FILE__)
|
3
|
+
require 'rspec'
|
4
|
+
require 'rack/test'
|
5
|
+
require 'omniauth'
|
6
|
+
require 'omniauth-dnb'
|
7
|
+
|
8
|
+
RSpec.configure do |config|
|
9
|
+
config.add_setting('cert_folder')
|
10
|
+
config.cert_folder = File.expand_path('../certs', __FILE__)
|
11
|
+
|
12
|
+
config.include Rack::Test::Methods
|
13
|
+
config.extend OmniAuth::Test::StrategyMacros, :type => :strategy
|
14
|
+
config.expect_with :rspec do |c|
|
15
|
+
c.syntax = :expect
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
I18n.enforce_available_locales = false
|
metadata
ADDED
@@ -0,0 +1,163 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: omniauth-dnb
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- MAK IT
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-04-10 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: omniauth
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: i18n
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rack-test
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: bundler
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '1.13'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '1.13'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rake
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '12.0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '12.0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: byebug
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
description: OmniAuth strategy for DNB Link
|
112
|
+
email:
|
113
|
+
- admin@makit.lv
|
114
|
+
executables: []
|
115
|
+
extensions: []
|
116
|
+
extra_rdoc_files: []
|
117
|
+
files:
|
118
|
+
- ".gitignore"
|
119
|
+
- ".travis.yml"
|
120
|
+
- Gemfile
|
121
|
+
- LICENSE.txt
|
122
|
+
- README.md
|
123
|
+
- Rakefile
|
124
|
+
- lib/omniauth-dnb.rb
|
125
|
+
- lib/omniauth/dnb.rb
|
126
|
+
- lib/omniauth/dnb/version.rb
|
127
|
+
- lib/omniauth/locales/omniauth.en.yml
|
128
|
+
- lib/omniauth/locales/omniauth.lv.yml
|
129
|
+
- lib/omniauth/strategies/dnb.rb
|
130
|
+
- omniauth-dnb.gemspec
|
131
|
+
- spec/certs/bank.crt
|
132
|
+
- spec/certs/bank.key
|
133
|
+
- spec/omniauth/strategies/dnb_spec.rb
|
134
|
+
- spec/spec_helper.rb
|
135
|
+
homepage: ''
|
136
|
+
licenses:
|
137
|
+
- MIT
|
138
|
+
metadata: {}
|
139
|
+
post_install_message:
|
140
|
+
rdoc_options: []
|
141
|
+
require_paths:
|
142
|
+
- lib
|
143
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
144
|
+
requirements:
|
145
|
+
- - ">="
|
146
|
+
- !ruby/object:Gem::Version
|
147
|
+
version: 2.2.2
|
148
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
153
|
+
requirements: []
|
154
|
+
rubyforge_project:
|
155
|
+
rubygems_version: 2.6.8
|
156
|
+
signing_key:
|
157
|
+
specification_version: 4
|
158
|
+
summary: OmniAuth strategy for DNB Link
|
159
|
+
test_files:
|
160
|
+
- spec/certs/bank.crt
|
161
|
+
- spec/certs/bank.key
|
162
|
+
- spec/omniauth/strategies/dnb_spec.rb
|
163
|
+
- spec/spec_helper.rb
|