omniauth-mpassid 0.1.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/omniauth/strategies/mpassid.rb +119 -39
  3. data/lib/omniauth-mpassid/version.rb +1 -1
  4. metadata +10 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0ee0bd0d81ad7593a430bdb8ee94ab733d7b396231ac284b7b99b1914d28ff84
4
- data.tar.gz: 6e1ef387f6e6f96e8557ced45f60817f8bb6536f7b2e53d5a1da471b82041829
3
+ metadata.gz: 84ae83ac1a0c7a5fc828cbc3737b088c2b1d7541d3f1186bb6912097ef4411cc
4
+ data.tar.gz: 59ceca293fcacaf4e77e8b255b36b76f7de1494dbe480f7a0139ba8b6a33a03e
5
5
  SHA512:
6
- metadata.gz: e4c92ca00791f451b3a86cd8415abd1b45876e3c1515e0d4b6c038a4b293da544ffebef5b43e2c068af8991d3d22384454453b1e3b2f596f2cf129fc41148634
7
- data.tar.gz: cf982a1632ee51213463d30ac7d4c1d8f6c06d6e7a499004840b84f85ae731eac46add9d13280953009f1a7294af7659a2b136e8a7bb0975c19d04d6f1f9388b
6
+ metadata.gz: 435b88073b7560bef4704c05b066ed9ec8b00ec83f2de1a4dc4b7b639e5016e51f91a770bce4db226d8d8d06727f78dab93fd2084e2d360ce04283fd935b0097
7
+ data.tar.gz: d6918ebe30bc88d39b0b32ffd69d188c33d8bef8f59a094bdf7b88e66f603c0ffc9bb91b1ca9dd8bd2da7977fe9f6a6e58e80fd39a03df018b708c32b61c11f6
data/lib/omniauth/strategies/mpassid.rb CHANGED
@@ -10,6 +10,27 @@ module OmniAuth
10
10
  # :test - MPASSid test environment
11
11
  option :mode, :production
12
12
 
13
+ # Defines the lang parameters to check from the request phase request
14
+ # parameters. A valid language will be added to the IdP sign in redirect
15
+ # URL as the last parameter (with the name `lang` as expected by
16
+ # MPASSid).
17
+ #
18
+ # MPASSid generally accepts `fi` or `sv` in this parameter but it can
19
+ # depend on the underlying service. The language can be parsed from the
20
+ # following kind of strings:
21
+ # - fi
22
+ # - sv-SE
23
+ # - fi_FI
24
+ #
25
+ # In case a valid language cannot be parsed from the parameter, the lang
26
+ # parameter will default to `:idp_sso_service_url_default_lang`.
27
+ option :idp_sso_service_url_lang_params, %w[locale language lang]
28
+
29
+ # This is the default language to be passed to IdP sign in redirect URL as
30
+ # defined above. In case a valid language is not found from the request
31
+ # parameters, this will be used instead.
32
+ option :idp_sso_service_url_default_lang, 'fi'
33
+
13
34
  # The request attributes for MPASSid
14
35
  option :request_attributes, [
15
36
  # The unique identifier of the authenticated user. Currently recommended
@@ -18,13 +39,15 @@ module OmniAuth
18
39
  # (single value)
19
40
  {
20
41
  name: 'urn:mpass.id:uid',
21
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
42
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
43
+ friendly_name: 'mpassUsername'
22
44
  },
23
45
  # Funet EDU person learner ID
24
46
  # (single value)
25
47
  {
26
48
  name: 'urn:oid:1.3.6.1.4.1.16161.1.1.27',
27
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
49
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
50
+ friendly_name: 'learnerId'
28
51
  },
29
52
  # The first/given name of the user.
30
53
  # (single value)
@@ -47,26 +70,6 @@ module OmniAuth
47
70
  name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
48
71
  friendly_name: 'sn'
49
72
  },
50
- # The municipality code of the authenticated user. See
51
- # http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
52
- # for mappings in Finland.
53
- # (multi value)
54
- {
55
- name: 'urn:mpass.id:municipalityCode',
56
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
57
- friendly_name: 'municipalityCode'
58
- },
59
- # The human-readable name of the municipality of the authenticated user.
60
- # (multi value)
61
- {
62
- name: 'urn:mpass.id:municipality',
63
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
64
- },
65
- {
66
- name: 'urn:educloudalliance.org:municipality',
67
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
68
- friendly_name: 'ecaMunicipality'
69
- },
70
73
  # The school code of the authenticated user. See
71
74
  # https://virkailija.opintopolku.fi/koodisto-service/rest/json/oppilaitosnumero/koodi
72
75
  # (JSON format)
@@ -78,7 +81,8 @@ module OmniAuth
78
81
  # (multi value)
79
82
  {
80
83
  name: 'urn:mpass.id:schoolCode',
81
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
84
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
85
+ friendly_name: 'mpassSchoolCode'
82
86
  },
83
87
  # The human-readable name of the school of the authenticated user.
84
88
  # (multi value)
@@ -87,12 +91,21 @@ module OmniAuth
87
91
  name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
88
92
  friendly_name: 'school'
89
93
  },
94
+ # Combination of the school code and official name of the educational
95
+ # institution separated with semicolon.
96
+ # For instance: 00000;Tuntematon
97
+ {
98
+ name: 'urn:mpass.id:schoolInfo',
99
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
100
+ friendly_name: 'mpassSchoolInfo'
101
+ },
90
102
  # The class/group-information of the authenticated user.
91
103
  # For instance: 8A or 3B.
92
104
  # (multi value)
93
105
  {
94
106
  name: 'urn:mpass.id:class',
95
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
107
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
108
+ friendly_name: 'mpassClass'
96
109
  },
97
110
  {
98
111
  name: 'urn:educloudalliance.org:group',
@@ -104,7 +117,8 @@ module OmniAuth
104
117
  # (multi value)
105
118
  {
106
119
  name: 'urn:mpass.id:classLevel',
107
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
120
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
121
+ friendly_name: 'mpassClassLevel'
108
122
  },
109
123
  # The role name of the user.
110
124
  # For instance Oppilas.
@@ -115,18 +129,43 @@ module OmniAuth
115
129
  friendly_name: 'ecaRole'
116
130
  },
117
131
  # The role of the user in four parts, divided with a semicolon (;)
118
- # character. First municipality, followed by school code, group and role
119
- # in the group.
120
- # For instance Helsinki;32132;9A;Oppilas.
132
+ # character. First educational provider's organization OID, followed by
133
+ # school code, group and role in the group.
134
+ # For instance 1.2.246.562.10.12345678907;99900;7B;Oppilas.
121
135
  # (multi value)
136
+ #
137
+ # The educational providers' organization OIDs can be found from:
138
+ # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
122
139
  {
123
140
  name: 'urn:mpass.id:role',
124
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
141
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
142
+ friendly_name: 'mpassRole'
143
+ },
144
+ # The educational provider's permanent organization OID.
145
+ # (multi value)
146
+ #
147
+ # The educational providers' organization OIDs can be found from:
148
+ # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
149
+ {
150
+ name: 'urn:mpass.id:educationProviderId',
151
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
152
+ friendly_name: 'mpassEducationProviderOid'
153
+ },
154
+ # The educational provider's human-readable name.
155
+ # (multi value)
156
+ {
157
+ name: 'urn:mpass.id:educationProvider',
158
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
159
+ friendly_name: 'mpassEducationProviderName'
125
160
  },
161
+ # Combination of the education provider's organisation-OID and official
162
+ # name. Separated by semicolon.
163
+ # For instance: 1.2.246.562.10.494695390410;Virallinen nimi
164
+ # (multi value)
126
165
  {
127
- name: 'urn:educloudalliance.org:structuredRole',
166
+ name: 'urn:mpass.id:educationProviderInfo',
128
167
  name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
129
- friendly_name: 'ecaStructuredRole'
168
+ friendly_name: 'mpassEducationProviderInfo'
130
169
  }
131
170
  ]
132
171
 
@@ -137,8 +176,8 @@ module OmniAuth
137
176
  # Given name or all first names (in case given name is not found)
138
177
  first_name: ['urn:oid:2.5.4.42', 'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
139
178
  last_name: ['urn:oid:2.5.4.4'],
140
- # The municipality of the person (literal format in Finnish)
141
- location: ['urn:mpass.id:municipality', 'urn:educloudalliance.org:municipality']
179
+ # The education provider (e.g. municipality) of the person (literal format in Finnish)
180
+ location: ['urn:mpass.id:educationProvider']
142
181
  )
143
182
 
144
183
  info do
@@ -176,14 +215,14 @@ module OmniAuth
176
215
  option(
177
216
  :saml_attributes_map,
178
217
  given_name: ['urn:oid:2.5.4.42'],
179
- first_names: ['http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
218
+ first_names: ['urn:oid:2.5.4.42'],
180
219
  last_name: ['urn:oid:2.5.4.4'],
181
- municipality_code: {
182
- name: ['urn:mpass.id:municipalityCode'],
220
+ provider_id: {
221
+ name: ['urn:mpass.id:educationProviderId'],
183
222
  type: :multi
184
223
  },
185
- municipality_name: {
186
- name: ['urn:mpass.id:municipality', 'urn:educloudalliance.org:municipality'],
224
+ provider_name: {
225
+ name: ['urn:mpass.id:educationProvider'],
187
226
  type: :multi
188
227
  },
189
228
  school_code: {
@@ -210,7 +249,8 @@ module OmniAuth
210
249
  name: ['urn:educloudalliance.org:role'],
211
250
  type: :multi
212
251
  },
213
- # Extra (undocumented)
252
+ # Extra
253
+ # Unique learner ID
214
254
  funet_person_learner_id: ['urn:oid:1.3.6.1.4.1.16161.1.1.27']
215
255
  )
216
256
 
@@ -236,6 +276,20 @@ module OmniAuth
236
276
  )
237
277
  end
238
278
 
279
+ # Override the request phase to be able to pass the lang parameter to
280
+ # the redirect URL. Note that this needs to be the last parameter to
281
+ # be passed to the redirect URL.
282
+ def request_phase
283
+ authn_request = OneLogin::RubySaml::Authrequest.new
284
+ lang = lang_for_authn_request
285
+
286
+ with_settings do |settings|
287
+ url = authn_request.create(settings, additional_params_for_authn_request)
288
+ url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
289
+ redirect(url)
290
+ end
291
+ end
292
+
239
293
  # This method can be used externally to fetch information about the
240
294
  # response, e.g. in case of failures.
241
295
  def response_object
@@ -251,6 +305,13 @@ module OmniAuth
251
305
  end
252
306
  end
253
307
 
308
+ # Override the callback URL so that it always matches the one expected by
309
+ # MPASSid. No additional query string parameters can be included in the
310
+ # string.
311
+ def callback_url
312
+ full_host + script_name + callback_path
313
+ end
314
+
254
315
  private
255
316
 
256
317
  def idp_metadata_url
@@ -302,6 +363,25 @@ module OmniAuth
302
363
  end
303
364
  end
304
365
  end
366
+
367
+ def lang_for_authn_request
368
+ if options.idp_sso_service_url_lang_params.is_a?(Array)
369
+ options.idp_sso_service_url_lang_params.each do |param|
370
+ next unless request.params.key?(param.to_s)
371
+
372
+ lang = parse_language_value(request.params[param.to_s])
373
+ return lang unless lang.nil?
374
+ end
375
+ end
376
+
377
+ options.idp_sso_service_url_default_lang
378
+ end
379
+
380
+ def parse_language_value(string)
381
+ language = string.sub('_', '-').split('-').first
382
+
383
+ language if language =~ /^(fi|sv)$/
384
+ end
305
385
  end
306
386
  end
307
387
  end
data/lib/omniauth-mpassid/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module MPASSid
5
- VERSION = '0.1.0'
5
+ VERSION = '0.3.1'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-mpassid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Antti Hukkanen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-15 00:00:00.000000000 Z
11
+ date: 2022-01-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-saml
@@ -16,42 +16,42 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.10.1
19
+ version: 1.10.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.10.1
26
+ version: 1.10.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '12.3'
33
+ version: '13.0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '12.3'
40
+ version: '13.0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.8'
47
+ version: '3.9'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.8'
54
+ version: '3.9'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rack-test
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -106,14 +106,14 @@ dependencies:
106
106
  requirements:
107
107
  - - "~>"
108
108
  - !ruby/object:Gem::Version
109
- version: 0.16.0
109
+ version: 0.19.0
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: 0.16.0
116
+ version: 0.19.0
117
117
  description: MPASSid identification service integration for OmniAuth.
118
118
  email:
119
119
  - antti.hukkanen@mainiotech.fi