omniauth-mpassid 0.1.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/omniauth/strategies/mpassid.rb +119 -39
- data/lib/omniauth-mpassid/version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 84ae83ac1a0c7a5fc828cbc3737b088c2b1d7541d3f1186bb6912097ef4411cc
|
4
|
+
data.tar.gz: 59ceca293fcacaf4e77e8b255b36b76f7de1494dbe480f7a0139ba8b6a33a03e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 435b88073b7560bef4704c05b066ed9ec8b00ec83f2de1a4dc4b7b639e5016e51f91a770bce4db226d8d8d06727f78dab93fd2084e2d360ce04283fd935b0097
|
7
|
+
data.tar.gz: d6918ebe30bc88d39b0b32ffd69d188c33d8bef8f59a094bdf7b88e66f603c0ffc9bb91b1ca9dd8bd2da7977fe9f6a6e58e80fd39a03df018b708c32b61c11f6
|
@@ -10,6 +10,27 @@ module OmniAuth
|
|
10
10
|
# :test - MPASSid test environment
|
11
11
|
option :mode, :production
|
12
12
|
|
13
|
+
# Defines the lang parameters to check from the request phase request
|
14
|
+
# parameters. A valid language will be added to the IdP sign in redirect
|
15
|
+
# URL as the last parameter (with the name `lang` as expected by
|
16
|
+
# MPASSid).
|
17
|
+
#
|
18
|
+
# MPASSid generally accepts `fi` or `sv` in this parameter but it can
|
19
|
+
# depend on the underlying service. The language can be parsed from the
|
20
|
+
# following kind of strings:
|
21
|
+
# - fi
|
22
|
+
# - sv-SE
|
23
|
+
# - fi_FI
|
24
|
+
#
|
25
|
+
# In case a valid language cannot be parsed from the parameter, the lang
|
26
|
+
# parameter will default to `:idp_sso_service_url_default_lang`.
|
27
|
+
option :idp_sso_service_url_lang_params, %w[locale language lang]
|
28
|
+
|
29
|
+
# This is the default language to be passed to IdP sign in redirect URL as
|
30
|
+
# defined above. In case a valid language is not found from the request
|
31
|
+
# parameters, this will be used instead.
|
32
|
+
option :idp_sso_service_url_default_lang, 'fi'
|
33
|
+
|
13
34
|
# The request attributes for MPASSid
|
14
35
|
option :request_attributes, [
|
15
36
|
# The unique identifier of the authenticated user. Currently recommended
|
@@ -18,13 +39,15 @@ module OmniAuth
|
|
18
39
|
# (single value)
|
19
40
|
{
|
20
41
|
name: 'urn:mpass.id:uid',
|
21
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
42
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
43
|
+
friendly_name: 'mpassUsername'
|
22
44
|
},
|
23
45
|
# Funet EDU person learner ID
|
24
46
|
# (single value)
|
25
47
|
{
|
26
48
|
name: 'urn:oid:1.3.6.1.4.1.16161.1.1.27',
|
27
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
49
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
50
|
+
friendly_name: 'learnerId'
|
28
51
|
},
|
29
52
|
# The first/given name of the user.
|
30
53
|
# (single value)
|
@@ -47,26 +70,6 @@ module OmniAuth
|
|
47
70
|
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
48
71
|
friendly_name: 'sn'
|
49
72
|
},
|
50
|
-
# The municipality code of the authenticated user. See
|
51
|
-
# http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
|
52
|
-
# for mappings in Finland.
|
53
|
-
# (multi value)
|
54
|
-
{
|
55
|
-
name: 'urn:mpass.id:municipalityCode',
|
56
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
57
|
-
friendly_name: 'municipalityCode'
|
58
|
-
},
|
59
|
-
# The human-readable name of the municipality of the authenticated user.
|
60
|
-
# (multi value)
|
61
|
-
{
|
62
|
-
name: 'urn:mpass.id:municipality',
|
63
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
64
|
-
},
|
65
|
-
{
|
66
|
-
name: 'urn:educloudalliance.org:municipality',
|
67
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
68
|
-
friendly_name: 'ecaMunicipality'
|
69
|
-
},
|
70
73
|
# The school code of the authenticated user. See
|
71
74
|
# https://virkailija.opintopolku.fi/koodisto-service/rest/json/oppilaitosnumero/koodi
|
72
75
|
# (JSON format)
|
@@ -78,7 +81,8 @@ module OmniAuth
|
|
78
81
|
# (multi value)
|
79
82
|
{
|
80
83
|
name: 'urn:mpass.id:schoolCode',
|
81
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
84
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
85
|
+
friendly_name: 'mpassSchoolCode'
|
82
86
|
},
|
83
87
|
# The human-readable name of the school of the authenticated user.
|
84
88
|
# (multi value)
|
@@ -87,12 +91,21 @@ module OmniAuth
|
|
87
91
|
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
88
92
|
friendly_name: 'school'
|
89
93
|
},
|
94
|
+
# Combination of the school code and official name of the educational
|
95
|
+
# institution separated with semicolon.
|
96
|
+
# For instance: 00000;Tuntematon
|
97
|
+
{
|
98
|
+
name: 'urn:mpass.id:schoolInfo',
|
99
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
100
|
+
friendly_name: 'mpassSchoolInfo'
|
101
|
+
},
|
90
102
|
# The class/group-information of the authenticated user.
|
91
103
|
# For instance: 8A or 3B.
|
92
104
|
# (multi value)
|
93
105
|
{
|
94
106
|
name: 'urn:mpass.id:class',
|
95
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
107
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
108
|
+
friendly_name: 'mpassClass'
|
96
109
|
},
|
97
110
|
{
|
98
111
|
name: 'urn:educloudalliance.org:group',
|
@@ -104,7 +117,8 @@ module OmniAuth
|
|
104
117
|
# (multi value)
|
105
118
|
{
|
106
119
|
name: 'urn:mpass.id:classLevel',
|
107
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
120
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
121
|
+
friendly_name: 'mpassClassLevel'
|
108
122
|
},
|
109
123
|
# The role name of the user.
|
110
124
|
# For instance Oppilas.
|
@@ -115,18 +129,43 @@ module OmniAuth
|
|
115
129
|
friendly_name: 'ecaRole'
|
116
130
|
},
|
117
131
|
# The role of the user in four parts, divided with a semicolon (;)
|
118
|
-
# character. First
|
119
|
-
# in the group.
|
120
|
-
# For instance
|
132
|
+
# character. First educational provider's organization OID, followed by
|
133
|
+
# school code, group and role in the group.
|
134
|
+
# For instance 1.2.246.562.10.12345678907;99900;7B;Oppilas.
|
121
135
|
# (multi value)
|
136
|
+
#
|
137
|
+
# The educational providers' organization OIDs can be found from:
|
138
|
+
# https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
|
122
139
|
{
|
123
140
|
name: 'urn:mpass.id:role',
|
124
|
-
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
|
141
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
142
|
+
friendly_name: 'mpassRole'
|
143
|
+
},
|
144
|
+
# The educational provider's permanent organization OID.
|
145
|
+
# (multi value)
|
146
|
+
#
|
147
|
+
# The educational providers' organization OIDs can be found from:
|
148
|
+
# https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
|
149
|
+
{
|
150
|
+
name: 'urn:mpass.id:educationProviderId',
|
151
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
152
|
+
friendly_name: 'mpassEducationProviderOid'
|
153
|
+
},
|
154
|
+
# The educational provider's human-readable name.
|
155
|
+
# (multi value)
|
156
|
+
{
|
157
|
+
name: 'urn:mpass.id:educationProvider',
|
158
|
+
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
159
|
+
friendly_name: 'mpassEducationProviderName'
|
125
160
|
},
|
161
|
+
# Combination of the education provider's organisation-OID and official
|
162
|
+
# name. Separated by semicolon.
|
163
|
+
# For instance: 1.2.246.562.10.494695390410;Virallinen nimi
|
164
|
+
# (multi value)
|
126
165
|
{
|
127
|
-
name: 'urn:
|
166
|
+
name: 'urn:mpass.id:educationProviderInfo',
|
128
167
|
name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
|
129
|
-
friendly_name: '
|
168
|
+
friendly_name: 'mpassEducationProviderInfo'
|
130
169
|
}
|
131
170
|
]
|
132
171
|
|
@@ -137,8 +176,8 @@ module OmniAuth
|
|
137
176
|
# Given name or all first names (in case given name is not found)
|
138
177
|
first_name: ['urn:oid:2.5.4.42', 'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
|
139
178
|
last_name: ['urn:oid:2.5.4.4'],
|
140
|
-
# The municipality of the person (literal format in Finnish)
|
141
|
-
location: ['urn:mpass.id:
|
179
|
+
# The education provider (e.g. municipality) of the person (literal format in Finnish)
|
180
|
+
location: ['urn:mpass.id:educationProvider']
|
142
181
|
)
|
143
182
|
|
144
183
|
info do
|
@@ -176,14 +215,14 @@ module OmniAuth
|
|
176
215
|
option(
|
177
216
|
:saml_attributes_map,
|
178
217
|
given_name: ['urn:oid:2.5.4.42'],
|
179
|
-
first_names: ['
|
218
|
+
first_names: ['urn:oid:2.5.4.42'],
|
180
219
|
last_name: ['urn:oid:2.5.4.4'],
|
181
|
-
|
182
|
-
name: ['urn:mpass.id:
|
220
|
+
provider_id: {
|
221
|
+
name: ['urn:mpass.id:educationProviderId'],
|
183
222
|
type: :multi
|
184
223
|
},
|
185
|
-
|
186
|
-
name: ['urn:mpass.id:
|
224
|
+
provider_name: {
|
225
|
+
name: ['urn:mpass.id:educationProvider'],
|
187
226
|
type: :multi
|
188
227
|
},
|
189
228
|
school_code: {
|
@@ -210,7 +249,8 @@ module OmniAuth
|
|
210
249
|
name: ['urn:educloudalliance.org:role'],
|
211
250
|
type: :multi
|
212
251
|
},
|
213
|
-
# Extra
|
252
|
+
# Extra
|
253
|
+
# Unique learner ID
|
214
254
|
funet_person_learner_id: ['urn:oid:1.3.6.1.4.1.16161.1.1.27']
|
215
255
|
)
|
216
256
|
|
@@ -236,6 +276,20 @@ module OmniAuth
|
|
236
276
|
)
|
237
277
|
end
|
238
278
|
|
279
|
+
# Override the request phase to be able to pass the lang parameter to
|
280
|
+
# the redirect URL. Note that this needs to be the last parameter to
|
281
|
+
# be passed to the redirect URL.
|
282
|
+
def request_phase
|
283
|
+
authn_request = OneLogin::RubySaml::Authrequest.new
|
284
|
+
lang = lang_for_authn_request
|
285
|
+
|
286
|
+
with_settings do |settings|
|
287
|
+
url = authn_request.create(settings, additional_params_for_authn_request)
|
288
|
+
url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
|
289
|
+
redirect(url)
|
290
|
+
end
|
291
|
+
end
|
292
|
+
|
239
293
|
# This method can be used externally to fetch information about the
|
240
294
|
# response, e.g. in case of failures.
|
241
295
|
def response_object
|
@@ -251,6 +305,13 @@ module OmniAuth
|
|
251
305
|
end
|
252
306
|
end
|
253
307
|
|
308
|
+
# Override the callback URL so that it always matches the one expected by
|
309
|
+
# MPASSid. No additional query string parameters can be included in the
|
310
|
+
# string.
|
311
|
+
def callback_url
|
312
|
+
full_host + script_name + callback_path
|
313
|
+
end
|
314
|
+
|
254
315
|
private
|
255
316
|
|
256
317
|
def idp_metadata_url
|
@@ -302,6 +363,25 @@ module OmniAuth
|
|
302
363
|
end
|
303
364
|
end
|
304
365
|
end
|
366
|
+
|
367
|
+
def lang_for_authn_request
|
368
|
+
if options.idp_sso_service_url_lang_params.is_a?(Array)
|
369
|
+
options.idp_sso_service_url_lang_params.each do |param|
|
370
|
+
next unless request.params.key?(param.to_s)
|
371
|
+
|
372
|
+
lang = parse_language_value(request.params[param.to_s])
|
373
|
+
return lang unless lang.nil?
|
374
|
+
end
|
375
|
+
end
|
376
|
+
|
377
|
+
options.idp_sso_service_url_default_lang
|
378
|
+
end
|
379
|
+
|
380
|
+
def parse_language_value(string)
|
381
|
+
language = string.sub('_', '-').split('-').first
|
382
|
+
|
383
|
+
language if language =~ /^(fi|sv)$/
|
384
|
+
end
|
305
385
|
end
|
306
386
|
end
|
307
387
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-mpassid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Antti Hukkanen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-saml
|
@@ -16,42 +16,42 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.10.
|
19
|
+
version: 1.10.3
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.10.
|
26
|
+
version: 1.10.3
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rake
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '13.0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '13.0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rspec
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '3.
|
47
|
+
version: '3.9'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '3.
|
54
|
+
version: '3.9'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rack-test
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -106,14 +106,14 @@ dependencies:
|
|
106
106
|
requirements:
|
107
107
|
- - "~>"
|
108
108
|
- !ruby/object:Gem::Version
|
109
|
-
version: 0.
|
109
|
+
version: 0.19.0
|
110
110
|
type: :development
|
111
111
|
prerelease: false
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
113
113
|
requirements:
|
114
114
|
- - "~>"
|
115
115
|
- !ruby/object:Gem::Version
|
116
|
-
version: 0.
|
116
|
+
version: 0.19.0
|
117
117
|
description: MPASSid identification service integration for OmniAuth.
|
118
118
|
email:
|
119
119
|
- antti.hukkanen@mainiotech.fi
|