omniauth-mpassid 0.1.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ee0bd0d81ad7593a430bdb8ee94ab733d7b396231ac284b7b99b1914d28ff84
-  data.tar.gz: 6e1ef387f6e6f96e8557ced45f60817f8bb6536f7b2e53d5a1da471b82041829
+  metadata.gz: 84ae83ac1a0c7a5fc828cbc3737b088c2b1d7541d3f1186bb6912097ef4411cc
+  data.tar.gz: 59ceca293fcacaf4e77e8b255b36b76f7de1494dbe480f7a0139ba8b6a33a03e
 SHA512:
-  metadata.gz: e4c92ca00791f451b3a86cd8415abd1b45876e3c1515e0d4b6c038a4b293da544ffebef5b43e2c068af8991d3d22384454453b1e3b2f596f2cf129fc41148634
-  data.tar.gz: cf982a1632ee51213463d30ac7d4c1d8f6c06d6e7a499004840b84f85ae731eac46add9d13280953009f1a7294af7659a2b136e8a7bb0975c19d04d6f1f9388b
+  metadata.gz: 435b88073b7560bef4704c05b066ed9ec8b00ec83f2de1a4dc4b7b639e5016e51f91a770bce4db226d8d8d06727f78dab93fd2084e2d360ce04283fd935b0097
+  data.tar.gz: d6918ebe30bc88d39b0b32ffd69d188c33d8bef8f59a094bdf7b88e66f603c0ffc9bb91b1ca9dd8bd2da7977fe9f6a6e58e80fd39a03df018b708c32b61c11f6

data/lib/omniauth/strategies/mpassid.rb

@@ -10,6 +10,27 @@ module OmniAuth
       # :test - MPASSid test environment
       option :mode, :production
 
+      # Defines the lang parameters to check from the request phase request
+      # parameters. A valid language will be added to the IdP sign in redirect
+      # URL as the last parameter (with the name `lang` as expected by
+      # MPASSid).
+      #
+      # MPASSid generally accepts `fi` or `sv` in this parameter but it can
+      # depend on the underlying service. The language can be parsed from the
+      # following kind of strings:
+      # - fi
+      # - sv-SE
+      # - fi_FI
+      #
+      # In case a valid language cannot be parsed from the parameter, the lang
+      # parameter will default to `:idp_sso_service_url_default_lang`.
+      option :idp_sso_service_url_lang_params, %w[locale language lang]
+
+      # This is the default language to be passed to IdP sign in redirect URL as
+      # defined above. In case a valid language is not found from the request
+      # parameters, this will be used instead.
+      option :idp_sso_service_url_default_lang, 'fi'
+
       # The request attributes for MPASSid
       option :request_attributes, [
         # The unique identifier of the authenticated user. Currently recommended
@@ -18,13 +39,15 @@ module OmniAuth
         # (single value)
         {
           name: 'urn:mpass.id:uid',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassUsername'
         },
         # Funet EDU person learner ID
         # (single value)
         {
           name: 'urn:oid:1.3.6.1.4.1.16161.1.1.27',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'learnerId'
         },
         # The first/given name of the user.
         # (single value)
@@ -47,26 +70,6 @@ module OmniAuth
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'sn'
         },
-        # The municipality code of the authenticated user. See
-        # http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
-        # for mappings in Finland.
-        # (multi value)
-        {
-          name: 'urn:mpass.id:municipalityCode',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'municipalityCode'
-        },
-        # The human-readable name of the municipality of the authenticated user.
-        # (multi value)
-        {
-          name: 'urn:mpass.id:municipality',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
-        },
-        {
-          name: 'urn:educloudalliance.org:municipality',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'ecaMunicipality'
-        },
         # The school code of the authenticated user. See
         # https://virkailija.opintopolku.fi/koodisto-service/rest/json/oppilaitosnumero/koodi
         # (JSON format)
@@ -78,7 +81,8 @@ module OmniAuth
         # (multi value)
         {
           name: 'urn:mpass.id:schoolCode',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassSchoolCode'
         },
         # The human-readable name of the school of the authenticated user.
         # (multi value)
@@ -87,12 +91,21 @@ module OmniAuth
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
           friendly_name: 'school'
         },
+        # Combination of the school code and official name of the educational
+        # institution separated with semicolon.
+        # For instance: 00000;Tuntematon
+        {
+          name: 'urn:mpass.id:schoolInfo',
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassSchoolInfo'
+        },
         # The class/group-information of the authenticated user.
         # For instance: 8A or 3B.
         # (multi value)
         {
           name: 'urn:mpass.id:class',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassClass'
         },
         {
           name: 'urn:educloudalliance.org:group',
@@ -104,7 +117,8 @@ module OmniAuth
         # (multi value)
         {
           name: 'urn:mpass.id:classLevel',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassClassLevel'
         },
         # The role name of the user.
         # For instance Oppilas.
@@ -115,18 +129,43 @@ module OmniAuth
           friendly_name: 'ecaRole'
         },
         # The role of the user in four parts, divided with a semicolon (;)
-        # character. First municipality, followed by school code, group and role
-        # in the group.
-        # For instance Helsinki;32132;9A;Oppilas.
+        # character. First educational provider's organization OID, followed by
+        # school code, group and role in the group.
+        # For instance 1.2.246.562.10.12345678907;99900;7B;Oppilas.
         # (multi value)
+        #
+        # The educational providers' organization OIDs can be found from:
+        # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
         {
           name: 'urn:mpass.id:role',
-          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassRole'
+        },
+        # The educational provider's permanent organization OID.
+        # (multi value)
+        #
+        # The educational providers' organization OIDs can be found from:
+        # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
+        {
+          name: 'urn:mpass.id:educationProviderId',
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassEducationProviderOid'
+        },
+        # The educational provider's human-readable name.
+        # (multi value)
+        {
+          name: 'urn:mpass.id:educationProvider',
+          name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+          friendly_name: 'mpassEducationProviderName'
         },
+        # Combination of the education provider's organisation-OID and official
+        # name. Separated by semicolon.
+        # For instance: 1.2.246.562.10.494695390410;Virallinen nimi
+        # (multi value)
         {
-          name: 'urn:educloudalliance.org:structuredRole',
+          name: 'urn:mpass.id:educationProviderInfo',
           name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
-          friendly_name: 'ecaStructuredRole'
+          friendly_name: 'mpassEducationProviderInfo'
         }
       ]
 
@@ -137,8 +176,8 @@ module OmniAuth
         # Given name or all first names (in case given name is not found)
         first_name: ['urn:oid:2.5.4.42', 'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
         last_name: ['urn:oid:2.5.4.4'],
-        # The municipality of the person (literal format in Finnish)
-        location: ['urn:mpass.id:municipality', 'urn:educloudalliance.org:municipality']
+        # The education provider (e.g. municipality) of the person (literal format in Finnish)
+        location: ['urn:mpass.id:educationProvider']
       )
 
       info do
@@ -176,14 +215,14 @@ module OmniAuth
       option(
         :saml_attributes_map,
         given_name: ['urn:oid:2.5.4.42'],
-        first_names: ['http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
+        first_names: ['urn:oid:2.5.4.42'],
         last_name: ['urn:oid:2.5.4.4'],
-        municipality_code: {
-          name: ['urn:mpass.id:municipalityCode'],
+        provider_id: {
+          name: ['urn:mpass.id:educationProviderId'],
           type: :multi
         },
-        municipality_name: {
-          name: ['urn:mpass.id:municipality', 'urn:educloudalliance.org:municipality'],
+        provider_name: {
+          name: ['urn:mpass.id:educationProvider'],
           type: :multi
         },
         school_code: {
@@ -210,7 +249,8 @@ module OmniAuth
           name: ['urn:educloudalliance.org:role'],
           type: :multi
         },
-        # Extra (undocumented)
+        # Extra
+        # Unique learner ID
         funet_person_learner_id: ['urn:oid:1.3.6.1.4.1.16161.1.1.27']
       )
 
@@ -236,6 +276,20 @@ module OmniAuth
         )
       end
 
+      # Override the request phase to be able to pass the lang parameter to
+      # the redirect URL. Note that this needs to be the last parameter to
+      # be passed to the redirect URL.
+      def request_phase
+        authn_request = OneLogin::RubySaml::Authrequest.new
+        lang = lang_for_authn_request
+
+        with_settings do |settings|
+          url = authn_request.create(settings, additional_params_for_authn_request)
+          url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
+          redirect(url)
+        end
+      end
+
       # This method can be used externally to fetch information about the
       # response, e.g. in case of failures.
       def response_object
@@ -251,6 +305,13 @@ module OmniAuth
         end
       end
 
+      # Override the callback URL so that it always matches the one expected by
+      # MPASSid. No additional query string parameters can be included in the
+      # string.
+      def callback_url
+        full_host + script_name + callback_path
+      end
+
     private
 
       def idp_metadata_url
@@ -302,6 +363,25 @@ module OmniAuth
           end
         end
       end
+
+      def lang_for_authn_request
+        if options.idp_sso_service_url_lang_params.is_a?(Array)
+          options.idp_sso_service_url_lang_params.each do |param|
+            next unless request.params.key?(param.to_s)
+
+            lang = parse_language_value(request.params[param.to_s])
+            return lang unless lang.nil?
+          end
+        end
+
+        options.idp_sso_service_url_default_lang
+      end
+
+      def parse_language_value(string)
+        language = string.sub('_', '-').split('-').first
+
+        language if language =~ /^(fi|sv)$/
+      end
     end
   end
 end

data/lib/omniauth-mpassid/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module MPASSid
-    VERSION = '0.1.0'
+    VERSION = '0.3.1'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-mpassid
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Antti Hukkanen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-15 00:00:00.000000000 Z
+date: 2022-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-saml
@@ -16,42 +16,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.1
+        version: 1.10.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.1
+        version: 1.10.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -106,14 +106,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.0
+        version: 0.19.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.0
+        version: 0.19.0
 description: MPASSid identification service integration for OmniAuth.
 email:
 - antti.hukkanen@mainiotech.fi