omniauth-mpassid 0.1.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0ee0bd0d81ad7593a430bdb8ee94ab733d7b396231ac284b7b99b1914d28ff84
4
- data.tar.gz: 6e1ef387f6e6f96e8557ced45f60817f8bb6536f7b2e53d5a1da471b82041829
3
+ metadata.gz: 84ae83ac1a0c7a5fc828cbc3737b088c2b1d7541d3f1186bb6912097ef4411cc
4
+ data.tar.gz: 59ceca293fcacaf4e77e8b255b36b76f7de1494dbe480f7a0139ba8b6a33a03e
5
5
  SHA512:
6
- metadata.gz: e4c92ca00791f451b3a86cd8415abd1b45876e3c1515e0d4b6c038a4b293da544ffebef5b43e2c068af8991d3d22384454453b1e3b2f596f2cf129fc41148634
7
- data.tar.gz: cf982a1632ee51213463d30ac7d4c1d8f6c06d6e7a499004840b84f85ae731eac46add9d13280953009f1a7294af7659a2b136e8a7bb0975c19d04d6f1f9388b
6
+ metadata.gz: 435b88073b7560bef4704c05b066ed9ec8b00ec83f2de1a4dc4b7b639e5016e51f91a770bce4db226d8d8d06727f78dab93fd2084e2d360ce04283fd935b0097
7
+ data.tar.gz: d6918ebe30bc88d39b0b32ffd69d188c33d8bef8f59a094bdf7b88e66f603c0ffc9bb91b1ca9dd8bd2da7977fe9f6a6e58e80fd39a03df018b708c32b61c11f6
@@ -10,6 +10,27 @@ module OmniAuth
10
10
  # :test - MPASSid test environment
11
11
  option :mode, :production
12
12
 
13
+ # Defines the lang parameters to check from the request phase request
14
+ # parameters. A valid language will be added to the IdP sign in redirect
15
+ # URL as the last parameter (with the name `lang` as expected by
16
+ # MPASSid).
17
+ #
18
+ # MPASSid generally accepts `fi` or `sv` in this parameter but it can
19
+ # depend on the underlying service. The language can be parsed from the
20
+ # following kind of strings:
21
+ # - fi
22
+ # - sv-SE
23
+ # - fi_FI
24
+ #
25
+ # In case a valid language cannot be parsed from the parameter, the lang
26
+ # parameter will default to `:idp_sso_service_url_default_lang`.
27
+ option :idp_sso_service_url_lang_params, %w[locale language lang]
28
+
29
+ # This is the default language to be passed to IdP sign in redirect URL as
30
+ # defined above. In case a valid language is not found from the request
31
+ # parameters, this will be used instead.
32
+ option :idp_sso_service_url_default_lang, 'fi'
33
+
13
34
  # The request attributes for MPASSid
14
35
  option :request_attributes, [
15
36
  # The unique identifier of the authenticated user. Currently recommended
@@ -18,13 +39,15 @@ module OmniAuth
18
39
  # (single value)
19
40
  {
20
41
  name: 'urn:mpass.id:uid',
21
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
42
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
43
+ friendly_name: 'mpassUsername'
22
44
  },
23
45
  # Funet EDU person learner ID
24
46
  # (single value)
25
47
  {
26
48
  name: 'urn:oid:1.3.6.1.4.1.16161.1.1.27',
27
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
49
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
50
+ friendly_name: 'learnerId'
28
51
  },
29
52
  # The first/given name of the user.
30
53
  # (single value)
@@ -47,26 +70,6 @@ module OmniAuth
47
70
  name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
48
71
  friendly_name: 'sn'
49
72
  },
50
- # The municipality code of the authenticated user. See
51
- # http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
52
- # for mappings in Finland.
53
- # (multi value)
54
- {
55
- name: 'urn:mpass.id:municipalityCode',
56
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
57
- friendly_name: 'municipalityCode'
58
- },
59
- # The human-readable name of the municipality of the authenticated user.
60
- # (multi value)
61
- {
62
- name: 'urn:mpass.id:municipality',
63
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
64
- },
65
- {
66
- name: 'urn:educloudalliance.org:municipality',
67
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
68
- friendly_name: 'ecaMunicipality'
69
- },
70
73
  # The school code of the authenticated user. See
71
74
  # https://virkailija.opintopolku.fi/koodisto-service/rest/json/oppilaitosnumero/koodi
72
75
  # (JSON format)
@@ -78,7 +81,8 @@ module OmniAuth
78
81
  # (multi value)
79
82
  {
80
83
  name: 'urn:mpass.id:schoolCode',
81
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
84
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
85
+ friendly_name: 'mpassSchoolCode'
82
86
  },
83
87
  # The human-readable name of the school of the authenticated user.
84
88
  # (multi value)
@@ -87,12 +91,21 @@ module OmniAuth
87
91
  name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
88
92
  friendly_name: 'school'
89
93
  },
94
+ # Combination of the school code and official name of the educational
95
+ # institution separated with semicolon.
96
+ # For instance: 00000;Tuntematon
97
+ {
98
+ name: 'urn:mpass.id:schoolInfo',
99
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
100
+ friendly_name: 'mpassSchoolInfo'
101
+ },
90
102
  # The class/group-information of the authenticated user.
91
103
  # For instance: 8A or 3B.
92
104
  # (multi value)
93
105
  {
94
106
  name: 'urn:mpass.id:class',
95
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
107
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
108
+ friendly_name: 'mpassClass'
96
109
  },
97
110
  {
98
111
  name: 'urn:educloudalliance.org:group',
@@ -104,7 +117,8 @@ module OmniAuth
104
117
  # (multi value)
105
118
  {
106
119
  name: 'urn:mpass.id:classLevel',
107
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
120
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
121
+ friendly_name: 'mpassClassLevel'
108
122
  },
109
123
  # The role name of the user.
110
124
  # For instance Oppilas.
@@ -115,18 +129,43 @@ module OmniAuth
115
129
  friendly_name: 'ecaRole'
116
130
  },
117
131
  # The role of the user in four parts, divided with a semicolon (;)
118
- # character. First municipality, followed by school code, group and role
119
- # in the group.
120
- # For instance Helsinki;32132;9A;Oppilas.
132
+ # character. First educational provider's organization OID, followed by
133
+ # school code, group and role in the group.
134
+ # For instance 1.2.246.562.10.12345678907;99900;7B;Oppilas.
121
135
  # (multi value)
136
+ #
137
+ # The educational providers' organization OIDs can be found from:
138
+ # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
122
139
  {
123
140
  name: 'urn:mpass.id:role',
124
- name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
141
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
142
+ friendly_name: 'mpassRole'
143
+ },
144
+ # The educational provider's permanent organization OID.
145
+ # (multi value)
146
+ #
147
+ # The educational providers' organization OIDs can be found from:
148
+ # https://github.com/Opetushallitus/aitu/blob/master/ttk-db/resources/db/migration/V11_2__koulutustoimijat.sql
149
+ {
150
+ name: 'urn:mpass.id:educationProviderId',
151
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
152
+ friendly_name: 'mpassEducationProviderOid'
153
+ },
154
+ # The educational provider's human-readable name.
155
+ # (multi value)
156
+ {
157
+ name: 'urn:mpass.id:educationProvider',
158
+ name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
159
+ friendly_name: 'mpassEducationProviderName'
125
160
  },
161
+ # Combination of the education provider's organisation-OID and official
162
+ # name. Separated by semicolon.
163
+ # For instance: 1.2.246.562.10.494695390410;Virallinen nimi
164
+ # (multi value)
126
165
  {
127
- name: 'urn:educloudalliance.org:structuredRole',
166
+ name: 'urn:mpass.id:educationProviderInfo',
128
167
  name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
129
- friendly_name: 'ecaStructuredRole'
168
+ friendly_name: 'mpassEducationProviderInfo'
130
169
  }
131
170
  ]
132
171
 
@@ -137,8 +176,8 @@ module OmniAuth
137
176
  # Given name or all first names (in case given name is not found)
138
177
  first_name: ['urn:oid:2.5.4.42', 'http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
139
178
  last_name: ['urn:oid:2.5.4.4'],
140
- # The municipality of the person (literal format in Finnish)
141
- location: ['urn:mpass.id:municipality', 'urn:educloudalliance.org:municipality']
179
+ # The education provider (e.g. municipality) of the person (literal format in Finnish)
180
+ location: ['urn:mpass.id:educationProvider']
142
181
  )
143
182
 
144
183
  info do
@@ -176,14 +215,14 @@ module OmniAuth
176
215
  option(
177
216
  :saml_attributes_map,
178
217
  given_name: ['urn:oid:2.5.4.42'],
179
- first_names: ['http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName'],
218
+ first_names: ['urn:oid:2.5.4.42'],
180
219
  last_name: ['urn:oid:2.5.4.4'],
181
- municipality_code: {
182
- name: ['urn:mpass.id:municipalityCode'],
220
+ provider_id: {
221
+ name: ['urn:mpass.id:educationProviderId'],
183
222
  type: :multi
184
223
  },
185
- municipality_name: {
186
- name: ['urn:mpass.id:municipality', 'urn:educloudalliance.org:municipality'],
224
+ provider_name: {
225
+ name: ['urn:mpass.id:educationProvider'],
187
226
  type: :multi
188
227
  },
189
228
  school_code: {
@@ -210,7 +249,8 @@ module OmniAuth
210
249
  name: ['urn:educloudalliance.org:role'],
211
250
  type: :multi
212
251
  },
213
- # Extra (undocumented)
252
+ # Extra
253
+ # Unique learner ID
214
254
  funet_person_learner_id: ['urn:oid:1.3.6.1.4.1.16161.1.1.27']
215
255
  )
216
256
 
@@ -236,6 +276,20 @@ module OmniAuth
236
276
  )
237
277
  end
238
278
 
279
+ # Override the request phase to be able to pass the lang parameter to
280
+ # the redirect URL. Note that this needs to be the last parameter to
281
+ # be passed to the redirect URL.
282
+ def request_phase
283
+ authn_request = OneLogin::RubySaml::Authrequest.new
284
+ lang = lang_for_authn_request
285
+
286
+ with_settings do |settings|
287
+ url = authn_request.create(settings, additional_params_for_authn_request)
288
+ url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
289
+ redirect(url)
290
+ end
291
+ end
292
+
239
293
  # This method can be used externally to fetch information about the
240
294
  # response, e.g. in case of failures.
241
295
  def response_object
@@ -251,6 +305,13 @@ module OmniAuth
251
305
  end
252
306
  end
253
307
 
308
+ # Override the callback URL so that it always matches the one expected by
309
+ # MPASSid. No additional query string parameters can be included in the
310
+ # string.
311
+ def callback_url
312
+ full_host + script_name + callback_path
313
+ end
314
+
254
315
  private
255
316
 
256
317
  def idp_metadata_url
@@ -302,6 +363,25 @@ module OmniAuth
302
363
  end
303
364
  end
304
365
  end
366
+
367
+ def lang_for_authn_request
368
+ if options.idp_sso_service_url_lang_params.is_a?(Array)
369
+ options.idp_sso_service_url_lang_params.each do |param|
370
+ next unless request.params.key?(param.to_s)
371
+
372
+ lang = parse_language_value(request.params[param.to_s])
373
+ return lang unless lang.nil?
374
+ end
375
+ end
376
+
377
+ options.idp_sso_service_url_default_lang
378
+ end
379
+
380
+ def parse_language_value(string)
381
+ language = string.sub('_', '-').split('-').first
382
+
383
+ language if language =~ /^(fi|sv)$/
384
+ end
305
385
  end
306
386
  end
307
387
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module MPASSid
5
- VERSION = '0.1.0'
5
+ VERSION = '0.3.1'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-mpassid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Antti Hukkanen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-15 00:00:00.000000000 Z
11
+ date: 2022-01-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-saml
@@ -16,42 +16,42 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.10.1
19
+ version: 1.10.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.10.1
26
+ version: 1.10.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '12.3'
33
+ version: '13.0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '12.3'
40
+ version: '13.0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.8'
47
+ version: '3.9'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.8'
54
+ version: '3.9'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rack-test
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -106,14 +106,14 @@ dependencies:
106
106
  requirements:
107
107
  - - "~>"
108
108
  - !ruby/object:Gem::Version
109
- version: 0.16.0
109
+ version: 0.19.0
110
110
  type: :development
111
111
  prerelease: false
112
112
  version_requirements: !ruby/object:Gem::Requirement
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: 0.16.0
116
+ version: 0.19.0
117
117
  description: MPASSid identification service integration for OmniAuth.
118
118
  email:
119
119
  - antti.hukkanen@mainiotech.fi