omniauth-mpassid 0.1.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/omniauth/strategies/mpassid.rb +61 -0
- data/lib/omniauth-mpassid/version.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 568537fcfc8b851bce49732d5f2ce6dac99cf0b3e8bcd55998f3e852dc7e0039
|
|
4
|
+
data.tar.gz: 53e4061a25662610162a00fad3589422457477b6404620d60b02f28340de1f7b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 32d0f6a89ef0c21992bd1c2da5ea6e2dff25cb756dfad491c18892c8770e5fc279ac53ce12b94623f0e28addc218abe6b98ff2a32209cacfc14d19b48636aa22
|
|
7
|
+
data.tar.gz: 5a45f519cdf497d900a9df55dda573e4221c33be1df2e2f624240d10952cde76bf4bfb137c32142a0d35c24ae18d727cec0f738b9f32b86bfe8dec9a293aacff
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# OmniAuth MPASSid (SAML 2.0)
|
|
2
2
|
|
|
3
|
-
[](https://github.com/mainio/omniauth-mpassid/actions)
|
|
4
4
|
[](https://codecov.io/gh/mainio/omniauth-mpassid)
|
|
5
5
|
|
|
6
6
|
This is an unofficial OmniAuth strategy for authenticating with the MPASSid
|
|
@@ -10,6 +10,27 @@ module OmniAuth
|
|
|
10
10
|
# :test - MPASSid test environment
|
|
11
11
|
option :mode, :production
|
|
12
12
|
|
|
13
|
+
# Defines the lang parameters to check from the request phase request
|
|
14
|
+
# parameters. A valid language will be added to the IdP sign in redirect
|
|
15
|
+
# URL as the last parameter (with the name `lang` as expected by
|
|
16
|
+
# MPASSid).
|
|
17
|
+
#
|
|
18
|
+
# MPASSid generally accepts `fi` or `sv` in this parameter but it can
|
|
19
|
+
# depend on the underlying service. The language can be parsed from the
|
|
20
|
+
# following kind of strings:
|
|
21
|
+
# - fi
|
|
22
|
+
# - sv-SE
|
|
23
|
+
# - fi_FI
|
|
24
|
+
#
|
|
25
|
+
# In case a valid language cannot be parsed from the parameter, the lang
|
|
26
|
+
# parameter will default to `:idp_sso_service_url_default_lang`.
|
|
27
|
+
option :idp_sso_service_url_lang_params, %w[locale language lang]
|
|
28
|
+
|
|
29
|
+
# This is the default language to be passed to IdP sign in redirect URL as
|
|
30
|
+
# defined above. In case a valid language is not found from the request
|
|
31
|
+
# parameters, this will be used instead.
|
|
32
|
+
option :idp_sso_service_url_default_lang, 'fi'
|
|
33
|
+
|
|
13
34
|
# The request attributes for MPASSid
|
|
14
35
|
option :request_attributes, [
|
|
15
36
|
# The unique identifier of the authenticated user. Currently recommended
|
|
@@ -236,6 +257,20 @@ module OmniAuth
|
|
|
236
257
|
)
|
|
237
258
|
end
|
|
238
259
|
|
|
260
|
+
# Override the request phase to be able to pass the lang parameter to
|
|
261
|
+
# the redirect URL. Note that this needs to be the last parameter to
|
|
262
|
+
# be passed to the redirect URL.
|
|
263
|
+
def request_phase
|
|
264
|
+
authn_request = OneLogin::RubySaml::Authrequest.new
|
|
265
|
+
lang = lang_for_authn_request
|
|
266
|
+
|
|
267
|
+
with_settings do |settings|
|
|
268
|
+
url = authn_request.create(settings, additional_params_for_authn_request)
|
|
269
|
+
url += "&lang=#{CGI.escape(lang)}" unless lang.nil?
|
|
270
|
+
redirect(url)
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
|
|
239
274
|
# This method can be used externally to fetch information about the
|
|
240
275
|
# response, e.g. in case of failures.
|
|
241
276
|
def response_object
|
|
@@ -251,6 +286,13 @@ module OmniAuth
|
|
|
251
286
|
end
|
|
252
287
|
end
|
|
253
288
|
|
|
289
|
+
# Override the callback URL so that it always matches the one expected by
|
|
290
|
+
# MPASSid. No additional query string parameters can be included in the
|
|
291
|
+
# string.
|
|
292
|
+
def callback_url
|
|
293
|
+
full_host + script_name + callback_path
|
|
294
|
+
end
|
|
295
|
+
|
|
254
296
|
private
|
|
255
297
|
|
|
256
298
|
def idp_metadata_url
|
|
@@ -302,6 +344,25 @@ module OmniAuth
|
|
|
302
344
|
end
|
|
303
345
|
end
|
|
304
346
|
end
|
|
347
|
+
|
|
348
|
+
def lang_for_authn_request
|
|
349
|
+
if options.idp_sso_service_url_lang_params.is_a?(Array)
|
|
350
|
+
options.idp_sso_service_url_lang_params.each do |param|
|
|
351
|
+
next unless request.params.key?(param.to_s)
|
|
352
|
+
|
|
353
|
+
lang = parse_language_value(request.params[param.to_s])
|
|
354
|
+
return lang unless lang.nil?
|
|
355
|
+
end
|
|
356
|
+
end
|
|
357
|
+
|
|
358
|
+
options.idp_sso_service_url_default_lang
|
|
359
|
+
end
|
|
360
|
+
|
|
361
|
+
def parse_language_value(string)
|
|
362
|
+
language = string.sub('_', '-').split('-').first
|
|
363
|
+
|
|
364
|
+
language if language =~ /^(fi|sv)$/
|
|
365
|
+
end
|
|
305
366
|
end
|
|
306
367
|
end
|
|
307
368
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-mpassid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Antti Hukkanen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-12-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-saml
|
|
@@ -16,42 +16,42 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '2.0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '2.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '13.0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '13.0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '3.
|
|
47
|
+
version: '3.9'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '3.
|
|
54
|
+
version: '3.9'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rack-test
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,14 +106,14 @@ dependencies:
|
|
|
106
106
|
requirements:
|
|
107
107
|
- - "~>"
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 0.
|
|
109
|
+
version: 0.19.0
|
|
110
110
|
type: :development
|
|
111
111
|
prerelease: false
|
|
112
112
|
version_requirements: !ruby/object:Gem::Requirement
|
|
113
113
|
requirements:
|
|
114
114
|
- - "~>"
|
|
115
115
|
- !ruby/object:Gem::Version
|
|
116
|
-
version: 0.
|
|
116
|
+
version: 0.19.0
|
|
117
117
|
description: MPASSid identification service integration for OmniAuth.
|
|
118
118
|
email:
|
|
119
119
|
- antti.hukkanen@mainiotech.fi
|