omniauth-mpassid 0.5.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/omniauth/strategies/mpassid.rb +34 -6
  3. data/lib/omniauth-mpassid/test/certificate_generator.rb +2 -2
  4. data/lib/omniauth-mpassid/test/utility.rb +1 -1
  5. data/lib/omniauth-mpassid/version.rb +1 -1
  6. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ff6ff316ec561eadb8093c30bcbe1097823cf11796a81386b11d40228c4cdc6
4
- data.tar.gz: dd16b5f03d5e8b7814e9b210fe981b15a10521e841f9560cd40a86af67c54ce0
3
+ metadata.gz: 6c9ea1c51d3ddc3c48696d8fa28047dbd410f9a59418cb7f4518c579533d36ad
4
+ data.tar.gz: c2dc1ef5792ac9363beb524f3e608c19364e7a711e8e2a98e4c57d2bc0919a07
5
5
  SHA512:
6
- metadata.gz: 2bcf7c78c1072b8c52db7e9381321fa2a9bcef19c7e5e2d62d98e161808419484c1ecb5ff7472a4fa2bd90e32ebbd735e6a6b7e8150e8a0673a4e7f46d303c6e
7
- data.tar.gz: 6c4d56294369192b594a2b6afc9c0ea371d21d44b46e49078c31af3d78794c255d3000ebae7cb8dc318f5a8f36ee8c2416bbcf27086528ca389a8a4203fdf4c8
6
+ metadata.gz: f71ab3a1cb4a99f7ad90071c21742b9203f437496f1ebb9b87a6c402e2d2751458e834f27e35ec8691518ebcd2c2a8a8f4064ff6ecc5efd9943fcb94821a81c8
7
+ data.tar.gz: 165be346329403c8486d526ca2bcbe6c0b9c630f78b81b325843914523f028bd62dfb28007d5b85e370e55ce12551ff3811a19fb39bde216c2e09f1f99b2505e
data/lib/omniauth/strategies/mpassid.rb CHANGED
@@ -10,6 +10,12 @@ module OmniAuth
10
10
  # :test - MPASSid test environment
11
11
  option :mode, :production
12
12
 
13
+ # The certificate file to define the certificate.
14
+ option :certificate_file, nil
15
+
16
+ # The private key file to define the private key.
17
+ option :private_key_file, nil
18
+
13
19
  # Defines the lang parameters to check from the request phase request
14
20
  # parameters. A valid language will be added to the IdP sign in redirect
15
21
  # URL as the last parameter (with the name `lang` as expected by
@@ -200,11 +206,12 @@ module OmniAuth
200
206
  [key, attribute]
201
207
  end
202
208
 
203
- Hash[found_attributes]
209
+ found_attributes.to_h
204
210
  end
205
211
 
206
212
  option(
207
213
  :security_settings,
214
+ authn_requests_signed: true,
208
215
  digest_method: XMLSecurity::Document::SHA256,
209
216
  signature_method: XMLSecurity::Document::RSA_SHA256
210
217
  )
@@ -264,6 +271,9 @@ module OmniAuth
264
271
  # Add the SAML attributes to the extra hash for easier access.
265
272
  extra { {saml_attributes: saml_attributes} }
266
273
 
274
+ attr_accessor :options
275
+ attr_reader :mpassid_thread
276
+
267
277
  def initialize(app, *args, &block)
268
278
  super
269
279
 
@@ -271,15 +281,19 @@ module OmniAuth
271
281
  # fetched from the metadata. The options array is the one that gets
272
282
  # priority in case it overrides some of the metadata or locally defined
273
283
  # option values.
274
- @options = OmniAuth::Strategy::Options.new(
275
- mpassid_options.merge(options)
276
- )
284
+ @mpassid_thread = Thread.new do
285
+ @options = OmniAuth::Strategy::Options.new(
286
+ mpassid_options.merge(options)
287
+ )
288
+ options[:security][:authn_requests_signed] = false unless options[:certificate] && options[:private_key]
289
+ end
277
290
  end
278
291
 
279
292
  # Override the request phase to be able to pass the lang parameter to
280
293
  # the redirect URL. Note that this needs to be the last parameter to
281
294
  # be passed to the redirect URL.
282
295
  def request_phase
296
+ mpassid_thread.join if mpassid_thread.alive?
283
297
  authn_request = OneLogin::RubySaml::Authrequest.new
284
298
  lang = lang_for_authn_request
285
299
 
@@ -314,6 +328,14 @@ module OmniAuth
314
328
 
315
329
  private
316
330
 
331
+ def certificate
332
+ File.read(options.certificate_file) if options.certificate_file
333
+ end
334
+
335
+ def private_key
336
+ File.read(options.private_key_file) if options.private_key_file
337
+ end
338
+
317
339
  def idp_metadata_url
318
340
  case options.mode
319
341
  when :test
@@ -337,10 +359,16 @@ module OmniAuth
337
359
  sso_binding: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
338
360
  )
339
361
 
362
+ # Local certificate and private key to decrypt the responses
363
+ settings[:certificate] = certificate
364
+ settings[:private_key] = private_key
365
+
340
366
  # Define the security settings as there are some defaults that need to be
341
367
  # modified
342
368
  security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security]
343
- settings[:security] = security_defaults.merge(options.security_settings)
369
+ settings[:security] = security_defaults.merge(
370
+ options.security_settings.to_h.transform_keys(&:to_sym)
371
+ )
344
372
 
345
373
  settings
346
374
  end
@@ -357,7 +385,7 @@ module OmniAuth
357
385
 
358
386
  value = definition[:name].map do |key|
359
387
  @attributes.public_send(definition[:type], key)
360
- end.reject(&:nil?).first
388
+ end.compact.first
361
389
 
362
390
  attrs[target] = value
363
391
  end
data/lib/omniauth-mpassid/test/certificate_generator.rb CHANGED
@@ -17,14 +17,14 @@ module OmniAuth
17
17
  cert = OpenSSL::X509::Certificate.new
18
18
  cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
19
19
  cert.not_before = Time.now
20
- cert.not_after = Time.now + 365 * 24 * 60 * 60
20
+ cert.not_after = Time.now + (365 * 24 * 60 * 60)
21
21
  cert.public_key = public_key
22
22
  cert.serial = 0x0
23
23
  cert.version = 2
24
24
 
25
25
  inject_certificate_extensions(cert)
26
26
 
27
- cert.sign(private_key, OpenSSL::Digest::SHA1.new)
27
+ cert.sign(private_key, OpenSSL::Digest.new('SHA1'))
28
28
 
29
29
  cert
30
30
  end
data/lib/omniauth-mpassid/test/utility.rb CHANGED
@@ -10,7 +10,7 @@ module OmniAuth
10
10
  end
11
11
 
12
12
  def self.signed_xml(raw_xml_file, opts)
13
- raw_xml = IO.read(raw_xml_file)
13
+ raw_xml = File.read(raw_xml_file)
14
14
  signed_xml_from_string(raw_xml, opts)
15
15
  end
16
16
 
data/lib/omniauth-mpassid/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module MPASSid
5
- VERSION = '0.5.0'
5
+ VERSION = '0.5.1'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-mpassid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Antti Hukkanen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-09 00:00:00.000000000 Z
11
+ date: 2022-09-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-saml
@@ -133,7 +133,8 @@ files:
133
133
  homepage: https://github.com/mainio/omniauth-mpassid
134
134
  licenses:
135
135
  - MIT
136
- metadata: {}
136
+ metadata:
137
+ rubygems_mfa_required: 'true'
137
138
  post_install_message:
138
139
  rdoc_options: []
139
140
  require_paths:
@@ -142,7 +143,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
142
143
  requirements:
143
144
  - - ">="
144
145
  - !ruby/object:Gem::Version
145
- version: '0'
146
+ version: '2.5'
146
147
  required_rubygems_version: !ruby/object:Gem::Requirement
147
148
  requirements:
148
149
  - - ">="