omniauth-mpassid 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/omniauth/strategies/mpassid.rb +34 -6
  3. data/lib/omniauth-mpassid/test/certificate_generator.rb +2 -2
  4. data/lib/omniauth-mpassid/test/utility.rb +1 -1
  5. data/lib/omniauth-mpassid/version.rb +1 -1
  6. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ff6ff316ec561eadb8093c30bcbe1097823cf11796a81386b11d40228c4cdc6
4
- data.tar.gz: dd16b5f03d5e8b7814e9b210fe981b15a10521e841f9560cd40a86af67c54ce0
3
+ metadata.gz: 6c9ea1c51d3ddc3c48696d8fa28047dbd410f9a59418cb7f4518c579533d36ad
4
+ data.tar.gz: c2dc1ef5792ac9363beb524f3e608c19364e7a711e8e2a98e4c57d2bc0919a07
5
5
  SHA512:
6
- metadata.gz: 2bcf7c78c1072b8c52db7e9381321fa2a9bcef19c7e5e2d62d98e161808419484c1ecb5ff7472a4fa2bd90e32ebbd735e6a6b7e8150e8a0673a4e7f46d303c6e
7
- data.tar.gz: 6c4d56294369192b594a2b6afc9c0ea371d21d44b46e49078c31af3d78794c255d3000ebae7cb8dc318f5a8f36ee8c2416bbcf27086528ca389a8a4203fdf4c8
6
+ metadata.gz: f71ab3a1cb4a99f7ad90071c21742b9203f437496f1ebb9b87a6c402e2d2751458e834f27e35ec8691518ebcd2c2a8a8f4064ff6ecc5efd9943fcb94821a81c8
7
+ data.tar.gz: 165be346329403c8486d526ca2bcbe6c0b9c630f78b81b325843914523f028bd62dfb28007d5b85e370e55ce12551ff3811a19fb39bde216c2e09f1f99b2505e
data/lib/omniauth/strategies/mpassid.rb CHANGED
@@ -10,6 +10,12 @@ module OmniAuth
10
10
  # :test - MPASSid test environment
11
11
  option :mode, :production
12
12
 
13
+ # The certificate file to define the certificate.
14
+ option :certificate_file, nil
15
+
16
+ # The private key file to define the private key.
17
+ option :private_key_file, nil
18
+
13
19
  # Defines the lang parameters to check from the request phase request
14
20
  # parameters. A valid language will be added to the IdP sign in redirect
15
21
  # URL as the last parameter (with the name `lang` as expected by
@@ -200,11 +206,12 @@ module OmniAuth
200
206
  [key, attribute]
201
207
  end
202
208
 
203
- Hash[found_attributes]
209
+ found_attributes.to_h
204
210
  end
205
211
 
206
212
  option(
207
213
  :security_settings,
214
+ authn_requests_signed: true,
208
215
  digest_method: XMLSecurity::Document::SHA256,
209
216
  signature_method: XMLSecurity::Document::RSA_SHA256
210
217
  )
@@ -264,6 +271,9 @@ module OmniAuth
264
271
  # Add the SAML attributes to the extra hash for easier access.
265
272
  extra { {saml_attributes: saml_attributes} }
266
273
 
274
+ attr_accessor :options
275
+ attr_reader :mpassid_thread
276
+
267
277
  def initialize(app, *args, &block)
268
278
  super
269
279
 
@@ -271,15 +281,19 @@ module OmniAuth
271
281
  # fetched from the metadata. The options array is the one that gets
272
282
  # priority in case it overrides some of the metadata or locally defined
273
283
  # option values.
274
- @options = OmniAuth::Strategy::Options.new(
275
- mpassid_options.merge(options)
276
- )
284
+ @mpassid_thread = Thread.new do
285
+ @options = OmniAuth::Strategy::Options.new(
286
+ mpassid_options.merge(options)
287
+ )
288
+ options[:security][:authn_requests_signed] = false unless options[:certificate] && options[:private_key]
289
+ end
277
290
  end
278
291
 
279
292
  # Override the request phase to be able to pass the lang parameter to
280
293
  # the redirect URL. Note that this needs to be the last parameter to
281
294
  # be passed to the redirect URL.
282
295
  def request_phase
296
+ mpassid_thread.join if mpassid_thread.alive?
283
297
  authn_request = OneLogin::RubySaml::Authrequest.new
284
298
  lang = lang_for_authn_request
285
299
 
@@ -314,6 +328,14 @@ module OmniAuth
314
328
 
315
329
  private
316
330
 
331
+ def certificate
332
+ File.read(options.certificate_file) if options.certificate_file
333
+ end
334
+
335
+ def private_key
336
+ File.read(options.private_key_file) if options.private_key_file
337
+ end
338
+
317
339
  def idp_metadata_url
318
340
  case options.mode
319
341
  when :test
@@ -337,10 +359,16 @@ module OmniAuth
337
359
  sso_binding: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
338
360
  )
339
361
 
362
+ # Local certificate and private key to decrypt the responses
363
+ settings[:certificate] = certificate
364
+ settings[:private_key] = private_key
365
+
340
366
  # Define the security settings as there are some defaults that need to be
341
367
  # modified
342
368
  security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security]
343
- settings[:security] = security_defaults.merge(options.security_settings)
369
+ settings[:security] = security_defaults.merge(
370
+ options.security_settings.to_h.transform_keys(&:to_sym)
371
+ )
344
372
 
345
373
  settings
346
374
  end
@@ -357,7 +385,7 @@ module OmniAuth
357
385
 
358
386
  value = definition[:name].map do |key|
359
387
  @attributes.public_send(definition[:type], key)
360
- end.reject(&:nil?).first
388
+ end.compact.first
361
389
 
362
390
  attrs[target] = value
363
391
  end
data/lib/omniauth-mpassid/test/certificate_generator.rb CHANGED
@@ -17,14 +17,14 @@ module OmniAuth
17
17
  cert = OpenSSL::X509::Certificate.new
18
18
  cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
19
19
  cert.not_before = Time.now
20
- cert.not_after = Time.now + 365 * 24 * 60 * 60
20
+ cert.not_after = Time.now + (365 * 24 * 60 * 60)
21
21
  cert.public_key = public_key
22
22
  cert.serial = 0x0
23
23
  cert.version = 2
24
24
 
25
25
  inject_certificate_extensions(cert)
26
26
 
27
- cert.sign(private_key, OpenSSL::Digest::SHA1.new)
27
+ cert.sign(private_key, OpenSSL::Digest.new('SHA1'))
28
28
 
29
29
  cert
30
30
  end
data/lib/omniauth-mpassid/test/utility.rb CHANGED
@@ -10,7 +10,7 @@ module OmniAuth
10
10
  end
11
11
 
12
12
  def self.signed_xml(raw_xml_file, opts)
13
- raw_xml = IO.read(raw_xml_file)
13
+ raw_xml = File.read(raw_xml_file)
14
14
  signed_xml_from_string(raw_xml, opts)
15
15
  end
16
16
 
data/lib/omniauth-mpassid/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module MPASSid
5
- VERSION = '0.5.0'
5
+ VERSION = '0.5.1'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-mpassid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Antti Hukkanen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-09 00:00:00.000000000 Z
11
+ date: 2022-09-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-saml
@@ -133,7 +133,8 @@ files:
133
133
  homepage: https://github.com/mainio/omniauth-mpassid
134
134
  licenses:
135
135
  - MIT
136
- metadata: {}
136
+ metadata:
137
+ rubygems_mfa_required: 'true'
137
138
  post_install_message:
138
139
  rdoc_options: []
139
140
  require_paths:
@@ -142,7 +143,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
142
143
  requirements:
143
144
  - - ">="
144
145
  - !ruby/object:Gem::Version
145
- version: '0'
146
+ version: '2.5'
146
147
  required_rubygems_version: !ruby/object:Gem::Requirement
147
148
  requirements:
148
149
  - - ">="