omniauth-mpassid 0.5.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6c9ea1c51d3ddc3c48696d8fa28047dbd410f9a59418cb7f4518c579533d36ad
|
4
|
+
data.tar.gz: c2dc1ef5792ac9363beb524f3e608c19364e7a711e8e2a98e4c57d2bc0919a07
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f71ab3a1cb4a99f7ad90071c21742b9203f437496f1ebb9b87a6c402e2d2751458e834f27e35ec8691518ebcd2c2a8a8f4064ff6ecc5efd9943fcb94821a81c8
|
7
|
+
data.tar.gz: 165be346329403c8486d526ca2bcbe6c0b9c630f78b81b325843914523f028bd62dfb28007d5b85e370e55ce12551ff3811a19fb39bde216c2e09f1f99b2505e
|
@@ -10,6 +10,12 @@ module OmniAuth
|
|
10
10
|
# :test - MPASSid test environment
|
11
11
|
option :mode, :production
|
12
12
|
|
13
|
+
# The certificate file to define the certificate.
|
14
|
+
option :certificate_file, nil
|
15
|
+
|
16
|
+
# The private key file to define the private key.
|
17
|
+
option :private_key_file, nil
|
18
|
+
|
13
19
|
# Defines the lang parameters to check from the request phase request
|
14
20
|
# parameters. A valid language will be added to the IdP sign in redirect
|
15
21
|
# URL as the last parameter (with the name `lang` as expected by
|
@@ -200,11 +206,12 @@ module OmniAuth
|
|
200
206
|
[key, attribute]
|
201
207
|
end
|
202
208
|
|
203
|
-
|
209
|
+
found_attributes.to_h
|
204
210
|
end
|
205
211
|
|
206
212
|
option(
|
207
213
|
:security_settings,
|
214
|
+
authn_requests_signed: true,
|
208
215
|
digest_method: XMLSecurity::Document::SHA256,
|
209
216
|
signature_method: XMLSecurity::Document::RSA_SHA256
|
210
217
|
)
|
@@ -264,6 +271,9 @@ module OmniAuth
|
|
264
271
|
# Add the SAML attributes to the extra hash for easier access.
|
265
272
|
extra { {saml_attributes: saml_attributes} }
|
266
273
|
|
274
|
+
attr_accessor :options
|
275
|
+
attr_reader :mpassid_thread
|
276
|
+
|
267
277
|
def initialize(app, *args, &block)
|
268
278
|
super
|
269
279
|
|
@@ -271,15 +281,19 @@ module OmniAuth
|
|
271
281
|
# fetched from the metadata. The options array is the one that gets
|
272
282
|
# priority in case it overrides some of the metadata or locally defined
|
273
283
|
# option values.
|
274
|
-
@
|
275
|
-
|
276
|
-
|
284
|
+
@mpassid_thread = Thread.new do
|
285
|
+
@options = OmniAuth::Strategy::Options.new(
|
286
|
+
mpassid_options.merge(options)
|
287
|
+
)
|
288
|
+
options[:security][:authn_requests_signed] = false unless options[:certificate] && options[:private_key]
|
289
|
+
end
|
277
290
|
end
|
278
291
|
|
279
292
|
# Override the request phase to be able to pass the lang parameter to
|
280
293
|
# the redirect URL. Note that this needs to be the last parameter to
|
281
294
|
# be passed to the redirect URL.
|
282
295
|
def request_phase
|
296
|
+
mpassid_thread.join if mpassid_thread.alive?
|
283
297
|
authn_request = OneLogin::RubySaml::Authrequest.new
|
284
298
|
lang = lang_for_authn_request
|
285
299
|
|
@@ -314,6 +328,14 @@ module OmniAuth
|
|
314
328
|
|
315
329
|
private
|
316
330
|
|
331
|
+
def certificate
|
332
|
+
File.read(options.certificate_file) if options.certificate_file
|
333
|
+
end
|
334
|
+
|
335
|
+
def private_key
|
336
|
+
File.read(options.private_key_file) if options.private_key_file
|
337
|
+
end
|
338
|
+
|
317
339
|
def idp_metadata_url
|
318
340
|
case options.mode
|
319
341
|
when :test
|
@@ -337,10 +359,16 @@ module OmniAuth
|
|
337
359
|
sso_binding: ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
|
338
360
|
)
|
339
361
|
|
362
|
+
# Local certificate and private key to decrypt the responses
|
363
|
+
settings[:certificate] = certificate
|
364
|
+
settings[:private_key] = private_key
|
365
|
+
|
340
366
|
# Define the security settings as there are some defaults that need to be
|
341
367
|
# modified
|
342
368
|
security_defaults = OneLogin::RubySaml::Settings::DEFAULTS[:security]
|
343
|
-
settings[:security] = security_defaults.merge(
|
369
|
+
settings[:security] = security_defaults.merge(
|
370
|
+
options.security_settings.to_h.transform_keys(&:to_sym)
|
371
|
+
)
|
344
372
|
|
345
373
|
settings
|
346
374
|
end
|
@@ -357,7 +385,7 @@ module OmniAuth
|
|
357
385
|
|
358
386
|
value = definition[:name].map do |key|
|
359
387
|
@attributes.public_send(definition[:type], key)
|
360
|
-
end.
|
388
|
+
end.compact.first
|
361
389
|
|
362
390
|
attrs[target] = value
|
363
391
|
end
|
@@ -17,14 +17,14 @@ module OmniAuth
|
|
17
17
|
cert = OpenSSL::X509::Certificate.new
|
18
18
|
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
|
19
19
|
cert.not_before = Time.now
|
20
|
-
cert.not_after = Time.now + 365 * 24 * 60 * 60
|
20
|
+
cert.not_after = Time.now + (365 * 24 * 60 * 60)
|
21
21
|
cert.public_key = public_key
|
22
22
|
cert.serial = 0x0
|
23
23
|
cert.version = 2
|
24
24
|
|
25
25
|
inject_certificate_extensions(cert)
|
26
26
|
|
27
|
-
cert.sign(private_key, OpenSSL::Digest
|
27
|
+
cert.sign(private_key, OpenSSL::Digest.new('SHA1'))
|
28
28
|
|
29
29
|
cert
|
30
30
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-mpassid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Antti Hukkanen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-01
|
11
|
+
date: 2022-09-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth-saml
|
@@ -133,7 +133,8 @@ files:
|
|
133
133
|
homepage: https://github.com/mainio/omniauth-mpassid
|
134
134
|
licenses:
|
135
135
|
- MIT
|
136
|
-
metadata:
|
136
|
+
metadata:
|
137
|
+
rubygems_mfa_required: 'true'
|
137
138
|
post_install_message:
|
138
139
|
rdoc_options: []
|
139
140
|
require_paths:
|
@@ -142,7 +143,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
142
143
|
requirements:
|
143
144
|
- - ">="
|
144
145
|
- !ruby/object:Gem::Version
|
145
|
-
version: '
|
146
|
+
version: '2.5'
|
146
147
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
147
148
|
requirements:
|
148
149
|
- - ">="
|