omniauth-raven 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/omniauth/raven/version.rb +1 -1
- data/lib/omniauth/strategies/raven.rb +9 -9
- metadata +1 -1
|
@@ -50,42 +50,42 @@ module OmniAuth
|
|
|
50
50
|
|
|
51
51
|
def callback_phase
|
|
52
52
|
|
|
53
|
-
return fail!(
|
|
53
|
+
return fail!("null_response") if request.params['WLS-Response'] == ""
|
|
54
54
|
|
|
55
55
|
wls_response = request.params['WLS-Response'].to_s
|
|
56
56
|
ver, status, msg, issue, id, url, principal, auth, sso, life, params, kid, sig = wls_response.split('!')
|
|
57
57
|
|
|
58
58
|
#Check the protocol version
|
|
59
|
-
return fail!(
|
|
59
|
+
return fail!("invalid_protocol_version") unless ver == options[:raven_opt][:version]
|
|
60
60
|
|
|
61
61
|
#Check the url
|
|
62
|
-
return fail!(:
|
|
62
|
+
return fail!("mismatched urls", Exception "url: " + url + " vs callback: " + callback_url) unless url == callback_url
|
|
63
63
|
|
|
64
64
|
#Check the time skew
|
|
65
65
|
issuetime = timeforRFC3339( issue )
|
|
66
66
|
skew = issuetime - Time.now
|
|
67
|
-
return fail!(
|
|
67
|
+
return fail!("time_skew") unless skew.abs < options[:raven_opt][:max_skew]
|
|
68
68
|
|
|
69
69
|
#Optionally check that interaction with the user took place
|
|
70
|
-
return fail!(:invalid_response) if ( iact == 'yes' && auth == "" )
|
|
70
|
+
return fail!(:invalid_response, Exception "No raven interaction took place, but it was requested") if ( iact == 'yes' && auth == "" )
|
|
71
71
|
|
|
72
72
|
#Optionally check that this response matches a request
|
|
73
73
|
if @match_response_and_request
|
|
74
74
|
response_id = unescape( params )
|
|
75
75
|
request_id = session['request_id']
|
|
76
|
-
return fail!(:
|
|
76
|
+
return fail!("mismatched_response", Exception "req_id:" + request_id + " vs resp_id:" + response_id) unless request_id == response_id
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
#If we got here, and status is 200, then yield the principal
|
|
80
80
|
if status == '200'
|
|
81
81
|
#Check that the Key Id is one we currently accept
|
|
82
82
|
publickey = OmniAuth.raven_pubkey
|
|
83
|
-
return fail!(
|
|
83
|
+
return fail!("invalid_keyno") unless kid == OmniAuth.raven_keyno
|
|
84
84
|
|
|
85
85
|
#Check the signature
|
|
86
86
|
length_to_drop = -(sig.length + kid.length + 3)
|
|
87
87
|
signedbit = wls_response[ 0 .. length_to_drop]
|
|
88
|
-
return fail!(
|
|
88
|
+
return fail!("mismatched_signature") unless publickey.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(sig.tr('-._','+/=')), signedbit)
|
|
89
89
|
|
|
90
90
|
# Return the status
|
|
91
91
|
@name = principal
|
|
@@ -94,7 +94,7 @@ module OmniAuth
|
|
|
94
94
|
super
|
|
95
95
|
else
|
|
96
96
|
#And return the error code if it is something else.
|
|
97
|
-
return fail!(:invalid_credentials)
|
|
97
|
+
return fail!(:invalid_credentials, Exception "Raven status:" + status)
|
|
98
98
|
end
|
|
99
99
|
|
|
100
100
|
end
|