omniauth-raven 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/omniauth/raven/version.rb +1 -1
- data/lib/omniauth/strategies/raven.rb +9 -9
- metadata +1 -1
@@ -50,42 +50,42 @@ module OmniAuth
|
|
50
50
|
|
51
51
|
def callback_phase
|
52
52
|
|
53
|
-
return fail!(
|
53
|
+
return fail!("null_response") if request.params['WLS-Response'] == ""
|
54
54
|
|
55
55
|
wls_response = request.params['WLS-Response'].to_s
|
56
56
|
ver, status, msg, issue, id, url, principal, auth, sso, life, params, kid, sig = wls_response.split('!')
|
57
57
|
|
58
58
|
#Check the protocol version
|
59
|
-
return fail!(
|
59
|
+
return fail!("invalid_protocol_version") unless ver == options[:raven_opt][:version]
|
60
60
|
|
61
61
|
#Check the url
|
62
|
-
return fail!(:
|
62
|
+
return fail!("mismatched urls", Exception "url: " + url + " vs callback: " + callback_url) unless url == callback_url
|
63
63
|
|
64
64
|
#Check the time skew
|
65
65
|
issuetime = timeforRFC3339( issue )
|
66
66
|
skew = issuetime - Time.now
|
67
|
-
return fail!(
|
67
|
+
return fail!("time_skew") unless skew.abs < options[:raven_opt][:max_skew]
|
68
68
|
|
69
69
|
#Optionally check that interaction with the user took place
|
70
|
-
return fail!(:invalid_response) if ( iact == 'yes' && auth == "" )
|
70
|
+
return fail!(:invalid_response, Exception "No raven interaction took place, but it was requested") if ( iact == 'yes' && auth == "" )
|
71
71
|
|
72
72
|
#Optionally check that this response matches a request
|
73
73
|
if @match_response_and_request
|
74
74
|
response_id = unescape( params )
|
75
75
|
request_id = session['request_id']
|
76
|
-
return fail!(:
|
76
|
+
return fail!("mismatched_response", Exception "req_id:" + request_id + " vs resp_id:" + response_id) unless request_id == response_id
|
77
77
|
end
|
78
78
|
|
79
79
|
#If we got here, and status is 200, then yield the principal
|
80
80
|
if status == '200'
|
81
81
|
#Check that the Key Id is one we currently accept
|
82
82
|
publickey = OmniAuth.raven_pubkey
|
83
|
-
return fail!(
|
83
|
+
return fail!("invalid_keyno") unless kid == OmniAuth.raven_keyno
|
84
84
|
|
85
85
|
#Check the signature
|
86
86
|
length_to_drop = -(sig.length + kid.length + 3)
|
87
87
|
signedbit = wls_response[ 0 .. length_to_drop]
|
88
|
-
return fail!(
|
88
|
+
return fail!("mismatched_signature") unless publickey.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(sig.tr('-._','+/=')), signedbit)
|
89
89
|
|
90
90
|
# Return the status
|
91
91
|
@name = principal
|
@@ -94,7 +94,7 @@ module OmniAuth
|
|
94
94
|
super
|
95
95
|
else
|
96
96
|
#And return the error code if it is something else.
|
97
|
-
return fail!(:invalid_credentials)
|
97
|
+
return fail!(:invalid_credentials, Exception "Raven status:" + status)
|
98
98
|
end
|
99
99
|
|
100
100
|
end
|