omniauth-realme 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (19) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +59 -0
  3. data/.rspec +3 -0
  4. data/.rubocop.yml +35 -0
  5. data/.ruby-version +1 -0
  6. data/.travis.yml +5 -0
  7. data/Gemfile +17 -0
  8. data/Gemfile.lock +104 -0
  9. data/LICENSE +674 -0
  10. data/LICENSE.txt +674 -0
  11. data/README.md +177 -0
  12. data/Rakefile +8 -0
  13. data/bin/console +15 -0
  14. data/bin/setup +8 -0
  15. data/lib/omniauth/realme.rb +4 -0
  16. data/lib/omniauth/realme/version.rb +7 -0
  17. data/lib/omniauth/strategies/realme.rb +55 -0
  18. data/omniauth-realme.gemspec +33 -0
  19. metadata +146 -0
data/README.md ADDED
@@ -0,0 +1,177 @@
1
+ # omniauth-realme
2
+ Omniauth strategy for New Zealands secure online identity verification service.
3
+
4
+ This Gem has been developed for the intension of using [devise](https://github.com/plataformatec/devise) as the account model with Realme SSO intergation.
5
+ This Gem covers all of the SAML client requirements for RealMe intergations including the RealMe's default error messages.
6
+
7
+ You will need to set up your frontend login pages to match [RealMe's branding guide lines](https://developers.realme.govt.nz/how-to-integrate/application-design-and-branding-guide/realme-page-elements/)
8
+ We suggest you use their assets in a zip file their page.
9
+
10
+ Getting to Production:
11
+ You will need to complete the [RealMe Operational handover checklist](https://developers.realme.govt.nz/how-to-integrate/getting-to-production/operational-handover-checklist/) `login service` form to gain access to RealMe production environments.
12
+
13
+ Not Using *ruby* but need to itergrate? Use this gem is a baseline and find a suitable Library on [onelogin's](https://github.com/onelogin) github account.
14
+
15
+ ## Installation
16
+
17
+ Add this line to your application's Gemfile:
18
+
19
+ ```ruby
20
+ gem 'devise'
21
+ gem 'omniauth-realme'
22
+ ```
23
+
24
+ And then execute:
25
+
26
+ $ bundle
27
+
28
+ ### Realme
29
+ To test that you have installed the Gem correctly intergrate with their message testing servies [RealMe MTS](https://mts.realme.govt.nz/logon-mts/home) first, followed by ITE then Production intergrations.
30
+
31
+ You will need to be setup your applications intergration via their [developers website](https://developers.realme.govt.nz) for ITE and production set up.
32
+
33
+ ### Devise
34
+ Setup
35
+ ```ruby
36
+ # config/initializers/devise.rb
37
+ Devise.setup do |d_config|
38
+ d_config.omniauth :realme
39
+ end
40
+ ```
41
+
42
+ Here we configure the [ruby-saml](https://github.com/onelogin/ruby-saml) gem.
43
+ Realme provides the nessassery `service-metadata.xml` files for their side of the intergation they can be found on this [page](https://developers.realme.govt.nz/how-realme-works/technical-integration-steps#e75)
44
+
45
+ ```ruby
46
+ # config/initializers/realme_omniauth.rb
47
+ OmniAuth::Strategies::Realme.configure do |config|
48
+ # Website issuer namespace
49
+ config.issuer = 'http://myapp/<issuer>/<access>'
50
+
51
+ # Callback url
52
+ config.assertion_consumer_service_url = 'http://myapp.com/users/auth/realme/callback'
53
+
54
+ # Sign the request saml and decrypt response
55
+ config.private_key = 'Realme SLL private cert'
56
+
57
+ # Realme login service xml file.
58
+ # You will need to download the different XML files for the different environments found here: https://developers.realme.govt.nz/how-realme-works/technical-integration-steps/
59
+ config.idp_service_metadata = Rails.root.join('path', 'to', 'logon-service-metadata.xml')
60
+
61
+ # default Strenght
62
+ config.auth_strenght = 'urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength'
63
+ end
64
+ ```
65
+
66
+ Controllers
67
+ ```ruby
68
+ # app/controllers/application_controller.rb
69
+ class ApplicationController < ActionController::Base
70
+ before_action :configure_permitted_parameters, if: :devise_controller?
71
+ # ...
72
+
73
+ private
74
+
75
+ def configure_permitted_parameters
76
+ # :uid, :provider and any new fields need to be added here
77
+ devise_parameter_sanitizer.permit(:sign_up, keys: [:password, :password_confirmation, :email, :uid, :provider])
78
+ end
79
+
80
+ # ...
81
+ end
82
+ ```
83
+
84
+ The customer `uid` will come through in their session as `session[:uid]`
85
+
86
+ ```ruby
87
+ require 'devise'
88
+
89
+ module Users
90
+ class OmniauthCallbacksController < ::Devise::OmniauthCallbacksController
91
+ skip_before_action :verify_authenticity_token
92
+
93
+ def realme
94
+ return redirect_to new_user_session_path, alert: session.delete(:realme_error)[:message] if session[:realme_error].present? || session[:uid].blank?
95
+
96
+ @user = User.from_omniauth('realme', session.delete(:uid))
97
+
98
+ unless @user.valid?
99
+ @user.errors.each { |err| @user.errors.delete(err) }
100
+
101
+ flash.notice = 'RealMe login successful, please fill in your user details.'
102
+ return render 'devise/registrations/new.html.haml'
103
+ end
104
+
105
+ flash.notice = 'RealMe login successful.'
106
+
107
+ sign_in_and_redirect @user
108
+ end
109
+ end
110
+ end
111
+ ```
112
+
113
+ Views
114
+ - You will need to update your registration `new` and `edit` views by adding the new fields as well as hidden fields for `provider` and `uid`.
115
+ - User sign in view will also need to be updated so that it links to the OmniAuth realme pass through using the link helper `user_realme_omniauth_authorize_path`.
116
+
117
+ Model
118
+ ```ruby
119
+ # app/models/user.rb
120
+ class User < ApplicationRecord
121
+ # Include default devise modules. Others available are:
122
+ # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
123
+ devise :database_authenticatable, :registerable,
124
+ :recoverable, :rememberable, :validatable,
125
+ :omniauthable, omniauth_providers: [:realme]
126
+
127
+ validates :provider, presence: true
128
+ validates :uid, presence: true, uniqueness: true
129
+ validates :email, presence: true, uniqueness: true
130
+
131
+ def self.from_omniauth(provider, uid)
132
+ where(provider: provider, uid: uid).first_or_create do |user|
133
+ user.provider = provider
134
+ user.uid = uid
135
+ end
136
+ end
137
+ end
138
+ ```
139
+
140
+ Migrations
141
+ - You will need to add `provider` and `uid` to your model and index the `uid`
142
+ ```ruby
143
+ # db/migrate/<timestamp>_devise_create_users.rb
144
+ class DeviseCreateUsers < ActiveRecord::Migration[5.2]
145
+ def change
146
+ create_table :users do |t|
147
+ # ...
148
+
149
+ t.string :provider, null: false
150
+ t.string :uid, null: false, unique: true
151
+
152
+ # ...
153
+ end
154
+ # ...
155
+ add_index :users, :uid, unique: true
156
+ end
157
+ end
158
+ ```
159
+
160
+ Remove SAMLResponse from Rails log
161
+ ```ruby
162
+ #config/initializers/filter_parameter_logging.rb
163
+ Rails.application.config.filter_parameters += [:password, 'SAMLResponse']
164
+ ```
165
+
166
+ ## Development
167
+
168
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
169
+
170
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
171
+
172
+ ## Contributing
173
+
174
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/omniauth-realme.
175
+
176
+ ## License
177
+ GNU GENERAL PUBLIC LICENSE
data/Rakefile ADDED
@@ -0,0 +1,8 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'bundler/gem_tasks'
4
+ require 'rspec/core/rake_task'
5
+
6
+ RSpec::Core::RakeTask.new(:spec)
7
+
8
+ task default: :spec
data/bin/console ADDED
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'bundler/setup'
5
+ require 'omniauth/realme'
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require "pry"
12
+ # Pry.start
13
+
14
+ require 'irb'
15
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/lib/omniauth/realme.rb ADDED
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'omniauth/realme/version'
4
+ require 'omniauth/strategies/realme'
data/lib/omniauth/realme/version.rb ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Omniauth
4
+ module Realme
5
+ VERSION = '0.1.0'
6
+ end
7
+ end
data/lib/omniauth/strategies/realme.rb ADDED
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'omniauth'
4
+ require 'ruby-saml'
5
+
6
+ module OmniAuth
7
+ module Strategies
8
+ class Realme
9
+ include OmniAuth::Strategy
10
+ autoload :AuthRequest, 'omniauth/strategies/realme/auth_request'
11
+
12
+ # Fixed OmniAuth options
13
+ option :provider, 'realme'
14
+
15
+ def request_phase
16
+ req = OneLogin::RubySaml::Authrequest.new
17
+ redirect req.create(saml_settings, 'SigAlg' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256')
18
+ end
19
+
20
+ def callback_phase
21
+ response = ::OneLogin::RubySaml::Response.new(request.params['SAMLResponse'], settings: saml_settings)
22
+
23
+ if response.is_valid?
24
+ session[:uid] = response.nameid
25
+ else
26
+ authorize_failure
27
+ end
28
+
29
+ @raw_info = response
30
+ super
31
+ end
32
+
33
+ private
34
+
35
+ def saml_settings
36
+ idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
37
+ settings = idp_metadata_parser.parse(File.read(options.fetch('idp_service_metadata')))
38
+
39
+ settings.issuer = options.fetch('issuer')
40
+ settings.assertion_consumer_service_url = options.fetch('assertion_consumer_service_url')
41
+ settings.private_key = options.fetch('private_key')
42
+ settings.authn_context = options.fetch('auth_strenght', 'urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength')
43
+ settings.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
44
+ settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
45
+ settings.soft = false
46
+
47
+ settings.security[:authn_requests_signed] = true
48
+
49
+ settings
50
+ end
51
+ end
52
+ end
53
+ end
54
+
55
+ OmniAuth.config.add_camelization 'realme', 'Realme'
data/omniauth-realme.gemspec ADDED
@@ -0,0 +1,33 @@
1
+
2
+ # frozen_string_literal: true
3
+
4
+ lib = File.expand_path('lib', __dir__)
5
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
6
+ require 'omniauth/realme/version'
7
+
8
+ Gem::Specification.new do |spec|
9
+ spec.name = 'omniauth-realme'
10
+ spec.version = Omniauth::Realme::VERSION
11
+ spec.authors = ['DanHenton']
12
+ spec.email = ['Dan.henton@live.com']
13
+
14
+ spec.summary = 'Omniauth strategy for New Zealands secure online identity verification service.'
15
+ spec.description = 'Omniauth strategy for New Zealands secure online identity verification service.'
16
+ spec.homepage = 'https://example.com'
17
+ spec.license = 'GNU'
18
+
19
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
20
+ f.match(%r{^(test|spec|features)/})
21
+ end
22
+ spec.bindir = 'exe'
23
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
24
+ spec.require_paths = ['lib']
25
+
26
+ spec.add_dependency 'omniauth', '~> 1.0'
27
+ spec.add_dependency 'uuid', '~> 2.0'
28
+ spec.add_dependency 'ruby-saml', '~> 1.5'
29
+
30
+ spec.add_development_dependency 'bundler'
31
+ spec.add_development_dependency 'rake'
32
+ spec.add_development_dependency 'rspec'
33
+ end
metadata ADDED
@@ -0,0 +1,146 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: omniauth-realme
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - DanHenton
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2018-11-12 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: omniauth
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: uuid
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '2.0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '2.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: ruby-saml
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.5'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.5'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bundler
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rake
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ description: Omniauth strategy for New Zealands secure online identity verification
98
+ service.
99
+ email:
100
+ - Dan.henton@live.com
101
+ executables: []
102
+ extensions: []
103
+ extra_rdoc_files: []
104
+ files:
105
+ - ".gitignore"
106
+ - ".rspec"
107
+ - ".rubocop.yml"
108
+ - ".ruby-version"
109
+ - ".travis.yml"
110
+ - Gemfile
111
+ - Gemfile.lock
112
+ - LICENSE
113
+ - LICENSE.txt
114
+ - README.md
115
+ - Rakefile
116
+ - bin/console
117
+ - bin/setup
118
+ - lib/omniauth/realme.rb
119
+ - lib/omniauth/realme/version.rb
120
+ - lib/omniauth/strategies/realme.rb
121
+ - omniauth-realme.gemspec
122
+ homepage: https://example.com
123
+ licenses:
124
+ - GNU
125
+ metadata: {}
126
+ post_install_message:
127
+ rdoc_options: []
128
+ require_paths:
129
+ - lib
130
+ required_ruby_version: !ruby/object:Gem::Requirement
131
+ requirements:
132
+ - - ">="
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ required_rubygems_version: !ruby/object:Gem::Requirement
136
+ requirements:
137
+ - - ">="
138
+ - !ruby/object:Gem::Version
139
+ version: '0'
140
+ requirements: []
141
+ rubyforge_project:
142
+ rubygems_version: 2.7.7
143
+ signing_key:
144
+ specification_version: 4
145
+ summary: Omniauth strategy for New Zealands secure online identity verification service.
146
+ test_files: []