omniauth-realme 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +39 -0
- data/.gitignore +4 -52
- data/.rubocop.yml +16 -32
- data/.rubocop_todo.yml +30 -0
- data/.ruby-version +1 -1
- data/Gemfile +2 -10
- data/Gemfile.lock +58 -75
- data/README.md +165 -22
- data/lib/omniauth/realme.rb +47 -0
- data/lib/omniauth/realme/version.rb +2 -2
- data/lib/omniauth/strategies/realme.rb +239 -18
- data/omniauth-realme.gemspec +20 -11
- metadata +77 -20
- data/.travis.yml +0 -5
- data/LICENSE +0 -674
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81955f24b0b548d140647fab9f648ac48dfee293f83e562e9ec09475f71259d7
|
4
|
+
data.tar.gz: 537ee0a682d306260d14ef1a2f2731d25ff1b25ea263bd5462854c8bc637555f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d59632b21176bac6aa087780edfd6dedab80c9330d6ae660a3f55e475e544f6fd4cc8dbf1ba3a0977bab3eaf729edce55c77745dffcdda87d578183e23e75ba
|
7
|
+
data.tar.gz: 3973081feb7b75385660d16e5a6b07a8a30cf9a714c2137871bd7707e4f9b3d3a488e4d959f42bf39c6bf6e932f532fc83aeac2ce350195ae282826f667a9866
|
@@ -0,0 +1,39 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request:
|
5
|
+
push:
|
6
|
+
branches:
|
7
|
+
- master
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
ci_checks:
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
strategy:
|
13
|
+
matrix:
|
14
|
+
ruby:
|
15
|
+
- 2.4.9
|
16
|
+
- 2.5.8
|
17
|
+
- 2.6.6
|
18
|
+
- 2.7.1
|
19
|
+
|
20
|
+
name: Ruby ${{ matrix.ruby }} sample
|
21
|
+
|
22
|
+
steps:
|
23
|
+
- name: Checkout this repo
|
24
|
+
uses: actions/checkout@v2
|
25
|
+
|
26
|
+
- name: Install Ruby and Bundler
|
27
|
+
uses: ruby/setup-ruby@v1
|
28
|
+
with:
|
29
|
+
bundler-cache: true
|
30
|
+
ruby-version: ${{ matrix.ruby }}
|
31
|
+
|
32
|
+
- name: Run rubocop
|
33
|
+
run: |
|
34
|
+
bundle exec rubocop
|
35
|
+
|
36
|
+
- name: Run tests
|
37
|
+
run: |
|
38
|
+
bundle exec rspec
|
39
|
+
|
data/.gitignore
CHANGED
@@ -1,59 +1,11 @@
|
|
1
|
-
*.gem
|
2
|
-
*.rbc
|
3
|
-
/.config
|
4
|
-
/coverage/
|
5
|
-
/InstalledFiles
|
6
|
-
/pkg/
|
7
|
-
/spec/reports/
|
8
|
-
/spec/examples.txt
|
9
|
-
/test/tmp/
|
10
|
-
/test/version_tmp/
|
11
|
-
/tmp/
|
12
1
|
/.bundle/
|
13
2
|
/.yardoc
|
14
3
|
/_yardoc/
|
4
|
+
/coverage/
|
15
5
|
/doc/
|
16
|
-
/
|
17
|
-
spec/
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/tmp/
|
18
9
|
|
19
10
|
# rspec failure tracking
|
20
11
|
.rspec_status
|
21
|
-
|
22
|
-
# Used by dotenv library to load environment variables.
|
23
|
-
# .env
|
24
|
-
|
25
|
-
## Specific to RubyMotion:
|
26
|
-
.dat*
|
27
|
-
.repl_history
|
28
|
-
build/
|
29
|
-
*.bridgesupport
|
30
|
-
build-iPhoneOS/
|
31
|
-
build-iPhoneSimulator/
|
32
|
-
|
33
|
-
## Specific to RubyMotion (use of CocoaPods):
|
34
|
-
#
|
35
|
-
# We recommend against adding the Pods directory to your .gitignore. However
|
36
|
-
# you should judge for yourself, the pros and cons are mentioned at:
|
37
|
-
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
|
38
|
-
#
|
39
|
-
# vendor/Pods/
|
40
|
-
|
41
|
-
## Documentation cache and generated files:
|
42
|
-
/.yardoc/
|
43
|
-
/_yardoc/
|
44
|
-
/doc/
|
45
|
-
/rdoc/
|
46
|
-
|
47
|
-
## Environment normalization:
|
48
|
-
/.bundle/
|
49
|
-
/vendor/bundle
|
50
|
-
/lib/bundler/man/
|
51
|
-
|
52
|
-
# for a library or gem, you might want to ignore these files since the code is
|
53
|
-
# intended to run in multiple environments; otherwise, check them in:
|
54
|
-
# Gemfile.lock
|
55
|
-
# .ruby-version
|
56
|
-
# .ruby-gemset
|
57
|
-
|
58
|
-
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
59
|
-
.rvmrc
|
data/.rubocop.yml
CHANGED
@@ -1,35 +1,19 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
Exclude:
|
5
|
-
- 'bin/**/*'
|
6
|
-
- 'Gemfile'
|
7
|
-
- 'Gemfile.lock'
|
8
|
-
Documentation:
|
1
|
+
inherit_from: .rubocop_todo.yml
|
2
|
+
|
3
|
+
Style/HashEachMethods:
|
9
4
|
Enabled: false
|
10
|
-
|
11
|
-
|
12
|
-
Rails/FilePath:
|
13
|
-
Exclude:
|
14
|
-
- 'spec/**/*'
|
15
|
-
Metrics/LineLength:
|
16
|
-
Max: 150
|
17
|
-
Exclude:
|
18
|
-
- 'spec/**/*'
|
19
|
-
Metrics/MethodLength:
|
20
|
-
Max: 20
|
21
|
-
Metrics/BlockLength:
|
22
|
-
Exclude:
|
23
|
-
- 'spec/**/*'
|
24
|
-
Metrics/AbcSize:
|
25
|
-
Max: 20
|
26
|
-
Style/SymbolArray:
|
5
|
+
|
6
|
+
Style/HashTransformKeys:
|
27
7
|
Enabled: false
|
28
|
-
|
8
|
+
|
9
|
+
Style/HashTransformValues:
|
29
10
|
Enabled: false
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
11
|
+
|
12
|
+
Metrics/ClassLength:
|
13
|
+
Max: 130
|
14
|
+
|
15
|
+
Metrics/BlockLength:
|
16
|
+
Exclude:
|
17
|
+
- "spec/**/*" # specs can have long blocks
|
18
|
+
- "*.gemspec"
|
19
|
+
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config`
|
3
|
+
# on 2020-02-26 11:21:32 +1300 using RuboCop version 0.80.0.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 2
|
10
|
+
Metrics/AbcSize:
|
11
|
+
Max: 20
|
12
|
+
|
13
|
+
# Offense count: 3
|
14
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
15
|
+
Metrics/MethodLength:
|
16
|
+
Max: 16
|
17
|
+
|
18
|
+
# Offense count: 1
|
19
|
+
Style/Documentation:
|
20
|
+
Exclude:
|
21
|
+
- 'spec/**/*'
|
22
|
+
- 'test/**/*'
|
23
|
+
- 'lib/omniauth/strategies/realme.rb'
|
24
|
+
|
25
|
+
# Offense count: 18
|
26
|
+
# Cop supports --auto-correct.
|
27
|
+
# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
|
28
|
+
# URISchemes: http, https
|
29
|
+
Layout/LineLength:
|
30
|
+
Max: 162
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.5
|
1
|
+
2.6.5
|
data/Gemfile
CHANGED
@@ -2,16 +2,8 @@
|
|
2
2
|
|
3
3
|
source 'https://rubygems.org'
|
4
4
|
|
5
|
-
git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
|
6
|
-
|
7
5
|
# Specify your gem's dependencies in omniauth-realme.gemspec
|
8
6
|
gemspec
|
9
7
|
|
10
|
-
|
11
|
-
|
12
|
-
gem 'pry', require: false
|
13
|
-
end
|
14
|
-
|
15
|
-
group :test do
|
16
|
-
gem 'simplecov', '~> 0.16.1'
|
17
|
-
end
|
8
|
+
gem 'rake', '~> 12.0'
|
9
|
+
gem 'rspec', '~> 3.0'
|
data/Gemfile.lock
CHANGED
@@ -1,92 +1,74 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
omniauth-realme (0.0
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
uuid
|
4
|
+
omniauth-realme (0.2.0)
|
5
|
+
omniauth (~> 1.0)
|
6
|
+
ruby-saml (~> 1.5)
|
7
|
+
uuid (~> 2.0)
|
9
8
|
|
10
9
|
GEM
|
11
10
|
remote: https://rubygems.org/
|
12
11
|
specs:
|
13
|
-
akami (1.3.1)
|
14
|
-
gyoku (>= 0.4.0)
|
15
|
-
nokogiri
|
16
12
|
ast (2.4.0)
|
17
|
-
|
18
|
-
coderay (1.1.
|
13
|
+
byebug (11.1.3)
|
14
|
+
coderay (1.1.3)
|
19
15
|
diff-lcs (1.3)
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
method_source (0.9.0)
|
31
|
-
mini_portile2 (2.3.0)
|
32
|
-
nokogiri (1.8.2)
|
33
|
-
mini_portile2 (~> 2.3.0)
|
34
|
-
nori (2.6.0)
|
35
|
-
omniauth (1.8.1)
|
36
|
-
hashie (>= 3.4.6, < 3.6.0)
|
16
|
+
hashie (4.1.0)
|
17
|
+
jaro_winkler (1.5.4)
|
18
|
+
macaddr (1.7.2)
|
19
|
+
systemu (~> 2.6.5)
|
20
|
+
method_source (1.0.0)
|
21
|
+
mini_portile2 (2.4.0)
|
22
|
+
nokogiri (1.10.10)
|
23
|
+
mini_portile2 (~> 2.4.0)
|
24
|
+
omniauth (1.9.1)
|
25
|
+
hashie (>= 3.4.6)
|
37
26
|
rack (>= 1.6.2, < 3)
|
38
|
-
parallel (1.
|
39
|
-
parser (2.
|
27
|
+
parallel (1.19.1)
|
28
|
+
parser (2.7.0.2)
|
40
29
|
ast (~> 2.4.0)
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
30
|
+
pry (0.13.1)
|
31
|
+
coderay (~> 1.1)
|
32
|
+
method_source (~> 1.0)
|
33
|
+
pry-byebug (3.9.0)
|
34
|
+
byebug (~> 11.0)
|
35
|
+
pry (~> 0.13.0)
|
36
|
+
rack (2.2.3)
|
37
|
+
rack-test (1.1.0)
|
38
|
+
rack (>= 1.0, < 3)
|
46
39
|
rainbow (3.0.0)
|
47
|
-
rake (
|
48
|
-
|
49
|
-
|
50
|
-
rspec-
|
51
|
-
rspec-
|
52
|
-
|
53
|
-
|
54
|
-
|
40
|
+
rake (12.3.3)
|
41
|
+
rexml (3.2.4)
|
42
|
+
rspec (3.9.0)
|
43
|
+
rspec-core (~> 3.9.0)
|
44
|
+
rspec-expectations (~> 3.9.0)
|
45
|
+
rspec-mocks (~> 3.9.0)
|
46
|
+
rspec-core (3.9.1)
|
47
|
+
rspec-support (~> 3.9.1)
|
48
|
+
rspec-expectations (3.9.0)
|
55
49
|
diff-lcs (>= 1.2.0, < 2.0)
|
56
|
-
rspec-support (~> 3.
|
57
|
-
rspec-mocks (3.
|
50
|
+
rspec-support (~> 3.9.0)
|
51
|
+
rspec-mocks (3.9.1)
|
58
52
|
diff-lcs (>= 1.2.0, < 2.0)
|
59
|
-
rspec-support (~> 3.
|
60
|
-
rspec-support (3.
|
61
|
-
rubocop (0.
|
53
|
+
rspec-support (~> 3.9.0)
|
54
|
+
rspec-support (3.9.2)
|
55
|
+
rubocop (0.80.0)
|
56
|
+
jaro_winkler (~> 1.5.1)
|
62
57
|
parallel (~> 1.10)
|
63
|
-
parser (>= 2.
|
64
|
-
powerpack (~> 0.1)
|
58
|
+
parser (>= 2.7.0.1)
|
65
59
|
rainbow (>= 2.2.2, < 4.0)
|
60
|
+
rexml
|
66
61
|
ruby-progressbar (~> 1.7)
|
67
|
-
unicode-display_width (
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
httpi (~> 2.3)
|
74
|
-
nokogiri (>= 1.8.1)
|
75
|
-
nori (~> 2.4)
|
76
|
-
wasabi (~> 3.4)
|
77
|
-
simplecov (0.16.1)
|
78
|
-
docile (~> 1.1)
|
79
|
-
json (>= 1.8, < 3)
|
80
|
-
simplecov-html (~> 0.10.0)
|
81
|
-
simplecov-html (0.10.2)
|
82
|
-
socksify (1.7.1)
|
62
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
63
|
+
rubocop-rspec (1.38.1)
|
64
|
+
rubocop (>= 0.68.1)
|
65
|
+
ruby-progressbar (1.10.1)
|
66
|
+
ruby-saml (1.11.0)
|
67
|
+
nokogiri (>= 1.5.10)
|
83
68
|
systemu (2.6.5)
|
84
|
-
unicode-display_width (1.
|
85
|
-
uuid (2.3.
|
69
|
+
unicode-display_width (1.6.1)
|
70
|
+
uuid (2.3.9)
|
86
71
|
macaddr (~> 1.0)
|
87
|
-
wasabi (3.5.0)
|
88
|
-
httpi (~> 2.0)
|
89
|
-
nokogiri (>= 1.4.2)
|
90
72
|
|
91
73
|
PLATFORMS
|
92
74
|
ruby
|
@@ -94,11 +76,12 @@ PLATFORMS
|
|
94
76
|
DEPENDENCIES
|
95
77
|
bundler
|
96
78
|
omniauth-realme!
|
97
|
-
pry
|
98
|
-
|
99
|
-
|
79
|
+
pry-byebug
|
80
|
+
rack-test
|
81
|
+
rake (~> 12.0)
|
82
|
+
rspec (~> 3.0)
|
100
83
|
rubocop
|
101
|
-
|
84
|
+
rubocop-rspec
|
102
85
|
|
103
86
|
BUNDLED WITH
|
104
|
-
1.
|
87
|
+
2.1.4
|
data/README.md
CHANGED
@@ -1,16 +1,19 @@
|
|
1
1
|
# omniauth-realme
|
2
|
-
Omniauth strategy for New Zealands secure online identity verification service.
|
3
2
|
|
4
|
-
|
5
|
-
This Gem covers all of the SAML client requirements for RealMe intergations including the RealMe's default error messages.
|
3
|
+
![CI](https://github.com/DigitalNZ/omniauth-realme/workflows/CI/badge.svg)
|
6
4
|
|
7
|
-
|
8
|
-
|
5
|
+
Omniauth strategy for New Zealand's secure online identity verification service.
|
6
|
+
|
7
|
+
This Gem has been developed for the intention of using [Devise](https://github.com/plataformatec/devise) as the account model with Realme SSO integration.
|
8
|
+
This gem covers all of the SAML client requirements for RealMe integrations including the RealMe's default error messages.
|
9
|
+
|
10
|
+
You will need to set up your frontend login pages to match [RealMe's branding guidelines](https://developers.realme.govt.nz/how-to-integrate/application-design-and-branding-guide/realme-page-elements/)
|
11
|
+
We suggest you use their assets in a zip file on their page.
|
9
12
|
|
10
13
|
Getting to Production:
|
11
14
|
You will need to complete the [RealMe Operational handover checklist](https://developers.realme.govt.nz/how-to-integrate/getting-to-production/operational-handover-checklist/) `login service` form to gain access to RealMe production environments.
|
12
15
|
|
13
|
-
Not
|
16
|
+
Not using *Ruby* but need to integrate? Use this gem as a baseline and find a suitable Library on [onelogin's](https://github.com/onelogin) github account.
|
14
17
|
|
15
18
|
## Installation
|
16
19
|
|
@@ -26,21 +29,42 @@ And then execute:
|
|
26
29
|
$ bundle
|
27
30
|
|
28
31
|
### Realme
|
29
|
-
To test that you have installed the Gem correctly
|
32
|
+
To test that you have installed the Gem correctly integrate with their message testing servies [RealMe MTS](https://mts.realme.govt.nz/logon-mts/home) first, followed by ITE then Production integrations.
|
30
33
|
|
31
|
-
You will need to
|
34
|
+
You will need to set up your applications integration via their [developers website](https://developers.realme.govt.nz) for ITE and production.
|
32
35
|
|
33
36
|
### Devise
|
37
|
+
|
34
38
|
Setup
|
39
|
+
|
35
40
|
```ruby
|
36
41
|
# config/initializers/devise.rb
|
37
|
-
Devise.setup do |
|
38
|
-
|
42
|
+
Devise.setup do |config|
|
43
|
+
# ...
|
44
|
+
config.omniauth :realme
|
39
45
|
end
|
40
46
|
```
|
41
47
|
|
42
48
|
Here we configure the [ruby-saml](https://github.com/onelogin/ruby-saml) gem.
|
43
|
-
Realme provides the
|
49
|
+
Realme provides the necessary `service-metadata.xml` files for their side of the integration. They can be found on this [page](https://developers.realme.govt.nz/how-realme-works/technical-integration-steps#e75)
|
50
|
+
|
51
|
+
```ruby
|
52
|
+
# config/initializers/omniauth.rb
|
53
|
+
|
54
|
+
# Use OmniAuthCallbacksController#failure as the Rack app which OmniAuth will
|
55
|
+
# redirect to in the event of a failure
|
56
|
+
OmniAuth.config.on_failure = Proc.new { |env| OmniAuthCallbacksController.action(:failure).call(env) }
|
57
|
+
|
58
|
+
OmniAuth.configure do |config|
|
59
|
+
# Always redirect to the failure endpoint if there is an error. Normally the
|
60
|
+
# exception would just be raised in development mode. This is useful for
|
61
|
+
# testing your Realme error handling in development.
|
62
|
+
config.failure_raise_out_environments = []
|
63
|
+
|
64
|
+
# We want to see OmniAuth messages in the log
|
65
|
+
config.logger = Rails.logger
|
66
|
+
end
|
67
|
+
```
|
44
68
|
|
45
69
|
```ruby
|
46
70
|
# config/initializers/realme_omniauth.rb
|
@@ -50,19 +74,69 @@ OmniAuth::Strategies::Realme.configure do |config|
|
|
50
74
|
|
51
75
|
# Callback url
|
52
76
|
config.assertion_consumer_service_url = 'http://myapp.com/users/auth/realme/callback'
|
53
|
-
|
77
|
+
|
54
78
|
# Sign the request saml and decrypt response
|
55
|
-
|
79
|
+
|
80
|
+
# Read the public+private keypair from a file. This example demonstrates
|
81
|
+
# using the .p12 file Realme provides to help you get up an running with their
|
82
|
+
# MTS environment.
|
83
|
+
p12 = OpenSSL::PKCS12.new(File.read(Rails.root.join("realme/Integration-Bundle-MTS-V3.2/mts_saml_sp.p12")), "password")
|
84
|
+
|
85
|
+
# Give the strategy the public key that will identify your SP to Realme (the IdP)
|
86
|
+
config.certificate = p12.certificate.to_s
|
87
|
+
|
88
|
+
# Give the strategy the corresponding private key so it can decrypt messages
|
89
|
+
# sent by Realme which are encrypted with the public key
|
90
|
+
config.private_key = p12.key.to_s
|
56
91
|
|
57
92
|
# Realme login service xml file.
|
58
93
|
# You will need to download the different XML files for the different environments found here: https://developers.realme.govt.nz/how-realme-works/technical-integration-steps/
|
59
94
|
config.idp_service_metadata = Rails.root.join('path', 'to', 'logon-service-metadata.xml')
|
60
|
-
|
61
|
-
# default
|
62
|
-
config.
|
95
|
+
|
96
|
+
# default strength
|
97
|
+
config.auth_strength = 'urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength'
|
98
|
+
|
99
|
+
# The allowed clock drift is added to the current time at which the response
|
100
|
+
# is validated before it's tested against the NotBefore assertion. Its value
|
101
|
+
# must be given in a number (and/or fraction) of seconds.
|
102
|
+
#
|
103
|
+
# Make sure to keep the value as comfortably small as possible to keep
|
104
|
+
# security risks to a minimum.
|
105
|
+
#
|
106
|
+
# See: https://github.com/onelogin/ruby-saml#clock-drift
|
107
|
+
#
|
108
|
+
config.allowed_clock_drift = 5.seconds # default is 0.seconds
|
109
|
+
|
110
|
+
# It can be very useful to fail noisily in development if there are SAML
|
111
|
+
# validation errors. We recommend enabling this in Rails development env at
|
112
|
+
# least.
|
113
|
+
#
|
114
|
+
config.raise_exceptions_for_saml_validation_errors = Rails.env.development? # default: false
|
115
|
+
|
116
|
+
# Versions 0.1.0 and older of this gem return the FLT or any errors from
|
117
|
+
# Realme in the Rails session. We are migrating away from this to a more
|
118
|
+
# conventional OmniAuth approach of returning the FLT in
|
119
|
+
# `request.env['omniauth.auth'] and errors redirect to the OmniAuth failure
|
120
|
+
# Rack app.
|
121
|
+
#
|
122
|
+
# As of version 0.1.0, using the Rails session is enabled by default to not
|
123
|
+
# break existing installations. If you are configuring this strategy in a new
|
124
|
+
# application, you should set this behaviour to `false` to ensure your app
|
125
|
+
# continues to work seamlessly in future versions of this gem.
|
126
|
+
#
|
127
|
+
config.legacy_rails_session_behaviour_enabled = false
|
63
128
|
end
|
64
129
|
```
|
65
130
|
|
131
|
+
Routes
|
132
|
+
|
133
|
+
```ruby
|
134
|
+
# config/routes.rb
|
135
|
+
|
136
|
+
# Add/edit the `devise_for` line in your routes file as shown here
|
137
|
+
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
|
138
|
+
```
|
139
|
+
|
66
140
|
Controllers
|
67
141
|
```ruby
|
68
142
|
# app/controllers/application_controller.rb
|
@@ -81,19 +155,18 @@ class ApplicationController < ActionController::Base
|
|
81
155
|
end
|
82
156
|
```
|
83
157
|
|
84
|
-
The customer `uid` will come through in
|
158
|
+
The customer `uid` will come through in `request.env['omniauth.auth']['uid']`
|
85
159
|
|
86
160
|
```ruby
|
87
|
-
|
161
|
+
# app/controllers/users/omniauth_callbacks_controller.rb
|
88
162
|
|
89
163
|
module Users
|
90
164
|
class OmniauthCallbacksController < ::Devise::OmniauthCallbacksController
|
91
165
|
skip_before_action :verify_authenticity_token
|
92
166
|
|
93
167
|
def realme
|
94
|
-
|
95
|
-
|
96
|
-
@user = User.from_omniauth('realme', session.delete(:uid))
|
168
|
+
realme_flt_token = request.env["omniauth.auth"]["uid"]
|
169
|
+
@user = User.from_omniauth('realme', realme_flt_token)
|
97
170
|
|
98
171
|
unless @user.valid?
|
99
172
|
@user.errors.each { |err| @user.errors.delete(err) }
|
@@ -106,6 +179,15 @@ module Users
|
|
106
179
|
|
107
180
|
sign_in_and_redirect @user
|
108
181
|
end
|
182
|
+
|
183
|
+
def failure
|
184
|
+
exception = request.env["omniauth.error"] # a reference to the exception instance class
|
185
|
+
error_type = request.env["omniauth.error.type"] # the first symbol passed to fail!()
|
186
|
+
erroring_strategy = request.env["omniauth.error.strategy"] # a reference to the strategy instance that threw the error
|
187
|
+
|
188
|
+
flash.alert = "Realme login failed because #{exception.message}"
|
189
|
+
redirect_to root_path
|
190
|
+
end
|
109
191
|
end
|
110
192
|
end
|
111
193
|
```
|
@@ -163,6 +245,67 @@ Remove SAMLResponse from Rails log
|
|
163
245
|
Rails.application.config.filter_parameters += [:password, 'SAMLResponse']
|
164
246
|
```
|
165
247
|
|
248
|
+
## Metadata
|
249
|
+
|
250
|
+
This gem includes `OmniAuth::Realme.generate_metadata_xml` which will generate SAML SP metadata in a form suitable for uploading to the [Realme MTS Metadata upload](https://mts.realme.govt.nz/logon-mts/metadataupdate) endpoint using the same settings you used to configure this strategy.
|
251
|
+
|
252
|
+
Below is an example of using it to create a `/saml/metadata.xml` endpoint in your app. This can be convenient but might be unnecessary for your application, depending on your use case so this step is optional.
|
253
|
+
|
254
|
+
```ruby
|
255
|
+
# config/routes.rb
|
256
|
+
|
257
|
+
# Example: curl http://localhost:3000/saml/metadata.xml
|
258
|
+
get "saml/metadata", to: "saml_metadata#metadata"
|
259
|
+
```
|
260
|
+
|
261
|
+
```ruby
|
262
|
+
# app/controllers/saml_metadata_controller.rb
|
263
|
+
class SamlMetadataController < ApplicationController
|
264
|
+
# Skip authentication on the metadata action (this line is only required if
|
265
|
+
# you are using devise)
|
266
|
+
skip_before_action :authenticate_user!, only: [:metadata]
|
267
|
+
|
268
|
+
def metadata
|
269
|
+
respond_to do |format|
|
270
|
+
format.xml { render xml: OmniAuth::Realme.generate_metadata_xml }
|
271
|
+
end
|
272
|
+
end
|
273
|
+
end
|
274
|
+
```
|
275
|
+
|
276
|
+
If you don't need an endpoint in your app you can just invoke the function from the console e.g.
|
277
|
+
|
278
|
+
```ruby
|
279
|
+
rails-console> puts OmniAuth::Realme.generate_metadata_xml
|
280
|
+
```
|
281
|
+
|
282
|
+
## Realme Context Mapping Service (RCMS)
|
283
|
+
|
284
|
+
[Realme Context Mapping Service](https://developers.realme.govt.nz/how-realme-works/whats-realme-rcms/) is an additional service which your app can optionally integrate with.
|
285
|
+
|
286
|
+
Most of the work of integrating with RCMS is outside of the scope of what OmniAuth does. If your app is using RCMS then you will receive a _Login Attributes Token_ as well as the normal Realme FLT with the SAMLResponse.
|
287
|
+
|
288
|
+
This strategy facilitates your use of RCMS by making that additional token (if
|
289
|
+
it exists) available in
|
290
|
+
`request.env['omniauth.auth']['credentials']['realme_cms_lat']` e.g.
|
291
|
+
|
292
|
+
```ruby
|
293
|
+
# app/controllers/users/omniauth_callbacks_controller.rb
|
294
|
+
|
295
|
+
module Users
|
296
|
+
class OmniauthCallbacksController < ::Devise::OmniauthCallbacksController
|
297
|
+
skip_before_action :verify_authenticity_token
|
298
|
+
|
299
|
+
def realme
|
300
|
+
realme_flt = request.env['omniauth.auth']['uid']
|
301
|
+
realme_cms_lat = request.env['omniauth.auth']['credentials']['realme_cms_lat']
|
302
|
+
|
303
|
+
# complete your RCMS integration here ...
|
304
|
+
end
|
305
|
+
end
|
306
|
+
end
|
307
|
+
```
|
308
|
+
|
166
309
|
## Development
|
167
310
|
|
168
311
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -171,7 +314,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
171
314
|
|
172
315
|
## Contributing
|
173
316
|
|
174
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
317
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/DigitalNZ/omniauth-realme.
|
175
318
|
|
176
319
|
## License
|
177
320
|
GNU GENERAL PUBLIC LICENSE
|