omniauth-seb-elink 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +5 -5
  2. data/.github/workflows/ruby.yml +24 -0
  3. data/Gemfile +2 -2
  4. data/README.md +9 -9
  5. data/lib/omniauth/seb/version.rb +1 -1
  6. data/lib/omniauth/strategies/seb/response.rb +6 -2
  7. data/lib/omniauth/strategies/seb.rb +36 -3
  8. data/omniauth-seb-elink.gemspec +6 -5
  9. data/spec/omniauth/strategies/seb_spec.rb +16 -5
  10. metadata +27 -14
  11. data/.travis.yml +0 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 3efafa13a897a9b344b1d6032da283ea33e9bce5
4
- data.tar.gz: 37aa6f644100676823f02d7e59753a6a1bc4290d
2
+ SHA256:
3
+ metadata.gz: 63a20636eaafeaada769b4139cd32f70e9f70282a44723a25afdf7ffd8e48867
4
+ data.tar.gz: 0d5805ec85c00c201200d7920c7b2e56f906448751c30968984c3afabd7416b9
5
5
  SHA512:
6
- metadata.gz: 5f80b64234ab5cfeab0be8075622b3113b01850053318d0dbfa78c7cc3352128df4dec80b6928ef05f418951d369e3937109ad73e511253cf20bbd85f2d4f39b
7
- data.tar.gz: cdd90b142b2d0787aa5e6218814af2c00794e620f951a3369233efdfc2482e966b179e5ed8b161f66eedd0d15aa8d4817d0c9928861112a643f3b5cebcb9f4c3
6
+ metadata.gz: 37c8bf6ed5de4b3c5a9dc2de79c1c313e43bdcaf003f060971f92e623e7ecb8e93f27602dbbc95100f14828053c5b4afa2857dec70657ddad0dbb9823204d0a3
7
+ data.tar.gz: fc2c7d8e22926dbad0f7b427e6532a4b299b727f1b96cca51189973d243e8e9d26c73e38312c55a989ca38dd035b7b1547c2a9c994cf2da2a2db3e975507aa3f
data/.github/workflows/ruby.yml ADDED
@@ -0,0 +1,24 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - main
7
+ pull_request:
8
+
9
+ jobs:
10
+ test:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ matrix:
14
+ ruby-version: ['2.7', '3.0', '3.1', '3.2']
15
+
16
+ steps:
17
+ - uses: actions/checkout@v4
18
+ - name: Set up Ruby
19
+ uses: ruby/setup-ruby@v1
20
+ with:
21
+ ruby-version: ${{ matrix.ruby-version }}
22
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
23
+ - name: Run tests
24
+ run: bundle exec rspec
data/Gemfile CHANGED
@@ -1,4 +1,4 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
- # Specify your gem's dependencies in omniauth-nordea.gemspec
4
- gemspec
3
+ # Specify your gem's dependencies in omniauth-seb-elink.gemspec
4
+ gemspec
data/README.md CHANGED
@@ -2,20 +2,20 @@
2
2
 
3
3
  Omniauth strategy for using SEB e-link as an authentication service provider.
4
4
 
5
- [![Build Status](https://travis-ci.org/mak-it/omniauth-seb-elink.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-seb-elink)
6
-
7
- Supported Ruby versions: 2.2+
5
+ Supported Ruby versions: 2.7+
8
6
 
9
7
  ## Related projects
10
- - [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele
11
- - [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
12
- - [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
13
- - [omniauth-swedbank](https://github.com/mak-it/omniauth-swedbank) - strategy for authenticating with Swedbank
8
+
9
+ - [omniauth-citadele](https://github.com/mitigate-dev/omniauth-citadele) - strategy for authenticating with Citadele
10
+ - [omniauth-dnb](https://github.com/mitigate-dev/omniauth-dnb) - strategy for authenticating with DNB
11
+ - [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea
12
+ - [omniauth-swedbank](https://github.com/mitigate-dev/omniauth-swedbank) - strategy for authenticating with Swedbank
14
13
 
15
14
  ## Installation
16
15
 
17
- Add this line to your application's Gemfile:
16
+ Add these lines to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails):
18
17
 
18
+ gem 'omniauth-rails_csrf_protection'
19
19
  gem 'omniauth-seb-elink'
20
20
 
21
21
  And then execute:
@@ -24,7 +24,7 @@ And then execute:
24
24
 
25
25
  Or install it yourself as:
26
26
 
27
- $ gem install omniauth-seb-elink
27
+ $ gem install omniauth-rails_csrf_protection omniauth-seb-elink
28
28
 
29
29
  ## Usage
30
30
 
data/lib/omniauth/seb/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Seb
3
- VERSION = '0.1.0'
3
+ VERSION = '0.2.0'
4
4
  end
5
5
  end
data/lib/omniauth/strategies/seb/response.rb CHANGED
@@ -22,8 +22,12 @@ module OmniAuth
22
22
  raw_str = SIGNED_KEYS.map{|k| prepend_length(@hash[k])}.join
23
23
  received_sig_str = Base64.decode64(@hash['IB_CRC'])
24
24
 
25
- if !pub_key.verify(OpenSSL::Digest::SHA1.new, received_sig_str, raw_str)
26
- raise ValidationError, 'Invalid signature'
25
+ if !pub_key.verify(OpenSSL::Digest::SHA512.new, received_sig_str, raw_str)
26
+ if !pub_key.verify(OpenSSL::Digest::SHA1.new, received_sig_str, raw_str)
27
+ raise ValidationError, 'Invalid signature'
28
+ else
29
+ OmniAuth.logger.debug('Received message with old SHA1 signature from SEB')
30
+ end
27
31
  end
28
32
 
29
33
  self
data/lib/omniauth/strategies/seb.rb CHANGED
@@ -12,6 +12,14 @@ module OmniAuth
12
12
 
13
13
  include OmniAuth::Strategy
14
14
 
15
+ def self.render_nonce?
16
+ defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
17
+ end
18
+ if render_nonce?
19
+ include ActionDispatch::ContentSecurityPolicy::Request
20
+ delegate :get_header, :set_header, to: :request
21
+ end
22
+
15
23
  args [:public_crt, :snd_id]
16
24
 
17
25
  option :public_crt, nil
@@ -62,24 +70,49 @@ module OmniAuth
62
70
  def request_phase
63
71
  fail!(:invalid_snd_id) if options.snd_id.nil?
64
72
 
73
+ set_locale_from_query_param
74
+
65
75
  message = OmniAuth::Strategies::Seb::Message.new(
66
76
  'IB_SND_ID': options.snd_id,
67
77
  'IB_SERVICE': AUTH_SERVICE,
68
- 'IB_LANG': 'LAT'
78
+ 'IB_LANG': resolve_bank_ui_language
69
79
  )
70
80
 
71
81
  # Build redirect form
72
82
  form = OmniAuth::Form.new(title: I18n.t('omniauth.seb.please_wait'), url: options.site)
73
83
 
74
84
  message.each_pair do |k,v|
75
- form.html "<input type=\"hidden\" name=\"#{k}\" value=\"#{v}\" />"
85
+ form.html "<input type=\"hidden\" name=\"#{escape(k.to_s)}\" value=\"#{escape(v)}\" />"
76
86
  end
77
87
 
78
88
  form.button I18n.t('omniauth.seb.click_here_if_not_redirected')
89
+ nonce_attribute = nil
90
+ if self.class.render_nonce?
91
+ nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
92
+ end
79
93
  form.instance_variable_set('@html',
80
- form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
94
+ form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
81
95
  form.to_response
82
96
  end
97
+
98
+ private
99
+
100
+ def set_locale_from_query_param
101
+ locale = request.params['locale']
102
+ I18n.locale = locale if I18n.locale_available?(locale)
103
+ end
104
+
105
+ def resolve_bank_ui_language
106
+ case I18n.locale
107
+ when :ru then 'RUS'
108
+ when :en then 'ENG'
109
+ else 'LAT'
110
+ end
111
+ end
112
+
113
+ def escape(html_attribute_value)
114
+ CGI.escapeHTML(html_attribute_value) unless html_attribute_value.nil?
115
+ end
83
116
  end
84
117
  end
85
118
  end
data/omniauth-seb-elink.gemspec CHANGED
@@ -6,11 +6,11 @@ require 'omniauth/seb/version'
6
6
  Gem::Specification.new do |gem|
7
7
  gem.name = 'omniauth-seb-elink'
8
8
  gem.version = Omniauth::Seb::VERSION
9
- gem.authors = ['MAK IT']
10
- gem.email = ['admin@makit.lv']
9
+ gem.authors = ['Mitigate']
10
+ gem.email = ['admin@mitigate.dev']
11
11
  gem.description = %q{OmniAuth strategy for SEB e-link}
12
12
  gem.summary = %q{OmniAuth strategy for SEB e-link}
13
- gem.homepage = 'https://github.com/mak-it/omniauth-seb-elink'
13
+ gem.homepage = 'https://github.com/mitigate-dev/omniauth-seb-elink'
14
14
  gem.license = 'MIT'
15
15
 
16
16
  gem.files = `git ls-files`.split($/)
@@ -18,13 +18,14 @@ Gem::Specification.new do |gem|
18
18
  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
19
19
  gem.require_paths = ['lib']
20
20
 
21
- gem.required_ruby_version = '>= 2.2.2'
21
+ gem.required_ruby_version = '>= 2.7'
22
22
 
23
- gem.add_runtime_dependency 'omniauth', '~> 1.0'
23
+ gem.add_runtime_dependency 'omniauth', '~> 2.1'
24
24
  gem.add_runtime_dependency 'i18n'
25
25
 
26
26
  gem.add_development_dependency 'rack-test'
27
27
  gem.add_development_dependency 'rspec'
28
28
  gem.add_development_dependency 'bundler'
29
29
  gem.add_development_dependency 'rake'
30
+ gem.add_development_dependency 'rack-session'
30
31
  end
data/spec/omniauth/strategies/seb_spec.rb CHANGED
@@ -1,17 +1,28 @@
1
1
  require 'spec_helper'
2
+ require 'rack-protection'
3
+ require 'rack/session'
2
4
 
3
5
  describe OmniAuth::Strategies::Seb do
4
6
  PUBLIC_CRT = File.read(File.join(RSpec.configuration.cert_folder, 'response.public.pem'))
5
7
  SND_ID = 'AAA'
6
8
 
7
9
  let(:app){ Rack::Builder.new do |b|
8
- b.use Rack::Session::Cookie, {secret: 'abc123'}
10
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
9
11
  b.use OmniAuth::Strategies::Seb, PUBLIC_CRT, SND_ID
10
12
  b.run lambda{|env| [404, {}, ['Not Found']]}
11
13
  end.to_app }
12
14
 
15
+ let(:token){ Rack::Protection::AuthenticityToken.random_token }
16
+
13
17
  context 'request phase' do
14
- before(:each) { get '/auth/seb' }
18
+ before(:each) do
19
+ post(
20
+ '/auth/seb',
21
+ {},
22
+ 'rack.session' => {csrf: token},
23
+ 'HTTP_X_CSRF_TOKEN' => token
24
+ )
25
+ end
15
26
 
16
27
  it 'displays a single form' do
17
28
  expect(last_response.status).to eq(200)
@@ -25,7 +36,7 @@ describe OmniAuth::Strategies::Seb do
25
36
  EXPECTED_VALUES = {
26
37
  'IB_SND_ID': SND_ID,
27
38
  'IB_SERVICE': OmniAuth::Strategies::Seb::AUTH_SERVICE,
28
- 'IB_LANG': 'LAT'
39
+ 'IB_LANG': 'ENG'
29
40
  }
30
41
 
31
42
  EXPECTED_VALUES.each_pair do |k,v|
@@ -66,7 +77,7 @@ describe OmniAuth::Strategies::Seb do
66
77
 
67
78
  context 'with non-existant public key file' do
68
79
  let(:app){ Rack::Builder.new do |b|
69
- b.use Rack::Session::Cookie, {secret: 'abc123'}
80
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
70
81
  b.use(OmniAuth::Strategies::Seb, 'missing-public-key-file.pem', SND_ID )
71
82
  b.run lambda{|env| [404, {}, ['Not Found']]}
72
83
  end.to_app }
@@ -80,7 +91,7 @@ describe OmniAuth::Strategies::Seb do
80
91
 
81
92
  context 'with non-existant SND ID' do
82
93
  let(:app){ Rack::Builder.new do |b|
83
- b.use Rack::Session::Cookie, {secret: 'abc123'}
94
+ b.use Rack::Session::Cookie, {secret: '5242e6bd9daf0e9645c2d4e22b11ba8cee0bed44439906d5f1bd5dad409d8637'}
84
95
  b.use(OmniAuth::Strategies::Seb, PUBLIC_CRT, nil )
85
96
  b.run lambda{|env| [404, {}, ['Not Found']]}
86
97
  end.to_app }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-seb-elink
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
- - MAK IT
8
- autorequire:
7
+ - Mitigate
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-14 00:00:00.000000000 Z
11
+ date: 2023-09-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.0'
19
+ version: '2.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '2.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: i18n
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,15 +94,29 @@ dependencies:
94
94
  - - ">="
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rack-session
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
97
111
  description: OmniAuth strategy for SEB e-link
98
112
  email:
99
- - admin@makit.lv
113
+ - admin@mitigate.dev
100
114
  executables: []
101
115
  extensions: []
102
116
  extra_rdoc_files: []
103
117
  files:
118
+ - ".github/workflows/ruby.yml"
104
119
  - ".gitignore"
105
- - ".travis.yml"
106
120
  - Gemfile
107
121
  - LICENSE.txt
108
122
  - README.md
@@ -119,11 +133,11 @@ files:
119
133
  - spec/certs/response.public.pem
120
134
  - spec/omniauth/strategies/seb_spec.rb
121
135
  - spec/spec_helper.rb
122
- homepage: https://github.com/mak-it/omniauth-seb-elink
136
+ homepage: https://github.com/mitigate-dev/omniauth-seb-elink
123
137
  licenses:
124
138
  - MIT
125
139
  metadata: {}
126
- post_install_message:
140
+ post_install_message:
127
141
  rdoc_options: []
128
142
  require_paths:
129
143
  - lib
@@ -131,16 +145,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
131
145
  requirements:
132
146
  - - ">="
133
147
  - !ruby/object:Gem::Version
134
- version: 2.2.2
148
+ version: '2.7'
135
149
  required_rubygems_version: !ruby/object:Gem::Requirement
136
150
  requirements:
137
151
  - - ">="
138
152
  - !ruby/object:Gem::Version
139
153
  version: '0'
140
154
  requirements: []
141
- rubyforge_project:
142
- rubygems_version: 2.4.8
143
- signing_key:
155
+ rubygems_version: 3.3.26
156
+ signing_key:
144
157
  specification_version: 4
145
158
  summary: OmniAuth strategy for SEB e-link
146
159
  test_files:
data/.travis.yml DELETED
@@ -1,7 +0,0 @@
1
- language: ruby
2
- rvm:
3
- - 2.3
4
- - 2.4
5
- - 2.5
6
- - 2.6
7
- script: bundle exec rspec