omniauth-shibboleth-passive 0.1.0

data/.gitignore

@@ -0,0 +1,24 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/
+
+# Ignore the Gemfile.lock
+/Gemfile.lock
+
+# Ignore .ruby-version
+.ruby-version

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+  - jruby-19mode
+  - rbx

data/Gemfile

@@ -0,0 +1,12 @@
+source 'http://rubygems.org'
+gemspec
+
+gem "coveralls", "~> 0.7.0", require: false, group: :test
+gem "pry-debugger", group: :development, platform: :mri
+gem "pry", group: :development, platforms: [:jruby, :rbx]
+
+platforms :rbx do
+  gem 'rubysl', '~> 2.0' # if using anything in the ruby standard library
+  gem 'json', '~> 1.8.1'
+  gem 'rubinius-coverage'
+end

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Scot Dalton
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,15 @@
+
+[![Gem Version](https://badge.fury.io/rb/omniauth-shibboleth-passive.png)](http://badge.fury.io/rb/omniauth-shibboleth-passive)
+[![Build Status](https://api.travis-ci.org/scotdalton/omniauth-shibboleth-passive.png?branch=master)](https://travis-ci.org/scotdalton/omniauth-shibboleth-passive)
+[![Dependency Status](https://gemnasium.com/scotdalton/omniauth-shibboleth-passive.png)](https://gemnasium.com/scotdalton/omniauth-shibboleth-passive)
+[![Code Climate](https://codeclimate.com/github/scotdalton/omniauth-shibboleth-passive.png)](https://codeclimate.com/github/scotdalton/omniauth-shibboleth-passive)
+[![Coverage Status](https://coveralls.io/repos/scotdalton/omniauth-shibboleth-passive/badge.png?branch=master)](https://coveralls.io/r/scotdalton/omniauth-shibboleth-passive)
+
+OmniAuth strategy for Shibboleth in ["passive mode"](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPProtectContent).
+
+## Overview
+The OmniAuth "Passive" Shibboleth Strategy extends [`OmniAuth::Shibboleth`](https://github.com/toyokazu/omniauth-shibboleth/) to
+provide support for Shibboleth configured in ["passive mode"](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPProtectContent).
+
+In cases where there is no SP Shibboleth session the strategy will redirect to the IdP to try to establish a SP session.
+

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+desc 'Default: run specs.'
+task :default => :spec
+
+desc "Run specs"
+RSpec::Core::RakeTask.new

data/lib/omniauth-shibboleth-passive.rb

@@ -0,0 +1 @@
+require "omniauth/shibboleth-passive"

data/lib/omniauth/shibboleth-passive.rb

@@ -0,0 +1,2 @@
+require 'omniauth/shibboleth/passive/version'
+require 'omniauth/strategies/shibboleth_passive'

data/lib/omniauth/shibboleth/passive/version.rb

@@ -0,0 +1,7 @@
+module OmniAuth
+  module Shibboleth
+    module Passive
+      VERSION = "0.1.0"
+    end
+  end
+end

data/lib/omniauth/strategies/shibboleth_passive.rb

@@ -0,0 +1,50 @@
+require 'omniauth-shibboleth'
+
+module OmniAuth
+  module Strategies
+    class ShibbolethPassive < Shibboleth
+      option :name, :shibboleth_passive
+
+      # Override callback phase to not fail
+      # where there isn't a Shibboleth session
+      def callback_phase
+        if shibboleth_session? || shibboleth_idp_called?
+          unset_shibboleth_idp_called_param
+          (shibboleth_session?) ? super : silent_fail
+        else
+          set_shibboleth_idp_called_param
+          redirect(shibboleth_idp_url)
+        end
+      end
+
+      def silent_fail
+        OmniAuth.config.on_failure.call(env)
+      end
+
+      def shibboleth_idp_url
+        "/Shibboleth.sso/Login?isPassive=true&target=#{URI.escape(callback_url)}"
+      end
+
+      def shibboleth_session?
+        (request_param(options.shib_session_id_field.to_s) || 
+          request_param(options.shib_application_id_field.to_s))
+      end
+
+      def shibboleth_idp_called?
+        shibboleth_idp_called_param == true
+      end
+
+      def set_shibboleth_idp_called_param
+        session[:shibboleth_idp_called] = true
+      end
+
+      def unset_shibboleth_idp_called_param
+        session[:shibboleth_idp_called] = nil
+      end
+
+      def shibboleth_idp_called_param
+        session[:shibboleth_idp_called]
+      end
+    end
+  end
+end

data/omniauth-shibboleth-passive.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/omniauth/shibboleth/passive/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name     = 'omniauth-shibboleth-passive'
+  gem.version  = OmniAuth::Shibboleth::Passive::VERSION
+  gem.authors  = ['Scot Dalton']
+  gem.email    = ['scotdalton@gmail.edu']
+  gem.summary  = 'OmniAuth strategy for Shibboleth in "passive mode"'
+  gem.homepage = 'https://github.com/scotdalton/omniauth-shibboleth-passive'
+  gem.license  = 'MIT'
+
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  gem.require_paths = ['lib']
+
+  gem.add_runtime_dependency 'omniauth-shibboleth', '~> 1.1.0'
+
+  gem.add_development_dependency 'omniauth', '~> 1.2.0'
+  gem.add_development_dependency 'rake', '~> 10.1.0'
+  gem.add_development_dependency 'rspec', '~> 2.14.0'
+  gem.add_development_dependency 'rack-test', '~> 0.6.2'
+  gem.add_development_dependency 'activesupport', '~> 4.0.2'
+end

data/spec/omniauth/strategies/shibboleth_passive_spec.rb

@@ -0,0 +1,124 @@
+require 'spec_helper'
+describe "OmniAuth::Strategies::ShibbolethPassive" do
+  let(:config) { {} }
+  let(:every_request_config) { { passive_idp_callback_frequency: :every_request } }
+  let(:first_request_config) { { passive_idp_callback_frequency: :first_request } }
+  let(:every_5_minutes_config) { { passive_idp_callback_frequency: -> { 5.minutes.ago } } }
+  let(:invalid_config) { { passive_idp_callback_frequency: :invalid_config } }
+  let(:shibboleth_idp_called) { nil }
+  let(:shib_session_id_field) { strategy.options.shib_session_id_field.to_s }
+  let(:shib_application_id_field) { strategy.options.shib_application_id_field.to_s }
+  let(:shib_session_id) { nil }
+  let(:shib_application_id) { nil }
+  before do
+    strategy.env[shib_session_id_field] = shib_session_id
+    strategy.env[shib_application_id_field] = shib_application_id
+  end
+  subject(:strategy) do
+    OmniAuth::Strategies::ShibbolethPassive.new(->(env) {}, config).tap do |s|
+      s.instance_variable_set(:@env, { 'rack.session' => { shibboleth_idp_called: shibboleth_idp_called } })
+      allow(s).to receive(:fail!).and_return(true)
+    end
+  end
+  describe '#name' do
+    subject { strategy.name }
+    it { should eq(:shibboleth_passive)}
+  end
+  describe '#shibboleth_idp_called_param' do
+    subject { strategy.shibboleth_idp_called_param }
+    context "when Shibboleth hasn't been called" do
+      it { should be_nil }
+    end
+    context "when Shibboleth hasn been called" do
+      let(:shibboleth_idp_called) { true }
+      it { should_not be_nil }
+      it { should be_true }
+    end
+  end
+  describe '#set_shibboleth_idp_called_param' do
+    it "should set the IdP called back session variable to true" do
+      strategy.set_shibboleth_idp_called_param
+      expect(strategy.shibboleth_idp_called_param).not_to be_nil
+      expect(strategy.shibboleth_idp_called_param).to be_true
+    end
+  end
+  describe '#unset_shibboleth_idp_called_param' do
+    let(:shibboleth_idp_called) { true }
+    it "should set the IdP called back session variable to nil" do
+      strategy.unset_shibboleth_idp_called_param
+      expect(strategy.shibboleth_idp_called_param).to be_nil
+    end
+  end
+  describe '#shibboleth_session?' do
+    subject { strategy.shibboleth_session? }
+    context 'when there isn\'t a Shibboleth session' do
+      it { should be_false }
+    end
+    context 'when there is a Shibboleth session id' do
+      let(:shib_session_id) { "1234567890" }
+      it { should be_true }
+    end
+    context 'when there is a Shibboleth application id' do
+      let(:shib_application_id) { "1234567890" }
+      it { should be_true }
+    end
+    context 'when there is a Shibboleth session id and a Shibboleth application id' do
+      let(:shib_session_id) { "1234567890" }
+      let(:shib_application_id) { "1234567890" }
+      it { should be_true }
+    end
+  end
+  describe '#shibboleth_idp_url' do
+    subject { strategy.shibboleth_idp_url }
+    it { should eq("/Shibboleth.sso/Login?isPassive=true&target=/auth/shibboleth_passive/callback") }
+  end
+  describe '#shibboleth_idp_called?' do
+    subject { strategy.shibboleth_idp_called? }
+    context 'when the IdP hasn\'t been called back to yet' do
+      before { allow(strategy).to receive(:shibboleth_idp_called_param).and_return(nil) }
+      it { should be_false}
+    end
+    context 'when the IdP has already been called back to' do
+      before { allow(strategy).to receive(:shibboleth_idp_called_param).and_return(true) }
+      it { should be_true }
+    end
+  end
+  describe '#callback_phase' do
+    let(:shibbleth_session) { false }
+    let(:shibboleth_idp_called) { false }
+    before { allow(strategy).to receive(:shibboleth_session?).and_return(shibbleth_session) }
+    before { allow(strategy).to receive(:shibboleth_idp_called?).and_return(shibboleth_idp_called) }
+    before { allow(strategy).to receive(:set_shibboleth_idp_called_param).and_return(true) }
+    before { allow(strategy).to receive(:unset_shibboleth_idp_called_param).and_return(true) }
+    before { allow(strategy).to receive(:silent_fail).and_return(true) }
+    before { strategy.callback_phase }
+    context 'when there is a shibboleth session' do
+      let(:shib_session_id) { "1234567890" }
+      let(:shibbleth_session) { true }
+      it { should_not have_received(:fail!) }
+      it { should_not have_received(:set_shibboleth_idp_called_param) }
+      it { should have_received(:unset_shibboleth_idp_called_param) }
+      it { should_not have_received(:silent_fail) }
+    end
+    context 'when there isn\'t a shibboleth session' do
+      context 'when the IdP hasn\'t been called back to yet' do
+        it { should_not have_received(:fail!) }
+        it { should have_received(:set_shibboleth_idp_called_param) }
+        it { should_not have_received(:unset_shibboleth_idp_called_param) }
+        it { should_not have_received(:silent_fail) }
+      end
+      context 'when the IdP has already been called back' do
+        let(:shibboleth_idp_called) { true }
+        it { should_not have_received(:fail!) }
+        it { should_not have_received(:set_shibboleth_idp_called_param) }
+        it { should have_received(:unset_shibboleth_idp_called_param) }
+        it { should have_received(:silent_fail) }
+      end
+    end
+  end
+  describe '#silent_fail' do
+    it "should not raise an error" do
+      expect { strategy.silent_fail }.not_to raise_error
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'coveralls'
+Coveralls.wear!
+require 'rspec'
+require 'rack/test'
+require 'omniauth'
+require 'omniauth-shibboleth-passive'
+require 'pry'
+require 'active_support/core_ext/numeric/time'
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.extend OmniAuth::Test::StrategyMacros, type: :strategy
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -0,0 +1,163 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-shibboleth-passive
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Scot Dalton
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-shibboleth
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.1.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.14.0
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.2
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.0.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.0.2
+description: 
+email:
+- scotdalton@gmail.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/omniauth-shibboleth-passive.rb
+- lib/omniauth/shibboleth-passive.rb
+- lib/omniauth/shibboleth/passive/version.rb
+- lib/omniauth/strategies/shibboleth_passive.rb
+- omniauth-shibboleth-passive.gemspec
+- spec/omniauth/strategies/shibboleth_passive_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/scotdalton/omniauth-shibboleth-passive
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 2296265459929569504
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 2296265459929569504
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: OmniAuth strategy for Shibboleth in "passive mode"
+test_files:
+- spec/omniauth/strategies/shibboleth_passive_spec.rb
+- spec/spec_helper.rb