omniauth-shibboleth 1.0.8 → 1.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MTU0ZTZkMzMxZTFiMzM1OWU3YWNiMTRmZjMzYjJiZTA0MGUxMTIxMA==
+  data.tar.gz: !binary |-
+    NGQ3ZDY0NDQ1Mzg4N2MyYzQyNThhOTBjMTIzOGE3ZTRkNjI4ZWQ1Mg==
+SHA512:
+  metadata.gz: !binary |-
+    ZDdhYjA1MTkyYTVhYzg0ZDMxZDY2NWUzZjIwZmViMDQxZGVlN2U3ODU0YmM2
+    YjE5NzJlZWYzNGEzNWY4MDc5MGI2ZjYwMzYwZTM2ODk2ODEzN2M5Y2NhNmJh
+    MWE5MWMwMDgwYmMyZWFmYzI5YTU4YjZmZDFiOTgwNmQ0ZjcyZGQ=
+  data.tar.gz: !binary |-
+    MjU0NTdkNDUxOTZlM2Y4OGExMDg5YzEwYmUzNDZhNTczZDFhMWNjYzllNTVk
+    ZDg5YmIzNTEwMmFiMGI0OWZiODVjNzQ0MDNhMjFlNTA5Mzk1ZDZlMmJlN2Yz
+    YzA4NWMzNTczMTc0YThjMGVlMGYyN2E1MmQ5Y2FlMGJhZmQwMGU=

data/README.md

@@ -67,7 +67,24 @@ These can be changed by :uid_field, :name_field option. You can also add any "in
       }
     end
 
-In the above example, Shibboleth strategy does not pass any :info fields and use 'uid' attribute as uid fields.
+In the previous example, Shibboleth strategy does not pass any :info fields and use 'uid' attribute as uid fields.
+
+### !!!NOTICE!!! devise integration issue
+
+When you use omniauth with devise, the omniauth configuration is applied before devise configuration and some part of the configuration overwritten by the devise's. It may not work as you assume. So thus, in that case, currently you should write your configuration only in device configuration.
+
+config/initializers/devise.rb:
+```ruby
+config.omniauth :shibboleth, {:uid_field => 'eppn',
+                         :info_fields => {:email => 'mail', :name => 'cn', :last_name => 'sn'},
+                         :extra_fields => [:schacHomeOrganization]
+                  }
+```
+
+The detail is discussed in the following thread.
+
+https://github.com/plataformatec/devise/issues/2128
+
 
 ### How to authenticate users
 
@@ -91,7 +108,31 @@ Shibboleth strategy assumes the attributes are provided via environment variable
 
 https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking
 
-To provide Shibboleth attributes via environment variables, we can not use proxy_balancer base approach. Currently we can realize it by using Phusion Passenger as an application container. An example construction pattern is shown in presence_checker application (https://github.com/toyokazu/presence_checker/).
+To provide Shibboleth attributes via environment variables, we can not use proxy based approach, e.g. mod_proxy_balancer. Currently we can realize it by using Phusion Passenger as an application container. An example construction pattern is shown in presence_checker application (https://github.com/toyokazu/presence_checker/).
+
+### :request_type option
+
+You understand the issues using ShibUseHeaders, but and yet if you want to use the proxy based approach, you can use :request_type option. This option enables us to specify what kind of parameters are used to create 'omniauth.auth' (auth hash). This option can also be used to develop your Rails application without local IdP and SP by using :params option. The option values are:
+
+- **:env** (default) The environment variables are used to create auth hash.
+- **:header** The auth hash is created from header vaiables. In the Rack middleware, since header variables are treated as environment variables like HTTP_*, the specified variables are converted as the same as header variables, HTTP_*. This :request_type is basically used for mod_proxy_balancer approach.
+- **:params** The query string or POST parameters are used to create auth hash. This :request_type is basically used for development phase. You can emulate SP function by providing parameters as query string. In this case, please do not forget to add Shib-Session-ID or Shib-Application-ID value which is used to check the session is created at SP.
+
+The following is an example configuration.
+
+    % vi config/initializer/omniauth.rb
+    Rails.application.config.middleware.use OmniAuth::Builder do
+      provider :shibboleth, { :request_type => :header }
+    end
+
+If you use proxy based approach, please be sure to add ShibUseHeaders option in mod_shib configuration.
+
+    <Location /secure>
+      AuthType shibboleth
+      ShibRequestSetting requireSession 1
+      ShibUseHeaders On
+      require valid-user
+    </Location>
 
 ### debug mode
 
@@ -104,7 +145,7 @@ When you deploy a new application, you may want to confirm the assumed attribute
 
 ## License (MIT License)
 
-Copyright (C) 2011-2012 by Toyokazu Akiyama.
+omniauth-shibboleth is released under the MIT license.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/omniauth-shibboleth/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Shibboleth
-    VERSION = "1.0.8"
+    VERSION = "1.1.0"
   end
 end

data/lib/omniauth/strategies/shibboleth.rb

@@ -10,6 +10,7 @@ module OmniAuth
       option :info_fields, {}
       option :extra_fields, []
       option :debug, false
+      option :request_type, :env
 
       def request_phase
         [ 
@@ -22,6 +23,26 @@ module OmniAuth
         ]
       end
 
+      def request_params
+        case options[:request_type]
+        when :env, :header
+          request.env
+        when :params
+          request.params
+        end
+      end
+
+      def request_param(key)
+        case options[:request_type]
+        when :env
+          request.env[key]
+        when :header
+          request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
+        when :params
+          request.params[key]
+        end
+      end
+
       def callback_phase
         if options[:debug]
           # dump attributes
@@ -30,34 +51,33 @@ module OmniAuth
             {
               'Content-Type' => 'text/plain'
             },
-            ["!!!!! This message is generated by omniauth-shibboleth. To remove it set :debug to false. !!!!!\n#{request.env.sort.map {|i| "#{i[0]}: #{i[1]}" }.join("\n")}"]
+            ["!!!!! This message is generated by omniauth-shibboleth. To remove it set :debug to false. !!!!!\n#{request_params.sort.map {|i| "#{i[0]}: #{i[1]}" }.join("\n")}"]
           ]
         end
-        return fail!(:no_shibboleth_session) unless (request.env[options.shib_session_id_field.to_s] || request.env[options.shib_application_id_field.to_s])
+        return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
         super
       end
       
       uid do
-        request.env[options.uid_field.to_s]
+        request_param(options.uid_field.to_s)
       end
 
       info do
         res = {
-          :name  => request.env[options.name_field.to_s]
+          :name  => request_param(options.name_field.to_s)
         }
         options.info_fields.each_pair do |k,v|
-          res[k] = request.env[v.to_s]
+          res[k] = request_param(v.to_s)
         end
         res
       end
 
       extra do
         options.extra_fields.inject({:raw_info => {}}) do |hash, field|
-          hash[:raw_info][field] = request.env[field.to_s]
+          hash[:raw_info][field] = request_param(field.to_s)
           hash
         end
       end
-
     end
   end
 end

data/spec/omniauth/strategies/shibboleth_spec.rb

@@ -19,7 +19,7 @@ end
 
 describe OmniAuth::Strategies::Shibboleth do
   let(:app){ Rack::Builder.new do |b|
-    b.use Rack::Session::Cookie
+    b.use Rack::Session::Cookie, {:secret => "abc123"}
     b.use OmniAuth::Strategies::Shibboleth
     b.run lambda{|env| [200, {}, ['Not Found']]}
   end.to_app }
@@ -75,6 +75,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @dummy_id = 'abcdefg'
         @uid = 'test'
         @organization = 'Test Corporation'
+        @affiliation = 'faculty'
         strategy.call!(make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'o' => @organization, 'affiliation' => @affiliation))
         strategy.env['omniauth.auth']['uid'].should == @uid
         strategy.env['omniauth.auth']['extra']['raw_info']['o'].should == @organization
@@ -95,5 +96,57 @@ describe OmniAuth::Strategies::Shibboleth do
         response[0].should == 200
       end
     end
+
+    context 'with request_type = :header' do
+      let(:options){ {
+        :request_type => :header,
+        :shib_session_id_field => 'Shib-Session-ID',
+        :shib_application_id_field => 'Shib-Application-ID',
+        :uid_field => :uid,
+        :name_field => :displayName,
+        :info_fields => {},
+        :extra_fields => [:o, :affiliation] } }
+      let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
+
+      it 'should handle header variables' do
+        @dummy_id = 'abcdefg'
+        @display_name = 'Test User'
+        @uid = 'test'
+        @organization = 'Test Corporation'
+        @affiliation = 'faculty'
+        env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
+        response = strategy.call!(env)
+        strategy.env['omniauth.auth']['uid'].should == @uid
+        strategy.env['omniauth.auth']['info']['name'].should == @display_name
+        strategy.env['omniauth.auth']['extra']['raw_info']['o'].should == @organization
+        strategy.env['omniauth.auth']['extra']['raw_info']['affiliation'].should == @affiliation
+      end
+    end
+
+    context 'with request_type = :params' do
+      let(:options){ {
+        :request_type => :params,
+        :shib_session_id_field => 'Shib-Session-ID',
+        :shib_application_id_field => 'Shib-Application-ID',
+        :uid_field => :uid,
+        :name_field => :displayName,
+        :info_fields => {},
+        :extra_fields => [:o, :affiliation] } }
+      let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
+
+      it 'should handle params variables' do
+        @dummy_id = 'abcdefg'
+        @display_name = 'Test User'
+        @uid = 'test'
+        @organization = 'Test Corporation'
+        @affiliation = 'faculty'
+        env = make_env('/auth/shibboleth/callback', 'QUERY_STRING' => "Shib-Session-ID=#{@dummy_id}&uid=#{@uid}&displayName=#{@display_name}&o=#{@organization}&affiliation=#{@affiliation}")
+        response = strategy.call!(env)
+        strategy.env['omniauth.auth']['uid'].should == @uid
+        strategy.env['omniauth.auth']['info']['name'].should == @display_name
+        strategy.env['omniauth.auth']['extra']['raw_info']['o'].should == @organization
+        strategy.env['omniauth.auth']['extra']['raw_info']['affiliation'].should == @affiliation
+      end
+    end
   end
 end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-shibboleth
 version: !ruby/object:Gem::Version
-  version: 1.0.8
-  prerelease: 
+  version: 1.1.0
 platform: ruby
 authors:
 - Toyokazu Akiyama
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-02 00:00:00.000000000 Z
+date: 2013-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -83,7 +74,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - Gemfile
-- Gemfile.lock
 - lib/omniauth/strategies/shibboleth.rb
 - lib/omniauth-shibboleth/version.rb
 - lib/omniauth-shibboleth.rb
@@ -94,33 +84,26 @@ files:
 - spec/spec_helper.rb
 homepage: ''
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1752171851307709834
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1752171851307709834
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.1.9
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: OmniAuth Shibboleth strategies for OmniAuth 1.x
 test_files:
 - spec/omniauth/strategies/shibboleth_spec.rb

data/Gemfile.lock

@@ -1,35 +0,0 @@
-PATH
-  remote: .
-  specs:
-    omniauth-shibboleth (1.0.8)
-      omniauth (>= 1.0.0)
-
-GEM
-  remote: http://rubygems.org/
-  specs:
-    diff-lcs (1.1.3)
-    hashie (1.2.0)
-    omniauth (1.1.1)
-      hashie (~> 1.2)
-      rack
-    rack (1.4.1)
-    rack-test (0.6.1)
-      rack (>= 1.0)
-    rake (0.9.2.2)
-    rspec (2.11.0)
-      rspec-core (~> 2.11.0)
-      rspec-expectations (~> 2.11.0)
-      rspec-mocks (~> 2.11.0)
-    rspec-core (2.11.1)
-    rspec-expectations (2.11.3)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.11.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  omniauth-shibboleth!
-  rack-test
-  rake
-  rspec (~> 2.8)