omniauth-shibboleth 1.2.1 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +42 -0
- data/Rakefile +2 -4
- data/lib/omniauth-shibboleth/version.rb +1 -1
- data/lib/omniauth/strategies/shibboleth.rb +25 -10
- data/spec/app_spec.rb +7 -0
- data/spec/omniauth/strategies/shibboleth_spec.rb +84 -10
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3b94f789defd2f727c3a4c0bc8b33c7dbe60141e
|
4
|
+
data.tar.gz: '09471585f454310be592a3b9cca10bbc32b391d6'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 342c129d04c0b59720472cf7851a6e5e48b0ce5eade269978316d28c8be257ca9bc5b424dc0008c248b7895582ea456d10504c74ee28ce094454d626e590779d
|
7
|
+
data.tar.gz: e3fc73b3e1767eb962b590a4e5721364cb9a7db941f40e32e763efe2b75641ae363e64dec970284fe2ae800dc3a45d928652191f28a8a69083cac50cf35553ba
|
data/README.md
CHANGED
@@ -167,6 +167,48 @@ When you deploy a new application, you may want to confirm the assumed attribute
|
|
167
167
|
provider :shibboleth, { :debug => true }
|
168
168
|
end
|
169
169
|
|
170
|
+
### :multi_values option
|
171
|
+
|
172
|
+
If your application want to receive multiple values as one attribute, Shibboleth passes them as follows:
|
173
|
+
|
174
|
+
user2@example2.com;user1@example1.com;user3@example3.com
|
175
|
+
|
176
|
+
If your application only wants the first entry sorted by alphabetical order, you can use flexible attribute configuration as follows (since semicolons in attribute values are escaped with a backslash, escaped semicolons are skiped for splitting):
|
177
|
+
|
178
|
+
% vi config/initializer/omniauth.rb
|
179
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
180
|
+
provider :shibboleth, {
|
181
|
+
:info_fields => {
|
182
|
+
:email => lambda {|request_param| request_param.call('email').split(/(?<!\\);/).sort[0]}
|
183
|
+
}
|
184
|
+
}
|
185
|
+
end
|
186
|
+
|
187
|
+
However, if you use device to integrate omniauth, lambda function cannot be used. In such a situation, if you still think that attribute conversions in the middleware is required, you can use :multi_values option.
|
188
|
+
|
189
|
+
- **:raw** (default) Raw multiple values are passed to the application.
|
190
|
+
- **:first** The first entry of multiple values is passed to the application.
|
191
|
+
- **lambda function** The other descriptions are regarded as lambda function written in String form. The string will be evaluated as Ruby code and used for processing multiple values in the attribute.
|
192
|
+
|
193
|
+
If you specify :first, you can obtain `user2@example.com` in the above example.
|
194
|
+
|
195
|
+
% vi config/initializer/omniauth.rb
|
196
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
197
|
+
provider :shibboleth, {
|
198
|
+
:multi_values => :first
|
199
|
+
}
|
200
|
+
end
|
201
|
+
|
202
|
+
If you need the first attribute in alphabetical order, you can specify lambda function in String form as follows:
|
203
|
+
|
204
|
+
% vi config/initializer/omniauth.rb
|
205
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
206
|
+
provider :shibboleth, {
|
207
|
+
:multi_values => 'lambda {|param_value| param_value.nil? ? nil : param_value.split(/(?<!\\\\);/).sort[0]}'
|
208
|
+
}
|
209
|
+
end
|
210
|
+
|
211
|
+
|
170
212
|
## License (MIT License)
|
171
213
|
|
172
214
|
omniauth-shibboleth is released under the MIT license.
|
data/Rakefile
CHANGED
@@ -12,6 +12,7 @@ module OmniAuth
|
|
12
12
|
option :debug, false
|
13
13
|
option :fail_with_empty_uid, false
|
14
14
|
option :request_type, :env
|
15
|
+
option :multi_values, :raw
|
15
16
|
|
16
17
|
def request_phase
|
17
18
|
[
|
@@ -25,7 +26,7 @@ module OmniAuth
|
|
25
26
|
end
|
26
27
|
|
27
28
|
def request_params
|
28
|
-
case options
|
29
|
+
case options.request_type
|
29
30
|
when :env, 'env', :header, 'header'
|
30
31
|
request.env
|
31
32
|
when :params, 'params'
|
@@ -34,18 +35,32 @@ module OmniAuth
|
|
34
35
|
end
|
35
36
|
|
36
37
|
def request_param(key)
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
38
|
+
multi_value_handler(
|
39
|
+
case options.request_type
|
40
|
+
when :env, 'env'
|
41
|
+
request.env[key]
|
42
|
+
when :header, 'header'
|
43
|
+
request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
|
44
|
+
when :params, 'params'
|
45
|
+
request.params[key]
|
46
|
+
end
|
47
|
+
)
|
48
|
+
end
|
49
|
+
|
50
|
+
def multi_value_handler(param_value)
|
51
|
+
case options.multi_values
|
52
|
+
when :raw, 'raw'
|
53
|
+
param_value
|
54
|
+
when :first, 'first'
|
55
|
+
return nil if param_value.nil?
|
56
|
+
param_value.split(/(?<!\\);/).first.gsub('\\;', ';')
|
57
|
+
else
|
58
|
+
eval(options.multi_values).call(param_value)
|
44
59
|
end
|
45
60
|
end
|
46
61
|
|
47
62
|
def callback_phase
|
48
|
-
if options
|
63
|
+
if options.debug
|
49
64
|
# dump attributes
|
50
65
|
return [
|
51
66
|
200,
|
@@ -56,7 +71,7 @@ module OmniAuth
|
|
56
71
|
]
|
57
72
|
end
|
58
73
|
return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
|
59
|
-
return fail!(:empty_uid) if options
|
74
|
+
return fail!(:empty_uid) if options.fail_with_empty_uid && option_handler(options.uid_field).empty?
|
60
75
|
super
|
61
76
|
end
|
62
77
|
|
data/spec/app_spec.rb
ADDED
@@ -64,7 +64,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
64
64
|
@eppn = 'test@example.com'
|
65
65
|
@display_name = 'Test User'
|
66
66
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'eppn' => @eppn, 'displayName' => @display_name)
|
67
|
-
|
67
|
+
strategy.call!(env)
|
68
68
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
|
69
69
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
70
70
|
end
|
@@ -88,7 +88,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
88
88
|
@organization = 'Test Corporation'
|
89
89
|
@affiliation = 'faculty'
|
90
90
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
91
|
-
|
91
|
+
strategy.call!(env)
|
92
92
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
93
93
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
94
94
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
@@ -96,7 +96,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
96
96
|
end
|
97
97
|
|
98
98
|
context 'with debug options' do
|
99
|
-
let(:options){ { :debug => true} }
|
99
|
+
let(:options) { { :debug => true } }
|
100
100
|
let(:app){ lambda{|env| [404, {}, ['Not Found']]}}
|
101
101
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
102
102
|
|
@@ -129,14 +129,14 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
129
129
|
@organization = 'Test Corporation'
|
130
130
|
@affiliation = 'faculty'
|
131
131
|
env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
|
132
|
-
|
132
|
+
strategy.call!(env)
|
133
133
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
134
134
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
135
135
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
136
136
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
137
137
|
end
|
138
138
|
end
|
139
|
-
|
139
|
+
|
140
140
|
context "with request_type = 'header'" do
|
141
141
|
let(:options){ {
|
142
142
|
:request_type => 'header',
|
@@ -156,7 +156,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
156
156
|
@organization = 'Test Corporation'
|
157
157
|
@affiliation = 'faculty'
|
158
158
|
env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
|
159
|
-
|
159
|
+
strategy.call!(env)
|
160
160
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
161
161
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
162
162
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
@@ -183,7 +183,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
183
183
|
@organization = 'Test Corporation'
|
184
184
|
@affiliation = 'faculty'
|
185
185
|
env = make_env('/auth/shibboleth/callback', 'QUERY_STRING' => "Shib-Session-ID=#{@dummy_id}&uid=#{@uid}&displayName=#{@display_name}&o=#{@organization}&affiliation=#{@affiliation}")
|
186
|
-
|
186
|
+
strategy.call!(env)
|
187
187
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
188
188
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
189
189
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
@@ -213,7 +213,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
213
213
|
@organization = 'Test Corporation'
|
214
214
|
@affiliation = 'faculty'
|
215
215
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'eppn' => @eppn, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
216
|
-
|
216
|
+
strategy.call!(env)
|
217
217
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
|
218
218
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
|
219
219
|
expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
|
@@ -232,7 +232,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
232
232
|
@organization = 'Test Corporation'
|
233
233
|
@affiliation = 'faculty'
|
234
234
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'mail' => @mail, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
235
|
-
|
235
|
+
strategy.call!(env)
|
236
236
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@mail)
|
237
237
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
|
238
238
|
expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
|
@@ -256,7 +256,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
256
256
|
@display_name = 'Test User'
|
257
257
|
@uid = ''
|
258
258
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name)
|
259
|
-
|
259
|
+
strategy.call!(env)
|
260
260
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
261
261
|
end
|
262
262
|
end
|
@@ -283,5 +283,79 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
283
283
|
expect(response[1]["Location"]).to eq(empty_uid_failure_path)
|
284
284
|
end
|
285
285
|
end
|
286
|
+
|
287
|
+
context 'with :multi_values => :raw' do
|
288
|
+
let(:options){ {
|
289
|
+
:request_type => :env,
|
290
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
291
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
292
|
+
:uid_field => :uid,
|
293
|
+
:name_field => :displayName,
|
294
|
+
:info_fields => {:email => "mail"} } }
|
295
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
296
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
297
|
+
|
298
|
+
it 'is expected to return the raw value' do
|
299
|
+
@dummy_id = 'abcdefg'
|
300
|
+
@display_name = 'Test User'
|
301
|
+
@uid = 'test'
|
302
|
+
@mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
|
303
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
|
304
|
+
strategy.call!(env)
|
305
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
306
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
307
|
+
expect(strategy.env['omniauth.auth']['info']['email']).to eq(@mail)
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
311
|
+
context 'with :multi_values => :first' do
|
312
|
+
let(:options){ {
|
313
|
+
:multi_values => :first,
|
314
|
+
:request_type => :env,
|
315
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
316
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
317
|
+
:uid_field => :uid,
|
318
|
+
:name_field => :displayName,
|
319
|
+
:info_fields => {:email => "mail"} } }
|
320
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
321
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
322
|
+
|
323
|
+
it 'is expected return the first value by specifying :first' do
|
324
|
+
@dummy_id = 'abcdefg'
|
325
|
+
@display_name = 'Test User'
|
326
|
+
@uid = 'test'
|
327
|
+
@mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
|
328
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
|
329
|
+
strategy.call!(env)
|
330
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
331
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
332
|
+
expect(strategy.env['omniauth.auth']['info']['email']).to eq('test2;hoge@example.com')
|
333
|
+
end
|
334
|
+
end
|
335
|
+
|
336
|
+
context 'with :multi_values => lambda function' do
|
337
|
+
let(:options){ {
|
338
|
+
:multi_values => "lambda {|param_value| param_value.nil? ? nil : param_value.split(/(?<!\\\\);/).sort[0].gsub('\\;',';')}",
|
339
|
+
:request_type => :env,
|
340
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
341
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
342
|
+
:uid_field => :uid,
|
343
|
+
:name_field => :displayName,
|
344
|
+
:info_fields => {:email => "mail"} } }
|
345
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
346
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
347
|
+
it 'is expected return the processed value by specifying lambda function' do
|
348
|
+
@dummy_id = 'abcdefg'
|
349
|
+
@display_name = 'Test User'
|
350
|
+
@uid = 'test'
|
351
|
+
@mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
|
352
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
|
353
|
+
strategy.call!(env)
|
354
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
355
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
356
|
+
expect(strategy.env['omniauth.auth']['info']['email']).to eq('test1;hoge@example.com')
|
357
|
+
end
|
358
|
+
end
|
359
|
+
|
286
360
|
end
|
287
361
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-shibboleth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Toyokazu Akiyama
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|
@@ -81,6 +81,7 @@ files:
|
|
81
81
|
- lib/omniauth-shibboleth/version.rb
|
82
82
|
- lib/omniauth/strategies/shibboleth.rb
|
83
83
|
- omniauth-shibboleth.gemspec
|
84
|
+
- spec/app_spec.rb
|
84
85
|
- spec/omniauth/strategies/shibboleth_spec.rb
|
85
86
|
- spec/spec_helper.rb
|
86
87
|
homepage: ''
|
@@ -103,10 +104,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
104
|
version: '0'
|
104
105
|
requirements: []
|
105
106
|
rubyforge_project:
|
106
|
-
rubygems_version: 2.
|
107
|
+
rubygems_version: 2.6.8
|
107
108
|
signing_key:
|
108
109
|
specification_version: 4
|
109
110
|
summary: OmniAuth Shibboleth strategies for OmniAuth 1.x
|
110
111
|
test_files:
|
112
|
+
- spec/app_spec.rb
|
111
113
|
- spec/omniauth/strategies/shibboleth_spec.rb
|
112
114
|
- spec/spec_helper.rb
|