omniauth-shibboleth 1.2.1 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 522260d787eef76c5a8ff86890b001ecf2f6b524
-  data.tar.gz: e118c60297ee37d49f279a2836f54a94933143b5
+  metadata.gz: 3b94f789defd2f727c3a4c0bc8b33c7dbe60141e
+  data.tar.gz: '09471585f454310be592a3b9cca10bbc32b391d6'
 SHA512:
-  metadata.gz: c143be18e00484f679d4e08c4cd56eeb2c58ea8d5651634a8e35159bb4b9aa03836aa83e906a338d1e458132397b88dc465a9dd07a47fe516e4f828500e5f083
-  data.tar.gz: a136b0b97c1299535f9d06bf96bb27869f96fd35b5d5ab7318b304e3c9b44c11ee3948a5b43b67de13e2926c1adfa625d136fecc179e31a0a10c7876a4f05653
+  metadata.gz: 342c129d04c0b59720472cf7851a6e5e48b0ce5eade269978316d28c8be257ca9bc5b424dc0008c248b7895582ea456d10504c74ee28ce094454d626e590779d
+  data.tar.gz: e3fc73b3e1767eb962b590a4e5721364cb9a7db941f40e32e763efe2b75641ae363e64dec970284fe2ae800dc3a45d928652191f28a8a69083cac50cf35553ba

data/README.md

@@ -167,6 +167,48 @@ When you deploy a new application, you may want to confirm the assumed attribute
       provider :shibboleth, { :debug => true }
     end
 
+### :multi_values option
+
+If your application want to receive multiple values as one attribute, Shibboleth passes them as follows:
+
+    user2@example2.com;user1@example1.com;user3@example3.com
+
+If your application only wants the first entry sorted by alphabetical order, you can use flexible attribute configuration as follows (since semicolons in attribute values are escaped with a backslash, escaped semicolons are skiped for splitting):
+
+    % vi config/initializer/omniauth.rb
+    Rails.application.config.middleware.use OmniAuth::Builder do
+      provider :shibboleth, {
+        :info_fields => {
+          :email    => lambda {|request_param| request_param.call('email').split(/(?<!\\);/).sort[0]}
+        }
+      }
+    end
+
+However, if you use device to integrate omniauth, lambda function cannot be used. In such a situation, if you still think that attribute conversions in the middleware is required, you can use :multi_values option.
+
+- **:raw** (default) Raw multiple values are passed to the application.
+- **:first** The first entry of multiple values is passed to the application.
+- **lambda function** The other descriptions are regarded as lambda function written in String form. The string will be evaluated as Ruby code and used for processing multiple values in the attribute.
+
+If you specify :first, you can obtain `user2@example.com` in the above example.
+
+    % vi config/initializer/omniauth.rb
+    Rails.application.config.middleware.use OmniAuth::Builder do
+      provider :shibboleth, {
+        :multi_values => :first
+      }
+    end
+
+If you need the first attribute in alphabetical order, you can specify lambda function in String form as follows:
+
+    % vi config/initializer/omniauth.rb
+    Rails.application.config.middleware.use OmniAuth::Builder do
+      provider :shibboleth, {
+        :multi_values => 'lambda {|param_value| param_value.nil? ? nil : param_value.split(/(?<!\\\\);/).sort[0]}'
+      }
+    end
+
+
 ## License (MIT License)
 
 omniauth-shibboleth is released under the MIT license.

data/Rakefile

@@ -1,7 +1,5 @@
 require 'bundler'
 Bundler::GemHelper.install_tasks
-require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new("spec")
 task :default => :spec
-task :test => :spec
-

data/lib/omniauth-shibboleth/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Shibboleth
-    VERSION = "1.2.1"
+    VERSION = "1.3.0"
   end
 end

data/lib/omniauth/strategies/shibboleth.rb

@@ -12,6 +12,7 @@ module OmniAuth
       option :debug, false
       option :fail_with_empty_uid, false
       option :request_type, :env
+      option :multi_values, :raw
 
       def request_phase
         [ 
@@ -25,7 +26,7 @@ module OmniAuth
       end
 
       def request_params
-        case options[:request_type]
+        case options.request_type
         when :env, 'env', :header, 'header'
           request.env
         when :params, 'params'
@@ -34,18 +35,32 @@ module OmniAuth
       end
 
       def request_param(key)
-        case options[:request_type]
-        when :env, 'env'
-          request.env[key]
-        when :header, 'header'
-          request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
-        when :params, 'params'
-          request.params[key]
+        multi_value_handler(
+          case options.request_type
+          when :env, 'env'
+            request.env[key]
+          when :header, 'header'
+            request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
+          when :params, 'params'
+            request.params[key]
+          end
+        )
+      end
+
+      def multi_value_handler(param_value)
+        case options.multi_values
+        when :raw, 'raw'
+          param_value
+        when :first, 'first'
+          return nil if param_value.nil?
+          param_value.split(/(?<!\\);/).first.gsub('\\;', ';')
+        else
+          eval(options.multi_values).call(param_value)
         end
       end
 
       def callback_phase
-        if options[:debug]
+        if options.debug
           # dump attributes
           return [
             200,
@@ -56,7 +71,7 @@ module OmniAuth
           ]
         end
         return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
-        return fail!(:empty_uid) if options[:fail_with_empty_uid] && option_handler(options.uid_field).empty?
+        return fail!(:empty_uid) if options.fail_with_empty_uid && option_handler(options.uid_field).empty?
         super
       end
 

data/spec/app_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe 'app_spec' do
+  it {
+    expect(1).to eq(1)
+  }
+end

data/spec/omniauth/strategies/shibboleth_spec.rb

@@ -64,7 +64,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @eppn = 'test@example.com'
         @display_name = 'Test User'
         env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'eppn' => @eppn, 'displayName' => @display_name)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
         expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
       end
@@ -88,7 +88,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @organization = 'Test Corporation'
         @affiliation = 'faculty'
         env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
         expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
         expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
@@ -96,7 +96,7 @@ describe OmniAuth::Strategies::Shibboleth do
     end
 
     context 'with debug options' do
-      let(:options){ { :debug => true} }
+      let(:options) { { :debug => true } }
       let(:app){ lambda{|env| [404, {}, ['Not Found']]}}
       let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
 
@@ -129,14 +129,14 @@ describe OmniAuth::Strategies::Shibboleth do
         @organization = 'Test Corporation'
         @affiliation = 'faculty'
         env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
         expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
         expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
         expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
       end
     end
-    
+
     context "with request_type = 'header'" do
       let(:options){ {
         :request_type => 'header',
@@ -156,7 +156,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @organization = 'Test Corporation'
         @affiliation = 'faculty'
         env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
         expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
         expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
@@ -183,7 +183,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @organization = 'Test Corporation'
         @affiliation = 'faculty'
         env = make_env('/auth/shibboleth/callback', 'QUERY_STRING' => "Shib-Session-ID=#{@dummy_id}&uid=#{@uid}&displayName=#{@display_name}&o=#{@organization}&affiliation=#{@affiliation}")
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
         expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
         expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
@@ -213,7 +213,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @organization = 'Test Corporation'
         @affiliation = 'faculty'
         env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'eppn' => @eppn, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
         expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
         expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
@@ -232,7 +232,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @organization = 'Test Corporation'
         @affiliation = 'faculty'
         env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'mail' => @mail, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@mail)
         expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
         expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
@@ -256,7 +256,7 @@ describe OmniAuth::Strategies::Shibboleth do
         @display_name = 'Test User'
         @uid = ''
         env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name)
-        response = strategy.call!(env)
+        strategy.call!(env)
         expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
       end
     end
@@ -283,5 +283,79 @@ describe OmniAuth::Strategies::Shibboleth do
         expect(response[1]["Location"]).to eq(empty_uid_failure_path)
       end
     end
+
+    context 'with :multi_values => :raw' do
+      let(:options){ {
+        :request_type => :env,
+        :shib_session_id_field => 'Shib-Session-ID',
+        :shib_application_id_field => 'Shib-Application-ID',
+        :uid_field => :uid,
+        :name_field => :displayName,
+        :info_fields => {:email => "mail"} } }
+      let(:app){ lambda{|env| [200, {}, ['OK']]}}
+      let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
+
+      it 'is expected to return the raw value' do
+        @dummy_id = 'abcdefg'
+        @display_name = 'Test User'
+        @uid = 'test'
+        @mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
+        env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
+        strategy.call!(env)
+        expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
+        expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
+        expect(strategy.env['omniauth.auth']['info']['email']).to eq(@mail)
+      end
+    end
+
+    context 'with :multi_values => :first' do
+      let(:options){ {
+        :multi_values => :first,
+        :request_type => :env,
+        :shib_session_id_field => 'Shib-Session-ID',
+        :shib_application_id_field => 'Shib-Application-ID',
+        :uid_field => :uid,
+        :name_field => :displayName,
+        :info_fields => {:email => "mail"} } }
+      let(:app){ lambda{|env| [200, {}, ['OK']]}}
+      let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
+
+      it 'is expected return the first value by specifying :first' do
+        @dummy_id = 'abcdefg'
+        @display_name = 'Test User'
+        @uid = 'test'
+        @mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
+        env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
+        strategy.call!(env)
+        expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
+        expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
+        expect(strategy.env['omniauth.auth']['info']['email']).to eq('test2;hoge@example.com')
+      end
+    end
+
+    context 'with :multi_values => lambda function' do
+      let(:options){ {
+        :multi_values => "lambda {|param_value| param_value.nil? ? nil : param_value.split(/(?<!\\\\);/).sort[0].gsub('\\;',';')}",
+        :request_type => :env,
+        :shib_session_id_field => 'Shib-Session-ID',
+        :shib_application_id_field => 'Shib-Application-ID',
+        :uid_field => :uid,
+        :name_field => :displayName,
+        :info_fields => {:email => "mail"} } }
+      let(:app){ lambda{|env| [200, {}, ['OK']]}}
+      let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
+      it 'is expected return the processed value by specifying lambda function' do
+        @dummy_id = 'abcdefg'
+        @display_name = 'Test User'
+        @uid = 'test'
+        @mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
+        env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
+        strategy.call!(env)
+        expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
+        expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
+        expect(strategy.env['omniauth.auth']['info']['email']).to eq('test1;hoge@example.com')
+      end
+    end
+
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-shibboleth
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.0
 platform: ruby
 authors:
 - Toyokazu Akiyama
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-22 00:00:00.000000000 Z
+date: 2017-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -81,6 +81,7 @@ files:
 - lib/omniauth-shibboleth/version.rb
 - lib/omniauth/strategies/shibboleth.rb
 - omniauth-shibboleth.gemspec
+- spec/app_spec.rb
 - spec/omniauth/strategies/shibboleth_spec.rb
 - spec/spec_helper.rb
 homepage: ''
@@ -103,10 +104,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: OmniAuth Shibboleth strategies for OmniAuth 1.x
 test_files:
+- spec/app_spec.rb
 - spec/omniauth/strategies/shibboleth_spec.rb
 - spec/spec_helper.rb