omniauth-shibboleth 1.2.1 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +42 -0
- data/Rakefile +2 -4
- data/lib/omniauth-shibboleth/version.rb +1 -1
- data/lib/omniauth/strategies/shibboleth.rb +25 -10
- data/spec/app_spec.rb +7 -0
- data/spec/omniauth/strategies/shibboleth_spec.rb +84 -10
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3b94f789defd2f727c3a4c0bc8b33c7dbe60141e
|
4
|
+
data.tar.gz: '09471585f454310be592a3b9cca10bbc32b391d6'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 342c129d04c0b59720472cf7851a6e5e48b0ce5eade269978316d28c8be257ca9bc5b424dc0008c248b7895582ea456d10504c74ee28ce094454d626e590779d
|
7
|
+
data.tar.gz: e3fc73b3e1767eb962b590a4e5721364cb9a7db941f40e32e763efe2b75641ae363e64dec970284fe2ae800dc3a45d928652191f28a8a69083cac50cf35553ba
|
data/README.md
CHANGED
@@ -167,6 +167,48 @@ When you deploy a new application, you may want to confirm the assumed attribute
|
|
167
167
|
provider :shibboleth, { :debug => true }
|
168
168
|
end
|
169
169
|
|
170
|
+
### :multi_values option
|
171
|
+
|
172
|
+
If your application want to receive multiple values as one attribute, Shibboleth passes them as follows:
|
173
|
+
|
174
|
+
user2@example2.com;user1@example1.com;user3@example3.com
|
175
|
+
|
176
|
+
If your application only wants the first entry sorted by alphabetical order, you can use flexible attribute configuration as follows (since semicolons in attribute values are escaped with a backslash, escaped semicolons are skiped for splitting):
|
177
|
+
|
178
|
+
% vi config/initializer/omniauth.rb
|
179
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
180
|
+
provider :shibboleth, {
|
181
|
+
:info_fields => {
|
182
|
+
:email => lambda {|request_param| request_param.call('email').split(/(?<!\\);/).sort[0]}
|
183
|
+
}
|
184
|
+
}
|
185
|
+
end
|
186
|
+
|
187
|
+
However, if you use device to integrate omniauth, lambda function cannot be used. In such a situation, if you still think that attribute conversions in the middleware is required, you can use :multi_values option.
|
188
|
+
|
189
|
+
- **:raw** (default) Raw multiple values are passed to the application.
|
190
|
+
- **:first** The first entry of multiple values is passed to the application.
|
191
|
+
- **lambda function** The other descriptions are regarded as lambda function written in String form. The string will be evaluated as Ruby code and used for processing multiple values in the attribute.
|
192
|
+
|
193
|
+
If you specify :first, you can obtain `user2@example.com` in the above example.
|
194
|
+
|
195
|
+
% vi config/initializer/omniauth.rb
|
196
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
197
|
+
provider :shibboleth, {
|
198
|
+
:multi_values => :first
|
199
|
+
}
|
200
|
+
end
|
201
|
+
|
202
|
+
If you need the first attribute in alphabetical order, you can specify lambda function in String form as follows:
|
203
|
+
|
204
|
+
% vi config/initializer/omniauth.rb
|
205
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
206
|
+
provider :shibboleth, {
|
207
|
+
:multi_values => 'lambda {|param_value| param_value.nil? ? nil : param_value.split(/(?<!\\\\);/).sort[0]}'
|
208
|
+
}
|
209
|
+
end
|
210
|
+
|
211
|
+
|
170
212
|
## License (MIT License)
|
171
213
|
|
172
214
|
omniauth-shibboleth is released under the MIT license.
|
data/Rakefile
CHANGED
@@ -12,6 +12,7 @@ module OmniAuth
|
|
12
12
|
option :debug, false
|
13
13
|
option :fail_with_empty_uid, false
|
14
14
|
option :request_type, :env
|
15
|
+
option :multi_values, :raw
|
15
16
|
|
16
17
|
def request_phase
|
17
18
|
[
|
@@ -25,7 +26,7 @@ module OmniAuth
|
|
25
26
|
end
|
26
27
|
|
27
28
|
def request_params
|
28
|
-
case options
|
29
|
+
case options.request_type
|
29
30
|
when :env, 'env', :header, 'header'
|
30
31
|
request.env
|
31
32
|
when :params, 'params'
|
@@ -34,18 +35,32 @@ module OmniAuth
|
|
34
35
|
end
|
35
36
|
|
36
37
|
def request_param(key)
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
38
|
+
multi_value_handler(
|
39
|
+
case options.request_type
|
40
|
+
when :env, 'env'
|
41
|
+
request.env[key]
|
42
|
+
when :header, 'header'
|
43
|
+
request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
|
44
|
+
when :params, 'params'
|
45
|
+
request.params[key]
|
46
|
+
end
|
47
|
+
)
|
48
|
+
end
|
49
|
+
|
50
|
+
def multi_value_handler(param_value)
|
51
|
+
case options.multi_values
|
52
|
+
when :raw, 'raw'
|
53
|
+
param_value
|
54
|
+
when :first, 'first'
|
55
|
+
return nil if param_value.nil?
|
56
|
+
param_value.split(/(?<!\\);/).first.gsub('\\;', ';')
|
57
|
+
else
|
58
|
+
eval(options.multi_values).call(param_value)
|
44
59
|
end
|
45
60
|
end
|
46
61
|
|
47
62
|
def callback_phase
|
48
|
-
if options
|
63
|
+
if options.debug
|
49
64
|
# dump attributes
|
50
65
|
return [
|
51
66
|
200,
|
@@ -56,7 +71,7 @@ module OmniAuth
|
|
56
71
|
]
|
57
72
|
end
|
58
73
|
return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
|
59
|
-
return fail!(:empty_uid) if options
|
74
|
+
return fail!(:empty_uid) if options.fail_with_empty_uid && option_handler(options.uid_field).empty?
|
60
75
|
super
|
61
76
|
end
|
62
77
|
|
data/spec/app_spec.rb
ADDED
@@ -64,7 +64,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
64
64
|
@eppn = 'test@example.com'
|
65
65
|
@display_name = 'Test User'
|
66
66
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'eppn' => @eppn, 'displayName' => @display_name)
|
67
|
-
|
67
|
+
strategy.call!(env)
|
68
68
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
|
69
69
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
70
70
|
end
|
@@ -88,7 +88,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
88
88
|
@organization = 'Test Corporation'
|
89
89
|
@affiliation = 'faculty'
|
90
90
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
91
|
-
|
91
|
+
strategy.call!(env)
|
92
92
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
93
93
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
94
94
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
@@ -96,7 +96,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
96
96
|
end
|
97
97
|
|
98
98
|
context 'with debug options' do
|
99
|
-
let(:options){ { :debug => true} }
|
99
|
+
let(:options) { { :debug => true } }
|
100
100
|
let(:app){ lambda{|env| [404, {}, ['Not Found']]}}
|
101
101
|
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
102
102
|
|
@@ -129,14 +129,14 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
129
129
|
@organization = 'Test Corporation'
|
130
130
|
@affiliation = 'faculty'
|
131
131
|
env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
|
132
|
-
|
132
|
+
strategy.call!(env)
|
133
133
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
134
134
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
135
135
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
136
136
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['affiliation']).to eq(@affiliation)
|
137
137
|
end
|
138
138
|
end
|
139
|
-
|
139
|
+
|
140
140
|
context "with request_type = 'header'" do
|
141
141
|
let(:options){ {
|
142
142
|
:request_type => 'header',
|
@@ -156,7 +156,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
156
156
|
@organization = 'Test Corporation'
|
157
157
|
@affiliation = 'faculty'
|
158
158
|
env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
|
159
|
-
|
159
|
+
strategy.call!(env)
|
160
160
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
161
161
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
162
162
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
@@ -183,7 +183,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
183
183
|
@organization = 'Test Corporation'
|
184
184
|
@affiliation = 'faculty'
|
185
185
|
env = make_env('/auth/shibboleth/callback', 'QUERY_STRING' => "Shib-Session-ID=#{@dummy_id}&uid=#{@uid}&displayName=#{@display_name}&o=#{@organization}&affiliation=#{@affiliation}")
|
186
|
-
|
186
|
+
strategy.call!(env)
|
187
187
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
188
188
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
189
189
|
expect(strategy.env['omniauth.auth']['extra']['raw_info']['o']).to eq(@organization)
|
@@ -213,7 +213,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
213
213
|
@organization = 'Test Corporation'
|
214
214
|
@affiliation = 'faculty'
|
215
215
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'eppn' => @eppn, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
216
|
-
|
216
|
+
strategy.call!(env)
|
217
217
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@eppn)
|
218
218
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
|
219
219
|
expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
|
@@ -232,7 +232,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
232
232
|
@organization = 'Test Corporation'
|
233
233
|
@affiliation = 'faculty'
|
234
234
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'mail' => @mail, 'cn' => @cn, 'sn' => @sn, 'o' => @organization, 'affiliation' => @affiliation)
|
235
|
-
|
235
|
+
strategy.call!(env)
|
236
236
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@mail)
|
237
237
|
expect(strategy.env['omniauth.auth']['info']['name']).to eq("#{@cn} #{@sn}")
|
238
238
|
expect(strategy.env['omniauth.auth']['info']['affiliation']).to eq("#{@affiliation}@my.localdomain")
|
@@ -256,7 +256,7 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
256
256
|
@display_name = 'Test User'
|
257
257
|
@uid = ''
|
258
258
|
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name)
|
259
|
-
|
259
|
+
strategy.call!(env)
|
260
260
|
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
261
261
|
end
|
262
262
|
end
|
@@ -283,5 +283,79 @@ describe OmniAuth::Strategies::Shibboleth do
|
|
283
283
|
expect(response[1]["Location"]).to eq(empty_uid_failure_path)
|
284
284
|
end
|
285
285
|
end
|
286
|
+
|
287
|
+
context 'with :multi_values => :raw' do
|
288
|
+
let(:options){ {
|
289
|
+
:request_type => :env,
|
290
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
291
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
292
|
+
:uid_field => :uid,
|
293
|
+
:name_field => :displayName,
|
294
|
+
:info_fields => {:email => "mail"} } }
|
295
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
296
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
297
|
+
|
298
|
+
it 'is expected to return the raw value' do
|
299
|
+
@dummy_id = 'abcdefg'
|
300
|
+
@display_name = 'Test User'
|
301
|
+
@uid = 'test'
|
302
|
+
@mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
|
303
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
|
304
|
+
strategy.call!(env)
|
305
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
306
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
307
|
+
expect(strategy.env['omniauth.auth']['info']['email']).to eq(@mail)
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
311
|
+
context 'with :multi_values => :first' do
|
312
|
+
let(:options){ {
|
313
|
+
:multi_values => :first,
|
314
|
+
:request_type => :env,
|
315
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
316
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
317
|
+
:uid_field => :uid,
|
318
|
+
:name_field => :displayName,
|
319
|
+
:info_fields => {:email => "mail"} } }
|
320
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
321
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
322
|
+
|
323
|
+
it 'is expected return the first value by specifying :first' do
|
324
|
+
@dummy_id = 'abcdefg'
|
325
|
+
@display_name = 'Test User'
|
326
|
+
@uid = 'test'
|
327
|
+
@mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
|
328
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
|
329
|
+
strategy.call!(env)
|
330
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
331
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
332
|
+
expect(strategy.env['omniauth.auth']['info']['email']).to eq('test2;hoge@example.com')
|
333
|
+
end
|
334
|
+
end
|
335
|
+
|
336
|
+
context 'with :multi_values => lambda function' do
|
337
|
+
let(:options){ {
|
338
|
+
:multi_values => "lambda {|param_value| param_value.nil? ? nil : param_value.split(/(?<!\\\\);/).sort[0].gsub('\\;',';')}",
|
339
|
+
:request_type => :env,
|
340
|
+
:shib_session_id_field => 'Shib-Session-ID',
|
341
|
+
:shib_application_id_field => 'Shib-Application-ID',
|
342
|
+
:uid_field => :uid,
|
343
|
+
:name_field => :displayName,
|
344
|
+
:info_fields => {:email => "mail"} } }
|
345
|
+
let(:app){ lambda{|env| [200, {}, ['OK']]}}
|
346
|
+
let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
|
347
|
+
it 'is expected return the processed value by specifying lambda function' do
|
348
|
+
@dummy_id = 'abcdefg'
|
349
|
+
@display_name = 'Test User'
|
350
|
+
@uid = 'test'
|
351
|
+
@mail = 'test2\;hoge@example.com;test1\;hoge@example.com;test3\;hoge@example.com'
|
352
|
+
env = make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'displayName' => @display_name, 'mail' => @mail)
|
353
|
+
strategy.call!(env)
|
354
|
+
expect(strategy.env['omniauth.auth']['uid']).to eq(@uid)
|
355
|
+
expect(strategy.env['omniauth.auth']['info']['name']).to eq(@display_name)
|
356
|
+
expect(strategy.env['omniauth.auth']['info']['email']).to eq('test1;hoge@example.com')
|
357
|
+
end
|
358
|
+
end
|
359
|
+
|
286
360
|
end
|
287
361
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-shibboleth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Toyokazu Akiyama
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|
@@ -81,6 +81,7 @@ files:
|
|
81
81
|
- lib/omniauth-shibboleth/version.rb
|
82
82
|
- lib/omniauth/strategies/shibboleth.rb
|
83
83
|
- omniauth-shibboleth.gemspec
|
84
|
+
- spec/app_spec.rb
|
84
85
|
- spec/omniauth/strategies/shibboleth_spec.rb
|
85
86
|
- spec/spec_helper.rb
|
86
87
|
homepage: ''
|
@@ -103,10 +104,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
104
|
version: '0'
|
104
105
|
requirements: []
|
105
106
|
rubyforge_project:
|
106
|
-
rubygems_version: 2.
|
107
|
+
rubygems_version: 2.6.8
|
107
108
|
signing_key:
|
108
109
|
specification_version: 4
|
109
110
|
summary: OmniAuth Shibboleth strategies for OmniAuth 1.x
|
110
111
|
test_files:
|
112
|
+
- spec/app_spec.rb
|
111
113
|
- spec/omniauth/strategies/shibboleth_spec.rb
|
112
114
|
- spec/spec_helper.rb
|