omniauth-shibboleth 1.0.8 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ MTU0ZTZkMzMxZTFiMzM1OWU3YWNiMTRmZjMzYjJiZTA0MGUxMTIxMA==
5
+ data.tar.gz: !binary |-
6
+ NGQ3ZDY0NDQ1Mzg4N2MyYzQyNThhOTBjMTIzOGE3ZTRkNjI4ZWQ1Mg==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ ZDdhYjA1MTkyYTVhYzg0ZDMxZDY2NWUzZjIwZmViMDQxZGVlN2U3ODU0YmM2
10
+ YjE5NzJlZWYzNGEzNWY4MDc5MGI2ZjYwMzYwZTM2ODk2ODEzN2M5Y2NhNmJh
11
+ MWE5MWMwMDgwYmMyZWFmYzI5YTU4YjZmZDFiOTgwNmQ0ZjcyZGQ=
12
+ data.tar.gz: !binary |-
13
+ MjU0NTdkNDUxOTZlM2Y4OGExMDg5YzEwYmUzNDZhNTczZDFhMWNjYzllNTVk
14
+ ZDg5YmIzNTEwMmFiMGI0OWZiODVjNzQ0MDNhMjFlNTA5Mzk1ZDZlMmJlN2Yz
15
+ YzA4NWMzNTczMTc0YThjMGVlMGYyN2E1MmQ5Y2FlMGJhZmQwMGU=
data/README.md CHANGED
@@ -67,7 +67,24 @@ These can be changed by :uid_field, :name_field option. You can also add any "in
67
67
  }
68
68
  end
69
69
 
70
- In the above example, Shibboleth strategy does not pass any :info fields and use 'uid' attribute as uid fields.
70
+ In the previous example, Shibboleth strategy does not pass any :info fields and use 'uid' attribute as uid fields.
71
+
72
+ ### !!!NOTICE!!! devise integration issue
73
+
74
+ When you use omniauth with devise, the omniauth configuration is applied before devise configuration and some part of the configuration overwritten by the devise's. It may not work as you assume. So thus, in that case, currently you should write your configuration only in device configuration.
75
+
76
+ config/initializers/devise.rb:
77
+ ```ruby
78
+ config.omniauth :shibboleth, {:uid_field => 'eppn',
79
+ :info_fields => {:email => 'mail', :name => 'cn', :last_name => 'sn'},
80
+ :extra_fields => [:schacHomeOrganization]
81
+ }
82
+ ```
83
+
84
+ The detail is discussed in the following thread.
85
+
86
+ https://github.com/plataformatec/devise/issues/2128
87
+
71
88
 
72
89
  ### How to authenticate users
73
90
 
@@ -91,7 +108,31 @@ Shibboleth strategy assumes the attributes are provided via environment variable
91
108
 
92
109
  https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking
93
110
 
94
- To provide Shibboleth attributes via environment variables, we can not use proxy_balancer base approach. Currently we can realize it by using Phusion Passenger as an application container. An example construction pattern is shown in presence_checker application (https://github.com/toyokazu/presence_checker/).
111
+ To provide Shibboleth attributes via environment variables, we can not use proxy based approach, e.g. mod_proxy_balancer. Currently we can realize it by using Phusion Passenger as an application container. An example construction pattern is shown in presence_checker application (https://github.com/toyokazu/presence_checker/).
112
+
113
+ ### :request_type option
114
+
115
+ You understand the issues using ShibUseHeaders, but and yet if you want to use the proxy based approach, you can use :request_type option. This option enables us to specify what kind of parameters are used to create 'omniauth.auth' (auth hash). This option can also be used to develop your Rails application without local IdP and SP by using :params option. The option values are:
116
+
117
+ - **:env** (default) The environment variables are used to create auth hash.
118
+ - **:header** The auth hash is created from header vaiables. In the Rack middleware, since header variables are treated as environment variables like HTTP_*, the specified variables are converted as the same as header variables, HTTP_*. This :request_type is basically used for mod_proxy_balancer approach.
119
+ - **:params** The query string or POST parameters are used to create auth hash. This :request_type is basically used for development phase. You can emulate SP function by providing parameters as query string. In this case, please do not forget to add Shib-Session-ID or Shib-Application-ID value which is used to check the session is created at SP.
120
+
121
+ The following is an example configuration.
122
+
123
+ % vi config/initializer/omniauth.rb
124
+ Rails.application.config.middleware.use OmniAuth::Builder do
125
+ provider :shibboleth, { :request_type => :header }
126
+ end
127
+
128
+ If you use proxy based approach, please be sure to add ShibUseHeaders option in mod_shib configuration.
129
+
130
+ <Location /secure>
131
+ AuthType shibboleth
132
+ ShibRequestSetting requireSession 1
133
+ ShibUseHeaders On
134
+ require valid-user
135
+ </Location>
95
136
 
96
137
  ### debug mode
97
138
 
@@ -104,7 +145,7 @@ When you deploy a new application, you may want to confirm the assumed attribute
104
145
 
105
146
  ## License (MIT License)
106
147
 
107
- Copyright (C) 2011-2012 by Toyokazu Akiyama.
148
+ omniauth-shibboleth is released under the MIT license.
108
149
 
109
150
  Permission is hereby granted, free of charge, to any person obtaining a copy
110
151
  of this software and associated documentation files (the "Software"), to deal
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Shibboleth
3
- VERSION = "1.0.8"
3
+ VERSION = "1.1.0"
4
4
  end
5
5
  end
@@ -10,6 +10,7 @@ module OmniAuth
10
10
  option :info_fields, {}
11
11
  option :extra_fields, []
12
12
  option :debug, false
13
+ option :request_type, :env
13
14
 
14
15
  def request_phase
15
16
  [
@@ -22,6 +23,26 @@ module OmniAuth
22
23
  ]
23
24
  end
24
25
 
26
+ def request_params
27
+ case options[:request_type]
28
+ when :env, :header
29
+ request.env
30
+ when :params
31
+ request.params
32
+ end
33
+ end
34
+
35
+ def request_param(key)
36
+ case options[:request_type]
37
+ when :env
38
+ request.env[key]
39
+ when :header
40
+ request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
41
+ when :params
42
+ request.params[key]
43
+ end
44
+ end
45
+
25
46
  def callback_phase
26
47
  if options[:debug]
27
48
  # dump attributes
@@ -30,34 +51,33 @@ module OmniAuth
30
51
  {
31
52
  'Content-Type' => 'text/plain'
32
53
  },
33
- ["!!!!! This message is generated by omniauth-shibboleth. To remove it set :debug to false. !!!!!\n#{request.env.sort.map {|i| "#{i[0]}: #{i[1]}" }.join("\n")}"]
54
+ ["!!!!! This message is generated by omniauth-shibboleth. To remove it set :debug to false. !!!!!\n#{request_params.sort.map {|i| "#{i[0]}: #{i[1]}" }.join("\n")}"]
34
55
  ]
35
56
  end
36
- return fail!(:no_shibboleth_session) unless (request.env[options.shib_session_id_field.to_s] || request.env[options.shib_application_id_field.to_s])
57
+ return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
37
58
  super
38
59
  end
39
60
 
40
61
  uid do
41
- request.env[options.uid_field.to_s]
62
+ request_param(options.uid_field.to_s)
42
63
  end
43
64
 
44
65
  info do
45
66
  res = {
46
- :name => request.env[options.name_field.to_s]
67
+ :name => request_param(options.name_field.to_s)
47
68
  }
48
69
  options.info_fields.each_pair do |k,v|
49
- res[k] = request.env[v.to_s]
70
+ res[k] = request_param(v.to_s)
50
71
  end
51
72
  res
52
73
  end
53
74
 
54
75
  extra do
55
76
  options.extra_fields.inject({:raw_info => {}}) do |hash, field|
56
- hash[:raw_info][field] = request.env[field.to_s]
77
+ hash[:raw_info][field] = request_param(field.to_s)
57
78
  hash
58
79
  end
59
80
  end
60
-
61
81
  end
62
82
  end
63
83
  end
@@ -19,7 +19,7 @@ end
19
19
 
20
20
  describe OmniAuth::Strategies::Shibboleth do
21
21
  let(:app){ Rack::Builder.new do |b|
22
- b.use Rack::Session::Cookie
22
+ b.use Rack::Session::Cookie, {:secret => "abc123"}
23
23
  b.use OmniAuth::Strategies::Shibboleth
24
24
  b.run lambda{|env| [200, {}, ['Not Found']]}
25
25
  end.to_app }
@@ -75,6 +75,7 @@ describe OmniAuth::Strategies::Shibboleth do
75
75
  @dummy_id = 'abcdefg'
76
76
  @uid = 'test'
77
77
  @organization = 'Test Corporation'
78
+ @affiliation = 'faculty'
78
79
  strategy.call!(make_env('/auth/shibboleth/callback', 'Shib-Session-ID' => @dummy_id, 'uid' => @uid, 'o' => @organization, 'affiliation' => @affiliation))
79
80
  strategy.env['omniauth.auth']['uid'].should == @uid
80
81
  strategy.env['omniauth.auth']['extra']['raw_info']['o'].should == @organization
@@ -95,5 +96,57 @@ describe OmniAuth::Strategies::Shibboleth do
95
96
  response[0].should == 200
96
97
  end
97
98
  end
99
+
100
+ context 'with request_type = :header' do
101
+ let(:options){ {
102
+ :request_type => :header,
103
+ :shib_session_id_field => 'Shib-Session-ID',
104
+ :shib_application_id_field => 'Shib-Application-ID',
105
+ :uid_field => :uid,
106
+ :name_field => :displayName,
107
+ :info_fields => {},
108
+ :extra_fields => [:o, :affiliation] } }
109
+ let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
110
+
111
+ it 'should handle header variables' do
112
+ @dummy_id = 'abcdefg'
113
+ @display_name = 'Test User'
114
+ @uid = 'test'
115
+ @organization = 'Test Corporation'
116
+ @affiliation = 'faculty'
117
+ env = make_env('/auth/shibboleth/callback', 'HTTP_SHIB_SESSION_ID' => @dummy_id, 'HTTP_DISPLAYNAME' => @display_name, 'HTTP_UID' => @uid, 'HTTP_O' => @organization, 'HTTP_AFFILIATION' => @affiliation)
118
+ response = strategy.call!(env)
119
+ strategy.env['omniauth.auth']['uid'].should == @uid
120
+ strategy.env['omniauth.auth']['info']['name'].should == @display_name
121
+ strategy.env['omniauth.auth']['extra']['raw_info']['o'].should == @organization
122
+ strategy.env['omniauth.auth']['extra']['raw_info']['affiliation'].should == @affiliation
123
+ end
124
+ end
125
+
126
+ context 'with request_type = :params' do
127
+ let(:options){ {
128
+ :request_type => :params,
129
+ :shib_session_id_field => 'Shib-Session-ID',
130
+ :shib_application_id_field => 'Shib-Application-ID',
131
+ :uid_field => :uid,
132
+ :name_field => :displayName,
133
+ :info_fields => {},
134
+ :extra_fields => [:o, :affiliation] } }
135
+ let(:strategy){ OmniAuth::Strategies::Shibboleth.new(app, options) }
136
+
137
+ it 'should handle params variables' do
138
+ @dummy_id = 'abcdefg'
139
+ @display_name = 'Test User'
140
+ @uid = 'test'
141
+ @organization = 'Test Corporation'
142
+ @affiliation = 'faculty'
143
+ env = make_env('/auth/shibboleth/callback', 'QUERY_STRING' => "Shib-Session-ID=#{@dummy_id}&uid=#{@uid}&displayName=#{@display_name}&o=#{@organization}&affiliation=#{@affiliation}")
144
+ response = strategy.call!(env)
145
+ strategy.env['omniauth.auth']['uid'].should == @uid
146
+ strategy.env['omniauth.auth']['info']['name'].should == @display_name
147
+ strategy.env['omniauth.auth']['extra']['raw_info']['o'].should == @organization
148
+ strategy.env['omniauth.auth']['extra']['raw_info']['affiliation'].should == @affiliation
149
+ end
150
+ end
98
151
  end
99
152
  end
metadata CHANGED
@@ -1,20 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-shibboleth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.8
5
- prerelease:
4
+ version: 1.1.0
6
5
  platform: ruby
7
6
  authors:
8
7
  - Toyokazu Akiyama
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-10-02 00:00:00.000000000 Z
11
+ date: 2013-10-30 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: omniauth
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
17
  - - ! '>='
20
18
  - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
22
20
  type: :runtime
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
24
  - - ! '>='
28
25
  - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: rack-test
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
31
  - - ! '>='
36
32
  - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
38
34
  type: :development
39
35
  prerelease: false
40
36
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
37
  requirements:
43
38
  - - ! '>='
44
39
  - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
46
41
  - !ruby/object:Gem::Dependency
47
42
  name: rake
48
43
  requirement: !ruby/object:Gem::Requirement
49
- none: false
50
44
  requirements:
51
45
  - - ! '>='
52
46
  - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
54
48
  type: :development
55
49
  prerelease: false
56
50
  version_requirements: !ruby/object:Gem::Requirement
57
- none: false
58
51
  requirements:
59
52
  - - ! '>='
60
53
  - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
62
55
  - !ruby/object:Gem::Dependency
63
56
  name: rspec
64
57
  requirement: !ruby/object:Gem::Requirement
65
- none: false
66
58
  requirements:
67
59
  - - ~>
68
60
  - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
70
62
  type: :development
71
63
  prerelease: false
72
64
  version_requirements: !ruby/object:Gem::Requirement
73
- none: false
74
65
  requirements:
75
66
  - - ~>
76
67
  - !ruby/object:Gem::Version
@@ -83,7 +74,6 @@ extensions: []
83
74
  extra_rdoc_files: []
84
75
  files:
85
76
  - Gemfile
86
- - Gemfile.lock
87
77
  - lib/omniauth/strategies/shibboleth.rb
88
78
  - lib/omniauth-shibboleth/version.rb
89
79
  - lib/omniauth-shibboleth.rb
@@ -94,33 +84,26 @@ files:
94
84
  - spec/spec_helper.rb
95
85
  homepage: ''
96
86
  licenses: []
87
+ metadata: {}
97
88
  post_install_message:
98
89
  rdoc_options: []
99
90
  require_paths:
100
91
  - lib
101
92
  required_ruby_version: !ruby/object:Gem::Requirement
102
- none: false
103
93
  requirements:
104
94
  - - ! '>='
105
95
  - !ruby/object:Gem::Version
106
96
  version: '0'
107
- segments:
108
- - 0
109
- hash: -1752171851307709834
110
97
  required_rubygems_version: !ruby/object:Gem::Requirement
111
- none: false
112
98
  requirements:
113
99
  - - ! '>='
114
100
  - !ruby/object:Gem::Version
115
101
  version: '0'
116
- segments:
117
- - 0
118
- hash: -1752171851307709834
119
102
  requirements: []
120
103
  rubyforge_project:
121
- rubygems_version: 1.8.24
104
+ rubygems_version: 2.1.9
122
105
  signing_key:
123
- specification_version: 3
106
+ specification_version: 4
124
107
  summary: OmniAuth Shibboleth strategies for OmniAuth 1.x
125
108
  test_files:
126
109
  - spec/omniauth/strategies/shibboleth_spec.rb
@@ -1,35 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- omniauth-shibboleth (1.0.8)
5
- omniauth (>= 1.0.0)
6
-
7
- GEM
8
- remote: http://rubygems.org/
9
- specs:
10
- diff-lcs (1.1.3)
11
- hashie (1.2.0)
12
- omniauth (1.1.1)
13
- hashie (~> 1.2)
14
- rack
15
- rack (1.4.1)
16
- rack-test (0.6.1)
17
- rack (>= 1.0)
18
- rake (0.9.2.2)
19
- rspec (2.11.0)
20
- rspec-core (~> 2.11.0)
21
- rspec-expectations (~> 2.11.0)
22
- rspec-mocks (~> 2.11.0)
23
- rspec-core (2.11.1)
24
- rspec-expectations (2.11.3)
25
- diff-lcs (~> 1.1.3)
26
- rspec-mocks (2.11.2)
27
-
28
- PLATFORMS
29
- ruby
30
-
31
- DEPENDENCIES
32
- omniauth-shibboleth!
33
- rack-test
34
- rake
35
- rspec (~> 2.8)