omniauth-sso 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 111da4779b9e7496a842be9b9ac7c59c8d1602a6
+  data.tar.gz: e891441a4686edf2bba54f8cd779df80633d33ed
+SHA512:
+  metadata.gz: 0e681b20ce55b3a24f085918bcc908f5d938c23e7aab7535890dcca2a904826aef6eac85c7392ab5eecb2dfc352fd1bc872800f9250d936451afd5512e4d9f1d
+  data.tar.gz: 0bfff97cc8b8ce62c254703724b3fe7b710f90c572d51ee13f2aa0e167ae145d8ab1933ddebe20be32f26288ac369a3f3d5d38c8f774c28e9465f15f0813b387

data/CHANGELOG.md

@@ -0,0 +1,11 @@
+<a name="0.1.0"></a>
+### 0.1.0 (2017-01-15)
+
+
+#### Features
+
+* use latest rbsso with checks for expiry and service_id	 ([ae91d93](/../../commit/ae91d93))
+* initial Omniauth Strategy	 ([925f544](/../../commit/925f544))
+
+
+

data/README.md

@@ -0,0 +1,5 @@
+Omniauth Strategy to use autistici / inventati sso.
+
+Used like other omniauth strategies. Requires a key to validate signatures and a service_id to identify the service itself.
+
+The constructor takes the service_id and the verification key as parameters. In comparison with other services they replace the id and the secret provided by the IDP.

data/lib/omniauth/strategies/sso.rb

@@ -0,0 +1,50 @@
+require 'omniauth'
+require 'rbsso/client'
+require 'cgi'
+
+module OmniAuth
+  module Strategies
+    class SSO
+      include OmniAuth::Strategy
+
+      args [:service_id, :client_key]
+      option :fields, [:name, :email]
+      option :uid_field, :email
+
+      SSO_URL = 'neststaging.riseup.net/sso_auth'
+
+      def request_phase
+        redirect authorize_url(options.authorize_params)
+      end
+
+      uid do
+        info_from_ticket[options.uid_field]
+      end
+
+      info do
+        info_from_ticket.select{|key,_val| options.fields.include? key}
+      end
+
+      def authorize_url(_params_from_options)
+        "https://#{SSO_URL}/?s=#{service_param}"
+      end
+
+      def service_param
+        CGI.escape options.service_id
+      end
+
+      def name
+        'sso'
+      end
+
+      def info_from_ticket
+        @info_from_ticket ||= client.open request["t"]
+      end
+
+      def client
+        RbSSO::Client.new options.service_id, options.client_key
+      end
+    end
+  end
+end
+OmniAuth.config.add_camelization "sso" , "SSO"

data/test/gemspec_test.rb

@@ -0,0 +1,12 @@
+require 'test_helper'
+require 'bundler'
+
+class GemspecTest < Minitest::Test
+
+  def test_valid
+    spec_path = File.expand_path('../../omniauth-sso.gemspec', __FILE__)
+    spec = Bundler.load_gemspec(spec_path)
+    spec.validate
+  end
+
+end

data/test/omniauth/strategies/sso_test.rb

@@ -0,0 +1,93 @@
+require 'test_helper'
+require 'omniauth'
+require 'logger'
+require 'rack/test'
+require 'omniauth/strategies/sso'
+require 'rbsso'
+
+class OmniAuth::Strategies::SSOTest < Minitest::Test
+  include OmniAuth::Test::StrategyTestCase
+  include Rack::Test::Methods
+
+  def setup
+    OmniAuth.config.logger = Logger.new '/dev/null'
+  end
+
+  def strategy
+    [OmniAuth::Strategies::SSO, 'https://my.service.id/', verify_key]
+  end
+
+  def test_redirect
+    get 'auth/sso'
+    assert last_response.redirect?
+    assert_includes last_response.location,
+      'https://neststaging.riseup.net/sso_auth'
+    assert_includes last_response.location,
+      "s=#{CGI.escape(service)}"
+  end
+
+  def test_valid_ticket
+    post '/auth/sso/callback', t: ticket
+    assert auth_hash
+    assert_equal 'sso', auth_hash['provider']
+    assert_equal 'user@domain', auth_hash['uid']
+    assert_equal 'user@domain', auth_hash['info'].email
+    assert_equal 'user', auth_hash['info'].name
+  end
+
+  def test_expired_ticket
+    assert_raises RuntimeError do
+      post '/auth/sso/callback', t: expired_ticket
+    end
+    assert_nil auth_hash
+  end
+
+  def test_invalid_ticket
+    post '/auth/my_strategy/callback', t: invalid_ticket
+    assert_nil auth_hash
+  end
+
+  def test_wrong_service
+    assert_raises RuntimeError do
+      post '/auth/sso/callback', t: ticket_for_other_service
+    end
+    assert_nil auth_hash
+  end
+
+  def auth_hash
+    last_request.env['omniauth.auth']
+  end
+
+  def expired_ticket
+    Time.stub :now, Time.at(123456) do
+      ticket
+    end
+  end
+
+  def ticket_for_other_service
+    server.ticket user: user, service: 'other_service', domain: domain
+  end
+
+  # We modify the content of the ticket so the signature becomes invalid.
+  # It still should have the right length and be Base64 compatible.
+  def invalid_ticket
+    ticket.tap do |string|
+      string[100..112] = '///invalid///'
+    end
+  end
+
+  def verify_key
+    server.verify_key
+  end
+
+  def ticket
+    server.ticket(user: user, service: service, domain: domain)
+  end
+
+  def server; RbSSO::Server.new seed; end
+  def seed; '1234567890ABCDEF' * 4; end
+  def user; 'user'; end
+  def service; 'https://my.service.id/'; end
+  def domain; 'domain'; end
+
+end

data/test/test_helper.rb

@@ -0,0 +1,7 @@
+require 'simplecov'
+SimpleCov.start do
+  add_filter "/test/"
+  add_filter "/vendor/ruby"
+end
+
+require 'minitest/autorun'

metadata

@@ -0,0 +1,193 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-sso
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Azul
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rbsso
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '13'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: minitest-autotest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: autotest-suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.6.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.6.3
+- !ruby/object:Gem::Dependency
+  name: conventional-changelog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+description: 'Omniauth strategy for "ai''s sso"(https://git.autistici.org/ai/sso)
+  based on rbsso.
+
+'
+email: azul@riseup.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- lib/omniauth/strategies/sso.rb
+- test/gemspec_test.rb
+- test/omniauth/strategies/sso_test.rb
+- test/test_helper.rb
+homepage: https://0xacab.org/riseup/omniauth-sso
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Omniauth strategy for ai's sso
+test_files:
+- test/test_helper.rb
+- test/gemspec_test.rb
+- test/omniauth/strategies/sso_test.rb