omniauth-sso 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +11 -0
- data/README.md +5 -0
- data/lib/omniauth/strategies/sso.rb +50 -0
- data/test/gemspec_test.rb +12 -0
- data/test/omniauth/strategies/sso_test.rb +93 -0
- data/test/test_helper.rb +7 -0
- metadata +193 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 111da4779b9e7496a842be9b9ac7c59c8d1602a6
|
4
|
+
data.tar.gz: e891441a4686edf2bba54f8cd779df80633d33ed
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 0e681b20ce55b3a24f085918bcc908f5d938c23e7aab7535890dcca2a904826aef6eac85c7392ab5eecb2dfc352fd1bc872800f9250d936451afd5512e4d9f1d
|
7
|
+
data.tar.gz: 0bfff97cc8b8ce62c254703724b3fe7b710f90c572d51ee13f2aa0e167ae145d8ab1933ddebe20be32f26288ac369a3f3d5d38c8f774c28e9465f15f0813b387
|
data/CHANGELOG.md
ADDED
data/README.md
ADDED
@@ -0,0 +1,5 @@
|
|
1
|
+
Omniauth Strategy to use autistici / inventati sso.
|
2
|
+
|
3
|
+
Used like other omniauth strategies. Requires a key to validate signatures and a service_id to identify the service itself.
|
4
|
+
|
5
|
+
The constructor takes the service_id and the verification key as parameters. In comparison with other services they replace the id and the secret provided by the IDP.
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require 'omniauth'
|
2
|
+
require 'rbsso/client'
|
3
|
+
require 'cgi'
|
4
|
+
|
5
|
+
module OmniAuth
|
6
|
+
module Strategies
|
7
|
+
class SSO
|
8
|
+
include OmniAuth::Strategy
|
9
|
+
|
10
|
+
args [:service_id, :client_key]
|
11
|
+
option :fields, [:name, :email]
|
12
|
+
option :uid_field, :email
|
13
|
+
|
14
|
+
SSO_URL = 'neststaging.riseup.net/sso_auth'
|
15
|
+
|
16
|
+
def request_phase
|
17
|
+
redirect authorize_url(options.authorize_params)
|
18
|
+
end
|
19
|
+
|
20
|
+
uid do
|
21
|
+
info_from_ticket[options.uid_field]
|
22
|
+
end
|
23
|
+
|
24
|
+
info do
|
25
|
+
info_from_ticket.select{|key,_val| options.fields.include? key}
|
26
|
+
end
|
27
|
+
|
28
|
+
def authorize_url(_params_from_options)
|
29
|
+
"https://#{SSO_URL}/?s=#{service_param}"
|
30
|
+
end
|
31
|
+
|
32
|
+
def service_param
|
33
|
+
CGI.escape options.service_id
|
34
|
+
end
|
35
|
+
|
36
|
+
def name
|
37
|
+
'sso'
|
38
|
+
end
|
39
|
+
|
40
|
+
def info_from_ticket
|
41
|
+
@info_from_ticket ||= client.open request["t"]
|
42
|
+
end
|
43
|
+
|
44
|
+
def client
|
45
|
+
RbSSO::Client.new options.service_id, options.client_key
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
OmniAuth.config.add_camelization "sso" , "SSO"
|
@@ -0,0 +1,93 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
require 'omniauth'
|
3
|
+
require 'logger'
|
4
|
+
require 'rack/test'
|
5
|
+
require 'omniauth/strategies/sso'
|
6
|
+
require 'rbsso'
|
7
|
+
|
8
|
+
class OmniAuth::Strategies::SSOTest < Minitest::Test
|
9
|
+
include OmniAuth::Test::StrategyTestCase
|
10
|
+
include Rack::Test::Methods
|
11
|
+
|
12
|
+
def setup
|
13
|
+
OmniAuth.config.logger = Logger.new '/dev/null'
|
14
|
+
end
|
15
|
+
|
16
|
+
def strategy
|
17
|
+
[OmniAuth::Strategies::SSO, 'https://my.service.id/', verify_key]
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_redirect
|
21
|
+
get 'auth/sso'
|
22
|
+
assert last_response.redirect?
|
23
|
+
assert_includes last_response.location,
|
24
|
+
'https://neststaging.riseup.net/sso_auth'
|
25
|
+
assert_includes last_response.location,
|
26
|
+
"s=#{CGI.escape(service)}"
|
27
|
+
end
|
28
|
+
|
29
|
+
def test_valid_ticket
|
30
|
+
post '/auth/sso/callback', t: ticket
|
31
|
+
assert auth_hash
|
32
|
+
assert_equal 'sso', auth_hash['provider']
|
33
|
+
assert_equal 'user@domain', auth_hash['uid']
|
34
|
+
assert_equal 'user@domain', auth_hash['info'].email
|
35
|
+
assert_equal 'user', auth_hash['info'].name
|
36
|
+
end
|
37
|
+
|
38
|
+
def test_expired_ticket
|
39
|
+
assert_raises RuntimeError do
|
40
|
+
post '/auth/sso/callback', t: expired_ticket
|
41
|
+
end
|
42
|
+
assert_nil auth_hash
|
43
|
+
end
|
44
|
+
|
45
|
+
def test_invalid_ticket
|
46
|
+
post '/auth/my_strategy/callback', t: invalid_ticket
|
47
|
+
assert_nil auth_hash
|
48
|
+
end
|
49
|
+
|
50
|
+
def test_wrong_service
|
51
|
+
assert_raises RuntimeError do
|
52
|
+
post '/auth/sso/callback', t: ticket_for_other_service
|
53
|
+
end
|
54
|
+
assert_nil auth_hash
|
55
|
+
end
|
56
|
+
|
57
|
+
def auth_hash
|
58
|
+
last_request.env['omniauth.auth']
|
59
|
+
end
|
60
|
+
|
61
|
+
def expired_ticket
|
62
|
+
Time.stub :now, Time.at(123456) do
|
63
|
+
ticket
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def ticket_for_other_service
|
68
|
+
server.ticket user: user, service: 'other_service', domain: domain
|
69
|
+
end
|
70
|
+
|
71
|
+
# We modify the content of the ticket so the signature becomes invalid.
|
72
|
+
# It still should have the right length and be Base64 compatible.
|
73
|
+
def invalid_ticket
|
74
|
+
ticket.tap do |string|
|
75
|
+
string[100..112] = '///invalid///'
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
def verify_key
|
80
|
+
server.verify_key
|
81
|
+
end
|
82
|
+
|
83
|
+
def ticket
|
84
|
+
server.ticket(user: user, service: service, domain: domain)
|
85
|
+
end
|
86
|
+
|
87
|
+
def server; RbSSO::Server.new seed; end
|
88
|
+
def seed; '1234567890ABCDEF' * 4; end
|
89
|
+
def user; 'user'; end
|
90
|
+
def service; 'https://my.service.id/'; end
|
91
|
+
def domain; 'domain'; end
|
92
|
+
|
93
|
+
end
|
data/test/test_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,193 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: omniauth-sso
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Azul
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-01-25 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: omniauth
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.3'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.3'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rbsso
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.3.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.3.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '10'
|
48
|
+
- - "<"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '13'
|
51
|
+
type: :development
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '10'
|
58
|
+
- - "<"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '13'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: minitest
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '5.0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '5.0'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: minitest-autotest
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - "~>"
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '1.0'
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - "~>"
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '1.0'
|
89
|
+
- !ruby/object:Gem::Dependency
|
90
|
+
name: autotest-suffix
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - "~>"
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '1.1'
|
96
|
+
type: :development
|
97
|
+
prerelease: false
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - "~>"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '1.1'
|
103
|
+
- !ruby/object:Gem::Dependency
|
104
|
+
name: simplecov
|
105
|
+
requirement: !ruby/object:Gem::Requirement
|
106
|
+
requirements:
|
107
|
+
- - "~>"
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0.11'
|
110
|
+
type: :development
|
111
|
+
prerelease: false
|
112
|
+
version_requirements: !ruby/object:Gem::Requirement
|
113
|
+
requirements:
|
114
|
+
- - "~>"
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '0.11'
|
117
|
+
- !ruby/object:Gem::Dependency
|
118
|
+
name: rack-test
|
119
|
+
requirement: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - "~>"
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '0.6'
|
124
|
+
- - ">="
|
125
|
+
- !ruby/object:Gem::Version
|
126
|
+
version: 0.6.3
|
127
|
+
type: :development
|
128
|
+
prerelease: false
|
129
|
+
version_requirements: !ruby/object:Gem::Requirement
|
130
|
+
requirements:
|
131
|
+
- - "~>"
|
132
|
+
- !ruby/object:Gem::Version
|
133
|
+
version: '0.6'
|
134
|
+
- - ">="
|
135
|
+
- !ruby/object:Gem::Version
|
136
|
+
version: 0.6.3
|
137
|
+
- !ruby/object:Gem::Dependency
|
138
|
+
name: conventional-changelog
|
139
|
+
requirement: !ruby/object:Gem::Requirement
|
140
|
+
requirements:
|
141
|
+
- - "~>"
|
142
|
+
- !ruby/object:Gem::Version
|
143
|
+
version: '1.2'
|
144
|
+
type: :development
|
145
|
+
prerelease: false
|
146
|
+
version_requirements: !ruby/object:Gem::Requirement
|
147
|
+
requirements:
|
148
|
+
- - "~>"
|
149
|
+
- !ruby/object:Gem::Version
|
150
|
+
version: '1.2'
|
151
|
+
description: 'Omniauth strategy for "ai''s sso"(https://git.autistici.org/ai/sso)
|
152
|
+
based on rbsso.
|
153
|
+
|
154
|
+
'
|
155
|
+
email: azul@riseup.net
|
156
|
+
executables: []
|
157
|
+
extensions: []
|
158
|
+
extra_rdoc_files: []
|
159
|
+
files:
|
160
|
+
- CHANGELOG.md
|
161
|
+
- README.md
|
162
|
+
- lib/omniauth/strategies/sso.rb
|
163
|
+
- test/gemspec_test.rb
|
164
|
+
- test/omniauth/strategies/sso_test.rb
|
165
|
+
- test/test_helper.rb
|
166
|
+
homepage: https://0xacab.org/riseup/omniauth-sso
|
167
|
+
licenses:
|
168
|
+
- MIT
|
169
|
+
metadata: {}
|
170
|
+
post_install_message:
|
171
|
+
rdoc_options: []
|
172
|
+
require_paths:
|
173
|
+
- lib
|
174
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
175
|
+
requirements:
|
176
|
+
- - ">="
|
177
|
+
- !ruby/object:Gem::Version
|
178
|
+
version: '0'
|
179
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
180
|
+
requirements:
|
181
|
+
- - ">="
|
182
|
+
- !ruby/object:Gem::Version
|
183
|
+
version: '0'
|
184
|
+
requirements: []
|
185
|
+
rubyforge_project:
|
186
|
+
rubygems_version: 2.5.1
|
187
|
+
signing_key:
|
188
|
+
specification_version: 4
|
189
|
+
summary: Omniauth strategy for ai's sso
|
190
|
+
test_files:
|
191
|
+
- test/test_helper.rb
|
192
|
+
- test/gemspec_test.rb
|
193
|
+
- test/omniauth/strategies/sso_test.rb
|