omniauth-suomifi 0.6.2 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 06c8999872e4f947d69c4c942bd507052fe99a3187b1eb9431fc5bed85e39402
4
- data.tar.gz: 03e36ad409d752a71d4b1b1edb5c5398856c2d0b82d98c8bb92c77ed4582f3c8
3
+ metadata.gz: bc0704db48f42ecbc14c86e3e629e611b535b427cfd23ee9d0363545d12f0ee7
4
+ data.tar.gz: e895872a3b621fa5e7a3fe61b45156c8ce12b05abdc55b962dd2a3d4a5e7df8b
5
5
  SHA512:
6
- metadata.gz: df2caddab2c1592e824f1fb338f864349c8a6309b1999f664764afb46d16dc13f44a6b96048ded76020bcdeabcb583c3c468a60af0ccc8d4e3eebf2023f969a0
7
- data.tar.gz: 579b0c5e580f757fefe744537aa73e69ba4f89a5f3bb72f1bcab408834940586f9d54d58f78fbd9c9e2a89a8478cfe7ad3be3c24354c561c5ceeb52090cf8cfb
6
+ metadata.gz: 4f4c2d1ffb1e80a120a832aae423ead500d3a725be94bbd776127c28892d02a70ab4f8748e0ff01a95fba14f8747b8742c63b33f49b35867add4970bbe812cba
7
+ data.tar.gz: 30dc8039e91aa1e6def01027596e47a060ef190fedcc68537b7c1ad0496a4e8d87efa38d2b03084744cc976adfa7e5353509814549dc95ebf3af2d5b61b8a663
@@ -529,6 +529,8 @@ module OmniAuth
529
529
  authn_request = OneLogin::RubySaml::Authrequest.new
530
530
  locale = locale_for_authn_request
531
531
 
532
+ session['saml_redirect_url'] = request.params['redirect_url']
533
+
532
534
  with_settings do |settings|
533
535
  url = authn_request.create(settings, additional_params_for_authn_request)
534
536
  url += "&locale=#{CGI.escape(locale)}" unless locale.nil?
@@ -560,6 +562,49 @@ module OmniAuth
560
562
 
561
563
  private
562
564
 
565
+ # The single log-out (SLO) in Suomi.fi is initiated in an iframe within
566
+ # the single logout page at Suomi.fi side. Therefore, due to browser
567
+ # restrictions, it is not possible to transfer session related data to the
568
+ # service from that page because it would require 3rd party cookies which
569
+ # are restricted by browsers.
570
+ #
571
+ # Therefore, the SLO request needs to be handled at the service's side by
572
+ # storing the Suomi.fi sessions in a database and then comparing the SAML
573
+ # uid of the SLO request to the values stored witin the database to log
574
+ # out the user who requested the logout. There is no other way to transfer
575
+ # this information from the
576
+ #
577
+ # The default functionality within the `omniauth-saml` strategy relies on
578
+ # the session variables to compare the SAML uid during the SLO request but
579
+ # this is not possible with Suomi.fi when the 3rd party cookies are
580
+ # prevented by the browser.
581
+ def handle_logout_request(raw_request, settings)
582
+ # If the "saml_uid" is set, the logout request was initiated by the
583
+ # application itself. If not, the code below calls the application which
584
+ # can do the validation against the database where the sessions are
585
+ # stored.
586
+ return super if session["saml_uid"]
587
+
588
+ # Otherwise, the application itself needs to handle the logout because
589
+ # this is not happening within the same session that the user has
590
+ # currently open at the website.
591
+ logout_request = OneLogin::RubySaml::SloLogoutrequest.new(
592
+ raw_request,
593
+ { settings: settings, get_params: @request.params }
594
+ )
595
+ raise OmniAuth::Strategies::SAML::ValidationError.new("SAML failed to process LogoutRequest") unless logout_request.is_valid?
596
+
597
+ @env['omniauth.saml_request'] = logout_request
598
+
599
+ # The SAML request needs to be validated at the application side and
600
+ # then the user needs to be redirected to the
601
+ logout_request_id = logout_request.id
602
+ logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, RelayState: slo_relay_state)
603
+ @env['omniauth.saml_response'] = logout_response
604
+
605
+ call_app!
606
+ end
607
+
563
608
  # Suomi.fi requires that the service provider needs to end the local user
564
609
  # session BEFORE sending the logout request to the identity provider.
565
610
  def other_phase_for_spslo
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module Suomifi
5
- VERSION = '0.6.2'
5
+ VERSION = '0.7.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-suomifi
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.2
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Antti Hukkanen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-23 00:00:00.000000000 Z
11
+ date: 2024-02-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-saml