omniauth-suomifi 0.6.3 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3145f5edab1c7f635c55c21d23eee97fba96657bf156076ec700261dc962e142
4
- data.tar.gz: 0da243959e4f569866ec5bdcf97c686f2e08dfeacc6e38fbd514452f3cd0859e
3
+ metadata.gz: 73fe21e9c9621ccdf65ff05a986ed1c078cd4e4e8bae541d85441713a8df12dc
4
+ data.tar.gz: 73a64e776f800ac6bc69a956c5e8e7b37ad4f95a497a43367ba583c82a1688eb
5
5
  SHA512:
6
- metadata.gz: c7888c909cb1f4c55a6b89f788c8754242eac7d1f0b6bdcd58efc1e60827a0d824e50300b44226994e10d12afe2137ac27c5a338f1b7b671652b7d525110a0af
7
- data.tar.gz: a8d854ea5d5bc6cb16ed5e78e3f93fd50eb25aa5b89539ebc0f8f22c4ec00c2b5efd3e6cfaf0ef3c543ca974c78693225609776a59a5551f20cd1d173c6a70de
6
+ metadata.gz: 6e361fa187b5f6a3f91b30255eddc0d936079b5f0f0909ddf2d7a0b94cfda4bdd2175de2beac6b705ccb1868004d5ad6a34030b6556a0d02c7e6bb8c28d1b900
7
+ data.tar.gz: 0f31b85bfe3c9cba91819bcc1466ac313b52d850c9bcb18137431b087fb922b3a0a594c9a7372845fb86cef77ecac4002abc89b50b54d7c483541b32711b57cf
@@ -458,7 +458,7 @@ module OmniAuth
458
458
  eidas_id = find_attribute_by(
459
459
  ['http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier']
460
460
  )
461
- hash_salt = begin
461
+ hash_salt =
462
462
  if options.uid_salt
463
463
  options.uid_salt
464
464
  elsif defined?(::Rails) && ::Rails.application
@@ -466,14 +466,13 @@ module OmniAuth
466
466
  else
467
467
  ''
468
468
  end
469
- end
470
469
 
471
470
  if !electronic_id.nil?
472
- 'FINUID:' + electronic_id
471
+ "FINUID:#{electronic_id}"
473
472
  elsif !national_id.nil?
474
- 'FIHETU:' + Digest::MD5.hexdigest("FI:#{national_id}:#{hash_salt}")
473
+ "FIHETU:#{Digest::MD5.hexdigest("FI:#{national_id}:#{hash_salt}")}"
475
474
  elsif !eidas_id.nil?
476
- 'EIDASPID:' + Digest::MD5.hexdigest("EIDAS:#{eidas_id}:#{hash_salt}")
475
+ "EIDASPID:#{Digest::MD5.hexdigest("EIDAS:#{eidas_id}:#{hash_salt}")}"
477
476
  else
478
477
  @name_id
479
478
  end
@@ -491,6 +490,7 @@ module OmniAuth
491
490
  attr_accessor :options
492
491
  attr_reader :suomifi_thread
493
492
 
493
+ # rubocop:disable Metrics/MethodLength
494
494
  def initialize(app, *args, &block)
495
495
  super
496
496
 
@@ -520,6 +520,7 @@ module OmniAuth
520
520
  )
521
521
  end
522
522
  end
523
+ # rubocop:enable Metrics/MethodLength
523
524
 
524
525
  # Override the request phase to be able to pass the locale parameter to
525
526
  # the redirect URL. Note that this needs to be the last parameter to
@@ -529,7 +530,7 @@ module OmniAuth
529
530
  authn_request = OneLogin::RubySaml::Authrequest.new
530
531
  locale = locale_for_authn_request
531
532
 
532
- session["saml_redirect_url"] = request.params["redirect_url"]
533
+ session['saml_redirect_url'] = request.params['redirect_url']
533
534
 
534
535
  with_settings do |settings|
535
536
  url = authn_request.create(settings, additional_params_for_authn_request)
@@ -562,6 +563,49 @@ module OmniAuth
562
563
 
563
564
  private
564
565
 
566
+ # The single log-out (SLO) in Suomi.fi is initiated in an iframe within
567
+ # the single logout page at Suomi.fi side. Therefore, due to browser
568
+ # restrictions, it is not possible to transfer session related data to the
569
+ # service from that page because it would require 3rd party cookies which
570
+ # are restricted by browsers.
571
+ #
572
+ # Therefore, the SLO request needs to be handled at the service's side by
573
+ # storing the Suomi.fi sessions in a database and then comparing the SAML
574
+ # uid of the SLO request to the values stored witin the database to log
575
+ # out the user who requested the logout. There is no other way to transfer
576
+ # this information from the SLO page.
577
+ #
578
+ # The default functionality within the `omniauth-saml` strategy relies on
579
+ # the session variables to compare the SAML uid during the SLO request but
580
+ # this is not possible with Suomi.fi when the 3rd party cookies are
581
+ # prevented by the browser.
582
+ def handle_logout_request(raw_request, settings)
583
+ # If the "saml_uid" is set, the logout request was initiated by the
584
+ # application itself. If not, the code below calls the application which
585
+ # can do the validation against the database where the sessions are
586
+ # stored.
587
+ return super if session['saml_uid']
588
+
589
+ # Otherwise, the application itself needs to handle the logout because
590
+ # this is not happening within the same session that the user has
591
+ # currently open at the website.
592
+ logout_request = OneLogin::RubySaml::SloLogoutrequest.new(
593
+ raw_request,
594
+ {settings: settings, get_params: @request.params}
595
+ )
596
+ raise OmniAuth::Strategies::SAML::ValidationError.new('SAML failed to process LogoutRequest') unless logout_request.is_valid?
597
+
598
+ @env['omniauth.saml_request'] = logout_request
599
+
600
+ # The SAML request needs to be validated at the application side and
601
+ # then the user needs to be redirected to the
602
+ logout_request_id = logout_request.id
603
+ logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, RelayState: slo_relay_state)
604
+ @env['omniauth.saml_response'] = logout_response
605
+
606
+ call_app!
607
+ end
608
+
565
609
  # Suomi.fi requires that the service provider needs to end the local user
566
610
  # session BEFORE sending the logout request to the identity provider.
567
611
  def other_phase_for_spslo
@@ -622,6 +666,7 @@ module OmniAuth
622
666
  end
623
667
  end
624
668
 
669
+ # rubocop:disable Metrics/MethodLength
625
670
  def suomifi_options
626
671
  idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
627
672
 
@@ -662,6 +707,7 @@ module OmniAuth
662
707
 
663
708
  settings
664
709
  end
710
+ # rubocop:enable Metrics/MethodLength
665
711
 
666
712
  # This will return true if the VTJ search (population information system,
667
713
  # väestötietojärjestelmä) was successful and information about the person
@@ -28,6 +28,7 @@ OneLogin::RubySaml::Utils.class_eval do
28
28
  # @param symmetric_key [String] The symetric key used to encrypt the text
29
29
  # @param algorithm [String] The encrypted algorithm
30
30
  # @return [String] The deciphered text
31
+ # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
31
32
  def self.retrieve_plaintext(cipher_text, symmetric_key, algorithm)
32
33
  case algorithm
33
34
  when 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' then cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').decrypt
@@ -43,7 +44,7 @@ OneLogin::RubySaml::Utils.class_eval do
43
44
 
44
45
  if cipher
45
46
  iv_len = cipher.iv_len
46
- data = cipher_text[iv_len..-1]
47
+ data = cipher_text[iv_len..]
47
48
  cipher.padding = 0
48
49
  cipher.key = symmetric_key
49
50
  cipher.iv = cipher_text[0..iv_len - 1]
@@ -58,7 +59,7 @@ OneLogin::RubySaml::Utils.class_eval do
58
59
  auth_cipher.key = symmetric_key
59
60
  auth_cipher.iv = cipher_text[0..iv_len - 1]
60
61
  auth_cipher.auth_data = ''
61
- auth_cipher.auth_tag = cipher_text[text_len - tag_len..-1]
62
+ auth_cipher.auth_tag = cipher_text[text_len - tag_len..]
62
63
  assertion_plaintext = auth_cipher.update(data)
63
64
  assertion_plaintext << auth_cipher.final
64
65
  elsif rsa
@@ -69,4 +70,5 @@ OneLogin::RubySaml::Utils.class_eval do
69
70
  cipher_text
70
71
  end
71
72
  end
73
+ # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
72
74
  end
@@ -17,14 +17,14 @@ module OmniAuth
17
17
  cert = OpenSSL::X509::Certificate.new
18
18
  cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
19
19
  cert.not_before = Time.now
20
- cert.not_after = Time.now + 365 * 24 * 60 * 60
20
+ cert.not_after = Time.now + (365 * 24 * 60 * 60)
21
21
  cert.public_key = public_key
22
22
  cert.serial = 0x0
23
23
  cert.version = 2
24
24
 
25
25
  inject_certificate_extensions(cert)
26
26
 
27
- cert.sign(private_key, OpenSSL::Digest::SHA1.new)
27
+ cert.sign(private_key, OpenSSL::Digest.new('SHA1'))
28
28
 
29
29
  cert
30
30
  end
@@ -33,7 +33,7 @@ module OmniAuth
33
33
  end
34
34
 
35
35
  def self.encrypted_xml(raw_xml_file, cert, sign_cert, sign_key)
36
- raw_xml = IO.read(raw_xml_file)
36
+ raw_xml = File.read(raw_xml_file)
37
37
  encrypted_xml_from_string(raw_xml, cert, sign_cert, sign_key)
38
38
  end
39
39
 
@@ -53,7 +53,7 @@ module OmniAuth
53
53
  template_path = Utility.template_filepath(
54
54
  'encrypted_data_template.xml'
55
55
  )
56
- template_io = IO.read(template_path)
56
+ template_io = File.read(template_path)
57
57
 
58
58
  Nokogiri::XML::Document.parse(template_io).root
59
59
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module Suomifi
5
- VERSION = '0.6.3'
5
+ VERSION = '0.8.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-suomifi
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.3
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Antti Hukkanen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-06 00:00:00.000000000 Z
11
+ date: 2024-09-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-saml
@@ -16,118 +16,112 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '2.0'
19
+ version: '2.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '2.0'
26
+ version: '2.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: ruby-saml
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.13.0
33
+ version: '1.17'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.13.0
40
+ version: '1.17'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rake
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '13.0'
47
+ version: '13.1'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '13.0'
54
+ version: '13.1'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rspec
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '3.9'
61
+ version: '3.13'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '3.9'
68
+ version: '3.13'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rack-test
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 1.1.0
75
+ version: 2.1.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 1.1.0
82
+ version: 2.1.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: webmock
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.6'
90
- - - ">="
91
- - !ruby/object:Gem::Version
92
- version: 3.6.2
89
+ version: '3.20'
93
90
  type: :development
94
91
  prerelease: false
95
92
  version_requirements: !ruby/object:Gem::Requirement
96
93
  requirements:
97
94
  - - "~>"
98
95
  - !ruby/object:Gem::Version
99
- version: '3.6'
100
- - - ">="
101
- - !ruby/object:Gem::Version
102
- version: 3.6.2
96
+ version: '3.20'
103
97
  - !ruby/object:Gem::Dependency
104
98
  name: xmlenc
105
99
  requirement: !ruby/object:Gem::Requirement
106
100
  requirements:
107
101
  - - "~>"
108
102
  - !ruby/object:Gem::Version
109
- version: 0.7.1
103
+ version: 0.8.0
110
104
  type: :development
111
105
  prerelease: false
112
106
  version_requirements: !ruby/object:Gem::Requirement
113
107
  requirements:
114
108
  - - "~>"
115
109
  - !ruby/object:Gem::Version
116
- version: 0.7.1
110
+ version: 0.8.0
117
111
  - !ruby/object:Gem::Dependency
118
112
  name: simplecov
119
113
  requirement: !ruby/object:Gem::Requirement
120
114
  requirements:
121
115
  - - "~>"
122
116
  - !ruby/object:Gem::Version
123
- version: 0.19.0
117
+ version: 0.22.0
124
118
  type: :development
125
119
  prerelease: false
126
120
  version_requirements: !ruby/object:Gem::Requirement
127
121
  requirements:
128
122
  - - "~>"
129
123
  - !ruby/object:Gem::Version
130
- version: 0.19.0
124
+ version: 0.22.0
131
125
  description: Suomi.fi e-Identification service integration for OmniAuth.
132
126
  email:
133
127
  - antti.hukkanen@mainiotech.fi
@@ -150,7 +144,8 @@ files:
150
144
  homepage: https://github.com/mainio/omniauth-suomifi
151
145
  licenses:
152
146
  - MIT
153
- metadata: {}
147
+ metadata:
148
+ rubygems_mfa_required: 'true'
154
149
  post_install_message:
155
150
  rdoc_options: []
156
151
  require_paths:
@@ -159,7 +154,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
159
154
  requirements:
160
155
  - - ">="
161
156
  - !ruby/object:Gem::Version
162
- version: '2.5'
157
+ version: '2.6'
163
158
  required_rubygems_version: !ruby/object:Gem::Requirement
164
159
  requirements:
165
160
  - - ">="