omniauth-swedbank 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-swedbank.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Jānis Kiršteins 
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Omniauth::Swedbank
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'omniauth-swedbank'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-swedbank
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/certs/request.private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEArWS2KSiTXtehadkvxFcss9GhXT4QcIJ/u9OyVv2vBDNZtK68
+jVG8GaUKmdsM5j8uq/w9d1LLCaRlYO+Pi0PBmSPpoIi/lO52PedddV4TkPwdufIu
+NBwMH91hVagypooGMV1PjtIW7lMF5k+6j97ETYDSwoZ+gRQ1enNX/02JIkma0o+O
+R0LKg3pAiGXcugr81fJuSCVd0yVrIaBI+BzySO2BJII3N588FLCoi4vZOhbC0or3
+hQWpMvpoWAZSVLRE+yhMLq2h8Oy5Ap9RaAkqHYMXhxfSBQgsikyO1ShEweMNE2Cy
+gmzDo7TjdInwsfh/8PC8D2K4V0xeq43HS9wPYwIDAQABAoIBADkSNA76Bv+pk7xm
+Ox2x38nUDvvEyN5vZaGp/UI6v5dvW3BoLzGInJQISaP4gJdsZm0/We/jdWbYEHJG
+h4W8KIXCV0x6lixsDMk1VQKjk2ceRJ6GgwSt0qPOVxI9iWZdecpXvy7wIZISC5gR
+2AMwvIYSB8z1PcA4qZ2DR4yFtcRt0IiU1UbvyNh0OXZNq/82K4qvrsQmWVkAQQuC
+zjRUJk9pAIx5BXnbJNe1/uaTPncC9nT/ZEQDqQ9F76BjfWHlAOfskuOyDCvutFez
+qrgfz5PznRo56WOWUud35vbVlHWSMnYF/5KGp9ugaVtjAUI4ab9LEGU+ajGZogSt
+iyz1DNkCgYEA436AXppYZtErcVJEP9dlJJCcs2BTcwsG7UBelRdHoI/f857ALE+g
+0eX13HxsZo5NsZIy/nNlsZ5V+7UGNsEqO+hxEOpeASHEScy9UE4UtPrRQpZnz9Sa
+NxWBnGSRSbFVezZmqUbAiFiCfDadFGstd0AzWHprE6xnBhYHaHl2nV0CgYEAwx7H
+zZ1bLvcRp90M1Cq4CoJF9t0UCdv6iCLvS87cetODr2xRjGixTS3ssaJ1rcUC4bWf
+dhpfT397aRWbMts6WHs3v/4yaUezVOsjr//Z8s5rUxvHf9z0dmPrSBe9trRVIE9C
+DflXTRqbYss7DLTPtdI1jdPbZIir1tqHhfe9078CgYEAt4/uYudlp2jmBeVcnqrd
+uNhbKL3z9+MQ7sU+zExhhmQxT7Fr3RVPba6BaSyYh1QRytNuBDT2/JAHTzftUKci
+vf47pWuG+KDXcrkalL68JKAx0+nq0B77ZLEcySW4ud62W9o0kig92Iaam0GyE7S7
+lfqes6jr148H/jguOBWyKR0CgYA5bycLHCWKBon46nVrQoPX/A7SIrNST6FIT1g2
+7VYzBW2+xliexvZhrIH+q76N/u7hN5APuKWThgfyn7yGVMew4dxANHfsS4G7Hlfr
+55jlAuPOm9+2gHipHLJWDz71t9FS6GGeMWYEOS/B/eaMz/BQKec/rzvmNOC4Jq07
+vvfuiwKBgHBGkRAkTTLwsqsUUwLSsCIp/1IJXvSwy0V2XVUQNDq5JPKA6CZuH9mX
+G9CMofUbPBb+a7CGsUhpWuBc1Y0JHlLABuVptcLLFRDfZkgRCtn8PRmEHXTOwdcS
+9sI0N0rT1hKbDCjOVE78uGEBCpHIt7GOw/bxftSK7RXeRrW6paCh
+-----END RSA PRIVATE KEY-----

data/certs/response.public.pem

@@ -0,0 +1,23 @@
+Bag Attributes
+    localKeyID: F7 69 BA A0 A3 90 3C BC B5 0F 54 5E 76 1F CD 08 16 77 98 E4 
+subject=/C=LV/O=SIA OPEN ID/OU=FAKE SWEDBANK/CN=SWEDBANK
+issuer=/C=LV/O=SIA OPEN ID/OU=FAKE SWEDBANK/CN=SWEDBANK
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgACCQDDEQNszepEcjANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJM
+VjEUMBIGA1UECgwLU0lBIE9QRU4gSUQxFjAUBgNVBAsMDUZBS0UgU1dFREJBTksx
+ETAPBgNVBAMMCFNXRURCQU5LMB4XDTEyMDYxOTA4NDI0MloXDTEzMDYxOTA4NDI0
+MlowTjELMAkGA1UEBhMCTFYxFDASBgNVBAoMC1NJQSBPUEVOIElEMRYwFAYDVQQL
+DA1GQUtFIFNXRURCQU5LMREwDwYDVQQDDAhTV0VEQkFOSzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOD7R6oFRVwzkVKFbZPel3lKeIw8FEHyiNhnBvyQ
+Ll9mYvzAfMiMS+izvx3yAGtVpQPW13eLl4SHseNxHbf9Ak4FSsjF3ops+gXpAOgV
+fRJIJ9ODtV2qKqIqtex89OT9tbK2mpdPBmSXAqKaYAL44ppkY05O3NUY0y+EHoeU
+2rvXqhtbdKUIgFkGau8Kb25a0Jpw9h8IDG9VoTENnlNSM39ZZEN52Ot2P3vrbz7w
+4dW5G0GfGKTgVYsKi5YWbw6UhCitKxG7w4Bem7cVAKC+g/y17+wf2komrRDXIGUS
+i9a3CEb7JdRDW+lFpG1LGG+Aoddk609FWR19AVd8ODrPsbcCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEANHmzMyeR4q7bIZzRhqFWVgAFQvPc2HJFf9izE+FpTLzqkoN1
+UsmwwyZnYfpFwwhE/JxCfECIcyHbDOydHRLCjAfLDOuPAUHAMAdsCgM+soYCnUyN
+hjDjRMWFBmZ+hq/3hFeNSXc0SObuVBXvd4V4fbRq4xOvcipb0aJiZRYSQZOkuPNg
+RY/+wMYu5g6lATgr+6rQf0U7xEjIWhzAqgiuW5SFuT0Tj0oo8IsI42LxCRkCC6Bk
+wMRl/RTxQlI4uSUZhoCFAuZKW+Mf+ROz7jft5NexYVcyqtlurg+214hhSFyPXvO2
+wxwCWV+cLHuXuqIYQ46+QUVC7P9E5G1TxebeuQ==
+-----END CERTIFICATE-----

data/lib/omniauth/strategies/swedbank.rb

@@ -0,0 +1,129 @@
+require 'omniauth'
+require 'base64'
+
+module OmniAuth
+  module Strategies
+    class Swedbank
+      # TODO add support for overriding the VK_LANG parameter
+      # TODO i18n for all texts
+
+      include OmniAuth::Strategy
+
+      AUTH_SERVICE_ID = :"4002"
+      AUTH_SERVICE_VERSION = :"008" # This value must not be used as a number, so as to not lose the padding
+                                    # Padding is important when generating the VK_MAC value
+
+      args [:private_key_file, :public_key_file, :snd_id, :rec_id]
+
+      option :private_key_file, nil
+      option :public_key_file, nil
+      option :snd_id, nil
+      option :rec_id, nil
+
+      option :name, "swedbank"
+      option :site, "https://ib.swedbank.lv/banklink"
+
+      def callback_url
+        full_host + script_name + callback_path
+      end
+
+      def nonce
+        return @nonce if @nonce
+        @nonce = ((full_host.gsub(/[\:\/]/, "X") + SecureRandom.uuid.gsub("-", "")).rjust 50, " ")[-50, 50]
+      end
+
+      def append_value_to_signature(value, signature = "")
+        signature << "#{value.to_s.bytesize.to_s.rjust(3, '0')}#{value}"
+      end
+
+      def signature_input
+        sig_str = append_value_to_signature(AUTH_SERVICE_ID)      # VK_SERVICE
+        append_value_to_signature(AUTH_SERVICE_VERSION, sig_str) # VK_VERSION
+        append_value_to_signature(options.snd_id, sig_str)       # VK_SND_ID
+        append_value_to_signature(options.rec_id, sig_str)       # VK_REC_ID
+        append_value_to_signature(nonce, sig_str)                # VK_NONCE
+        append_value_to_signature(callback_url, sig_str)         # VK_RETURN
+      end
+
+      def signature (priv_key)
+        Base64.encode64(priv_key.sign(OpenSSL::Digest::SHA1.new, signature_input))
+      end
+
+      uid do
+        request.params[:VK_INFO.to_s].match(/ISIK:(\d{6}\-\d{5})/)[1]
+      end
+
+      info do
+        {
+          :full_name => request.params[:VK_INFO.to_s].match(/NIMI:(.+)/)[1]
+        }
+      end
+
+      def callback_phase
+        begin
+          pub_key = OpenSSL::X509::Certificate.new(File.read(options.public_key_file || "")).public_key
+        rescue => e
+          return fail!(:public_key_load_err, e)
+        end
+
+        if request.params[:VK_SERVICE.to_s] != "3003"
+          return fail!(:unsupported_response_service_err)
+        end
+
+        if request.params[:VK_VERSION.to_s] != "008"
+          return fail!(:unsupported_response_version_err)
+        end
+
+        if request.params[:VK_ENCODING.to_s] != "UTF-8"
+          return fail!(:unsupported_response_encoding_err)
+        end
+
+        sig_str = append_value_to_signature(request.params[:VK_SERVICE.to_s])
+        append_value_to_signature(request.params[:VK_VERSION.to_s], sig_str)
+        append_value_to_signature(request.params[:VK_SND_ID.to_s], sig_str)
+        append_value_to_signature(request.params[:VK_REC_ID.to_s], sig_str)
+        append_value_to_signature(request.params[:VK_NONCE.to_s], sig_str)
+        append_value_to_signature(request.params[:VK_INFO.to_s], sig_str)
+
+        raw_signature = Base64.decode64(request.params[:VK_MAC.to_s])
+
+        if !pub_key.verify(OpenSSL::Digest::SHA1.new, raw_signature, sig_str)
+          return fail!(:invalid_response_signature_err)
+        end
+
+        super
+      rescue Exception => e
+        fail!(:unknown_callback_err, e)
+      end
+
+      def request_phase
+        begin
+          priv_key = OpenSSL::PKey::RSA.new(File.read(options.private_key_file || ""))
+        rescue => e
+          return fail!(:private_key_load_err, e)
+        end
+
+        OmniAuth.config.form_css = nil
+        form = OmniAuth::Form.new(:title => "Please wait ...", :url => options.site)
+
+        form.html "<input type=\"hidden\" name=\"VK_SERVICE\" value=\"#{AUTH_SERVICE_ID}\" />"
+        form.html "<input type=\"hidden\" name=\"VK_VERSION\" value=\"#{AUTH_SERVICE_VERSION}\" />"
+        form.html "<input type=\"hidden\" name=\"VK_SND_ID\" value=\"#{options.snd_id}\" />"
+        form.html "<input type=\"hidden\" name=\"VK_REC_ID\" value=\"#{options.rec_id}\" />"
+        form.html "<input type=\"hidden\" name=\"VK_NONCE\" value=\"#{nonce}\" />"
+        form.html "<input type=\"hidden\" name=\"VK_RETURN\" value=\"#{callback_url}\" />"
+        form.html "<input type=\"hidden\" name=\"VK_LANG\" value=\"LAT\" />"
+        form.html "<input type=\"hidden\" name=\"VK_MAC\" value=\"#{signature priv_key}\" />"
+
+        form.button "Click here if not redirected automatically ..."
+
+        form.instance_variable_set("@html",
+          form.to_html.gsub("</form>", "</form><script type=\"text/javascript\">document.forms[0].submit();</script>"))
+        #puts form.to_html
+        form.to_response
+      rescue Exception => e
+        fail!(:unknown_request_err, e)
+      end
+    end
+  end
+end

data/lib/omniauth/swedbank/version.rb

@@ -0,0 +1,5 @@
+module Omniauth
+  module Swedbank
+    VERSION = "0.0.1"
+  end
+end

data/lib/omniauth/swedbank.rb

@@ -0,0 +1,2 @@
+require 'omniauth/swedbank/version'
+require 'omniauth/strategies/swedbank'

data/lib/omniauth-swedbank.rb

@@ -0,0 +1 @@
+require 'omniauth/swedbank'

data/omniauth-swedbank.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/swedbank/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "omniauth-swedbank"
+  spec.version       = Omniauth::Swedbank::VERSION
+  spec.authors       = ["Jānis Kiršteins"]
+  spec.email         = ["janis@montadigital.com"]
+  spec.description   = %q{OmniAuth strategy for Swedbank Banklink}
+  spec.summary       = %q{OmniAuth strategy for Swedbank Banklink}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'omniauth-oauth', '~> 1.0'
+  spec.add_development_dependency 'rack'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rspec', '~> 2.7'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/spec/omniauth/strategies/swedbank_spec.rb

@@ -0,0 +1,208 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::Swedbank do
+
+  PRIVATE_KEY_FILE = File.join RSpec.configuration.cert_folder, "request.private.pem"
+  PUBLIC_KEY_FILE = File.join RSpec.configuration.cert_folder, "response.public.pem"
+
+  let(:app){ Rack::Builder.new do |b|
+    b.use Rack::Session::Cookie, {:secret => "abc123"}
+    b.use(OmniAuth::Strategies::Swedbank, PRIVATE_KEY_FILE, PUBLIC_KEY_FILE, :"MY_SND_ID", :"MY_REC_ID")
+    b.run lambda{|env| [404, {}, ['Not Found']]}
+  end.to_app }
+
+  let(:private_key) { OpenSSL::PKey::RSA.new(File.read(PRIVATE_KEY_FILE)) }
+  let(:public_key) { OpenSSL::PKey::RSA.new(File.read(PUBLIC_KEY_FILE)) }
+  let(:last_response_nonce) { last_response.body.match(/name="VK_NONCE" value="([^"]*)"/)[1] }
+  let(:last_response_mac) { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] }
+
+  context "request phase" do
+    EXPECTED_VALUES = {
+      :VK_SERVICE => :"4002",
+      :VK_VERSION => :"008",
+      :VK_SND_ID => :MY_SND_ID,
+      :VK_REC_ID => :MY_REC_ID,
+      :VK_RETURN => :"http://example.org/auth/swedbank/callback"
+    }
+
+    before(:each){ get '/auth/swedbank' }
+
+    it "displays a single form" do
+      expect(last_response.status).to eq(200)
+      expect(last_response.body.scan('<form').size).to eq(1)
+    end
+
+    it "has JavaScript code to submit the form after it's created" do
+      expect(last_response.body).to be_include("</form><script type=\"text/javascript\">document.forms[0].submit();</script>")
+    end
+
+    EXPECTED_VALUES.each_pair do |k,v|
+      it "has hidden input field #{k} => #{v}" do
+        expect(last_response.body.scan(
+          "<input type=\"hidden\" name=\"#{k}\" value=\"#{v}\"").size).to eq(1)
+      end
+    end
+
+    it "has a 50 byte long nonce field value" do
+      expect(last_response_nonce.bytesize).to eq(50)
+    end
+
+    it "has a correct VK_MAC signature" do
+      sig_str =
+        "0044002" + # VK_SERVICE
+        "003008" +  # VK_VERSION
+        "009MY_SND_ID" +  # VK_SND_ID
+        "009MY_REC_ID" +  # VK_REC_ID
+        "050" + last_response_nonce +  # VK_NONCE
+        "041#{EXPECTED_VALUES[:VK_RETURN]}"  # V_RETURN
+
+      expected_mac = Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, sig_str))
+      expect(last_response_mac).to eq(expected_mac)
+    end
+
+    context "with default options" do
+      it "has the default action tag value" do
+        expect(last_response.body).to be_include("action='https://ib.swedbank.lv/banklink'")
+      end
+
+      it "has the default VK_LANG value" do
+        expect(last_response.body).to be_include("action='https://ib.swedbank.lv/banklink'")
+      end
+    end
+
+    context "with custom options" do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {:secret => "abc123"}
+        b.use(OmniAuth::Strategies::Swedbank, PRIVATE_KEY_FILE, PUBLIC_KEY_FILE, :"MY_SND_ID", :"MY_REC_ID",
+          :site => "https://test.lv/banklink")
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it "has the custom action tag value" do
+        expect(last_response.body).to be_include("action='https://test.lv/banklink'")
+      end
+    end
+
+    context "with non-existant private key files" do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {:secret => "abc123"}
+        b.use(OmniAuth::Strategies::Swedbank, "missing-private-key-file.pem", PUBLIC_KEY_FILE, :"MY_SND_ID", :"MY_REC_ID")
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it "redirects to /auth/failure with appropriate query params" do
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers["Location"]).to eq("/auth/failure?message=private_key_load_err&strategy=swedbank")
+      end
+    end
+  end
+
+  context "callback phase" do
+    let(:auth_hash){ last_request.env['omniauth.auth'] }
+
+    context "with valid response" do
+      before do
+        post :'/auth/swedbank/callback',
+          :VK_SERVICE => :'3003',
+          :VK_VERSION => :'008',
+          :VK_SND_ID => :"HP",
+          :VK_REC_ID => :"MY_REC_ID",
+          :VK_NONCE => :"pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a",
+          :VK_INFO => :'ISIK:123456-12345;NIMI:Example User',
+          :VK_MAC => :"cmXyp2My7P9pTgrzqJeg7qH+NPCuyaiGNpQIrcCr6S44w0bH+Ao4WDViqytaPH2vENooVPXDSgOcBqHTg44gJ9FlrhI5StiouHVhjpCcWg+h/ERcyc8w58PjsEmdsd4BIpaGXNyhvcIKdWfNwYA1UCIrmFsPAPWfVeorNxp81E7pvY4p4zsqMF80YZ7/RdOpjrtuXJ4nYJ7d+2fXJKKmUlqArCc786DJdb/z8wVDSNA9BZxnf8EE6s//p9gzqLPAg/T9Xp/2024n2JtC6kwsWF614bn64LEZz5c8owZth6FV+2fjnzHxOiifOe+jc9SRstCLITK6Y0j+6n8auiEZ5g==",
+          :VK_ENCODING => :'UTF-8',
+          :VK_LANG => :'LAT'
+      end
+
+      it "sets the correct uid value in the auth hash" do
+        expect(auth_hash.uid).to eq("123456-12345")
+      end
+
+      it "sets the correct info.full_name value in the auth hash" do
+        expect(auth_hash.info.full_name).to eq("Example User")
+      end
+    end
+
+    context "with non-existant public key file" do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {:secret => "abc123"}
+        b.use(OmniAuth::Strategies::Swedbank, PRIVATE_KEY_FILE, "missing-public-key-file.pem", "MY_SND_ID", "MY_REC_ID")
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it "redirects to /auth/failure with appropriate query params" do
+        post :'/auth/swedbank/callback' # Params are not important, because we're testing public key loading
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers["Location"]).to eq("/auth/failure?message=public_key_load_err&strategy=swedbank")
+      end
+    end
+
+    context "with invalid response" do
+
+      it "detects invalid signature" do
+        post :'/auth/swedbank/callback',
+          :VK_SERVICE => :'3003',
+          :VK_VERSION => :'008',
+          :VK_SND_ID => :"HP",
+          :VK_REC_ID => :"MY_REC_ID",
+          :VK_NONCE => :'pXXXlocalhostX3000df346e9e453d43cd9c3c4076030d9e54',
+          :VK_INFO => :'ISIK:123456-12345;NIMI:Example User',
+          :VK_MAC => "invalid signature",
+          :VK_ENCODING => :'UTF-8',
+          :VK_LANG => :'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers["Location"]).to eq("/auth/failure?message=invalid_response_signature_err&strategy=swedbank")
+      end
+
+      it "detects unsupported VK_SERVICE values" do
+        post :'/auth/swedbank/callback',
+          :VK_SERVICE => :'3004',
+          :VK_VERSION => :'008',
+          :VK_SND_ID => :"HP",
+          :VK_REC_ID => :"MY_REC_ID",
+          :VK_NONCE => :'pXXXlocalhostX3000df2afdbd66ee4c3a998b72cfd3d7d131',
+          :VK_INFO => :'ISIK:123456-12345;NIMI:Example User',
+          :VK_MAC => :"tzGu5AxwaEMwAjkY8zh796NQ45QSEshuFiT0VnOdDN3gZPYlAcmm5jPs+j17U1rCKvz6tdKn9I8u+OUcV95+1Sa34dZ/09KrUgwDrOej/djJZ2lg5MgGLAftDsRomcCCuBppQvjdzhCvNeA2OAWPbl7Enn6HVjvb3esJY6D80bYIPm48DHDhhHbdcSwHubFeizyw9syviFsN3xVkhr5YS7W1/owXh/jeHSf8cqLVSzRyShU/JnJfevNsXDpSHbphA5Q4n5q5y0EcuA6/wW2qc2o5nKQjDDhZgxkWYKz6YpVj8zC2x/LXUkmJ+r1K0Slw2lhwEcP2tgIdThkAaT8MYQ==",
+          :VK_ENCODING => :'UTF-8',
+          :VK_LANG => :'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers["Location"]).to eq("/auth/failure?message=unsupported_response_service_err&strategy=swedbank")
+      end
+
+      it "detects unsupported VK_VERSION values" do
+        post :'/auth/swedbank/callback',
+          :VK_SERVICE => :'3003',
+          :VK_VERSION => :'009',
+          :VK_SND_ID => :"HP",
+          :VK_REC_ID => :"MY_REC_ID",
+          :VK_NONCE => :'pXXXlocalhostX300023f78258d685424584f4e859b5d480f5',
+          :VK_INFO => :'ISIK:123456-12345;NIMI:Example User',
+          :VK_MAC => :"0KACnfCZZW2pQnFGttOXMrQRnmYQj45SwqIa5SbKhybJlP1GaXaoa5VYa+xGAnizx+YKbYQsXchXbeNIlQNrQ8/gedByzJtNFI4s4VIaU0tp7P83BjbzYfSMwvIImZvlFyVPgey8Va06fPGi+jdoUp7Dr8vwf6eAzxQhyVjEEYVR+axkAJP9+driMqTKQaxMlctWnivxf8stjI1ElmcdurndLbVnmHLTw6AichmzqUfvfXE3wh4XCVZtD+7VBPvbn4eKXif61cNfkOO/+nNap1buW8RLQirL7Eis//MmWoGSW8H5605DAAK9Ui7CNoB279Ww05pY4wsP7KZdiJ4WCA==",
+          :VK_ENCODING => :'UTF-8',
+          :VK_LANG => :'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers["Location"]).to eq("/auth/failure?message=unsupported_response_version_err&strategy=swedbank")
+      end
+
+      it "detects unsupported VK_ENCODING values" do
+        post :'/auth/swedbank/callback',
+          :VK_SERVICE => :'3003',
+          :VK_VERSION => :'008',
+          :VK_SND_ID => :"HP",
+          :VK_REC_ID => :"MY_REC_ID",
+          :VK_NONCE => :"pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a",
+          :VK_INFO => :'ISIK:123456-12345;NIMI:Example User',
+          :VK_MAC => :"cmXyp2My7P9pTgrzqJeg7qH+NPCuyaiGNpQIrcCr6S44w0bH+Ao4WDViqytaPH2vENooVPXDSgOcBqHTg44gJ9FlrhI5StiouHVhjpCcWg+h/ERcyc8w58PjsEmdsd4BIpaGXNyhvcIKdWfNwYA1UCIrmFsPAPWfVeorNxp81E7pvY4p4zsqMF80YZ7/RdOpjrtuXJ4nYJ7d+2fXJKKmUlqArCc786DJdb/z8wVDSNA9BZxnf8EE6s//p9gzqLPAg/T9Xp/2024n2JtC6kwsWF614bn64LEZz5c8owZth6FV+2fjnzHxOiifOe+jc9SRstCLITK6Y0j+6n8auiEZ5g==",
+          :VK_ENCODING => :'ASCII',
+          :VK_LANG => :'LAT'
+
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers["Location"]).to eq("/auth/failure?message=unsupported_response_encoding_err&strategy=swedbank")
+      end
+
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'rspec'
+require 'rack/test'
+require 'omniauth'
+require 'omniauth-swedbank'
+
+RSpec.configure do |config|
+  config.add_setting('cert_folder')
+  config.cert_folder = File.expand_path('../../certs', __FILE__)
+
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -0,0 +1,174 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-swedbank
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Jānis Kiršteins
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-04-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for Swedbank Banklink
+email:
+- janis@montadigital.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- certs/request.private.pem
+- certs/response.public.pem
+- lib/omniauth-swedbank.rb
+- lib/omniauth/strategies/swedbank.rb
+- lib/omniauth/swedbank.rb
+- lib/omniauth/swedbank/version.rb
+- omniauth-swedbank.gemspec
+- spec/omniauth/strategies/swedbank_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: OmniAuth strategy for Swedbank Banklink
+test_files:
+- spec/omniauth/strategies/swedbank_spec.rb
+- spec/spec_helper.rb