omniauth-swedbank 0.0.6 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.travis.yml +3 -4
- data/LICENSE.txt +1 -1
- data/README.md +48 -6
- data/lib/omniauth/strategies/swedbank.rb +52 -62
- data/lib/omniauth/swedbank/version.rb +1 -1
- data/omniauth-swedbank.gemspec +8 -7
- data/{certs → spec/certs}/request.private.pem +0 -0
- data/{certs → spec/certs}/response.public.pem +0 -0
- data/spec/omniauth/strategies/swedbank_spec.rb +109 -112
- data/spec/spec_helper.rb +2 -2
- metadata +29 -45
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 0c3ea7ae5231e19bb917c9286e2e868a3a0fea29
|
4
|
+
data.tar.gz: e9bfe91613d52e239f93e75097c2dee22c51cbad
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: ccb0883f008cfff47779ca1d6804edba0d9eb93b5de7e97854798b2966dfe3c17b75fb135a2de0ec201a99859a448626bbebdad39306958810a3eea98c3952c4
|
7
|
+
data.tar.gz: 83752772955b7aee9046ac23fd530ef0a6c3512b49c556702bb9a9ffb1c27231b89719f9338db46ed677e103651ea18fa52bc82ac9a015c1c20c4880756709d8
|
data/.travis.yml
CHANGED
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,13 +1,18 @@
|
|
1
|
-
# Omniauth
|
1
|
+
# Omniauth Swedbank
|
2
2
|
|
3
3
|
Omniauth strategy for using Swedbank as an authentication service provider.
|
4
4
|
|
5
|
-
This implementation works in Latvia, and should work in Estonia and Lithuania.
|
6
|
-
|
7
5
|
[](http://badge.fury.io/rb/omniauth-swedbank)
|
8
|
-
[](https://travis-ci.org/mak-it/omniauth-swedbank)
|
7
|
+
|
8
|
+
Supported Ruby versions: 2.2+
|
9
9
|
|
10
|
-
|
10
|
+
## Related projects
|
11
|
+
|
12
|
+
- [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele
|
13
|
+
- [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
|
14
|
+
- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
|
15
|
+
- [omniauth-seb-elink](https://github.com/mak-it/omniauth-seb-elink) - strategy for authenticating with SEB
|
11
16
|
|
12
17
|
## Installation
|
13
18
|
|
@@ -25,7 +30,44 @@ Or install it yourself as:
|
|
25
30
|
|
26
31
|
## Usage
|
27
32
|
|
28
|
-
|
33
|
+
Here's a quick example, adding the middleware to a Rails app
|
34
|
+
in `config/initializers/omniauth.rb`:
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
38
|
+
provider :swedbank,
|
39
|
+
File.read("path/to/private.key"),
|
40
|
+
File.read("path/to/bank.crt"),
|
41
|
+
ENV['SWEDBANK_SND_ID'],
|
42
|
+
ENV['SWEDBANK_REC_ID']
|
43
|
+
end
|
44
|
+
```
|
45
|
+
|
46
|
+
## Auth Hash
|
47
|
+
|
48
|
+
Here's an example Auth Hash available in `request.env['omniauth.auth']`:
|
49
|
+
|
50
|
+
```ruby
|
51
|
+
{
|
52
|
+
provider: 'swedbank',
|
53
|
+
uid: '374042-80367',
|
54
|
+
info: {
|
55
|
+
full_name: 'ARNIS RAITUMS'
|
56
|
+
},
|
57
|
+
extra: {
|
58
|
+
raw_info: {
|
59
|
+
VK_SERVICE: '3003',
|
60
|
+
VK_VERSION: '008',
|
61
|
+
VK_SND_ID: 'HP',
|
62
|
+
VK_REC_ID: 'MPLMT',
|
63
|
+
VK_NONCE: '20170425114529204413',
|
64
|
+
VK_INFO: 'ISIK:090482-12549;NIMI:DACE ĀBOLA',
|
65
|
+
VK_MAC: 'qrEMRf6YV...',
|
66
|
+
VK_ENCODING: 'UTF-8
|
67
|
+
}
|
68
|
+
}
|
69
|
+
}
|
70
|
+
```
|
29
71
|
|
30
72
|
## Contributing
|
31
73
|
|
@@ -1,53 +1,43 @@
|
|
1
1
|
require 'omniauth'
|
2
2
|
require 'base64'
|
3
3
|
|
4
|
-
class String
|
5
|
-
def prepend_length
|
6
|
-
# prepend length to string in 0xx format
|
7
|
-
|
8
|
-
[ self.to_s.length.to_s.rjust(3, '0'), self.dup.to_s.force_encoding("ascii")].join
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
4
|
module OmniAuth
|
13
5
|
module Strategies
|
14
6
|
class Swedbank
|
15
|
-
# TODO add support for overriding the VK_LANG parameter
|
16
|
-
|
17
7
|
include OmniAuth::Strategy
|
18
8
|
|
19
|
-
|
20
|
-
|
21
|
-
# Padding is important when generating the VK_MAC value
|
9
|
+
AUTH_SERVICE = '4002'
|
10
|
+
AUTH_VERSION = '008'
|
22
11
|
|
23
|
-
args [:
|
12
|
+
args [:private_key, :public_key, :snd_id, :rec_id]
|
24
13
|
|
25
|
-
option :
|
26
|
-
option :
|
14
|
+
option :private_key, nil
|
15
|
+
option :public_key, nil
|
27
16
|
option :snd_id, nil
|
28
17
|
option :rec_id, nil
|
29
18
|
|
30
|
-
option :name,
|
31
|
-
option :site,
|
19
|
+
option :name, 'swedbank'
|
20
|
+
option :site, 'https://ib.swedbank.lv/banklink'
|
32
21
|
|
33
|
-
def
|
34
|
-
|
22
|
+
def stamp
|
23
|
+
return @stamp if @stamp
|
24
|
+
@stamp = Time.now.strftime('%Y%m%d%H%M%S') + SecureRandom.random_number(999999).to_s.rjust(6, '0')
|
35
25
|
end
|
36
26
|
|
37
|
-
def
|
38
|
-
|
39
|
-
|
27
|
+
def prepend_length(value)
|
28
|
+
# prepend length to string in 0xx format
|
29
|
+
[ value.to_s.length.to_s.rjust(3, '0'), value.dup.to_s.force_encoding('ascii')].join
|
40
30
|
end
|
41
31
|
|
42
32
|
def signature_input
|
43
33
|
[
|
44
|
-
|
45
|
-
|
46
|
-
options.snd_id,
|
47
|
-
options.rec_id,
|
48
|
-
|
49
|
-
callback_url
|
50
|
-
].map(
|
34
|
+
AUTH_SERVICE, # VK_SERVICE
|
35
|
+
AUTH_VERSION, # VK_VERSION
|
36
|
+
options.snd_id, # VK_SND_ID
|
37
|
+
options.rec_id, # VK_REC_ID
|
38
|
+
stamp, # VK_NONCE
|
39
|
+
callback_url # VK_RETURN
|
40
|
+
].map{|v| prepend_length(v)}.join
|
51
41
|
end
|
52
42
|
|
53
43
|
def signature(priv_key)
|
@@ -55,84 +45,84 @@ module OmniAuth
|
|
55
45
|
end
|
56
46
|
|
57
47
|
uid do
|
58
|
-
request.params[
|
48
|
+
request.params['VK_INFO'].match(/ISIK:(\d{6}\-\d{5})/)[1]
|
59
49
|
end
|
60
50
|
|
61
51
|
info do
|
62
52
|
{
|
63
|
-
:
|
53
|
+
full_name: request.params['VK_INFO'].match(/NIMI:(.+)/)[1]
|
64
54
|
}
|
65
55
|
end
|
66
56
|
|
57
|
+
extra do
|
58
|
+
{ raw_info: request.params }
|
59
|
+
end
|
60
|
+
|
67
61
|
def callback_phase
|
68
62
|
begin
|
69
|
-
pub_key = OpenSSL::X509::Certificate.new(
|
63
|
+
pub_key = OpenSSL::X509::Certificate.new(options.public_key).public_key
|
70
64
|
rescue => e
|
71
65
|
return fail!(:public_key_load_err, e)
|
72
66
|
end
|
73
67
|
|
74
|
-
if request.params[
|
68
|
+
if request.params['VK_SERVICE'] != '3003'
|
75
69
|
return fail!(:unsupported_response_service_err)
|
76
70
|
end
|
77
71
|
|
78
|
-
if request.params[
|
72
|
+
if request.params['VK_VERSION'] != '008'
|
79
73
|
return fail!(:unsupported_response_version_err)
|
80
74
|
end
|
81
75
|
|
82
|
-
if request.params[
|
76
|
+
if request.params['VK_ENCODING'] != 'UTF-8'
|
83
77
|
return fail!(:unsupported_response_encoding_err)
|
84
78
|
end
|
85
79
|
|
86
80
|
sig_str = [
|
87
|
-
request.params[
|
88
|
-
request.params[
|
89
|
-
request.params[
|
90
|
-
request.params[
|
91
|
-
request.params[
|
92
|
-
request.params[
|
93
|
-
].map(
|
81
|
+
request.params['VK_SERVICE'],
|
82
|
+
request.params['VK_VERSION'],
|
83
|
+
request.params['VK_SND_ID'],
|
84
|
+
request.params['VK_REC_ID'],
|
85
|
+
request.params['VK_NONCE'],
|
86
|
+
request.params['VK_INFO']
|
87
|
+
].map{|v| prepend_length(v)}.join
|
94
88
|
|
95
|
-
raw_signature = Base64.decode64(request.params[
|
89
|
+
raw_signature = Base64.decode64(request.params['VK_MAC'])
|
96
90
|
|
97
91
|
if !pub_key.verify(OpenSSL::Digest::SHA1.new, raw_signature, sig_str)
|
98
92
|
return fail!(:invalid_response_signature_err)
|
99
93
|
end
|
100
94
|
|
101
95
|
super
|
102
|
-
rescue => e
|
103
|
-
fail!(:unknown_callback_err, e)
|
104
96
|
end
|
105
97
|
|
106
98
|
def request_phase
|
107
99
|
begin
|
108
|
-
priv_key = OpenSSL::PKey::RSA.new(
|
100
|
+
priv_key = OpenSSL::PKey::RSA.new(options.private_key)
|
109
101
|
rescue => e
|
110
102
|
return fail!(:private_key_load_err, e)
|
111
103
|
end
|
112
104
|
|
113
|
-
OmniAuth.
|
114
|
-
form = OmniAuth::Form.new(:title => I18n.t("omniauth.swedbank.please_wait"), :url => options.site)
|
105
|
+
form = OmniAuth::Form.new(:title => I18n.t('omniauth.swedbank.please_wait'), :url => options.site)
|
115
106
|
|
116
107
|
{
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
108
|
+
'VK_SERVICE' => AUTH_SERVICE,
|
109
|
+
'VK_VERSION' => AUTH_VERSION,
|
110
|
+
'VK_SND_ID' => options.snd_id,
|
111
|
+
'VK_REC_ID' => options.rec_id,
|
112
|
+
'VK_NONCE' => stamp,
|
113
|
+
'VK_RETURN' => callback_url,
|
114
|
+
'VK_MAC' => signature(priv_key),
|
115
|
+
'VK_LANG' => 'LAT',
|
116
|
+
'VK_ENCODING' => 'UTF-8'
|
125
117
|
}.each do |name, val|
|
126
118
|
form.html "<input type=\"hidden\" name=\"#{name}\" value=\"#{val}\" />"
|
127
119
|
end
|
128
120
|
|
129
|
-
form.button I18n.t(
|
121
|
+
form.button I18n.t('omniauth.swedbank.click_here_if_not_redirected')
|
130
122
|
|
131
|
-
form.instance_variable_set(
|
132
|
-
form.to_html.gsub(
|
123
|
+
form.instance_variable_set('@html',
|
124
|
+
form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
|
133
125
|
form.to_response
|
134
|
-
rescue => e
|
135
|
-
fail!(:unknown_request_err, e)
|
136
126
|
end
|
137
127
|
end
|
138
128
|
end
|
data/omniauth-swedbank.gemspec
CHANGED
@@ -4,19 +4,21 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
require 'omniauth/swedbank/version'
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
|
-
spec.name =
|
7
|
+
spec.name = 'omniauth-swedbank'
|
8
8
|
spec.version = Omniauth::Swedbank::VERSION
|
9
|
-
spec.authors = [
|
10
|
-
spec.email = [
|
9
|
+
spec.authors = ['MAK IT', 'Jānis Kiršteins', 'Kristaps Ērglis']
|
10
|
+
spec.email = ['admin@makit.lv', 'janis@montadigital.com', 'kristaps.erglis@gmail.com' ]
|
11
11
|
spec.description = %q{OmniAuth strategy for Swedbank Banklink}
|
12
12
|
spec.summary = %q{OmniAuth strategy for Swedbank Banklink}
|
13
|
-
spec.homepage =
|
14
|
-
spec.license =
|
13
|
+
spec.homepage = 'https://github.com/mak-it/omniauth-swedbank'
|
14
|
+
spec.license = 'MIT'
|
15
15
|
|
16
16
|
spec.files = `git ls-files`.split($/)
|
17
17
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
-
spec.require_paths = [
|
19
|
+
spec.require_paths = ['lib']
|
20
|
+
|
21
|
+
spec.required_ruby_version = '>= 2.2.2'
|
20
22
|
|
21
23
|
spec.add_runtime_dependency 'omniauth', '~> 1.0'
|
22
24
|
spec.add_runtime_dependency "i18n"
|
@@ -25,5 +27,4 @@ Gem::Specification.new do |spec|
|
|
25
27
|
spec.add_development_dependency 'rspec', '~> 2.7'
|
26
28
|
spec.add_development_dependency "bundler", "~> 1.3"
|
27
29
|
spec.add_development_dependency "rake"
|
28
|
-
|
29
30
|
end
|
File without changes
|
File without changes
|
@@ -2,38 +2,36 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe OmniAuth::Strategies::Swedbank do
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
PRIVATE_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'request.private.pem'))
|
6
|
+
PUBLIC_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'response.public.pem'))
|
7
7
|
|
8
8
|
let(:app){ Rack::Builder.new do |b|
|
9
|
-
b.use Rack::Session::Cookie, {:
|
10
|
-
b.use(OmniAuth::Strategies::Swedbank,
|
9
|
+
b.use Rack::Session::Cookie, {secret: 'abc123'}
|
10
|
+
b.use(OmniAuth::Strategies::Swedbank, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID', 'MY_REC_ID')
|
11
11
|
b.run lambda{|env| [404, {}, ['Not Found']]}
|
12
12
|
end.to_app }
|
13
13
|
|
14
|
-
let(:private_key) { OpenSSL::PKey::RSA.new(File.read(PRIVATE_KEY_FILE)) }
|
15
|
-
let(:public_key) { OpenSSL::PKey::RSA.new(File.read(PUBLIC_KEY_FILE)) }
|
16
14
|
let(:last_response_nonce) { last_response.body.match(/name="VK_NONCE" value="([^"]*)"/)[1] }
|
17
15
|
let(:last_response_mac) { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] }
|
18
16
|
|
19
|
-
context
|
17
|
+
context 'request phase' do
|
20
18
|
EXPECTED_VALUES = {
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
19
|
+
'VK_SERVICE' => '4002',
|
20
|
+
'VK_VERSION' => '008',
|
21
|
+
'VK_SND_ID' => 'MY_SND_ID',
|
22
|
+
'VK_REC_ID' => 'MY_REC_ID',
|
23
|
+
'VK_RETURN' => 'http://example.org/auth/swedbank/callback'
|
26
24
|
}
|
27
25
|
|
28
26
|
before(:each){ get '/auth/swedbank' }
|
29
27
|
|
30
|
-
it
|
28
|
+
it 'displays a single form' do
|
31
29
|
expect(last_response.status).to eq(200)
|
32
30
|
expect(last_response.body.scan('<form').size).to eq(1)
|
33
31
|
end
|
34
32
|
|
35
|
-
it
|
36
|
-
expect(last_response.body).to be_include(
|
33
|
+
it 'has JavaScript code to submit the form after it is created' do
|
34
|
+
expect(last_response.body).to be_include('</form><script type="text/javascript">document.forms[0].submit();</script>')
|
37
35
|
end
|
38
36
|
|
39
37
|
EXPECTED_VALUES.each_pair do |k,v|
|
@@ -43,166 +41,165 @@ describe OmniAuth::Strategies::Swedbank do
|
|
43
41
|
end
|
44
42
|
end
|
45
43
|
|
46
|
-
it
|
47
|
-
expect(last_response_nonce.bytesize).to eq(
|
44
|
+
it 'has a 50 byte long nonce field value' do
|
45
|
+
expect(last_response_nonce.bytesize).to eq(20)
|
48
46
|
end
|
49
47
|
|
50
|
-
it
|
48
|
+
it 'has a correct VK_MAC signature' do
|
51
49
|
sig_str =
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
"
|
57
|
-
"041#{EXPECTED_VALUES[
|
58
|
-
|
50
|
+
'0044002' + # VK_SERVICE
|
51
|
+
'003008' + # VK_VERSION
|
52
|
+
'009MY_SND_ID' + # VK_SND_ID
|
53
|
+
'009MY_REC_ID' + # VK_REC_ID
|
54
|
+
"020#{last_response_nonce}" + # VK_NONCE
|
55
|
+
"041#{EXPECTED_VALUES['VK_RETURN']}" # V_RETURN
|
56
|
+
|
57
|
+
private_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
|
59
58
|
expected_mac = Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, sig_str))
|
60
59
|
expect(last_response_mac).to eq(expected_mac)
|
61
60
|
end
|
62
61
|
|
63
|
-
context
|
64
|
-
it
|
62
|
+
context 'with default options' do
|
63
|
+
it 'has the default action tag value' do
|
65
64
|
expect(last_response.body).to be_include("action='https://ib.swedbank.lv/banklink'")
|
66
65
|
end
|
67
66
|
|
68
|
-
it
|
67
|
+
it 'has the default VK_LANG value' do
|
69
68
|
expect(last_response.body).to be_include("action='https://ib.swedbank.lv/banklink'")
|
70
69
|
end
|
71
70
|
end
|
72
71
|
|
73
|
-
context
|
72
|
+
context 'with custom options' do
|
74
73
|
let(:app){ Rack::Builder.new do |b|
|
75
|
-
b.use Rack::Session::Cookie, {:
|
76
|
-
b.use(OmniAuth::Strategies::Swedbank,
|
77
|
-
:
|
74
|
+
b.use Rack::Session::Cookie, {secret: 'abc123'}
|
75
|
+
b.use(OmniAuth::Strategies::Swedbank, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID', 'MY_REC_ID',
|
76
|
+
site: 'https://test.lv/banklink')
|
78
77
|
b.run lambda{|env| [404, {}, ['Not Found']]}
|
79
78
|
end.to_app }
|
80
79
|
|
81
|
-
it
|
80
|
+
it 'has the custom action tag value' do
|
82
81
|
expect(last_response.body).to be_include("action='https://test.lv/banklink'")
|
83
82
|
end
|
84
83
|
end
|
85
84
|
|
86
|
-
context
|
85
|
+
context 'with non-existant private key files' do
|
87
86
|
let(:app){ Rack::Builder.new do |b|
|
88
|
-
b.use Rack::Session::Cookie, {:
|
89
|
-
b.use(OmniAuth::Strategies::Swedbank,
|
87
|
+
b.use Rack::Session::Cookie, {secret: 'abc123'}
|
88
|
+
b.use(OmniAuth::Strategies::Swedbank, 'missing-private-key-file.pem', PUBLIC_KEY, 'MY_SND_ID', 'MY_REC_ID')
|
90
89
|
b.run lambda{|env| [404, {}, ['Not Found']]}
|
91
90
|
end.to_app }
|
92
91
|
|
93
|
-
it
|
92
|
+
it 'redirects to /auth/failure with appropriate query params' do
|
94
93
|
expect(last_response.status).to eq(302)
|
95
|
-
expect(last_response.headers[
|
94
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=private_key_load_err&strategy=swedbank')
|
96
95
|
end
|
97
96
|
end
|
98
97
|
end
|
99
98
|
|
100
|
-
context
|
99
|
+
context 'callback phase' do
|
101
100
|
let(:auth_hash){ last_request.env['omniauth.auth'] }
|
102
101
|
|
103
|
-
context
|
102
|
+
context 'with valid response' do
|
104
103
|
before do
|
105
|
-
post
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
104
|
+
post '/auth/swedbank/callback',
|
105
|
+
'VK_SERVICE' => '3003',
|
106
|
+
'VK_VERSION' => '008',
|
107
|
+
'VK_SND_ID' => 'HP',
|
108
|
+
'VK_REC_ID' => 'MY_REC_ID',
|
109
|
+
'VK_NONCE' => 'pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a',
|
110
|
+
'VK_INFO' => 'ISIK:123456-12345;NIMI:Example User',
|
111
|
+
'VK_MAC' => 'cmXyp2My7P9pTgrzqJeg7qH+NPCuyaiGNpQIrcCr6S44w0bH+Ao4WDViqytaPH2vENooVPXDSgOcBqHTg44gJ9FlrhI5StiouHVhjpCcWg+h/ERcyc8w58PjsEmdsd4BIpaGXNyhvcIKdWfNwYA1UCIrmFsPAPWfVeorNxp81E7pvY4p4zsqMF80YZ7/RdOpjrtuXJ4nYJ7d+2fXJKKmUlqArCc786DJdb/z8wVDSNA9BZxnf8EE6s//p9gzqLPAg/T9Xp/2024n2JtC6kwsWF614bn64LEZz5c8owZth6FV+2fjnzHxOiifOe+jc9SRstCLITK6Y0j+6n8auiEZ5g==',
|
112
|
+
'VK_LANG' => 'LAT',
|
113
|
+
'VK_ENCODING' => 'UTF-8'
|
115
114
|
end
|
116
115
|
|
117
|
-
it
|
118
|
-
expect(auth_hash.uid).to eq(
|
116
|
+
it 'sets the correct uid value in the auth hash' do
|
117
|
+
expect(auth_hash.uid).to eq('123456-12345')
|
119
118
|
end
|
120
119
|
|
121
|
-
it
|
122
|
-
expect(auth_hash.info.full_name).to eq(
|
120
|
+
it 'sets the correct info.full_name value in the auth hash' do
|
121
|
+
expect(auth_hash.info.full_name).to eq('Example User')
|
123
122
|
end
|
124
123
|
end
|
125
124
|
|
126
|
-
context
|
125
|
+
context 'with non-existant public key file' do
|
127
126
|
let(:app){ Rack::Builder.new do |b|
|
128
|
-
b.use Rack::Session::Cookie, {:
|
129
|
-
b.use(OmniAuth::Strategies::Swedbank,
|
127
|
+
b.use Rack::Session::Cookie, {secret: 'abc123'}
|
128
|
+
b.use(OmniAuth::Strategies::Swedbank, PRIVATE_KEY, 'missing-public-key-file.pem', 'MY_SND_ID', 'MY_REC_ID')
|
130
129
|
b.run lambda{|env| [404, {}, ['Not Found']]}
|
131
130
|
end.to_app }
|
132
131
|
|
133
|
-
it
|
134
|
-
post
|
132
|
+
it 'redirects to /auth/failure with appropriate query params' do
|
133
|
+
post '/auth/swedbank/callback' # Params are not important, because we're testing public key loading
|
135
134
|
expect(last_response.status).to eq(302)
|
136
|
-
expect(last_response.headers[
|
135
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=public_key_load_err&strategy=swedbank')
|
137
136
|
end
|
138
137
|
end
|
139
138
|
|
140
|
-
context
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
"VK_LANG" => 'LAT'
|
139
|
+
context 'with invalid response' do
|
140
|
+
it 'detects invalid signature' do
|
141
|
+
post '/auth/swedbank/callback',
|
142
|
+
'VK_SERVICE' => '3003',
|
143
|
+
'VK_VERSION' => '008',
|
144
|
+
'VK_SND_ID' => 'HP',
|
145
|
+
'VK_REC_ID' => 'MY_REC_ID',
|
146
|
+
'VK_NONCE' => 'pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a',
|
147
|
+
'VK_INFO' => 'ISIK:123456-12345;NIMI:Example User',
|
148
|
+
'VK_MAC' => 'invalid signature',
|
149
|
+
'VK_LANG' => 'LAT',
|
150
|
+
'VK_ENCODING' => 'UTF-8'
|
153
151
|
|
154
152
|
expect(last_response.status).to eq(302)
|
155
|
-
expect(last_response.headers[
|
153
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=invalid_response_signature_err&strategy=swedbank')
|
156
154
|
end
|
157
155
|
|
158
|
-
it
|
159
|
-
post
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
156
|
+
it 'detects unsupported VK_SERVICE values' do
|
157
|
+
post '/auth/swedbank/callback',
|
158
|
+
'VK_SERVICE' => '3004',
|
159
|
+
'VK_VERSION' => '008',
|
160
|
+
'VK_SND_ID' => 'HP',
|
161
|
+
'VK_REC_ID' => 'MY_REC_ID',
|
162
|
+
'VK_NONCE' => 'pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a',
|
163
|
+
'VK_INFO' => 'ISIK:123456-12345;NIMI:Example User',
|
164
|
+
'VK_MAC' => 'cmXyp2My7P9pTgrzqJeg7qH+NPCuyaiGNpQIrcCr6S44w0bH+Ao4WDViqytaPH2vENooVPXDSgOcBqHTg44gJ9FlrhI5StiouHVhjpCcWg+h/ERcyc8w58PjsEmdsd4BIpaGXNyhvcIKdWfNwYA1UCIrmFsPAPWfVeorNxp81E7pvY4p4zsqMF80YZ7/RdOpjrtuXJ4nYJ7d+2fXJKKmUlqArCc786DJdb/z8wVDSNA9BZxnf8EE6s//p9gzqLPAg/T9Xp/2024n2JtC6kwsWF614bn64LEZz5c8owZth6FV+2fjnzHxOiifOe+jc9SRstCLITK6Y0j+6n8auiEZ5g==',
|
165
|
+
'VK_LANG' => 'LAT',
|
166
|
+
'VK_ENCODING' => 'UTF-8'
|
169
167
|
|
170
168
|
expect(last_response.status).to eq(302)
|
171
|
-
expect(last_response.headers[
|
169
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_service_err&strategy=swedbank')
|
172
170
|
end
|
173
171
|
|
174
|
-
it
|
175
|
-
post
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
172
|
+
it 'detects unsupported VK_VERSION values' do
|
173
|
+
post '/auth/swedbank/callback',
|
174
|
+
'VK_SERVICE' => '3003',
|
175
|
+
'VK_VERSION' => '009',
|
176
|
+
'VK_SND_ID' => 'HP',
|
177
|
+
'VK_REC_ID' => 'MY_REC_ID',
|
178
|
+
'VK_NONCE' => 'pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a',
|
179
|
+
'VK_INFO' => 'ISIK:123456-12345;NIMI:Example User',
|
180
|
+
'VK_MAC' => 'cmXyp2My7P9pTgrzqJeg7qH+NPCuyaiGNpQIrcCr6S44w0bH+Ao4WDViqytaPH2vENooVPXDSgOcBqHTg44gJ9FlrhI5StiouHVhjpCcWg+h/ERcyc8w58PjsEmdsd4BIpaGXNyhvcIKdWfNwYA1UCIrmFsPAPWfVeorNxp81E7pvY4p4zsqMF80YZ7/RdOpjrtuXJ4nYJ7d+2fXJKKmUlqArCc786DJdb/z8wVDSNA9BZxnf8EE6s//p9gzqLPAg/T9Xp/2024n2JtC6kwsWF614bn64LEZz5c8owZth6FV+2fjnzHxOiifOe+jc9SRstCLITK6Y0j+6n8auiEZ5g==',
|
181
|
+
'VK_LANG' => 'LAT',
|
182
|
+
'VK_ENCODING' => 'UTF-8'
|
185
183
|
|
186
184
|
expect(last_response.status).to eq(302)
|
187
|
-
expect(last_response.headers[
|
185
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_version_err&strategy=swedbank')
|
188
186
|
end
|
189
187
|
|
190
|
-
it
|
191
|
-
post
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
188
|
+
it 'detects unsupported VK_ENCODING values' do
|
189
|
+
post '/auth/swedbank/callback',
|
190
|
+
'VK_SERVICE' => '3003',
|
191
|
+
'VK_VERSION' => '008',
|
192
|
+
'VK_SND_ID' => 'HP',
|
193
|
+
'VK_REC_ID' => 'MY_REC_ID',
|
194
|
+
'VK_NONCE' => 'pXXXlocalhostX3000b41292810c0345a7b3770b1c807bed7a',
|
195
|
+
'VK_INFO' => 'ISIK:123456-12345;NIMI:Example User',
|
196
|
+
'VK_MAC' => 'cmXyp2My7P9pTgrzqJeg7qH+NPCuyaiGNpQIrcCr6S44w0bH+Ao4WDViqytaPH2vENooVPXDSgOcBqHTg44gJ9FlrhI5StiouHVhjpCcWg+h/ERcyc8w58PjsEmdsd4BIpaGXNyhvcIKdWfNwYA1UCIrmFsPAPWfVeorNxp81E7pvY4p4zsqMF80YZ7/RdOpjrtuXJ4nYJ7d+2fXJKKmUlqArCc786DJdb/z8wVDSNA9BZxnf8EE6s//p9gzqLPAg/T9Xp/2024n2JtC6kwsWF614bn64LEZz5c8owZth6FV+2fjnzHxOiifOe+jc9SRstCLITK6Y0j+6n8auiEZ5g==',
|
197
|
+
'VK_LANG' => 'LAT',
|
198
|
+
'VK_ENCODING' => 'ASCII'
|
201
199
|
|
202
200
|
expect(last_response.status).to eq(302)
|
203
|
-
expect(last_response.headers[
|
201
|
+
expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_encoding_err&strategy=swedbank')
|
204
202
|
end
|
205
|
-
|
206
203
|
end
|
207
204
|
end
|
208
|
-
end
|
205
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -7,7 +7,7 @@ require 'omniauth-swedbank'
|
|
7
7
|
|
8
8
|
RSpec.configure do |config|
|
9
9
|
config.add_setting('cert_folder')
|
10
|
-
config.cert_folder = File.expand_path('
|
10
|
+
config.cert_folder = File.expand_path('../certs', __FILE__)
|
11
11
|
|
12
12
|
config.include Rack::Test::Methods
|
13
13
|
config.extend OmniAuth::Test::StrategyMacros, :type => :strategy
|
@@ -16,4 +16,4 @@ RSpec.configure do |config|
|
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
|
-
I18n.enforce_available_locales = false
|
19
|
+
I18n.enforce_available_locales = false
|
metadata
CHANGED
@@ -1,129 +1,116 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-swedbank
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
5
|
-
prerelease:
|
4
|
+
version: 0.1.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
7
|
+
- MAK IT
|
8
8
|
- Jānis Kiršteins
|
9
9
|
- Kristaps Ērglis
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2019-02-14 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: omniauth
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
18
|
-
none: false
|
19
18
|
requirements:
|
20
|
-
- - ~>
|
19
|
+
- - "~>"
|
21
20
|
- !ruby/object:Gem::Version
|
22
21
|
version: '1.0'
|
23
22
|
type: :runtime
|
24
23
|
prerelease: false
|
25
24
|
version_requirements: !ruby/object:Gem::Requirement
|
26
|
-
none: false
|
27
25
|
requirements:
|
28
|
-
- - ~>
|
26
|
+
- - "~>"
|
29
27
|
- !ruby/object:Gem::Version
|
30
28
|
version: '1.0'
|
31
29
|
- !ruby/object:Gem::Dependency
|
32
30
|
name: i18n
|
33
31
|
requirement: !ruby/object:Gem::Requirement
|
34
|
-
none: false
|
35
32
|
requirements:
|
36
|
-
- -
|
33
|
+
- - ">="
|
37
34
|
- !ruby/object:Gem::Version
|
38
35
|
version: '0'
|
39
36
|
type: :runtime
|
40
37
|
prerelease: false
|
41
38
|
version_requirements: !ruby/object:Gem::Requirement
|
42
|
-
none: false
|
43
39
|
requirements:
|
44
|
-
- -
|
40
|
+
- - ">="
|
45
41
|
- !ruby/object:Gem::Version
|
46
42
|
version: '0'
|
47
43
|
- !ruby/object:Gem::Dependency
|
48
44
|
name: rack-test
|
49
45
|
requirement: !ruby/object:Gem::Requirement
|
50
|
-
none: false
|
51
46
|
requirements:
|
52
|
-
- -
|
47
|
+
- - ">="
|
53
48
|
- !ruby/object:Gem::Version
|
54
49
|
version: '0'
|
55
50
|
type: :development
|
56
51
|
prerelease: false
|
57
52
|
version_requirements: !ruby/object:Gem::Requirement
|
58
|
-
none: false
|
59
53
|
requirements:
|
60
|
-
- -
|
54
|
+
- - ">="
|
61
55
|
- !ruby/object:Gem::Version
|
62
56
|
version: '0'
|
63
57
|
- !ruby/object:Gem::Dependency
|
64
58
|
name: rspec
|
65
59
|
requirement: !ruby/object:Gem::Requirement
|
66
|
-
none: false
|
67
60
|
requirements:
|
68
|
-
- - ~>
|
61
|
+
- - "~>"
|
69
62
|
- !ruby/object:Gem::Version
|
70
63
|
version: '2.7'
|
71
64
|
type: :development
|
72
65
|
prerelease: false
|
73
66
|
version_requirements: !ruby/object:Gem::Requirement
|
74
|
-
none: false
|
75
67
|
requirements:
|
76
|
-
- - ~>
|
68
|
+
- - "~>"
|
77
69
|
- !ruby/object:Gem::Version
|
78
70
|
version: '2.7'
|
79
71
|
- !ruby/object:Gem::Dependency
|
80
72
|
name: bundler
|
81
73
|
requirement: !ruby/object:Gem::Requirement
|
82
|
-
none: false
|
83
74
|
requirements:
|
84
|
-
- - ~>
|
75
|
+
- - "~>"
|
85
76
|
- !ruby/object:Gem::Version
|
86
77
|
version: '1.3'
|
87
78
|
type: :development
|
88
79
|
prerelease: false
|
89
80
|
version_requirements: !ruby/object:Gem::Requirement
|
90
|
-
none: false
|
91
81
|
requirements:
|
92
|
-
- - ~>
|
82
|
+
- - "~>"
|
93
83
|
- !ruby/object:Gem::Version
|
94
84
|
version: '1.3'
|
95
85
|
- !ruby/object:Gem::Dependency
|
96
86
|
name: rake
|
97
87
|
requirement: !ruby/object:Gem::Requirement
|
98
|
-
none: false
|
99
88
|
requirements:
|
100
|
-
- -
|
89
|
+
- - ">="
|
101
90
|
- !ruby/object:Gem::Version
|
102
91
|
version: '0'
|
103
92
|
type: :development
|
104
93
|
prerelease: false
|
105
94
|
version_requirements: !ruby/object:Gem::Requirement
|
106
|
-
none: false
|
107
95
|
requirements:
|
108
|
-
- -
|
96
|
+
- - ">="
|
109
97
|
- !ruby/object:Gem::Version
|
110
98
|
version: '0'
|
111
99
|
description: OmniAuth strategy for Swedbank Banklink
|
112
100
|
email:
|
101
|
+
- admin@makit.lv
|
113
102
|
- janis@montadigital.com
|
114
103
|
- kristaps.erglis@gmail.com
|
115
104
|
executables: []
|
116
105
|
extensions: []
|
117
106
|
extra_rdoc_files: []
|
118
107
|
files:
|
119
|
-
- .gitignore
|
120
|
-
- .travis.yml
|
108
|
+
- ".gitignore"
|
109
|
+
- ".travis.yml"
|
121
110
|
- Gemfile
|
122
111
|
- LICENSE.txt
|
123
112
|
- README.md
|
124
113
|
- Rakefile
|
125
|
-
- certs/request.private.pem
|
126
|
-
- certs/response.public.pem
|
127
114
|
- lib/omniauth-swedbank.rb
|
128
115
|
- lib/omniauth/locales/omniauth.en.yml
|
129
116
|
- lib/omniauth/locales/omniauth.lv.yml
|
@@ -131,39 +118,36 @@ files:
|
|
131
118
|
- lib/omniauth/swedbank.rb
|
132
119
|
- lib/omniauth/swedbank/version.rb
|
133
120
|
- omniauth-swedbank.gemspec
|
121
|
+
- spec/certs/request.private.pem
|
122
|
+
- spec/certs/response.public.pem
|
134
123
|
- spec/omniauth/strategies/swedbank_spec.rb
|
135
124
|
- spec/spec_helper.rb
|
136
|
-
homepage:
|
125
|
+
homepage: https://github.com/mak-it/omniauth-swedbank
|
137
126
|
licenses:
|
138
127
|
- MIT
|
128
|
+
metadata: {}
|
139
129
|
post_install_message:
|
140
130
|
rdoc_options: []
|
141
131
|
require_paths:
|
142
132
|
- lib
|
143
133
|
required_ruby_version: !ruby/object:Gem::Requirement
|
144
|
-
none: false
|
145
134
|
requirements:
|
146
|
-
- -
|
135
|
+
- - ">="
|
147
136
|
- !ruby/object:Gem::Version
|
148
|
-
version:
|
149
|
-
segments:
|
150
|
-
- 0
|
151
|
-
hash: -3620822024821045063
|
137
|
+
version: 2.2.2
|
152
138
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
153
|
-
none: false
|
154
139
|
requirements:
|
155
|
-
- -
|
140
|
+
- - ">="
|
156
141
|
- !ruby/object:Gem::Version
|
157
142
|
version: '0'
|
158
|
-
segments:
|
159
|
-
- 0
|
160
|
-
hash: -3620822024821045063
|
161
143
|
requirements: []
|
162
144
|
rubyforge_project:
|
163
|
-
rubygems_version:
|
145
|
+
rubygems_version: 2.4.8
|
164
146
|
signing_key:
|
165
|
-
specification_version:
|
147
|
+
specification_version: 4
|
166
148
|
summary: OmniAuth strategy for Swedbank Banklink
|
167
149
|
test_files:
|
150
|
+
- spec/certs/request.private.pem
|
151
|
+
- spec/certs/response.public.pem
|
168
152
|
- spec/omniauth/strategies/swedbank_spec.rb
|
169
153
|
- spec/spec_helper.rb
|