RubyGems - onelogin - Versions diffs - 1.3.1 → 1.6.0 - Mend

onelogin 1.3.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

data/examples/rails-custom-login-page/app/controllers/sessions_controller.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class SessionsController < ApplicationController
   def new
     response = log_in(params['username'], params['password'])
-    status = response ? :ok : :unauthorized
+    status = response[:error] ? :unauthorized : :ok
     render json: response, status: status
   end
@@ -17,7 +17,7 @@ class SessionsController < ApplicationController
   # available to verify token before
   # password reset is completed
   def forgot_password
-    user = validate_user(params['username'])
+    user = validate_user(params['forgot_username'])
     devices = get_mfa_devices(user.id)
@@ -28,9 +28,9 @@ class SessionsController < ApplicationController
   # Verify MFA token and then update password
   def reset_password
-    if verify_token(params['device_id'], params['otp_token'])
+    if verify_token(params['reset_device_id'], params['reset_otp_token'])
       status = :ok
-      response = set_password(session[:user_id], params['password'])
+      response = set_password(session[:user_id], params['new_password'])
     else
       status = :unauthorized
       response = 'Invalid token'

data/examples/rails-custom-login-page/app/controllers/users_controller.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
-  before_action :require_current_user
+  before_action :require_current_user, except: [:new, :create, :onboard, :activate]
   before_action :set_user, only: [:show, :edit, :update, :destroy]
   # GET /users
@@ -16,7 +16,6 @@ class UsersController < ApplicationController
   # GET /users/new
   def new
-    @user = User.new
   end
   # GET /users/1/edit
@@ -26,17 +25,52 @@ class UsersController < ApplicationController
   # POST /users
   # POST /users.json
   def create
-    @user = User.new(user_params)
+    # Create a user
+    user = api_client.create_user(user_params)
+    # Update custom attributes
+    api_client.set_custom_attribute_to_user(user.id, custom_user_params)
+    # Set status to unactivated
+    api_client.update_user(user.id, status: 0)
-    respond_to do |format|
-      if @user.save
-        format.html { redirect_to @user, notice: 'User was successfully created.' }
-        format.json { render :show, status: :created, location: @user }
-      else
-        format.html { render :new }
-        format.json { render json: @user.errors, status: :unprocessable_entity }
-      end
+    if api_client.error
+      puts api_client.error_description
+    end
+    redirect_to onboard_path, notice: 'User has been created with status set to unactivated'
+  end
+  # GET /onboard
+  def onboard
+  end
+  # POST /activate
+  def activate
+    # Search for a user with this email address
+    @user = api_client.get_users(email: user_params[:email]).first
+    unless @user && verify_dob && verify_ssn
+      return redirect_to onboard_path, notice: "User #{user_params[:email]} was not verified"
+    end
+    # Update password
+    unless api_client.set_password_using_clear_text(@user.id, user_params[:password], user_params[:password])
+      return redirect_to onboard_path, notice: "Password update failed. #{api_client.error_description}"
     end
+    # Activate user
+    api_client.update_user(@user.id, status: 1)
+    # Redirect to login page
+    redirect_to home_index_path
+  end
+  # Verify dob and ssn match
+  def verify_ssn
+    @user.custom_attributes["custom_ssn"].eql? (custom_user_params[:custom_ssn])
+  end
+  def verify_dob
+    @user.custom_attributes["custom_dob"].eql? (custom_user_params[:custom_dob])
   end
   # PATCH/PUT /users/1
@@ -70,17 +104,17 @@ class UsersController < ApplicationController
   end
   private
-    # Use callbacks to share common setup or constraints between actions.
     def set_user
       @user = api_client.get_user(params[:id])
     end
     # Never trust parameters from the scary internet, only allow the white list through.
     def user_params
-      params.permit(:firstname, :lastname, :email, :phone, :custom_field)
+      params.permit(:firstname, :lastname, :email, :phone, :username, :password)
     end
     def custom_user_params
-      params.permit(:custom_field)
+      params.permit(:custom_field, :custom_dob, :custom_ssn)
     end
 end

data/examples/rails-custom-login-page/app/helpers/sessions_helper.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module SessionsHelper
       },
       request.base_url # included for CORS session cookie request
     )
-    return nil unless response
+    return { error: api_client.error_description } unless response
     if response.is_a? OneLogin::Api::Models::SessionTokenMFAInfo
       session[:state_token] = response.state_token

data/examples/rails-custom-login-page/app/helpers/users_helper.rb CHANGED Viewed

@@ -1,2 +1,3 @@
 module UsersHelper
 end

data/examples/rails-custom-login-page/app/views/dashboard/index.html.erb CHANGED Viewed

@@ -14,8 +14,9 @@
     <div class="col-sm">
       <h2>Apps</h2>
       <ul class="list-group">
+      <% url_base = CUSTOM_DOMAIN || ONELOGIN_SUBDOMAIN + ".onelogin.com" %>
       <%@apps.each do |app|%>
-        <li class="list-group-item"><a href="https://<%= ONELOGIN_SUBDOMAIN %>.onelogin.com/launch/<%= app.id %>"><%= app.name %></a></li>
+        <li class="list-group-item"><a target="_blank" href="https://<%= url_base %>/launch/<%= app.id %>"><%= app.name %></a></li>
       <%end%>
       </ul>
     </div>
@@ -40,11 +41,3 @@
     </div>
   </div>
 </div>

data/examples/rails-custom-login-page/app/views/home/index.html.erb CHANGED Viewed

@@ -11,6 +11,15 @@
       <div class="alert alert-danger message" role="alert">
       </div>
+      <% url_base = CUSTOM_DOMAIN || ONELOGIN_SUBDOMAIN + ".onelogin.com" %>
+      <% url_create_session = "https://" + url_base + "/session_via_api_token" %>
+      <form action="<%= url_create_session %>" method="post" class="cookie-session-post-form">
+        <input type="hidden" id="cookie_session_token" name="session_token" value="">
+        <input id="auth_token" type="hidden">
+        <button type="submit">Creating Session ...</button>
+      </form>
       <%= form_tag("/login", method: "post", class: 'login-form') do %>
         <div class="form-group">
           <label for="username">Username</label>
@@ -20,7 +29,9 @@
           <label for="password">Password</label>
           <%= password_field_tag :password, nil, placeholder: 'Enter Password', class: 'form-control' %>
         </div>
-        <button type="submit" class="btn btn-primary">Login</button> or <a href="#" class="forgot">Forgot Password</a>
+        <button type="submit" class="btn btn-primary">Login</button>
+        <hr/>
+        <a href="#" class="forgot">Forgot Password</a> | <a href="/signup">Sign Up</a>
       <% end %>
       <%= form_tag("/verify_mfa", method: "post", class: 'mfa-form') do %>
@@ -37,28 +48,30 @@
       <%= form_tag("/forgot_password", method: "post", class: 'forgot-password-form') do %>
         <div class="form-group">
-          <label for="username">Username</label>
-          <%= text_field_tag :username, nil, placeholder: 'Enter Username', class: 'form-control' %>
+          <label for="forgot_username">Username</label>
+          <%= text_field_tag :forgot_username, nil, placeholder: 'Enter Username', class: 'form-control' %>
         </div>
         <button type="submit" class="btn btn-primary">Reset Password</button> or <a href="/">Login</a>
       <% end %>
       <%= form_tag("/reset_password", method: "post", class: 'reset-password-form') do %>
         <div class="form-group">
-          <label for="device_id">MFA Device</label>
-          <%= select_tag :device_id, nil, {:class => 'form-control'} %>
+          <label for="reset_device_id">MFA Device</label>
+          <%= select_tag :reset_device_id, nil, {:class => 'form-control'} %>
         </div>
         <div class="form-group">
-          <label for="otp_token">Token</label>
-          <%= text_field_tag :otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
+          <label for="reset_otp_token">Token</label>
+          <%= text_field_tag :reset_otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
         </div>
         <div class="form-group">
-          <label for="password">New Password</label>
-          <%= password_field_tag :password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
+          <label for="new_password">New Password</label>
+          <%= password_field_tag :new_password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
         </div>
         <button type="submit" class="btn btn-primary">Save Password</button>
       <% end %>
+      <form method="POST" action="" id="sp"></form>
     </div>
     <div class="col-sm">
     </div>
@@ -70,19 +83,42 @@
 <script type="text/javascript">
-  var ONELOGIN_SUBDOMAIN = "<%= ONELOGIN_SUBDOMAIN %>"
+  var ONELOGIN_SUBDOMAIN = "<%= ONELOGIN_SUBDOMAIN %>";
+  var CUSTOM_DOMAIN = "<%= CUSTOM_DOMAIN %>";
+  var COOKIE_VIA_POST_FORM = <%= COOKIE_VIA_POST_FORM || false %>;
   function makeCors(session_token) {
     var xhr = new XMLHttpRequest();
     xhr.withCredentials = true;
     method = "POST";
-    var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
+    if (CUSTOM_DOMAIN) {
+      var url = "https://" + CUSTOM_DOMAIN + "/session_via_api_token";
+    } else {
+      var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
+    }
     xhr.open(method, url, true);
     xhr.setRequestHeader("Content-Type", "application/json");
     body = {"session_token": session_token};
+    xhr.onreadystatechange = function () {
+      if(xhr.readyState === 4 && xhr.status === 200) {
+        if(getUrlParameter("origin")){
+          // If there is an origin SP then redirect to it
+          redirectToSP()
+        } else{
+          // Otherwise redirect to the main dashboard
+          window.location.href = '/dashboard';
+        }
+      }
+    };
     xhr.send(JSON.stringify(body));
   };
+  function sendPostForm(session_token){
+    $(".cookie-session-post-form").show();
+    $("#cookie_session_token").val(session_token);
+    $(".cookie-session-post-form").submit();
+  }
   function showAlert(type, message){
     $(".message").removeClass("alert-danger").removeClass("alert-success");
     $(".message").addClass("alert-" + type).text(message).show();
@@ -92,9 +128,32 @@
     $(".message").hide();
   }
+  function getUrlParameter(sParam) {
+      var sPageURL = window.location.search.substring(1),
+          sURLVariables = sPageURL.split('&'),
+          sParameterName,
+          i;
+      for (i = 0; i < sURLVariables.length; i++) {
+          sParameterName = sURLVariables[i].split('=');
+          if (sParameterName[0] === sParam) {
+              return sParameterName[1] === undefined ? true : decodeURIComponent(sParameterName[1]);
+          }
+      }
+  };
+  function redirectToSP() {
+    var origin = getUrlParameter("origin");
+    var samlRequest = getUrlParameter("SAMLRequest");
+    var url = origin + "&SAMLRequest=" + samlRequest;
+    $("#sp").attr("action", url).submit();
+  }
   $(function(){
     hideAlert();
     $(".login-form").show();
+    $(".cookie-session-post-form").hide();
     $(".mfa-form").hide();
     $(".forgot-password-form").hide();
     $(".reset-password-form").hide();
@@ -122,14 +181,18 @@
             $(".login-form").hide();
             $(".mfa-form").show();
-          }else{
-            makeCors(res.session_token);
-            window.location.href = '/dashboard';
+          } else {
+            if (typeof COOKIE_VIA_POST_FORM === 'boolean' && COOKIE_VIA_POST_FORM === true) {
+              sendPostForm(res.session_token);
+            } else {
+              makeCors(res.session_token);
+            }
           }
         },
         error: function(xhr, status, err) {
           console.log(err);
-          showAlert('danger','Login Failed');
+          console.log(xhr);
+          showAlert('danger', xhr.responseJSON.error);
           $(".login-form input[type=submit]").removeAttr("disabled");
         },
       });
@@ -144,8 +207,11 @@
         success: function(res, status, xhr) {
           console.log(res);
-          makeCors(res.session_token);
-          window.location.href = '/dashboard';
+          if (typeof COOKIE_VIA_POST_FORM === 'boolean' && COOKIE_VIA_POST_FORM === true) {
+            sendPostForm(res.session_token);
+          } else {
+            makeCors(res.session_token);
+          }
         },
         error: function(xhr, status, err) {
           console.log(err);
@@ -203,4 +269,4 @@
       event.preventDefault();
     });
   })
-</script>
+</script>

data/examples/rails-custom-login-page/app/views/layouts/application.html.erb CHANGED Viewed

@@ -10,8 +10,20 @@
   </head>
   <body>
+    <nav class="navbar navbar-expand-lg navbar-dark bg-primary">
+      <a class="navbar-brand" href="#">OneLogin Ruby SDK Sample</a>
+      <div class="collapse navbar-collapse" id="navbarNavAltMarkup">
+        <div class="navbar-nav">
+          <a class="nav-item nav-link active" href="/">Login</a>
+          <a class="nav-item nav-link" href="/signup">Sign Up</a>
+          <a class="nav-item nav-link" href="/onboard">Onboard</a>
+        </div>
+      </div>
+    </nav>
     <% flash.each do |key, value| %>
-      <div class="alert alert-<%= key %>"><%= value %></div>
+      <div class="alert alert-warning"><%= value %></div>
     <% end %>
     <%= yield %>

data/examples/rails-custom-login-page/app/views/users/edit.html.erb CHANGED Viewed

@@ -1,27 +1,33 @@
-<h1>Editing User</h1>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+      <p><%= link_to 'Back', users_path %></p>
-<%= form_tag update_user_path, method: "patch", class: "edit" do %>
+      <h2>Edit User</h2>
-  <div>
-    First Name: <input type="text" name="firstname" value="<%= @user.firstname%>">
+      <%= form_tag update_user_path, method: "patch", class: "edit" do %>
+        <div class="form-group">
+          <label for="firstname">First Name</label>
+          <input type="text" name="firstname" value="<%= @user.firstname%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="lastname">Last Name</label>
+          <input type="text" name="lastname" value="<%= @user.lastname%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <input type="text" name="email" value="<%= @user.email%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="email">Phone</label>
+          <input type="text" name="phone" value="<%= @user.phone%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="email">Custom Field</label>
+          <input type="text" name="custom_field" value="<%= @user.custom_attributes['custom_field'] if @user.custom_attributes.present? %>" class="form-control">
+        </div>
+        <button type="submit" class="btn btn-primary">Save</button>
+      <% end %>
+    </div>
   </div>
-  <div>
-    Last Name: <input type="text" name="lastname" value="<%= @user.lastname%>">
-  </div>
-  <div>
-    Email: <input type="text" name="email" value="<%= @user.email%>">
-  </div>
-  <div>
-    Phone: <input type="text" name="phone" value="<%= @user.phone%>">
-  </div>
-  </div>
-  <div>
-    Custom Field: <input type="text" name="custom_field" value="<%= @user.custom_attributes['custom_field']%>">
-  </div>
-  <div class="actions">
-    <%= submit_tag %>
-  </div>
-<% end %>
-<%= link_to 'Back', users_path %>
+</div>

data/examples/rails-custom-login-page/app/views/users/index.html.erb CHANGED Viewed

@@ -1,30 +1,33 @@
 <p id="notice"><%= notice %></p>
-<h1>Users</h1>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+      <h2>Users</h2>
+      <table class="table">
+        <thead>
+          <tr>
+            <th scope="col">Name</th>
+            <th scope="col">Email</th>
+            <th scope="col">Phone</th>
+            <th scope="col">Custom Field</th>
+            <th  scope="col" colspan="2"></th>
+          </tr>
+        </thead>
-<table class="table">
-  <thead>
-    <tr>
-      <th scope="col">Name</th>
-      <th scope="col">Email</th>
-      <th scope="col">Phone</th>
-      <th scope="col">Custom Field</th>
-      <th  scope="col" colspan="2"></th>
-    </tr>
-  </thead>
-  <tbody>
-    <% @users.each do |user| %>
-      <tr>
-        <td  scope="row"><%= user.firstname %> <%= user.lastname %></td>
-        <td><%= user.email %></td>
-        <td><%= user.phone %></td>
-        <td><%= user.custom_attributes["custom_field"] if user.custom_attributes.is_a?(Hash) %></td>
-        <td><%= link_to 'Show', user_path(user.id) %></td>
-        <td><%= link_to 'Edit', edit_user_path(user.id) %></td>
-      </tr>
-    <% end %>
-  </tbody>
-</table>
-<br>
+        <tbody>
+          <% @users.each do |user| %>
+            <tr>
+              <td  scope="row"><%= user.firstname %> <%= user.lastname %></td>
+              <td><%= user.email %></td>
+              <td><%= user.phone %></td>
+              <td><%= user.custom_attributes["custom_field"] if user.custom_attributes.is_a?(Hash) %></td>
+              <td><%= link_to 'Show', user_path(user.id) %></td>
+              <td><%= link_to 'Edit', edit_user_path(user.id) %></td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</div>

data/examples/rails-custom-login-page/app/views/users/new.html.erb CHANGED Viewed

@@ -1,5 +1,60 @@
-<h1>New User</h1>
+<div class="jumbotron">
+  <p>This is a simple demo of how to sign up a new user and then make them activate their account</p>
+</div>
-<%= render 'form', user: @user %>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+    </div>
+    <div class="col-sm">
-<%= link_to 'Back', users_path %>
+      <div class="alert alert-danger message" role="alert">
+      </div>
+      <%= form_tag("/users", method: "post", class: 'signup-form') do %>
+        <div class="form-group">
+          <label for="firstname">First Name</label>
+          <%= text_field_tag :firstname, nil, placeholder: 'First Name', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="lastname">Last Name</label>
+          <%= text_field_tag :lastname, nil, placeholder: 'Last Name', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <%= text_field_tag :email, nil, placeholder: 'Email Address', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_dob">Date of Birth</label>
+          <%= text_field_tag :custom_dob, nil, placeholder: 'mm/dd/yyyy', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_ssn">Last 4 of SSN</label>
+          <%= text_field_tag :custom_ssn, nil, placeholder: 'Last 4 of SSN', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Sign Up</button>
+        <hr/>
+        <a href="/">Login</a>
+      <% end %>
+    </div>
+    <div class="col-sm">
+    </div>
+  </div>
+</div>
+<script type="text/javascript">
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+  $(function(){
+    hideAlert();
+  })
+</script>

data/examples/rails-custom-login-page/app/views/users/onboard.html.erb ADDED Viewed

@@ -0,0 +1,54 @@
+<div class="jumbotron">
+  <p>This shows how an unactivated user could supply infomation to complete a sign up flow</p>
+</div>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+    </div>
+    <div class="col-sm">
+      <div class="alert alert-danger message" role="alert">
+      </div>
+      <%= form_tag("/activate", method: "post", class: 'signup-form') do %>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <%= text_field_tag :email, nil, placeholder: 'Email Address', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_dob">Date of Birth</label>
+          <%= text_field_tag :custom_dob, nil, placeholder: 'mm/dd/yyyy', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_ssn">Last 4 of SSN</label>
+          <%= text_field_tag :custom_ssn, nil, placeholder: 'Last 4 of SSN', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="password">Password</label>
+          <%= password_field_tag :password, nil, placeholder: 'Make up a password', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Activate Account</button>
+      <% end %>
+    </div>
+    <div class="col-sm">
+    </div>
+  </div>
+</div>
+<script type="text/javascript">
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+  $(function(){
+    hideAlert();
+  })
+</script>

data/examples/rails-custom-login-page/app/views/users/show.html.erb CHANGED Viewed

@@ -1,14 +1,17 @@
-<p id="notice"><%= notice %></p>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+      <%= link_to 'Edit', edit_user_path(@user.id) %> |
+      <%= link_to 'Back', users_path %>
-<%= link_to 'Edit', edit_user_path(@user.id) %> |
-<%= link_to 'Back', users_path %>
-<h2>Profile</h2>
-<ul class="list-group">
-<%@user.instance_values.symbolize_keys.each do |k, v|%>
-  <li class="list-group-item">
-    <b><%= k%>:</b> <%= v%>
-  </li>
-<%end%>
-</ul>
+      <h2><%= @user.firstname %> <%= @user.lastname %></h2>
+      <ul class="list-group">
+      <%@user.instance_values.symbolize_keys.each do |k, v|%>
+        <li class="list-group-item">
+          <b><%= k%>:</b> <%= v%>
+        </li>
+      <%end%>
+      </ul>
+    </div>
+  </div>
+</div>

data/examples/rails-custom-login-page/config/initializers/onelogin.rb CHANGED Viewed

@@ -1,4 +1,6 @@
 ONELOGIN_CLIENT_ID = Rails.application.secrets.ONELOGIN_CLIENT_ID
 ONELOGIN_CLIENT_SECRET = Rails.application.secrets.ONELOGIN_CLIENT_SECRET
 ONELOGIN_REGION = Rails.application.secrets.ONELOGIN_REGION
-ONELOGIN_SUBDOMAIN = Rails.application.secrets.ONELOGIN_SUBDOMAIN
+ONELOGIN_SUBDOMAIN = Rails.application.secrets.ONELOGIN_SUBDOMAIN
+CUSTOM_DOMAIN = Rails.application.secrets.CUSTOM_DOMAIN
+COOKIE_VIA_POST_FORM = Rails.application.secrets.COOKIE_VIA_POST_FORM