onelogin 1.3.1 → 1.6.0

data/examples/rails-custom-login-page/app/controllers/sessions_controller.rb

@@ -1,7 +1,7 @@
 class SessionsController < ApplicationController
   def new
     response = log_in(params['username'], params['password'])
-    status = response ? :ok : :unauthorized
+    status = response[:error] ? :unauthorized : :ok
 
     render json: response, status: status
   end
@@ -17,7 +17,7 @@ class SessionsController < ApplicationController
   # available to verify token before
   # password reset is completed
   def forgot_password
-    user = validate_user(params['username'])
+    user = validate_user(params['forgot_username'])
 
     devices = get_mfa_devices(user.id)
 
@@ -28,9 +28,9 @@ class SessionsController < ApplicationController
 
   # Verify MFA token and then update password
   def reset_password
-    if verify_token(params['device_id'], params['otp_token'])
+    if verify_token(params['reset_device_id'], params['reset_otp_token'])
       status = :ok
-      response = set_password(session[:user_id], params['password'])
+      response = set_password(session[:user_id], params['new_password'])
     else
       status = :unauthorized
       response = 'Invalid token'

data/examples/rails-custom-login-page/app/controllers/users_controller.rb

@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
 
-  before_action :require_current_user
+  before_action :require_current_user, except: [:new, :create, :onboard, :activate]
   before_action :set_user, only: [:show, :edit, :update, :destroy]
 
   # GET /users
@@ -16,7 +16,6 @@ class UsersController < ApplicationController
 
   # GET /users/new
   def new
-    @user = User.new
   end
 
   # GET /users/1/edit
@@ -26,17 +25,52 @@ class UsersController < ApplicationController
   # POST /users
   # POST /users.json
   def create
-    @user = User.new(user_params)
+    # Create a user
+    user = api_client.create_user(user_params)
+    # Update custom attributes
+    api_client.set_custom_attribute_to_user(user.id, custom_user_params)
+    # Set status to unactivated
+    api_client.update_user(user.id, status: 0)
 
-    respond_to do |format|
-      if @user.save
-        format.html { redirect_to @user, notice: 'User was successfully created.' }
-        format.json { render :show, status: :created, location: @user }
-      else
-        format.html { render :new }
-        format.json { render json: @user.errors, status: :unprocessable_entity }
-      end
+    if api_client.error
+      puts api_client.error_description
+    end
+
+    redirect_to onboard_path, notice: 'User has been created with status set to unactivated'
+  end
+
+  # GET /onboard
+  def onboard
+  end
+
+  # POST /activate
+  def activate
+    # Search for a user with this email address
+    @user = api_client.get_users(email: user_params[:email]).first
+
+    unless @user && verify_dob && verify_ssn
+      return redirect_to onboard_path, notice: "User #{user_params[:email]} was not verified"
+    end
+
+    # Update password
+    unless api_client.set_password_using_clear_text(@user.id, user_params[:password], user_params[:password])
+      return redirect_to onboard_path, notice: "Password update failed. #{api_client.error_description}"
     end
+
+    # Activate user
+    api_client.update_user(@user.id, status: 1)
+
+    # Redirect to login page
+    redirect_to home_index_path
+  end
+
+  # Verify dob and ssn match
+  def verify_ssn
+    @user.custom_attributes["custom_ssn"].eql? (custom_user_params[:custom_ssn])
+  end
+
+  def verify_dob
+    @user.custom_attributes["custom_dob"].eql? (custom_user_params[:custom_dob])
   end
 
   # PATCH/PUT /users/1
@@ -70,17 +104,17 @@ class UsersController < ApplicationController
   end
 
   private
-    # Use callbacks to share common setup or constraints between actions.
+
     def set_user
       @user = api_client.get_user(params[:id])
     end
 
     # Never trust parameters from the scary internet, only allow the white list through.
     def user_params
-      params.permit(:firstname, :lastname, :email, :phone, :custom_field)
+      params.permit(:firstname, :lastname, :email, :phone, :username, :password)
     end
 
     def custom_user_params
-      params.permit(:custom_field)
+      params.permit(:custom_field, :custom_dob, :custom_ssn)
     end
 end

data/examples/rails-custom-login-page/app/helpers/sessions_helper.rb

@@ -8,7 +8,7 @@ module SessionsHelper
       },
       request.base_url # included for CORS session cookie request
     )
-    return nil unless response
+    return { error: api_client.error_description } unless response
 
     if response.is_a? OneLogin::Api::Models::SessionTokenMFAInfo
       session[:state_token] = response.state_token

data/examples/rails-custom-login-page/app/helpers/users_helper.rb

@@ -1,2 +1,3 @@
 module UsersHelper
+
 end

data/examples/rails-custom-login-page/app/views/dashboard/index.html.erb

@@ -14,8 +14,9 @@
     <div class="col-sm">
       <h2>Apps</h2>
       <ul class="list-group">
+      <% url_base = CUSTOM_DOMAIN || ONELOGIN_SUBDOMAIN + ".onelogin.com" %>
       <%@apps.each do |app|%>
-        <li class="list-group-item"><a href="https://<%= ONELOGIN_SUBDOMAIN %>.onelogin.com/launch/<%= app.id %>"><%= app.name %></a></li>
+        <li class="list-group-item"><a target="_blank" href="https://<%= url_base %>/launch/<%= app.id %>"><%= app.name %></a></li>
       <%end%>
       </ul>
     </div>
@@ -40,11 +41,3 @@
     </div>
   </div>
 </div>
-
-
-
-
-
-
-
-

data/examples/rails-custom-login-page/app/views/home/index.html.erb

@@ -11,6 +11,15 @@
       <div class="alert alert-danger message" role="alert">
       </div>
 
+      <% url_base = CUSTOM_DOMAIN || ONELOGIN_SUBDOMAIN + ".onelogin.com" %>
+      <% url_create_session = "https://" + url_base + "/session_via_api_token" %>
+
+      <form action="<%= url_create_session %>" method="post" class="cookie-session-post-form">
+        <input type="hidden" id="cookie_session_token" name="session_token" value="">
+        <input id="auth_token" type="hidden">
+        <button type="submit">Creating Session ...</button>
+      </form>
+
       <%= form_tag("/login", method: "post", class: 'login-form') do %>
         <div class="form-group">
           <label for="username">Username</label>
@@ -20,7 +29,9 @@
           <label for="password">Password</label>
           <%= password_field_tag :password, nil, placeholder: 'Enter Password', class: 'form-control' %>
         </div>
-        <button type="submit" class="btn btn-primary">Login</button> or <a href="#" class="forgot">Forgot Password</a>
+        <button type="submit" class="btn btn-primary">Login</button>
+        <hr/>
+        <a href="#" class="forgot">Forgot Password</a> | <a href="/signup">Sign Up</a>
       <% end %>
 
       <%= form_tag("/verify_mfa", method: "post", class: 'mfa-form') do %>
@@ -37,28 +48,30 @@
 
       <%= form_tag("/forgot_password", method: "post", class: 'forgot-password-form') do %>
         <div class="form-group">
-          <label for="username">Username</label>
-          <%= text_field_tag :username, nil, placeholder: 'Enter Username', class: 'form-control' %>
+          <label for="forgot_username">Username</label>
+          <%= text_field_tag :forgot_username, nil, placeholder: 'Enter Username', class: 'form-control' %>
         </div>
         <button type="submit" class="btn btn-primary">Reset Password</button> or <a href="/">Login</a>
       <% end %>
 
       <%= form_tag("/reset_password", method: "post", class: 'reset-password-form') do %>
         <div class="form-group">
-          <label for="device_id">MFA Device</label>
-          <%= select_tag :device_id, nil, {:class => 'form-control'} %>
+          <label for="reset_device_id">MFA Device</label>
+          <%= select_tag :reset_device_id, nil, {:class => 'form-control'} %>
         </div>
         <div class="form-group">
-          <label for="otp_token">Token</label>
-          <%= text_field_tag :otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
+          <label for="reset_otp_token">Token</label>
+          <%= text_field_tag :reset_otp_token, nil, placeholder: 'Enter Token', class: 'form-control' %>
         </div>
         <div class="form-group">
-          <label for="password">New Password</label>
-          <%= password_field_tag :password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
+          <label for="new_password">New Password</label>
+          <%= password_field_tag :new_password, nil, placeholder: 'Enter New Password', class: 'form-control' %>
         </div>
         <button type="submit" class="btn btn-primary">Save Password</button>
       <% end %>
 
+      <form method="POST" action="" id="sp"></form>
+
     </div>
     <div class="col-sm">
     </div>
@@ -70,19 +83,42 @@
 
 <script type="text/javascript">
 
-  var ONELOGIN_SUBDOMAIN = "<%= ONELOGIN_SUBDOMAIN %>"
+  var ONELOGIN_SUBDOMAIN = "<%= ONELOGIN_SUBDOMAIN %>";
+  var CUSTOM_DOMAIN = "<%= CUSTOM_DOMAIN %>";
+  var COOKIE_VIA_POST_FORM = <%= COOKIE_VIA_POST_FORM || false %>;
 
   function makeCors(session_token) {
     var xhr = new XMLHttpRequest();
     xhr.withCredentials = true;
     method = "POST";
-    var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
+    if (CUSTOM_DOMAIN) {
+      var url = "https://" + CUSTOM_DOMAIN + "/session_via_api_token";
+    } else {
+      var url = "https://" + ONELOGIN_SUBDOMAIN + ".onelogin.com/session_via_api_token";
+    }
     xhr.open(method, url, true);
     xhr.setRequestHeader("Content-Type", "application/json");
     body = {"session_token": session_token};
+    xhr.onreadystatechange = function () {
+      if(xhr.readyState === 4 && xhr.status === 200) {
+        if(getUrlParameter("origin")){
+          // If there is an origin SP then redirect to it
+          redirectToSP()
+        } else{
+          // Otherwise redirect to the main dashboard
+          window.location.href = '/dashboard';
+        }
+      }
+    };
     xhr.send(JSON.stringify(body));
   };
 
+  function sendPostForm(session_token){
+    $(".cookie-session-post-form").show();
+    $("#cookie_session_token").val(session_token);
+    $(".cookie-session-post-form").submit();
+  }
+
   function showAlert(type, message){
     $(".message").removeClass("alert-danger").removeClass("alert-success");
     $(".message").addClass("alert-" + type).text(message).show();
@@ -92,9 +128,32 @@
     $(".message").hide();
   }
 
+  function getUrlParameter(sParam) {
+      var sPageURL = window.location.search.substring(1),
+          sURLVariables = sPageURL.split('&'),
+          sParameterName,
+          i;
+
+      for (i = 0; i < sURLVariables.length; i++) {
+          sParameterName = sURLVariables[i].split('=');
+
+          if (sParameterName[0] === sParam) {
+              return sParameterName[1] === undefined ? true : decodeURIComponent(sParameterName[1]);
+          }
+      }
+  };
+
+  function redirectToSP() {
+    var origin = getUrlParameter("origin");
+    var samlRequest = getUrlParameter("SAMLRequest");
+    var url = origin + "&SAMLRequest=" + samlRequest;
+    $("#sp").attr("action", url).submit();
+  }
+
   $(function(){
     hideAlert();
     $(".login-form").show();
+    $(".cookie-session-post-form").hide();
     $(".mfa-form").hide();
     $(".forgot-password-form").hide();
     $(".reset-password-form").hide();
@@ -122,14 +181,18 @@
             $(".login-form").hide();
             $(".mfa-form").show();
 
-          }else{
-            makeCors(res.session_token);
-            window.location.href = '/dashboard';
+          } else {
+            if (typeof COOKIE_VIA_POST_FORM === 'boolean' && COOKIE_VIA_POST_FORM === true) {
+              sendPostForm(res.session_token);
+            } else {
+              makeCors(res.session_token);
+            }
           }
         },
         error: function(xhr, status, err) {
           console.log(err);
-          showAlert('danger','Login Failed');
+          console.log(xhr);
+          showAlert('danger', xhr.responseJSON.error);
           $(".login-form input[type=submit]").removeAttr("disabled");
         },
       });
@@ -144,8 +207,11 @@
         success: function(res, status, xhr) {
           console.log(res);
 
-          makeCors(res.session_token);
-          window.location.href = '/dashboard';
+          if (typeof COOKIE_VIA_POST_FORM === 'boolean' && COOKIE_VIA_POST_FORM === true) {
+            sendPostForm(res.session_token);
+          } else {
+            makeCors(res.session_token);
+          }
         },
         error: function(xhr, status, err) {
           console.log(err);
@@ -203,4 +269,4 @@
       event.preventDefault();
     });
   })
-</script>
+</script>

data/examples/rails-custom-login-page/app/views/layouts/application.html.erb

@@ -10,8 +10,20 @@
   </head>
 
   <body>
+    <nav class="navbar navbar-expand-lg navbar-dark bg-primary">
+      <a class="navbar-brand" href="#">OneLogin Ruby SDK Sample</a>
+      <div class="collapse navbar-collapse" id="navbarNavAltMarkup">
+        <div class="navbar-nav">
+          <a class="nav-item nav-link active" href="/">Login</a>
+          <a class="nav-item nav-link" href="/signup">Sign Up</a>
+          <a class="nav-item nav-link" href="/onboard">Onboard</a>
+        </div>
+      </div>
+    </nav>
+
+
     <% flash.each do |key, value| %>
-      <div class="alert alert-<%= key %>"><%= value %></div>
+      <div class="alert alert-warning"><%= value %></div>
     <% end %>
 
     <%= yield %>

data/examples/rails-custom-login-page/app/views/users/edit.html.erb

@@ -1,27 +1,33 @@
-<h1>Editing User</h1>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+      <p><%= link_to 'Back', users_path %></p>
 
-<%= form_tag update_user_path, method: "patch", class: "edit" do %>
+      <h2>Edit User</h2>
 
-  <div>
-    First Name: <input type="text" name="firstname" value="<%= @user.firstname%>">
+      <%= form_tag update_user_path, method: "patch", class: "edit" do %>
+        <div class="form-group">
+          <label for="firstname">First Name</label>
+          <input type="text" name="firstname" value="<%= @user.firstname%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="lastname">Last Name</label>
+          <input type="text" name="lastname" value="<%= @user.lastname%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <input type="text" name="email" value="<%= @user.email%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="email">Phone</label>
+          <input type="text" name="phone" value="<%= @user.phone%>" class="form-control">
+        </div>
+        <div class="form-group">
+          <label for="email">Custom Field</label>
+          <input type="text" name="custom_field" value="<%= @user.custom_attributes['custom_field'] if @user.custom_attributes.present? %>" class="form-control">
+        </div>
+        <button type="submit" class="btn btn-primary">Save</button>
+      <% end %>
+    </div>
   </div>
-  <div>
-    Last Name: <input type="text" name="lastname" value="<%= @user.lastname%>">
-  </div>
-  <div>
-    Email: <input type="text" name="email" value="<%= @user.email%>">
-  </div>
-  <div>
-    Phone: <input type="text" name="phone" value="<%= @user.phone%>">
-  </div>
-  </div>
-  <div>
-    Custom Field: <input type="text" name="custom_field" value="<%= @user.custom_attributes['custom_field']%>">
-  </div>
-
-  <div class="actions">
-    <%= submit_tag %>
-  </div>
-<% end %>
-
-<%= link_to 'Back', users_path %>
+</div>

data/examples/rails-custom-login-page/app/views/users/index.html.erb

@@ -1,30 +1,33 @@
 <p id="notice"><%= notice %></p>
 
-<h1>Users</h1>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+      <h2>Users</h2>
+      <table class="table">
+        <thead>
+          <tr>
+            <th scope="col">Name</th>
+            <th scope="col">Email</th>
+            <th scope="col">Phone</th>
+            <th scope="col">Custom Field</th>
+            <th  scope="col" colspan="2"></th>
+          </tr>
+        </thead>
 
-<table class="table">
-  <thead>
-    <tr>
-      <th scope="col">Name</th>
-      <th scope="col">Email</th>
-      <th scope="col">Phone</th>
-      <th scope="col">Custom Field</th>
-      <th  scope="col" colspan="2"></th>
-    </tr>
-  </thead>
-
-  <tbody>
-    <% @users.each do |user| %>
-      <tr>
-        <td  scope="row"><%= user.firstname %> <%= user.lastname %></td>
-        <td><%= user.email %></td>
-        <td><%= user.phone %></td>
-        <td><%= user.custom_attributes["custom_field"] if user.custom_attributes.is_a?(Hash) %></td>
-        <td><%= link_to 'Show', user_path(user.id) %></td>
-        <td><%= link_to 'Edit', edit_user_path(user.id) %></td>
-      </tr>
-    <% end %>
-  </tbody>
-</table>
-
-<br>
+        <tbody>
+          <% @users.each do |user| %>
+            <tr>
+              <td  scope="row"><%= user.firstname %> <%= user.lastname %></td>
+              <td><%= user.email %></td>
+              <td><%= user.phone %></td>
+              <td><%= user.custom_attributes["custom_field"] if user.custom_attributes.is_a?(Hash) %></td>
+              <td><%= link_to 'Show', user_path(user.id) %></td>
+              <td><%= link_to 'Edit', edit_user_path(user.id) %></td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</div>

data/examples/rails-custom-login-page/app/views/users/new.html.erb

@@ -1,5 +1,60 @@
-<h1>New User</h1>
+<div class="jumbotron">
+  <p>This is a simple demo of how to sign up a new user and then make them activate their account</p>
+</div>
 
-<%= render 'form', user: @user %>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+    </div>
+    <div class="col-sm">
 
-<%= link_to 'Back', users_path %>
+      <div class="alert alert-danger message" role="alert">
+      </div>
+
+      <%= form_tag("/users", method: "post", class: 'signup-form') do %>
+        <div class="form-group">
+          <label for="firstname">First Name</label>
+          <%= text_field_tag :firstname, nil, placeholder: 'First Name', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="lastname">Last Name</label>
+          <%= text_field_tag :lastname, nil, placeholder: 'Last Name', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <%= text_field_tag :email, nil, placeholder: 'Email Address', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_dob">Date of Birth</label>
+          <%= text_field_tag :custom_dob, nil, placeholder: 'mm/dd/yyyy', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_ssn">Last 4 of SSN</label>
+          <%= text_field_tag :custom_ssn, nil, placeholder: 'Last 4 of SSN', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Sign Up</button>
+        <hr/>
+        <a href="/">Login</a>
+      <% end %>
+
+    </div>
+    <div class="col-sm">
+    </div>
+  </div>
+</div>
+
+
+<script type="text/javascript">
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+
+  $(function(){
+    hideAlert();
+  })
+</script>

data/examples/rails-custom-login-page/app/views/users/onboard.html.erb

@@ -0,0 +1,54 @@
+<div class="jumbotron">
+  <p>This shows how an unactivated user could supply infomation to complete a sign up flow</p>
+</div>
+
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+    </div>
+    <div class="col-sm">
+
+      <div class="alert alert-danger message" role="alert">
+      </div>
+
+      <%= form_tag("/activate", method: "post", class: 'signup-form') do %>
+        <div class="form-group">
+          <label for="email">Email</label>
+          <%= text_field_tag :email, nil, placeholder: 'Email Address', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_dob">Date of Birth</label>
+          <%= text_field_tag :custom_dob, nil, placeholder: 'mm/dd/yyyy', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="custom_ssn">Last 4 of SSN</label>
+          <%= text_field_tag :custom_ssn, nil, placeholder: 'Last 4 of SSN', class: 'form-control' %>
+        </div>
+        <div class="form-group">
+          <label for="password">Password</label>
+          <%= password_field_tag :password, nil, placeholder: 'Make up a password', class: 'form-control' %>
+        </div>
+        <button type="submit" class="btn btn-primary">Activate Account</button>
+      <% end %>
+
+    </div>
+    <div class="col-sm">
+    </div>
+  </div>
+</div>
+
+
+<script type="text/javascript">
+  function showAlert(type, message){
+    $(".message").removeClass("alert-danger").removeClass("alert-success");
+    $(".message").addClass("alert-" + type).text(message).show();
+    $(".message").show();
+  }
+  function hideAlert(){
+    $(".message").hide();
+  }
+
+  $(function(){
+    hideAlert();
+  })
+</script>

data/examples/rails-custom-login-page/app/views/users/show.html.erb

@@ -1,14 +1,17 @@
-<p id="notice"><%= notice %></p>
+<div class="container">
+  <div class="row">
+    <div class="col-sm">
+      <%= link_to 'Edit', edit_user_path(@user.id) %> |
+      <%= link_to 'Back', users_path %>
 
-<%= link_to 'Edit', edit_user_path(@user.id) %> |
-<%= link_to 'Back', users_path %>
-
-<h2>Profile</h2>
-
-<ul class="list-group">
-<%@user.instance_values.symbolize_keys.each do |k, v|%>
-  <li class="list-group-item">
-    <b><%= k%>:</b> <%= v%>
-  </li>
-<%end%>
-</ul>
+      <h2><%= @user.firstname %> <%= @user.lastname %></h2>
+      <ul class="list-group">
+      <%@user.instance_values.symbolize_keys.each do |k, v|%>
+        <li class="list-group-item">
+          <b><%= k%>:</b> <%= v%>
+        </li>
+      <%end%>
+      </ul>
+    </div>
+  </div>
+</div>

data/examples/rails-custom-login-page/config/initializers/onelogin.rb

@@ -1,4 +1,6 @@
 ONELOGIN_CLIENT_ID = Rails.application.secrets.ONELOGIN_CLIENT_ID
 ONELOGIN_CLIENT_SECRET = Rails.application.secrets.ONELOGIN_CLIENT_SECRET
 ONELOGIN_REGION = Rails.application.secrets.ONELOGIN_REGION
-ONELOGIN_SUBDOMAIN = Rails.application.secrets.ONELOGIN_SUBDOMAIN
+ONELOGIN_SUBDOMAIN = Rails.application.secrets.ONELOGIN_SUBDOMAIN
+CUSTOM_DOMAIN = Rails.application.secrets.CUSTOM_DOMAIN
+COOKIE_VIA_POST_FORM = Rails.application.secrets.COOKIE_VIA_POST_FORM