osso 0.0.3.15 → 0.0.3.16

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a63fecde3c20b225ac8f4f52dfa33cbbbcc768337b43b38d3e482e7a6d38806a
4
- data.tar.gz: 0ef7c41aef96e4b8299481a5cd9ca7f43c1b59b2ef846b813f9e8aa41957530e
3
+ metadata.gz: 6e33fd333f7c329404b9a9bdeb62551629b38a8b615b6aef556bc4b4c0ca2a03
4
+ data.tar.gz: e8c21ea78f2f33e5b6497c85148ff67221949ded6c34380dcb48a6eb450d6dc6
5
5
  SHA512:
6
- metadata.gz: cca50c6661352e1f076b747d90038796ba9f76590c9baa18e05128d2bc891a7f7de1090541f464814f28eacb713e0ed8f65fac34ac78a636674000df64092e1f
7
- data.tar.gz: a290b9403984ef9d454529008b62be363a1409cf5ff398a7db7e74f7a99e84f4fadb5c54fb7f939243496a863a4a155c841bf92101e1357dae4cbc2ae51a4f96
6
+ metadata.gz: 76779ec670e1a6c12589a3b2a1f319e8855ba8770a83489787d56c43bb8a23aa9a75ee9b9864dfce76f54061e3829ce639214ba5f5a4c7c8efc699e1776801a6
7
+ data.tar.gz: 356194bce279f215d58ea36e0e7e188c4ee134a4a4b55ce435fdee255caf23c39974f0b87a305e332a84b7aaf519db6ee13525beecd47117b9f9ebbd765679e3
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- osso (0.0.3.15)
4
+ osso (0.0.3.16)
5
5
  activesupport (>= 6.0.3.2)
6
6
  graphql
7
7
  jwt
@@ -66,7 +66,7 @@ GEM
66
66
  method_source (1.0.0)
67
67
  mini_portile2 (2.4.0)
68
68
  minitest (5.14.1)
69
- multi_json (1.14.1)
69
+ multi_json (1.15.0)
70
70
  mustermann (1.1.1)
71
71
  ruby2_keywords (~> 0.0.1)
72
72
  nokogiri (1.10.9)
@@ -31,7 +31,7 @@ module Osso
31
31
 
32
32
  def update_existing(oauth_client, redirect_uris)
33
33
  oauth_client.redirect_uris.each do |redirect|
34
- updating_index = redirect_uris.index{ |incoming| incoming[:id] == redirect.id }
34
+ updating_index = redirect_uris.index { |incoming| incoming[:id] == redirect.id }
35
35
 
36
36
  if updating_index
37
37
  updating = redirect_uris.delete_at(updating_index)
@@ -4,17 +4,6 @@ module Osso
4
4
  module Models
5
5
  class RedirectUri < ActiveRecord::Base
6
6
  belongs_to :oauth_client
7
-
8
- # TODO
9
- # before_validation :set_primary, on: :creaet, :update
10
-
11
- private
12
-
13
- def set_primary
14
- if primary_was.true? && primary.false?
15
-
16
- end
17
- end
18
7
  end
19
8
  end
20
9
  end
@@ -14,10 +14,6 @@ module Osso
14
14
  /[0-9a-f]{8}-[0-9a-f]{3,4}-[0-9a-f]{4}-[0-9a-f]{3,4}-[0-9a-f]{12}/.
15
15
  freeze
16
16
 
17
- def self.internal_redirect?(env)
18
- env['HTTP_REFERER']&.match(env['SERVER_NAME'])
19
- end
20
-
21
17
  use OmniAuth::Builder do
22
18
  OmniAuth::MultiProvider.register(
23
19
  self,
@@ -26,8 +22,8 @@ module Osso
26
22
  path_prefix: '/auth/saml',
27
23
  callback_suffix: 'callback',
28
24
  ) do |identity_provider_id, _env|
29
- provider = Models::IdentityProvider.find(identity_provider_id)
30
- provider.saml_options
25
+ Models::IdentityProvider.find(identity_provider_id).
26
+ saml_options
31
27
  end
32
28
  end
33
29
 
@@ -36,11 +32,10 @@ module Osso
36
32
  # their Identity Provider. We find or create a user record,
37
33
  # and then create an authorization code for that user. The user
38
34
  # is redirected back to your application with this code
39
- # as a URL query param, which you then exhange for an access token
35
+ # as a URL query param, which you then exchange for an access token.
40
36
  post '/saml/:id/callback' do
41
37
  provider = Models::IdentityProvider.find(params[:id])
42
- oauth_client = provider.oauth_client
43
- redirect_uri = env['redirect_uri'] || oauth_client.primary_redirect_uri.uri
38
+ @oauth_client = provider.oauth_client
44
39
 
45
40
  attributes = env['omniauth.auth']&.
46
41
  extra&.
@@ -56,11 +51,29 @@ module Osso
56
51
  end
57
52
 
58
53
  authorization_code = user.authorization_codes.create!(
59
- oauth_client: oauth_client,
54
+ oauth_client: @oauth_client,
60
55
  redirect_uri: redirect_uri,
61
56
  )
62
57
 
63
- redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{session[:oauth_state]}")
58
+ # Mark IDP as active
59
+
60
+ redirect(redirect_uri + "?code=#{CGI.escape(authorization_code.token)}&state=#{provider_state}")
61
+ end
62
+
63
+ def redirect_uri
64
+ return @oauth_client.primary_redirect_uri.uri if valid_idp_initiated_flow
65
+
66
+ session[:osso_oauth_redirect_uri]
67
+ end
68
+
69
+ def provider_state
70
+ return 'IDP_INITIATED' if valid_idp_initiated_flow
71
+
72
+ session[:osso_oauth_state]
73
+ end
74
+
75
+ def valid_idp_initiated_flow
76
+ !session[:osso_oauth_redirect_uri] && !session[:osso_oauth_state]
64
77
  end
65
78
  end
66
79
  end
@@ -6,7 +6,7 @@ module Osso
6
6
  class Oauth < Sinatra::Base
7
7
  include AppConfig
8
8
  register Sinatra::Namespace
9
- # rubocop:disable Metrics/BlockLength
9
+
10
10
  namespace '/oauth' do
11
11
  # Send your users here in order to being an authentication
12
12
  # flow. This flow follows the authorization grant oauth
@@ -19,11 +19,11 @@ module Osso
19
19
 
20
20
  Rack::OAuth2::Server::Authorize.new do |req, _res|
21
21
  client = Models::OauthClient.find_by!(identifier: req.client_id)
22
- req.verify_redirect_uri!(client.redirect_uri_values)
22
+ session[:osso_oauth_redirect_uri] = req.verify_redirect_uri!(client.redirect_uri_values)
23
23
  end.call(env)
24
24
 
25
25
  if @enterprise.single_provider?
26
- session[:oauth_state] = params[:state]
26
+ session[:osso_oauth_state] = params[:state]
27
27
  redirect "/auth/saml/#{@enterprise.provider.id}"
28
28
  end
29
29
 
@@ -35,9 +35,10 @@ module Osso
35
35
  return erb :error
36
36
  end
37
37
 
38
- # Exchange an authorization code token for an access token.
39
- # In addition to the token, you must include all paramaters
40
- # required by Oauth spec: redirect_uri, client ID, and client secret
38
+ # Exchange an authorization code for an access token.
39
+ # In addition to the authorization code, you must include all
40
+ # paramaters required by OAuth spec: redirect_uri, client ID,
41
+ # and client secret
41
42
  post '/token' do
42
43
  Rack::OAuth2::Server::Token.new do |req, res|
43
44
  code = Models::AuthorizationCode.
@@ -60,4 +61,3 @@ module Osso
60
61
  end
61
62
  end
62
63
  end
63
- # rubocop:enable Metrics/BlockLength
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Osso
4
- VERSION = '0.0.3.15'
4
+ VERSION = '0.0.3.16'
5
5
  end
@@ -63,6 +63,24 @@ describe Osso::Auth do
63
63
  )
64
64
  end.to change { Osso::Models::AuthorizationCode.count }.by(1)
65
65
  end
66
+
67
+ describe 'for an IDP initiated login' do
68
+ it 'redirects with a default state' do
69
+ mock_saml_omniauth
70
+
71
+ post(
72
+ "/auth/saml/#{okta_provider.id}/callback",
73
+ nil,
74
+ {
75
+ 'omniauth.auth' => OmniAuth.config.mock_auth[:saml],
76
+ 'identity_provider' => okta_provider,
77
+ },
78
+ )
79
+ expect(last_response).to be_redirect
80
+ follow_redirect!
81
+ expect(last_request.url).to match(/.*state=IDP_INITIATED$/)
82
+ end
83
+ end
66
84
  end
67
85
 
68
86
  describe 'on subsequent authentications' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: osso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3.15
4
+ version: 0.0.3.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam Bauch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-15 00:00:00.000000000 Z
11
+ date: 2020-08-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport