oxd-ruby 0.1.3 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/CHANGELOG.md +37 -0
- data/README.md +70 -19
- data/demosite/Gemfile +1 -1
- data/demosite/app/controllers/application_controller.rb +2 -1
- data/demosite/app/controllers/home_controller.rb +3 -4
- data/demosite/app/controllers/uma_controller.rb +40 -0
- data/demosite/app/views/home/index.html.erb +26 -21
- data/demosite/app/views/uma/index.html.erb +121 -0
- data/demosite/config/initializers/oxd_config.rb +3 -3
- data/demosite/config/routes.rb +10 -0
- data/lib/generators/oxd/templates/oxd_config.rb +2 -2
- data/lib/oxd-ruby.rb +2 -1
- data/lib/oxd/client_oxd_commands.rb +18 -17
- data/lib/oxd/config.rb +14 -7
- data/lib/oxd/oxd_connector.rb +11 -4
- data/lib/oxd/uma_commands.rb +113 -0
- data/lib/oxd/version.rb +1 -1
- metadata +6 -3
- data/demosite/Gemfile.lock +0 -190
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: becb5e6cf7b08da462269a04cb94f5df77c9a903
|
4
|
+
data.tar.gz: e39d828b7f16eaf9a0a70e1eb70828065bc1c603
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 785054ee62b5971ac043b85987086f115c5d23052556182649b78ff34e335f307a6bd36c265b99c3c997079ef9458f049585c1a69bfbe3b6e1db0d947c7a0df6
|
7
|
+
data.tar.gz: 9d21df5d8571a358ef2bc5f56c22b1c384fb4adde6cbca19cf1c045880fa942b7ec0b2b7a1a6734da17136da7b80abc89c00f654dc3b3149bdd6b7a068563d75
|
data/.gitignore
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
# Change Log
|
2
|
+
All notable changes to this project will be documented in this file.
|
3
|
+
|
4
|
+
## [0.1.7] - 2017-03-10
|
5
|
+
### Added
|
6
|
+
- `state` parameter in `get_tokens_by_code` command
|
7
|
+
|
8
|
+
### Changes
|
9
|
+
- changed `get_logout_uri` command to use `id_token` generated by `get_tokens_by_code` command for `id_token_hint` parameter
|
10
|
+
|
11
|
+
### Removed
|
12
|
+
- `access_token` parameter from `get_logout_uri` command
|
13
|
+
|
14
|
+
### Bug Fix
|
15
|
+
- "String can't be coerced into Integer" while using `get_logout_uri` command
|
16
|
+
|
17
|
+
## [0.1.6] - 2016-08-25
|
18
|
+
### Added
|
19
|
+
- `client_secret_expires_at` parameter in `update_registration_site` command
|
20
|
+
- `prompt : login` parameter in `get_authorization_url` command
|
21
|
+
- `client_id` and `client_secret` parameter in `register_site` command
|
22
|
+
|
23
|
+
### Removed
|
24
|
+
- `config.redirect_uris` parameter from configuration
|
25
|
+
- `redirect_uris` parameter from `register_site` and `update_registr_site` commands
|
26
|
+
- `state` and `scopes` parameters from `get_tokens_by_code` command
|
27
|
+
|
28
|
+
## [0.1.5] - 2016-07-20
|
29
|
+
### Added
|
30
|
+
- support for https protocol
|
31
|
+
|
32
|
+
## [0.1.4] - 2016-06-25
|
33
|
+
### Added
|
34
|
+
- support for oxd-server 2.4.4
|
35
|
+
- support for UMA
|
36
|
+
- `config.op_host` parameter in configuration
|
37
|
+
- added scopes "uma_protection","uma_authorization"
|
data/README.md
CHANGED
@@ -1,47 +1,57 @@
|
|
1
1
|
# Oxd Ruby
|
2
2
|
[![Gem Version](https://badge.fury.io/rb/oxd-ruby.png)](https://badge.fury.io/rb/oxd-ruby)
|
3
3
|
|
4
|
-
Ruby Client Library for the [Gluu oxD Server RP - v2.4.
|
4
|
+
Ruby Client Library for the [Gluu oxD Server RP - v2.4.4 to v3.0.1](https://www.gluu.org/docs-oxd/).
|
5
5
|
|
6
6
|
**oxdruby** is a thin wrapper around the communication protocol of oxD server. This can be used to access the OpenID connect & UMA Authorization end points of the Gluu Server via the oxD RP. This library provides the function calls required by a website to access user information from a OpenID Connect Provider (OP) by using the OxD as the Relying Party (RP).
|
7
7
|
|
8
8
|
## Using the Library in your website
|
9
9
|
|
10
|
-
> You are now on the `
|
10
|
+
> You are now on the `master` branch. If you want to use `oxd-ruby` for production use, switch to the branch of the matching version as the `oxd-server` you are installing.
|
11
11
|
|
12
12
|
[oxD RP](https://www.gluu.org/docs-oxd/) has complete information about the Code Authorization flow and the various details about oxD RP configuration. This document provides only documentation about the oxd-ruby library.
|
13
13
|
|
14
14
|
### Prerequisites
|
15
15
|
|
16
16
|
* Install `gluu-oxd-server`
|
17
|
+
|
17
18
|
Oxd-server needs to be running on your machine to connect with OP.
|
18
19
|
|
20
|
+
* Enable SSL on your website otherwise this library will not work.
|
21
|
+
|
19
22
|
### Installation
|
20
23
|
|
21
24
|
To install gem, add this line to your application's Gemfile:
|
22
25
|
|
23
26
|
```ruby
|
24
|
-
gem 'oxd-ruby', '~> 0.1.
|
27
|
+
gem 'oxd-ruby', '~> 0.1.7'
|
25
28
|
```
|
26
29
|
|
27
30
|
Run bundle command to install it:
|
31
|
+
|
28
32
|
```bash
|
29
33
|
$ bundle install
|
30
34
|
```
|
31
35
|
|
32
36
|
### Configuring
|
33
|
-
After you installed oxd-ruby, you need to run the generator command:
|
37
|
+
After you installed oxd-ruby, you need to run the generator command to generate the configuration file:
|
38
|
+
|
34
39
|
```bash
|
35
40
|
$ rails generate oxd:config
|
36
41
|
```
|
37
42
|
|
38
|
-
The generator will install `oxd_config.rb` initializer file in `config/initializers` directory which conatins
|
39
|
-
|
40
|
-
|
43
|
+
The generator will install `oxd_config.rb` initializer file in `config/initializers` directory which conatins all the global configuration options for oxd-ruby plguin.
|
44
|
+
The following configurations must be set in config file before the plugin can be used.
|
45
|
+
|
46
|
+
1. config.oxd_host_ip
|
47
|
+
2. config.oxd_host_port
|
48
|
+
3. config.op_host
|
49
|
+
4. config.authorization_redirect_uri
|
50
|
+
|
41
51
|
|
42
52
|
## Usage
|
43
53
|
|
44
|
-
Add
|
54
|
+
Add following snippet to your `application_controller.rb` file:
|
45
55
|
|
46
56
|
```ruby
|
47
57
|
require 'oxd-ruby'
|
@@ -50,23 +60,25 @@ before_filter :set_oxd_commands_instance
|
|
50
60
|
protected
|
51
61
|
def set_oxd_commands_instance
|
52
62
|
@oxd_command = Oxd::ClientOxdCommands.new
|
63
|
+
@uma_command = Oxd::UMACommands.new
|
53
64
|
end
|
54
65
|
```
|
55
66
|
|
56
67
|
The `ClientOxdCommands` class of the library provides all the methods required for the website to communicate with the oxD RP through sockets.
|
68
|
+
The `UMACommands` class provides commands for UMA Resource Server(UMA RS) and UMA Requesting Party(UMA RP) protocol.
|
57
69
|
|
58
70
|
### Website Registration
|
59
71
|
|
60
|
-
The website can be registered with the
|
72
|
+
The website can be registered with the OpenId Provider using the `@oxd_command.register_site` call.
|
61
73
|
|
62
74
|
### Get Authorization URL
|
63
75
|
|
64
|
-
The first step is to generate an authorization url which the user can visit to authorize your application to use the information from the
|
76
|
+
The first step is to generate an authorization url which the user can visit to authorize your application to use the information from the OpenId Provider.
|
65
77
|
|
66
78
|
```ruby
|
67
79
|
authorization_url = @oxd_command.get_authorization_url
|
68
80
|
```
|
69
|
-
Using the above url the website can redirect the user for authentication at the
|
81
|
+
Using the above url the website can redirect the user for authentication at the OpenId Provider.
|
70
82
|
|
71
83
|
### Get access token
|
72
84
|
|
@@ -75,14 +87,13 @@ The website needs to parse the information from the callback url and pass it on
|
|
75
87
|
```ruby
|
76
88
|
code = params[:code]
|
77
89
|
state = params[:state]
|
78
|
-
|
79
|
-
access_token = @oxd_command.get_tokens_by_code( code, scopes, state )
|
90
|
+
access_token = @oxd_command.get_tokens_by_code( code,state )
|
80
91
|
```
|
81
|
-
The values for code
|
92
|
+
The values for code are parsed from the callback url query parameters.
|
82
93
|
|
83
94
|
### Get user claims
|
84
95
|
|
85
|
-
Claims (user information fields) made availble by the
|
96
|
+
Claims (user information fields) made availble by the OpenId Provider can be fetched using the access token obtained above.
|
86
97
|
|
87
98
|
```ruby
|
88
99
|
user = @oxd_command.get_user_info(access_token)
|
@@ -90,25 +101,65 @@ user = @oxd_command.get_user_info(access_token)
|
|
90
101
|
|
91
102
|
### Using the claims
|
92
103
|
|
93
|
-
Once the user data is obtained, the various claims supported by the
|
104
|
+
Once the user data is obtained, the various claims supported by the OpenId Provider can be used as required.
|
94
105
|
|
95
106
|
```ruby
|
96
107
|
<% user.each do |field,value| %>
|
97
108
|
<%= "#{field} : #{value}" %>
|
98
109
|
<% end %>
|
99
110
|
```
|
100
|
-
The availability of various claims are completely dependent on the
|
111
|
+
The availability of various claims are completely dependent on the OpenId Provider.
|
101
112
|
|
102
113
|
### Logging out
|
103
114
|
|
104
115
|
Once the required work is done the user can be logged out of the system.
|
105
116
|
|
106
117
|
```ruby
|
107
|
-
logout_uri = @oxd_command.get_logout_uri(
|
118
|
+
logout_uri = @oxd_command.get_logout_uri(state, session_state)
|
108
119
|
```
|
109
120
|
You can then redirect the user to obtained url to perform logout.
|
110
121
|
|
111
|
-
|
122
|
+
## Using UMA commands
|
123
|
+
|
124
|
+
### UMA Protect resources
|
125
|
+
|
126
|
+
To protect resources with UMA Resource server, you need to add resources to library using `uma_add_resource(path, *conditions)` method. Then you can call following method to register resources for protection with UMA RS.
|
127
|
+
|
128
|
+
```ruby
|
129
|
+
@uma_command.uma_add_resource(path, *conditions)
|
130
|
+
@uma_command.uma_rs_protect
|
131
|
+
```
|
132
|
+
|
133
|
+
### UMA Check access for a particular resource
|
134
|
+
To check wether you have access to a particular resource on UMA Resource Sevrer or not, use following method:
|
135
|
+
|
136
|
+
```ruby
|
137
|
+
@uma_command.uma_rs_check_access(path, http_method)
|
138
|
+
```
|
139
|
+
You must first get RPT before calling this method.
|
140
|
+
|
141
|
+
### Get Requesting Party Token(RPT)
|
142
|
+
To gain access to protected resources at the UMA resource server, you must first obtain RPT.
|
143
|
+
|
144
|
+
```ruby
|
145
|
+
@uma_command.uma_rp_get_rpt(force_new)
|
146
|
+
```
|
147
|
+
|
148
|
+
### Authorize RPT
|
149
|
+
You must first call `uma_rp_get_rpt` and `uma_rs_check_access` methods before authorizing RPT. If you have already obtained the RPT, use `uma_rp_authorize_rpt` method provided by oxd-ruby library to authorize it.
|
150
|
+
|
151
|
+
```ruby
|
152
|
+
@uma_command.uma_rp_authorize_rpt
|
153
|
+
```
|
154
|
+
|
155
|
+
### Get Gluu Access Token(GAT)
|
156
|
+
To obtain GAT(Gluu Access Token) call following method with scopes as parameter.
|
157
|
+
|
158
|
+
```ruby
|
159
|
+
@uma_command.uma_rp_get_gat(scopes)
|
160
|
+
```
|
161
|
+
|
162
|
+
## Logs
|
112
163
|
You can find `oxd-ruby.log` file in `rails_app_root/log` folder. It contains all the logs about oxd-server connections, commands/data sent to server, recieved response and all the errors and exceptions raised.
|
113
164
|
|
114
165
|
## Demo Site
|
data/demosite/Gemfile
CHANGED
@@ -33,7 +33,7 @@ gem "twitter-bootstrap-rails"
|
|
33
33
|
# Use Capistrano for deployment
|
34
34
|
# gem 'capistrano-rails', group: :development
|
35
35
|
|
36
|
-
gem 'oxd-ruby', '~> 0.1.
|
36
|
+
gem 'oxd-ruby', '~> 0.1.7'
|
37
37
|
|
38
38
|
group :development, :test do
|
39
39
|
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
|
@@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
|
|
9
9
|
before_filter :set_oxd_commands_instance
|
10
10
|
protected
|
11
11
|
def set_oxd_commands_instance
|
12
|
-
|
12
|
+
@oxd_command = Oxd::ClientOxdCommands.new
|
13
|
+
@uma_command = Oxd::UMACommands.new
|
13
14
|
end
|
14
15
|
end
|
@@ -14,10 +14,9 @@ class HomeController < ApplicationController
|
|
14
14
|
|
15
15
|
def login
|
16
16
|
if(@oxd_command.getOxdId.present?)
|
17
|
-
if (params[:code].present?
|
18
|
-
scopes = params[:scope].split("+")
|
17
|
+
if (params[:code].present?)
|
19
18
|
# pass the parameters obtained from callback url to get access_token
|
20
|
-
@access_token = @oxd_command.get_tokens_by_code( params[:code],
|
19
|
+
@access_token = @oxd_command.get_tokens_by_code( params[:code], params[:state])
|
21
20
|
end
|
22
21
|
session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
|
23
22
|
session[:oxd_access_token] = @access_token
|
@@ -31,7 +30,7 @@ class HomeController < ApplicationController
|
|
31
30
|
def logout
|
32
31
|
# get logout url and redirect user that URL to logout from OP
|
33
32
|
if(session[:oxd_access_token])
|
34
|
-
@logout_url = @oxd_command.get_logout_uri(session[:
|
33
|
+
@logout_url = @oxd_command.get_logout_uri(session[:state], session[:session_state])
|
35
34
|
redirect_to @logout_url
|
36
35
|
end
|
37
36
|
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
class UmaController < ApplicationController
|
2
|
+
skip_before_filter :verify_authenticity_token
|
3
|
+
require 'json'
|
4
|
+
|
5
|
+
def index
|
6
|
+
end
|
7
|
+
|
8
|
+
def protect_resources
|
9
|
+
condition1_for_path1 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
|
10
|
+
condition2_for_path1 = {:httpMethods => ["PUT", "POST"], :scopes => ["http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add"], :ticketScopes => ["http://photoz.example.com/dev/actions/add"]}
|
11
|
+
|
12
|
+
condition1_for_path2 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
|
13
|
+
|
14
|
+
@uma_command.uma_add_resource("/photo", condition1_for_path1, condition2_for_path1) # Add Resource#1
|
15
|
+
@uma_command.uma_add_resource("/document", condition1_for_path2) # Add Resource#2
|
16
|
+
response = @uma_command.uma_rs_protect # Register above resources with UMA RS
|
17
|
+
render :template => "uma/index", :locals => { :protect_resources_response => response }
|
18
|
+
end
|
19
|
+
|
20
|
+
def get_rpt
|
21
|
+
rpt = @uma_command.uma_rp_get_rpt('false') # Get RPT
|
22
|
+
render :template => "uma/index", :locals => { :rpt => rpt }
|
23
|
+
end
|
24
|
+
|
25
|
+
def check_access
|
26
|
+
response = @uma_command.uma_rs_check_access('/photo', 'GET') # Pass the resource path and http method to check access
|
27
|
+
render :template => "uma/index", :locals => { :check_access_response => response }
|
28
|
+
end
|
29
|
+
|
30
|
+
def authorize_rpt
|
31
|
+
response = @uma_command.uma_rp_authorize_rpt # Authorize RPT
|
32
|
+
render :template => "uma/index", :locals => { :authorize_rpt_response => response }
|
33
|
+
end
|
34
|
+
|
35
|
+
def get_gat
|
36
|
+
scopes = ["http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/view","http://photoz.example.com/dev/actions/edit"]
|
37
|
+
gat = @uma_command.uma_rp_get_gat(scopes) # Pass scopes array to get GAT
|
38
|
+
render :template => "uma/index", :locals => { :gat => gat }
|
39
|
+
end
|
40
|
+
end
|
@@ -13,22 +13,22 @@
|
|
13
13
|
<h3>oxd_config.rb</h3>
|
14
14
|
<pre class="prettyprint">
|
15
15
|
Oxd.configure do |config|
|
16
|
-
config.oxd_host_ip
|
17
|
-
config.oxd_host_port
|
18
|
-
config.
|
19
|
-
config.
|
20
|
-
config.
|
21
|
-
config.
|
22
|
-
config.
|
23
|
-
config.
|
24
|
-
config.client_jwks_uri
|
25
|
-
config.client_token_endpoint_auth_method
|
26
|
-
config.client_request_uris
|
27
|
-
config.contacts
|
28
|
-
config.grant_types
|
29
|
-
config.response_types
|
30
|
-
config.acr_values
|
31
|
-
config.client_logout_uris
|
16
|
+
config.oxd_host_ip = '127.0.0.1'
|
17
|
+
config.oxd_host_port = 8099
|
18
|
+
config.op_host = "https://ce-dev2.gluu.org"
|
19
|
+
config.authorization_redirect_uri = "https://oxd-rails.com/login"
|
20
|
+
config.logout_redirect_uri = "https://oxd-rails.com/logout"
|
21
|
+
config.post_logout_redirect_uri = "https://oxd-rails.com/"
|
22
|
+
config.scope = [ "openid", "profile" ]
|
23
|
+
config.application_type = "web"
|
24
|
+
config.client_jwks_uri = ""
|
25
|
+
config.client_token_endpoint_auth_method = ""
|
26
|
+
config.client_request_uris = []
|
27
|
+
config.contacts = ["example-email@gmail.com"]
|
28
|
+
config.grant_types = []
|
29
|
+
config.response_types = ["code"]
|
30
|
+
config.acr_values = ["basic"]
|
31
|
+
config.client_logout_uris = ['https://oxd-rails.com/logout']
|
32
32
|
end
|
33
33
|
</pre>
|
34
34
|
</div>
|
@@ -63,9 +63,8 @@ end
|
|
63
63
|
<pre class="prettyprint">
|
64
64
|
def login
|
65
65
|
if(@oxd_command.getOxdId.present?)
|
66
|
-
if (params[:code].present?
|
67
|
-
|
68
|
-
@access_token = @oxd_command.get_tokens_by_code( params[:code], scopes, params[:state])
|
66
|
+
if (params[:code].present?)
|
67
|
+
@access_token = @oxd_command.get_tokens_by_code( params[:code],params[:state])
|
69
68
|
end
|
70
69
|
session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
|
71
70
|
session[:oxd_access_token] = @access_token
|
@@ -107,7 +106,13 @@ end
|
|
107
106
|
</pre>
|
108
107
|
</div>
|
109
108
|
</div>
|
110
|
-
|
109
|
+
<div class="row">
|
110
|
+
<div class="col-md-6">
|
111
|
+
<h3>UMA Demo</h3>
|
112
|
+
<p>UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties.Once the website has been registered and authorized with OP you can register protection document with UMA.</p>
|
113
|
+
<p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= uma_index_path %>" target="_blank">Go to UMA demo page</a></p>
|
114
|
+
</div>
|
115
|
+
</div>
|
111
116
|
<div class="row">
|
112
117
|
<div class="col-md-6">
|
113
118
|
<h3>Logging Out</h3>
|
@@ -118,7 +123,7 @@ end
|
|
118
123
|
<pre class="prettyprint">
|
119
124
|
def logout
|
120
125
|
if(session[:oxd_access_token])
|
121
|
-
@logout_url = @oxd_command.get_logout_uri(session[:
|
126
|
+
@logout_url = @oxd_command.get_logout_uri(session[:state], session[:session_state])
|
122
127
|
redirect_to @logout_url
|
123
128
|
end
|
124
129
|
end
|
@@ -0,0 +1,121 @@
|
|
1
|
+
<div class="jumbotron">
|
2
|
+
<h2>UMA RS and UMA RP Demo page for OxD Ruby Library</h2>
|
3
|
+
</div>
|
4
|
+
|
5
|
+
<div class="row">
|
6
|
+
<div class="col-md-6">
|
7
|
+
<h3>UMA RS Protect resources</h3>
|
8
|
+
<p>To protect resources with UMA RS, you need to add resources to library using <code>uma_add_resource(path, *conditions)</code> method. Then you can call <code>uma_rs_protect</code> method to register resources for protection with UMA RS.</p>
|
9
|
+
<p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= protect_resources_uma_index_path %>">Protect Resources</a></p>
|
10
|
+
<% if defined?(protect_resources_response) %>
|
11
|
+
<div class="alert alert-success">
|
12
|
+
<%= "Response Oxd ID: #{protect_resources_response}" %>
|
13
|
+
</div>
|
14
|
+
<% end %>
|
15
|
+
</div>
|
16
|
+
<div class="col-md-6">
|
17
|
+
<pre class="prettyprint">
|
18
|
+
def protect_resources
|
19
|
+
condition1 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
|
20
|
+
condition2 = {:httpMethods => ["PUT", "POST"],
|
21
|
+
:scopes => ["http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add"],
|
22
|
+
:ticketScopes => ["http://photoz.example.com/dev/actions/add"]
|
23
|
+
}
|
24
|
+
@uma_command.uma_add_resource("/photo", condition1, condition2)
|
25
|
+
@uma_command.uma_rs_protect
|
26
|
+
end
|
27
|
+
</pre>
|
28
|
+
</div>
|
29
|
+
</div>
|
30
|
+
<hr>
|
31
|
+
<div class="row">
|
32
|
+
<div class="col-md-6">
|
33
|
+
<h3>UMA RP - Get RPT</h3>
|
34
|
+
<p>To gain access to protected resources at the UMA resource server, you must first obtain RPT (Requesting Party Token) using <code>uma_rp_get_rpt(force_new)</code> call.</p>
|
35
|
+
<p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= get_rpt_uma_index_path %>">Get RPT</a></p>
|
36
|
+
<% if defined?(rpt) %>
|
37
|
+
<div class="alert alert-success">
|
38
|
+
<%= "Response RPT is: #{rpt}" %>
|
39
|
+
</div>
|
40
|
+
<% end %>
|
41
|
+
</div>
|
42
|
+
<div class="col-md-6">
|
43
|
+
<pre class="prettyprint">
|
44
|
+
def get_rpt
|
45
|
+
rpt = @uma_command.uma_rp_get_rpt(false)
|
46
|
+
render :template => "uma/index", :locals => { :rpt => rpt }
|
47
|
+
end
|
48
|
+
</pre>
|
49
|
+
</div>
|
50
|
+
</div>
|
51
|
+
<hr>
|
52
|
+
<div class="row">
|
53
|
+
<div class="col-md-6">
|
54
|
+
<h3>UMA RS Check Access</h3>
|
55
|
+
<p>To check wether you have access to a particular resource on UMA Resource Sevrer or not, make call to <code>uma_rs_check_access(path, http_method)</code> method.</p>
|
56
|
+
<p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= check_access_uma_index_path %>">Check access</a></p>
|
57
|
+
<% if defined?(check_access_response) %>
|
58
|
+
<% if check_access_response['access'] == 'denied' %>
|
59
|
+
<div class="alert alert-warning">
|
60
|
+
<%= "Response : access #{check_access_response['access']}" %><br>
|
61
|
+
<%= "Response ticket : #{check_access_response['ticket']}" if check_access_response['ticket'].present? %>
|
62
|
+
</div>
|
63
|
+
<% else %>
|
64
|
+
<div class="alert alert-success">
|
65
|
+
<%= "Response : #{check_access_response}" %>
|
66
|
+
</div>
|
67
|
+
<% end %>
|
68
|
+
<% end %>
|
69
|
+
</div>
|
70
|
+
<div class="col-md-6">
|
71
|
+
<pre class="prettyprint">
|
72
|
+
def check_access
|
73
|
+
response = @uma_command.uma_rs_check_access('/photo', 'GET')
|
74
|
+
render :template => "uma/index", :locals => { :check_access_response => response }
|
75
|
+
end
|
76
|
+
</pre>
|
77
|
+
</div>
|
78
|
+
</div>
|
79
|
+
<hr>
|
80
|
+
<div class="row">
|
81
|
+
<div class="col-md-6">
|
82
|
+
<h3>UMA RP - Authorize RPT</h3>
|
83
|
+
<p>You must first get RPT (refer to 'Get RPT' section) before authorizing. If you have already obtained the RPT, use <code>uma_rp_authorize_rpt</code> method provided by oxd-ruby library to authorize RPT.</p>
|
84
|
+
<p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= authorize_rpt_uma_index_path %>">Authorize RPT</a></p>
|
85
|
+
<% if defined?(authorize_rpt_response) %>
|
86
|
+
<div class="alert alert-success">
|
87
|
+
<%= "Response Oxd ID: #{authorize_rpt_response}" %>
|
88
|
+
</div>
|
89
|
+
<% end %>
|
90
|
+
</div>
|
91
|
+
<div class="col-md-6">
|
92
|
+
<pre class="prettyprint">
|
93
|
+
def authorize_rpt
|
94
|
+
response = @uma_command.uma_rp_authorize_rpt
|
95
|
+
render :template => "uma/index", :locals => { :authorize_rpt_response => response }
|
96
|
+
end
|
97
|
+
</pre>
|
98
|
+
</div>
|
99
|
+
</div>
|
100
|
+
<hr>
|
101
|
+
<div class="row">
|
102
|
+
<div class="col-md-6">
|
103
|
+
<h3>UMA RP - Get GAT</h3>
|
104
|
+
<p>To obtain GAT(Gluu Access Token) call to <code>uma_rp_get_gat(scopes)</code> method with scopes as parameter.</p>
|
105
|
+
<p><strong> Live demo. </strong><a class="btn btn-primary" href="<%= get_gat_uma_index_path %>">Get GAT</a></p>
|
106
|
+
<% if defined?(gat) %>
|
107
|
+
<div class="alert alert-success">
|
108
|
+
<%= "Response GAT is: #{gat}" %>
|
109
|
+
</div>
|
110
|
+
<% end %>
|
111
|
+
</div>
|
112
|
+
<div class="col-md-6">
|
113
|
+
<pre class="prettyprint">
|
114
|
+
def get_gat
|
115
|
+
scopes = ["http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/view","http://photoz.example.com/dev/actions/edit"]
|
116
|
+
gat = @uma_command.uma_rp_get_gat(scopes)
|
117
|
+
render :template => "uma/index", :locals => { :gat => gat }
|
118
|
+
end
|
119
|
+
</pre>
|
120
|
+
</div>
|
121
|
+
</div>
|
@@ -2,12 +2,12 @@
|
|
2
2
|
Oxd.configure do |config|
|
3
3
|
config.oxd_host_ip = '127.0.0.1'
|
4
4
|
config.oxd_host_port = 8099
|
5
|
+
config.op_host = "https://ce-dev2.gluu.org"
|
5
6
|
config.authorization_redirect_uri = "https://oxd-rails.com/login"
|
6
7
|
config.logout_redirect_uri = "https://oxd-rails.com/logout"
|
7
|
-
config.post_logout_redirect_uri = "https://oxd-rails.com/
|
8
|
-
config.scope = [ "openid", "profile" ]
|
8
|
+
config.post_logout_redirect_uri = "https://oxd-rails.com/"
|
9
|
+
config.scope = [ "openid", "profile","uma_protection","uma_authorization" ]
|
9
10
|
config.application_type = "web"
|
10
|
-
config.redirect_uris = ["https://oxd-rails.com/login" ]
|
11
11
|
config.client_jwks_uri = ""
|
12
12
|
config.client_token_endpoint_auth_method = ""
|
13
13
|
config.client_request_uris = []
|
data/demosite/config/routes.rb
CHANGED
@@ -5,6 +5,16 @@ Rails.application.routes.draw do
|
|
5
5
|
get '/login' => 'home#login'
|
6
6
|
get '/logout' => 'home#logout'
|
7
7
|
|
8
|
+
resources :uma do
|
9
|
+
collection do
|
10
|
+
get 'protect_resources'
|
11
|
+
get 'get_rpt'
|
12
|
+
get 'check_access'
|
13
|
+
get 'authorize_rpt'
|
14
|
+
get 'get_gat'
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
8
18
|
# The priority is based upon order of creation: first created -> highest priority.
|
9
19
|
# See how all your routes lay out with "rake routes".
|
10
20
|
|
@@ -2,12 +2,12 @@
|
|
2
2
|
Oxd.configure do |config|
|
3
3
|
config.oxd_host_ip = '127.0.0.1'
|
4
4
|
config.oxd_host_port = 8099
|
5
|
+
config.op_host = "https://your.openid.provider.com"
|
5
6
|
config.authorization_redirect_uri = "https://domain.example.com/callback"
|
6
7
|
config.logout_redirect_uri = "https://domain.example.com/callback2"
|
7
8
|
config.post_logout_redirect_uri = "https://domain.example.com/logout"
|
8
|
-
config.scope = [
|
9
|
+
config.scope = ["openid","profile","uma_protection","uma_authorization"]
|
9
10
|
config.application_type = "web"
|
10
|
-
config.redirect_uris = ["https://domain.example.com/callback" ]
|
11
11
|
config.client_jwks_uri = ""
|
12
12
|
config.client_token_endpoint_auth_method = ""
|
13
13
|
config.client_request_uris = []
|
data/lib/oxd-ruby.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# @author Inderpal Singh
|
2
|
-
# @note supports oxd-version 2.4.
|
2
|
+
# @note supports oxd-version 2.4.4
|
3
3
|
module Oxd
|
4
4
|
|
5
5
|
require 'json'
|
@@ -21,12 +21,11 @@ module Oxd
|
|
21
21
|
return @configuration.oxd_id
|
22
22
|
else
|
23
23
|
@command = 'register_site'
|
24
|
-
@configuration.scope = [ "openid", "profile","email"]
|
25
24
|
@params = {
|
25
|
+
"op_host" => @configuration.op_host,
|
26
26
|
"authorization_redirect_uri" => @configuration.authorization_redirect_uri,
|
27
27
|
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
28
|
-
"application_type" => @configuration.application_type,
|
29
|
-
"redirect_uris" => @configuration.redirect_uris,
|
28
|
+
"application_type" => @configuration.application_type,
|
30
29
|
"acr_values" => @configuration.acr_values,
|
31
30
|
"scope" => @configuration.scope,
|
32
31
|
"client_jwks_uri" => @configuration.client_jwks_uri,
|
@@ -35,7 +34,9 @@ module Oxd
|
|
35
34
|
"contacts" => @configuration.contacts,
|
36
35
|
"grant_types" => @configuration.grant_types,
|
37
36
|
"response_types"=> @configuration.response_types,
|
38
|
-
"client_logout_uris"=> @configuration.client_logout_uris
|
37
|
+
"client_logout_uris"=> @configuration.client_logout_uris,
|
38
|
+
"client_secret"=> @configuration.client_secret,
|
39
|
+
"client_id"=> @configuration.client_id
|
39
40
|
}
|
40
41
|
request
|
41
42
|
@configuration.oxd_id = getResponseData['oxd_id']
|
@@ -54,6 +55,7 @@ module Oxd
|
|
54
55
|
@command = 'get_authorization_url'
|
55
56
|
@params = {
|
56
57
|
"oxd_id" => @configuration.oxd_id,
|
58
|
+
"prompt" => @configuration.prompt,
|
57
59
|
"acr_values" => acr_values || @configuration.acr_values
|
58
60
|
}
|
59
61
|
request
|
@@ -61,22 +63,21 @@ module Oxd
|
|
61
63
|
end
|
62
64
|
|
63
65
|
# @param code [String] code obtained from the authorization url callback
|
64
|
-
# @param
|
65
|
-
# @
|
66
|
-
# @return [String] access_token
|
66
|
+
# @param state [String] state obtained from the authorization url callback
|
67
|
+
# @return [Hash] {:access_token, :id_token}
|
67
68
|
# method to retrieve access token. It is called after the user authorizes by visiting the authorization url.
|
68
|
-
def get_tokens_by_code( code,
|
69
|
-
if (code.empty?
|
70
|
-
logger(:log_msg => "Empty/Wrong value in place of code
|
69
|
+
def get_tokens_by_code( code,state )
|
70
|
+
if (code.empty?)
|
71
|
+
logger(:log_msg => "Empty/Wrong value in place of code.")
|
71
72
|
end
|
72
73
|
@command = 'get_tokens_by_code'
|
73
74
|
@params = {
|
74
75
|
"oxd_id" => @configuration.oxd_id,
|
75
76
|
"code" => code,
|
76
|
-
"scopes" => scopes,
|
77
77
|
"state" => state
|
78
78
|
}
|
79
79
|
request
|
80
|
+
@configuration.id_token = getResponseData['id_token']
|
80
81
|
getResponseData['access_token']
|
81
82
|
end
|
82
83
|
|
@@ -95,23 +96,23 @@ module Oxd
|
|
95
96
|
request
|
96
97
|
getResponseData['claims']
|
97
98
|
end
|
98
|
-
|
99
|
-
# @param access_token [String] REQUIRED, oxd server will use last used access token
|
99
|
+
|
100
100
|
# @param state [String] OPTIONAL, website state obtained from the authorization url callback
|
101
101
|
# @param session_state [String] OPTIONAL, session state obtained from the authorization url callback
|
102
102
|
# @return [String] uri
|
103
103
|
# method to retrieve logout url from OP. User must be redirected to this url to perform logout
|
104
|
-
def get_logout_uri(
|
104
|
+
def get_logout_uri( state = nil, session_state = nil)
|
105
105
|
@command = 'get_logout_uri'
|
106
106
|
@params = {
|
107
107
|
"oxd_id" => @configuration.oxd_id,
|
108
|
-
"id_token_hint" =>
|
108
|
+
"id_token_hint" => @configuration.id_token,
|
109
109
|
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
110
110
|
"state" => state,
|
111
111
|
"session_state" => session_state
|
112
112
|
}
|
113
113
|
request
|
114
114
|
getResponseData['uri']
|
115
|
+
#@configuration.oxd_id = "" #unset oxd_id after logout
|
115
116
|
end
|
116
117
|
|
117
118
|
# @return [Boolean] status - if site registration was updated successfully or not
|
@@ -124,7 +125,6 @@ module Oxd
|
|
124
125
|
"oxd_id" => @configuration.oxd_id,
|
125
126
|
"post_logout_redirect_uri" => @configuration.post_logout_redirect_uri,
|
126
127
|
"application_type" => @configuration.application_type,
|
127
|
-
"redirect_uris" => @configuration.redirect_uris,
|
128
128
|
"acr_values" => @configuration.acr_values,
|
129
129
|
"scope" => @configuration.scope,
|
130
130
|
"client_jwks_uri" => @configuration.client_jwks_uri,
|
@@ -133,6 +133,7 @@ module Oxd
|
|
133
133
|
"contacts" => @configuration.contacts,
|
134
134
|
"grant_types" => @configuration.grant_types,
|
135
135
|
"response_types"=> @configuration.response_types,
|
136
|
+
"client_secret_expires_at" => 3080736637943,
|
136
137
|
"client_logout_uris"=> @configuration.client_logout_uris
|
137
138
|
}
|
138
139
|
request
|
data/lib/oxd/config.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'active_support/configurable'
|
2
2
|
|
3
3
|
# @author Inderpal Singh
|
4
|
-
# @note supports oxd-version 2.4.
|
4
|
+
# @note supports oxd-version 2.4.4
|
5
5
|
module Oxd
|
6
6
|
|
7
7
|
# Configures global settings for Oxd
|
@@ -27,9 +27,12 @@ module Oxd
|
|
27
27
|
include ActiveSupport::Configurable
|
28
28
|
config_accessor :oxd_host_ip
|
29
29
|
config_accessor :oxd_host_port
|
30
|
+
config_accessor :op_host
|
31
|
+
config_accessor :client_id
|
32
|
+
config_accessor :client_secret
|
30
33
|
config_accessor :application_type
|
34
|
+
config_accessor :prompt
|
31
35
|
config_accessor :authorization_redirect_uri
|
32
|
-
config_accessor :redirect_uris
|
33
36
|
config_accessor :post_logout_redirect_uri
|
34
37
|
config_accessor :client_logout_uris
|
35
38
|
config_accessor :logout_redirect_uri
|
@@ -39,9 +42,12 @@ module Oxd
|
|
39
42
|
config_accessor :client_token_endpoint_auth_method
|
40
43
|
config_accessor :client_request_uris
|
41
44
|
config_accessor :scope
|
45
|
+
config_accessor :id_token
|
42
46
|
config_accessor :contacts
|
43
47
|
config_accessor :response_types
|
44
48
|
config_accessor :oxd_id
|
49
|
+
config_accessor :rpt
|
50
|
+
config_accessor :ticket
|
45
51
|
|
46
52
|
# define param_name writer
|
47
53
|
def param_name
|
@@ -60,7 +66,6 @@ module Oxd
|
|
60
66
|
#[client]
|
61
67
|
# application_type: the app_type is generally 'web' although 'native' can be used for native app
|
62
68
|
# authorization_redirect_uri: [REQUIRED] this is the primary redirect URL of the website or app
|
63
|
-
# redirect_uris: [OPTIONAL, LIST] other redirect uris that the website can use - given as comma seperated values.
|
64
69
|
# => the first one is always your primary uri set in authorization_redirect_uri
|
65
70
|
# post_logout_redirect_uri: [OPTIONAL] website's public uri to call upon logout
|
66
71
|
# client_logout_uris: [REQUIRED, LIST] logout uris of the client
|
@@ -75,20 +80,22 @@ module Oxd
|
|
75
80
|
configure do |config|
|
76
81
|
config.oxd_host_ip = '127.0.0.1'
|
77
82
|
config.oxd_host_port = 8099
|
78
|
-
|
83
|
+
config.op_host = "https://gluu.example.com"
|
84
|
+
config.application_type = "web"
|
85
|
+
config.prompt = "login"
|
79
86
|
config.authorization_redirect_uri = "https://gluu.example.com/callback"
|
80
|
-
config.redirect_uris = ["https://gluu.example.com/callback","https://gluu.example.com/callback2"]
|
81
87
|
config.post_logout_redirect_uri = "https://gluu.example.com/logout"
|
82
88
|
config.client_logout_uris = ["https://gluu.example.com/callback"]
|
83
89
|
config.logout_redirect_uri = 'https://gluu.example.com/logout'
|
84
90
|
config.grant_types = []
|
85
|
-
config.acr_values = [
|
91
|
+
config.acr_values = ["basic"]
|
86
92
|
config.client_jwks_uri = ""
|
87
93
|
config.client_token_endpoint_auth_method = ""
|
88
94
|
config.client_request_uris = []
|
89
|
-
config.scope = [
|
95
|
+
config.scope = ["openid", "profile","uma_protection","uma_authorization"]
|
90
96
|
config.contacts = ["example-email@gmail.com"]
|
91
97
|
config.response_types = ["code"]
|
92
98
|
config.oxd_id = ""
|
99
|
+
config.id_token = ""
|
93
100
|
end
|
94
101
|
end
|
data/lib/oxd/oxd_connector.rb
CHANGED
@@ -2,7 +2,7 @@ require 'socket'
|
|
2
2
|
require 'ipaddr'
|
3
3
|
|
4
4
|
# @author Inderpal Singh
|
5
|
-
# @note supports oxd-version 2.4.
|
5
|
+
# @note supports oxd-version 2.4.4
|
6
6
|
module Oxd
|
7
7
|
|
8
8
|
# A class which takes care of the socket communication with oxD Server.
|
@@ -16,7 +16,7 @@ module Oxd
|
|
16
16
|
@data = Hash.new
|
17
17
|
@params = Hash.new
|
18
18
|
@response_data = Hash.new
|
19
|
-
@configuration = Oxd.config
|
19
|
+
@configuration = Oxd.config
|
20
20
|
logger(:log_msg => "Problem with json data : authorization_redirect_uri can't be blank") if @configuration.authorization_redirect_uri.empty?
|
21
21
|
logger(:log_msg => "#{@configuration.oxd_host_ip} is not a valid IP address") if (IPAddr.new(@configuration.oxd_host_ip) rescue nil).nil?
|
22
22
|
logger(:log_msg => "#{@configuration.oxd_host_port} is not a valid port for socket. Port must be integer and between from 0 to 65535") if (!@configuration.oxd_host_port.is_a?(Integer) || (@configuration.oxd_host_port < 0 && @configuration.oxd_host_port > 65535))
|
@@ -24,7 +24,7 @@ module Oxd
|
|
24
24
|
|
25
25
|
# Checks the validity of command that is to be passed to oxd-server
|
26
26
|
def validate_command
|
27
|
-
command_types = ['get_authorization_url','update_site_registration', 'get_tokens_by_code','get_user_info', 'register_site', 'get_logout_uri','get_authorization_code']
|
27
|
+
command_types = ['get_authorization_url','update_site_registration', 'get_tokens_by_code','get_user_info', 'register_site', 'get_logout_uri','get_authorization_code','uma_rs_protect','uma_rs_check_access','uma_rp_get_rpt','uma_rp_authorize_rpt','uma_rp_get_gat']
|
28
28
|
if (!command_types.include?(@command))
|
29
29
|
logger(:log_msg => "Command: #{@command} does not exist! Exiting process.")
|
30
30
|
end
|
@@ -61,6 +61,8 @@ module Oxd
|
|
61
61
|
# method to send commands to the oxD server and to recieve the response via {#oxd_socket_request}
|
62
62
|
# @return [JSON] @response_object : response from the oxd server in JSON form
|
63
63
|
def request
|
64
|
+
uri = URI.parse(@configuration.authorization_redirect_uri)
|
65
|
+
logger(:log_msg => "Please enable SSL on your website or check URIs in Oxd configuration.") if (uri.scheme != 'https')
|
64
66
|
validate_command
|
65
67
|
jsondata = getData.to_json
|
66
68
|
if(!is_json? (jsondata))
|
@@ -72,7 +74,7 @@ module Oxd
|
|
72
74
|
else
|
73
75
|
length = length <= 999 ? sprintf('0%d', length) : length
|
74
76
|
end
|
75
|
-
@response_json = oxd_socket_request((length + jsondata).encode("UTF-8"))
|
77
|
+
@response_json = oxd_socket_request((length.to_s + jsondata).encode("UTF-8"))
|
76
78
|
@response_json.sub!(@response_json[0..3], "")
|
77
79
|
|
78
80
|
if (@response_json)
|
@@ -88,6 +90,11 @@ module Oxd
|
|
88
90
|
return @response_object
|
89
91
|
end
|
90
92
|
|
93
|
+
# @return [Mixed] @response_object set by request method
|
94
|
+
def getResponseObject
|
95
|
+
return @response_object
|
96
|
+
end
|
97
|
+
|
91
98
|
# extracts 'data' parameter from @response_object
|
92
99
|
# @return [Mixed] @response_data
|
93
100
|
def getResponseData
|
@@ -0,0 +1,113 @@
|
|
1
|
+
# @author Inderpal Singh
|
2
|
+
# @note supports oxd-version 2.4.4
|
3
|
+
module Oxd
|
4
|
+
|
5
|
+
require 'json'
|
6
|
+
|
7
|
+
# This class carries out the commands for UMA Resource Server and UMA Requesting Party
|
8
|
+
class UMACommands < OxdConnector
|
9
|
+
|
10
|
+
# class constructor
|
11
|
+
def initialize
|
12
|
+
@resources = Array.new
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
16
|
+
# @param path [STRING] REQUIRED
|
17
|
+
# @param conditions [HASH] REQUIRED (variable number of conditions can be passed)
|
18
|
+
# @return [ARRAY] resources
|
19
|
+
# @example
|
20
|
+
# condition1 = {:httpMethods => ["GET"], :scopes => ["http://photoz.example.com/dev/actions/view"]}
|
21
|
+
# condition2 = {:httpMethods => ["PUT", "POST"], :scopes => ["http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add"],:ticketScopes => ["http://photoz.example.com/dev/actions/add"]}
|
22
|
+
# uma_add_resource("/photo", condition1, condition2)
|
23
|
+
# combines multiple resources into @resources array to pass to uma_rs_protect method
|
24
|
+
def uma_add_resource(path, *conditions)
|
25
|
+
@resources.push({:path => path, :conditions => conditions})
|
26
|
+
end
|
27
|
+
|
28
|
+
# @return [STRING] oxd_id
|
29
|
+
# @raise RuntimeError if @resources is nil
|
30
|
+
# method to protect resources with UMA resource server
|
31
|
+
def uma_rs_protect
|
32
|
+
logger(:log_msg => "Please set resources with uma_add_resource(path, *conditions) method first.") if(@resources.nil?)
|
33
|
+
@command = 'uma_rs_protect'
|
34
|
+
@params = {
|
35
|
+
"oxd_id" => @configuration.oxd_id,
|
36
|
+
"resources" => @resources
|
37
|
+
}
|
38
|
+
request
|
39
|
+
getResponseData['oxd_id']
|
40
|
+
end
|
41
|
+
|
42
|
+
# @param force_new [BOOLEAN] REQUIRED
|
43
|
+
# @return [STRING] RPT
|
44
|
+
# @raise RuntimeError if force_new param is not boolean
|
45
|
+
# method for obtaining RPT to gain access to protected resources at the UMA resource server
|
46
|
+
def uma_rp_get_rpt(force_new)
|
47
|
+
logger(:log_msg => "Wrong value for force_new param. #{force_new.kind_of?(TrueClass)}") if(force_new.kind_of?(TrueClass) || force_new.kind_of?(FalseClass))
|
48
|
+
@command = 'uma_rp_get_rpt'
|
49
|
+
@params = {
|
50
|
+
"oxd_id" => @configuration.oxd_id,
|
51
|
+
"force_new" => force_new
|
52
|
+
}
|
53
|
+
request
|
54
|
+
@configuration.rpt = getResponseData['rpt']
|
55
|
+
end
|
56
|
+
|
57
|
+
# @param path [STRING] REQUIRED
|
58
|
+
# @param http_method [Array] REQUIRED, must be one from 'GET', 'POST', 'PUT', 'DELETE'
|
59
|
+
# @return [Hash] response data (access, ticket)
|
60
|
+
# method to check if we have permission to access particular resource or not
|
61
|
+
def uma_rs_check_access(path, http_method)
|
62
|
+
if (path.empty? || http_method.empty? || (!['GET', 'POST', 'PUT', 'DELETE'].include? http_method))
|
63
|
+
logger(:log_msg => "Empty/Wrong value in place of path or http_method.")
|
64
|
+
end
|
65
|
+
@command = 'uma_rs_check_access'
|
66
|
+
@params = {
|
67
|
+
"oxd_id" => @configuration.oxd_id,
|
68
|
+
"rpt" => @configuration.rpt,
|
69
|
+
"path" => path,
|
70
|
+
"http_method" => http_method
|
71
|
+
}
|
72
|
+
request
|
73
|
+
if getResponseData['access'] == 'denied' && !getResponseData['ticket'].empty?
|
74
|
+
@configuration.ticket = getResponseData['ticket']
|
75
|
+
elsif getResponseData['access'] == 'granted'
|
76
|
+
@configuration.ticket = ""
|
77
|
+
end
|
78
|
+
getResponseData
|
79
|
+
end
|
80
|
+
|
81
|
+
# @return [String] oxd_id
|
82
|
+
# @note This method should always be called after uma_rp_get_rpt and uma_rs_check_access methods
|
83
|
+
# Method to authorize generated RPT using oxd_id and ticket.
|
84
|
+
def uma_rp_authorize_rpt
|
85
|
+
@command = 'uma_rp_authorize_rpt'
|
86
|
+
@params = {
|
87
|
+
"oxd_id" => @configuration.oxd_id,
|
88
|
+
"rpt" => @configuration.rpt,
|
89
|
+
"ticket" => @configuration.ticket
|
90
|
+
}
|
91
|
+
request
|
92
|
+
getResponseData['oxd_id']
|
93
|
+
end
|
94
|
+
|
95
|
+
# @param scopes [Array] REQUIRED
|
96
|
+
# @return [String] rpt
|
97
|
+
# @example
|
98
|
+
# scopes = ["http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/view"]
|
99
|
+
# uma_rp_get_gat(scopes)
|
100
|
+
# method to obtain GAT (Gluu Access Token)
|
101
|
+
def uma_rp_get_gat(scopes)
|
102
|
+
logger(:log_msg => "Invalid value for scopes argument.") if(!scopes.kind_of? Array)
|
103
|
+
@command = 'uma_rp_get_gat'
|
104
|
+
@params = {
|
105
|
+
"oxd_id" => @configuration.oxd_id,
|
106
|
+
"scopes" => scopes
|
107
|
+
}
|
108
|
+
request
|
109
|
+
logger(:log_msg => "Invalid GAT recieved : #{getResponseData['rpt']}") if(!getResponseData['rpt'].match(/gat_/)[0])
|
110
|
+
getResponseData['rpt']
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
data/lib/oxd/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oxd-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- inderpal6785
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-03-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -76,6 +76,7 @@ files:
|
|
76
76
|
- ".gitignore"
|
77
77
|
- ".rspec"
|
78
78
|
- ".travis.yml"
|
79
|
+
- CHANGELOG.md
|
79
80
|
- CODE_OF_CONDUCT.md
|
80
81
|
- Gemfile
|
81
82
|
- LICENSE.txt
|
@@ -83,7 +84,6 @@ files:
|
|
83
84
|
- Rakefile
|
84
85
|
- demosite/.gitignore
|
85
86
|
- demosite/Gemfile
|
86
|
-
- demosite/Gemfile.lock
|
87
87
|
- demosite/README.md
|
88
88
|
- demosite/Rakefile
|
89
89
|
- demosite/app/assets/images/.keep
|
@@ -94,12 +94,14 @@ files:
|
|
94
94
|
- demosite/app/controllers/application_controller.rb
|
95
95
|
- demosite/app/controllers/concerns/.keep
|
96
96
|
- demosite/app/controllers/home_controller.rb
|
97
|
+
- demosite/app/controllers/uma_controller.rb
|
97
98
|
- demosite/app/helpers/application_helper.rb
|
98
99
|
- demosite/app/mailers/.keep
|
99
100
|
- demosite/app/models/.keep
|
100
101
|
- demosite/app/models/concerns/.keep
|
101
102
|
- demosite/app/views/home/index.html.erb
|
102
103
|
- demosite/app/views/layouts/application.html.erb
|
104
|
+
- demosite/app/views/uma/index.html.erb
|
103
105
|
- demosite/bin/bundle
|
104
106
|
- demosite/bin/rails
|
105
107
|
- demosite/bin/rake
|
@@ -150,6 +152,7 @@ files:
|
|
150
152
|
- lib/oxd/client_oxd_commands.rb
|
151
153
|
- lib/oxd/config.rb
|
152
154
|
- lib/oxd/oxd_connector.rb
|
155
|
+
- lib/oxd/uma_commands.rb
|
153
156
|
- lib/oxd/version.rb
|
154
157
|
- oxd-ruby.gemspec
|
155
158
|
homepage: https://github.com/GluuFederation/oxd-ruby
|
data/demosite/Gemfile.lock
DELETED
@@ -1,190 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: /var/www/oxd-ruby
|
3
|
-
specs:
|
4
|
-
oxd-ruby (0.1.3)
|
5
|
-
|
6
|
-
GEM
|
7
|
-
remote: https://rubygems.org/
|
8
|
-
specs:
|
9
|
-
actionmailer (4.2.6)
|
10
|
-
actionpack (= 4.2.6)
|
11
|
-
actionview (= 4.2.6)
|
12
|
-
activejob (= 4.2.6)
|
13
|
-
mail (~> 2.5, >= 2.5.4)
|
14
|
-
rails-dom-testing (~> 1.0, >= 1.0.5)
|
15
|
-
actionpack (4.2.6)
|
16
|
-
actionview (= 4.2.6)
|
17
|
-
activesupport (= 4.2.6)
|
18
|
-
rack (~> 1.6)
|
19
|
-
rack-test (~> 0.6.2)
|
20
|
-
rails-dom-testing (~> 1.0, >= 1.0.5)
|
21
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
22
|
-
actionview (4.2.6)
|
23
|
-
activesupport (= 4.2.6)
|
24
|
-
builder (~> 3.1)
|
25
|
-
erubis (~> 2.7.0)
|
26
|
-
rails-dom-testing (~> 1.0, >= 1.0.5)
|
27
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
28
|
-
activejob (4.2.6)
|
29
|
-
activesupport (= 4.2.6)
|
30
|
-
globalid (>= 0.3.0)
|
31
|
-
activemodel (4.2.6)
|
32
|
-
activesupport (= 4.2.6)
|
33
|
-
builder (~> 3.1)
|
34
|
-
activerecord (4.2.6)
|
35
|
-
activemodel (= 4.2.6)
|
36
|
-
activesupport (= 4.2.6)
|
37
|
-
arel (~> 6.0)
|
38
|
-
activesupport (4.2.6)
|
39
|
-
i18n (~> 0.7)
|
40
|
-
json (~> 1.7, >= 1.7.7)
|
41
|
-
minitest (~> 5.1)
|
42
|
-
thread_safe (~> 0.3, >= 0.3.4)
|
43
|
-
tzinfo (~> 1.1)
|
44
|
-
arel (6.0.3)
|
45
|
-
binding_of_caller (0.7.2)
|
46
|
-
debug_inspector (>= 0.0.1)
|
47
|
-
builder (3.2.2)
|
48
|
-
byebug (9.0.5)
|
49
|
-
coffee-rails (4.1.1)
|
50
|
-
coffee-script (>= 2.2.0)
|
51
|
-
railties (>= 4.0.0, < 5.1.x)
|
52
|
-
coffee-script (2.4.1)
|
53
|
-
coffee-script-source
|
54
|
-
execjs
|
55
|
-
coffee-script-source (1.10.0)
|
56
|
-
commonjs (0.2.7)
|
57
|
-
concurrent-ruby (1.0.2)
|
58
|
-
daemons (1.2.3)
|
59
|
-
debug_inspector (0.0.2)
|
60
|
-
erubis (2.7.0)
|
61
|
-
eventmachine (1.0.8)
|
62
|
-
execjs (2.7.0)
|
63
|
-
globalid (0.3.6)
|
64
|
-
activesupport (>= 4.1.0)
|
65
|
-
i18n (0.7.0)
|
66
|
-
jbuilder (2.5.0)
|
67
|
-
activesupport (>= 3.0.0, < 5.1)
|
68
|
-
multi_json (~> 1.2)
|
69
|
-
jquery-rails (4.1.1)
|
70
|
-
rails-dom-testing (>= 1, < 3)
|
71
|
-
railties (>= 4.2.0)
|
72
|
-
thor (>= 0.14, < 2.0)
|
73
|
-
json (1.8.3)
|
74
|
-
less (2.6.0)
|
75
|
-
commonjs (~> 0.2.7)
|
76
|
-
less-rails (2.7.1)
|
77
|
-
actionpack (>= 4.0)
|
78
|
-
less (~> 2.6.0)
|
79
|
-
sprockets (> 2, < 4)
|
80
|
-
tilt
|
81
|
-
loofah (2.0.3)
|
82
|
-
nokogiri (>= 1.5.9)
|
83
|
-
mail (2.6.4)
|
84
|
-
mime-types (>= 1.16, < 4)
|
85
|
-
mime-types (3.1)
|
86
|
-
mime-types-data (~> 3.2015)
|
87
|
-
mime-types-data (3.2016.0521)
|
88
|
-
mini_portile2 (2.1.0)
|
89
|
-
minitest (5.9.0)
|
90
|
-
multi_json (1.12.1)
|
91
|
-
nokogiri (1.6.8)
|
92
|
-
mini_portile2 (~> 2.1.0)
|
93
|
-
pkg-config (~> 1.1.7)
|
94
|
-
passenger (5.0.28)
|
95
|
-
rack
|
96
|
-
rake (>= 0.8.1)
|
97
|
-
pkg-config (1.1.7)
|
98
|
-
rack (1.6.4)
|
99
|
-
rack-test (0.6.3)
|
100
|
-
rack (>= 1.0)
|
101
|
-
rails (4.2.6)
|
102
|
-
actionmailer (= 4.2.6)
|
103
|
-
actionpack (= 4.2.6)
|
104
|
-
actionview (= 4.2.6)
|
105
|
-
activejob (= 4.2.6)
|
106
|
-
activemodel (= 4.2.6)
|
107
|
-
activerecord (= 4.2.6)
|
108
|
-
activesupport (= 4.2.6)
|
109
|
-
bundler (>= 1.3.0, < 2.0)
|
110
|
-
railties (= 4.2.6)
|
111
|
-
sprockets-rails
|
112
|
-
rails-deprecated_sanitizer (1.0.3)
|
113
|
-
activesupport (>= 4.2.0.alpha)
|
114
|
-
rails-dom-testing (1.0.7)
|
115
|
-
activesupport (>= 4.2.0.beta, < 5.0)
|
116
|
-
nokogiri (~> 1.6.0)
|
117
|
-
rails-deprecated_sanitizer (>= 1.0.1)
|
118
|
-
rails-html-sanitizer (1.0.3)
|
119
|
-
loofah (~> 2.0)
|
120
|
-
railties (4.2.6)
|
121
|
-
actionpack (= 4.2.6)
|
122
|
-
activesupport (= 4.2.6)
|
123
|
-
rake (>= 0.8.7)
|
124
|
-
thor (>= 0.18.1, < 2.0)
|
125
|
-
rake (11.2.0)
|
126
|
-
rdoc (4.2.2)
|
127
|
-
json (~> 1.4)
|
128
|
-
sass (3.4.22)
|
129
|
-
sass-rails (5.0.4)
|
130
|
-
railties (>= 4.0.0, < 5.0)
|
131
|
-
sass (~> 3.1)
|
132
|
-
sprockets (>= 2.8, < 4.0)
|
133
|
-
sprockets-rails (>= 2.0, < 4.0)
|
134
|
-
tilt (>= 1.1, < 3)
|
135
|
-
sdoc (0.4.1)
|
136
|
-
json (~> 1.7, >= 1.7.7)
|
137
|
-
rdoc (~> 4.0)
|
138
|
-
spring (1.7.1)
|
139
|
-
sprockets (3.6.0)
|
140
|
-
concurrent-ruby (~> 1.0)
|
141
|
-
rack (> 1, < 3)
|
142
|
-
sprockets-rails (3.0.4)
|
143
|
-
actionpack (>= 4.0)
|
144
|
-
activesupport (>= 4.0)
|
145
|
-
sprockets (>= 3.0.0)
|
146
|
-
sqlite3 (1.3.11)
|
147
|
-
thin (1.7.0)
|
148
|
-
daemons (~> 1.0, >= 1.0.9)
|
149
|
-
eventmachine (~> 1.0, >= 1.0.4)
|
150
|
-
rack (>= 1, < 3)
|
151
|
-
thor (0.19.1)
|
152
|
-
thread_safe (0.3.5)
|
153
|
-
tilt (2.0.5)
|
154
|
-
turbolinks (2.5.3)
|
155
|
-
coffee-rails
|
156
|
-
twitter-bootstrap-rails (3.2.2)
|
157
|
-
actionpack (>= 3.1)
|
158
|
-
execjs (>= 2.2.2, >= 2.2)
|
159
|
-
less-rails (>= 2.5.0)
|
160
|
-
railties (>= 3.1)
|
161
|
-
tzinfo (1.2.2)
|
162
|
-
thread_safe (~> 0.1)
|
163
|
-
uglifier (3.0.0)
|
164
|
-
execjs (>= 0.3.0, < 3)
|
165
|
-
web-console (2.3.0)
|
166
|
-
activemodel (>= 4.0)
|
167
|
-
binding_of_caller (>= 0.7.2)
|
168
|
-
railties (>= 4.0)
|
169
|
-
sprockets-rails (>= 2.0, < 4.0)
|
170
|
-
|
171
|
-
PLATFORMS
|
172
|
-
ruby
|
173
|
-
|
174
|
-
DEPENDENCIES
|
175
|
-
byebug
|
176
|
-
coffee-rails (~> 4.1.0)
|
177
|
-
jbuilder (~> 2.0)
|
178
|
-
jquery-rails
|
179
|
-
oxd-ruby!
|
180
|
-
passenger
|
181
|
-
rails (= 4.2.6)
|
182
|
-
sass-rails (~> 5.0)
|
183
|
-
sdoc (~> 0.4.0)
|
184
|
-
spring
|
185
|
-
sqlite3
|
186
|
-
thin
|
187
|
-
turbolinks
|
188
|
-
twitter-bootstrap-rails
|
189
|
-
uglifier (>= 1.3.0)
|
190
|
-
web-console (~> 2.0)
|