rack_entra_id_auth 1.0.2 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack_entra_id_auth/configuration.rb +56 -47
  3. data/lib/rack_entra_id_auth/entra_id_request.rb +1 -1
  4. data/lib/rack_entra_id_auth/middleware.rb +5 -5
  5. data/lib/rack_entra_id_auth/version.rb +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5423c7efc63ef1114c69f4fdf4ba39b36a2f2aaa51a0aa9edb040d22d3f8034d
4
- data.tar.gz: 96726463fbf27c7a11a7d5bd725ed47a476efc76165b00730b0ee1e1974d0358
3
+ metadata.gz: 86ee586f830d9d44c654338d677e88932c35aea1f5e1d73386ba91cab852f181
4
+ data.tar.gz: 3a60ec97200adad56e8306b2fbafa27efacf90696f847e05bd323fd5500feadb
5
5
  SHA512:
6
- metadata.gz: 5f68e45441641aea9888b1daa813b90f88da1e9b38bae0dbab7cb57723eb195b4e2b2a2843128a4f1069655f02b445b5735abf3a681649395c08d716c70504cd
7
- data.tar.gz: 97684c1d606dea307c9e3b86008c4b480447571c325c7804dbd72897be169c5e8bc3109038c87c3eb15efd845023b408e7fc85e8a0863d4da59ac9101b2fd9ba
6
+ metadata.gz: 5075ceb0dea5b90f6379669d8b1929d3053fd0563c3b146f0ee89623b80ab2a96d869e8d17862db3c560702244b0bcd2f85ece39c72d1b26567acc65e924ed80
7
+ data.tar.gz: 53b2daf93998839ce2412a037760ee2fa3161d596c690f2f6adc1bed7d8432affb6b5d20833be38a5eb6925692fc5908954021216c6140740db8b8c2fc344a15
data/lib/rack_entra_id_auth/configuration.rb CHANGED
@@ -1,9 +1,49 @@
1
1
  require 'active_support/configurable'
2
+ require 'ruby-saml'
2
3
 
3
4
  module RackEntraIdAuth
4
5
  class Configuration
5
6
  include ActiveSupport::Configurable
6
7
 
8
+ RUBY_SAML_SETTINGS = %i(
9
+ idp_entity_id
10
+ idp_sso_service_url
11
+ idp_slo_service_url
12
+ idp_slo_response_service_url
13
+ idp_cert
14
+ idp_cert_fingerprint
15
+ idp_cert_fingerprint_algorithm
16
+ idp_cert_multi
17
+ idp_attribute_names
18
+ idp_name_qualifier
19
+ valid_until
20
+ sp_entity_id
21
+ assertion_consumer_service_url
22
+ single_logout_service_url
23
+ sp_name_qualifier
24
+ name_identifier_format
25
+ name_identifier_value
26
+ name_identifier_value_requested
27
+ sessionindex
28
+ compress_request
29
+ compress_response
30
+ double_quote_xml_attribute_values
31
+ message_max_bytesize
32
+ passive
33
+ attributes_index
34
+ force_authn
35
+ certificate
36
+ private_key
37
+ sp_cert_multi
38
+ authn_context
39
+ authn_context_comparison
40
+ authn_context_decl_ref
41
+ security
42
+ soft
43
+ )
44
+
45
+ RUBY_SAML_SETTINGS.each { |ruby_saml_setting| config_accessor ruby_saml_setting }
46
+
7
47
  config_accessor :login_path, default: '/login'
8
48
  config_accessor :login_relay_state_url
9
49
  config_accessor :logout_path, default: '/logout'
@@ -24,57 +64,26 @@ module RackEntraIdAuth
24
64
  }
25
65
  config_accessor :skip_single_logout, default: true
26
66
 
27
- # Ruby SAML ID Provider Settings
28
- config_accessor :idp_entity_id
29
- config_accessor :idp_sso_service_url
30
- config_accessor :idp_slo_service_url
31
- config_accessor :idp_slo_response_service_url
32
- config_accessor :idp_cert
33
- config_accessor :idp_cert_fingerprint
34
- config_accessor :idp_cert_fingerprint_algorithm
35
- config_accessor :idp_cert_multi
36
- config_accessor :idp_attribute_names
37
- config_accessor :idp_name_qualifier
38
- config_accessor :valid_until
67
+ def metadata_url
68
+ @metadata_url
69
+ end
70
+
71
+ def metadata_url= (metadata_url)
72
+ @metadata_url = metadata_url
39
73
 
40
- # Ruby SAML Service Provider Settings
41
- config_accessor :sp_entity_id
42
- config_accessor :assertion_consumer_service_url
43
- config_accessor :single_logout_service_url
44
- config_accessor :sp_name_qualifier
45
- config_accessor :name_identifier_format
46
- config_accessor :name_identifier_value
47
- config_accessor :name_identifier_value_requested
48
- config_accessor :sessionindex
49
- config_accessor :compress_request
50
- config_accessor :compress_response
51
- config_accessor :double_quote_xml_attribute_values
52
- config_accessor :message_max_bytesize
53
- config_accessor :passive
54
- config_accessor :attributes_index
55
- config_accessor :force_authn
56
- config_accessor :certificate
57
- config_accessor :private_key
58
- config_accessor :sp_cert_multi
59
- config_accessor :authn_context
60
- config_accessor :authn_context_comparison
61
- config_accessor :authn_context_decl_ref
74
+ remote_hash = OneLogin::RubySaml::IdpMetadataParser.new.parse_remote_to_hash(metadata_url)
62
75
 
63
- # Ruby SAML workflow Settings
64
- config_accessor :security
65
- config_accessor :soft
76
+ RUBY_SAML_SETTINGS.each do |ruby_saml_setting|
77
+ remote_value = remote_hash[ruby_saml_setting]
78
+
79
+ self.send("#{ruby_saml_setting}=", remote_value) unless remote_value.nil?
80
+ end
81
+
82
+ @metadata_url
83
+ end
66
84
 
67
85
  def ruby_saml_settings
68
- config.to_h.except(
69
- :login_path,
70
- :login_relay_state_url,
71
- :logout_path,
72
- :logout_relay_state_url,
73
- :mock_server,
74
- :mock_attributes,
75
- :session_key,
76
- :session_value_proc,
77
- :skip_single_logout)
86
+ config.to_h.slice(*RUBY_SAML_SETTINGS)
78
87
  end
79
88
  end
80
89
  end
data/lib/rack_entra_id_auth/entra_id_request.rb CHANGED
@@ -80,7 +80,7 @@ module RackEntraIdAuth
80
80
  # @return [String]
81
81
  #
82
82
  def relay_state_url
83
- request.get_header('rack.request.form_hash')['RelayState'] || request.params['RelayState']
83
+ request.get_header('rack.request.form_hash')['RelayState'] rescue request.params['RelayState'] || base_url
84
84
  end
85
85
 
86
86
  # A single sign-on response for the SAMLResponse in the request's header.
data/lib/rack_entra_id_auth/middleware.rb CHANGED
@@ -66,13 +66,13 @@ module RackEntraIdAuth
66
66
  if !auth_response.is_valid?
67
67
  log(env, "Invalid single login reponse from Entra ID: #{auth_response.errors.first}")
68
68
 
69
- return internal_server_error_response("Invalid login reponse from Entra ID: #{auth_response.errors.first}")
69
+ return internal_server_error_response("Invalid single login reponse from Entra ID: #{auth_response.errors.first}")
70
70
  end
71
71
 
72
72
  if !auth_response.success?
73
73
  log(env, 'Unsuccessful single single reponse from Entra ID.')
74
74
 
75
- return internal_server_error_response('Unsuccessful login reponse from Entra ID.')
75
+ return internal_server_error_response('Unsuccessful single login reponse from Entra ID.')
76
76
  end
77
77
 
78
78
  log(env, 'Initializing session and redirecting to relay state URL…')
@@ -94,7 +94,7 @@ module RackEntraIdAuth
94
94
  if !logout_request.is_valid?
95
95
  log(env, "Invalid single logout request from Entra ID: #{logout_request.errors.first}")
96
96
 
97
- return internal_server_error_response("Invalid logout request from Entra ID: #{logout_request.errors.first}")
97
+ return internal_server_error_response("Invalid single logout request from Entra ID: #{logout_request.errors.first}")
98
98
  end
99
99
 
100
100
  log(env, 'Destroying session and sending logout response to Entra ID…')
@@ -124,13 +124,13 @@ module RackEntraIdAuth
124
124
  if !logout_response.validate
125
125
  log(env, "Invalid single logout reponse from Entra ID: #{logout_response.errors.first}")
126
126
 
127
- return internal_server_error_response("Invalid logout reponse from Entra ID: #{logout_response.errors.first}")
127
+ return internal_server_error_response("Invalid single logout reponse from Entra ID: #{logout_response.errors.first}")
128
128
  end
129
129
 
130
130
  if !logout_response.success?
131
131
  log(env, 'Unsuccessful single logout reponse from Entra ID.')
132
132
 
133
- return internal_server_error_response('Unsuccessful logout reponse from Entra ID.')
133
+ return internal_server_error_response('Unsuccessful single logout reponse from Entra ID.')
134
134
  end
135
135
 
136
136
  log(env, 'Destroying session and redirecting to relay state URL…')
data/lib/rack_entra_id_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module RackEntraIdAuth
2
- VERSION = '1.0.2'
2
+ VERSION = '1.1.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack_entra_id_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Susco
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-01 00:00:00.000000000 Z
11
+ date: 2024-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -119,7 +119,7 @@ licenses:
119
119
  - MIT
120
120
  metadata:
121
121
  bug_tracker_uri: https://github.com/dsusco/rack_entra_id_auth/issues
122
- changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.0.2
122
+ changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.1.0
123
123
  homepage_uri: https://github.com/dsusco/rack_entra_id_auth
124
124
  source_code_uri: https://github.com/dsusco/rack_entra_id_auth
125
125
  post_install_message: