rack_entra_id_auth 1.0.2 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5423c7efc63ef1114c69f4fdf4ba39b36a2f2aaa51a0aa9edb040d22d3f8034d
4
- data.tar.gz: 96726463fbf27c7a11a7d5bd725ed47a476efc76165b00730b0ee1e1974d0358
3
+ metadata.gz: 86ee586f830d9d44c654338d677e88932c35aea1f5e1d73386ba91cab852f181
4
+ data.tar.gz: 3a60ec97200adad56e8306b2fbafa27efacf90696f847e05bd323fd5500feadb
5
5
  SHA512:
6
- metadata.gz: 5f68e45441641aea9888b1daa813b90f88da1e9b38bae0dbab7cb57723eb195b4e2b2a2843128a4f1069655f02b445b5735abf3a681649395c08d716c70504cd
7
- data.tar.gz: 97684c1d606dea307c9e3b86008c4b480447571c325c7804dbd72897be169c5e8bc3109038c87c3eb15efd845023b408e7fc85e8a0863d4da59ac9101b2fd9ba
6
+ metadata.gz: 5075ceb0dea5b90f6379669d8b1929d3053fd0563c3b146f0ee89623b80ab2a96d869e8d17862db3c560702244b0bcd2f85ece39c72d1b26567acc65e924ed80
7
+ data.tar.gz: 53b2daf93998839ce2412a037760ee2fa3161d596c690f2f6adc1bed7d8432affb6b5d20833be38a5eb6925692fc5908954021216c6140740db8b8c2fc344a15
@@ -1,9 +1,49 @@
1
1
  require 'active_support/configurable'
2
+ require 'ruby-saml'
2
3
 
3
4
  module RackEntraIdAuth
4
5
  class Configuration
5
6
  include ActiveSupport::Configurable
6
7
 
8
+ RUBY_SAML_SETTINGS = %i(
9
+ idp_entity_id
10
+ idp_sso_service_url
11
+ idp_slo_service_url
12
+ idp_slo_response_service_url
13
+ idp_cert
14
+ idp_cert_fingerprint
15
+ idp_cert_fingerprint_algorithm
16
+ idp_cert_multi
17
+ idp_attribute_names
18
+ idp_name_qualifier
19
+ valid_until
20
+ sp_entity_id
21
+ assertion_consumer_service_url
22
+ single_logout_service_url
23
+ sp_name_qualifier
24
+ name_identifier_format
25
+ name_identifier_value
26
+ name_identifier_value_requested
27
+ sessionindex
28
+ compress_request
29
+ compress_response
30
+ double_quote_xml_attribute_values
31
+ message_max_bytesize
32
+ passive
33
+ attributes_index
34
+ force_authn
35
+ certificate
36
+ private_key
37
+ sp_cert_multi
38
+ authn_context
39
+ authn_context_comparison
40
+ authn_context_decl_ref
41
+ security
42
+ soft
43
+ )
44
+
45
+ RUBY_SAML_SETTINGS.each { |ruby_saml_setting| config_accessor ruby_saml_setting }
46
+
7
47
  config_accessor :login_path, default: '/login'
8
48
  config_accessor :login_relay_state_url
9
49
  config_accessor :logout_path, default: '/logout'
@@ -24,57 +64,26 @@ module RackEntraIdAuth
24
64
  }
25
65
  config_accessor :skip_single_logout, default: true
26
66
 
27
- # Ruby SAML ID Provider Settings
28
- config_accessor :idp_entity_id
29
- config_accessor :idp_sso_service_url
30
- config_accessor :idp_slo_service_url
31
- config_accessor :idp_slo_response_service_url
32
- config_accessor :idp_cert
33
- config_accessor :idp_cert_fingerprint
34
- config_accessor :idp_cert_fingerprint_algorithm
35
- config_accessor :idp_cert_multi
36
- config_accessor :idp_attribute_names
37
- config_accessor :idp_name_qualifier
38
- config_accessor :valid_until
67
+ def metadata_url
68
+ @metadata_url
69
+ end
70
+
71
+ def metadata_url= (metadata_url)
72
+ @metadata_url = metadata_url
39
73
 
40
- # Ruby SAML Service Provider Settings
41
- config_accessor :sp_entity_id
42
- config_accessor :assertion_consumer_service_url
43
- config_accessor :single_logout_service_url
44
- config_accessor :sp_name_qualifier
45
- config_accessor :name_identifier_format
46
- config_accessor :name_identifier_value
47
- config_accessor :name_identifier_value_requested
48
- config_accessor :sessionindex
49
- config_accessor :compress_request
50
- config_accessor :compress_response
51
- config_accessor :double_quote_xml_attribute_values
52
- config_accessor :message_max_bytesize
53
- config_accessor :passive
54
- config_accessor :attributes_index
55
- config_accessor :force_authn
56
- config_accessor :certificate
57
- config_accessor :private_key
58
- config_accessor :sp_cert_multi
59
- config_accessor :authn_context
60
- config_accessor :authn_context_comparison
61
- config_accessor :authn_context_decl_ref
74
+ remote_hash = OneLogin::RubySaml::IdpMetadataParser.new.parse_remote_to_hash(metadata_url)
62
75
 
63
- # Ruby SAML workflow Settings
64
- config_accessor :security
65
- config_accessor :soft
76
+ RUBY_SAML_SETTINGS.each do |ruby_saml_setting|
77
+ remote_value = remote_hash[ruby_saml_setting]
78
+
79
+ self.send("#{ruby_saml_setting}=", remote_value) unless remote_value.nil?
80
+ end
81
+
82
+ @metadata_url
83
+ end
66
84
 
67
85
  def ruby_saml_settings
68
- config.to_h.except(
69
- :login_path,
70
- :login_relay_state_url,
71
- :logout_path,
72
- :logout_relay_state_url,
73
- :mock_server,
74
- :mock_attributes,
75
- :session_key,
76
- :session_value_proc,
77
- :skip_single_logout)
86
+ config.to_h.slice(*RUBY_SAML_SETTINGS)
78
87
  end
79
88
  end
80
89
  end
@@ -80,7 +80,7 @@ module RackEntraIdAuth
80
80
  # @return [String]
81
81
  #
82
82
  def relay_state_url
83
- request.get_header('rack.request.form_hash')['RelayState'] || request.params['RelayState']
83
+ request.get_header('rack.request.form_hash')['RelayState'] rescue request.params['RelayState'] || base_url
84
84
  end
85
85
 
86
86
  # A single sign-on response for the SAMLResponse in the request's header.
@@ -66,13 +66,13 @@ module RackEntraIdAuth
66
66
  if !auth_response.is_valid?
67
67
  log(env, "Invalid single login reponse from Entra ID: #{auth_response.errors.first}")
68
68
 
69
- return internal_server_error_response("Invalid login reponse from Entra ID: #{auth_response.errors.first}")
69
+ return internal_server_error_response("Invalid single login reponse from Entra ID: #{auth_response.errors.first}")
70
70
  end
71
71
 
72
72
  if !auth_response.success?
73
73
  log(env, 'Unsuccessful single single reponse from Entra ID.')
74
74
 
75
- return internal_server_error_response('Unsuccessful login reponse from Entra ID.')
75
+ return internal_server_error_response('Unsuccessful single login reponse from Entra ID.')
76
76
  end
77
77
 
78
78
  log(env, 'Initializing session and redirecting to relay state URL…')
@@ -94,7 +94,7 @@ module RackEntraIdAuth
94
94
  if !logout_request.is_valid?
95
95
  log(env, "Invalid single logout request from Entra ID: #{logout_request.errors.first}")
96
96
 
97
- return internal_server_error_response("Invalid logout request from Entra ID: #{logout_request.errors.first}")
97
+ return internal_server_error_response("Invalid single logout request from Entra ID: #{logout_request.errors.first}")
98
98
  end
99
99
 
100
100
  log(env, 'Destroying session and sending logout response to Entra ID…')
@@ -124,13 +124,13 @@ module RackEntraIdAuth
124
124
  if !logout_response.validate
125
125
  log(env, "Invalid single logout reponse from Entra ID: #{logout_response.errors.first}")
126
126
 
127
- return internal_server_error_response("Invalid logout reponse from Entra ID: #{logout_response.errors.first}")
127
+ return internal_server_error_response("Invalid single logout reponse from Entra ID: #{logout_response.errors.first}")
128
128
  end
129
129
 
130
130
  if !logout_response.success?
131
131
  log(env, 'Unsuccessful single logout reponse from Entra ID.')
132
132
 
133
- return internal_server_error_response('Unsuccessful logout reponse from Entra ID.')
133
+ return internal_server_error_response('Unsuccessful single logout reponse from Entra ID.')
134
134
  end
135
135
 
136
136
  log(env, 'Destroying session and redirecting to relay state URL…')
@@ -1,3 +1,3 @@
1
1
  module RackEntraIdAuth
2
- VERSION = '1.0.2'
2
+ VERSION = '1.1.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack_entra_id_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Susco
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-01 00:00:00.000000000 Z
11
+ date: 2024-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -119,7 +119,7 @@ licenses:
119
119
  - MIT
120
120
  metadata:
121
121
  bug_tracker_uri: https://github.com/dsusco/rack_entra_id_auth/issues
122
- changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.0.2
122
+ changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.1.0
123
123
  homepage_uri: https://github.com/dsusco/rack_entra_id_auth
124
124
  source_code_uri: https://github.com/dsusco/rack_entra_id_auth
125
125
  post_install_message: