rack_entra_id_auth 1.0.3 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0a2ea6b5c8890bdf9e35c1dc4d8b1dcce9ecd085d212948e83ae1621165698e
4
- data.tar.gz: '095bdcaf3880329d01fecd0d70b4478e8f5850ce941989f172e46f1403917ec3'
3
+ metadata.gz: 86ee586f830d9d44c654338d677e88932c35aea1f5e1d73386ba91cab852f181
4
+ data.tar.gz: 3a60ec97200adad56e8306b2fbafa27efacf90696f847e05bd323fd5500feadb
5
5
  SHA512:
6
- metadata.gz: 02f0be8e2d05113930639578e75777cf1cb36764fefa4ca6cb1cc9b56dbdc805531463789c206976ab2ac8e0e4233dca5e42e47662e5d4e2d231b20065e46881
7
- data.tar.gz: 01471a840c03d0bfed7958a8a96cfe2dc1d242a53e4615fcbd9515464009b1c082971b78d88e4f0a43053983c968f7f146d63781b3664558dcb53b552550d0ff
6
+ metadata.gz: 5075ceb0dea5b90f6379669d8b1929d3053fd0563c3b146f0ee89623b80ab2a96d869e8d17862db3c560702244b0bcd2f85ece39c72d1b26567acc65e924ed80
7
+ data.tar.gz: 53b2daf93998839ce2412a037760ee2fa3161d596c690f2f6adc1bed7d8432affb6b5d20833be38a5eb6925692fc5908954021216c6140740db8b8c2fc344a15
@@ -1,9 +1,49 @@
1
1
  require 'active_support/configurable'
2
+ require 'ruby-saml'
2
3
 
3
4
  module RackEntraIdAuth
4
5
  class Configuration
5
6
  include ActiveSupport::Configurable
6
7
 
8
+ RUBY_SAML_SETTINGS = %i(
9
+ idp_entity_id
10
+ idp_sso_service_url
11
+ idp_slo_service_url
12
+ idp_slo_response_service_url
13
+ idp_cert
14
+ idp_cert_fingerprint
15
+ idp_cert_fingerprint_algorithm
16
+ idp_cert_multi
17
+ idp_attribute_names
18
+ idp_name_qualifier
19
+ valid_until
20
+ sp_entity_id
21
+ assertion_consumer_service_url
22
+ single_logout_service_url
23
+ sp_name_qualifier
24
+ name_identifier_format
25
+ name_identifier_value
26
+ name_identifier_value_requested
27
+ sessionindex
28
+ compress_request
29
+ compress_response
30
+ double_quote_xml_attribute_values
31
+ message_max_bytesize
32
+ passive
33
+ attributes_index
34
+ force_authn
35
+ certificate
36
+ private_key
37
+ sp_cert_multi
38
+ authn_context
39
+ authn_context_comparison
40
+ authn_context_decl_ref
41
+ security
42
+ soft
43
+ )
44
+
45
+ RUBY_SAML_SETTINGS.each { |ruby_saml_setting| config_accessor ruby_saml_setting }
46
+
7
47
  config_accessor :login_path, default: '/login'
8
48
  config_accessor :login_relay_state_url
9
49
  config_accessor :logout_path, default: '/logout'
@@ -24,57 +64,26 @@ module RackEntraIdAuth
24
64
  }
25
65
  config_accessor :skip_single_logout, default: true
26
66
 
27
- # Ruby SAML ID Provider Settings
28
- config_accessor :idp_entity_id
29
- config_accessor :idp_sso_service_url
30
- config_accessor :idp_slo_service_url
31
- config_accessor :idp_slo_response_service_url
32
- config_accessor :idp_cert
33
- config_accessor :idp_cert_fingerprint
34
- config_accessor :idp_cert_fingerprint_algorithm
35
- config_accessor :idp_cert_multi
36
- config_accessor :idp_attribute_names
37
- config_accessor :idp_name_qualifier
38
- config_accessor :valid_until
67
+ def metadata_url
68
+ @metadata_url
69
+ end
70
+
71
+ def metadata_url= (metadata_url)
72
+ @metadata_url = metadata_url
39
73
 
40
- # Ruby SAML Service Provider Settings
41
- config_accessor :sp_entity_id
42
- config_accessor :assertion_consumer_service_url
43
- config_accessor :single_logout_service_url
44
- config_accessor :sp_name_qualifier
45
- config_accessor :name_identifier_format
46
- config_accessor :name_identifier_value
47
- config_accessor :name_identifier_value_requested
48
- config_accessor :sessionindex
49
- config_accessor :compress_request
50
- config_accessor :compress_response
51
- config_accessor :double_quote_xml_attribute_values
52
- config_accessor :message_max_bytesize
53
- config_accessor :passive
54
- config_accessor :attributes_index
55
- config_accessor :force_authn
56
- config_accessor :certificate
57
- config_accessor :private_key
58
- config_accessor :sp_cert_multi
59
- config_accessor :authn_context
60
- config_accessor :authn_context_comparison
61
- config_accessor :authn_context_decl_ref
74
+ remote_hash = OneLogin::RubySaml::IdpMetadataParser.new.parse_remote_to_hash(metadata_url)
62
75
 
63
- # Ruby SAML workflow Settings
64
- config_accessor :security
65
- config_accessor :soft
76
+ RUBY_SAML_SETTINGS.each do |ruby_saml_setting|
77
+ remote_value = remote_hash[ruby_saml_setting]
78
+
79
+ self.send("#{ruby_saml_setting}=", remote_value) unless remote_value.nil?
80
+ end
81
+
82
+ @metadata_url
83
+ end
66
84
 
67
85
  def ruby_saml_settings
68
- config.to_h.except(
69
- :login_path,
70
- :login_relay_state_url,
71
- :logout_path,
72
- :logout_relay_state_url,
73
- :mock_server,
74
- :mock_attributes,
75
- :session_key,
76
- :session_value_proc,
77
- :skip_single_logout)
86
+ config.to_h.slice(*RUBY_SAML_SETTINGS)
78
87
  end
79
88
  end
80
89
  end
@@ -66,13 +66,13 @@ module RackEntraIdAuth
66
66
  if !auth_response.is_valid?
67
67
  log(env, "Invalid single login reponse from Entra ID: #{auth_response.errors.first}")
68
68
 
69
- return internal_server_error_response("Invalid login reponse from Entra ID: #{auth_response.errors.first}")
69
+ return internal_server_error_response("Invalid single login reponse from Entra ID: #{auth_response.errors.first}")
70
70
  end
71
71
 
72
72
  if !auth_response.success?
73
73
  log(env, 'Unsuccessful single single reponse from Entra ID.')
74
74
 
75
- return internal_server_error_response('Unsuccessful login reponse from Entra ID.')
75
+ return internal_server_error_response('Unsuccessful single login reponse from Entra ID.')
76
76
  end
77
77
 
78
78
  log(env, 'Initializing session and redirecting to relay state URL…')
@@ -94,7 +94,7 @@ module RackEntraIdAuth
94
94
  if !logout_request.is_valid?
95
95
  log(env, "Invalid single logout request from Entra ID: #{logout_request.errors.first}")
96
96
 
97
- return internal_server_error_response("Invalid logout request from Entra ID: #{logout_request.errors.first}")
97
+ return internal_server_error_response("Invalid single logout request from Entra ID: #{logout_request.errors.first}")
98
98
  end
99
99
 
100
100
  log(env, 'Destroying session and sending logout response to Entra ID…')
@@ -124,13 +124,13 @@ module RackEntraIdAuth
124
124
  if !logout_response.validate
125
125
  log(env, "Invalid single logout reponse from Entra ID: #{logout_response.errors.first}")
126
126
 
127
- return internal_server_error_response("Invalid logout reponse from Entra ID: #{logout_response.errors.first}")
127
+ return internal_server_error_response("Invalid single logout reponse from Entra ID: #{logout_response.errors.first}")
128
128
  end
129
129
 
130
130
  if !logout_response.success?
131
131
  log(env, 'Unsuccessful single logout reponse from Entra ID.')
132
132
 
133
- return internal_server_error_response('Unsuccessful logout reponse from Entra ID.')
133
+ return internal_server_error_response('Unsuccessful single logout reponse from Entra ID.')
134
134
  end
135
135
 
136
136
  log(env, 'Destroying session and redirecting to relay state URL…')
@@ -1,3 +1,3 @@
1
1
  module RackEntraIdAuth
2
- VERSION = '1.0.3'
2
+ VERSION = '1.1.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack_entra_id_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.3
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Susco
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-01 00:00:00.000000000 Z
11
+ date: 2024-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -119,7 +119,7 @@ licenses:
119
119
  - MIT
120
120
  metadata:
121
121
  bug_tracker_uri: https://github.com/dsusco/rack_entra_id_auth/issues
122
- changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.0.3
122
+ changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.1.0
123
123
  homepage_uri: https://github.com/dsusco/rack_entra_id_auth
124
124
  source_code_uri: https://github.com/dsusco/rack_entra_id_auth
125
125
  post_install_message: