rack_entra_id_auth 1.3.1 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9aebad558da70d6fb398d2a7042989b52ae2c7968fc3eac2233c0ae6ee4ee7be
|
|
4
|
+
data.tar.gz: 04bfdd91084705a72f4ebb4fc3dbddd6afa074c22784368918ecf3166a6626d2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8d81c38f9ac7b5e71904ae21e6210ef326265c502f9654a1075aa88e5b8fe15b3b4722afb9288ae57c4028dd350cd9c0f6ab4130dc082beeee80bc0e94ee6d76
|
|
7
|
+
data.tar.gz: 56624b5e0e8c5301668638b82883218a3238e4fb86620f706d4d9642b58b83c48122a127f7188fa9146dc57fd5ae9399a263d3a95d96a77d43f52b706e4ac12d
|
|
@@ -44,6 +44,7 @@ module RackEntraIdAuth
|
|
|
44
44
|
|
|
45
45
|
RUBY_SAML_SETTINGS.each { |ruby_saml_setting| config_accessor ruby_saml_setting }
|
|
46
46
|
|
|
47
|
+
config_accessor :exclude_paths, default: []
|
|
47
48
|
config_accessor :login_path, default: '/login'
|
|
48
49
|
config_accessor :login_relay_state_url
|
|
49
50
|
config_accessor :logout_path, default: '/logout'
|
|
@@ -86,7 +87,7 @@ module RackEntraIdAuth
|
|
|
86
87
|
end
|
|
87
88
|
|
|
88
89
|
def ruby_saml_settings
|
|
89
|
-
config.to_h.slice(*RUBY_SAML_SETTINGS)
|
|
90
|
+
config.to_h.slice(*RUBY_SAML_SETTINGS)
|
|
90
91
|
end
|
|
91
92
|
end
|
|
92
93
|
end
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
require 'ruby-saml'
|
|
2
|
-
require 'uri'
|
|
3
2
|
|
|
4
3
|
module RackEntraIdAuth
|
|
5
4
|
class EntraIdRequest
|
|
@@ -19,6 +18,23 @@ module RackEntraIdAuth
|
|
|
19
18
|
"#{request.base_url}#{request.path}".sub(Regexp.new("#{request.path_info}$"), '')
|
|
20
19
|
end
|
|
21
20
|
|
|
21
|
+
# Returns whether the request should be ignored by the middleware. Returns
|
|
22
|
+
# true if the request's path matches any of the strings or regular
|
|
23
|
+
# expressions in the exclude_paths config, otherwise returns false.
|
|
24
|
+
#
|
|
25
|
+
# @return [Bool]
|
|
26
|
+
#
|
|
27
|
+
def excluded_path?
|
|
28
|
+
RackEntraIdAuth.config.exclude_paths.any? do |regexp_or_string|
|
|
29
|
+
case regexp_or_string
|
|
30
|
+
when Regexp
|
|
31
|
+
regexp_or_string.match?(request.path_info)
|
|
32
|
+
when String
|
|
33
|
+
regexp_or_string.eql?(request.path_info)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
22
38
|
# Returns whether the request is a Service Provider initiated sign-on
|
|
23
39
|
# request. Returns true if the request's path info equals the login path
|
|
24
40
|
# configuration (login_path), otherwise returns false.
|
|
@@ -81,10 +97,7 @@ module RackEntraIdAuth
|
|
|
81
97
|
# @return [String]
|
|
82
98
|
#
|
|
83
99
|
def relay_state_url
|
|
84
|
-
|
|
85
|
-
relay_state = request.get_header('rack.request.form_hash')['RelayState'] if request.has_header?('rack.request.form_hash')
|
|
86
|
-
relay_state = request.params['RelayState'] if !relay_state.is_a?(String) or relay_state.empty?
|
|
87
|
-
relay_state =~ /\A#{URI::regexp(['http', 'https'])}\z/ ? relay_state : base_url
|
|
100
|
+
request.get_header('rack.request.form_hash')['RelayState'] rescue request.params['RelayState'] || base_url
|
|
88
101
|
end
|
|
89
102
|
|
|
90
103
|
# A single sign-on response for the SAMLResponse in the request's header.
|
|
@@ -10,6 +10,8 @@ module RackEntraIdAuth
|
|
|
10
10
|
request = Rack::Request.new(env)
|
|
11
11
|
entra_id_request = EntraIdRequest.new(request)
|
|
12
12
|
|
|
13
|
+
return @app.call(env) if entra_id_request.excluded_path?
|
|
14
|
+
|
|
13
15
|
# SP initiated single sign-on request
|
|
14
16
|
if entra_id_request.login?
|
|
15
17
|
log(env, 'Redirecting login request to Entra ID single sign-on URL…')
|
|
@@ -12,6 +12,8 @@ module RackEntraIdAuth
|
|
|
12
12
|
request = Rack::Request.new(env)
|
|
13
13
|
entra_id_request = EntraIdRequest.new(request)
|
|
14
14
|
|
|
15
|
+
return @app.call(env) if entra_id_request.excluded_path?
|
|
16
|
+
|
|
15
17
|
# mock a login page
|
|
16
18
|
if entra_id_request.login? and request.request_method.eql?('GET')
|
|
17
19
|
log(env, 'Rendering mock login page…')
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack_entra_id_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Susco
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
10
|
+
date: 2025-08-21 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: activesupport
|
|
@@ -119,10 +118,9 @@ licenses:
|
|
|
119
118
|
- MIT
|
|
120
119
|
metadata:
|
|
121
120
|
bug_tracker_uri: https://github.com/dsusco/rack_entra_id_auth/issues
|
|
122
|
-
changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.3.
|
|
121
|
+
changelog_uri: https://github.com/dsusco/rack_entra_id_auth/releases/tag/v1.3.2
|
|
123
122
|
homepage_uri: https://github.com/dsusco/rack_entra_id_auth
|
|
124
123
|
source_code_uri: https://github.com/dsusco/rack_entra_id_auth
|
|
125
|
-
post_install_message:
|
|
126
124
|
rdoc_options: []
|
|
127
125
|
require_paths:
|
|
128
126
|
- lib
|
|
@@ -137,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
137
135
|
- !ruby/object:Gem::Version
|
|
138
136
|
version: '0'
|
|
139
137
|
requirements: []
|
|
140
|
-
rubygems_version: 3.
|
|
141
|
-
signing_key:
|
|
138
|
+
rubygems_version: 3.6.2
|
|
142
139
|
specification_version: 4
|
|
143
140
|
summary: Rails aware Rack middleware for Entra ID authentication.
|
|
144
141
|
test_files: []
|