saml_camel 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: db6a8d7294f375eadf0c0358d7e438fb367a2b45
4
- data.tar.gz: c89095973afa1aaa726f242cabb7b2d360360f33
3
+ metadata.gz: 7a2a4e67055ffc48f78dc0139b9c759e2433549c
4
+ data.tar.gz: e76ae8caa11b55411a315c284fae6d4fe8a38555
5
5
  SHA512:
6
- metadata.gz: ba097413cf902c8bd2184c64e4fcb87b39027cf223042952732a5022245901196edafd7e3b9c20d9f9e76b76c95eb23bf1eda86f2b3d5c35d9ba814e5b5ad280
7
- data.tar.gz: afb5650b0e054af8cb911461b7211106eddb305d994e77c9941738f03f6c085a6a0fa8fe1a05ca1c0fe0d561214ac0304cfeac3bb97a880cee5fd0423b9b7ff7
6
+ metadata.gz: 9cfb538fa1e85ef6d3089431b4f30e97ce773d4fce4498c9349c602a799427499fbe2cd25f37e0ffb53aee3ae4672210903c00017e97de2eb2580e42a4122374
7
+ data.tar.gz: 9dd9c2fe2afc86d84bbf4333e57853c546ab76c096d3f08c08b16c4987fb65640e7759ba77d72c86ca61ca2a151d76a2c8b412609f4fe27c2fefcf1dfbd1d043
data/README.md CHANGED
@@ -3,9 +3,7 @@
3
3
  Add this line to your application's Gemfile:
4
4
 
5
5
  ```ruby
6
- source "https://gems-internal.oit.duke.edu" do
7
6
  gem 'saml_camel'
8
- end
9
7
  ```
10
8
 
11
9
 
@@ -46,8 +44,6 @@ end
46
44
  6. now simply provide the `saml protect` method in your controllers (via `around_action`) to protect paths
47
45
  **NOTE: it is important you MUST use around_action**
48
46
 
49
- 7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
50
-
51
47
  ```ruby
52
48
  class DashboardController < ApplicationController
53
49
  around_action :saml_protect, except: [:home]
@@ -61,8 +57,18 @@ class DashboardController < ApplicationController
61
57
  end
62
58
  ```
63
59
 
60
+
61
+ 7. to logout simply make a post to `localhost:3000/saml/logout`. This will kill the local saml session, and the session with the identity provider. You can specify a return url in `saml/development/settings.json`
62
+
64
63
  7. response attributes found in `session[:saml_attributes]`
65
64
 
65
+ 8. It is recommended to set `config.force_ssl = true` in the `config/environments/production.rb` file
66
+
67
+
68
+ 9. Logging is turned on by default. Logging is configured in `saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
69
+
70
+ 10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through
71
+
66
72
 
67
73
  ## License
68
74
  The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
@@ -2,6 +2,8 @@ require_dependency "saml_camel/application_controller"
2
2
 
3
3
  module SamlCamel::SamlHelpers
4
4
  extend ActiveSupport::Concern
5
+ SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
6
+
5
7
 
6
8
  #this generates a call to the idp, which will then be returned to the consume action the in saml_contorller
7
9
  def saml_request(host_request)
@@ -2,7 +2,9 @@ require_dependency "saml_camel/application_controller"
2
2
 
3
3
  module SamlCamel
4
4
  class SamlController < ApplicationController
5
+ include SamlCamel::SamlHelpers
5
6
  skip_before_action :verify_authenticity_token ,only: [:consume,:logout]
7
+ around_action :saml_protect, only: [:attr_check]
6
8
 
7
9
 
8
10
  #TODO ROUTABLE STUFF GOES IN THE SHIB CONTROLLER, METHODS CALLED BUT NOT ROUTED GO TO SAML_CONTROLLER
@@ -19,6 +21,7 @@ module SamlCamel
19
21
  session[:saml_success] = true
20
22
  session[:sp_session] = true
21
23
  session[:saml_attributes] = SamlCamel::Transaction.map_attributes(response.attributes)
24
+ SamlCamel::Logging.successfull_auth(session[:saml_attributes])
22
25
 
23
26
  #TODO account for nil redirect
24
27
  redirect_to cookies.encrypted[:saml_camel_redirect]
@@ -26,11 +29,14 @@ module SamlCamel
26
29
  #TODO how do we handle errors?
27
30
  session[:saml_success] = false
28
31
  response.errors
32
+ SamlCamel::Logging.auth_failure(response.errors)
33
+
29
34
  redirect_to main_app.try('root_path')
30
35
  end
31
36
  end
32
37
 
33
38
  def logout
39
+ SamlCamel::Logging.logout(session[:saml_attributes])
34
40
  session[:saml_attributes] = nil
35
41
  session[:sp_session] = nil
36
42
 
@@ -38,6 +44,10 @@ module SamlCamel
38
44
  redirect_to return_url
39
45
  end
40
46
 
47
+ def attr_check
48
+
49
+ end
50
+
41
51
 
42
52
  private
43
53
  def saml_settings
@@ -1,5 +1,5 @@
1
1
  module SamlCamel
2
- class ApplicationRecord
3
- self.abstract_class = true
2
+ class ApplicationRecord
3
+
4
4
  end
5
5
  end
@@ -0,0 +1,23 @@
1
+ module SamlCamel
2
+ class Logging
3
+ SP_SETTINGS = JSON.parse(File.read("saml/#{Rails.env}/settings.json"))
4
+ PRIMARY_ID = SP_SETTINGS["settings"]["primary_id"]
5
+ SHOULD_LOG = SP_SETTINGS["settings"]["saml_logging"]
6
+
7
+ def self.successfull_auth(saml_attrs)
8
+ logger = Logger.new("log/saml.log")
9
+ logger.info("#{saml_attrs[PRIMARY_ID]} has succesfully authenticated.")
10
+ end
11
+
12
+ def self.auth_failure(error_context)
13
+ logger = Logger.new("log/saml.log")
14
+ logger.error("An error occured during authentication.")
15
+ end
16
+
17
+ def self.logout(saml_attrs)
18
+ logger = Logger.new("log/saml.log")
19
+ logger.info("#{saml_attrs[PRIMARY_ID]} has succesfully logged out.")
20
+ end
21
+
22
+ end
23
+ end
@@ -46,7 +46,7 @@ module SamlCamel
46
46
  mapped_attributes
47
47
  end
48
48
 
49
-
49
+ #currently duke specifc
50
50
  def self.logout
51
51
  url = URI("https://shib.oit.duke.edu/cgi-bin/logout.pl")
52
52
 
@@ -0,0 +1,5 @@
1
+ <h1>SAML Attributes</h1>
2
+ <% session[:saml_attributes].each do |k,v| %>
3
+ <strong><%= k %></strong>
4
+ <p><%= v %></p>
5
+ <% end %>
data/config/routes.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  SamlCamel::Engine.routes.draw do
2
2
  get "/" => "saml#index"
3
+ get "/attributes" => 'saml#attr_check'
3
4
  post "/consumeSaml" => "saml#consume"
4
5
  post "/logout" => "saml#logout"
5
6
  end
@@ -6,7 +6,6 @@ module SamlCamel
6
6
  isolate_namespace SamlCamel
7
7
 
8
8
  config.to_prepare do
9
-
10
9
  Dir.glob(Rails.root + "app/decorators/**/*_decorator*.rb").each do |c|
11
10
  require_dependency(c)
12
11
  end
@@ -1,3 +1,3 @@
1
1
  module SamlCamel
2
- VERSION = '0.1.1'
2
+ VERSION = '0.1.2'
3
3
  end
@@ -58,10 +58,6 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
58
58
  end
59
59
 
60
60
 
61
-
62
-
63
-
64
-
65
61
  def generate_saml_settings
66
62
  {
67
63
  _comment: "note you will need to restart the application when you make changes to this file",
@@ -69,7 +65,9 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
69
65
  acs: "http://localhost:3000/saml/consumeSaml" ,
70
66
  entity_id: "https://your-entity-id.com",
71
67
  sso_url: "https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO",
72
- logout_return_url: "http://localhost:3000"
68
+ logout_return_url: "http://localhost:3000",
69
+ primary_id: "eduPersonPrincipalName",
70
+ saml_logging: true
73
71
  },
74
72
  "attribute_map": {
75
73
  "urn:oid:1.3.6.1.4.1.5923.1.1.1.9": "eduPersonScopedAffiliation",
@@ -80,7 +78,7 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
80
78
  "urn:oid:1.3.6.1.4.1.5923.1.1.1.5": "eduPersonPrimaryAffiliation",
81
79
  "urn:oid:2.16.840.1.113730.3.1.241": "displayName",
82
80
  "urn:mace:duke.edu:idms:unique-id": "duDukeID",
83
- "urn:mace:duke.edu:idms:dku-id": "urn:mace:duke.edu:idms:dku-id",
81
+ "urn:mace:duke.edu:idms:dku-id": "dku-id",
84
82
  "urn:oid:1.3.6.1.4.1.5923.1.5.1.1": "isMemberOf",
85
83
  "urn:oid:2.5.4.42": "givenName",
86
84
  "urn:oid:2.5.4.4": "sn",
@@ -89,8 +87,6 @@ tA6SX0infqNRyPRNJK+bnQd1yOP4++tjD/lAPE+5tiD/waI3fArt43ZE/qp7pYMS
89
87
  "urn:oid:2.5.4.20": "telephoneNumber",
90
88
  "urn:oid:2.5.4.12": "title",
91
89
  "urn:mace:duke.edu:idms:middle-name1": "duMiddleName1",
92
- "urn:mace:duke.edu:idms:sap:name-first": "duSAPNameFirst",
93
- "urn:mace:duke.edu:idms:sap:name-last": "duSAPNameLast",
94
90
  "urn:mace:duke.edu:idms:proxy-token": "duProxyToken"
95
91
  }
96
92
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml_camel
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - 'Danai Adkisson '
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-03 00:00:00.000000000 Z
11
+ date: 2018-04-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -87,8 +87,10 @@ files:
87
87
  - app/jobs/saml_camel/application_job.rb
88
88
  - app/mailers/saml_camel/application_mailer.rb
89
89
  - app/models/saml_camel/application_record.rb
90
+ - app/models/saml_camel/logging.rb
90
91
  - app/models/saml_camel/transaction.rb
91
92
  - app/views/layouts/saml_camel/application.html.erb
93
+ - app/views/saml_camel/saml/attr_check.html.erb
92
94
  - config/routes.rb
93
95
  - lib/saml_camel.rb
94
96
  - lib/saml_camel/engine.rb