saml_camel 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7a2a4e67055ffc48f78dc0139b9c759e2433549c
4
- data.tar.gz: e76ae8caa11b55411a315c284fae6d4fe8a38555
3
+ metadata.gz: 71f94da315b31aec73381b73e58fb6bb1a6fd3eb
4
+ data.tar.gz: '08d80cedc906fb1cb14ceaa008a796a9bee802c5'
5
5
  SHA512:
6
- metadata.gz: 9cfb538fa1e85ef6d3089431b4f30e97ce773d4fce4498c9349c602a799427499fbe2cd25f37e0ffb53aee3ae4672210903c00017e97de2eb2580e42a4122374
7
- data.tar.gz: 9dd9c2fe2afc86d84bbf4333e57853c546ab76c096d3f08c08b16c4987fb65640e7759ba77d72c86ca61ca2a151d76a2c8b412609f4fe27c2fefcf1dfbd1d043
6
+ metadata.gz: 62891d7a9e63252a869314de2d06fc919646eb7b5a9f5b005b3d15d53bee9091514e9126ba6dd94daac2909fac9adff83eb6e3d31e1050a930183413643d9fce
7
+ data.tar.gz: 30cc191cb55e6a66cc192327d201365450e48beb0d76ca62d683d910ecfcbdec2b1c8faf0f4040c052d1c072357543e55b76d00167d5cb770577825d4e558806
data/README.md CHANGED
@@ -41,12 +41,11 @@ class ApplicationController < ActionController::Base
41
41
  end
42
42
  ```
43
43
 
44
- 6. now simply provide the `saml protect` method in your controllers (via `around_action`) to protect paths
45
- **NOTE: it is important you MUST use around_action**
44
+ 6. now simply provide the `saml protect` method in your controllers (via `before_action`) to protect paths
46
45
 
47
46
  ```ruby
48
47
  class DashboardController < ApplicationController
49
- around_action :saml_protect, except: [:home]
48
+ before_action :saml_protect, except: [:home]
50
49
 
51
50
  def home
52
51
  end
@@ -67,7 +66,7 @@ end
67
66
 
68
67
  9. Logging is turned on by default. Logging is configured in `saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
69
68
 
70
- 10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through
69
+ 10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through
71
70
 
72
71
 
73
72
  ## License
@@ -8,23 +8,20 @@ module SamlCamel::SamlHelpers
8
8
  #this generates a call to the idp, which will then be returned to the consume action the in saml_contorller
9
9
  def saml_request(host_request)
10
10
  request = OneLogin::RubySaml::Authrequest.new
11
- cookies.encrypted[:saml_camel_redirect] = host_request.url
12
- redirect_to(request.create(SamlCamel::Transaction.saml_settings))
13
- end
11
+ secure_cookie = (Rails.env == "development" || Rails.env == "test") ? false : true
12
+ cookies.encrypted[:saml_camel_redirect] = {
13
+ value: host_request.url,
14
+ secure: secure_cookie,
15
+ httponly: true
16
+ }
14
17
 
15
-
16
- def saml_reset
17
- session[:saml_success] = nil
18
+ redirect_to(request.create(SamlCamel::Transaction.saml_settings))
18
19
  end
19
20
 
20
21
 
21
22
  def saml_protect
22
- begin
23
23
  saml_request(request) unless (session[:saml_success] || session[:sp_session]) #keeps us from looping, and maintains sp session
24
- yield
25
- ensure
26
- saml_reset #keeps us from looping
27
- end
24
+ session[:saml_success] = nil
28
25
  end
29
26
 
30
27
 
@@ -4,7 +4,7 @@ module SamlCamel
4
4
  class SamlController < ApplicationController
5
5
  include SamlCamel::SamlHelpers
6
6
  skip_before_action :verify_authenticity_token ,only: [:consume,:logout]
7
- around_action :saml_protect, only: [:attr_check]
7
+ before_action :saml_protect, only: [:attr_check]
8
8
 
9
9
 
10
10
  #TODO ROUTABLE STUFF GOES IN THE SHIB CONTROLLER, METHODS CALLED BUT NOT ROUTED GO TO SAML_CONTROLLER
@@ -13,6 +13,8 @@ module SamlCamel
13
13
  end
14
14
 
15
15
  def consume
16
+ redirect_path = cookies.encrypted[:saml_camel_redirect]
17
+ cookies.delete :saml_camel_redirect
16
18
  response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
17
19
  response.settings = saml_settings
18
20
 
@@ -24,7 +26,7 @@ module SamlCamel
24
26
  SamlCamel::Logging.successfull_auth(session[:saml_attributes])
25
27
 
26
28
  #TODO account for nil redirect
27
- redirect_to cookies.encrypted[:saml_camel_redirect]
29
+ redirect_to redirect_path
28
30
  else # otherwise list out the errors in the response
29
31
  #TODO how do we handle errors?
30
32
  session[:saml_success] = false
@@ -33,6 +35,10 @@ module SamlCamel
33
35
 
34
36
  redirect_to main_app.try('root_path')
35
37
  end
38
+ rescue => e
39
+ session[:saml_success] = false
40
+ SamlCamel::Logging.auth_failure(e)
41
+ redirect_to main_app.try('root_path')
36
42
  end
37
43
 
38
44
  def logout
@@ -11,7 +11,7 @@ module SamlCamel
11
11
 
12
12
  def self.auth_failure(error_context)
13
13
  logger = Logger.new("log/saml.log")
14
- logger.error("An error occured during authentication.")
14
+ logger.error("An error occured during authentication. #{error_context}")
15
15
  end
16
16
 
17
17
  def self.logout(saml_attrs)
@@ -47,6 +47,11 @@ module SamlCamel
47
47
  end
48
48
 
49
49
  #currently duke specifc
50
+ #TODO use the regular idp based logout
51
+ #TODO httponly should always be set to true on cookies
52
+ #TODO securure should be set to true in non dev environments (ht
53
+ #TODO look at metadata file import,validate via cert
54
+
50
55
  def self.logout
51
56
  url = URI("https://shib.oit.duke.edu/cgi-bin/logout.pl")
52
57
 
@@ -1,3 +1,3 @@
1
1
  module SamlCamel
2
- VERSION = '0.1.2'
2
+ VERSION = '0.1.3'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml_camel
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - 'Danai Adkisson '
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-04 00:00:00.000000000 Z
11
+ date: 2018-04-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails