saml_camel 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7a2a4e67055ffc48f78dc0139b9c759e2433549c
-  data.tar.gz: e76ae8caa11b55411a315c284fae6d4fe8a38555
+  metadata.gz: 71f94da315b31aec73381b73e58fb6bb1a6fd3eb
+  data.tar.gz: '08d80cedc906fb1cb14ceaa008a796a9bee802c5'
 SHA512:
-  metadata.gz: 9cfb538fa1e85ef6d3089431b4f30e97ce773d4fce4498c9349c602a799427499fbe2cd25f37e0ffb53aee3ae4672210903c00017e97de2eb2580e42a4122374
-  data.tar.gz: 9dd9c2fe2afc86d84bbf4333e57853c546ab76c096d3f08c08b16c4987fb65640e7759ba77d72c86ca61ca2a151d76a2c8b412609f4fe27c2fefcf1dfbd1d043
+  metadata.gz: 62891d7a9e63252a869314de2d06fc919646eb7b5a9f5b005b3d15d53bee9091514e9126ba6dd94daac2909fac9adff83eb6e3d31e1050a930183413643d9fce
+  data.tar.gz: 30cc191cb55e6a66cc192327d201365450e48beb0d76ca62d683d910ecfcbdec2b1c8faf0f4040c052d1c072357543e55b76d00167d5cb770577825d4e558806

data/README.md

@@ -41,12 +41,11 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-6. now simply provide the `saml protect` method in your controllers (via `around_action`) to protect paths
-**NOTE: it is important you MUST use around_action**
+6. now simply provide the `saml protect` method in your controllers (via `before_action`) to protect paths
 
 ```ruby
 class DashboardController < ApplicationController
-  around_action :saml_protect, except: [:home]
+  before_action :saml_protect, except: [:home]
 
   def home
   end
@@ -67,7 +66,7 @@ end
 
 9. Logging is turned on by default. Logging is configured in `saml/development/settings.json`. To utilize logging saml_logging should be set to true (default), and primary_id must have a value. primary_id is the saml attribute you consider to be a primary identifier for a user
 
-10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through 
+10. Users can go to http://localhost:3000/saml/attributes to view attributes being passed through
 
 
 ## License

data/app/controllers/concerns/saml_camel/saml_helpers.rb

@@ -8,23 +8,20 @@ module SamlCamel::SamlHelpers
     #this generates a call to the idp, which will then be returned to the consume action the in saml_contorller
     def saml_request(host_request)
       request = OneLogin::RubySaml::Authrequest.new
-      cookies.encrypted[:saml_camel_redirect] = host_request.url
-      redirect_to(request.create(SamlCamel::Transaction.saml_settings))
-    end
+      secure_cookie = (Rails.env == "development" || Rails.env == "test") ? false : true
+      cookies.encrypted[:saml_camel_redirect] = {
+        value: host_request.url,
+        secure: secure_cookie,
+        httponly: true
+      }
 
-
-    def saml_reset
-      session[:saml_success] = nil
+      redirect_to(request.create(SamlCamel::Transaction.saml_settings))
     end
 
 
     def saml_protect
-      begin
         saml_request(request) unless (session[:saml_success] || session[:sp_session]) #keeps us from looping, and maintains sp session
-        yield
-      ensure
-        saml_reset #keeps us from looping
-      end
+        session[:saml_success] = nil
     end
 
 

data/app/controllers/saml_camel/saml_controller.rb

@@ -4,7 +4,7 @@ module SamlCamel
   class SamlController < ApplicationController
     include SamlCamel::SamlHelpers
     skip_before_action :verify_authenticity_token ,only: [:consume,:logout]
-    around_action :saml_protect, only: [:attr_check]
+    before_action :saml_protect, only: [:attr_check]
 
 
     #TODO ROUTABLE STUFF GOES IN THE SHIB CONTROLLER, METHODS CALLED BUT NOT ROUTED GO TO SAML_CONTROLLER
@@ -13,6 +13,8 @@ module SamlCamel
     end
 
     def consume
+      redirect_path = cookies.encrypted[:saml_camel_redirect]
+      cookies.delete :saml_camel_redirect
       response          = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
       response.settings = saml_settings
 
@@ -24,7 +26,7 @@ module SamlCamel
         SamlCamel::Logging.successfull_auth(session[:saml_attributes])
 
         #TODO account for nil redirect
-        redirect_to cookies.encrypted[:saml_camel_redirect]
+        redirect_to redirect_path
       else # otherwise list out the errors in the response
         #TODO how do we handle errors?
         session[:saml_success] = false
@@ -33,6 +35,10 @@ module SamlCamel
 
         redirect_to main_app.try('root_path')
       end
+    rescue => e
+      session[:saml_success] = false
+      SamlCamel::Logging.auth_failure(e)
+      redirect_to main_app.try('root_path')
     end
 
     def logout

data/app/models/saml_camel/logging.rb

@@ -11,7 +11,7 @@ module SamlCamel
 
     def self.auth_failure(error_context)
       logger = Logger.new("log/saml.log")
-      logger.error("An error occured during authentication.")
+      logger.error("An error occured during authentication. #{error_context}")
     end
 
     def self.logout(saml_attrs)

data/app/models/saml_camel/transaction.rb

@@ -47,6 +47,11 @@ module SamlCamel
     end
 
     #currently duke specifc
+    #TODO use the regular idp based logout
+    #TODO httponly should always be set to true on cookies
+    #TODO securure should be set to true in non dev environments (ht
+    #TODO look at metadata file import,validate via cert
+    
     def self.logout
       url = URI("https://shib.oit.duke.edu/cgi-bin/logout.pl")
 

data/lib/saml_camel/version.rb

@@ -1,3 +1,3 @@
 module SamlCamel
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml_camel
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - 'Danai Adkisson '
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-04 00:00:00.000000000 Z
+date: 2018-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails