shib-rack 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca0cc87599b9b1fbbf3ca438be67ed5f5721424a9f8336f5e3b0cea657f74855
-  data.tar.gz: da104a3eca3c6af72ab5b6d377107835f7d7ed4593ce62f2fb9d9180cdaa6c4e
+  metadata.gz: 78fa3a4ee12fc6f8e41592474540ce68b901ef3f029aecbd0570f45875281559
+  data.tar.gz: 3758a8bc22d11331862fa010d697a5baca2a7eb2b5f67e50bc7e6e5f5f4b7ca9
 SHA512:
-  metadata.gz: 54677c9f744f091ab69d4e28a51f4c352d8b32ba5967d4b517677288d4c285afb53328a58d68eda34c161544bcfd333cadab07f3e22525343fa62e397f7c28a1
-  data.tar.gz: 397dd0fbec7d4d5fe73bc7eac86068fe34568fe22f9cf05d9193abc3c728c99e576ee295baffc3b6011607737af771b982dfcaf3ed1c5eaa14e920370987a3e0
+  metadata.gz: eb56619f465b8ef03c7e96aef94dd1ee66dd408f5452bf6c07df966faecf128553e0ed6ad329a2223ef0f8c21742681c769cd112cea44883a57e1ee1c193f707
+  data.tar.gz: 29c1a07bd0cc488e958fea28749f413a70781a7434085df7edcade942b2c5be2734129e077ed309f880039d979fd9a26fc8f3f871f1c1689eac25ba9d1d688d3

data/.github/workflows/.test.yaml

@@ -0,0 +1,20 @@
+name: Run RSpec tests
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
+
+      - name: Install dependencies
+        run: bundle install
+
+      - name: Run RSpec
+        run: bundle exec rspec

data/.ruby-version

@@ -0,0 +1 @@
+3.3.6

data/Makefile

@@ -0,0 +1,4 @@
+publish-gem:
+	gem build shib-rack.gemspec
+	gem push shib-rack-*.gem
+	rm shib-rack-*.gem

data/README.md

@@ -1,36 +1,15 @@
 # ShibRack
 
 [![Gem Version][GV img]][Gem Version]
-[![Build Status][BS img]][Build Status]
 
 [Gem Version]: https://rubygems.org/gems/shib-rack
-[Build Status]: https://codeship.com/projects/145971
 
 [GV img]: https://img.shields.io/gem/v/shib-rack.svg
-[BS img]: https://img.shields.io/codeship/5cdcef80-e343-0133-84a6-5a988fa7d930/develop.svg
 
 [Shibboleth SP](http://shibboleth.net) authentication plugin for Rack-based web
 applications. Contains Rails-specific extensions for consumption by Rails
 applications.
 
-Author: Shaun Mangelsdorf
-
-```
-Copyright 2018, Australian Access Federation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-```
-
 ## Installation
 
 Add the `shib-rack` dependency to your application's `Gemfile`:
@@ -45,19 +24,168 @@ Use Bundler to install the dependency:
 bundle install
 ```
 
-TBC
+Then create a Receiver class which will receive the session attributes. In development mode, `shib-rack` uses a development handler to provide example identities that you can use.
+
+Optionally, you can also setup an error handler class.
+
+You will need to customise this to suit your usage. Below is an example using only a limited number of attributes.
+
+```ruby
+# frozen_string_literal: true
+# Extends the Authentication Module from Shib-Rack
+module Authentication
+  # Custom SubjectReceiver Class
+  class SubjectReceiver
+    include ShibRack::DefaultReceiver
+    include ShibRack::AttributeMapping
+
+    map_single_value shared_token:           'HTTP_AUEDUPERSONSHAREDTOKEN',
+                     targeted_id:            'HTTP_TARGETED_ID',
+                     principal_name:         'HTTP_PRINCIPALNAME'
+
+    def subject(_env, attrs)
+      Subject.transaction do
+        identifier = attrs.slice(:targeted_id)
+        subject = Subject.find_or_initialize_by(identifier)
+
+        subject.update!(attrs)
+        subject
+      end
+    end
+
+    def finish(_env)
+      redirect_to('/dashboard')
+    end
+  end
+end
+```
+
+### Multiple attributes
+
+Some attributes are multi-valued, such as `affiliation` and `scoped_affiliation`.
+
+You can use the `map_multi_value` method for these attributes, but you will need to consider how to store them in your app. In the example below, a separate model has been used for `affiliations`.
+
+Multi-value attributes (as with other attributes) are appended to your HTTP headers after authentication occurs. Multi-value attributes are stored in your header as a single string with each value delimited by a `;`. This method splits the string into a ruby array based on this delimiting character.
+
+```ruby
+# frozen_string_literal: true
+# Extends the Authentication Module from Shib-Rack
+module Authentication
+  # Custom SubjectReceiver Class
+  class SubjectReceiver
+    include ShibRack::DefaultReceiver
+    include ShibRack::AttributeMapping
 
-### Integrating with a Rack application
+    map_single_value shared_token:           'HTTP_AUEDUPERSONSHAREDTOKEN',
+                     targeted_id:            'HTTP_TARGETED_ID',
+                     principal_name:         'HTTP_PRINCIPALNAME'
 
-TBD
+    map_multi_value  affiliation:            'HTTP_EDUPERSONAFFILIATION'
+
+    def subject(_env, attrs)
+      Subject.transaction do
+        identifier = attrs.slice(:targeted_id)
+        subject = Subject.find_or_initialize_by(identifier)
+
+        subject.update!(attrs.except(:affiliation))
+        update_affiliations(subject, attrs)
+
+        subject
+      end
+    end
+
+    def finish(_env)
+      redirect_to('/dashboard')
+    end
+
+    def update_affiliations(subject, attrs)
+      touched = []
+
+      attrs[:affiliation].each do |value|
+        touched << subject.affiliations.find_or_create_by!(value: value)
+      end
+
+      subject.affiliations.where.not(id: touched.map(&:id)).destroy_all
+    end
+  end
+end
+```
 
 ### Integrating with a Rails application
 
-TBD
+Map the `ShibRack::Engine` app to a path in your application. It is strongly recommended that you use the default path of `/auth`. In `config/routes.rb`
+
+```ruby
+Rails.application.routes.draw do
+  mount ShibRack::Engine => '/auth'
+end
+```
+
+Configure the receiver, and optional error handler in `config/application.rb`
+
+```ruby
+module MyApp
+  class Application < Rails::Application
+    # ...
+    config.autoload_paths << Rails.root.join('lib')
+    config.shib_rack.receiver = 'Authentication::SubjectReceiver'
+    config.shib_rack.error_handler = 'Authentication::ErrorHandler'
+  end
+end
+```
+
+Ensure the gem runs in development mode in `config/development.rb`
+
+```ruby
+config.shib_rack.development_mode = true
+```
+
+And likewise ensure the gem runs in test mode in `config/test.rb`
+
+```ruby
+config.shib_rack.test_mode = true
+```
 
 ### Using with Capybara-style tests
 
-TBD
+Ensure that you have configured the gem to run in test mode in `config/test.rb` (See above)
+
+Once this has been setup, you can create a capybara-style test. See the example below which tests the login process using the test handler. This is an example only, and will vary based on your app implementation.
+
+```ruby
+# frozen_string_literal: true
+require 'rails_helper'
+
+RSpec.feature 'Authentication Flow', type: :feature do
+  let(:idp_domain) { Faker::Internet.domain_name }
+  let(:idp) { "https://idp.#{idp_domain}/idp/shibboleth" }
+  let(:sp) { "https://sp.#{Faker::Internet.domain_name}/shibboleth" }
+  let(:name) { Faker::Name.name }
+
+  let(:attrs) do
+    {
+      'HTTP_AUEDUPERSONSHAREDTOKEN'     => SecureRandom.urlsafe_base64(20),
+      'HTTP_TARGETED_ID'                => "#{idp}!#{sp}!#{SecureRandom.uuid}",
+      'HTTP_PRINCIPALNAME'              => "#{name}@#{idp_domain}",
+      'HTTP_EDUPERSONAFFILIATION'       => 'staff;member'
+    }
+  end
+
+  before do
+    ShibRack::TestHandler.attributes = attrs
+    visit '/auth/login'
+  end
+
+  it 'User is redirected to dashboard with details displayed on initial login' do
+    expect(current_path).to eq('/dashboard')
+    expect(page).to have_content("You're logged in. Here are your details")
+    expect(page).to have_content(name)
+    expect(page).to have_content(idp_domain)
+    # Further checks for other attributes can be added here
+  end
+end
+```
 
 ## Contributing
 

data/lib/shib_rack/default_receiver.rb

@@ -22,7 +22,7 @@ module ShibRack
     end
 
     def redirect_to(url)
-      [302, { 'Location' => url }, []]
+      [302, { 'location' => url }, []]
     end
 
     def logout(env)

data/lib/shib_rack/development_handler.rb

@@ -56,7 +56,7 @@ module ShibRack
       end
 
       env['rack.session']['original_params'] = params
-      [302, { 'Location' => DevelopmentHandler.login_redirect(env) }, []]
+      [302, { 'location' => DevelopmentHandler.login_redirect(env) }, []]
     end
 
     def restore_original_query(env)
@@ -70,7 +70,7 @@ module ShibRack
     def development
       [
         200,
-        { 'Content-Type' => 'text/html; charset=utf-8' },
+        { 'content-type' => 'text/html; charset=utf-8' },
         [development_html]
       ]
     end

data/lib/shib_rack/engine.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'ostruct'
+
 module ShibRack
   # Provides integration of shib-rack into Rails applications
   class Engine < Rails::Engine

data/lib/shib_rack/handler.rb

@@ -20,7 +20,7 @@ module ShibRack
 
     def handle(_env, _exception)
       [
-        400, { 'Content-Type' => 'text/plain' }, [
+        400, { 'content-type' => 'text/plain' }, [
           'Sorry, your attempt to log in to this service was not successful. ',
           'Please contact the service owner for assistance, and include the ',
           'link you used to access this service.'

data/lib/shib_rack/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShibRack
-  VERSION = '0.4.0'
+  VERSION = '0.5.0'
 end

data/shib-rack.gemspec

@@ -18,17 +18,18 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'rack'
+  spec.add_dependency 'ostruct'
 
   spec.add_development_dependency 'aaf-gumboot'
 
   spec.add_development_dependency 'faker'
   spec.add_development_dependency 'rack-test'
-  spec.add_development_dependency 'rails', '~> 4.2'
+  spec.add_development_dependency 'rails'
   spec.add_development_dependency 'sqlite3'
 
-  spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
 
   spec.add_development_dependency 'guard'
   spec.add_development_dependency 'guard-bundler'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shib-rack
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Shaun Mangelsdorf
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-10-03 00:00:00.000000000 Z
+date: 2024-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aaf-gumboot
   requirement: !ruby/object:Gem::Requirement
@@ -70,16 +84,16 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -98,44 +112,44 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
@@ -206,20 +220,23 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - s.mangelsdorf@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/.test.yaml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
+- ".ruby-version"
 - ".simplecov"
 - Gemfile
 - Guardfile
 - LICENSE
+- Makefile
 - README.md
 - Rakefile
 - bin/setup
@@ -238,7 +255,7 @@ files:
 homepage: https://github.com/ausaccessfed/shib-rack.git
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -253,9 +270,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
-signing_key: 
+rubygems_version: 3.5.22
+signing_key:
 specification_version: 4
 summary: Rack middleware for Shibboleth SP authentication
 test_files: []