sp-rails-saml 0.1.0 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e4ac1206ca21c3f430c9c533f5217fa6d373bc341ee12fcebc88391fc14cfd6
-  data.tar.gz: f9a593578a7330945ad6e5e32b11b4355d4bf8e772cc9e547d0531bb8345958d
+  metadata.gz: 66c550813a06d4b4b058be271d3de67cd638114426c6f431318e8586027fdff2
+  data.tar.gz: 12d72ac3aaf78cd347493e959b84b3fe9271dfe43d598b9076f937fd0689797c
 SHA512:
-  metadata.gz: a9b2c5c50d0fd2f03551589f1419f6f22efc3cb94b5ce12273c4555bd80d920825354e8a050e863874d283ed8aef007ac3a8a6ce418cb6a7ab163411cd4461b6
-  data.tar.gz: f83ff70cf56b474cb5ea1198ab53024e6236f2ae0f085d2b4d64ed9185e6e34e2314ecfee36555ea53d9e7a901c71490728ae7edf672a73476e8e2534507db36
+  metadata.gz: 4bf53b8a37d1fcead475cfe9c840f5b2572dab7f0a4c19841ffc4b069d20dcb83073532e8d50a36530f57f685bde08b6242a005e7c90c034463f27fa2e02d55a
+  data.tar.gz: da3c88943cdafb67bf2c444838e5b4d134dbfddfcce96fbae18050d3e4d101c48d8a12b4e003d8e8f1cbae3205ce5ba3bee0b0fee5ca030e7e6bb73cb02ad84c

data/README.md

@@ -1,12 +1,24 @@
-# Sp::Rails::Saml
+<h1 align="center">
+  <br>
+  <img width=60% src="https://github.com/metaps/sp-rails-saml/blob/feature/Update_readme/media/logo.png"></p>
+</h1>
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sp/rails/saml`. To experiment with that code, run `bin/console` for an interactive prompt.
+<p align="center">
+  <br>
+  <img alt="Gem version" src="https://img.shields.io/gem/v/sp-rails-saml">
+  <img alt="Dependencies" src="https://img.shields.io/badge/dependencies-up%20to%20date-brightgreen.svg">
+  <img alt="Contributions welcome" src="https://img.shields.io/badge/contributions-welcome-orange.svg">
+  <img alt="License" src="https://img.shields.io/badge/license-MIT-blue.svg">
+</p>
 
-TODO: Delete this and the text above, and describe your gem
+## :bulb: Introduction
 
-## Installation
+sp-rails-saml is to be make onelogin ruby-saml easier to use in Ruby on Rails.
 
-Add this line to your application's Gemfile:
+## :arrow_down: Installation
+
+sp-rails-saml works with Rails 6.1 onwards.
+Add the following line to your Gemfile:
 
 ```ruby
 gem 'sp-rails-saml'
@@ -14,31 +26,137 @@ gem 'sp-rails-saml'
 
 And then execute:
 
-    $ bundle install
+```
+$ bundle install
+```
 
 Or install it yourself as:
 
-    $ gem install sp-rails-saml
+```
+$ gem install sp-rails-saml
+```
+
+## :wrench: Getting started
+
 
-## Usage
+### 1. Generate saml templates
 
-TODO: Write usage instructions here
+You need to run the generator:
 
-## Development
+```
+$ rails g sp_rails_saml:install {reference_table_name}
+```
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+At this point, you need to write your account table name in `reference_table_name`.
+This will generate the saml templates for controller, view, model, initializer, etc.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
-## Contributing
+If you need only saml sp initiated and idp initiated template
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sp-rails-saml. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/sp-rails-saml/blob/master/CODE_OF_CONDUCT.md).
+```
+$ rails g sp_rails_saml:install {reference_table_name} --settings false
+```
 
+**Controller**
+- [app/controllers/saml/sessions_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
+- [app/controllers/saml/ssos_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb)
+- [app/controllers/saml/saml_settings_controller.rb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb)
 
-## License
+**View**
+- [app/views/saml/sessions/new.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb)
+- [app/views/saml/saml_settings/show.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb)
+- [app/views/saml/saml_settings/edit.html.erb](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb)
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+**Model**
+- [app/models/saml_setting.rb](https://github.com/metaps/sp-rails-saml/blob/develop/spec/fixtures/models/saml_setting.rb)
+
+**Migration**
+- [db/migrate/create_saml_settings](https://github.com/metaps/sp-rails-saml/blob/develop/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb)
+
+### 2. Add routing
+
+To configure routings for above templates,  just add the following line to your `config/routes.rb`:
+
+```ruby
+sp_rails_saml_routes
+
+# if you need only saml sp initiated and idp initiated routing
+sp_rails_saml_routes(sso_only: true)
+```
+
+This routing method encompasses the following endpoints:
+
+```
+# metadata url
+GET  /saml/sp/metadata/:id
+
+# acs url
+POST /saml/sp/consume/:id
+
+# saml login page
+GET  /saml/sign_in
+
+# start saml sp initiated
+POST /saml/sign_in
+
+GET   /saml/saml_settings
+GET   /saml/saml_settings/edit
+PATCH /saml/saml_settings
+```
 
-## Code of Conduct
+### 3. Setting model associations
+
+If you associate the reference table and the saml model, you need to add the follwing line to your reference model file:
+
+```ruby
+has_one :saml_setting, dependent: :destroy
+```
+
+### 4. Migrate
+
+You need to run migration command.
+
+```
+$ rails db:migrate
+```
+
+### 5. Add before action
+You need to add the following line to your `SsosController` and `SessionController`:
+
+```ruby
+skip_before_action :authenticate_user!
+```
+
+### 6. Add SSO method to ApplicationController
+
+You need to add the follwing line to your `ApplicationController`:
+
+```ruby
+def sign_in_with_saml(user)
+  # add create session logic
+end
+
+# using devise example
+def sign_in_with_saml(user)
+  sign_in(:user, user)
+  redirect_to root_path
+end
+```
+
+### 7. Edit your saml credentials
+
+Once the above process is complete, you can edit your saml credentials in `/saml/saml_settings/edit`.
+
+
+## Check Saml Value
+
+sp-rails-saml only validate below list value
+
+- SAML Response AudienceRestriction
+- SAML Response Signature
+- SAML Response Destination
+
+## :page_facing_up: License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
 
-Everyone interacting in the Sp::Rails::Saml project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/sp-rails-saml/blob/master/CODE_OF_CONDUCT.md).

data/app/controllers/saml/saml_settings_base_controller.rb

@@ -0,0 +1,39 @@
+module Saml
+  # Controller to register saml by SP
+  class SamlSettingsBaseController < SamlBaseController
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
+    def show
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
+      @saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
+    end
+
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
+    def edit
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
+      @saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
+    end
+
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
+    def update
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params["#{setting.account_class.to_s.downcase}_#{setting.account_find_key}"])
+      @saml_setting = account.saml_setting.present? ? account.saml_setting : account.build_smal_setting
+
+      @saml_setting.assign_attributes(saml_setting_params)
+
+      if @saml_setting.save
+        redirect_to action: :show
+      else
+        render :edit
+      end
+    end
+
+    private
+
+    def saml_setting_params
+      params.require(:saml_setting).permit(:idp_entity_id, :idp_sso_url, :idp_cert, :login_type)
+    end
+  end
+end

data/app/controllers/saml/saml_settings_controller.rb

@@ -0,0 +1,19 @@
+module Saml
+  # Controller to register saml by SP
+  class SamlSettingsController < SamlSettingsBaseController
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
+    # def show
+    #   super
+    # end
+
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
+    # def edit
+    #   super
+    # end
+
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
+    # def update
+    #   super
+    # end
+  end
+end

data/app/controllers/saml/sessions_base_controller.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Saml
+  class SessionsBaseController < SamlBaseController
+    # GET /saml/sign_in
+    def new; end
+
+    # POST /saml/sign_in
+    def create
+      setting = SpRailsSaml::Settings.instance
+      user = setting.user_class.find_by!(setting.user_find_key => params[:email])
+      account = user.send(setting.account_class.to_s.downcase.to_sym)
+
+      raise SpRailsSaml::SamlSettingNotFound if account.saml_setting.blank?
+      raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
+
+      if user.blank?
+        redirect_to saml_sign_in_path, alert: 'failed to login'
+        return
+      end
+
+      authnrequest = SpRailsSaml::Authnrequest.new(account.saml_setting).to_url
+      redirect_to(authnrequest)
+    end
+  end
+end

data/app/controllers/saml/sessions_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SessionsController < SessionsBaseController
+    # GET /saml/sign_in
+    # def new
+    #   super
+    # end
+
+    # POST /saml/sign_in
+    # def create
+    #   super
+    # end
+  end
+end

data/app/controllers/saml/ssos_base_controller.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Saml
+  class SsosBaseController < SamlBaseController
+    skip_forgery_protection only: %w[consume]
+
+    # POST /saml/sp/consume/:id
+    def consume
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
+
+      raise SpRailsSaml::SamlSettingNotFound if account.saml_setting.blank?
+      raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
+
+      saml_setting = account.saml_setting
+      saml_response = SpRailsSaml::SamlResponse.new(params[:SAMLResponse], saml_setting)
+
+      raise SpRailsSaml::SamlResponseInvalid, saml_response.errors unless saml_response.valid?
+
+      user = setting.user_class.find_by(setting.saml_response_user_find_key => saml_response.name_id, setting.account_class.to_s.downcase => account)
+
+      raise SpRailsSaml::LoginUserNotFound if user.blank?
+
+      sign_in_with_saml(user)
+    end
+
+    # GET /saml/sp/metadata/:id
+    def metadata
+      setting = SpRailsSaml::Settings.instance
+      account = setting.account_class.find_by!(setting.account_find_key => params[setting.account_find_key])
+      metadata = SpRailsSaml::Metadata.new(account: account)
+      render xml: metadata.generate
+    end
+  end
+end

data/app/controllers/saml/ssos_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SsosController < SsosBaseController
+    # POST /saml/sp/consume/:id
+    # def consume
+    #   super
+    # end
+
+    # GET /saml/sp/metadata/:id
+    # def metadata
+    #   super
+    # end
+  end
+end

data/app/controllers/saml_base_controller.rb

@@ -0,0 +1,2 @@
+class SamlBaseController < ApplicationController
+end

data/lib/generators/sp-rails-saml/config_generator.rb

@@ -0,0 +1,29 @@
+require 'rails/generators'
+
+module SpRailsSaml
+  # Initializer file Generator.
+  #
+  class ConfigGenerator < Rails::Generators::Base
+    desc 'Generate sp-rails-saml.rb to config/initializers'
+
+    def create_initializer_file
+      create_file 'config/initializers/sp-rails-saml.rb', default_initializer
+    end
+
+    private
+
+    def default_initializer
+      <<~RUBY
+        Rails.configuration.to_prepare do
+          SpRailsSaml::Settings.setup do |config|
+            config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+            config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+            config.authn_context_comparison       = 'exact'
+            config.user_class                     = User
+            config.account_class                  = Account
+          end
+        end
+      RUBY
+    end
+  end
+end

data/lib/generators/sp-rails-saml/controllers_generator.rb

@@ -0,0 +1,20 @@
+require 'rails/generators'
+
+module SpRailsSaml
+  class ControllersGenerator < Rails::Generators::Base
+    source_root File.expand_path('templates', __dir__)
+
+    desc 'Generate controller files.'
+
+    class_option :settings, type: 'boolean', default: true
+
+    def create_session_controller
+      copy_file 'controllers/sessions_controller.rb', 'app/controllers/saml/sessions_controller.rb'
+      copy_file 'controllers/ssos_controller.rb', 'app/controllers/saml/ssos_controller.rb'
+    end
+
+    def create_saml_setting_controller
+      copy_file 'controllers/saml_settings_controller.rb', 'app/controllers/saml/saml_settings_controller.rb' if options['settings']
+    end
+  end
+end

data/lib/generators/sp-rails-saml/install_generator.rb

@@ -0,0 +1,37 @@
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module SpRailsSaml
+  class InstallGenerator < ActiveRecord::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('templates', __dir__)
+
+    desc 'Generate sp-rails-saml files.'
+
+    class_option :settings, type: 'boolean', default: true
+
+    def install_all
+      generate "sp_rails_saml:views --settings #{options['settings']}"
+      generate "sp_rails_saml:controllers --settings #{options['settings']}"
+      generate "sp_rails_saml:model #{table_name}"
+      generate 'sp_rails_saml:config'
+    end
+
+    private
+
+    def default_initializer
+      <<~RUBY
+        Rails.configuration.to_prepare do
+          SpRailsSaml::Settings.setup do |config|
+            config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+            config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
+            config.authn_context_comparison       = 'exact'
+            config.user_class                     = User
+            config.account_class                  = Account
+          end
+        end
+      RUBY
+    end
+  end
+end

data/lib/generators/sp-rails-saml/model_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module SpRailsSaml
+  class ModelGenerator < ActiveRecord::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('templates', __dir__)
+
+    def create_initializer_file
+      migration_template 'migrations/create_saml_settings.rb', 'db/migrate/create_saml_settings.rb'
+    end
+
+    def copy_model
+      create_file 'app/models/saml_setting.rb', <<~FILE
+        class SamlSetting < ApplicationRecord
+          belongs_to :#{table_name.singularize}
+
+          enum login_type: { password_only: 0, saml_only: 1, saml_and_password: 2 }
+        end
+      FILE
+    end
+  end
+end

data/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb

@@ -0,0 +1,19 @@
+module Saml
+  # Controller to register saml by SP
+  class SamlSettingsController < SamlSettingsBaseController
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
+    # def show
+    #   super
+    # end
+
+    # GET /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings/edit
+    # def edit
+    #   super
+    # end
+
+    # PATCH /saml/account_class/:#{account_class}_#{account_find_key}/saml_settings
+    # def update
+    #   super
+    # end
+  end
+end

data/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SessionsController < SessionsBaseController
+    # GET /saml/sign_in
+    # def new
+    #   super
+    # end
+
+    # POST /saml/sign_in
+    # def create
+    #   super
+    # end
+  end
+end

data/lib/generators/sp-rails-saml/templates/controllers/ssos_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SsosController < SsosBaseController
+    # POST /saml/sso/:id
+    # def consume
+    #   super
+    # end
+
+    # GET /saml/metadata/:id
+    # def metadata
+    #   super
+    # end
+  end
+end

data/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb

@@ -0,0 +1,12 @@
+class CreateSamlSettings < ActiveRecord::Migration[6.1]
+  def change
+    create_table :saml_settings, comment: 'Saml settings table for sp' do |t|
+      t.references :<%= table_name.singularize %>, foreign_key: true, null: false, comment: 'For company account model'
+      t.string :idp_sso_url, comment: 'URL for Idp SSO'
+      t.text   :idp_cert, comment: 'X.509 Certification of Idp'
+      t.string :idp_entity_id, comment: 'Entity ID of Idp'
+      t.integer :login_type, limit: 1, default: 0, null: false, comment: 'login_type(0: password_only, 1: saml_only, 2: password_and_saml)'
+      t.timestamps
+    end
+  end
+end

data/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb

@@ -0,0 +1,11 @@
+<%= form_with model: @saml_setting, url: saml_account_saml_settings_path, method: :patch, local: true do |f| %>
+  <%= f.label :idp_sso_url %>
+  <%= f.text_field :idp_sso_url %>
+  <%= f.label :idp_entity_id %>
+  <%= f.text_field :idp_entity_id %>
+  <%= f.label :idp_cert %>
+  <%= f.text_field :idp_cert %>
+  <%= f.label :login_type %>
+  <%= f.select :login_type, SamlSetting.login_types.keys.to_a %>
+  <%= f.submit %>
+<% end %>

data/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb

@@ -0,0 +1,19 @@
+<p>
+  <strong>IdP Entity ID:</strong>
+  <%= @saml_setting.idp_entity_id %>
+</p>
+
+<p>
+  <strong>IdP SSO URL:</strong>
+  <%= @saml_setting.idp_sso_url %>
+</p>
+
+<p>
+  <strong>IdP x509 Certificate:</strong>
+  <%= @saml_setting.idp_cert %>
+</p>
+
+<p>
+  <strong>Login Type</strong>
+  <%= @saml_setting.login_type %>
+</p>

data/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb

@@ -0,0 +1,8 @@
+<strong style='color: red;'><%= flash[:alert] %></strong>
+
+<%= form_with url: saml_sign_in_path, local: true do |f| %>
+  <%= f.label :email %>
+  <%= f.text_field :email %>
+
+  <%= f.submit %>
+<% end %>

data/lib/generators/sp-rails-saml/views_generator.rb

@@ -0,0 +1,22 @@
+require 'rails/generators'
+
+module SpRailsSaml
+  class ViewsGenerator < Rails::Generators::Base
+    source_root File.expand_path('templates', __dir__)
+
+    desc 'Generate view files.'
+
+    class_option :settings, type: 'boolean', default: true
+
+    def create_session_view
+      copy_file 'views/sessions/new.html.erb', 'app/views/saml/sessions/new.html.erb'
+    end
+
+    def create_saml_setting_view
+      return unless options['settings']
+
+      copy_file 'views/saml/edit.html.erb', 'app/views/saml/saml_settings/edit.html.erb'
+      copy_file 'views/saml/show.html.erb', 'app/views/saml/saml_settings/show.html.erb'
+    end
+  end
+end

data/lib/sp-rails-saml/authnrequest.rb

@@ -0,0 +1,44 @@
+module SpRailsSaml
+  # SAML2 Authentication.
+  #
+  class Authnrequest
+    # url_forを使用するためにincludeしている
+    # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
+    if defined?(ActionView::Helpers)
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+
+    def initialize(saml_setting)
+      @saml_setting = saml_setting
+    end
+
+    def to_url
+      request = OneLogin::RubySaml::Authrequest.new
+      request.create(ruby_saml_settings)
+    end
+
+    private
+
+    def ruby_saml_settings
+      settings = OneLogin::RubySaml::Settings.new
+
+      sp_rails_saml_setting = SpRailsSaml::Settings.instance
+
+      settings.assertion_consumer_service_url = saml_sp_consume_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
+      settings.sp_entity_id = saml_sp_metadata_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
+      settings.name_identifier_format         = sp_rails_saml_setting.name_identifier_format
+      settings.authn_context                  = sp_rails_saml_setting.authn_context
+      settings.authn_context_comparison       = sp_rails_saml_setting.authn_context_comparison
+      settings.idp_entity_id                  = @saml_setting.idp_entity_id
+      settings.idp_sso_service_url            = @saml_setting.idp_sso_url
+      settings.compress_request               = SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:compress_request]
+      settings
+    end
+  end
+end

data/lib/sp-rails-saml/draw_routes.rb

@@ -0,0 +1,14 @@
+require 'action_dispatch'
+
+module DrawRoute
+  RoutesNotFound = Class.new(StandardError)
+
+  def sp_rails_saml_routes(sso_only: false)
+    @sso_only = sso_only
+    path = File.expand_path('routes/routes_template.rb', __dir__)
+    instance_eval(File.read(path))
+    true
+  end
+end
+
+ActionDispatch::Routing::Mapper.prepend DrawRoute

data/lib/sp-rails-saml/metadata.rb

@@ -0,0 +1,41 @@
+module SpRailsSaml
+  class Metadata
+    # url_forを使用するためにincludeしている
+    # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
+    if defined?(ActionView::Helpers)
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+
+    def initialize(account:)
+      @account = account
+    end
+
+    def generate
+      metadata = OneLogin::RubySaml::Metadata.new
+      metadata.generate(ruby_saml_settings)
+    end
+
+    private
+
+    def required_value_is_set?
+      SpRailsSaml::Settings.name_identifier_format
+    end
+
+    def ruby_saml_settings
+      raise SettingValidationError, 'lack of required setting value' unless required_value_is_set?
+
+      settings = OneLogin::RubySaml::Settings.new
+
+      sp_rails_saml_setting = SpRailsSaml::Settings.instance
+
+      settings.assertion_consumer_service_url     = saml_sp_consume_url(@account.send(sp_rails_saml_setting.account_find_key))
+      settings.sp_entity_id                       = saml_sp_metadata_url(@account.send(sp_rails_saml_setting.account_find_key))
+      settings.name_identifier_format             = sp_rails_saml_setting.name_identifier_format
+      settings.security[:want_assertions_signed]  =
+        SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
+      settings
+    end
+  end
+end

data/lib/sp-rails-saml/routes/routes_template.rb

@@ -0,0 +1,16 @@
+namespace :saml do
+  # Session
+  get 'sign_in', to: 'sessions#new'
+  post 'sign_in', to: 'sessions#create'
+
+  unless @sso_only
+    # Saml settings for SP
+    resources SpRailsSaml::Settings.instance.account_class.to_s.downcase.to_sym, only: [], param: SpRailsSaml::Settings.instance.account_find_key do
+      resource :saml_settings, only: %i[show edit update]
+    end
+  end
+
+  # SSO
+  post "sp/consume/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#consume', as: :sp_consume
+  get "sp/metadata/:#{SpRailsSaml::Settings.instance.account_find_key}", to: 'ssos#metadata', as: :sp_metadata
+end

data/lib/sp-rails-saml/saml_response.rb

@@ -0,0 +1,74 @@
+module SpRailsSaml
+  # SAML2 Authentication Response.
+  #
+  class SamlResponse
+    # url_forを使用するためにincludeしている
+    # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
+    if defined?(ActionView::Helpers)
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+
+    def initialize(saml_response, saml_setting)
+      @saml_setting = saml_setting
+      @saml_response = saml_response
+    end
+
+    def response
+      return @response if @response.present?
+
+      @response = OneLogin::RubySaml::Response.new(
+        @saml_response,
+        settings: ruby_saml_settings,
+        skip_subject_confirmation: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_subject_confirmation],
+        skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions],
+        skip_destination: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_destination]
+      )
+    end
+
+    def valid?
+      response.is_valid?
+    end
+
+    def name_id
+      response.name_id
+    end
+
+    def name_id_format
+      response.name_id_format
+    end
+
+    def errors
+      response.errors
+    end
+
+    private
+
+    def required_value_is_set?
+      # ruby-samlの仕様上、idp_entity_idが空だとissuer = idp_entity_idの検証が行われないため、idp_entity_idがblankの検証は必須
+      @saml_setting.idp_cert.present? && @saml_setting.idp_entity_id.present?
+    end
+
+    def ruby_saml_settings
+      raise SettingValidationError, 'lack of required setting value' unless required_value_is_set?
+
+      settings = OneLogin::RubySaml::Settings.new
+
+      sp_rails_saml_setting = SpRailsSaml::Settings.instance
+
+      settings.assertion_consumer_service_url = saml_sp_consume_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
+      settings.sp_entity_id = saml_sp_metadata_url(
+        @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).send(sp_rails_saml_setting.account_find_key)
+      )
+      settings.idp_cert                           = @saml_setting.idp_cert
+      settings.idp_entity_id                      = @saml_setting.idp_entity_id
+      settings.security[:want_assertions_signed]  =
+        SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
+
+      settings
+    end
+  end
+end

data/lib/sp-rails-saml/settings.rb

@@ -0,0 +1,56 @@
+require 'singleton'
+
+module SpRailsSaml
+  # SAML2 settings for initializer.
+  #
+  class Settings
+    include Singleton
+
+    RUBY_SAML_DEFAULT_SETTINGS = {
+      compress_request: true,
+      skip_subject_confirmation: true,
+      skip_conditions: true,
+      skip_destination: false,
+      want_assertions_signed: true,
+      account_find_key: :id,
+      user_find_key: :email,
+      saml_response_user_find_key: :email
+    }.freeze
+
+    attr_reader :name_identifier_format,
+                :authn_context,
+                :authn_context_comparison,
+                :user_class,
+                :account_class,
+                :user_find_key,
+                :account_find_key,
+                :saml_response_user_find_key
+
+    class << self
+      attr_accessor :name_identifier_format,
+                    :authn_context,
+                    :authn_context_comparison,
+                    :user_class,
+                    :account_class,
+                    :user_find_key,
+                    :account_find_key,
+                    :saml_response_user_find_key
+
+      def setup
+        yield self
+
+        setting = SpRailsSaml::Settings.instance
+
+        setting.instance_variable_set(:@name_identifier_format, SpRailsSaml::Settings.name_identifier_format)
+        setting.instance_variable_set(:@authn_context, SpRailsSaml::Settings.authn_context)
+        setting.instance_variable_set(:@authn_context_comparison, SpRailsSaml::Settings.authn_context_comparison)
+        setting.instance_variable_set(:@user_class, SpRailsSaml::Settings.user_class)
+        setting.instance_variable_set(:@account_class, SpRailsSaml::Settings.account_class)
+        setting.instance_variable_set(:@user_find_key, SpRailsSaml::Settings.user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:user_find_key])
+        setting.instance_variable_set(:@account_find_key, SpRailsSaml::Settings.account_find_key || RUBY_SAML_DEFAULT_SETTINGS[:account_find_key])
+        setting.instance_variable_set(:@saml_response_user_find_key,
+                                      SpRailsSaml::Settings.saml_response_user_find_key || RUBY_SAML_DEFAULT_SETTINGS[:saml_response_user_find_key])
+      end
+    end
+  end
+end

data/lib/sp-rails-saml/version.rb

@@ -0,0 +1,3 @@
+module SpRailsSaml
+  VERSION = '1.0.3'.freeze
+end

data/lib/sp-rails-saml.rb

@@ -0,0 +1,37 @@
+require 'ruby-saml'
+require 'sp-rails-saml/settings'
+require 'sp-rails-saml/draw_routes'
+require 'generators/sp-rails-saml/config_generator'
+require 'generators/sp-rails-saml/controllers_generator'
+require 'generators/sp-rails-saml/views_generator'
+require 'generators/sp-rails-saml/model_generator'
+require 'generators/sp-rails-saml/install_generator'
+
+autoload :SamlBaseController, File.expand_path('../app/controllers/saml_base_controller', __dir__)
+
+module SpRailsSaml
+  class Error < StandardError; end
+
+  class SettingValidationError < Error; end
+
+  class SamlLoginForbidden < Error; end
+
+  class LoginUserNotFound < Error; end
+
+  class SamlResponseInvalid < Error; end
+
+  class SamlSettingNotFound < Error; end
+
+  autoload :Authnrequest, File.expand_path('./sp-rails-saml/authnrequest', __dir__)
+  autoload :SamlResponse, File.expand_path('./sp-rails-saml/saml_response', __dir__)
+  autoload :Metadata, File.expand_path('./sp-rails-saml/metadata', __dir__)
+end
+
+module Saml
+  autoload :SessionsController, File.expand_path('../app/controllers/saml/sessions_controller', __dir__)
+  autoload :SessionsBaseController, File.expand_path('../app/controllers/saml/sessions_base_controller', __dir__)
+  autoload :SamlSettingsBaseController, File.expand_path('../app/controllers/saml/saml_settings_base_controller', __dir__)
+  autoload :SamlSettingsController, File.expand_path('../app/controllers/saml/saml_settings_controller', __dir__)
+  autoload :SsosController, File.expand_path('../app/controllers/saml/ssos_controller', __dir__)
+  autoload :SsosBaseController, File.expand_path('../app/controllers/saml/ssos_base_controller', __dir__)
+end

metadata

@@ -1,15 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: sp-rails-saml
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.3
 platform: ruby
 authors:
 - psyashes
+- sibakeny
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-30 00:00:00.000000000 Z
-dependencies: []
+date: 2021-11-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem is to be make onelogin ruby-saml easier to use in Ruby on Rails.
 email:
 - 43512814+psyashes@users.noreply.github.com
@@ -17,21 +32,34 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
-- CODE_OF_CONDUCT.md
-- Gemfile
-- Gemfile.lock
-- LICENSE.txt
 - README.md
-- Rakefile
-- bin/console
-- bin/setup
-- lib/sp/rails/saml.rb
-- lib/sp/rails/saml/hello.rb
-- lib/sp/rails/saml/version.rb
-- sp-rails-saml.gemspec
+- app/controllers/saml/saml_settings_base_controller.rb
+- app/controllers/saml/saml_settings_controller.rb
+- app/controllers/saml/sessions_base_controller.rb
+- app/controllers/saml/sessions_controller.rb
+- app/controllers/saml/ssos_base_controller.rb
+- app/controllers/saml/ssos_controller.rb
+- app/controllers/saml_base_controller.rb
+- lib/generators/sp-rails-saml/config_generator.rb
+- lib/generators/sp-rails-saml/controllers_generator.rb
+- lib/generators/sp-rails-saml/install_generator.rb
+- lib/generators/sp-rails-saml/model_generator.rb
+- lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb
+- lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb
+- lib/generators/sp-rails-saml/templates/controllers/ssos_controller.rb
+- lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb
+- lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb
+- lib/generators/sp-rails-saml/templates/views/saml/show.html.erb
+- lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb
+- lib/generators/sp-rails-saml/views_generator.rb
+- lib/sp-rails-saml.rb
+- lib/sp-rails-saml/authnrequest.rb
+- lib/sp-rails-saml/draw_routes.rb
+- lib/sp-rails-saml/metadata.rb
+- lib/sp-rails-saml/routes/routes_template.rb
+- lib/sp-rails-saml/saml_response.rb
+- lib/sp-rails-saml/settings.rb
+- lib/sp-rails-saml/version.rb
 homepage: https://github.com/metaps/sp-rails-saml
 licenses:
 - MIT
@@ -48,7 +76,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/.gitignore

@@ -1,11 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-
-# rspec failure tracking
-.rspec_status

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---require spec_helper

data/.travis.yml

@@ -1,6 +0,0 @@
----
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.5
-before_install: gem install bundler -v 2.1.4

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at 43512814+psyashes@users.noreply.github.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [https://contributor-covenant.org/version/1/4][version]
-
-[homepage]: https://contributor-covenant.org
-[version]: https://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,7 +0,0 @@
-source "https://rubygems.org"
-
-# Specify your gem's dependencies in sp-rails-saml.gemspec
-gemspec
-
-gem "rake", "~> 12.0"
-gem "rspec", "~> 3.0"

data/Gemfile.lock

@@ -1,34 +0,0 @@
-PATH
-  remote: .
-  specs:
-    sp-rails-saml (0.1.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    diff-lcs (1.4.4)
-    rake (12.3.3)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  rake (~> 12.0)
-  rspec (~> 3.0)
-  sp-rails-saml!
-
-BUNDLED WITH
-   2.1.4

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2021 psyashes
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

data/Rakefile

@@ -1,6 +0,0 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "sp/rails/saml"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/lib/sp/rails/saml/hello.rb

@@ -1,11 +0,0 @@
-module Sp
-  module Rails
-    module Saml
-      class Greet
-        def self.say(word)
-          word + ', hello.'
-        end
-      end
-    end
-  end
-end

data/lib/sp/rails/saml/version.rb

@@ -1,7 +0,0 @@
-module Sp
-  module Rails
-    module Saml
-      VERSION = "0.1.0"
-    end
-  end
-end

data/lib/sp/rails/saml.rb

@@ -1,11 +0,0 @@
-require "sp/rails/saml/version"
-require "sp/rails/saml/hello"
-
-module Sp
-  module Rails
-    module Saml
-      class Error < StandardError; end
-      # Your code goes here...
-    end
-  end
-end

data/sp-rails-saml.gemspec

@@ -1,29 +0,0 @@
-require_relative 'lib/sp/rails/saml/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "sp-rails-saml"
-  spec.version       = Sp::Rails::Saml::VERSION
-  spec.authors       = ["psyashes"]
-  spec.email         = ["43512814+psyashes@users.noreply.github.com"]
-
-  spec.summary       = %q{Simple sp saml for rails.}
-  spec.description   = %q{This gem is to be make onelogin ruby-saml easier to use in Ruby on Rails.}
-  spec.homepage      = "https://github.com/metaps/sp-rails-saml"
-  spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
-
-  spec.metadata["allowed_push_host"] = "https://rubygems.org"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/metaps/sp-rails-saml"
-  spec.metadata["changelog_uri"] = "https://github.com/metaps/sp-rails-saml"
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-end