sp-rails-saml 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e4ac1206ca21c3f430c9c533f5217fa6d373bc341ee12fcebc88391fc14cfd6
-  data.tar.gz: f9a593578a7330945ad6e5e32b11b4355d4bf8e772cc9e547d0531bb8345958d
+  metadata.gz: 47dc360ca65fe21ed77f78d87118ce668aecbed7485c34d6067a009e1d262a48
+  data.tar.gz: 62504e95ea6daada42ade266a216f5063a141d5ee65f6507fdadac63fa9c6ff2
 SHA512:
-  metadata.gz: a9b2c5c50d0fd2f03551589f1419f6f22efc3cb94b5ce12273c4555bd80d920825354e8a050e863874d283ed8aef007ac3a8a6ce418cb6a7ab163411cd4461b6
-  data.tar.gz: f83ff70cf56b474cb5ea1198ab53024e6236f2ae0f085d2b4d64ed9185e6e34e2314ecfee36555ea53d9e7a901c71490728ae7edf672a73476e8e2534507db36
+  metadata.gz: '091893c3419f9dc935bb4554f2979d68233335e27cb093cf135e3d37a8ae33dd961f27d8c31d9e5e1f088a38a811d0dc71a1c75fe64b5749d4380968c9b7acbe'
+  data.tar.gz: b862ab4596e83e61267db0245c3b18abb306c1c831f89a804822ade015f8485f5c8a2d381e7487c246189a9893410836548ba75d7976d33a90f56344b8a2ad06

data/README.md

@@ -1,6 +1,6 @@
-# Sp::Rails::Saml
+# SpRailsSaml
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sp/rails/saml`. To experiment with that code, run `bin/console` for an interactive prompt.
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sp-rails-saml`. To experiment with that code, run `bin/console` for an interactive prompt.
 
 TODO: Delete this and the text above, and describe your gem
 
@@ -42,3 +42,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Code of Conduct
 
 Everyone interacting in the Sp::Rails::Saml project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/sp-rails-saml/blob/master/CODE_OF_CONDUCT.md).
+

data/app/controllers/saml/saml_settings_base_controller.rb

@@ -0,0 +1,36 @@
+module Saml
+  # Controller to register saml by SP
+  class SamlSettingsBaseController < SamlBaseController
+    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    def show
+      account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
+      @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
+    end
+
+    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    def edit
+      account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
+      @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
+    end
+
+    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    def update
+      account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
+      @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
+
+      @saml_setting.assign_attributes(saml_setting_params)
+
+      if @saml_setting.save
+        redirect_to action: :show
+      else
+        render :edit
+      end
+    end
+
+    private
+
+    def saml_setting_params
+      params.require(:saml_setting).permit(:idp_entity_id, :idp_sso_url, :idp_cert, :login_type)
+    end
+  end
+end

data/app/controllers/saml/saml_settings_controller.rb

@@ -0,0 +1,19 @@
+module Saml
+  # Controller to register saml by SP
+  class SamlSettingsController < SamlSettingsBaseController
+    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # def show
+    #   super
+    # end
+
+    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    # def edit
+    #   super
+    # end
+
+    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # def update
+    #   super
+    # end
+  end
+end

data/app/controllers/saml/sessions_base_controller.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Saml
+  class SessionsBaseController < SamlBaseController
+    # GET /saml/sign_in
+    def new; end
+
+    # POST /saml/sign_in
+    def create
+      user = SpRailsSaml::Settings.user_class.find_by(email: params[:email])
+      account = user.send(SpRailsSaml::Settings.account_class.to_s.downcase.to_sym)
+
+      raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
+
+      if user.blank?
+        redirect_to saml_sign_in_path, alert: 'failed to login'
+        return
+      end
+
+      authnrequest = SpRailsSaml::Authnrequest.new(account.saml_setting).to_url
+      redirect_to(authnrequest)
+    end
+  end
+end

data/app/controllers/saml/sessions_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SessionsController < SessionsBaseController
+    # GET /saml/sign_in
+    # def new
+    #   super
+    # end
+
+    # POST /saml/sign_in
+    # def create
+    #   super
+    # end
+  end
+end

data/app/controllers/saml/ssos_base_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Saml
+  class SsosBaseController < SamlBaseController
+    skip_forgery_protection only: %w[consume]
+
+    # POST /saml/metadata/:id
+    def consume
+      account = SpRailsSaml::Settings.account_class.find(params[:id])
+
+      raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
+
+      saml_setting = account.saml_setting
+      saml_response = SpRailsSaml::SamlResponse.new(params[:SAMLResponse], saml_setting)
+
+      if saml_response.valid?
+        user = SpRailsSaml::Settings.user_class.find_by(email: saml_response.name_id)
+        raise LoginUserNotFound if user.blank?
+
+        sign_in_with_saml(user)
+      else
+        redirect_to saml_sign_in_path, alert: 'failed to login'
+      end
+    end
+
+    # GET /saml/metadata/:id
+    def metadata
+      account = SpRailsSaml::Settings.account_class.find(params[:id])
+      metadata = SpRailsSaml::Metadata.new(account: account)
+      render xml: metadata.generate
+    end
+  end
+end

data/app/controllers/saml/ssos_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SsosController < SsosBaseController
+    # POST /saml/sso/:id
+    # def consume
+    #   super
+    # end
+
+    # GET /saml/metadata/:id
+    # def metadata
+    #   super
+    # end
+  end
+end

data/app/controllers/saml_base_controller.rb

@@ -0,0 +1,2 @@
+class SamlBaseController < ApplicationController
+end

data/lib/generators/sp-rails-saml/config_generator.rb

@@ -0,0 +1,27 @@
+require 'rails/generators'
+
+module SpRailsSaml
+  # Initializer file Generator.
+  #
+  class ConfigGenerator < Rails::Generators::Base
+    desc 'Generate sp-rails-saml.rb to config/initializers'
+
+    def create_initializer_file
+      create_file 'config/initializers/sp-rails-saml.rb', default_initializer
+    end
+
+    private
+
+    def default_initializer
+      <<~RUBY
+        SpRailsSaml::Settings.setup do |config|
+          config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+          config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
+          config.authn_context_comparison       = 'exact'
+          config.user_class = User
+          config.account_class = Account
+        end
+      RUBY
+    end
+  end
+end

data/lib/generators/sp-rails-saml/controllers_generator.rb

@@ -0,0 +1,20 @@
+require 'rails/generators'
+
+module SpRailsSaml
+  class ControllersGenerator < Rails::Generators::Base
+    source_root File.expand_path('templates', __dir__)
+
+    desc 'Generate controller files.'
+
+    class_option :settings, type: 'boolean', default: true
+
+    def create_session_controller
+      copy_file 'controllers/sessions_controller.rb', 'app/controllers/saml/sessions_controller.rb'
+      copy_file 'controllers/ssos_controller.rb', 'app/controllers/saml/ssos_controller.rb'
+    end
+
+    def create_saml_setting_controller
+      copy_file 'controllers/saml_settings_controller.rb', 'app/controllers/saml/saml_settings_controller.rb' if options['settings']
+    end
+  end
+end

data/lib/generators/sp-rails-saml/install_generator.rb

@@ -0,0 +1,35 @@
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module SpRailsSaml
+  class InstallGenerator < ActiveRecord::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('templates', __dir__)
+
+    desc 'Generate sp-rails-saml files.'
+
+    class_option :settings, type: 'boolean', default: true
+
+    def install_all
+      generate "sp_rails_saml:views --settings #{options['settings']}"
+      generate "sp_rails_saml:controllers --settings #{options['settings']}"
+      generate "sp_rails_saml:model #{table_name}"
+      generate 'sp_rails_saml:config'
+    end
+
+    private
+
+    def default_initializer
+      <<~RUBY
+        SpRailsSaml::Settings.setup do |config|
+          config.name_identifier_format         = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
+          config.authn_context                  = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
+          config.authn_context_comparison       = 'exact'
+          config.user_class = User
+          config.account_class = Account
+        end
+      RUBY
+    end
+  end
+end

data/lib/generators/sp-rails-saml/model_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module SpRailsSaml
+  class ModelGenerator < ActiveRecord::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path('templates', __dir__)
+
+    def create_initializer_file
+      migration_template 'migrations/create_saml_settings.rb', 'db/migrate/create_saml_settings.rb'
+    end
+
+    def copy_model
+      create_file 'app/models/saml_setting.rb', <<~FILE
+        class SamlSetting < ApplicationRecord
+          belongs_to :#{table_name.singularize}
+
+          enum login_type: { password_only: 0, saml_only: 1, saml_and_password: 2 }
+        end
+      FILE
+    end
+  end
+end

data/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb

@@ -0,0 +1,20 @@
+module Saml
+  # Controller to register saml by SP
+  #
+  class SamlSettingsController < SamlSettingsBaseController
+    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # def show
+    #   super
+    # end
+
+    # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
+    # def edit
+    #   super
+    # end
+
+    # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
+    # def update
+    #   super
+    # end
+  end
+end

data/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SessionsController < SessionsBaseController
+    # GET /saml/sign_in
+    # def new
+    #   super
+    # end
+
+    # POST /saml/sign_in
+    # def create
+    #   super
+    # end
+  end
+end

data/lib/generators/sp-rails-saml/templates/controllers/ssos_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Saml
+  class SsosController < SsosBaseController
+    # POST /saml/sso/:id
+    # def consume
+    #   super
+    # end
+
+    # GET /saml/metadata/:id
+    # def metadata
+    #   super
+    # end
+  end
+end

data/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb

@@ -0,0 +1,12 @@
+class CreateSamlSettings < ActiveRecord::Migration[6.1]
+  def change
+    create_table :saml_settings, comment: 'Saml settings table for sp' do |t|
+      t.references :<%= table_name.singularize %>, foreign_key: true, null: false, comment: 'For company account model'
+      t.string :idp_sso_url, comment: 'URL for Idp SSO'
+      t.text   :idp_cert, comment: 'X.509 Certification of Idp'
+      t.string :idp_entity_id, comment: 'Entity ID of Idp'
+      t.integer :login_type, limit: 1, default: 0, null: false, comment: 'login_type(0: password_only, 1: saml_only, 2: password_and_saml)'
+      t.timestamps
+    end
+  end
+end

data/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb

@@ -0,0 +1,11 @@
+<%= form_with model: @saml_setting, url: saml_account_saml_settings_path, method: :patch, local: true do |f| %>
+  <%= f.label :idp_sso_url %>
+  <%= f.text_field :idp_sso_url %>
+  <%= f.label :idp_entity_id %>
+  <%= f.text_field :idp_entity_id %>
+  <%= f.label :idp_cert %>
+  <%= f.text_field :idp_cert %>
+  <%= f.label :login_type %>
+  <%= f.select :login_type, SamlSetting.login_types.keys.to_a %>
+  <%= f.submit %>
+<% end %>

data/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb

@@ -0,0 +1,19 @@
+<p>
+  <strong>IdP Entity ID:</strong>
+  <%= @saml_setting.idp_entity_id %>
+</p>
+
+<p>
+  <strong>IdP SSO URL:</strong>
+  <%= @saml_setting.idp_sso_url %>
+</p>
+
+<p>
+  <strong>IdP x509 Certificate:</strong>
+  <%= @saml_setting.idp_cert %>
+</p>
+
+<p>
+  <strong>Login Type</strong>
+  <%= @saml_setting.login_type %>
+</p>

data/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb

@@ -0,0 +1,8 @@
+<strong style='color: red;'><%= flash[:alert] %></strong>
+
+<%= form_with url: saml_sign_in_path, local: true do |f| %>
+  <%= f.label :email %>
+  <%= f.text_field :email %>
+
+  <%= f.submit %>
+<% end %>

data/lib/generators/sp-rails-saml/views_generator.rb

@@ -0,0 +1,22 @@
+require 'rails/generators'
+
+module SpRailsSaml
+  class ViewsGenerator < Rails::Generators::Base
+    source_root File.expand_path('templates', __dir__)
+
+    desc 'Generate view files.'
+
+    class_option :settings, type: 'boolean', default: true
+
+    def create_session_view
+      copy_file 'views/sessions/new.html.erb', 'app/views/saml/sessions/new.html.erb'
+    end
+
+    def create_saml_setting_view
+      return unless options['settings']
+
+      copy_file 'views/saml/edit.html.erb', 'app/views/saml/saml_settings/edit.html.erb'
+      copy_file 'views/saml/show.html.erb', 'app/views/saml/saml_settings/show.html.erb'
+    end
+  end
+end

data/lib/sp-rails-saml.rb

@@ -0,0 +1,33 @@
+require 'ruby-saml'
+require 'sp-rails-saml/settings'
+require 'sp-rails-saml/draw_routes'
+require 'generators/sp-rails-saml/config_generator'
+require 'generators/sp-rails-saml/controllers_generator'
+require 'generators/sp-rails-saml/views_generator'
+require 'generators/sp-rails-saml/model_generator'
+require 'generators/sp-rails-saml/install_generator'
+
+autoload :SamlBaseController, File.expand_path('../app/controllers/saml_base_controller', __dir__)
+
+module SpRailsSaml
+  class Error < StandardError; end
+
+  class SettingValidationError < Error; end
+
+  class MultiSetupError < Error; end
+
+  class SamlLoginForbidden < Error; end
+
+  autoload :Authnrequest, File.expand_path('./sp-rails-saml/authnrequest', __dir__)
+  autoload :SamlResponse, File.expand_path('./sp-rails-saml/saml_response', __dir__)
+  autoload :Metadata, File.expand_path('./sp-rails-saml/metadata', __dir__)
+end
+
+module Saml
+  autoload :SessionsController, File.expand_path('../app/controllers/saml/sessions_controller', __dir__)
+  autoload :SessionsBaseController, File.expand_path('../app/controllers/saml/sessions_base_controller', __dir__)
+  autoload :SamlSettingsBaseController, File.expand_path('../app/controllers/saml/saml_settings_base_controller', __dir__)
+  autoload :SamlSettingsController, File.expand_path('../app/controllers/saml/saml_settings_controller', __dir__)
+  autoload :SsosController, File.expand_path('../app/controllers/saml/ssos_controller', __dir__)
+  autoload :SsosBaseController, File.expand_path('../app/controllers/saml/ssos_base_controller', __dir__)
+end

data/lib/sp-rails-saml/authnrequest.rb

@@ -0,0 +1,40 @@
+module SpRailsSaml
+  # SAML2 Authentication.
+  #
+  class Authnrequest
+    # url_forを使用するためにincludeしている
+    # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
+    if defined?(ActionView::Helpers)
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+
+    def initialize(saml_setting)
+      @saml_setting = saml_setting
+    end
+
+    def to_url
+      request = OneLogin::RubySaml::Authrequest.new
+      request.create(ruby_saml_settings)
+    end
+
+    private
+
+    def ruby_saml_settings
+      settings = OneLogin::RubySaml::Settings.new
+
+      sp_rails_saml_setting = SpRailsSaml::Settings.instance
+
+      settings.assertion_consumer_service_url = saml_sso_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
+      settings.sp_entity_id                   = saml_metadata_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
+      settings.name_identifier_format         = sp_rails_saml_setting.name_identifier_format
+      settings.authn_context                  = sp_rails_saml_setting.authn_context
+      settings.authn_context_comparison       = sp_rails_saml_setting.authn_context_comparison
+      settings.idp_entity_id                  = @saml_setting.idp_entity_id
+      settings.idp_sso_service_url            = @saml_setting.idp_sso_url
+      settings.compress_request               = SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:compress_request]
+      settings
+    end
+  end
+end

data/lib/sp-rails-saml/draw_routes.rb

@@ -0,0 +1,14 @@
+require 'action_dispatch'
+
+module DrawRoute
+  RoutesNotFound = Class.new(StandardError)
+
+  def sp_rails_saml_routes(sso_only: false)
+    @sso_only = sso_only
+    path = File.expand_path('routes/routes_template.rb', __dir__)
+    instance_eval(File.read(path))
+    true
+  end
+end
+
+ActionDispatch::Routing::Mapper.prepend DrawRoute

data/lib/sp-rails-saml/metadata.rb

@@ -0,0 +1,41 @@
+module SpRailsSaml
+  class Metadata
+    # url_forを使用するためにincludeしている
+    # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
+    if defined?(ActionView::Helpers)
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+
+    def initialize(account:)
+      @account = account
+    end
+
+    def generate
+      metadata = OneLogin::RubySaml::Metadata.new
+      metadata.generate(ruby_saml_settings)
+    end
+
+    private
+
+    def required_value_is_set?
+      SpRailsSaml::Settings.name_identifier_format
+    end
+
+    def ruby_saml_settings
+      raise SettingValidationError, 'lack of required setting value' unless required_value_is_set?
+
+      settings = OneLogin::RubySaml::Settings.new
+
+      sp_rails_saml_setting = SpRailsSaml::Settings.instance
+
+      settings.assertion_consumer_service_url     = saml_sso_url(@account.id)
+      settings.sp_entity_id                       = saml_metadata_url(@account.id)
+      settings.name_identifier_format             = sp_rails_saml_setting.name_identifier_format
+      settings.security[:want_assertions_signed]  =
+        SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
+      settings
+    end
+  end
+end

data/lib/sp-rails-saml/routes/routes_template.rb

@@ -0,0 +1,16 @@
+namespace :saml do
+  # Session
+  get 'sign_in', to: 'sessions#new'
+  post 'sign_in', to: 'sessions#create'
+
+  unless @sso_only
+    # Saml settings for SP
+    resources SpRailsSaml::Settings.account_class.to_s.downcase.to_sym, only: [] do
+      resource :saml_settings, only: %i[show edit update]
+    end
+  end
+
+  # SSO
+  post 'sso/:id', to: 'ssos#consume', as: :sso
+  get 'metadata/:id', to: 'ssos#metadata', as: :metadata
+end

data/lib/sp-rails-saml/saml_response.rb

@@ -0,0 +1,66 @@
+module SpRailsSaml
+  # SAML2 Authentication Response.
+  #
+  class SamlResponse
+    # url_forを使用するためにincludeしている
+    # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
+    if defined?(ActionView::Helpers)
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+
+    def initialize(saml_response, saml_setting)
+      @saml_setting = saml_setting
+      @saml_response = saml_response
+    end
+
+    def response
+      return @response if @response.present?
+
+      @response = OneLogin::RubySaml::Response.new(
+        @saml_response,
+        settings: ruby_saml_settings,
+        skip_subject_confirmation: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_subject_confirmation],
+        skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions]
+      )
+    end
+
+    def valid?
+      response.is_valid?
+    end
+
+    def name_id
+      response.name_id
+    end
+
+    def name_id_format
+      response.name_id_format
+    end
+
+    def errors
+      response.errors
+    end
+
+    private
+
+    def required_value_is_set?
+      @saml_setting.idp_cert.present?
+    end
+
+    def ruby_saml_settings
+      raise SettingValidationError, 'lack of required setting value' unless required_value_is_set?
+
+      settings = OneLogin::RubySaml::Settings.new
+
+      sp_rails_saml_setting = SpRailsSaml::Settings.instance
+
+      settings.assertion_consumer_service_url     = saml_sso_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
+      settings.sp_entity_id                       = saml_metadata_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
+      settings.idp_cert                           = @saml_setting.idp_cert
+      settings.security[:want_assertions_signed]  =
+        SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
+      settings
+    end
+  end
+end

data/lib/sp-rails-saml/settings.rb

@@ -0,0 +1,50 @@
+require 'singleton'
+
+# rubocop:disable Style/ClassVars
+module SpRailsSaml
+  # SAML2 settings for initializer.
+  #
+  class Settings
+    include Singleton
+
+    RUBY_SAML_DEFAULT_SETTINGS = {
+      compress_request: true,
+      skip_subject_confirmation: true,
+      skip_conditions: true,
+      want_assertions_signed: true
+    }.freeze
+
+    attr_reader :name_identifier_format,
+                :authn_context,
+                :authn_context_comparison,
+                :user_class,
+                :account_class
+
+    @@setuped = false
+
+    class << self
+      attr_accessor :name_identifier_format,
+                    :authn_context,
+                    :authn_context_comparison,
+                    :user_class,
+                    :account_class
+
+      def setup
+        raise SpRailsSaml::MultiSetupError if @@setuped
+
+        yield self
+
+        setting = SpRailsSaml::Settings.instance
+
+        setting.instance_variable_set(:@name_identifier_format, SpRailsSaml::Settings.name_identifier_format)
+        setting.instance_variable_set(:@authn_context, SpRailsSaml::Settings.authn_context)
+        setting.instance_variable_set(:@authn_context_comparison, SpRailsSaml::Settings.authn_context_comparison)
+        setting.instance_variable_set(:@user_class, SpRailsSaml::Settings.user_class)
+        setting.instance_variable_set(:@account_class, SpRailsSaml::Settings.account_class)
+
+        @@setuped = true
+      end
+    end
+  end
+end
+# rubocop:enable Style/ClassVars

data/lib/sp-rails-saml/version.rb

@@ -0,0 +1,3 @@
+module SpRailsSaml
+  VERSION = '1.0.0'.freeze
+end

metadata

@@ -1,15 +1,30 @@
 --- !ruby/object:Gem::Specification
 name: sp-rails-saml
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - psyashes
+- sibakeny
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-30 00:00:00.000000000 Z
-dependencies: []
+date: 2021-06-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem is to be make onelogin ruby-saml easier to use in Ruby on Rails.
 email:
 - 43512814+psyashes@users.noreply.github.com
@@ -17,21 +32,34 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
-- CODE_OF_CONDUCT.md
-- Gemfile
-- Gemfile.lock
-- LICENSE.txt
 - README.md
-- Rakefile
-- bin/console
-- bin/setup
-- lib/sp/rails/saml.rb
-- lib/sp/rails/saml/hello.rb
-- lib/sp/rails/saml/version.rb
-- sp-rails-saml.gemspec
+- app/controllers/saml/saml_settings_base_controller.rb
+- app/controllers/saml/saml_settings_controller.rb
+- app/controllers/saml/sessions_base_controller.rb
+- app/controllers/saml/sessions_controller.rb
+- app/controllers/saml/ssos_base_controller.rb
+- app/controllers/saml/ssos_controller.rb
+- app/controllers/saml_base_controller.rb
+- lib/generators/sp-rails-saml/config_generator.rb
+- lib/generators/sp-rails-saml/controllers_generator.rb
+- lib/generators/sp-rails-saml/install_generator.rb
+- lib/generators/sp-rails-saml/model_generator.rb
+- lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb
+- lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb
+- lib/generators/sp-rails-saml/templates/controllers/ssos_controller.rb
+- lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb
+- lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb
+- lib/generators/sp-rails-saml/templates/views/saml/show.html.erb
+- lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb
+- lib/generators/sp-rails-saml/views_generator.rb
+- lib/sp-rails-saml.rb
+- lib/sp-rails-saml/authnrequest.rb
+- lib/sp-rails-saml/draw_routes.rb
+- lib/sp-rails-saml/metadata.rb
+- lib/sp-rails-saml/routes/routes_template.rb
+- lib/sp-rails-saml/saml_response.rb
+- lib/sp-rails-saml/settings.rb
+- lib/sp-rails-saml/version.rb
 homepage: https://github.com/metaps/sp-rails-saml
 licenses:
 - MIT
@@ -48,14 +76,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Simple sp saml for rails.

data/.gitignore

@@ -1,11 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-
-# rspec failure tracking
-.rspec_status

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---require spec_helper

data/.travis.yml

@@ -1,6 +0,0 @@
----
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.5
-before_install: gem install bundler -v 2.1.4

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at 43512814+psyashes@users.noreply.github.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [https://contributor-covenant.org/version/1/4][version]
-
-[homepage]: https://contributor-covenant.org
-[version]: https://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,7 +0,0 @@
-source "https://rubygems.org"
-
-# Specify your gem's dependencies in sp-rails-saml.gemspec
-gemspec
-
-gem "rake", "~> 12.0"
-gem "rspec", "~> 3.0"

data/Gemfile.lock

@@ -1,34 +0,0 @@
-PATH
-  remote: .
-  specs:
-    sp-rails-saml (0.1.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    diff-lcs (1.4.4)
-    rake (12.3.3)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  rake (~> 12.0)
-  rspec (~> 3.0)
-  sp-rails-saml!
-
-BUNDLED WITH
-   2.1.4

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2021 psyashes
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

data/Rakefile

@@ -1,6 +0,0 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "sp/rails/saml"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/lib/sp/rails/saml.rb

@@ -1,11 +0,0 @@
-require "sp/rails/saml/version"
-require "sp/rails/saml/hello"
-
-module Sp
-  module Rails
-    module Saml
-      class Error < StandardError; end
-      # Your code goes here...
-    end
-  end
-end

data/lib/sp/rails/saml/hello.rb

@@ -1,11 +0,0 @@
-module Sp
-  module Rails
-    module Saml
-      class Greet
-        def self.say(word)
-          word + ', hello.'
-        end
-      end
-    end
-  end
-end

data/lib/sp/rails/saml/version.rb

@@ -1,7 +0,0 @@
-module Sp
-  module Rails
-    module Saml
-      VERSION = "0.1.0"
-    end
-  end
-end

data/sp-rails-saml.gemspec

@@ -1,29 +0,0 @@
-require_relative 'lib/sp/rails/saml/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "sp-rails-saml"
-  spec.version       = Sp::Rails::Saml::VERSION
-  spec.authors       = ["psyashes"]
-  spec.email         = ["43512814+psyashes@users.noreply.github.com"]
-
-  spec.summary       = %q{Simple sp saml for rails.}
-  spec.description   = %q{This gem is to be make onelogin ruby-saml easier to use in Ruby on Rails.}
-  spec.homepage      = "https://github.com/metaps/sp-rails-saml"
-  spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
-
-  spec.metadata["allowed_push_host"] = "https://rubygems.org"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/metaps/sp-rails-saml"
-  spec.metadata["changelog_uri"] = "https://github.com/metaps/sp-rails-saml"
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-end