sp-rails-saml 0.1.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -2
  3. data/app/controllers/saml/saml_settings_base_controller.rb +36 -0
  4. data/app/controllers/saml/saml_settings_controller.rb +19 -0
  5. data/app/controllers/saml/sessions_base_controller.rb +24 -0
  6. data/app/controllers/saml/sessions_controller.rb +15 -0
  7. data/app/controllers/saml/ssos_base_controller.rb +33 -0
  8. data/app/controllers/saml/ssos_controller.rb +15 -0
  9. data/app/controllers/saml_base_controller.rb +2 -0
  10. data/lib/generators/sp-rails-saml/config_generator.rb +27 -0
  11. data/lib/generators/sp-rails-saml/controllers_generator.rb +20 -0
  12. data/lib/generators/sp-rails-saml/install_generator.rb +35 -0
  13. data/lib/generators/sp-rails-saml/model_generator.rb +24 -0
  14. data/lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb +20 -0
  15. data/lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb +15 -0
  16. data/lib/generators/sp-rails-saml/templates/controllers/ssos_controller.rb +15 -0
  17. data/lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb +12 -0
  18. data/lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb +11 -0
  19. data/lib/generators/sp-rails-saml/templates/views/saml/show.html.erb +19 -0
  20. data/lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb +8 -0
  21. data/lib/generators/sp-rails-saml/views_generator.rb +22 -0
  22. data/lib/sp-rails-saml.rb +33 -0
  23. data/lib/sp-rails-saml/authnrequest.rb +40 -0
  24. data/lib/sp-rails-saml/draw_routes.rb +14 -0
  25. data/lib/sp-rails-saml/metadata.rb +41 -0
  26. data/lib/sp-rails-saml/routes/routes_template.rb +16 -0
  27. data/lib/sp-rails-saml/saml_response.rb +66 -0
  28. data/lib/sp-rails-saml/settings.rb +50 -0
  29. data/lib/sp-rails-saml/version.rb +3 -0
  30. metadata +47 -19
  31. data/.gitignore +0 -11
  32. data/.rspec +0 -3
  33. data/.travis.yml +0 -6
  34. data/CODE_OF_CONDUCT.md +0 -74
  35. data/Gemfile +0 -7
  36. data/Gemfile.lock +0 -34
  37. data/LICENSE.txt +0 -21
  38. data/Rakefile +0 -6
  39. data/bin/console +0 -14
  40. data/bin/setup +0 -8
  41. data/lib/sp/rails/saml.rb +0 -11
  42. data/lib/sp/rails/saml/hello.rb +0 -11
  43. data/lib/sp/rails/saml/version.rb +0 -7
  44. data/sp-rails-saml.gemspec +0 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8e4ac1206ca21c3f430c9c533f5217fa6d373bc341ee12fcebc88391fc14cfd6
4
- data.tar.gz: f9a593578a7330945ad6e5e32b11b4355d4bf8e772cc9e547d0531bb8345958d
3
+ metadata.gz: 47dc360ca65fe21ed77f78d87118ce668aecbed7485c34d6067a009e1d262a48
4
+ data.tar.gz: 62504e95ea6daada42ade266a216f5063a141d5ee65f6507fdadac63fa9c6ff2
5
5
  SHA512:
6
- metadata.gz: a9b2c5c50d0fd2f03551589f1419f6f22efc3cb94b5ce12273c4555bd80d920825354e8a050e863874d283ed8aef007ac3a8a6ce418cb6a7ab163411cd4461b6
7
- data.tar.gz: f83ff70cf56b474cb5ea1198ab53024e6236f2ae0f085d2b4d64ed9185e6e34e2314ecfee36555ea53d9e7a901c71490728ae7edf672a73476e8e2534507db36
6
+ metadata.gz: '091893c3419f9dc935bb4554f2979d68233335e27cb093cf135e3d37a8ae33dd961f27d8c31d9e5e1f088a38a811d0dc71a1c75fe64b5749d4380968c9b7acbe'
7
+ data.tar.gz: b862ab4596e83e61267db0245c3b18abb306c1c831f89a804822ade015f8485f5c8a2d381e7487c246189a9893410836548ba75d7976d33a90f56344b8a2ad06
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
- # Sp::Rails::Saml
1
+ # SpRailsSaml
2
2
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sp/rails/saml`. To experiment with that code, run `bin/console` for an interactive prompt.
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sp-rails-saml`. To experiment with that code, run `bin/console` for an interactive prompt.
4
4
 
5
5
  TODO: Delete this and the text above, and describe your gem
6
6
 
@@ -42,3 +42,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
42
42
  ## Code of Conduct
43
43
 
44
44
  Everyone interacting in the Sp::Rails::Saml project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/sp-rails-saml/blob/master/CODE_OF_CONDUCT.md).
45
+
@@ -0,0 +1,36 @@
1
+ module Saml
2
+ # Controller to register saml by SP
3
+ class SamlSettingsBaseController < SamlBaseController
4
+ # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
5
+ def show
6
+ account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
7
+ @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
8
+ end
9
+
10
+ # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
11
+ def edit
12
+ account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
13
+ @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
14
+ end
15
+
16
+ # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
17
+ def update
18
+ account = SpRailsSaml::Settings.account_class.find_by(id: params["#{SpRailsSaml::Settings.account_class.to_s.downcase}_id"])
19
+ @saml_setting = SamlSetting.find_or_initialize_by("#{SpRailsSaml::Settings.account_class.to_s.downcase}_id" => account.id)
20
+
21
+ @saml_setting.assign_attributes(saml_setting_params)
22
+
23
+ if @saml_setting.save
24
+ redirect_to action: :show
25
+ else
26
+ render :edit
27
+ end
28
+ end
29
+
30
+ private
31
+
32
+ def saml_setting_params
33
+ params.require(:saml_setting).permit(:idp_entity_id, :idp_sso_url, :idp_cert, :login_type)
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,19 @@
1
+ module Saml
2
+ # Controller to register saml by SP
3
+ class SamlSettingsController < SamlSettingsBaseController
4
+ # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
5
+ # def show
6
+ # super
7
+ # end
8
+
9
+ # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
10
+ # def edit
11
+ # super
12
+ # end
13
+
14
+ # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
15
+ # def update
16
+ # super
17
+ # end
18
+ end
19
+ end
@@ -0,0 +1,24 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Saml
4
+ class SessionsBaseController < SamlBaseController
5
+ # GET /saml/sign_in
6
+ def new; end
7
+
8
+ # POST /saml/sign_in
9
+ def create
10
+ user = SpRailsSaml::Settings.user_class.find_by(email: params[:email])
11
+ account = user.send(SpRailsSaml::Settings.account_class.to_s.downcase.to_sym)
12
+
13
+ raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
14
+
15
+ if user.blank?
16
+ redirect_to saml_sign_in_path, alert: 'failed to login'
17
+ return
18
+ end
19
+
20
+ authnrequest = SpRailsSaml::Authnrequest.new(account.saml_setting).to_url
21
+ redirect_to(authnrequest)
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Saml
4
+ class SessionsController < SessionsBaseController
5
+ # GET /saml/sign_in
6
+ # def new
7
+ # super
8
+ # end
9
+
10
+ # POST /saml/sign_in
11
+ # def create
12
+ # super
13
+ # end
14
+ end
15
+ end
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Saml
4
+ class SsosBaseController < SamlBaseController
5
+ skip_forgery_protection only: %w[consume]
6
+
7
+ # POST /saml/metadata/:id
8
+ def consume
9
+ account = SpRailsSaml::Settings.account_class.find(params[:id])
10
+
11
+ raise SpRailsSaml::SamlLoginForbidden if account.saml_setting.password_only?
12
+
13
+ saml_setting = account.saml_setting
14
+ saml_response = SpRailsSaml::SamlResponse.new(params[:SAMLResponse], saml_setting)
15
+
16
+ if saml_response.valid?
17
+ user = SpRailsSaml::Settings.user_class.find_by(email: saml_response.name_id)
18
+ raise LoginUserNotFound if user.blank?
19
+
20
+ sign_in_with_saml(user)
21
+ else
22
+ redirect_to saml_sign_in_path, alert: 'failed to login'
23
+ end
24
+ end
25
+
26
+ # GET /saml/metadata/:id
27
+ def metadata
28
+ account = SpRailsSaml::Settings.account_class.find(params[:id])
29
+ metadata = SpRailsSaml::Metadata.new(account: account)
30
+ render xml: metadata.generate
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Saml
4
+ class SsosController < SsosBaseController
5
+ # POST /saml/sso/:id
6
+ # def consume
7
+ # super
8
+ # end
9
+
10
+ # GET /saml/metadata/:id
11
+ # def metadata
12
+ # super
13
+ # end
14
+ end
15
+ end
@@ -0,0 +1,2 @@
1
+ class SamlBaseController < ApplicationController
2
+ end
@@ -0,0 +1,27 @@
1
+ require 'rails/generators'
2
+
3
+ module SpRailsSaml
4
+ # Initializer file Generator.
5
+ #
6
+ class ConfigGenerator < Rails::Generators::Base
7
+ desc 'Generate sp-rails-saml.rb to config/initializers'
8
+
9
+ def create_initializer_file
10
+ create_file 'config/initializers/sp-rails-saml.rb', default_initializer
11
+ end
12
+
13
+ private
14
+
15
+ def default_initializer
16
+ <<~RUBY
17
+ SpRailsSaml::Settings.setup do |config|
18
+ config.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
19
+ config.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
20
+ config.authn_context_comparison = 'exact'
21
+ config.user_class = User
22
+ config.account_class = Account
23
+ end
24
+ RUBY
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,20 @@
1
+ require 'rails/generators'
2
+
3
+ module SpRailsSaml
4
+ class ControllersGenerator < Rails::Generators::Base
5
+ source_root File.expand_path('templates', __dir__)
6
+
7
+ desc 'Generate controller files.'
8
+
9
+ class_option :settings, type: 'boolean', default: true
10
+
11
+ def create_session_controller
12
+ copy_file 'controllers/sessions_controller.rb', 'app/controllers/saml/sessions_controller.rb'
13
+ copy_file 'controllers/ssos_controller.rb', 'app/controllers/saml/ssos_controller.rb'
14
+ end
15
+
16
+ def create_saml_setting_controller
17
+ copy_file 'controllers/saml_settings_controller.rb', 'app/controllers/saml/saml_settings_controller.rb' if options['settings']
18
+ end
19
+ end
20
+ end
@@ -0,0 +1,35 @@
1
+ require 'rails/generators'
2
+ require 'rails/generators/active_record'
3
+
4
+ module SpRailsSaml
5
+ class InstallGenerator < ActiveRecord::Generators::Base
6
+ include Rails::Generators::Migration
7
+
8
+ source_root File.expand_path('templates', __dir__)
9
+
10
+ desc 'Generate sp-rails-saml files.'
11
+
12
+ class_option :settings, type: 'boolean', default: true
13
+
14
+ def install_all
15
+ generate "sp_rails_saml:views --settings #{options['settings']}"
16
+ generate "sp_rails_saml:controllers --settings #{options['settings']}"
17
+ generate "sp_rails_saml:model #{table_name}"
18
+ generate 'sp_rails_saml:config'
19
+ end
20
+
21
+ private
22
+
23
+ def default_initializer
24
+ <<~RUBY
25
+ SpRailsSaml::Settings.setup do |config|
26
+ config.name_identifier_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
27
+ config.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
28
+ config.authn_context_comparison = 'exact'
29
+ config.user_class = User
30
+ config.account_class = Account
31
+ end
32
+ RUBY
33
+ end
34
+ end
35
+ end
@@ -0,0 +1,24 @@
1
+ require 'rails/generators'
2
+ require 'rails/generators/active_record'
3
+
4
+ module SpRailsSaml
5
+ class ModelGenerator < ActiveRecord::Generators::Base
6
+ include Rails::Generators::Migration
7
+
8
+ source_root File.expand_path('templates', __dir__)
9
+
10
+ def create_initializer_file
11
+ migration_template 'migrations/create_saml_settings.rb', 'db/migrate/create_saml_settings.rb'
12
+ end
13
+
14
+ def copy_model
15
+ create_file 'app/models/saml_setting.rb', <<~FILE
16
+ class SamlSetting < ApplicationRecord
17
+ belongs_to :#{table_name.singularize}
18
+
19
+ enum login_type: { password_only: 0, saml_only: 1, saml_and_password: 2 }
20
+ end
21
+ FILE
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,20 @@
1
+ module Saml
2
+ # Controller to register saml by SP
3
+ #
4
+ class SamlSettingsController < SamlSettingsBaseController
5
+ # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
6
+ # def show
7
+ # super
8
+ # end
9
+
10
+ # GET /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings/edit
11
+ # def edit
12
+ # super
13
+ # end
14
+
15
+ # PATCH /saml/SpRailsSaml::Settings.account_class.to_s.downcase/:#{SpRailsSaml::Settings.account_class.to_s.downcase}_id/saml_settings
16
+ # def update
17
+ # super
18
+ # end
19
+ end
20
+ end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Saml
4
+ class SessionsController < SessionsBaseController
5
+ # GET /saml/sign_in
6
+ # def new
7
+ # super
8
+ # end
9
+
10
+ # POST /saml/sign_in
11
+ # def create
12
+ # super
13
+ # end
14
+ end
15
+ end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Saml
4
+ class SsosController < SsosBaseController
5
+ # POST /saml/sso/:id
6
+ # def consume
7
+ # super
8
+ # end
9
+
10
+ # GET /saml/metadata/:id
11
+ # def metadata
12
+ # super
13
+ # end
14
+ end
15
+ end
@@ -0,0 +1,12 @@
1
+ class CreateSamlSettings < ActiveRecord::Migration[6.1]
2
+ def change
3
+ create_table :saml_settings, comment: 'Saml settings table for sp' do |t|
4
+ t.references :<%= table_name.singularize %>, foreign_key: true, null: false, comment: 'For company account model'
5
+ t.string :idp_sso_url, comment: 'URL for Idp SSO'
6
+ t.text :idp_cert, comment: 'X.509 Certification of Idp'
7
+ t.string :idp_entity_id, comment: 'Entity ID of Idp'
8
+ t.integer :login_type, limit: 1, default: 0, null: false, comment: 'login_type(0: password_only, 1: saml_only, 2: password_and_saml)'
9
+ t.timestamps
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,11 @@
1
+ <%= form_with model: @saml_setting, url: saml_account_saml_settings_path, method: :patch, local: true do |f| %>
2
+ <%= f.label :idp_sso_url %>
3
+ <%= f.text_field :idp_sso_url %>
4
+ <%= f.label :idp_entity_id %>
5
+ <%= f.text_field :idp_entity_id %>
6
+ <%= f.label :idp_cert %>
7
+ <%= f.text_field :idp_cert %>
8
+ <%= f.label :login_type %>
9
+ <%= f.select :login_type, SamlSetting.login_types.keys.to_a %>
10
+ <%= f.submit %>
11
+ <% end %>
@@ -0,0 +1,19 @@
1
+ <p>
2
+ <strong>IdP Entity ID:</strong>
3
+ <%= @saml_setting.idp_entity_id %>
4
+ </p>
5
+
6
+ <p>
7
+ <strong>IdP SSO URL:</strong>
8
+ <%= @saml_setting.idp_sso_url %>
9
+ </p>
10
+
11
+ <p>
12
+ <strong>IdP x509 Certificate:</strong>
13
+ <%= @saml_setting.idp_cert %>
14
+ </p>
15
+
16
+ <p>
17
+ <strong>Login Type</strong>
18
+ <%= @saml_setting.login_type %>
19
+ </p>
@@ -0,0 +1,8 @@
1
+ <strong style='color: red;'><%= flash[:alert] %></strong>
2
+
3
+ <%= form_with url: saml_sign_in_path, local: true do |f| %>
4
+ <%= f.label :email %>
5
+ <%= f.text_field :email %>
6
+
7
+ <%= f.submit %>
8
+ <% end %>
@@ -0,0 +1,22 @@
1
+ require 'rails/generators'
2
+
3
+ module SpRailsSaml
4
+ class ViewsGenerator < Rails::Generators::Base
5
+ source_root File.expand_path('templates', __dir__)
6
+
7
+ desc 'Generate view files.'
8
+
9
+ class_option :settings, type: 'boolean', default: true
10
+
11
+ def create_session_view
12
+ copy_file 'views/sessions/new.html.erb', 'app/views/saml/sessions/new.html.erb'
13
+ end
14
+
15
+ def create_saml_setting_view
16
+ return unless options['settings']
17
+
18
+ copy_file 'views/saml/edit.html.erb', 'app/views/saml/saml_settings/edit.html.erb'
19
+ copy_file 'views/saml/show.html.erb', 'app/views/saml/saml_settings/show.html.erb'
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,33 @@
1
+ require 'ruby-saml'
2
+ require 'sp-rails-saml/settings'
3
+ require 'sp-rails-saml/draw_routes'
4
+ require 'generators/sp-rails-saml/config_generator'
5
+ require 'generators/sp-rails-saml/controllers_generator'
6
+ require 'generators/sp-rails-saml/views_generator'
7
+ require 'generators/sp-rails-saml/model_generator'
8
+ require 'generators/sp-rails-saml/install_generator'
9
+
10
+ autoload :SamlBaseController, File.expand_path('../app/controllers/saml_base_controller', __dir__)
11
+
12
+ module SpRailsSaml
13
+ class Error < StandardError; end
14
+
15
+ class SettingValidationError < Error; end
16
+
17
+ class MultiSetupError < Error; end
18
+
19
+ class SamlLoginForbidden < Error; end
20
+
21
+ autoload :Authnrequest, File.expand_path('./sp-rails-saml/authnrequest', __dir__)
22
+ autoload :SamlResponse, File.expand_path('./sp-rails-saml/saml_response', __dir__)
23
+ autoload :Metadata, File.expand_path('./sp-rails-saml/metadata', __dir__)
24
+ end
25
+
26
+ module Saml
27
+ autoload :SessionsController, File.expand_path('../app/controllers/saml/sessions_controller', __dir__)
28
+ autoload :SessionsBaseController, File.expand_path('../app/controllers/saml/sessions_base_controller', __dir__)
29
+ autoload :SamlSettingsBaseController, File.expand_path('../app/controllers/saml/saml_settings_base_controller', __dir__)
30
+ autoload :SamlSettingsController, File.expand_path('../app/controllers/saml/saml_settings_controller', __dir__)
31
+ autoload :SsosController, File.expand_path('../app/controllers/saml/ssos_controller', __dir__)
32
+ autoload :SsosBaseController, File.expand_path('../app/controllers/saml/ssos_base_controller', __dir__)
33
+ end
@@ -0,0 +1,40 @@
1
+ module SpRailsSaml
2
+ # SAML2 Authentication.
3
+ #
4
+ class Authnrequest
5
+ # url_forを使用するためにincludeしている
6
+ # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
7
+ if defined?(ActionView::Helpers)
8
+ include ActionView::Helpers
9
+ include ActionDispatch::Routing
10
+ include Rails.application.routes.url_helpers
11
+ end
12
+
13
+ def initialize(saml_setting)
14
+ @saml_setting = saml_setting
15
+ end
16
+
17
+ def to_url
18
+ request = OneLogin::RubySaml::Authrequest.new
19
+ request.create(ruby_saml_settings)
20
+ end
21
+
22
+ private
23
+
24
+ def ruby_saml_settings
25
+ settings = OneLogin::RubySaml::Settings.new
26
+
27
+ sp_rails_saml_setting = SpRailsSaml::Settings.instance
28
+
29
+ settings.assertion_consumer_service_url = saml_sso_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
30
+ settings.sp_entity_id = saml_metadata_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
31
+ settings.name_identifier_format = sp_rails_saml_setting.name_identifier_format
32
+ settings.authn_context = sp_rails_saml_setting.authn_context
33
+ settings.authn_context_comparison = sp_rails_saml_setting.authn_context_comparison
34
+ settings.idp_entity_id = @saml_setting.idp_entity_id
35
+ settings.idp_sso_service_url = @saml_setting.idp_sso_url
36
+ settings.compress_request = SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:compress_request]
37
+ settings
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,14 @@
1
+ require 'action_dispatch'
2
+
3
+ module DrawRoute
4
+ RoutesNotFound = Class.new(StandardError)
5
+
6
+ def sp_rails_saml_routes(sso_only: false)
7
+ @sso_only = sso_only
8
+ path = File.expand_path('routes/routes_template.rb', __dir__)
9
+ instance_eval(File.read(path))
10
+ true
11
+ end
12
+ end
13
+
14
+ ActionDispatch::Routing::Mapper.prepend DrawRoute
@@ -0,0 +1,41 @@
1
+ module SpRailsSaml
2
+ class Metadata
3
+ # url_forを使用するためにincludeしている
4
+ # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
5
+ if defined?(ActionView::Helpers)
6
+ include ActionView::Helpers
7
+ include ActionDispatch::Routing
8
+ include Rails.application.routes.url_helpers
9
+ end
10
+
11
+ def initialize(account:)
12
+ @account = account
13
+ end
14
+
15
+ def generate
16
+ metadata = OneLogin::RubySaml::Metadata.new
17
+ metadata.generate(ruby_saml_settings)
18
+ end
19
+
20
+ private
21
+
22
+ def required_value_is_set?
23
+ SpRailsSaml::Settings.name_identifier_format
24
+ end
25
+
26
+ def ruby_saml_settings
27
+ raise SettingValidationError, 'lack of required setting value' unless required_value_is_set?
28
+
29
+ settings = OneLogin::RubySaml::Settings.new
30
+
31
+ sp_rails_saml_setting = SpRailsSaml::Settings.instance
32
+
33
+ settings.assertion_consumer_service_url = saml_sso_url(@account.id)
34
+ settings.sp_entity_id = saml_metadata_url(@account.id)
35
+ settings.name_identifier_format = sp_rails_saml_setting.name_identifier_format
36
+ settings.security[:want_assertions_signed] =
37
+ SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
38
+ settings
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,16 @@
1
+ namespace :saml do
2
+ # Session
3
+ get 'sign_in', to: 'sessions#new'
4
+ post 'sign_in', to: 'sessions#create'
5
+
6
+ unless @sso_only
7
+ # Saml settings for SP
8
+ resources SpRailsSaml::Settings.account_class.to_s.downcase.to_sym, only: [] do
9
+ resource :saml_settings, only: %i[show edit update]
10
+ end
11
+ end
12
+
13
+ # SSO
14
+ post 'sso/:id', to: 'ssos#consume', as: :sso
15
+ get 'metadata/:id', to: 'ssos#metadata', as: :metadata
16
+ end
@@ -0,0 +1,66 @@
1
+ module SpRailsSaml
2
+ # SAML2 Authentication Response.
3
+ #
4
+ class SamlResponse
5
+ # url_forを使用するためにincludeしている
6
+ # テスト時にエラーが発生するので定義されてない場合はスキップしたくdefined?(ActionView::Helpers)の場合のみinclude
7
+ if defined?(ActionView::Helpers)
8
+ include ActionView::Helpers
9
+ include ActionDispatch::Routing
10
+ include Rails.application.routes.url_helpers
11
+ end
12
+
13
+ def initialize(saml_response, saml_setting)
14
+ @saml_setting = saml_setting
15
+ @saml_response = saml_response
16
+ end
17
+
18
+ def response
19
+ return @response if @response.present?
20
+
21
+ @response = OneLogin::RubySaml::Response.new(
22
+ @saml_response,
23
+ settings: ruby_saml_settings,
24
+ skip_subject_confirmation: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_subject_confirmation],
25
+ skip_conditions: SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:skip_conditions]
26
+ )
27
+ end
28
+
29
+ def valid?
30
+ response.is_valid?
31
+ end
32
+
33
+ def name_id
34
+ response.name_id
35
+ end
36
+
37
+ def name_id_format
38
+ response.name_id_format
39
+ end
40
+
41
+ def errors
42
+ response.errors
43
+ end
44
+
45
+ private
46
+
47
+ def required_value_is_set?
48
+ @saml_setting.idp_cert.present?
49
+ end
50
+
51
+ def ruby_saml_settings
52
+ raise SettingValidationError, 'lack of required setting value' unless required_value_is_set?
53
+
54
+ settings = OneLogin::RubySaml::Settings.new
55
+
56
+ sp_rails_saml_setting = SpRailsSaml::Settings.instance
57
+
58
+ settings.assertion_consumer_service_url = saml_sso_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
59
+ settings.sp_entity_id = saml_metadata_url(id: @saml_setting.send(sp_rails_saml_setting.account_class.to_s.downcase.to_sym).id)
60
+ settings.idp_cert = @saml_setting.idp_cert
61
+ settings.security[:want_assertions_signed] =
62
+ SpRailsSaml::Settings::RUBY_SAML_DEFAULT_SETTINGS[:want_assertions_signed]
63
+ settings
64
+ end
65
+ end
66
+ end
@@ -0,0 +1,50 @@
1
+ require 'singleton'
2
+
3
+ # rubocop:disable Style/ClassVars
4
+ module SpRailsSaml
5
+ # SAML2 settings for initializer.
6
+ #
7
+ class Settings
8
+ include Singleton
9
+
10
+ RUBY_SAML_DEFAULT_SETTINGS = {
11
+ compress_request: true,
12
+ skip_subject_confirmation: true,
13
+ skip_conditions: true,
14
+ want_assertions_signed: true
15
+ }.freeze
16
+
17
+ attr_reader :name_identifier_format,
18
+ :authn_context,
19
+ :authn_context_comparison,
20
+ :user_class,
21
+ :account_class
22
+
23
+ @@setuped = false
24
+
25
+ class << self
26
+ attr_accessor :name_identifier_format,
27
+ :authn_context,
28
+ :authn_context_comparison,
29
+ :user_class,
30
+ :account_class
31
+
32
+ def setup
33
+ raise SpRailsSaml::MultiSetupError if @@setuped
34
+
35
+ yield self
36
+
37
+ setting = SpRailsSaml::Settings.instance
38
+
39
+ setting.instance_variable_set(:@name_identifier_format, SpRailsSaml::Settings.name_identifier_format)
40
+ setting.instance_variable_set(:@authn_context, SpRailsSaml::Settings.authn_context)
41
+ setting.instance_variable_set(:@authn_context_comparison, SpRailsSaml::Settings.authn_context_comparison)
42
+ setting.instance_variable_set(:@user_class, SpRailsSaml::Settings.user_class)
43
+ setting.instance_variable_set(:@account_class, SpRailsSaml::Settings.account_class)
44
+
45
+ @@setuped = true
46
+ end
47
+ end
48
+ end
49
+ end
50
+ # rubocop:enable Style/ClassVars
@@ -0,0 +1,3 @@
1
+ module SpRailsSaml
2
+ VERSION = '1.0.0'.freeze
3
+ end
metadata CHANGED
@@ -1,15 +1,30 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sp-rails-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - psyashes
8
+ - sibakeny
8
9
  autorequire:
9
10
  bindir: exe
10
11
  cert_chain: []
11
- date: 2021-04-30 00:00:00.000000000 Z
12
- dependencies: []
12
+ date: 2021-06-22 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: ruby-saml
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
13
28
  description: This gem is to be make onelogin ruby-saml easier to use in Ruby on Rails.
14
29
  email:
15
30
  - 43512814+psyashes@users.noreply.github.com
@@ -17,21 +32,34 @@ executables: []
17
32
  extensions: []
18
33
  extra_rdoc_files: []
19
34
  files:
20
- - ".gitignore"
21
- - ".rspec"
22
- - ".travis.yml"
23
- - CODE_OF_CONDUCT.md
24
- - Gemfile
25
- - Gemfile.lock
26
- - LICENSE.txt
27
35
  - README.md
28
- - Rakefile
29
- - bin/console
30
- - bin/setup
31
- - lib/sp/rails/saml.rb
32
- - lib/sp/rails/saml/hello.rb
33
- - lib/sp/rails/saml/version.rb
34
- - sp-rails-saml.gemspec
36
+ - app/controllers/saml/saml_settings_base_controller.rb
37
+ - app/controllers/saml/saml_settings_controller.rb
38
+ - app/controllers/saml/sessions_base_controller.rb
39
+ - app/controllers/saml/sessions_controller.rb
40
+ - app/controllers/saml/ssos_base_controller.rb
41
+ - app/controllers/saml/ssos_controller.rb
42
+ - app/controllers/saml_base_controller.rb
43
+ - lib/generators/sp-rails-saml/config_generator.rb
44
+ - lib/generators/sp-rails-saml/controllers_generator.rb
45
+ - lib/generators/sp-rails-saml/install_generator.rb
46
+ - lib/generators/sp-rails-saml/model_generator.rb
47
+ - lib/generators/sp-rails-saml/templates/controllers/saml_settings_controller.rb
48
+ - lib/generators/sp-rails-saml/templates/controllers/sessions_controller.rb
49
+ - lib/generators/sp-rails-saml/templates/controllers/ssos_controller.rb
50
+ - lib/generators/sp-rails-saml/templates/migrations/create_saml_settings.rb
51
+ - lib/generators/sp-rails-saml/templates/views/saml/edit.html.erb
52
+ - lib/generators/sp-rails-saml/templates/views/saml/show.html.erb
53
+ - lib/generators/sp-rails-saml/templates/views/sessions/new.html.erb
54
+ - lib/generators/sp-rails-saml/views_generator.rb
55
+ - lib/sp-rails-saml.rb
56
+ - lib/sp-rails-saml/authnrequest.rb
57
+ - lib/sp-rails-saml/draw_routes.rb
58
+ - lib/sp-rails-saml/metadata.rb
59
+ - lib/sp-rails-saml/routes/routes_template.rb
60
+ - lib/sp-rails-saml/saml_response.rb
61
+ - lib/sp-rails-saml/settings.rb
62
+ - lib/sp-rails-saml/version.rb
35
63
  homepage: https://github.com/metaps/sp-rails-saml
36
64
  licenses:
37
65
  - MIT
@@ -48,14 +76,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
48
76
  requirements:
49
77
  - - ">="
50
78
  - !ruby/object:Gem::Version
51
- version: 2.3.0
79
+ version: 2.5.0
52
80
  required_rubygems_version: !ruby/object:Gem::Requirement
53
81
  requirements:
54
82
  - - ">="
55
83
  - !ruby/object:Gem::Version
56
84
  version: '0'
57
85
  requirements: []
58
- rubygems_version: 3.0.3
86
+ rubygems_version: 3.1.4
59
87
  signing_key:
60
88
  specification_version: 4
61
89
  summary: Simple sp saml for rails.
data/.gitignore DELETED
@@ -1,11 +0,0 @@
1
- /.bundle/
2
- /.yardoc
3
- /_yardoc/
4
- /coverage/
5
- /doc/
6
- /pkg/
7
- /spec/reports/
8
- /tmp/
9
-
10
- # rspec failure tracking
11
- .rspec_status
data/.rspec DELETED
@@ -1,3 +0,0 @@
1
- --format documentation
2
- --color
3
- --require spec_helper
data/.travis.yml DELETED
@@ -1,6 +0,0 @@
1
- ---
2
- language: ruby
3
- cache: bundler
4
- rvm:
5
- - 2.6.5
6
- before_install: gem install bundler -v 2.1.4
data/CODE_OF_CONDUCT.md DELETED
@@ -1,74 +0,0 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- In the interest of fostering an open and welcoming environment, we as
6
- contributors and maintainers pledge to making participation in our project and
7
- our community a harassment-free experience for everyone, regardless of age, body
8
- size, disability, ethnicity, gender identity and expression, level of experience,
9
- nationality, personal appearance, race, religion, or sexual identity and
10
- orientation.
11
-
12
- ## Our Standards
13
-
14
- Examples of behavior that contributes to creating a positive environment
15
- include:
16
-
17
- * Using welcoming and inclusive language
18
- * Being respectful of differing viewpoints and experiences
19
- * Gracefully accepting constructive criticism
20
- * Focusing on what is best for the community
21
- * Showing empathy towards other community members
22
-
23
- Examples of unacceptable behavior by participants include:
24
-
25
- * The use of sexualized language or imagery and unwelcome sexual attention or
26
- advances
27
- * Trolling, insulting/derogatory comments, and personal or political attacks
28
- * Public or private harassment
29
- * Publishing others' private information, such as a physical or electronic
30
- address, without explicit permission
31
- * Other conduct which could reasonably be considered inappropriate in a
32
- professional setting
33
-
34
- ## Our Responsibilities
35
-
36
- Project maintainers are responsible for clarifying the standards of acceptable
37
- behavior and are expected to take appropriate and fair corrective action in
38
- response to any instances of unacceptable behavior.
39
-
40
- Project maintainers have the right and responsibility to remove, edit, or
41
- reject comments, commits, code, wiki edits, issues, and other contributions
42
- that are not aligned to this Code of Conduct, or to ban temporarily or
43
- permanently any contributor for other behaviors that they deem inappropriate,
44
- threatening, offensive, or harmful.
45
-
46
- ## Scope
47
-
48
- This Code of Conduct applies both within project spaces and in public spaces
49
- when an individual is representing the project or its community. Examples of
50
- representing a project or community include using an official project e-mail
51
- address, posting via an official social media account, or acting as an appointed
52
- representative at an online or offline event. Representation of a project may be
53
- further defined and clarified by project maintainers.
54
-
55
- ## Enforcement
56
-
57
- Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
- reported by contacting the project team at 43512814+psyashes@users.noreply.github.com. All
59
- complaints will be reviewed and investigated and will result in a response that
60
- is deemed necessary and appropriate to the circumstances. The project team is
61
- obligated to maintain confidentiality with regard to the reporter of an incident.
62
- Further details of specific enforcement policies may be posted separately.
63
-
64
- Project maintainers who do not follow or enforce the Code of Conduct in good
65
- faith may face temporary or permanent repercussions as determined by other
66
- members of the project's leadership.
67
-
68
- ## Attribution
69
-
70
- This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
- available at [https://contributor-covenant.org/version/1/4][version]
72
-
73
- [homepage]: https://contributor-covenant.org
74
- [version]: https://contributor-covenant.org/version/1/4/
data/Gemfile DELETED
@@ -1,7 +0,0 @@
1
- source "https://rubygems.org"
2
-
3
- # Specify your gem's dependencies in sp-rails-saml.gemspec
4
- gemspec
5
-
6
- gem "rake", "~> 12.0"
7
- gem "rspec", "~> 3.0"
data/Gemfile.lock DELETED
@@ -1,34 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- sp-rails-saml (0.1.0)
5
-
6
- GEM
7
- remote: https://rubygems.org/
8
- specs:
9
- diff-lcs (1.4.4)
10
- rake (12.3.3)
11
- rspec (3.10.0)
12
- rspec-core (~> 3.10.0)
13
- rspec-expectations (~> 3.10.0)
14
- rspec-mocks (~> 3.10.0)
15
- rspec-core (3.10.1)
16
- rspec-support (~> 3.10.0)
17
- rspec-expectations (3.10.1)
18
- diff-lcs (>= 1.2.0, < 2.0)
19
- rspec-support (~> 3.10.0)
20
- rspec-mocks (3.10.2)
21
- diff-lcs (>= 1.2.0, < 2.0)
22
- rspec-support (~> 3.10.0)
23
- rspec-support (3.10.2)
24
-
25
- PLATFORMS
26
- ruby
27
-
28
- DEPENDENCIES
29
- rake (~> 12.0)
30
- rspec (~> 3.0)
31
- sp-rails-saml!
32
-
33
- BUNDLED WITH
34
- 2.1.4
data/LICENSE.txt DELETED
@@ -1,21 +0,0 @@
1
- The MIT License (MIT)
2
-
3
- Copyright (c) 2021 psyashes
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in
13
- all copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
- THE SOFTWARE.
data/Rakefile DELETED
@@ -1,6 +0,0 @@
1
- require "bundler/gem_tasks"
2
- require "rspec/core/rake_task"
3
-
4
- RSpec::Core::RakeTask.new(:spec)
5
-
6
- task :default => :spec
data/bin/console DELETED
@@ -1,14 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require "bundler/setup"
4
- require "sp/rails/saml"
5
-
6
- # You can add fixtures and/or initialization code here to make experimenting
7
- # with your gem easier. You can also use a different console, if you like.
8
-
9
- # (If you use this, don't forget to add pry to your Gemfile!)
10
- # require "pry"
11
- # Pry.start
12
-
13
- require "irb"
14
- IRB.start(__FILE__)
data/bin/setup DELETED
@@ -1,8 +0,0 @@
1
- #!/usr/bin/env bash
2
- set -euo pipefail
3
- IFS=$'\n\t'
4
- set -vx
5
-
6
- bundle install
7
-
8
- # Do any other automated setup that you need to do here
data/lib/sp/rails/saml.rb DELETED
@@ -1,11 +0,0 @@
1
- require "sp/rails/saml/version"
2
- require "sp/rails/saml/hello"
3
-
4
- module Sp
5
- module Rails
6
- module Saml
7
- class Error < StandardError; end
8
- # Your code goes here...
9
- end
10
- end
11
- end
@@ -1,11 +0,0 @@
1
- module Sp
2
- module Rails
3
- module Saml
4
- class Greet
5
- def self.say(word)
6
- word + ', hello.'
7
- end
8
- end
9
- end
10
- end
11
- end
@@ -1,7 +0,0 @@
1
- module Sp
2
- module Rails
3
- module Saml
4
- VERSION = "0.1.0"
5
- end
6
- end
7
- end
@@ -1,29 +0,0 @@
1
- require_relative 'lib/sp/rails/saml/version'
2
-
3
- Gem::Specification.new do |spec|
4
- spec.name = "sp-rails-saml"
5
- spec.version = Sp::Rails::Saml::VERSION
6
- spec.authors = ["psyashes"]
7
- spec.email = ["43512814+psyashes@users.noreply.github.com"]
8
-
9
- spec.summary = %q{Simple sp saml for rails.}
10
- spec.description = %q{This gem is to be make onelogin ruby-saml easier to use in Ruby on Rails.}
11
- spec.homepage = "https://github.com/metaps/sp-rails-saml"
12
- spec.license = "MIT"
13
- spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
14
-
15
- spec.metadata["allowed_push_host"] = "https://rubygems.org"
16
-
17
- spec.metadata["homepage_uri"] = spec.homepage
18
- spec.metadata["source_code_uri"] = "https://github.com/metaps/sp-rails-saml"
19
- spec.metadata["changelog_uri"] = "https://github.com/metaps/sp-rails-saml"
20
-
21
- # Specify which files should be added to the gem when it is released.
22
- # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
23
- spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
24
- `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
25
- end
26
- spec.bindir = "exe"
27
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
28
- spec.require_paths = ["lib"]
29
- end