spid-rails 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +40 -11
- data/Rakefile +11 -5
- data/app/controllers/spid/rails/metadata_controller.rb +1 -1
- data/app/controllers/spid/rails/single_logout_operations_controller.rb +4 -4
- data/app/controllers/spid/rails/single_sign_ons_controller.rb +1 -1
- data/app/models/spid/idp.rb +25 -12
- data/app/models/spid/metadata.rb +1 -3
- data/app/models/spid/settings.rb +8 -10
- data/app/models/spid/sso_request.rb +2 -2
- data/config/routes.rb +9 -5
- data/config/spid-rails/idp_list.yml +24 -0
- data/lib/generators/spid/rails/config_generator.rb +3 -3
- data/lib/generators/spid/rails/idp_importer_generator.rb +21 -0
- data/lib/generators/spid/rails/keys_generator.rb +3 -3
- data/lib/generators/spid/rails/templates/idp_import.yml +11 -0
- data/lib/generators/spid/rails/templates/spid-rails.rb +1 -5
- data/lib/spid-rails/engine.rb +6 -0
- data/lib/spid-rails/onelogin/rubysaml/authrequest.rb +17 -17
- data/lib/spid-rails/version.rb +1 -1
- data/lib/spid-rails.rb +2 -2
- metadata +51 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1924815eea64175525b474b58e83299d8ad3530f
|
|
4
|
+
data.tar.gz: 0a8ecc6648870bdb58a687ff5002100a589ca665
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 800df0266f21277af9241d116c3412ee18a516ae26a31cabe9db3966b97008d83eec438bd27ec94d4d332ef6fbbdfba54561335b2eaa8caf3483d92fe78a7d4d
|
|
7
|
+
data.tar.gz: 0e0ee632888e170ddcfbe0b2a8fbf92962549e51449acc30915fee2f7185a419312e20ea43c211115570d5856a29fd3871e6dc18f1fc5a14f4ae556c9ff222a2
|
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# spid-rails
|
|
2
|
-
Autenticazione SPID per Ruby on Rails.
|
|
1
|
+
# spid-rails [](http://travis-ci.org/italia/spid-rails)
|
|
2
|
+
Autenticazione SPID per Ruby on Rails.
|
|
3
3
|
Questa gemma si appoggia alla gemma [ruby-saml](https://github.com/onelogin/ruby-saml).
|
|
4
4
|
|
|
5
5
|
## Cosa c'è e cosa manca
|
|
@@ -8,10 +8,11 @@ Questa gemma si appoggia alla gemma [ruby-saml](https://github.com/onelogin/ruby
|
|
|
8
8
|
repository: https://github.com/rubynetti/rubynetti-rails
|
|
9
9
|
- [x] Login tramite redirect
|
|
10
10
|
- [ ] Login tramite post
|
|
11
|
-
- [
|
|
11
|
+
- [X] Sistema di testing automatico
|
|
12
12
|
- [X] Sistema di configurazione
|
|
13
13
|
- [ ] Integrazione con omniauth
|
|
14
14
|
- [ ] Integrazione o esempio di integrazione con devise
|
|
15
|
+
- [ ] Configurazione richiesta attributi utente
|
|
15
16
|
|
|
16
17
|
|
|
17
18
|
## Installazione
|
|
@@ -56,7 +57,7 @@ Spid::Rails.tap do |config|
|
|
|
56
57
|
# default: 'spid'
|
|
57
58
|
# config.mount_point = 'spid'
|
|
58
59
|
|
|
59
|
-
# Url alla quale
|
|
60
|
+
# Url alla quale e' disponibile il metadata del provider
|
|
60
61
|
# default: 'metadata'
|
|
61
62
|
# config.metadata_path = 'metadata'
|
|
62
63
|
|
|
@@ -81,6 +82,33 @@ end
|
|
|
81
82
|
```
|
|
82
83
|
|
|
83
84
|
|
|
85
|
+
Per utilizzare Identity provider custom o modificare quelli presenti:
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
$ rails g spid:rails:idp_importer
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
Il file viene aggiunto alla cartella _config/spid-rails_ e permette di specificare idp per i diversi ambienti dell'applicazione.
|
|
92
|
+
|
|
93
|
+
```YAML
|
|
94
|
+
# app/config/spid-rails/idp_import.yml
|
|
95
|
+
|
|
96
|
+
shared: &shared
|
|
97
|
+
local_test:
|
|
98
|
+
metadata_url: 'https://localhost:8080'
|
|
99
|
+
validate_cert: false
|
|
100
|
+
|
|
101
|
+
development:
|
|
102
|
+
<<: *shared
|
|
103
|
+
agid:
|
|
104
|
+
metadata_url: 'https://idp.spid.gov.it:8080/assets/idp-metadata.xml'
|
|
105
|
+
validate_cert: false
|
|
106
|
+
|
|
107
|
+
test:
|
|
108
|
+
<<: *shared
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
|
|
84
112
|
### Nelle view
|
|
85
113
|
|
|
86
114
|
Una volta installata la gemma, verranno creati una serie di helper utilizzabili nelle view e nei controller.
|
|
@@ -93,7 +121,7 @@ link_to "Metadata SP", spid_rails.metadata_path
|
|
|
93
121
|
|
|
94
122
|
|
|
95
123
|
```spid_rails.new_sso_path``` e ```spid_rails.new_sso_url``` restituiscono il percorso tramite il quale inizializzare una richiesa di autenticazione all'Identity Provider.
|
|
96
|
-
|
|
124
|
+
È necessario fornire come parametro l'Idp cui indirizzare la richiesta, facoltativo il livello di autenticazione Spid (default: '1') e i bindings della richiesta all' Idp (default: ['redirect']).
|
|
97
125
|
```ruby
|
|
98
126
|
# Esempio di link al login tramite l'Idp di test https:://idp.spid.gov.it
|
|
99
127
|
link_to "Login con Spid", spid_rails.new_sso_path(sso: { idp: :agid_test, spid_level: 2 })
|
|
@@ -120,15 +148,15 @@ link_to "Logout", spid_rails.new_slo_path
|
|
|
120
148
|
|
|
121
149
|
### Nei controller
|
|
122
150
|
|
|
123
|
-
|
|
151
|
+
Dopo l'autenticazione e fino al logout vengono aggiunte alla sessione le seguenti variabili:
|
|
124
152
|
|
|
125
|
-
```session[:sso_params]``` restituisce i parametri coi quali è stata effettuata l'ultima richiesta di autenticazione, in particolare l'idp
|
|
153
|
+
```session[:sso_params]``` che restituisce i parametri coi quali è stata effettuata l'ultima richiesta di autenticazione, in particolare l'idp
|
|
126
154
|
|
|
127
|
-
```session[:spid_index]```
|
|
155
|
+
```session[:spid_index]``` che restituisce l'identificativo dell'attuale sessione Spid e viene utilizzato nella procedura di logout
|
|
128
156
|
|
|
129
|
-
```session[:spid_login_time]```
|
|
157
|
+
```session[:spid_login_time]``` che restituisce il _time_ in cui è avvenuto il login
|
|
130
158
|
|
|
131
|
-
|
|
159
|
+
È inoltre possibile settare la variabile ```session[:spid_relay_state]```, contenente l'indirizzo al quale si vuole essere reindirizzati in caso l'autenticazione abbia successo
|
|
132
160
|
|
|
133
161
|
Un esempio rudimentale di verifica del login dell'utente all'interno di un'azione del controller potrebbe essere il seguente
|
|
134
162
|
```ruby
|
|
@@ -149,7 +177,8 @@ class MyController < Application controller
|
|
|
149
177
|
|
|
150
178
|
end
|
|
151
179
|
```
|
|
152
|
-
|
|
180
|
+
|
|
181
|
+
dove _login_path_ indirizza alla pagina in cui è posizionato il pulsante Spid.
|
|
153
182
|
|
|
154
183
|
|
|
155
184
|
## License
|
data/Rakefile
CHANGED
|
@@ -14,17 +14,22 @@ RDoc::Task.new(:rdoc) do |rdoc|
|
|
|
14
14
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
APP_RAKEFILE = File.expand_path(
|
|
17
|
+
APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
|
|
18
18
|
load 'rails/tasks/engine.rake'
|
|
19
19
|
|
|
20
|
-
|
|
21
20
|
load 'rails/tasks/statistics.rake'
|
|
22
21
|
|
|
23
|
-
|
|
24
|
-
|
|
25
22
|
require 'bundler/gem_tasks'
|
|
26
23
|
|
|
27
24
|
require 'rake/testtask'
|
|
25
|
+
require 'rubocop/rake_task'
|
|
26
|
+
|
|
27
|
+
RuboCop::RakeTask.new(:rubocop) do |t|
|
|
28
|
+
t.options = ['--display-cop-names']
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
require 'bundler/audit/task'
|
|
32
|
+
Bundler::Audit::Task.new
|
|
28
33
|
|
|
29
34
|
Rake::TestTask.new(:test) do |t|
|
|
30
35
|
t.libs << 'test'
|
|
@@ -32,5 +37,6 @@ Rake::TestTask.new(:test) do |t|
|
|
|
32
37
|
t.verbose = false
|
|
33
38
|
end
|
|
34
39
|
|
|
35
|
-
|
|
36
40
|
task default: :test
|
|
41
|
+
task default: 'bundle:audit'
|
|
42
|
+
task default: :rubocop
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require_dependency
|
|
1
|
+
require_dependency 'spid/rails/application_controller'
|
|
2
2
|
|
|
3
3
|
module Spid
|
|
4
4
|
module Rails
|
|
@@ -13,9 +13,9 @@ module Spid
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def create
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
_logout_response = SloResponse.new(params[:SAMLResponse],
|
|
17
|
+
session[:spid_slo_id],
|
|
18
|
+
slo_params)
|
|
19
19
|
# TODO: approfondire validazione logout
|
|
20
20
|
destroy_spid_session
|
|
21
21
|
redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo'
|
data/app/models/spid/idp.rb
CHANGED
|
@@ -1,19 +1,32 @@
|
|
|
1
1
|
module Spid
|
|
2
2
|
|
|
3
3
|
class Idp
|
|
4
|
+
@list = YAML.load_file(
|
|
5
|
+
Spid::Rails::Engine.root.join('config', 'spid-rails', 'idp_list.yml')
|
|
6
|
+
)
|
|
4
7
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
8
|
+
attr_reader :metadata_url
|
|
9
|
+
|
|
10
|
+
def self.find(name)
|
|
11
|
+
raise 'Idp not found' unless @list.key?(name)
|
|
12
|
+
idp_attributes = @list[name]
|
|
13
|
+
new(idp_attributes.symbolize_keys)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def self.import(file_path)
|
|
17
|
+
list = YAML.load_file(file_path)[::Rails.env]
|
|
18
|
+
list.each do |name, params|
|
|
19
|
+
@list[name] = params
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def initialize(metadata_url:, validate_cert: true)
|
|
24
|
+
@metadata_url = metadata_url
|
|
25
|
+
@validate_cert = validate_cert
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def validate_cert?
|
|
29
|
+
@validate_cert
|
|
17
30
|
end
|
|
18
31
|
|
|
19
32
|
end
|
data/app/models/spid/metadata.rb
CHANGED
|
@@ -42,7 +42,7 @@ module Spid
|
|
|
42
42
|
key = OpenSSL::PKey::RSA.new settings[:private_key]
|
|
43
43
|
key_size = key.n.num_bytes * 8
|
|
44
44
|
if key_size < 1024
|
|
45
|
-
raise
|
|
45
|
+
raise 'Signature deve essere presente (impostare una chiave di almeno a 1024 bit'
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
|
|
@@ -58,7 +58,6 @@ module Spid
|
|
|
58
58
|
save and @to_xml
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
|
|
62
61
|
def self.xml_namespaces
|
|
63
62
|
{
|
|
64
63
|
saml: 'urn:oasis:names:tc:SAML:2.0:assertion',
|
|
@@ -68,7 +67,6 @@ module Spid
|
|
|
68
67
|
xenc: 'http://www.w3.org/2001/04/xmlenc#',
|
|
69
68
|
xs: 'http://www.w3.org/2001/XMLSchema'
|
|
70
69
|
}
|
|
71
|
-
|
|
72
70
|
end
|
|
73
71
|
|
|
74
72
|
end
|
data/app/models/spid/settings.rb
CHANGED
|
@@ -2,7 +2,6 @@ module Spid
|
|
|
2
2
|
|
|
3
3
|
class Settings
|
|
4
4
|
|
|
5
|
-
|
|
6
5
|
attr_accessor :host
|
|
7
6
|
|
|
8
7
|
attr_accessor :metadata_path
|
|
@@ -25,7 +24,6 @@ module Spid
|
|
|
25
24
|
|
|
26
25
|
attr_accessor :relay_state
|
|
27
26
|
|
|
28
|
-
|
|
29
27
|
def initialize spid_params
|
|
30
28
|
@metadata_path = Spid::Rails.app_metadata_path
|
|
31
29
|
@sso_path = Spid::Rails.app_sso_path
|
|
@@ -51,10 +49,9 @@ module Spid
|
|
|
51
49
|
}
|
|
52
50
|
end
|
|
53
51
|
|
|
54
|
-
|
|
55
52
|
def sp_attributes
|
|
56
53
|
{
|
|
57
|
-
issuer: host
|
|
54
|
+
issuer: host,
|
|
58
55
|
assertion_consumer_service_url: host + sso_path,
|
|
59
56
|
single_logout_service_url: host + slo_path,
|
|
60
57
|
private_key: File.read("#{::Rails.root}/#{keys_path}/private_key.pem"),
|
|
@@ -64,11 +61,12 @@ module Spid
|
|
|
64
61
|
end
|
|
65
62
|
|
|
66
63
|
def idp_attributes
|
|
67
|
-
|
|
64
|
+
idp = Spid::Idp.find(@idp.to_s)
|
|
65
|
+
bindings = @bindings.map { |verb| self.class.saml_bindings[verb] }
|
|
68
66
|
parser = OneLogin::RubySaml::IdpMetadataParser.new
|
|
69
|
-
parser.parse_remote_to_hash
|
|
70
|
-
|
|
71
|
-
sso_binding:
|
|
67
|
+
parser.parse_remote_to_hash idp.metadata_url,
|
|
68
|
+
idp.validate_cert?,
|
|
69
|
+
sso_binding: bindings
|
|
72
70
|
end
|
|
73
71
|
|
|
74
72
|
private
|
|
@@ -84,8 +82,8 @@ module Spid
|
|
|
84
82
|
# TODO spostare in utils
|
|
85
83
|
def self.saml_bindings
|
|
86
84
|
{
|
|
87
|
-
post:
|
|
88
|
-
redirect:
|
|
85
|
+
post: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
|
86
|
+
redirect: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
|
|
89
87
|
}
|
|
90
88
|
end
|
|
91
89
|
|
|
@@ -11,10 +11,10 @@ module Spid
|
|
|
11
11
|
|
|
12
12
|
def valid?
|
|
13
13
|
if settings[:idp_sso_target_url].blank?
|
|
14
|
-
raise
|
|
14
|
+
raise 'Destination deve essere presente (impostare idp_sso_target_url)'
|
|
15
15
|
end
|
|
16
16
|
if settings[:authn_context].last != '1' && settings[:force_authn] != true
|
|
17
|
-
raise
|
|
17
|
+
raise 'ForceAuthn deve essere presente per livelli di aitenticazione diversi da SPIDL1 (impostare force_authn a true)'
|
|
18
18
|
end
|
|
19
19
|
if settings[:authn_context_comparison] != 'minimum'
|
|
20
20
|
raise "AuthnContextComparison deve essere settato a 'minimum' (impostare authn_context_comparison a 'minimum')"
|
data/config/routes.rb
CHANGED
|
@@ -4,9 +4,13 @@ end
|
|
|
4
4
|
|
|
5
5
|
Spid::Rails::Engine.routes.draw do
|
|
6
6
|
resource :metadata, only: :show,
|
|
7
|
-
|
|
8
|
-
resource :sso, only: [:new, :create],
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
path: Spid::Rails.metadata_path
|
|
8
|
+
resource :sso, only: [:new, :create],
|
|
9
|
+
controller: :single_sign_ons,
|
|
10
|
+
path: Spid::Rails.sso_path
|
|
11
|
+
resource :slo, only: [:new, :create],
|
|
12
|
+
controller: :single_logout_operations,
|
|
13
|
+
path: Spid::Rails.slo_path do
|
|
14
|
+
get '/', to: 'single_logout_operations#create'
|
|
15
|
+
end
|
|
12
16
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
aruba:
|
|
2
|
+
metadata_url: 'https://loginspid.aruba.it/metadata'
|
|
3
|
+
validate_cert: true
|
|
4
|
+
infocert:
|
|
5
|
+
metadata_url: 'https://identity.infocert.it/metadata/metadata.xml'
|
|
6
|
+
validate_cert: true
|
|
7
|
+
namirial:
|
|
8
|
+
metadata_url: 'https://idp.namirialtsp.com/idp/metadata'
|
|
9
|
+
validate_cert: true
|
|
10
|
+
poste:
|
|
11
|
+
metadata_url: 'https://posteid.poste.it/jod-fs/metadata/metadata.xml'
|
|
12
|
+
validate_cert: true
|
|
13
|
+
poste_test:
|
|
14
|
+
metadata_url: 'http://spidposte.test.poste.it/jod-fs/metadata/idp.xml'
|
|
15
|
+
validate_cert: false
|
|
16
|
+
spiditalia:
|
|
17
|
+
metadata_url: 'https://spid.register.it/login/metadata'
|
|
18
|
+
validate_cert: true
|
|
19
|
+
sielte:
|
|
20
|
+
metadata_url: 'https://identity.sieltecloud.it/simplesaml/metadata.xml'
|
|
21
|
+
validate_cert: true
|
|
22
|
+
tim:
|
|
23
|
+
metadata_url: 'https://login.id.tim.it/spid-services/MetadataBrowser/idp'
|
|
24
|
+
validate_cert: true
|
|
@@ -5,12 +5,12 @@ module Spid
|
|
|
5
5
|
|
|
6
6
|
class ConfigGenerator < ::Rails::Generators::Base
|
|
7
7
|
|
|
8
|
-
source_root File.expand_path(
|
|
8
|
+
source_root File.expand_path('templates', __dir__)
|
|
9
9
|
|
|
10
|
-
desc
|
|
10
|
+
desc 'Crea il file di configurazione di spid (config/initializers/spid-rails.rb).'
|
|
11
11
|
|
|
12
12
|
def create_initializer_file
|
|
13
|
-
template
|
|
13
|
+
template 'spid-rails.rb', './config/initializers/spid-rails.rb'
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Spid
|
|
2
|
+
module Rails
|
|
3
|
+
|
|
4
|
+
module Generators
|
|
5
|
+
|
|
6
|
+
class IdpImporterGenerator < ::Rails::Generators::Base
|
|
7
|
+
|
|
8
|
+
source_root File.expand_path('templates', __dir__)
|
|
9
|
+
|
|
10
|
+
desc 'Crea il file di import custom degli Idp (config/spid-rails/idp_import.yml).'
|
|
11
|
+
|
|
12
|
+
def create_import_file
|
|
13
|
+
template 'idp_import.yml', './config/spid-rails/idp_import.yml'
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -7,11 +7,11 @@ module Spid
|
|
|
7
7
|
class_option :cn, type: :string, default: 'spid-rails-test', desc: 'Common name for the X509 certificate'
|
|
8
8
|
class_option :size, type: :numeric, default: 1024, desc: 'RSA key bit size'
|
|
9
9
|
class_option :digest, type: :string, default: 'SHA256', desc: 'Digest algorithm for signing the certificate'
|
|
10
|
-
class_option :validity, type: :numeric, default: 1, desc:
|
|
10
|
+
class_option :validity, type: :numeric, default: 1, desc: 'Certificate validity expressed in months'
|
|
11
11
|
|
|
12
12
|
desc "Description:\n" +
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
" Generate a RSA key and use it to generate a self-signed certificate in the keys path\n" +
|
|
14
|
+
' WARNING: this generator is ment to be used only for testing purpose.'
|
|
15
15
|
|
|
16
16
|
def create_key
|
|
17
17
|
@key = OpenSSL::PKey::RSA.new options[:size]
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Identity Providers are loaded on a per environment basis
|
|
2
|
+
|
|
3
|
+
development:
|
|
4
|
+
agid_test:
|
|
5
|
+
metadata_url: https://idp.spid.gov.it:8080/assets/idp-metadata.xml
|
|
6
|
+
validate_cert: false
|
|
7
|
+
|
|
8
|
+
test:
|
|
9
|
+
local_test:
|
|
10
|
+
metadata_url: https://localhost:8080/assets/idp-metadata.xml
|
|
11
|
+
validate_cert: false
|
|
@@ -1,12 +1,9 @@
|
|
|
1
|
-
# Impostazioni di default dello Spid Engine
|
|
2
|
-
|
|
3
1
|
Spid::Rails.tap do |config|
|
|
4
|
-
|
|
5
2
|
# Mount point di Spid sull'applicazione
|
|
6
3
|
# default: 'spid'
|
|
7
4
|
# config.mount_point = 'spid'
|
|
8
5
|
|
|
9
|
-
# Url alla quale
|
|
6
|
+
# Url alla quale e' disponibile il metadata del provider
|
|
10
7
|
# default: 'metadata'
|
|
11
8
|
# config.metadata_path = 'metadata'
|
|
12
9
|
|
|
@@ -26,5 +23,4 @@ Spid::Rails.tap do |config|
|
|
|
26
23
|
# Livello di crittografia SHA per la generazione delle signature
|
|
27
24
|
# default: 256
|
|
28
25
|
# config.sha = 256
|
|
29
|
-
|
|
30
26
|
end
|
data/lib/spid-rails/engine.rb
CHANGED
|
@@ -6,6 +6,12 @@ module Spid
|
|
|
6
6
|
|
|
7
7
|
class Engine < ::Rails::Engine
|
|
8
8
|
isolate_namespace Spid::Rails
|
|
9
|
+
|
|
10
|
+
initializer 'spid-rails.load_custom_idp_list' do
|
|
11
|
+
path_to_list = ::Rails.root.join('config', 'spid-rails', 'idp_import.yml')
|
|
12
|
+
Spid::Idp.import(path_to_list) if File.exist?(path_to_list)
|
|
13
|
+
end
|
|
14
|
+
|
|
9
15
|
end
|
|
10
16
|
|
|
11
17
|
end
|
|
@@ -7,38 +7,38 @@ module OneLogin
|
|
|
7
7
|
class Authrequest
|
|
8
8
|
|
|
9
9
|
def create_xml_document(settings)
|
|
10
|
-
time = Time.now.utc.strftime(
|
|
10
|
+
time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
|
|
11
11
|
|
|
12
12
|
request_doc = XMLSecurity::Document.new
|
|
13
13
|
request_doc.uuid = uuid
|
|
14
14
|
|
|
15
|
-
root = request_doc.add_element
|
|
15
|
+
root = request_doc.add_element 'samlp:AuthnRequest', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', 'xmlns:saml' => 'urn:oasis:names:tc:SAML:2.0:assertion' }
|
|
16
16
|
root.attributes['ID'] = uuid
|
|
17
17
|
root.attributes['IssueInstant'] = time
|
|
18
|
-
root.attributes['Version'] =
|
|
18
|
+
root.attributes['Version'] = '2.0'
|
|
19
19
|
root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
|
|
20
20
|
root.attributes['IsPassive'] = settings.passive unless settings.passive.nil?
|
|
21
21
|
root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil?
|
|
22
|
-
root.attributes[
|
|
22
|
+
root.attributes['AttributeConsumingServiceIndex'] = settings.attributes_index unless settings.attributes_index.nil?
|
|
23
23
|
root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil?
|
|
24
24
|
|
|
25
25
|
# Conditionally defined elements based on settings
|
|
26
26
|
if settings.assertion_consumer_service_url != nil
|
|
27
|
-
root.attributes[
|
|
27
|
+
root.attributes['AssertionConsumerServiceURL'] = settings.assertion_consumer_service_url
|
|
28
28
|
end
|
|
29
|
-
#NameQualifier e Format da requisiti SPID
|
|
29
|
+
# NameQualifier e Format da requisiti SPID
|
|
30
30
|
if settings.issuer != nil
|
|
31
|
-
issuer = root.add_element
|
|
32
|
-
|
|
33
|
-
|
|
31
|
+
issuer = root.add_element 'saml:Issuer', {
|
|
32
|
+
'NameQualifier' => settings.issuer,
|
|
33
|
+
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
34
34
|
}
|
|
35
35
|
issuer.text = settings.issuer
|
|
36
36
|
end
|
|
37
37
|
if settings.name_identifier_format != nil
|
|
38
|
-
root.add_element
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
root.add_element 'samlp:NameIDPolicy', {
|
|
39
|
+
# Might want to make AllowCreate a setting?
|
|
40
|
+
'AllowCreate' => 'true',
|
|
41
|
+
'Format' => settings.name_identifier_format
|
|
42
42
|
}
|
|
43
43
|
end
|
|
44
44
|
|
|
@@ -50,14 +50,14 @@ module OneLogin
|
|
|
50
50
|
comparison = 'exact'
|
|
51
51
|
end
|
|
52
52
|
|
|
53
|
-
requested_context = root.add_element
|
|
54
|
-
|
|
53
|
+
requested_context = root.add_element 'samlp:RequestedAuthnContext', {
|
|
54
|
+
'Comparison' => comparison,
|
|
55
55
|
}
|
|
56
56
|
|
|
57
57
|
if settings.authn_context != nil
|
|
58
58
|
authn_contexts_class_ref = settings.authn_context.is_a?(Array) ? settings.authn_context : [settings.authn_context]
|
|
59
59
|
authn_contexts_class_ref.each do |authn_context_class_ref|
|
|
60
|
-
class_ref = requested_context.add_element
|
|
60
|
+
class_ref = requested_context.add_element 'saml:AuthnContextClassRef'
|
|
61
61
|
class_ref.text = authn_context_class_ref
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -65,7 +65,7 @@ module OneLogin
|
|
|
65
65
|
if settings.authn_context_decl_ref != nil
|
|
66
66
|
authn_contexts_decl_refs = settings.authn_context_decl_ref.is_a?(Array) ? settings.authn_context_decl_ref : [settings.authn_context_decl_ref]
|
|
67
67
|
authn_contexts_decl_refs.each do |authn_context_decl_ref|
|
|
68
|
-
decl_ref = requested_context.add_element
|
|
68
|
+
decl_ref = requested_context.add_element 'saml:AuthnContextDeclRef'
|
|
69
69
|
decl_ref.text = authn_context_decl_ref
|
|
70
70
|
end
|
|
71
71
|
end
|
data/lib/spid-rails/version.rb
CHANGED
data/lib/spid-rails.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'spid-rails/engine'
|
|
2
2
|
|
|
3
3
|
module Spid
|
|
4
4
|
module Rails
|
|
@@ -7,7 +7,7 @@ module Spid
|
|
|
7
7
|
mattr_accessor :mount_point
|
|
8
8
|
@@mount_point = 'spid'
|
|
9
9
|
|
|
10
|
-
# Url alla quale
|
|
10
|
+
# Url alla quale e' disponibile il metadata del provider
|
|
11
11
|
mattr_accessor :metadata_path
|
|
12
12
|
@@metadata_path = 'metadata'
|
|
13
13
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alessandro Descovi, Giacomo Bertoldi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -34,16 +34,16 @@ dependencies:
|
|
|
34
34
|
name: ruby-saml
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
|
-
- -
|
|
37
|
+
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 1.
|
|
39
|
+
version: 1.8.0
|
|
40
40
|
type: :runtime
|
|
41
41
|
prerelease: false
|
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
|
-
- -
|
|
44
|
+
- - "~>"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: 1.
|
|
46
|
+
version: 1.8.0
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: rails-html-sanitizer
|
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -64,6 +64,48 @@ dependencies:
|
|
|
64
64
|
- - ">="
|
|
65
65
|
- !ruby/object:Gem::Version
|
|
66
66
|
version: 1.0.4
|
|
67
|
+
- !ruby/object:Gem::Dependency
|
|
68
|
+
name: bundler-audit
|
|
69
|
+
requirement: !ruby/object:Gem::Requirement
|
|
70
|
+
requirements:
|
|
71
|
+
- - ">="
|
|
72
|
+
- !ruby/object:Gem::Version
|
|
73
|
+
version: '0'
|
|
74
|
+
type: :development
|
|
75
|
+
prerelease: false
|
|
76
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
77
|
+
requirements:
|
|
78
|
+
- - ">="
|
|
79
|
+
- !ruby/object:Gem::Version
|
|
80
|
+
version: '0'
|
|
81
|
+
- !ruby/object:Gem::Dependency
|
|
82
|
+
name: rubocop
|
|
83
|
+
requirement: !ruby/object:Gem::Requirement
|
|
84
|
+
requirements:
|
|
85
|
+
- - ">="
|
|
86
|
+
- !ruby/object:Gem::Version
|
|
87
|
+
version: '0'
|
|
88
|
+
type: :development
|
|
89
|
+
prerelease: false
|
|
90
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
91
|
+
requirements:
|
|
92
|
+
- - ">="
|
|
93
|
+
- !ruby/object:Gem::Version
|
|
94
|
+
version: '0'
|
|
95
|
+
- !ruby/object:Gem::Dependency
|
|
96
|
+
name: simplecov
|
|
97
|
+
requirement: !ruby/object:Gem::Requirement
|
|
98
|
+
requirements:
|
|
99
|
+
- - ">="
|
|
100
|
+
- !ruby/object:Gem::Version
|
|
101
|
+
version: '0'
|
|
102
|
+
type: :development
|
|
103
|
+
prerelease: false
|
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
+
requirements:
|
|
106
|
+
- - ">="
|
|
107
|
+
- !ruby/object:Gem::Version
|
|
108
|
+
version: '0'
|
|
67
109
|
- !ruby/object:Gem::Dependency
|
|
68
110
|
name: sqlite3
|
|
69
111
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,8 +156,11 @@ files:
|
|
|
114
156
|
- app/models/spid/sso_response.rb
|
|
115
157
|
- app/views/layouts/spid-rails/application.html.erb
|
|
116
158
|
- config/routes.rb
|
|
159
|
+
- config/spid-rails/idp_list.yml
|
|
117
160
|
- lib/generators/spid/rails/config_generator.rb
|
|
161
|
+
- lib/generators/spid/rails/idp_importer_generator.rb
|
|
118
162
|
- lib/generators/spid/rails/keys_generator.rb
|
|
163
|
+
- lib/generators/spid/rails/templates/idp_import.yml
|
|
119
164
|
- lib/generators/spid/rails/templates/spid-rails.rb
|
|
120
165
|
- lib/spid-rails.rb
|
|
121
166
|
- lib/spid-rails/engine.rb
|