spid-rails 0.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -5
- data/Rakefile +1 -1
- data/app/assets/config/spid-rails_manifest.js +2 -0
- data/app/assets/javascripts/{spid_rails → spid-rails}/application.js +0 -0
- data/app/assets/javascripts/{spid_rails → spid-rails}/metadata.js +0 -0
- data/app/assets/stylesheets/{spid_rails → spid-rails}/application.css +0 -0
- data/app/assets/stylesheets/{spid_rails → spid-rails}/metadata.css +0 -0
- data/app/controllers/spid/rails/application_controller.rb +9 -0
- data/app/controllers/spid/rails/metadata_controller.rb +17 -0
- data/app/controllers/spid/rails/single_logout_operations_controller.rb +45 -0
- data/app/controllers/spid/rails/single_sign_ons_controller.rb +38 -0
- data/app/helpers/spid/rails/application_helper.rb +8 -0
- data/app/jobs/spid/rails/application_job.rb +8 -0
- data/app/mailers/spid/rails/application_mailer.rb +10 -0
- data/app/models/{spid_rails → spid}/certificate.rb +1 -1
- data/app/models/{spid_rails → spid}/idp.rb +2 -2
- data/app/models/{spid_rails → spid}/metadata.rb +4 -4
- data/app/models/spid/rails/application_record.rb +9 -0
- data/app/models/{spid_rails → spid}/settings/metadata.rb +2 -2
- data/app/models/{spid_rails → spid}/settings/slo.rb +1 -1
- data/app/models/{spid_rails → spid}/settings/sso.rb +1 -1
- data/app/models/{spid_rails → spid}/settings.rb +11 -10
- data/app/models/{spid_rails → spid}/slo_request.rb +2 -2
- data/app/models/{spid_rails → spid}/slo_response.rb +2 -2
- data/app/models/{spid_rails → spid}/sso_request.rb +3 -3
- data/app/models/{spid_rails → spid}/sso_response.rb +2 -2
- data/app/views/layouts/{spid_rails → spid-rails}/application.html.erb +2 -2
- data/config/routes.rb +5 -5
- data/lib/generators/spid/rails/config_generator.rb +21 -0
- data/lib/generators/spid/rails/keys_generator.rb +45 -0
- data/lib/generators/{spid_rails/templates/spid_rails.rb → spid/rails/templates/spid-rails.rb} +1 -1
- data/lib/spid-rails/engine.rb +12 -0
- data/lib/{spid_rails → spid-rails}/onelogin/rubysaml/authrequest.rb +0 -0
- data/lib/spid-rails/version.rb +7 -0
- data/lib/spid-rails.rb +44 -0
- data/lib/tasks/{spid_rails_tasks.rake → spid-rails_tasks.rake} +1 -1
- metadata +59 -38
- data/app/assets/config/spid_rails_manifest.js +0 -2
- data/app/controllers/spid_rails/application_controller.rb +0 -5
- data/app/controllers/spid_rails/metadata_controller.rb +0 -15
- data/app/controllers/spid_rails/single_logout_operations_controller.rb +0 -43
- data/app/controllers/spid_rails/single_sign_ons_controller.rb +0 -36
- data/app/helpers/spid_rails/application_helper.rb +0 -4
- data/app/jobs/spid_rails/application_job.rb +0 -4
- data/app/mailers/spid_rails/application_mailer.rb +0 -6
- data/app/models/spid_rails/application_record.rb +0 -5
- data/lib/generators/spid_rails/config_generator.rb +0 -18
- data/lib/spid_rails/engine.rb +0 -8
- data/lib/spid_rails/version.rb +0 -3
- data/lib/spid_rails.rb +0 -42
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f108d0b31001c264c51796b9df4aa5454700f688
|
|
4
|
+
data.tar.gz: a019ec7b7ca6e8b987130833b9e3d523675efe02
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bfc44ee3993d4b12ba11f05963c249a44a0b63d0ddaf4fcfe7aacc78cb366d35c488f4554c38352cb023ccacbb788a93399dcf4b9722e99bab53df1a0098f76c
|
|
7
|
+
data.tar.gz: 9d40620088768d93ffba95d18d501a54f9dc70622cbadf88525805c23342476d41e6127c552459b3ae1aa1bb18b7c845a4f55274c7089cd363ffed1d6af5643d
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# spid-rails 0.1.
|
|
1
|
+
# spid-rails 0.1.2
|
|
2
2
|
Autenticazione SPID per Ruby on Rails.
|
|
3
3
|
Questa gemma si appoggia alla gemma [ruby-saml](https://github.com/onelogin/ruby-saml).
|
|
4
4
|
|
|
@@ -18,7 +18,7 @@ repository: https://github.com/rubynetti/rubynetti-rails
|
|
|
18
18
|
All'interno del Gemfile indicare questa gemma:
|
|
19
19
|
|
|
20
20
|
```ruby
|
|
21
|
-
gem 'spid-rails'
|
|
21
|
+
gem 'spid-rails'
|
|
22
22
|
```
|
|
23
23
|
|
|
24
24
|
Eseguire
|
|
@@ -38,7 +38,7 @@ Il metadata generato può essere utilizzato per farsi accreditare e in seguito d
|
|
|
38
38
|
Per creare il file di configurazione:
|
|
39
39
|
|
|
40
40
|
```bash
|
|
41
|
-
$ rails g
|
|
41
|
+
$ rails g spid:rails:config
|
|
42
42
|
```
|
|
43
43
|
|
|
44
44
|
Il file viene aggiunto agli initializer dell'applicazione e permette il settaggio personalizzato del mount-point dell'engine e i relativi end-point per le procedure Spid di login, logout e visualizzazione del metadata del Service Provider.
|
|
@@ -46,11 +46,11 @@ Il file viene aggiunto agli initializer dell'applicazione e permette il settaggi
|
|
|
46
46
|
Le restanti impostazioni permettono di configurare il percorso di sistema dove reperire la coppia chiave privata/certificato e il livello di crittografia per l'eventuale signature.
|
|
47
47
|
|
|
48
48
|
```ruby
|
|
49
|
-
# config/initializers/
|
|
49
|
+
# config/initializers/spid-rails.rb
|
|
50
50
|
|
|
51
51
|
# Impostazioni di default dello Spid Engine
|
|
52
52
|
|
|
53
|
-
|
|
53
|
+
Spid::Rails.tap do |config|
|
|
54
54
|
|
|
55
55
|
# Mount point di Spid sull'applicazione
|
|
56
56
|
# default: 'spid'
|
data/Rakefile
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require_dependency "spid/rails/application_controller"
|
|
2
|
+
|
|
3
|
+
# Metadata del Service Provider
|
|
4
|
+
module Spid
|
|
5
|
+
module Rails
|
|
6
|
+
|
|
7
|
+
class MetadataController < ApplicationController
|
|
8
|
+
|
|
9
|
+
def show
|
|
10
|
+
metadata = Metadata.create(host: main_app.root_url)
|
|
11
|
+
render xml: metadata.to_xml
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
require_dependency "spid/rails/application_controller"
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
class SingleLogoutOperationsController < ApplicationController
|
|
7
|
+
skip_before_action :verify_authenticity_token, only: :create
|
|
8
|
+
|
|
9
|
+
def new
|
|
10
|
+
logout_request = SloRequest.new(slo_params)
|
|
11
|
+
redirect_to logout_request.to_saml
|
|
12
|
+
session[:spid_slo_id] = logout_request.uuid
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def create
|
|
16
|
+
logout_response = SloResponse.new(params[:SAMLResponse],
|
|
17
|
+
session[:spid_slo_id],
|
|
18
|
+
slo_params)
|
|
19
|
+
# TODO: approfondire validazione logout
|
|
20
|
+
destroy_spid_session
|
|
21
|
+
redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
|
|
26
|
+
def slo_params
|
|
27
|
+
{
|
|
28
|
+
host: main_app.root_url,
|
|
29
|
+
idp: session[:sso_params]['idp'],
|
|
30
|
+
session_index: session[:spid_index]
|
|
31
|
+
}
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def destroy_spid_session
|
|
35
|
+
session[:sso_params] = nil
|
|
36
|
+
session[:spid_index] = nil
|
|
37
|
+
session[:spid_slo_id] = nil
|
|
38
|
+
session[:spid_relay_state] = nil
|
|
39
|
+
session[:spid_login_time] = nil
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
require_dependency "spid/rails/application_controller"
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
class SingleSignOnsController < ApplicationController
|
|
7
|
+
skip_before_action :verify_authenticity_token, only: :create
|
|
8
|
+
|
|
9
|
+
def new
|
|
10
|
+
request = SsoRequest.new(sso_params)
|
|
11
|
+
redirect_to request.to_saml
|
|
12
|
+
session[:sso_params] = sso_params
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def create
|
|
16
|
+
response = SsoResponse.new(params[:SAMLResponse], session[:sso_params])
|
|
17
|
+
if response.valid?
|
|
18
|
+
session[:spid_index] = response.session_index
|
|
19
|
+
session[:spid_login_time] = Time.now
|
|
20
|
+
redirect_to session[:relay_state] || main_app.root_path, notice: 'Utente autenticato con successo'
|
|
21
|
+
else
|
|
22
|
+
redirect_to main_app.root_path, notice: 'Autenticazione fallita'
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def sso_params
|
|
29
|
+
sso_params = params.require(:sso).permit(:idp, :spid_level, bindings: [])
|
|
30
|
+
sso_params[:host] = main_app.root_url
|
|
31
|
+
sso_params[:relay_state] = session[:spid_relay_state] || main_app.root_url
|
|
32
|
+
sso_params
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class Idp
|
|
4
4
|
|
|
@@ -8,7 +8,7 @@ module SpidRails
|
|
|
8
8
|
'aruba' => 'https://loginspid.aruba.it/metadata',
|
|
9
9
|
'infocert' => 'https://identity.infocert.it/metadata/metadata.xml',
|
|
10
10
|
'namirial' => 'https://idp.namirialtsp.com/idp/metadata',
|
|
11
|
-
'poste' => '
|
|
11
|
+
'poste' => 'https://posteid.poste.it/jod-fs/metadata/metadata.xml',
|
|
12
12
|
'poste_test' => 'http://spidposte.test.poste.it/jod-fs/metadata/idp.xml',
|
|
13
13
|
'spiditalia' => 'https://spid.register.it/login/metadata',
|
|
14
14
|
'sielte' => 'https://identity.sieltecloud.it/simplesaml/metadata.xml',
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class Metadata
|
|
4
4
|
attr_accessor :settings
|
|
@@ -9,7 +9,7 @@ module SpidRails
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def initialize spid_params
|
|
12
|
-
spid_settings =
|
|
12
|
+
spid_settings = Settings::Metadata.new(spid_params)
|
|
13
13
|
@settings = spid_settings.to_hash
|
|
14
14
|
end
|
|
15
15
|
|
|
@@ -25,14 +25,14 @@ module SpidRails
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def validate_signature_encryption
|
|
28
|
-
signature_algorithms =
|
|
28
|
+
signature_algorithms = Certificate.signature_algorithms
|
|
29
29
|
if signature_algorithms.exclude?(settings[:security][:signature_method])
|
|
30
30
|
raise 'Signature deve essere presente (impostare encryption sha a 256, 384, 512)'
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def validate_digest_encryption
|
|
35
|
-
digest_algorithms =
|
|
35
|
+
digest_algorithms = Certificate.digest_algorithms
|
|
36
36
|
if digest_algorithms.exclude?(settings[:security][:digest_method])
|
|
37
37
|
raise 'Signature deve essere presente (impostare encryption sha a 256, 384, 512)'
|
|
38
38
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class Settings
|
|
4
4
|
|
|
@@ -27,11 +27,11 @@ module SpidRails
|
|
|
27
27
|
|
|
28
28
|
|
|
29
29
|
def initialize spid_params
|
|
30
|
-
@metadata_path =
|
|
31
|
-
@sso_path =
|
|
32
|
-
@slo_path =
|
|
33
|
-
@keys_path =
|
|
34
|
-
@sha =
|
|
30
|
+
@metadata_path = Spid::Rails.app_metadata_path
|
|
31
|
+
@sso_path = Spid::Rails.app_sso_path
|
|
32
|
+
@slo_path = Spid::Rails.app_slo_path
|
|
33
|
+
@keys_path = Spid::Rails.keys_path
|
|
34
|
+
@sha = Spid::Rails.sha
|
|
35
35
|
@bindings = [:redirect]
|
|
36
36
|
@spid_level = 1
|
|
37
37
|
spid_params.each do |k, v|
|
|
@@ -40,12 +40,13 @@ module SpidRails
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def security_attributes
|
|
43
|
-
dig_alg =
|
|
44
|
-
sig_alg =
|
|
43
|
+
dig_alg = Certificate.digest_algorithm(@sha)
|
|
44
|
+
sig_alg = Certificate.signature_algorithm(@sha)
|
|
45
45
|
{
|
|
46
46
|
metadata_signed: true,
|
|
47
47
|
digest_method: dig_alg,
|
|
48
48
|
signature_method: sig_alg,
|
|
49
|
+
authn_requests_signed: true,
|
|
49
50
|
want_assertions_signed: true
|
|
50
51
|
}
|
|
51
52
|
end
|
|
@@ -56,8 +57,8 @@ module SpidRails
|
|
|
56
57
|
issuer: host + metadata_path,
|
|
57
58
|
assertion_consumer_service_url: host + sso_path,
|
|
58
59
|
single_logout_service_url: host + slo_path,
|
|
59
|
-
private_key: File.read("#{Rails.root}/#{keys_path}/private_key.pem"),
|
|
60
|
-
certificate: File.read("#{Rails.root}/#{keys_path}/certificate.pem"),
|
|
60
|
+
private_key: File.read("#{::Rails.root}/#{keys_path}/private_key.pem"),
|
|
61
|
+
certificate: File.read("#{::Rails.root}/#{keys_path}/certificate.pem"),
|
|
61
62
|
security: security_attributes
|
|
62
63
|
}
|
|
63
64
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SloRequest
|
|
4
4
|
|
|
5
5
|
def initialize slo_params
|
|
6
|
-
spid_settings =
|
|
6
|
+
spid_settings = Settings::Slo.new(slo_params)
|
|
7
7
|
@settings = spid_settings.to_hash
|
|
8
8
|
@request = OneLogin::RubySaml::Logoutrequest.new
|
|
9
9
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SloResponse
|
|
4
4
|
|
|
5
5
|
def initialize saml_response, slo_id, slo_params
|
|
6
|
-
spid_settings =
|
|
6
|
+
spid_settings = Settings::Slo.new(slo_params)
|
|
7
7
|
settings = OneLogin::RubySaml::Settings.new(spid_settings.to_hash)
|
|
8
8
|
@response = OneLogin::RubySaml::Logoutresponse.new(saml_response,
|
|
9
9
|
settings,
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SsoRequest
|
|
4
4
|
|
|
5
5
|
attr_accessor :settings
|
|
6
6
|
|
|
7
7
|
def initialize spid_params
|
|
8
|
-
spid_settings =
|
|
8
|
+
spid_settings = Settings::Sso.new(spid_params)
|
|
9
9
|
@settings = spid_settings.to_hash
|
|
10
10
|
end
|
|
11
11
|
|
|
@@ -19,7 +19,7 @@ module SpidRails
|
|
|
19
19
|
if settings[:authn_context_comparison] != 'minimum'
|
|
20
20
|
raise "AuthnContextComparison deve essere settato a 'minimum' (impostare authn_context_comparison a 'minimum')"
|
|
21
21
|
end
|
|
22
|
-
if settings[:protocol_binding] !=
|
|
22
|
+
if settings[:protocol_binding] != Settings.saml_bindings[:post]
|
|
23
23
|
raise "Issuer deve contenere l'attributo ProtocolBinding con binding POST (impostare protocl_binding a ':post')"
|
|
24
24
|
end
|
|
25
25
|
end
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SsoResponse
|
|
4
4
|
|
|
5
5
|
def initialize saml_response, sso_params
|
|
6
6
|
response = OneLogin::RubySaml::Response.new(saml_response)
|
|
7
|
-
settings =
|
|
7
|
+
settings = Settings::Sso.new(sso_params)
|
|
8
8
|
saml_settings = OneLogin::RubySaml::Settings.new(settings.to_hash)
|
|
9
9
|
response.settings = saml_settings
|
|
10
10
|
@response = response
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
<html>
|
|
3
3
|
<head>
|
|
4
4
|
<title>Spid rails</title>
|
|
5
|
-
<%= stylesheet_link_tag "
|
|
6
|
-
<%= javascript_include_tag "
|
|
5
|
+
<%= stylesheet_link_tag "spid-rails/application", media: "all" %>
|
|
6
|
+
<%= javascript_include_tag "spid-rails/application" %>
|
|
7
7
|
<%= csrf_meta_tags %>
|
|
8
8
|
</head>
|
|
9
9
|
<body>
|
data/config/routes.rb
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
Rails.application.routes.draw do
|
|
2
|
-
mount
|
|
2
|
+
mount Spid::Rails::Engine, at: Spid::Rails.mount_point
|
|
3
3
|
end
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Spid::Rails::Engine.routes.draw do
|
|
6
6
|
resource :metadata, only: :show,
|
|
7
|
-
path:
|
|
7
|
+
path: Spid::Rails.metadata_path
|
|
8
8
|
resource :sso, only: [:new, :create], controller: :single_sign_ons,
|
|
9
|
-
path:
|
|
9
|
+
path: Spid::Rails.sso_path
|
|
10
10
|
resource :slo, only: [:new, :create], controller: :single_logout_operations,
|
|
11
|
-
path:
|
|
11
|
+
path: Spid::Rails.slo_path
|
|
12
12
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Spid
|
|
2
|
+
module Rails
|
|
3
|
+
|
|
4
|
+
module Generators
|
|
5
|
+
|
|
6
|
+
class ConfigGenerator < ::Rails::Generators::Base
|
|
7
|
+
|
|
8
|
+
source_root File.expand_path("../templates", __FILE__)
|
|
9
|
+
|
|
10
|
+
desc "Crea il file di configurazione di spid (config/initializers/spid-rails.rb)."
|
|
11
|
+
|
|
12
|
+
def create_initializer_file
|
|
13
|
+
template "spid-rails.rb", "./config/initializers/spid-rails.rb"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
module Spid
|
|
2
|
+
module Rails
|
|
3
|
+
|
|
4
|
+
module Generators
|
|
5
|
+
|
|
6
|
+
class KeysGenerator < ::Rails::Generators::Base
|
|
7
|
+
class_option :cn, type: :string, default: 'spid-rails-test', desc: 'Common name for the X509 certificate'
|
|
8
|
+
class_option :size, type: :numeric, default: 1024, desc: 'RSA key bit size'
|
|
9
|
+
class_option :digest, type: :string, default: 'SHA256', desc: 'Digest algorithm for signing the certificate'
|
|
10
|
+
class_option :validity, type: :numeric, default: 1, desc: "Certificate validity expressed in months"
|
|
11
|
+
|
|
12
|
+
desc "Description:\n" +
|
|
13
|
+
" Generate a RSA key and use it to generate a self-signed certificate in the keys path\n" +
|
|
14
|
+
" WARNING: this generator is ment to be used only for testing purpose."
|
|
15
|
+
|
|
16
|
+
def create_key
|
|
17
|
+
@key = OpenSSL::PKey::RSA.new options[:size]
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def create_certificate
|
|
21
|
+
name = OpenSSL::X509::Name.parse "CN=#{options[:cn]}"
|
|
22
|
+
sha_alg = OpenSSL::Digest.const_get(options[:digest]).new
|
|
23
|
+
@cert = OpenSSL::X509::Certificate.new
|
|
24
|
+
@cert.version = 2
|
|
25
|
+
@cert.serial = 0
|
|
26
|
+
@cert.not_before = Time.now
|
|
27
|
+
@cert.not_after = @cert.not_before + options[:validity].months
|
|
28
|
+
@cert.public_key = @key.public_key
|
|
29
|
+
@cert.subject = name
|
|
30
|
+
@cert.issuer = name
|
|
31
|
+
@cert.sign @key, sha_alg
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def write_keys
|
|
35
|
+
path = './' + Spid::Rails.keys_path
|
|
36
|
+
create_file path + 'private_key.pem', @key.to_pem
|
|
37
|
+
create_file path + 'certificate.pem', @cert.to_pem
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
File without changes
|
data/lib/spid-rails.rb
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require "spid-rails/engine"
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
# Mount point di Spid sull'applicazione
|
|
7
|
+
mattr_accessor :mount_point
|
|
8
|
+
@@mount_point = 'spid'
|
|
9
|
+
|
|
10
|
+
# Url alla quale è disponibile il metadata del provider
|
|
11
|
+
mattr_accessor :metadata_path
|
|
12
|
+
@@metadata_path = 'metadata'
|
|
13
|
+
|
|
14
|
+
# Url alla quale ricevere le risposte di autenticazione Saml
|
|
15
|
+
mattr_accessor :sso_path
|
|
16
|
+
@@sso_path = 'sso'
|
|
17
|
+
|
|
18
|
+
# Url alla quale ricevere le risposte di logout Saml
|
|
19
|
+
mattr_accessor :slo_path
|
|
20
|
+
@@slo_path = 'slo'
|
|
21
|
+
|
|
22
|
+
# Percorso relativo alla root dell'app
|
|
23
|
+
# al quale reperire la coppia chiave privata - certificato
|
|
24
|
+
mattr_accessor :keys_path
|
|
25
|
+
@@keys_path = 'lib/.keys/'
|
|
26
|
+
|
|
27
|
+
# Livello di crittografia SHA per la generazione delle signature
|
|
28
|
+
mattr_accessor :sha
|
|
29
|
+
@@sha = 256
|
|
30
|
+
|
|
31
|
+
def self.app_metadata_path
|
|
32
|
+
"#{mount_point}/#{@@metadata_path}"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def self.app_sso_path
|
|
36
|
+
"#{mount_point}/#{@@sso_path}"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.app_slo_path
|
|
40
|
+
"#{mount_point}/#{@@slo_path}"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
end
|
|
44
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alessandro Descovi, Giacomo Bertoldi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-04-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -44,20 +44,40 @@ dependencies:
|
|
|
44
44
|
- - '='
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: 1.5.0
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: rails-html-sanitizer
|
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - "~>"
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '1.0'
|
|
54
|
+
- - ">="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 1.0.4
|
|
57
|
+
type: :runtime
|
|
58
|
+
prerelease: false
|
|
59
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
60
|
+
requirements:
|
|
61
|
+
- - "~>"
|
|
62
|
+
- !ruby/object:Gem::Version
|
|
63
|
+
version: '1.0'
|
|
64
|
+
- - ">="
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: 1.0.4
|
|
47
67
|
- !ruby/object:Gem::Dependency
|
|
48
68
|
name: sqlite3
|
|
49
69
|
requirement: !ruby/object:Gem::Requirement
|
|
50
70
|
requirements:
|
|
51
71
|
- - "~>"
|
|
52
72
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: '
|
|
73
|
+
version: '1.3'
|
|
54
74
|
type: :development
|
|
55
75
|
prerelease: false
|
|
56
76
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
77
|
requirements:
|
|
58
78
|
- - "~>"
|
|
59
79
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: '
|
|
80
|
+
version: '1.3'
|
|
61
81
|
description: Soluzione per poter effettuare il login tramite SPID
|
|
62
82
|
email:
|
|
63
83
|
- descovi@gmail.com, bertoldi.giacomo@gmail.com
|
|
@@ -68,39 +88,40 @@ files:
|
|
|
68
88
|
- MIT-LICENSE
|
|
69
89
|
- README.md
|
|
70
90
|
- Rakefile
|
|
71
|
-
- app/assets/config/
|
|
72
|
-
- app/assets/javascripts/
|
|
73
|
-
- app/assets/javascripts/
|
|
74
|
-
- app/assets/stylesheets/
|
|
75
|
-
- app/assets/stylesheets/
|
|
76
|
-
- app/controllers/
|
|
77
|
-
- app/controllers/
|
|
78
|
-
- app/controllers/
|
|
79
|
-
- app/controllers/
|
|
80
|
-
- app/helpers/
|
|
81
|
-
- app/jobs/
|
|
82
|
-
- app/mailers/
|
|
83
|
-
- app/models/
|
|
84
|
-
- app/models/
|
|
85
|
-
- app/models/
|
|
86
|
-
- app/models/
|
|
87
|
-
- app/models/
|
|
88
|
-
- app/models/
|
|
89
|
-
- app/models/
|
|
90
|
-
- app/models/
|
|
91
|
-
- app/models/
|
|
92
|
-
- app/models/
|
|
93
|
-
- app/models/
|
|
94
|
-
- app/models/
|
|
95
|
-
- app/views/layouts/
|
|
91
|
+
- app/assets/config/spid-rails_manifest.js
|
|
92
|
+
- app/assets/javascripts/spid-rails/application.js
|
|
93
|
+
- app/assets/javascripts/spid-rails/metadata.js
|
|
94
|
+
- app/assets/stylesheets/spid-rails/application.css
|
|
95
|
+
- app/assets/stylesheets/spid-rails/metadata.css
|
|
96
|
+
- app/controllers/spid/rails/application_controller.rb
|
|
97
|
+
- app/controllers/spid/rails/metadata_controller.rb
|
|
98
|
+
- app/controllers/spid/rails/single_logout_operations_controller.rb
|
|
99
|
+
- app/controllers/spid/rails/single_sign_ons_controller.rb
|
|
100
|
+
- app/helpers/spid/rails/application_helper.rb
|
|
101
|
+
- app/jobs/spid/rails/application_job.rb
|
|
102
|
+
- app/mailers/spid/rails/application_mailer.rb
|
|
103
|
+
- app/models/spid/certificate.rb
|
|
104
|
+
- app/models/spid/idp.rb
|
|
105
|
+
- app/models/spid/metadata.rb
|
|
106
|
+
- app/models/spid/rails/application_record.rb
|
|
107
|
+
- app/models/spid/settings.rb
|
|
108
|
+
- app/models/spid/settings/metadata.rb
|
|
109
|
+
- app/models/spid/settings/slo.rb
|
|
110
|
+
- app/models/spid/settings/sso.rb
|
|
111
|
+
- app/models/spid/slo_request.rb
|
|
112
|
+
- app/models/spid/slo_response.rb
|
|
113
|
+
- app/models/spid/sso_request.rb
|
|
114
|
+
- app/models/spid/sso_response.rb
|
|
115
|
+
- app/views/layouts/spid-rails/application.html.erb
|
|
96
116
|
- config/routes.rb
|
|
97
|
-
- lib/generators/
|
|
98
|
-
- lib/generators/
|
|
99
|
-
- lib/
|
|
100
|
-
- lib/
|
|
101
|
-
- lib/
|
|
102
|
-
- lib/
|
|
103
|
-
- lib/
|
|
117
|
+
- lib/generators/spid/rails/config_generator.rb
|
|
118
|
+
- lib/generators/spid/rails/keys_generator.rb
|
|
119
|
+
- lib/generators/spid/rails/templates/spid-rails.rb
|
|
120
|
+
- lib/spid-rails.rb
|
|
121
|
+
- lib/spid-rails/engine.rb
|
|
122
|
+
- lib/spid-rails/onelogin/rubysaml/authrequest.rb
|
|
123
|
+
- lib/spid-rails/version.rb
|
|
124
|
+
- lib/tasks/spid-rails_tasks.rake
|
|
104
125
|
homepage: https://github.com/italia/spid-rails
|
|
105
126
|
licenses:
|
|
106
127
|
- MIT
|
|
@@ -121,8 +142,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
121
142
|
version: '0'
|
|
122
143
|
requirements: []
|
|
123
144
|
rubyforge_project:
|
|
124
|
-
rubygems_version: 2.
|
|
145
|
+
rubygems_version: 2.5.2.1
|
|
125
146
|
signing_key:
|
|
126
147
|
specification_version: 4
|
|
127
|
-
summary: SPID, il Sistema Pubblico di
|
|
148
|
+
summary: SPID, il Sistema Pubblico di Identita' Digitale
|
|
128
149
|
test_files: []
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require_dependency "spid_rails/application_controller"
|
|
2
|
-
|
|
3
|
-
# Metadata del Service Provider
|
|
4
|
-
module SpidRails
|
|
5
|
-
|
|
6
|
-
class MetadataController < ApplicationController
|
|
7
|
-
|
|
8
|
-
def show
|
|
9
|
-
metadata = SpidRails::Metadata.create(host: main_app.root_url)
|
|
10
|
-
render xml: metadata.to_xml
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
end
|
|
@@ -1,43 +0,0 @@
|
|
|
1
|
-
require_dependency "spid_rails/application_controller"
|
|
2
|
-
|
|
3
|
-
module SpidRails
|
|
4
|
-
|
|
5
|
-
class SingleLogoutOperationsController < ApplicationController
|
|
6
|
-
skip_before_action :verify_authenticity_token, only: :create
|
|
7
|
-
|
|
8
|
-
def new
|
|
9
|
-
logout_request = SpidRails::SloRequest.new(slo_params)
|
|
10
|
-
redirect_to logout_request.to_saml
|
|
11
|
-
session[:spid_slo_id] = logout_request.uuid
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def create
|
|
15
|
-
logout_response = SpidRails::SloResponse.new(params[:SAMLResponse],
|
|
16
|
-
session[:spid_slo_id],
|
|
17
|
-
slo_params)
|
|
18
|
-
# TODO: approfondire validazione logout
|
|
19
|
-
destroy_spid_session
|
|
20
|
-
redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo'
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
private
|
|
24
|
-
|
|
25
|
-
def slo_params
|
|
26
|
-
{
|
|
27
|
-
host: main_app.root_url,
|
|
28
|
-
idp: session[:sso_params]['idp'],
|
|
29
|
-
session_index: session[:spid_index]
|
|
30
|
-
}
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def destroy_spid_session
|
|
34
|
-
session[:sso_params] = nil
|
|
35
|
-
session[:spid_index] = nil
|
|
36
|
-
session[:spid_slo_id] = nil
|
|
37
|
-
session[:spid_relay_state] = nil
|
|
38
|
-
session[:spid_login_time] = nil
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
end
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
require_dependency "spid_rails/application_controller"
|
|
2
|
-
|
|
3
|
-
module SpidRails
|
|
4
|
-
|
|
5
|
-
class SingleSignOnsController < ApplicationController
|
|
6
|
-
skip_before_action :verify_authenticity_token, only: :create
|
|
7
|
-
|
|
8
|
-
def new
|
|
9
|
-
request = SpidRails::SsoRequest.new(sso_params)
|
|
10
|
-
redirect_to request.to_saml
|
|
11
|
-
session[:sso_params] = sso_params
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def create
|
|
15
|
-
response = SpidRails::SsoResponse.new(params[:SAMLResponse], session[:sso_params])
|
|
16
|
-
if response.valid?
|
|
17
|
-
session[:spid_index] = response.session_index
|
|
18
|
-
session[:spid_login_time] = Time.now
|
|
19
|
-
redirect_to session[:relay_state] || main_app.root_path, notice: 'Utente autenticato con successo'
|
|
20
|
-
else
|
|
21
|
-
redirect_to main_app.root_path, notice: 'Autenticazione fallita'
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
private
|
|
26
|
-
|
|
27
|
-
def sso_params
|
|
28
|
-
sso_params = params.require(:sso).permit(:idp, :spid_level, bindings: [])
|
|
29
|
-
sso_params[:host] = main_app.root_url
|
|
30
|
-
sso_params[:relay_state] = session[:spid_relay_state] || main_app.root_url
|
|
31
|
-
sso_params
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
module SpidRails
|
|
2
|
-
module Generators
|
|
3
|
-
|
|
4
|
-
# Chiamato tramite rails g spid_rails:config
|
|
5
|
-
class ConfigGenerator < Rails::Generators::Base
|
|
6
|
-
|
|
7
|
-
source_root File.expand_path("../templates", __FILE__)
|
|
8
|
-
|
|
9
|
-
desc "Crea il file di configurazione di spid (config/initializers/rumby_saml.rb)."
|
|
10
|
-
|
|
11
|
-
def create_initializer_file
|
|
12
|
-
template "spid_rails.rb", "./config/initializers/spid_rails.rb"
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
end
|
|
18
|
-
end
|
data/lib/spid_rails/engine.rb
DELETED
data/lib/spid_rails/version.rb
DELETED
data/lib/spid_rails.rb
DELETED
|
@@ -1,42 +0,0 @@
|
|
|
1
|
-
require "spid_rails/engine"
|
|
2
|
-
|
|
3
|
-
module SpidRails
|
|
4
|
-
|
|
5
|
-
# Mount point di Spid sull'applicazione
|
|
6
|
-
mattr_accessor :mount_point
|
|
7
|
-
@@mount_point = 'spid'
|
|
8
|
-
|
|
9
|
-
# Url alla quale è disponibile il metadata del provider
|
|
10
|
-
mattr_accessor :metadata_path
|
|
11
|
-
@@metadata_path = 'metadata'
|
|
12
|
-
|
|
13
|
-
# Url alla quale ricevere le risposte di autenticazione Saml
|
|
14
|
-
mattr_accessor :sso_path
|
|
15
|
-
@@sso_path = 'sso'
|
|
16
|
-
|
|
17
|
-
# Url alla quale ricevere le risposte di logout Saml
|
|
18
|
-
mattr_accessor :slo_path
|
|
19
|
-
@@slo_path = 'slo'
|
|
20
|
-
|
|
21
|
-
# Percorso relativo alla root dell'app
|
|
22
|
-
# al quale reperire la coppia chiave privata - certificato
|
|
23
|
-
mattr_accessor :keys_path
|
|
24
|
-
@@keys_path = 'lib/.keys/'
|
|
25
|
-
|
|
26
|
-
# Livello di crittografia SHA per la generazione delle signature
|
|
27
|
-
mattr_accessor :sha
|
|
28
|
-
@@sha = 256
|
|
29
|
-
|
|
30
|
-
def self.app_metadata_path
|
|
31
|
-
"#{mount_point}/#{@@metadata_path}"
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def self.app_sso_path
|
|
35
|
-
"#{mount_point}/#{@@sso_path}"
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def self.app_slo_path
|
|
39
|
-
"#{mount_point}/#{@@slo_path}"
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
end
|