spid-rails 0.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -5
- data/Rakefile +1 -1
- data/app/assets/config/spid-rails_manifest.js +2 -0
- data/app/assets/javascripts/{spid_rails → spid-rails}/application.js +0 -0
- data/app/assets/javascripts/{spid_rails → spid-rails}/metadata.js +0 -0
- data/app/assets/stylesheets/{spid_rails → spid-rails}/application.css +0 -0
- data/app/assets/stylesheets/{spid_rails → spid-rails}/metadata.css +0 -0
- data/app/controllers/spid/rails/application_controller.rb +9 -0
- data/app/controllers/spid/rails/metadata_controller.rb +17 -0
- data/app/controllers/spid/rails/single_logout_operations_controller.rb +45 -0
- data/app/controllers/spid/rails/single_sign_ons_controller.rb +38 -0
- data/app/helpers/spid/rails/application_helper.rb +8 -0
- data/app/jobs/spid/rails/application_job.rb +8 -0
- data/app/mailers/spid/rails/application_mailer.rb +10 -0
- data/app/models/{spid_rails → spid}/certificate.rb +1 -1
- data/app/models/{spid_rails → spid}/idp.rb +2 -2
- data/app/models/{spid_rails → spid}/metadata.rb +4 -4
- data/app/models/spid/rails/application_record.rb +9 -0
- data/app/models/{spid_rails → spid}/settings/metadata.rb +2 -2
- data/app/models/{spid_rails → spid}/settings/slo.rb +1 -1
- data/app/models/{spid_rails → spid}/settings/sso.rb +1 -1
- data/app/models/{spid_rails → spid}/settings.rb +11 -10
- data/app/models/{spid_rails → spid}/slo_request.rb +2 -2
- data/app/models/{spid_rails → spid}/slo_response.rb +2 -2
- data/app/models/{spid_rails → spid}/sso_request.rb +3 -3
- data/app/models/{spid_rails → spid}/sso_response.rb +2 -2
- data/app/views/layouts/{spid_rails → spid-rails}/application.html.erb +2 -2
- data/config/routes.rb +5 -5
- data/lib/generators/spid/rails/config_generator.rb +21 -0
- data/lib/generators/spid/rails/keys_generator.rb +45 -0
- data/lib/generators/{spid_rails/templates/spid_rails.rb → spid/rails/templates/spid-rails.rb} +1 -1
- data/lib/spid-rails/engine.rb +12 -0
- data/lib/{spid_rails → spid-rails}/onelogin/rubysaml/authrequest.rb +0 -0
- data/lib/spid-rails/version.rb +7 -0
- data/lib/spid-rails.rb +44 -0
- data/lib/tasks/{spid_rails_tasks.rake → spid-rails_tasks.rake} +1 -1
- metadata +59 -38
- data/app/assets/config/spid_rails_manifest.js +0 -2
- data/app/controllers/spid_rails/application_controller.rb +0 -5
- data/app/controllers/spid_rails/metadata_controller.rb +0 -15
- data/app/controllers/spid_rails/single_logout_operations_controller.rb +0 -43
- data/app/controllers/spid_rails/single_sign_ons_controller.rb +0 -36
- data/app/helpers/spid_rails/application_helper.rb +0 -4
- data/app/jobs/spid_rails/application_job.rb +0 -4
- data/app/mailers/spid_rails/application_mailer.rb +0 -6
- data/app/models/spid_rails/application_record.rb +0 -5
- data/lib/generators/spid_rails/config_generator.rb +0 -18
- data/lib/spid_rails/engine.rb +0 -8
- data/lib/spid_rails/version.rb +0 -3
- data/lib/spid_rails.rb +0 -42
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f108d0b31001c264c51796b9df4aa5454700f688
|
|
4
|
+
data.tar.gz: a019ec7b7ca6e8b987130833b9e3d523675efe02
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bfc44ee3993d4b12ba11f05963c249a44a0b63d0ddaf4fcfe7aacc78cb366d35c488f4554c38352cb023ccacbb788a93399dcf4b9722e99bab53df1a0098f76c
|
|
7
|
+
data.tar.gz: 9d40620088768d93ffba95d18d501a54f9dc70622cbadf88525805c23342476d41e6127c552459b3ae1aa1bb18b7c845a4f55274c7089cd363ffed1d6af5643d
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# spid-rails 0.1.
|
|
1
|
+
# spid-rails 0.1.2
|
|
2
2
|
Autenticazione SPID per Ruby on Rails.
|
|
3
3
|
Questa gemma si appoggia alla gemma [ruby-saml](https://github.com/onelogin/ruby-saml).
|
|
4
4
|
|
|
@@ -18,7 +18,7 @@ repository: https://github.com/rubynetti/rubynetti-rails
|
|
|
18
18
|
All'interno del Gemfile indicare questa gemma:
|
|
19
19
|
|
|
20
20
|
```ruby
|
|
21
|
-
gem 'spid-rails'
|
|
21
|
+
gem 'spid-rails'
|
|
22
22
|
```
|
|
23
23
|
|
|
24
24
|
Eseguire
|
|
@@ -38,7 +38,7 @@ Il metadata generato può essere utilizzato per farsi accreditare e in seguito d
|
|
|
38
38
|
Per creare il file di configurazione:
|
|
39
39
|
|
|
40
40
|
```bash
|
|
41
|
-
$ rails g
|
|
41
|
+
$ rails g spid:rails:config
|
|
42
42
|
```
|
|
43
43
|
|
|
44
44
|
Il file viene aggiunto agli initializer dell'applicazione e permette il settaggio personalizzato del mount-point dell'engine e i relativi end-point per le procedure Spid di login, logout e visualizzazione del metadata del Service Provider.
|
|
@@ -46,11 +46,11 @@ Il file viene aggiunto agli initializer dell'applicazione e permette il settaggi
|
|
|
46
46
|
Le restanti impostazioni permettono di configurare il percorso di sistema dove reperire la coppia chiave privata/certificato e il livello di crittografia per l'eventuale signature.
|
|
47
47
|
|
|
48
48
|
```ruby
|
|
49
|
-
# config/initializers/
|
|
49
|
+
# config/initializers/spid-rails.rb
|
|
50
50
|
|
|
51
51
|
# Impostazioni di default dello Spid Engine
|
|
52
52
|
|
|
53
|
-
|
|
53
|
+
Spid::Rails.tap do |config|
|
|
54
54
|
|
|
55
55
|
# Mount point di Spid sull'applicazione
|
|
56
56
|
# default: 'spid'
|
data/Rakefile
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require_dependency "spid/rails/application_controller"
|
|
2
|
+
|
|
3
|
+
# Metadata del Service Provider
|
|
4
|
+
module Spid
|
|
5
|
+
module Rails
|
|
6
|
+
|
|
7
|
+
class MetadataController < ApplicationController
|
|
8
|
+
|
|
9
|
+
def show
|
|
10
|
+
metadata = Metadata.create(host: main_app.root_url)
|
|
11
|
+
render xml: metadata.to_xml
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
require_dependency "spid/rails/application_controller"
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
class SingleLogoutOperationsController < ApplicationController
|
|
7
|
+
skip_before_action :verify_authenticity_token, only: :create
|
|
8
|
+
|
|
9
|
+
def new
|
|
10
|
+
logout_request = SloRequest.new(slo_params)
|
|
11
|
+
redirect_to logout_request.to_saml
|
|
12
|
+
session[:spid_slo_id] = logout_request.uuid
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def create
|
|
16
|
+
logout_response = SloResponse.new(params[:SAMLResponse],
|
|
17
|
+
session[:spid_slo_id],
|
|
18
|
+
slo_params)
|
|
19
|
+
# TODO: approfondire validazione logout
|
|
20
|
+
destroy_spid_session
|
|
21
|
+
redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
|
|
26
|
+
def slo_params
|
|
27
|
+
{
|
|
28
|
+
host: main_app.root_url,
|
|
29
|
+
idp: session[:sso_params]['idp'],
|
|
30
|
+
session_index: session[:spid_index]
|
|
31
|
+
}
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def destroy_spid_session
|
|
35
|
+
session[:sso_params] = nil
|
|
36
|
+
session[:spid_index] = nil
|
|
37
|
+
session[:spid_slo_id] = nil
|
|
38
|
+
session[:spid_relay_state] = nil
|
|
39
|
+
session[:spid_login_time] = nil
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
require_dependency "spid/rails/application_controller"
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
class SingleSignOnsController < ApplicationController
|
|
7
|
+
skip_before_action :verify_authenticity_token, only: :create
|
|
8
|
+
|
|
9
|
+
def new
|
|
10
|
+
request = SsoRequest.new(sso_params)
|
|
11
|
+
redirect_to request.to_saml
|
|
12
|
+
session[:sso_params] = sso_params
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def create
|
|
16
|
+
response = SsoResponse.new(params[:SAMLResponse], session[:sso_params])
|
|
17
|
+
if response.valid?
|
|
18
|
+
session[:spid_index] = response.session_index
|
|
19
|
+
session[:spid_login_time] = Time.now
|
|
20
|
+
redirect_to session[:relay_state] || main_app.root_path, notice: 'Utente autenticato con successo'
|
|
21
|
+
else
|
|
22
|
+
redirect_to main_app.root_path, notice: 'Autenticazione fallita'
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def sso_params
|
|
29
|
+
sso_params = params.require(:sso).permit(:idp, :spid_level, bindings: [])
|
|
30
|
+
sso_params[:host] = main_app.root_url
|
|
31
|
+
sso_params[:relay_state] = session[:spid_relay_state] || main_app.root_url
|
|
32
|
+
sso_params
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class Idp
|
|
4
4
|
|
|
@@ -8,7 +8,7 @@ module SpidRails
|
|
|
8
8
|
'aruba' => 'https://loginspid.aruba.it/metadata',
|
|
9
9
|
'infocert' => 'https://identity.infocert.it/metadata/metadata.xml',
|
|
10
10
|
'namirial' => 'https://idp.namirialtsp.com/idp/metadata',
|
|
11
|
-
'poste' => '
|
|
11
|
+
'poste' => 'https://posteid.poste.it/jod-fs/metadata/metadata.xml',
|
|
12
12
|
'poste_test' => 'http://spidposte.test.poste.it/jod-fs/metadata/idp.xml',
|
|
13
13
|
'spiditalia' => 'https://spid.register.it/login/metadata',
|
|
14
14
|
'sielte' => 'https://identity.sieltecloud.it/simplesaml/metadata.xml',
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class Metadata
|
|
4
4
|
attr_accessor :settings
|
|
@@ -9,7 +9,7 @@ module SpidRails
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def initialize spid_params
|
|
12
|
-
spid_settings =
|
|
12
|
+
spid_settings = Settings::Metadata.new(spid_params)
|
|
13
13
|
@settings = spid_settings.to_hash
|
|
14
14
|
end
|
|
15
15
|
|
|
@@ -25,14 +25,14 @@ module SpidRails
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def validate_signature_encryption
|
|
28
|
-
signature_algorithms =
|
|
28
|
+
signature_algorithms = Certificate.signature_algorithms
|
|
29
29
|
if signature_algorithms.exclude?(settings[:security][:signature_method])
|
|
30
30
|
raise 'Signature deve essere presente (impostare encryption sha a 256, 384, 512)'
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def validate_digest_encryption
|
|
35
|
-
digest_algorithms =
|
|
35
|
+
digest_algorithms = Certificate.digest_algorithms
|
|
36
36
|
if digest_algorithms.exclude?(settings[:security][:digest_method])
|
|
37
37
|
raise 'Signature deve essere presente (impostare encryption sha a 256, 384, 512)'
|
|
38
38
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class Settings
|
|
4
4
|
|
|
@@ -27,11 +27,11 @@ module SpidRails
|
|
|
27
27
|
|
|
28
28
|
|
|
29
29
|
def initialize spid_params
|
|
30
|
-
@metadata_path =
|
|
31
|
-
@sso_path =
|
|
32
|
-
@slo_path =
|
|
33
|
-
@keys_path =
|
|
34
|
-
@sha =
|
|
30
|
+
@metadata_path = Spid::Rails.app_metadata_path
|
|
31
|
+
@sso_path = Spid::Rails.app_sso_path
|
|
32
|
+
@slo_path = Spid::Rails.app_slo_path
|
|
33
|
+
@keys_path = Spid::Rails.keys_path
|
|
34
|
+
@sha = Spid::Rails.sha
|
|
35
35
|
@bindings = [:redirect]
|
|
36
36
|
@spid_level = 1
|
|
37
37
|
spid_params.each do |k, v|
|
|
@@ -40,12 +40,13 @@ module SpidRails
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def security_attributes
|
|
43
|
-
dig_alg =
|
|
44
|
-
sig_alg =
|
|
43
|
+
dig_alg = Certificate.digest_algorithm(@sha)
|
|
44
|
+
sig_alg = Certificate.signature_algorithm(@sha)
|
|
45
45
|
{
|
|
46
46
|
metadata_signed: true,
|
|
47
47
|
digest_method: dig_alg,
|
|
48
48
|
signature_method: sig_alg,
|
|
49
|
+
authn_requests_signed: true,
|
|
49
50
|
want_assertions_signed: true
|
|
50
51
|
}
|
|
51
52
|
end
|
|
@@ -56,8 +57,8 @@ module SpidRails
|
|
|
56
57
|
issuer: host + metadata_path,
|
|
57
58
|
assertion_consumer_service_url: host + sso_path,
|
|
58
59
|
single_logout_service_url: host + slo_path,
|
|
59
|
-
private_key: File.read("#{Rails.root}/#{keys_path}/private_key.pem"),
|
|
60
|
-
certificate: File.read("#{Rails.root}/#{keys_path}/certificate.pem"),
|
|
60
|
+
private_key: File.read("#{::Rails.root}/#{keys_path}/private_key.pem"),
|
|
61
|
+
certificate: File.read("#{::Rails.root}/#{keys_path}/certificate.pem"),
|
|
61
62
|
security: security_attributes
|
|
62
63
|
}
|
|
63
64
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SloRequest
|
|
4
4
|
|
|
5
5
|
def initialize slo_params
|
|
6
|
-
spid_settings =
|
|
6
|
+
spid_settings = Settings::Slo.new(slo_params)
|
|
7
7
|
@settings = spid_settings.to_hash
|
|
8
8
|
@request = OneLogin::RubySaml::Logoutrequest.new
|
|
9
9
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SloResponse
|
|
4
4
|
|
|
5
5
|
def initialize saml_response, slo_id, slo_params
|
|
6
|
-
spid_settings =
|
|
6
|
+
spid_settings = Settings::Slo.new(slo_params)
|
|
7
7
|
settings = OneLogin::RubySaml::Settings.new(spid_settings.to_hash)
|
|
8
8
|
@response = OneLogin::RubySaml::Logoutresponse.new(saml_response,
|
|
9
9
|
settings,
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SsoRequest
|
|
4
4
|
|
|
5
5
|
attr_accessor :settings
|
|
6
6
|
|
|
7
7
|
def initialize spid_params
|
|
8
|
-
spid_settings =
|
|
8
|
+
spid_settings = Settings::Sso.new(spid_params)
|
|
9
9
|
@settings = spid_settings.to_hash
|
|
10
10
|
end
|
|
11
11
|
|
|
@@ -19,7 +19,7 @@ module SpidRails
|
|
|
19
19
|
if settings[:authn_context_comparison] != 'minimum'
|
|
20
20
|
raise "AuthnContextComparison deve essere settato a 'minimum' (impostare authn_context_comparison a 'minimum')"
|
|
21
21
|
end
|
|
22
|
-
if settings[:protocol_binding] !=
|
|
22
|
+
if settings[:protocol_binding] != Settings.saml_bindings[:post]
|
|
23
23
|
raise "Issuer deve contenere l'attributo ProtocolBinding con binding POST (impostare protocl_binding a ':post')"
|
|
24
24
|
end
|
|
25
25
|
end
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
module
|
|
1
|
+
module Spid
|
|
2
2
|
|
|
3
3
|
class SsoResponse
|
|
4
4
|
|
|
5
5
|
def initialize saml_response, sso_params
|
|
6
6
|
response = OneLogin::RubySaml::Response.new(saml_response)
|
|
7
|
-
settings =
|
|
7
|
+
settings = Settings::Sso.new(sso_params)
|
|
8
8
|
saml_settings = OneLogin::RubySaml::Settings.new(settings.to_hash)
|
|
9
9
|
response.settings = saml_settings
|
|
10
10
|
@response = response
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
<html>
|
|
3
3
|
<head>
|
|
4
4
|
<title>Spid rails</title>
|
|
5
|
-
<%= stylesheet_link_tag "
|
|
6
|
-
<%= javascript_include_tag "
|
|
5
|
+
<%= stylesheet_link_tag "spid-rails/application", media: "all" %>
|
|
6
|
+
<%= javascript_include_tag "spid-rails/application" %>
|
|
7
7
|
<%= csrf_meta_tags %>
|
|
8
8
|
</head>
|
|
9
9
|
<body>
|
data/config/routes.rb
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
Rails.application.routes.draw do
|
|
2
|
-
mount
|
|
2
|
+
mount Spid::Rails::Engine, at: Spid::Rails.mount_point
|
|
3
3
|
end
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Spid::Rails::Engine.routes.draw do
|
|
6
6
|
resource :metadata, only: :show,
|
|
7
|
-
path:
|
|
7
|
+
path: Spid::Rails.metadata_path
|
|
8
8
|
resource :sso, only: [:new, :create], controller: :single_sign_ons,
|
|
9
|
-
path:
|
|
9
|
+
path: Spid::Rails.sso_path
|
|
10
10
|
resource :slo, only: [:new, :create], controller: :single_logout_operations,
|
|
11
|
-
path:
|
|
11
|
+
path: Spid::Rails.slo_path
|
|
12
12
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module Spid
|
|
2
|
+
module Rails
|
|
3
|
+
|
|
4
|
+
module Generators
|
|
5
|
+
|
|
6
|
+
class ConfigGenerator < ::Rails::Generators::Base
|
|
7
|
+
|
|
8
|
+
source_root File.expand_path("../templates", __FILE__)
|
|
9
|
+
|
|
10
|
+
desc "Crea il file di configurazione di spid (config/initializers/spid-rails.rb)."
|
|
11
|
+
|
|
12
|
+
def create_initializer_file
|
|
13
|
+
template "spid-rails.rb", "./config/initializers/spid-rails.rb"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
module Spid
|
|
2
|
+
module Rails
|
|
3
|
+
|
|
4
|
+
module Generators
|
|
5
|
+
|
|
6
|
+
class KeysGenerator < ::Rails::Generators::Base
|
|
7
|
+
class_option :cn, type: :string, default: 'spid-rails-test', desc: 'Common name for the X509 certificate'
|
|
8
|
+
class_option :size, type: :numeric, default: 1024, desc: 'RSA key bit size'
|
|
9
|
+
class_option :digest, type: :string, default: 'SHA256', desc: 'Digest algorithm for signing the certificate'
|
|
10
|
+
class_option :validity, type: :numeric, default: 1, desc: "Certificate validity expressed in months"
|
|
11
|
+
|
|
12
|
+
desc "Description:\n" +
|
|
13
|
+
" Generate a RSA key and use it to generate a self-signed certificate in the keys path\n" +
|
|
14
|
+
" WARNING: this generator is ment to be used only for testing purpose."
|
|
15
|
+
|
|
16
|
+
def create_key
|
|
17
|
+
@key = OpenSSL::PKey::RSA.new options[:size]
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def create_certificate
|
|
21
|
+
name = OpenSSL::X509::Name.parse "CN=#{options[:cn]}"
|
|
22
|
+
sha_alg = OpenSSL::Digest.const_get(options[:digest]).new
|
|
23
|
+
@cert = OpenSSL::X509::Certificate.new
|
|
24
|
+
@cert.version = 2
|
|
25
|
+
@cert.serial = 0
|
|
26
|
+
@cert.not_before = Time.now
|
|
27
|
+
@cert.not_after = @cert.not_before + options[:validity].months
|
|
28
|
+
@cert.public_key = @key.public_key
|
|
29
|
+
@cert.subject = name
|
|
30
|
+
@cert.issuer = name
|
|
31
|
+
@cert.sign @key, sha_alg
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def write_keys
|
|
35
|
+
path = './' + Spid::Rails.keys_path
|
|
36
|
+
create_file path + 'private_key.pem', @key.to_pem
|
|
37
|
+
create_file path + 'certificate.pem', @cert.to_pem
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
File without changes
|
data/lib/spid-rails.rb
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require "spid-rails/engine"
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
# Mount point di Spid sull'applicazione
|
|
7
|
+
mattr_accessor :mount_point
|
|
8
|
+
@@mount_point = 'spid'
|
|
9
|
+
|
|
10
|
+
# Url alla quale è disponibile il metadata del provider
|
|
11
|
+
mattr_accessor :metadata_path
|
|
12
|
+
@@metadata_path = 'metadata'
|
|
13
|
+
|
|
14
|
+
# Url alla quale ricevere le risposte di autenticazione Saml
|
|
15
|
+
mattr_accessor :sso_path
|
|
16
|
+
@@sso_path = 'sso'
|
|
17
|
+
|
|
18
|
+
# Url alla quale ricevere le risposte di logout Saml
|
|
19
|
+
mattr_accessor :slo_path
|
|
20
|
+
@@slo_path = 'slo'
|
|
21
|
+
|
|
22
|
+
# Percorso relativo alla root dell'app
|
|
23
|
+
# al quale reperire la coppia chiave privata - certificato
|
|
24
|
+
mattr_accessor :keys_path
|
|
25
|
+
@@keys_path = 'lib/.keys/'
|
|
26
|
+
|
|
27
|
+
# Livello di crittografia SHA per la generazione delle signature
|
|
28
|
+
mattr_accessor :sha
|
|
29
|
+
@@sha = 256
|
|
30
|
+
|
|
31
|
+
def self.app_metadata_path
|
|
32
|
+
"#{mount_point}/#{@@metadata_path}"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def self.app_sso_path
|
|
36
|
+
"#{mount_point}/#{@@sso_path}"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.app_slo_path
|
|
40
|
+
"#{mount_point}/#{@@slo_path}"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
end
|
|
44
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alessandro Descovi, Giacomo Bertoldi
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-04-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -44,20 +44,40 @@ dependencies:
|
|
|
44
44
|
- - '='
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: 1.5.0
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: rails-html-sanitizer
|
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - "~>"
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '1.0'
|
|
54
|
+
- - ">="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 1.0.4
|
|
57
|
+
type: :runtime
|
|
58
|
+
prerelease: false
|
|
59
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
60
|
+
requirements:
|
|
61
|
+
- - "~>"
|
|
62
|
+
- !ruby/object:Gem::Version
|
|
63
|
+
version: '1.0'
|
|
64
|
+
- - ">="
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: 1.0.4
|
|
47
67
|
- !ruby/object:Gem::Dependency
|
|
48
68
|
name: sqlite3
|
|
49
69
|
requirement: !ruby/object:Gem::Requirement
|
|
50
70
|
requirements:
|
|
51
71
|
- - "~>"
|
|
52
72
|
- !ruby/object:Gem::Version
|
|
53
|
-
version: '
|
|
73
|
+
version: '1.3'
|
|
54
74
|
type: :development
|
|
55
75
|
prerelease: false
|
|
56
76
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
77
|
requirements:
|
|
58
78
|
- - "~>"
|
|
59
79
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: '
|
|
80
|
+
version: '1.3'
|
|
61
81
|
description: Soluzione per poter effettuare il login tramite SPID
|
|
62
82
|
email:
|
|
63
83
|
- descovi@gmail.com, bertoldi.giacomo@gmail.com
|
|
@@ -68,39 +88,40 @@ files:
|
|
|
68
88
|
- MIT-LICENSE
|
|
69
89
|
- README.md
|
|
70
90
|
- Rakefile
|
|
71
|
-
- app/assets/config/
|
|
72
|
-
- app/assets/javascripts/
|
|
73
|
-
- app/assets/javascripts/
|
|
74
|
-
- app/assets/stylesheets/
|
|
75
|
-
- app/assets/stylesheets/
|
|
76
|
-
- app/controllers/
|
|
77
|
-
- app/controllers/
|
|
78
|
-
- app/controllers/
|
|
79
|
-
- app/controllers/
|
|
80
|
-
- app/helpers/
|
|
81
|
-
- app/jobs/
|
|
82
|
-
- app/mailers/
|
|
83
|
-
- app/models/
|
|
84
|
-
- app/models/
|
|
85
|
-
- app/models/
|
|
86
|
-
- app/models/
|
|
87
|
-
- app/models/
|
|
88
|
-
- app/models/
|
|
89
|
-
- app/models/
|
|
90
|
-
- app/models/
|
|
91
|
-
- app/models/
|
|
92
|
-
- app/models/
|
|
93
|
-
- app/models/
|
|
94
|
-
- app/models/
|
|
95
|
-
- app/views/layouts/
|
|
91
|
+
- app/assets/config/spid-rails_manifest.js
|
|
92
|
+
- app/assets/javascripts/spid-rails/application.js
|
|
93
|
+
- app/assets/javascripts/spid-rails/metadata.js
|
|
94
|
+
- app/assets/stylesheets/spid-rails/application.css
|
|
95
|
+
- app/assets/stylesheets/spid-rails/metadata.css
|
|
96
|
+
- app/controllers/spid/rails/application_controller.rb
|
|
97
|
+
- app/controllers/spid/rails/metadata_controller.rb
|
|
98
|
+
- app/controllers/spid/rails/single_logout_operations_controller.rb
|
|
99
|
+
- app/controllers/spid/rails/single_sign_ons_controller.rb
|
|
100
|
+
- app/helpers/spid/rails/application_helper.rb
|
|
101
|
+
- app/jobs/spid/rails/application_job.rb
|
|
102
|
+
- app/mailers/spid/rails/application_mailer.rb
|
|
103
|
+
- app/models/spid/certificate.rb
|
|
104
|
+
- app/models/spid/idp.rb
|
|
105
|
+
- app/models/spid/metadata.rb
|
|
106
|
+
- app/models/spid/rails/application_record.rb
|
|
107
|
+
- app/models/spid/settings.rb
|
|
108
|
+
- app/models/spid/settings/metadata.rb
|
|
109
|
+
- app/models/spid/settings/slo.rb
|
|
110
|
+
- app/models/spid/settings/sso.rb
|
|
111
|
+
- app/models/spid/slo_request.rb
|
|
112
|
+
- app/models/spid/slo_response.rb
|
|
113
|
+
- app/models/spid/sso_request.rb
|
|
114
|
+
- app/models/spid/sso_response.rb
|
|
115
|
+
- app/views/layouts/spid-rails/application.html.erb
|
|
96
116
|
- config/routes.rb
|
|
97
|
-
- lib/generators/
|
|
98
|
-
- lib/generators/
|
|
99
|
-
- lib/
|
|
100
|
-
- lib/
|
|
101
|
-
- lib/
|
|
102
|
-
- lib/
|
|
103
|
-
- lib/
|
|
117
|
+
- lib/generators/spid/rails/config_generator.rb
|
|
118
|
+
- lib/generators/spid/rails/keys_generator.rb
|
|
119
|
+
- lib/generators/spid/rails/templates/spid-rails.rb
|
|
120
|
+
- lib/spid-rails.rb
|
|
121
|
+
- lib/spid-rails/engine.rb
|
|
122
|
+
- lib/spid-rails/onelogin/rubysaml/authrequest.rb
|
|
123
|
+
- lib/spid-rails/version.rb
|
|
124
|
+
- lib/tasks/spid-rails_tasks.rake
|
|
104
125
|
homepage: https://github.com/italia/spid-rails
|
|
105
126
|
licenses:
|
|
106
127
|
- MIT
|
|
@@ -121,8 +142,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
121
142
|
version: '0'
|
|
122
143
|
requirements: []
|
|
123
144
|
rubyforge_project:
|
|
124
|
-
rubygems_version: 2.
|
|
145
|
+
rubygems_version: 2.5.2.1
|
|
125
146
|
signing_key:
|
|
126
147
|
specification_version: 4
|
|
127
|
-
summary: SPID, il Sistema Pubblico di
|
|
148
|
+
summary: SPID, il Sistema Pubblico di Identita' Digitale
|
|
128
149
|
test_files: []
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require_dependency "spid_rails/application_controller"
|
|
2
|
-
|
|
3
|
-
# Metadata del Service Provider
|
|
4
|
-
module SpidRails
|
|
5
|
-
|
|
6
|
-
class MetadataController < ApplicationController
|
|
7
|
-
|
|
8
|
-
def show
|
|
9
|
-
metadata = SpidRails::Metadata.create(host: main_app.root_url)
|
|
10
|
-
render xml: metadata.to_xml
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
end
|
|
@@ -1,43 +0,0 @@
|
|
|
1
|
-
require_dependency "spid_rails/application_controller"
|
|
2
|
-
|
|
3
|
-
module SpidRails
|
|
4
|
-
|
|
5
|
-
class SingleLogoutOperationsController < ApplicationController
|
|
6
|
-
skip_before_action :verify_authenticity_token, only: :create
|
|
7
|
-
|
|
8
|
-
def new
|
|
9
|
-
logout_request = SpidRails::SloRequest.new(slo_params)
|
|
10
|
-
redirect_to logout_request.to_saml
|
|
11
|
-
session[:spid_slo_id] = logout_request.uuid
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def create
|
|
15
|
-
logout_response = SpidRails::SloResponse.new(params[:SAMLResponse],
|
|
16
|
-
session[:spid_slo_id],
|
|
17
|
-
slo_params)
|
|
18
|
-
# TODO: approfondire validazione logout
|
|
19
|
-
destroy_spid_session
|
|
20
|
-
redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo'
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
private
|
|
24
|
-
|
|
25
|
-
def slo_params
|
|
26
|
-
{
|
|
27
|
-
host: main_app.root_url,
|
|
28
|
-
idp: session[:sso_params]['idp'],
|
|
29
|
-
session_index: session[:spid_index]
|
|
30
|
-
}
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def destroy_spid_session
|
|
34
|
-
session[:sso_params] = nil
|
|
35
|
-
session[:spid_index] = nil
|
|
36
|
-
session[:spid_slo_id] = nil
|
|
37
|
-
session[:spid_relay_state] = nil
|
|
38
|
-
session[:spid_login_time] = nil
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
end
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
require_dependency "spid_rails/application_controller"
|
|
2
|
-
|
|
3
|
-
module SpidRails
|
|
4
|
-
|
|
5
|
-
class SingleSignOnsController < ApplicationController
|
|
6
|
-
skip_before_action :verify_authenticity_token, only: :create
|
|
7
|
-
|
|
8
|
-
def new
|
|
9
|
-
request = SpidRails::SsoRequest.new(sso_params)
|
|
10
|
-
redirect_to request.to_saml
|
|
11
|
-
session[:sso_params] = sso_params
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def create
|
|
15
|
-
response = SpidRails::SsoResponse.new(params[:SAMLResponse], session[:sso_params])
|
|
16
|
-
if response.valid?
|
|
17
|
-
session[:spid_index] = response.session_index
|
|
18
|
-
session[:spid_login_time] = Time.now
|
|
19
|
-
redirect_to session[:relay_state] || main_app.root_path, notice: 'Utente autenticato con successo'
|
|
20
|
-
else
|
|
21
|
-
redirect_to main_app.root_path, notice: 'Autenticazione fallita'
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
private
|
|
26
|
-
|
|
27
|
-
def sso_params
|
|
28
|
-
sso_params = params.require(:sso).permit(:idp, :spid_level, bindings: [])
|
|
29
|
-
sso_params[:host] = main_app.root_url
|
|
30
|
-
sso_params[:relay_state] = session[:spid_relay_state] || main_app.root_url
|
|
31
|
-
sso_params
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
module SpidRails
|
|
2
|
-
module Generators
|
|
3
|
-
|
|
4
|
-
# Chiamato tramite rails g spid_rails:config
|
|
5
|
-
class ConfigGenerator < Rails::Generators::Base
|
|
6
|
-
|
|
7
|
-
source_root File.expand_path("../templates", __FILE__)
|
|
8
|
-
|
|
9
|
-
desc "Crea il file di configurazione di spid (config/initializers/rumby_saml.rb)."
|
|
10
|
-
|
|
11
|
-
def create_initializer_file
|
|
12
|
-
template "spid_rails.rb", "./config/initializers/spid_rails.rb"
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
end
|
|
18
|
-
end
|
data/lib/spid_rails/engine.rb
DELETED
data/lib/spid_rails/version.rb
DELETED
data/lib/spid_rails.rb
DELETED
|
@@ -1,42 +0,0 @@
|
|
|
1
|
-
require "spid_rails/engine"
|
|
2
|
-
|
|
3
|
-
module SpidRails
|
|
4
|
-
|
|
5
|
-
# Mount point di Spid sull'applicazione
|
|
6
|
-
mattr_accessor :mount_point
|
|
7
|
-
@@mount_point = 'spid'
|
|
8
|
-
|
|
9
|
-
# Url alla quale è disponibile il metadata del provider
|
|
10
|
-
mattr_accessor :metadata_path
|
|
11
|
-
@@metadata_path = 'metadata'
|
|
12
|
-
|
|
13
|
-
# Url alla quale ricevere le risposte di autenticazione Saml
|
|
14
|
-
mattr_accessor :sso_path
|
|
15
|
-
@@sso_path = 'sso'
|
|
16
|
-
|
|
17
|
-
# Url alla quale ricevere le risposte di logout Saml
|
|
18
|
-
mattr_accessor :slo_path
|
|
19
|
-
@@slo_path = 'slo'
|
|
20
|
-
|
|
21
|
-
# Percorso relativo alla root dell'app
|
|
22
|
-
# al quale reperire la coppia chiave privata - certificato
|
|
23
|
-
mattr_accessor :keys_path
|
|
24
|
-
@@keys_path = 'lib/.keys/'
|
|
25
|
-
|
|
26
|
-
# Livello di crittografia SHA per la generazione delle signature
|
|
27
|
-
mattr_accessor :sha
|
|
28
|
-
@@sha = 256
|
|
29
|
-
|
|
30
|
-
def self.app_metadata_path
|
|
31
|
-
"#{mount_point}/#{@@metadata_path}"
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def self.app_sso_path
|
|
35
|
-
"#{mount_point}/#{@@sso_path}"
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def self.app_slo_path
|
|
39
|
-
"#{mount_point}/#{@@slo_path}"
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
end
|