RubyGems - spid - Versions diffs - 0.1.1 → 0.2.0 - Mend

spid 0.1.1 → 0.2.0

Files changed (10) hide show

checksums.yaml +4 -4
data/.rubocop.yml +15 -2
data/CHANGELOG.md +18 -0
data/README.md +94 -1
data/lib/spid/authn_request.rb +67 -0
data/lib/spid/onelogin_extension.rb +23 -0
data/lib/spid/version.rb +1 -1
data/lib/spid.rb +25 -0
data/spid.gemspec +5 -0
metadata +61 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4263c52fe9ae0ffeeb32f9cd54182eb9f1bf9bb2ab38b9cb5b70e26a38de0b69
-  data.tar.gz: 41027c24f8d1670d872cbd435700ca4c88088069a55d636a7bc0efbeab35d32b
+  metadata.gz: 8bfca421b316c9cb55e172e5eefc1c1acff12376dbb74716c5c3dbee76d316cd
+  data.tar.gz: 7ec28aa7150994bdc8d7e8e2f49161707d55de55a7099b4e910feaca9a700513
 SHA512:
-  metadata.gz: '0592956575aa696a56da640b6dd96dfb697c152ebdea83a5e90605c46f06e3dabe948f19bb07f733730ba036cf00b7ab417a2d5b83bb7d53754afe3241b085f1'
-  data.tar.gz: b91bdb30739159198722722157d3f75382913ad5f0bc7633828d6a4ab58de44b655f4d0220544a96721a9d27d2fc0cdf7bb448db4c6617fdee77e66955ff7c9a
+  metadata.gz: fad0ca14fa9fb3c7de38439dce599dd736fc654537e2503c326ec73611bb7779e451a2ea90c51c3dd24938f638940bdc14a7bf67a970031184cfff072a3ec930
+  data.tar.gz: 86e1822001f127add77c36b3feb27656ab3899b10db2a3a074f6891cc1d257e665d33c02635be31525d90b58922e8af4cd3d5ad3d68e44cafb8475970d503535

data/.rubocop.yml CHANGED Viewed

@@ -1,5 +1,18 @@
+require: rubocop-rspec
 AllCops:
-  TargetRubyVersion: "2.3"
+  Exclude:
+    - bin/stubs/*
+  TargetRubyVersion: 2.3
+Layout/DotPosition:
+  EnforcedStyle: trailing
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*.rb
+RSpec/NestedGroups:
+  Enabled: false
+Style/EmptyMethod:
+  EnforcedStyle: expanded
 Style/StringLiterals:
-  EnforcedStyle: "double_quotes"
+  EnforcedStyle: double_quotes

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,18 @@
+# Changelog
+## [Unreleased]
+## [0.2.0] - 2018-07-02
+### Added
+- Feature table in README
+- Spid::AuthnRequest create a SAML AuthnRequest specific for SPID
+- Added CHANGELOG.md
+## 0.1.1 - 2018-06-27
+### Added
+- TravisCI Integration
+- Coveralls Integration
+- Rubygems version badge in README
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.0.2...HEAD
+[0.2.0]: https://github.com/italia/spid-ruby/compare/v0.1.1...v0.2.0

data/README.md CHANGED Viewed

@@ -1,2 +1,95 @@
-# spid-ruby [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg)](https://travis-ci.org/italia/spid-ruby) [![Gem Version](https://badge.fury.io/rb/spid.svg)](https://badge.fury.io/rb/spid)
+# spid-ruby
 Ruby library for SPID authentication
+| Project                | Spid Ruby |
+| ---------------------- | ------------ |
+| Gem name               | spid |
+| License                | [MIT](https://github.com/italia/spid-ruby/blob/master/LICENSE) |
+| Version                | [![Gem Version](https://badge.fury.io/rb/spid.svg)](http://badge.fury.io/rb/spid) |
+| Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
+| Test coverage          | [![Coverage Status](https://coveralls.io/repos/italia/spid-ruby/badge.svg)](https://coveralls.io/r/italia/spid-ruby) |
+| Credits                | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
+## Features
+|<img src="https://github.com/italia/spid-graphics/blob/master/spid-logos/spid-logo-c-lb.png?raw=true" width="100" /><br />_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Service Providers)_||
+|:---|:---|
+|**Metadata:**||
+|parsing of IdP XML metadata (1.2.2.4)||
+|parsing of AA XML metadata (2.2.4)||
+|SP XML metadata generation (1.3.2)||
+|**AuthnRequest generation (1.2.2.1):**||
+|generation of AuthnRequest XML|✓|
+|HTTP-Redirect binding||
+|HTTP-POST binding|✓|
+|`AssertionConsumerServiceURL` customization||
+|`AssertionConsumerServiceIndex` customization||
+|`AttributeConsumingServiceIndex` customization||
+|`AuthnContextClassRef` (SPID level) customization||
+|`RequestedAuthnContext/@Comparison` customization||
+|`RelayState` customization (1.2.2)||
+|**Response/Assertion parsing**||
+|verification of `Response/Signature` value (if any)||
+|verification of `Response/Signature` certificate (if any) against IdP/AA metadata||
+|verification of `Assertion/Signature` value||
+|verification of `Assertion/Signature` certificate against IdP/AA metadata||
+|verification of `SubjectConfirmationData/@Recipient`||
+|verification of `SubjectConfirmationData/@NotOnOrAfter`||
+|verification of `SubjectConfirmationData/@InResponseTo`||
+|verification of `Issuer`||
+|verification of `Destination`||
+|verification of `Conditions/@NotBefore`||
+|verification of `Conditions/@NotOnOrAfter`||
+|verification of `Audience`||
+|parsing of Response with no `Assertion` (authentication/query failure)||
+|parsing of failure `StatusCode` (Requester/Responder)||
+|**Response/Assertion parsing for SSO (1.2.1, 1.2.2.2, 1.3.1):**||
+|parsing of `NameID`||
+|parsing of `AuthnContextClassRef` (SPID level)||
+|parsing of attributes||
+|**Response/Assertion parsing for attribute query (2.2.2.2, 2.3.1):**||
+|parsing of attributes||
+|**LogoutRequest generation (for SP-initiated logout):**||
+|generation of LogoutRequest XML||
+|HTTP-Redirect binding||
+|HTTP-POST binding||
+|**LogoutResponse parsing (for SP-initiated logout):**||
+|parsing of LogoutResponse XML||
+|verification of `Response/Signature` value (if any)||
+|verification of `Response/Signature` certificate (if any) against IdP metadata||
+|verification of `Issuer`||
+|verification of `Destination`||
+|PartialLogout detection||
+|**LogoutRequest parsing (for third-party-initiated logout):**||
+|parsing of LogoutRequest XML||
+|verification of `Response/Signature` value (if any)||
+|verification of `Response/Signature` certificate (if any) against IdP metadata||
+|verification of `Issuer`||
+|verification of `Destination`||
+|parsing of `NameID`||
+|**LogoutResponse generation (for third-party-initiated logout):**||
+|generation of LogoutResponse XML||
+|HTTP-Redirect binding||
+|HTTP-POST binding||
+|PartialLogout customization||
+|**AttributeQuery generation (2.2.2.1):**||
+|generation of AttributeQuery XML||
+|SOAP binding (client)||
+|<img src="https://github.com/italia/spid-graphics/blob/master/spid-logos/spid-logo-c-lb.png?raw=true" width="100" /><br />_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Attribute Authorities)_||
+|:---|:---|
+|**Metadata:**||
+|parsing of SP XML metadata (1.3.2)||
+|AA XML metadata generation (2.2.4)||
+|**AttributeQuery parsing (2.2.2.1):**||
+|parsing of AttributeQuery XML||
+|verification of `Signature` value||
+|verification of `Signature` certificate against SP metadata||
+|verification of `Issuer`||
+|verification of `Destination`||
+|parsing of `Subject/NameID`||
+|parsing of requested attributes||
+|**Response/Assertion generation (2.2.2.2):**||
+|generation of `Response/Assertion` XML||
+|Signature||

data/lib/spid/authn_request.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/authrequest"
+require "spid/onelogin_extension"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class AuthnRequest # :nodoc:
+    using OneLoginExtension
+    attr_reader :authn_request_attributes
+    # rubocop:disable Metrics/MethodLength
+    def initialize(
+          idp_sso_target_url:,
+          assertion_consumer_service_url:,
+          issuer:,
+          authn_context: Spid::L1,
+          authn_context_comparison: Spid::EXACT_COMPARISON
+        )
+      unless AUTHN_CONTEXTS.include?(authn_context)
+        raise Spid::UnknownAuthnContextError,
+              "Provided authn_context is not valid:" \
+              " use one of #{AUTHN_CONTEXTS.join(', ')}"
+      end
+      unless COMPARISON_METHODS.include?(authn_context_comparison)
+        raise Spid::UnknownAuthnComparisonMethodError,
+              "Provided authn_context_comparison_method is not valid:" \
+              " use one of #{COMPARISON_METHODS.join(', ')}"
+      end
+      @authn_request_attributes = {
+        idp_sso_target_url: idp_sso_target_url,
+        assertion_consumer_service_url: assertion_consumer_service_url,
+        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+        issuer: issuer,
+        name_identifier_format: name_identifier_format,
+        authn_context: authn_context,
+        authn_context_comparison: authn_context_comparison
+      }
+      return if authn_context <= Spid::L1
+      @authn_request_attributes[:force_authn] = true
+    end
+    # rubocop:enable Metrics/MethodLength
+    def to_xml
+      authn_request.create_xml_document(saml_settings)
+    end
+    private
+    def name_identifier_format
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+    end
+    def authn_request
+      ::OneLogin::RubySaml::Authrequest.new
+    end
+    def saml_settings
+      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    end
+  end
+end

data/lib/spid/onelogin_extension.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/authrequest"
+module Spid
+  module OneLoginExtension # :nodoc:
+    refine ::OneLogin::RubySaml::Authrequest do
+      def create_xml_document(settings)
+        original_document = super(settings)
+        issuer_element = original_document.elements["//saml:Issuer"]
+        issuer_element.attributes["Format"] = format_entity
+        issuer_element.attributes["NameQualifier"] = settings.issuer
+        original_document
+      end
+      private
+      def format_entity
+        "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
+      end
+    end
+  end
+end

data/lib/spid/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/spid.rb CHANGED Viewed

@@ -1,6 +1,31 @@
 # frozen_string_literal: true
+require "spid/authn_request"
 require "spid/version"
 module Spid # :nodoc:
+  class UnknownAuthnComparisonMethodError < StandardError; end
+  class UnknownAuthnContextError < StandardError; end
+  EXACT_COMPARISON = :exact
+  MININUM_COMPARISON = :minumum
+  BETTER_COMPARISON = :better
+  MAXIMUM_COMPARISON = :maximum
+  COMPARISON_METHODS = [
+    EXACT_COMPARISON,
+    MININUM_COMPARISON,
+    BETTER_COMPARISON,
+    MAXIMUM_COMPARISON
+  ].freeze
+  L1 = "urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL1"
+  L2 = "urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL2"
+  L3 = "urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL3"
+  AUTHN_CONTEXTS = [
+    L1,
+    L2,
+    L3
+  ].freeze
 end

data/spid.gemspec CHANGED Viewed

@@ -18,10 +18,15 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.3.0"
+  spec.add_runtime_dependency "ruby-saml", "~> 1.8.0"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit"
   spec.add_development_dependency "coveralls"
+  spec.add_development_dependency "nokogiri"
+  spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "rubocop-rspec"
 end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-06-27 00:00:00.000000000 Z
+date: 2018-07-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +66,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +136,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description:
 email:
 - davidlibrera@gmail.com
@@ -105,12 +161,15 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - lib/spid.rb
+- lib/spid/authn_request.rb
+- lib/spid/onelogin_extension.rb
 - lib/spid/version.rb
 - spid.gemspec
 homepage: https://github.com/italia/spid-ruby