spid 0.10.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "onelogin/ruby-saml/logoutresponse"
4
-
5
3
  module Spid
6
4
  module Slo
7
5
  class Response # :nodoc:
@@ -16,23 +14,11 @@ module Spid
16
14
  end
17
15
 
18
16
  def valid?
19
- validated_saml_response.validate
17
+ saml_response.in_response_to == matches_request_id
20
18
  end
21
19
 
22
20
  def errors
23
- validated_saml_response.errors
24
- end
25
-
26
- def saml_settings
27
- slo_settings.saml_settings
28
- end
29
-
30
- def slo_settings
31
- Settings.new(
32
- service_provider: service_provider,
33
- identity_provider: identity_provider,
34
- session_index: session_index
35
- )
21
+ []
36
22
  end
37
23
 
38
24
  def identity_provider
@@ -46,27 +32,14 @@ module Spid
46
32
  end
47
33
 
48
34
  def issuer
49
- saml_response.issuer.strip
35
+ saml_response.issuer
50
36
  end
51
37
 
52
- private
53
-
54
38
  def saml_response
55
- ::OneLogin::RubySaml::Logoutresponse.new(
56
- body,
57
- nil,
58
- matches_request_id: matches_request_id
39
+ @saml_response ||= Spid::Saml2::LogoutResponse.new(
40
+ body: body
59
41
  )
60
42
  end
61
-
62
- def validated_saml_response
63
- @validated_saml_response ||=
64
- begin
65
- response = saml_response
66
- response.settings = saml_settings
67
- response
68
- end
69
- end
70
43
  end
71
44
  end
72
45
  end
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "spid/sso/request"
4
4
  require "spid/sso/response"
5
- require "spid/sso/settings"
6
5
 
7
6
  module Spid
8
7
  module Sso # :nodoc:
@@ -1,8 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "spid/authn_request"
4
- require "onelogin/ruby-saml/settings"
5
-
6
3
  module Spid
7
4
  module Sso
8
5
  class Request # :nodoc:
@@ -25,21 +22,37 @@ module Spid
25
22
  end
26
23
  end
27
24
 
28
- def to_saml
29
- authn_request.create(
30
- saml_settings,
31
- "RelayState" => relay_state
32
- )
25
+ def url
26
+ [
27
+ settings.idp_sso_target_url,
28
+ query_params_signer.escaped_signed_query_string
29
+ ].join("?")
30
+ end
31
+
32
+ def query_params_signer
33
+ @query_params_signer ||=
34
+ begin
35
+ Spid::Saml2::Utils::QueryParamsSigner.new(
36
+ saml_message: saml_message,
37
+ relay_state: relay_state,
38
+ private_key: settings.private_key,
39
+ signature_method: settings.signature_method
40
+ )
41
+ end
33
42
  end
34
43
 
35
- def saml_settings
36
- sso_settings.saml_settings
44
+ def saml_message
45
+ @saml_message ||= authn_request.to_saml
37
46
  end
38
47
 
39
- def sso_settings
40
- Settings.new(
41
- service_provider: service_provider,
48
+ def authn_request
49
+ @authn_request ||= Spid::Saml2::AuthnRequest.new(settings: settings)
50
+ end
51
+
52
+ def settings
53
+ @settings ||= Spid::Saml2::Settings.new(
42
54
  identity_provider: identity_provider,
55
+ service_provider: service_provider,
43
56
  authn_context: authn_context
44
57
  )
45
58
  end
@@ -53,12 +66,6 @@ module Spid
53
66
  @service_provider ||=
54
67
  Spid.configuration.service_provider
55
68
  end
56
-
57
- private
58
-
59
- def authn_request
60
- AuthnRequest.new
61
- end
62
69
  end
63
70
  end
64
71
  end
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "onelogin/ruby-saml/response"
4
3
  require "active_support/inflector/methods"
5
4
 
6
5
  module Spid
@@ -13,18 +12,11 @@ module Spid
13
12
  end
14
13
 
15
14
  def valid?
16
- validated_saml_response.is_valid?
15
+ saml_response.destination == service_provider.acs_url
17
16
  end
18
17
 
19
- def saml_settings
20
- sso_settings.saml_settings
21
- end
22
-
23
- def sso_settings
24
- Settings.new(
25
- service_provider: service_provider,
26
- identity_provider: identity_provider
27
- )
18
+ def issuer
19
+ saml_response.issuer
28
20
  end
29
21
 
30
22
  def attributes
@@ -33,16 +25,12 @@ module Spid
33
25
  end
34
26
  end
35
27
 
36
- def issuer
37
- saml_response.issuers.first
38
- end
39
-
40
28
  def session_index
41
- saml_response.sessionindex
29
+ saml_response.session_index
42
30
  end
43
31
 
44
32
  def raw_attributes
45
- saml_response.attributes.attributes
33
+ saml_response.attributes
46
34
  end
47
35
 
48
36
  def identity_provider
@@ -55,6 +43,10 @@ module Spid
55
43
  Spid.configuration.service_provider
56
44
  end
57
45
 
46
+ def saml_response
47
+ @saml_response ||= Spid::Saml2::Response.new(body: body)
48
+ end
49
+
58
50
  private
59
51
 
60
52
  def normalize_key(key)
@@ -62,19 +54,6 @@ module Spid
62
54
  key.to_s
63
55
  ).to_s
64
56
  end
65
-
66
- def saml_response
67
- ::OneLogin::RubySaml::Response.new(body)
68
- end
69
-
70
- def validated_saml_response
71
- @validated_saml_response ||=
72
- begin
73
- response = saml_response
74
- response.settings = saml_settings
75
- response
76
- end
77
- end
78
57
  end
79
58
  end
80
59
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spid
4
- VERSION = "0.10.0"
4
+ VERSION = "0.11.0"
5
5
  end
@@ -26,7 +26,6 @@ Gem::Specification.new do |spec|
26
26
 
27
27
  spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
28
28
  spec.add_runtime_dependency "rack", ">= 1", "< 3"
29
- spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
30
29
 
31
30
  spec.add_development_dependency "bundler", "~> 1.16"
32
31
  spec.add_development_dependency "bundler-audit", "~> 0"
@@ -35,6 +34,7 @@ Gem::Specification.new do |spec|
35
34
  spec.add_development_dependency "faraday_middleware", "~> 0"
36
35
  spec.add_development_dependency "nokogiri", "~> 1.8", ">= 1.8.3"
37
36
  spec.add_development_dependency "pry", "~> 0"
37
+ spec.add_development_dependency "pry-doc", "~> 0"
38
38
  spec.add_development_dependency "rake", "~> 10.0"
39
39
  spec.add_development_dependency "rspec", "~> 3.0"
40
40
  spec.add_development_dependency "rubocop", "0.57.2"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.0
4
+ version: 0.11.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Librera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-02 00:00:00.000000000 Z
11
+ date: 2018-08-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -50,26 +50,6 @@ dependencies:
50
50
  - - "<"
51
51
  - !ruby/object:Gem::Version
52
52
  version: '3'
53
- - !ruby/object:Gem::Dependency
54
- name: ruby-saml
55
- requirement: !ruby/object:Gem::Requirement
56
- requirements:
57
- - - "~>"
58
- - !ruby/object:Gem::Version
59
- version: '1.8'
60
- - - ">="
61
- - !ruby/object:Gem::Version
62
- version: 1.8.0
63
- type: :runtime
64
- prerelease: false
65
- version_requirements: !ruby/object:Gem::Requirement
66
- requirements:
67
- - - "~>"
68
- - !ruby/object:Gem::Version
69
- version: '1.8'
70
- - - ">="
71
- - !ruby/object:Gem::Version
72
- version: 1.8.0
73
53
  - !ruby/object:Gem::Dependency
74
54
  name: bundler
75
55
  requirement: !ruby/object:Gem::Requirement
@@ -174,6 +154,20 @@ dependencies:
174
154
  - - "~>"
175
155
  - !ruby/object:Gem::Version
176
156
  version: '0'
157
+ - !ruby/object:Gem::Dependency
158
+ name: pry-doc
159
+ requirement: !ruby/object:Gem::Requirement
160
+ requirements:
161
+ - - "~>"
162
+ - !ruby/object:Gem::Version
163
+ version: '0'
164
+ type: :development
165
+ prerelease: false
166
+ version_requirements: !ruby/object:Gem::Requirement
167
+ requirements:
168
+ - - "~>"
169
+ - !ruby/object:Gem::Version
170
+ version: '0'
177
171
  - !ruby/object:Gem::Dependency
178
172
  name: rake
179
173
  requirement: !ruby/object:Gem::Requirement
@@ -303,11 +297,8 @@ files:
303
297
  - Rakefile
304
298
  - idp_metadata/.gitkeep
305
299
  - lib/spid.rb
306
- - lib/spid/authn_request.rb
307
300
  - lib/spid/configuration.rb
308
- - lib/spid/identity_provider.rb
309
301
  - lib/spid/identity_provider_manager.rb
310
- - lib/spid/logout_request.rb
311
302
  - lib/spid/metadata.rb
312
303
  - lib/spid/rack.rb
313
304
  - lib/spid/rack/login.rb
@@ -316,15 +307,24 @@ files:
316
307
  - lib/spid/rack/session.rb
317
308
  - lib/spid/rack/slo.rb
318
309
  - lib/spid/rack/sso.rb
319
- - lib/spid/service_provider.rb
310
+ - lib/spid/saml2.rb
311
+ - lib/spid/saml2/authn_request.rb
312
+ - lib/spid/saml2/identity_provider.rb
313
+ - lib/spid/saml2/idp_metadata_parser.rb
314
+ - lib/spid/saml2/logout_request.rb
315
+ - lib/spid/saml2/logout_response.rb
316
+ - lib/spid/saml2/response.rb
317
+ - lib/spid/saml2/service_provider.rb
318
+ - lib/spid/saml2/settings.rb
319
+ - lib/spid/saml2/sp_metadata.rb
320
+ - lib/spid/saml2/utils.rb
321
+ - lib/spid/saml2/utils/query_params_signer.rb
320
322
  - lib/spid/slo.rb
321
323
  - lib/spid/slo/request.rb
322
324
  - lib/spid/slo/response.rb
323
- - lib/spid/slo/settings.rb
324
325
  - lib/spid/sso.rb
325
326
  - lib/spid/sso/request.rb
326
327
  - lib/spid/sso/response.rb
327
- - lib/spid/sso/settings.rb
328
328
  - lib/spid/version.rb
329
329
  - spid.gemspec
330
330
  homepage: https://github.com/italia/spid-ruby
@@ -1,28 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "onelogin/ruby-saml/authrequest"
4
-
5
- module Spid
6
- class AuthnRequest < ::OneLogin::RubySaml::Authrequest # :nodoc:
7
- def create_xml_document(settings)
8
- original_document = super(settings)
9
- root = original_document.elements["//samlp:AuthnRequest"]
10
- name_id_policy_element = root.add_element("samlp:NameIDPolicy")
11
- name_id_policy_element.attributes["Format"] = format_transient
12
- issuer_element = original_document.elements["//saml:Issuer"]
13
- issuer_element.attributes["Format"] = format_entity
14
- issuer_element.attributes["NameQualifier"] = settings.issuer
15
- original_document
16
- end
17
-
18
- private
19
-
20
- def format_transient
21
- "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
22
- end
23
-
24
- def format_entity
25
- "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
26
- end
27
- end
28
- end
@@ -1,60 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "onelogin/ruby-saml/idp_metadata_parser"
4
-
5
- module Spid
6
- class IdentityProvider # :nodoc:
7
- attr_reader :name
8
- attr_reader :entity_id
9
- attr_reader :sso_target_url
10
- attr_reader :slo_target_url
11
- attr_reader :cert_fingerprint
12
-
13
- def initialize(
14
- name:,
15
- entity_id:,
16
- sso_target_url:,
17
- slo_target_url:,
18
- cert_fingerprint:
19
- )
20
- @name = name
21
- @entity_id = entity_id
22
- @sso_target_url = sso_target_url
23
- @slo_target_url = slo_target_url
24
- @cert_fingerprint = cert_fingerprint
25
- end
26
-
27
- def sso_attributes
28
- @sso_attributes ||=
29
- begin
30
- {
31
- idp_sso_target_url: sso_target_url,
32
- idp_cert_fingerprint: cert_fingerprint
33
- }
34
- end
35
- end
36
-
37
- def slo_attributes
38
- @slo_attributes ||=
39
- begin
40
- {
41
- idp_slo_target_url: slo_target_url,
42
- idp_name_qualifier: entity_id,
43
- idp_cert_fingerprint: cert_fingerprint
44
- }
45
- end
46
- end
47
-
48
- def self.parse_from_xml(name:, metadata:)
49
- idp_metadata_parser = ::OneLogin::RubySaml::IdpMetadataParser.new
50
- idp_settings = idp_metadata_parser.parse_to_hash(metadata)
51
- new(
52
- name: name,
53
- entity_id: idp_settings[:idp_entity_id],
54
- sso_target_url: idp_settings[:idp_sso_target_url],
55
- slo_target_url: idp_settings[:idp_slo_target_url],
56
- cert_fingerprint: idp_settings[:idp_cert_fingerprint]
57
- )
58
- end
59
- end
60
- end
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "onelogin/ruby-saml/logoutrequest"
4
-
5
- module Spid
6
- class LogoutRequest < ::OneLogin::RubySaml::Logoutrequest # :nodoc:
7
- def create_xml_document(settings)
8
- original_document = super(settings)
9
- issuer_element = original_document.elements["//saml:Issuer"]
10
- issuer_element.attributes["Format"] = format_entity
11
- issuer_element.attributes["NameQualifier"] = settings.issuer
12
- original_document
13
- end
14
-
15
- private
16
-
17
- def format_entity
18
- "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
19
- end
20
- end
21
- end