spid 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +3 -0
- data/CHANGELOG.md +6 -1
- data/Gemfile +0 -6
- data/README.md +11 -14
- data/lib/spid.rb +16 -10
- data/lib/spid/configuration.rb +27 -19
- data/lib/spid/identity_provider_manager.rb +14 -4
- data/lib/spid/metadata.rb +10 -77
- data/lib/spid/rack/login.rb +1 -1
- data/lib/spid/rack/logout.rb +1 -1
- data/lib/spid/saml2.rb +17 -0
- data/lib/spid/saml2/authn_request.rb +104 -0
- data/lib/spid/saml2/identity_provider.rb +27 -0
- data/lib/spid/saml2/idp_metadata_parser.rb +283 -0
- data/lib/spid/saml2/logout_request.rb +88 -0
- data/lib/spid/saml2/logout_response.rb +33 -0
- data/lib/spid/saml2/response.rb +58 -0
- data/lib/spid/saml2/service_provider.rb +78 -0
- data/lib/spid/saml2/settings.rb +85 -0
- data/lib/spid/saml2/sp_metadata.rb +104 -0
- data/lib/spid/saml2/utils.rb +62 -0
- data/lib/spid/saml2/utils/query_params_signer.rb +75 -0
- data/lib/spid/slo.rb +0 -1
- data/lib/spid/slo/request.rb +29 -20
- data/lib/spid/slo/response.rb +5 -32
- data/lib/spid/sso.rb +0 -1
- data/lib/spid/sso/request.rb +26 -19
- data/lib/spid/sso/response.rb +9 -30
- data/lib/spid/version.rb +1 -1
- data/spid.gemspec +1 -1
- metadata +28 -28
- data/lib/spid/authn_request.rb +0 -28
- data/lib/spid/identity_provider.rb +0 -60
- data/lib/spid/logout_request.rb +0 -21
- data/lib/spid/service_provider.rb +0 -107
- data/lib/spid/slo/settings.rb +0 -53
- data/lib/spid/sso/settings.rb +0 -62
data/lib/spid/slo/response.rb
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "onelogin/ruby-saml/logoutresponse"
|
4
|
-
|
5
3
|
module Spid
|
6
4
|
module Slo
|
7
5
|
class Response # :nodoc:
|
@@ -16,23 +14,11 @@ module Spid
|
|
16
14
|
end
|
17
15
|
|
18
16
|
def valid?
|
19
|
-
|
17
|
+
saml_response.in_response_to == matches_request_id
|
20
18
|
end
|
21
19
|
|
22
20
|
def errors
|
23
|
-
|
24
|
-
end
|
25
|
-
|
26
|
-
def saml_settings
|
27
|
-
slo_settings.saml_settings
|
28
|
-
end
|
29
|
-
|
30
|
-
def slo_settings
|
31
|
-
Settings.new(
|
32
|
-
service_provider: service_provider,
|
33
|
-
identity_provider: identity_provider,
|
34
|
-
session_index: session_index
|
35
|
-
)
|
21
|
+
[]
|
36
22
|
end
|
37
23
|
|
38
24
|
def identity_provider
|
@@ -46,27 +32,14 @@ module Spid
|
|
46
32
|
end
|
47
33
|
|
48
34
|
def issuer
|
49
|
-
saml_response.issuer
|
35
|
+
saml_response.issuer
|
50
36
|
end
|
51
37
|
|
52
|
-
private
|
53
|
-
|
54
38
|
def saml_response
|
55
|
-
::
|
56
|
-
body
|
57
|
-
nil,
|
58
|
-
matches_request_id: matches_request_id
|
39
|
+
@saml_response ||= Spid::Saml2::LogoutResponse.new(
|
40
|
+
body: body
|
59
41
|
)
|
60
42
|
end
|
61
|
-
|
62
|
-
def validated_saml_response
|
63
|
-
@validated_saml_response ||=
|
64
|
-
begin
|
65
|
-
response = saml_response
|
66
|
-
response.settings = saml_settings
|
67
|
-
response
|
68
|
-
end
|
69
|
-
end
|
70
43
|
end
|
71
44
|
end
|
72
45
|
end
|
data/lib/spid/sso.rb
CHANGED
data/lib/spid/sso/request.rb
CHANGED
@@ -1,8 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "spid/authn_request"
|
4
|
-
require "onelogin/ruby-saml/settings"
|
5
|
-
|
6
3
|
module Spid
|
7
4
|
module Sso
|
8
5
|
class Request # :nodoc:
|
@@ -25,21 +22,37 @@ module Spid
|
|
25
22
|
end
|
26
23
|
end
|
27
24
|
|
28
|
-
def
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
)
|
25
|
+
def url
|
26
|
+
[
|
27
|
+
settings.idp_sso_target_url,
|
28
|
+
query_params_signer.escaped_signed_query_string
|
29
|
+
].join("?")
|
30
|
+
end
|
31
|
+
|
32
|
+
def query_params_signer
|
33
|
+
@query_params_signer ||=
|
34
|
+
begin
|
35
|
+
Spid::Saml2::Utils::QueryParamsSigner.new(
|
36
|
+
saml_message: saml_message,
|
37
|
+
relay_state: relay_state,
|
38
|
+
private_key: settings.private_key,
|
39
|
+
signature_method: settings.signature_method
|
40
|
+
)
|
41
|
+
end
|
33
42
|
end
|
34
43
|
|
35
|
-
def
|
36
|
-
|
44
|
+
def saml_message
|
45
|
+
@saml_message ||= authn_request.to_saml
|
37
46
|
end
|
38
47
|
|
39
|
-
def
|
40
|
-
|
41
|
-
|
48
|
+
def authn_request
|
49
|
+
@authn_request ||= Spid::Saml2::AuthnRequest.new(settings: settings)
|
50
|
+
end
|
51
|
+
|
52
|
+
def settings
|
53
|
+
@settings ||= Spid::Saml2::Settings.new(
|
42
54
|
identity_provider: identity_provider,
|
55
|
+
service_provider: service_provider,
|
43
56
|
authn_context: authn_context
|
44
57
|
)
|
45
58
|
end
|
@@ -53,12 +66,6 @@ module Spid
|
|
53
66
|
@service_provider ||=
|
54
67
|
Spid.configuration.service_provider
|
55
68
|
end
|
56
|
-
|
57
|
-
private
|
58
|
-
|
59
|
-
def authn_request
|
60
|
-
AuthnRequest.new
|
61
|
-
end
|
62
69
|
end
|
63
70
|
end
|
64
71
|
end
|
data/lib/spid/sso/response.rb
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "onelogin/ruby-saml/response"
|
4
3
|
require "active_support/inflector/methods"
|
5
4
|
|
6
5
|
module Spid
|
@@ -13,18 +12,11 @@ module Spid
|
|
13
12
|
end
|
14
13
|
|
15
14
|
def valid?
|
16
|
-
|
15
|
+
saml_response.destination == service_provider.acs_url
|
17
16
|
end
|
18
17
|
|
19
|
-
def
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
def sso_settings
|
24
|
-
Settings.new(
|
25
|
-
service_provider: service_provider,
|
26
|
-
identity_provider: identity_provider
|
27
|
-
)
|
18
|
+
def issuer
|
19
|
+
saml_response.issuer
|
28
20
|
end
|
29
21
|
|
30
22
|
def attributes
|
@@ -33,16 +25,12 @@ module Spid
|
|
33
25
|
end
|
34
26
|
end
|
35
27
|
|
36
|
-
def issuer
|
37
|
-
saml_response.issuers.first
|
38
|
-
end
|
39
|
-
|
40
28
|
def session_index
|
41
|
-
saml_response.
|
29
|
+
saml_response.session_index
|
42
30
|
end
|
43
31
|
|
44
32
|
def raw_attributes
|
45
|
-
saml_response.attributes
|
33
|
+
saml_response.attributes
|
46
34
|
end
|
47
35
|
|
48
36
|
def identity_provider
|
@@ -55,6 +43,10 @@ module Spid
|
|
55
43
|
Spid.configuration.service_provider
|
56
44
|
end
|
57
45
|
|
46
|
+
def saml_response
|
47
|
+
@saml_response ||= Spid::Saml2::Response.new(body: body)
|
48
|
+
end
|
49
|
+
|
58
50
|
private
|
59
51
|
|
60
52
|
def normalize_key(key)
|
@@ -62,19 +54,6 @@ module Spid
|
|
62
54
|
key.to_s
|
63
55
|
).to_s
|
64
56
|
end
|
65
|
-
|
66
|
-
def saml_response
|
67
|
-
::OneLogin::RubySaml::Response.new(body)
|
68
|
-
end
|
69
|
-
|
70
|
-
def validated_saml_response
|
71
|
-
@validated_saml_response ||=
|
72
|
-
begin
|
73
|
-
response = saml_response
|
74
|
-
response.settings = saml_settings
|
75
|
-
response
|
76
|
-
end
|
77
|
-
end
|
78
57
|
end
|
79
58
|
end
|
80
59
|
end
|
data/lib/spid/version.rb
CHANGED
data/spid.gemspec
CHANGED
@@ -26,7 +26,6 @@ Gem::Specification.new do |spec|
|
|
26
26
|
|
27
27
|
spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
|
28
28
|
spec.add_runtime_dependency "rack", ">= 1", "< 3"
|
29
|
-
spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
|
30
29
|
|
31
30
|
spec.add_development_dependency "bundler", "~> 1.16"
|
32
31
|
spec.add_development_dependency "bundler-audit", "~> 0"
|
@@ -35,6 +34,7 @@ Gem::Specification.new do |spec|
|
|
35
34
|
spec.add_development_dependency "faraday_middleware", "~> 0"
|
36
35
|
spec.add_development_dependency "nokogiri", "~> 1.8", ">= 1.8.3"
|
37
36
|
spec.add_development_dependency "pry", "~> 0"
|
37
|
+
spec.add_development_dependency "pry-doc", "~> 0"
|
38
38
|
spec.add_development_dependency "rake", "~> 10.0"
|
39
39
|
spec.add_development_dependency "rspec", "~> 3.0"
|
40
40
|
spec.add_development_dependency "rubocop", "0.57.2"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Librera
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-08-
|
11
|
+
date: 2018-08-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -50,26 +50,6 @@ dependencies:
|
|
50
50
|
- - "<"
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '3'
|
53
|
-
- !ruby/object:Gem::Dependency
|
54
|
-
name: ruby-saml
|
55
|
-
requirement: !ruby/object:Gem::Requirement
|
56
|
-
requirements:
|
57
|
-
- - "~>"
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '1.8'
|
60
|
-
- - ">="
|
61
|
-
- !ruby/object:Gem::Version
|
62
|
-
version: 1.8.0
|
63
|
-
type: :runtime
|
64
|
-
prerelease: false
|
65
|
-
version_requirements: !ruby/object:Gem::Requirement
|
66
|
-
requirements:
|
67
|
-
- - "~>"
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '1.8'
|
70
|
-
- - ">="
|
71
|
-
- !ruby/object:Gem::Version
|
72
|
-
version: 1.8.0
|
73
53
|
- !ruby/object:Gem::Dependency
|
74
54
|
name: bundler
|
75
55
|
requirement: !ruby/object:Gem::Requirement
|
@@ -174,6 +154,20 @@ dependencies:
|
|
174
154
|
- - "~>"
|
175
155
|
- !ruby/object:Gem::Version
|
176
156
|
version: '0'
|
157
|
+
- !ruby/object:Gem::Dependency
|
158
|
+
name: pry-doc
|
159
|
+
requirement: !ruby/object:Gem::Requirement
|
160
|
+
requirements:
|
161
|
+
- - "~>"
|
162
|
+
- !ruby/object:Gem::Version
|
163
|
+
version: '0'
|
164
|
+
type: :development
|
165
|
+
prerelease: false
|
166
|
+
version_requirements: !ruby/object:Gem::Requirement
|
167
|
+
requirements:
|
168
|
+
- - "~>"
|
169
|
+
- !ruby/object:Gem::Version
|
170
|
+
version: '0'
|
177
171
|
- !ruby/object:Gem::Dependency
|
178
172
|
name: rake
|
179
173
|
requirement: !ruby/object:Gem::Requirement
|
@@ -303,11 +297,8 @@ files:
|
|
303
297
|
- Rakefile
|
304
298
|
- idp_metadata/.gitkeep
|
305
299
|
- lib/spid.rb
|
306
|
-
- lib/spid/authn_request.rb
|
307
300
|
- lib/spid/configuration.rb
|
308
|
-
- lib/spid/identity_provider.rb
|
309
301
|
- lib/spid/identity_provider_manager.rb
|
310
|
-
- lib/spid/logout_request.rb
|
311
302
|
- lib/spid/metadata.rb
|
312
303
|
- lib/spid/rack.rb
|
313
304
|
- lib/spid/rack/login.rb
|
@@ -316,15 +307,24 @@ files:
|
|
316
307
|
- lib/spid/rack/session.rb
|
317
308
|
- lib/spid/rack/slo.rb
|
318
309
|
- lib/spid/rack/sso.rb
|
319
|
-
- lib/spid/
|
310
|
+
- lib/spid/saml2.rb
|
311
|
+
- lib/spid/saml2/authn_request.rb
|
312
|
+
- lib/spid/saml2/identity_provider.rb
|
313
|
+
- lib/spid/saml2/idp_metadata_parser.rb
|
314
|
+
- lib/spid/saml2/logout_request.rb
|
315
|
+
- lib/spid/saml2/logout_response.rb
|
316
|
+
- lib/spid/saml2/response.rb
|
317
|
+
- lib/spid/saml2/service_provider.rb
|
318
|
+
- lib/spid/saml2/settings.rb
|
319
|
+
- lib/spid/saml2/sp_metadata.rb
|
320
|
+
- lib/spid/saml2/utils.rb
|
321
|
+
- lib/spid/saml2/utils/query_params_signer.rb
|
320
322
|
- lib/spid/slo.rb
|
321
323
|
- lib/spid/slo/request.rb
|
322
324
|
- lib/spid/slo/response.rb
|
323
|
-
- lib/spid/slo/settings.rb
|
324
325
|
- lib/spid/sso.rb
|
325
326
|
- lib/spid/sso/request.rb
|
326
327
|
- lib/spid/sso/response.rb
|
327
|
-
- lib/spid/sso/settings.rb
|
328
328
|
- lib/spid/version.rb
|
329
329
|
- spid.gemspec
|
330
330
|
homepage: https://github.com/italia/spid-ruby
|
data/lib/spid/authn_request.rb
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "onelogin/ruby-saml/authrequest"
|
4
|
-
|
5
|
-
module Spid
|
6
|
-
class AuthnRequest < ::OneLogin::RubySaml::Authrequest # :nodoc:
|
7
|
-
def create_xml_document(settings)
|
8
|
-
original_document = super(settings)
|
9
|
-
root = original_document.elements["//samlp:AuthnRequest"]
|
10
|
-
name_id_policy_element = root.add_element("samlp:NameIDPolicy")
|
11
|
-
name_id_policy_element.attributes["Format"] = format_transient
|
12
|
-
issuer_element = original_document.elements["//saml:Issuer"]
|
13
|
-
issuer_element.attributes["Format"] = format_entity
|
14
|
-
issuer_element.attributes["NameQualifier"] = settings.issuer
|
15
|
-
original_document
|
16
|
-
end
|
17
|
-
|
18
|
-
private
|
19
|
-
|
20
|
-
def format_transient
|
21
|
-
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
|
22
|
-
end
|
23
|
-
|
24
|
-
def format_entity
|
25
|
-
"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,60 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "onelogin/ruby-saml/idp_metadata_parser"
|
4
|
-
|
5
|
-
module Spid
|
6
|
-
class IdentityProvider # :nodoc:
|
7
|
-
attr_reader :name
|
8
|
-
attr_reader :entity_id
|
9
|
-
attr_reader :sso_target_url
|
10
|
-
attr_reader :slo_target_url
|
11
|
-
attr_reader :cert_fingerprint
|
12
|
-
|
13
|
-
def initialize(
|
14
|
-
name:,
|
15
|
-
entity_id:,
|
16
|
-
sso_target_url:,
|
17
|
-
slo_target_url:,
|
18
|
-
cert_fingerprint:
|
19
|
-
)
|
20
|
-
@name = name
|
21
|
-
@entity_id = entity_id
|
22
|
-
@sso_target_url = sso_target_url
|
23
|
-
@slo_target_url = slo_target_url
|
24
|
-
@cert_fingerprint = cert_fingerprint
|
25
|
-
end
|
26
|
-
|
27
|
-
def sso_attributes
|
28
|
-
@sso_attributes ||=
|
29
|
-
begin
|
30
|
-
{
|
31
|
-
idp_sso_target_url: sso_target_url,
|
32
|
-
idp_cert_fingerprint: cert_fingerprint
|
33
|
-
}
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def slo_attributes
|
38
|
-
@slo_attributes ||=
|
39
|
-
begin
|
40
|
-
{
|
41
|
-
idp_slo_target_url: slo_target_url,
|
42
|
-
idp_name_qualifier: entity_id,
|
43
|
-
idp_cert_fingerprint: cert_fingerprint
|
44
|
-
}
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
def self.parse_from_xml(name:, metadata:)
|
49
|
-
idp_metadata_parser = ::OneLogin::RubySaml::IdpMetadataParser.new
|
50
|
-
idp_settings = idp_metadata_parser.parse_to_hash(metadata)
|
51
|
-
new(
|
52
|
-
name: name,
|
53
|
-
entity_id: idp_settings[:idp_entity_id],
|
54
|
-
sso_target_url: idp_settings[:idp_sso_target_url],
|
55
|
-
slo_target_url: idp_settings[:idp_slo_target_url],
|
56
|
-
cert_fingerprint: idp_settings[:idp_cert_fingerprint]
|
57
|
-
)
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
data/lib/spid/logout_request.rb
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "onelogin/ruby-saml/logoutrequest"
|
4
|
-
|
5
|
-
module Spid
|
6
|
-
class LogoutRequest < ::OneLogin::RubySaml::Logoutrequest # :nodoc:
|
7
|
-
def create_xml_document(settings)
|
8
|
-
original_document = super(settings)
|
9
|
-
issuer_element = original_document.elements["//saml:Issuer"]
|
10
|
-
issuer_element.attributes["Format"] = format_entity
|
11
|
-
issuer_element.attributes["NameQualifier"] = settings.issuer
|
12
|
-
original_document
|
13
|
-
end
|
14
|
-
|
15
|
-
private
|
16
|
-
|
17
|
-
def format_entity
|
18
|
-
"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|