RubyGems - spid - Versions diffs - 0.10.0 → 0.11.0 - Mend

spid 0.10.0 → 0.11.0

Files changed (38) hide show

checksums.yaml +4 -4
data/.rubocop.yml +3 -0
data/CHANGELOG.md +6 -1
data/Gemfile +0 -6
data/README.md +11 -14
data/lib/spid.rb +16 -10
data/lib/spid/configuration.rb +27 -19
data/lib/spid/identity_provider_manager.rb +14 -4
data/lib/spid/metadata.rb +10 -77
data/lib/spid/rack/login.rb +1 -1
data/lib/spid/rack/logout.rb +1 -1
data/lib/spid/saml2.rb +17 -0
data/lib/spid/saml2/authn_request.rb +104 -0
data/lib/spid/saml2/identity_provider.rb +27 -0
data/lib/spid/saml2/idp_metadata_parser.rb +283 -0
data/lib/spid/saml2/logout_request.rb +88 -0
data/lib/spid/saml2/logout_response.rb +33 -0
data/lib/spid/saml2/response.rb +58 -0
data/lib/spid/saml2/service_provider.rb +78 -0
data/lib/spid/saml2/settings.rb +85 -0
data/lib/spid/saml2/sp_metadata.rb +104 -0
data/lib/spid/saml2/utils.rb +62 -0
data/lib/spid/saml2/utils/query_params_signer.rb +75 -0
data/lib/spid/slo.rb +0 -1
data/lib/spid/slo/request.rb +29 -20
data/lib/spid/slo/response.rb +5 -32
data/lib/spid/sso.rb +0 -1
data/lib/spid/sso/request.rb +26 -19
data/lib/spid/sso/response.rb +9 -30
data/lib/spid/version.rb +1 -1
data/spid.gemspec +1 -1
metadata +28 -28
data/lib/spid/authn_request.rb +0 -28
data/lib/spid/identity_provider.rb +0 -60
data/lib/spid/logout_request.rb +0 -21
data/lib/spid/service_provider.rb +0 -107
data/lib/spid/slo/settings.rb +0 -53
data/lib/spid/sso/settings.rb +0 -62

data/lib/spid/service_provider.rb DELETED

@@ -1,107 +0,0 @@
-# frozen_string_literal: true
-require "uri"
-module Spid
-  class ServiceProvider # :nodoc:
-    attr_reader :host
-    attr_reader :acs_path
-    attr_reader :slo_path
-    attr_reader :metadata_path
-    attr_reader :private_key
-    attr_reader :certificate
-    attr_reader :digest_method
-    attr_reader :signature_method
-    attr_reader :attribute_service_name
-    # rubocop:disable Metrics/ParameterLists
-    def initialize(
-          host:,
-          acs_path:,
-          slo_path:,
-          metadata_path:,
-          private_key:,
-          certificate:,
-          digest_method:,
-          signature_method:,
-          attribute_service_name:
-        )
-      @host = host
-      @acs_path               = acs_path
-      @slo_path               = slo_path
-      @metadata_path          = metadata_path
-      @private_key            = private_key
-      @certificate            = certificate
-      @digest_method          = digest_method
-      @signature_method       = signature_method
-      @attribute_service_name = attribute_service_name
-      validate_attributes
-    end
-    # rubocop:enable Metrics/ParameterLists
-    def acs_url
-      @acs_url ||= URI.join(host, acs_path).to_s
-    end
-    def slo_url
-      @slo_url ||= URI.join(host, slo_path).to_s
-    end
-    def metadata_url
-      @metadata_url ||= URI.join(host, metadata_path).to_s
-    end
-    # rubocop:disable Metrics/MethodLength
-    def sso_attributes
-      @sso_attributes ||=
-        begin
-          {
-            assertion_consumer_service_url: acs_url,
-            issuer: host,
-            private_key: private_key,
-            certificate: certificate,
-            security: {
-              authn_requests_signed: true,
-              embed_sign: false,
-              digest_method: digest_method,
-              signature_method: signature_method
-            }
-          }
-        end
-    end
-    # rubocop:enable Metrics/MethodLength
-    # rubocop:disable Metrics/MethodLength
-    def slo_attributes
-      @slo_attributes ||=
-        begin
-          {
-            issuer: host,
-            private_key: private_key,
-            certificate: certificate,
-            security: {
-              logout_requests_signed: true,
-              embed_sign: false,
-              digest_method: digest_method,
-              signature_method: signature_method
-            }
-          }
-        end
-    end
-    # rubocop:enable Metrics/MethodLength
-    private
-    def validate_attributes
-      if !DIGEST_METHODS.include?(digest_method)
-        raise UnknownDigestMethodError,
-              "Provided digest method is not valid:" \
-              " use one of #{DIGEST_METHODS.join(', ')}"
-      elsif !SIGNATURE_METHODS.include?(signature_method)
-        raise UnknownSignatureMethodError,
-              "Provided digest method is not valid:" \
-              " use one of #{SIGNATURE_METHODS.join(', ')}"
-      end
-    end
-  end
-end

data/lib/spid/slo/settings.rb DELETED

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require "onelogin/ruby-saml/settings"
-module Spid
-  module Slo
-    class Settings # :nodoc:
-      attr_reader :service_provider
-      attr_reader :identity_provider
-      attr_reader :session_index
-      def initialize(
-            service_provider:,
-            identity_provider:,
-            session_index:
-          )
-        @service_provider = service_provider
-        @identity_provider = identity_provider
-        @session_index = session_index
-      end
-      def saml_settings
-        ::OneLogin::RubySaml::Settings.new(slo_attributes)
-      end
-      def slo_attributes
-        [
-          service_provider.slo_attributes,
-          identity_provider.slo_attributes,
-          inner_slo_attributes
-        ].inject(:merge)
-      end
-      def inner_slo_attributes
-        {
-          name_identifier_value: generated_name_identifier_value,
-          name_identifier_format: name_identifier_format_value,
-          sessionindex: session_index
-        }
-      end
-      private
-      def generated_name_identifier_value
-        ::OneLogin::RubySaml::Utils.uuid
-      end
-      def name_identifier_format_value
-        "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
-      end
-    end
-  end
-end

data/lib/spid/sso/settings.rb DELETED

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-module Spid
-  module Sso
-    class Settings # :nodoc:
-      attr_reader :service_provider
-      attr_reader :identity_provider
-      attr_reader :authn_context
-      def initialize(
-            service_provider:,
-            identity_provider:,
-            authn_context: Spid::L1
-          )
-        unless AUTHN_CONTEXTS.include?(authn_context)
-          raise Spid::UnknownAuthnContextError,
-                "Provided authn_context is not valid:" \
-                " use one of #{AUTHN_CONTEXTS.join(', ')}"
-        end
-        @service_provider = service_provider
-        @identity_provider = identity_provider
-        @authn_context = authn_context
-      end
-      def saml_settings
-        ::OneLogin::RubySaml::Settings.new(sso_attributes)
-      end
-      def sso_attributes
-        [
-          service_provider.sso_attributes,
-          identity_provider.sso_attributes,
-          inner_sso_attributes,
-          force_authn_attributes
-        ].inject(:merge)
-      end
-      def inner_sso_attributes
-        {
-          protocol_binding: protocol_binding_value,
-          authn_context: authn_context,
-          authn_context_comparison: Spid::MINIMUM_COMPARISON
-        }
-      end
-      def force_authn_attributes
-        return {} if authn_context <= Spid::L1
-        {
-          force_authn: true
-        }
-      end
-      private
-      def protocol_binding_value
-        "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-      end
-    end
-  end
-end