RubyGems - spid - Versions diffs - 0.10.0 → 0.11.0 - Mend

spid 0.10.0 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

checksums.yaml +4 -4
data/.rubocop.yml +3 -0
data/CHANGELOG.md +6 -1
data/Gemfile +0 -6
data/README.md +11 -14
data/lib/spid.rb +16 -10
data/lib/spid/configuration.rb +27 -19
data/lib/spid/identity_provider_manager.rb +14 -4
data/lib/spid/metadata.rb +10 -77
data/lib/spid/rack/login.rb +1 -1
data/lib/spid/rack/logout.rb +1 -1
data/lib/spid/saml2.rb +17 -0
data/lib/spid/saml2/authn_request.rb +104 -0
data/lib/spid/saml2/identity_provider.rb +27 -0
data/lib/spid/saml2/idp_metadata_parser.rb +283 -0
data/lib/spid/saml2/logout_request.rb +88 -0
data/lib/spid/saml2/logout_response.rb +33 -0
data/lib/spid/saml2/response.rb +58 -0
data/lib/spid/saml2/service_provider.rb +78 -0
data/lib/spid/saml2/settings.rb +85 -0
data/lib/spid/saml2/sp_metadata.rb +104 -0
data/lib/spid/saml2/utils.rb +62 -0
data/lib/spid/saml2/utils/query_params_signer.rb +75 -0
data/lib/spid/slo.rb +0 -1
data/lib/spid/slo/request.rb +29 -20
data/lib/spid/slo/response.rb +5 -32
data/lib/spid/sso.rb +0 -1
data/lib/spid/sso/request.rb +26 -19
data/lib/spid/sso/response.rb +9 -30
data/lib/spid/version.rb +1 -1
data/spid.gemspec +1 -1
metadata +28 -28
data/lib/spid/authn_request.rb +0 -28
data/lib/spid/identity_provider.rb +0 -60
data/lib/spid/logout_request.rb +0 -21
data/lib/spid/service_provider.rb +0 -107
data/lib/spid/slo/settings.rb +0 -53
data/lib/spid/sso/settings.rb +0 -62

data/lib/spid/service_provider.rb DELETED

@@ -1,107 +0,0 @@
-# frozen_string_literal: true
-require "uri"
-module Spid
-  class ServiceProvider # :nodoc:
-    attr_reader :host
-    attr_reader :acs_path
-    attr_reader :slo_path
-    attr_reader :metadata_path
-    attr_reader :private_key
-    attr_reader :certificate
-    attr_reader :digest_method
-    attr_reader :signature_method
-    attr_reader :attribute_service_name
-    # rubocop:disable Metrics/ParameterLists
-    def initialize(
-          host:,
-          acs_path:,
-          slo_path:,
-          metadata_path:,
-          private_key:,
-          certificate:,
-          digest_method:,
-          signature_method:,
-          attribute_service_name:
-        )
-      @host = host
-      @acs_path               = acs_path
-      @slo_path               = slo_path
-      @metadata_path          = metadata_path
-      @private_key            = private_key
-      @certificate            = certificate
-      @digest_method          = digest_method
-      @signature_method       = signature_method
-      @attribute_service_name = attribute_service_name
-      validate_attributes
-    end
-    # rubocop:enable Metrics/ParameterLists
-    def acs_url
-      @acs_url ||= URI.join(host, acs_path).to_s
-    end
-    def slo_url
-      @slo_url ||= URI.join(host, slo_path).to_s
-    end
-    def metadata_url
-      @metadata_url ||= URI.join(host, metadata_path).to_s
-    end
-    # rubocop:disable Metrics/MethodLength
-    def sso_attributes
-      @sso_attributes ||=
-        begin
-          {
-            assertion_consumer_service_url: acs_url,
-            issuer: host,
-            private_key: private_key,
-            certificate: certificate,
-            security: {
-              authn_requests_signed: true,
-              embed_sign: false,
-              digest_method: digest_method,
-              signature_method: signature_method
-            }
-          }
-        end
-    end
-    # rubocop:enable Metrics/MethodLength
-    # rubocop:disable Metrics/MethodLength
-    def slo_attributes
-      @slo_attributes ||=
-        begin
-          {
-            issuer: host,
-            private_key: private_key,
-            certificate: certificate,
-            security: {
-              logout_requests_signed: true,
-              embed_sign: false,
-              digest_method: digest_method,
-              signature_method: signature_method
-            }
-          }
-        end
-    end
-    # rubocop:enable Metrics/MethodLength
-    private
-    def validate_attributes
-      if !DIGEST_METHODS.include?(digest_method)
-        raise UnknownDigestMethodError,
-              "Provided digest method is not valid:" \
-              " use one of #{DIGEST_METHODS.join(', ')}"
-      elsif !SIGNATURE_METHODS.include?(signature_method)
-        raise UnknownSignatureMethodError,
-              "Provided digest method is not valid:" \
-              " use one of #{SIGNATURE_METHODS.join(', ')}"
-      end
-    end
-  end
-end

data/lib/spid/slo/settings.rb DELETED

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require "onelogin/ruby-saml/settings"
-module Spid
-  module Slo
-    class Settings # :nodoc:
-      attr_reader :service_provider
-      attr_reader :identity_provider
-      attr_reader :session_index
-      def initialize(
-            service_provider:,
-            identity_provider:,
-            session_index:
-          )
-        @service_provider = service_provider
-        @identity_provider = identity_provider
-        @session_index = session_index
-      end
-      def saml_settings
-        ::OneLogin::RubySaml::Settings.new(slo_attributes)
-      end
-      def slo_attributes
-        [
-          service_provider.slo_attributes,
-          identity_provider.slo_attributes,
-          inner_slo_attributes
-        ].inject(:merge)
-      end
-      def inner_slo_attributes
-        {
-          name_identifier_value: generated_name_identifier_value,
-          name_identifier_format: name_identifier_format_value,
-          sessionindex: session_index
-        }
-      end
-      private
-      def generated_name_identifier_value
-        ::OneLogin::RubySaml::Utils.uuid
-      end
-      def name_identifier_format_value
-        "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
-      end
-    end
-  end
-end

data/lib/spid/sso/settings.rb DELETED

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-module Spid
-  module Sso
-    class Settings # :nodoc:
-      attr_reader :service_provider
-      attr_reader :identity_provider
-      attr_reader :authn_context
-      def initialize(
-            service_provider:,
-            identity_provider:,
-            authn_context: Spid::L1
-          )
-        unless AUTHN_CONTEXTS.include?(authn_context)
-          raise Spid::UnknownAuthnContextError,
-                "Provided authn_context is not valid:" \
-                " use one of #{AUTHN_CONTEXTS.join(', ')}"
-        end
-        @service_provider = service_provider
-        @identity_provider = identity_provider
-        @authn_context = authn_context
-      end
-      def saml_settings
-        ::OneLogin::RubySaml::Settings.new(sso_attributes)
-      end
-      def sso_attributes
-        [
-          service_provider.sso_attributes,
-          identity_provider.sso_attributes,
-          inner_sso_attributes,
-          force_authn_attributes
-        ].inject(:merge)
-      end
-      def inner_sso_attributes
-        {
-          protocol_binding: protocol_binding_value,
-          authn_context: authn_context,
-          authn_context_comparison: Spid::MINIMUM_COMPARISON
-        }
-      end
-      def force_authn_attributes
-        return {} if authn_context <= Spid::L1
-        {
-          force_authn: true
-        }
-      end
-      private
-      def protocol_binding_value
-        "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-      end
-    end
-  end
-end