spid 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d65f97b5bd606942de9c2bba4a7fe60fadb90de3bf8526d8c80bec3a2ce29ff
-  data.tar.gz: 72d85f52db6688edb9f90f3176af9889b15052b8bc7a45b3eee1c61e269cb825
+  metadata.gz: bc64c3b3b469b3e5e031547db6c09e359902aa6c15b3d37b3426e7549ecc2ebd
+  data.tar.gz: 02e57b8f55b111ec4c0ed1074c023e816077df9e687897f0acb1ad58d0b2b3d8
 SHA512:
-  metadata.gz: 7c0ed6e05c1b45a9a395ea4f4c41c6b45279adc712546bd167ed17a0a3dfba4f28367b287394c22078e95abe561253903153e253a1a967ac4adcf669393a0448
-  data.tar.gz: a8f863472e7f5dcd85abbdb514b3aa8509ac42d7eab1c76eac53aa5eab9af5ae4bef44d159855a0d4cdb609f085a58d878299390243cfde3bb9d9754d96ed316
+  metadata.gz: 9d2c88ef7f6a5ddaab7ba1e35b6e93c7fea274db9a1fddeaa066d070ec5a49fee3457ef882ced3303b5a5f55aeecdecf5cddccb5ecaf198049b2e770c0c23f91
+  data.tar.gz: 3ba760f88fc7e765d4d71e6381753859d0fe84731bd606cffc884f083db0a83e9d367694a3c38716101a227e96171117989eae91acbe9d378b225aeef54b1396

data/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+## [0.12.0] - 2018-08-27
+### Added
+- AttributeConsumingService management
+
 ## [0.11.0] - 2018-08-23
 ### Changed
 - Use custom Saml2 library instead of ruby-saml gem
@@ -93,7 +97,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
 
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.11.0...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.12.0...HEAD
+[0.12.0]: https://github.com/italia/spid-ruby/compare/v0.11.0...v0.12.0
 [0.11.0]: https://github.com/italia/spid-ruby/compare/v0.10.0...v0.11.0
 [0.10.0]: https://github.com/italia/spid-ruby/compare/v0.9.0...v0.10.0
 [0.9.0]: https://github.com/italia/spid-ruby/compare/v0.8.0...v0.9.0

data/lib/spid.rb

@@ -14,6 +14,8 @@ module Spid # :nodoc:
   class UnknownAuthnContextError < StandardError; end
   class UnknownDigestMethodError < StandardError; end
   class UnknownSignatureMethodError < StandardError; end
+  class UnknownAttributeFieldError < StandardError; end
+  class MissingAttributeServicesError < StandardError; end
 
   EXACT_COMPARISON = :exact
   MINIMUM_COMPARISON = :minimum
@@ -69,6 +71,26 @@ module Spid # :nodoc:
     L3
   ].freeze
 
+  ATTRIBUTES_MAP = {
+    spid_code: "spidCode",
+    name: "name",
+    family_name: "familyName",
+    place_of_birth: "placeOfBirth",
+    date_of_birth: "dateOfBirth",
+    gender: "gender",
+    company_name: "companyName",
+    registered_office: "registeredOffice",
+    fiscal_number: "fiscalNumber",
+    iva_code: "ivaCode",
+    id_card: "idCard",
+    mobile_phone: "mobilePhone",
+    email: "email",
+    address: "address",
+    digital_address: "digitalAddress"
+  }.freeze
+
+  ATTRIBUTES = ATTRIBUTES_MAP.keys.freeze
+
   class << self
     attr_writer :configuration
   end

data/lib/spid/configuration.rb

@@ -13,14 +13,14 @@ module Spid
     attr_accessor :signature_method
     attr_accessor :private_key
     attr_accessor :certificate
-    attr_accessor :attribute_service_name
     attr_accessor :default_relay_state_path
     attr_accessor :acs_binding
     attr_accessor :slo_binding
+    attr_accessor :attribute_services
 
     def initialize
       @idp_metadata_dir_path    = "idp_metadata"
-      @attribute_service_name   = nil
+      @attribute_services       = []
       init_endpoint
       init_bindings
       init_dig_sig_methods
@@ -60,7 +60,7 @@ module Spid
             slo_binding: slo_binding, metadata_path: metadata_path,
             private_key: private_key, certificate: certificate,
             digest_method: digest_method, signature_method: signature_method,
-            attribute_service_name: attribute_service_name, host: hostname
+            attribute_services: attribute_services, host: hostname
           )
         end
     end

data/lib/spid/rack/login.rb

@@ -37,7 +37,8 @@ module Spid
         def sso_url
           Spid::Sso::Request.new(
             idp_name: idp_name,
-            relay_state: relay_state
+            relay_state: relay_state,
+            attribute_index: attribute_consuming_service_index
           ).url
         end
 
@@ -57,6 +58,10 @@ module Spid
         def idp_name
           request.params["idp_name"]
         end
+
+        def attribute_consuming_service_index
+          request.params["attribute_index"] || "0"
+        end
       end
     end
   end

data/lib/spid/saml2/authn_request.rb

@@ -43,7 +43,8 @@ module Spid
               "Version" => "2.0",
               "IssueInstant" => issue_instant,
               "Destination" => settings.idp_sso_target_url,
-              "AssertionConsumerServiceIndex" => settings.acs_index
+              "AssertionConsumerServiceIndex" => settings.acs_index,
+              "AttributeConsumingServiceIndex" => settings.attribute_index
             }
             attributes["ForceAuthn"] = true if settings.force_authn?
             attributes

data/lib/spid/saml2/service_provider.rb

@@ -15,7 +15,7 @@ module Spid
       attr_reader :certificate
       attr_reader :digest_method
       attr_reader :signature_method
-      attr_reader :attribute_service_name
+      attr_reader :attribute_services
 
       # rubocop:disable Metrics/ParameterLists
       # rubocop:disable Metrics/MethodLength
@@ -30,7 +30,7 @@ module Spid
             certificate:,
             digest_method:,
             signature_method:,
-            attribute_service_name:
+            attribute_services:
           )
         @host = host
         @acs_path               = acs_path
@@ -42,7 +42,8 @@ module Spid
         @certificate            = certificate
         @digest_method          = digest_method
         @signature_method       = signature_method
-        @attribute_service_name = attribute_service_name
+        @attribute_services     = attribute_services
+        validate_digest_methods
         validate_attributes
       end
       # rubocop:enable Metrics/MethodLength
@@ -63,6 +64,24 @@ module Spid
       private
 
       def validate_attributes
+        if attribute_services.empty?
+          raise MissingAttributeServicesError,
+                "Provide at least one attribute service"
+        elsif attribute_services.any? { |as| !validate_attribute_service(as) }
+          raise UnknownAttributeFieldError,
+                "Provided attribute in services are not valid:" \
+                " use only fields in #{ATTRIBUTES.join(', ')}"
+        end
+      end
+
+      def validate_attribute_service(attribute_service)
+        return false unless attribute_service.key?(:name)
+        return false unless attribute_service.key?(:fields)
+        not_valid_fields = attribute_service[:fields] - ATTRIBUTES
+        not_valid_fields.empty?
+      end
+
+      def validate_digest_methods
         if !DIGEST_METHODS.include?(digest_method)
           raise UnknownDigestMethodError,
                 "Provided digest method is not valid:" \

data/lib/spid/saml2/settings.rb

@@ -8,9 +8,16 @@ module Spid
       attr_reader :identity_provider
       attr_reader :service_provider
       attr_reader :authn_context
-
-      def initialize(identity_provider:, service_provider:, authn_context: nil)
+      attr_reader :attribute_index
+
+      def initialize(
+            identity_provider:,
+            service_provider:,
+            attribute_index: nil,
+            authn_context: nil
+          )
         @authn_context = authn_context || Spid::L1
+        @attribute_index = attribute_index
         unless AUTHN_CONTEXTS.include?(@authn_context)
           raise Spid::UnknownAuthnContextError,
                 "Provided authn_context '#{@authn_context}' is not valid:" \
@@ -53,6 +60,10 @@ module Spid
         service_provider.slo_binding
       end
 
+      def sp_attribute_services
+        service_provider.attribute_services
+      end
+
       def private_key
         service_provider.private_key
       end

data/lib/spid/saml2/sp_metadata.rb

@@ -2,6 +2,7 @@
 
 module Spid
   module Saml2
+    # rubocop:disable Metrics/ClassLength
     class SPMetadata # :nodoc:
       attr_reader :document
       attr_reader :settings
@@ -37,6 +38,8 @@ module Spid
         }
       end
 
+      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/AbcSize
       def sp_sso_descriptor
         @sp_sso_descriptor ||=
           begin
@@ -45,9 +48,41 @@ module Spid
             element.add_element key_descriptor
             element.add_element ac_service
             element.add_element slo_service
+            settings.sp_attribute_services.each.with_index do |service, index|
+              name = service[:name]
+              fields = service[:fields]
+              element.add_element attribute_consuming_service(
+                index, name, fields
+              )
+            end
             element
           end
       end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/MethodLength
+
+      def attribute_consuming_service(index, name, fields)
+        element = REXML::Element.new("md:AttributeConsumingService")
+        element.add_attributes("index" => index)
+        element.add_element service_name(name)
+        fields.each do |field|
+          element.add_element requested_attribute(field)
+        end
+        element
+      end
+
+      def service_name(name)
+        element = REXML::Element.new("md:ServiceName")
+        element.add_attributes("xml:lang" => "it")
+        element.text = name
+        element
+      end
+
+      def requested_attribute(name)
+        element = REXML::Element.new("md:RequestedAttribute")
+        element.add_attributes("Name" => ATTRIBUTES_MAP[name])
+        element
+      end
 
       def sp_sso_descriptor_attributes
         @sp_sso_descriptor_attributes ||= {
@@ -100,5 +135,6 @@ module Spid
           end
       end
     end
+    # rubocop:enable Metrics/ClassLength
   end
 end

data/lib/spid/sso/request.rb

@@ -5,17 +5,20 @@ module Spid
     class Request # :nodoc:
       attr_reader :idp_name
       attr_reader :relay_state
+      attr_reader :attribute_index
       attr_reader :authn_context
       attr_reader :authn_context_comparison
 
       def initialize(
             idp_name:,
+            attribute_index:,
             relay_state: nil,
             authn_context: nil
           )
         @idp_name = idp_name
         @relay_state = relay_state
         @authn_context = authn_context || Spid::L1
+        @attribute_index = attribute_index
         @relay_state =
           begin
             relay_state || Spid.configuration.default_relay_state_path
@@ -53,7 +56,8 @@ module Spid
         @settings ||= Spid::Saml2::Settings.new(
           identity_provider: identity_provider,
           service_provider: service_provider,
-          authn_context: authn_context
+          authn_context: authn_context,
+          attribute_index: attribute_index
         )
       end
 

data/lib/spid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spid
-  VERSION = "0.11.0"
+  VERSION = "0.12.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - David Librera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-23 00:00:00.000000000 Z
+date: 2018-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport