spid 0.17.3 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -1
- data/README.md +53 -2
- data/lib/spid.rb +0 -1
- data/lib/spid/version.rb +1 -1
- data/spid.gemspec +1 -0
- metadata +15 -5
- data/lib/spid/generators.rb +0 -9
- data/lib/spid/generators/install_generator.rb +0 -13
- data/lib/spid/generators/templates/spid.rb +0 -24
- data/lib/spid/railtie.rb +0 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 89a40be6cd513657d224483f7964c0d63f9479554faa866490f5fe144ced2a44
|
|
4
|
+
data.tar.gz: 39cadb77a01ce43ffb023510a7b5b4a6e855ef026aea92f84aae944d13cb3bdf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6a56e687614772ead99c9d2b7601c207ad015f9051384eb3474ff0a29512b68f9c0fbcf16d1001a16274949df0273a2cbe1eb7ac7c54ca65dd5bbd616d9a559b
|
|
7
|
+
data.tar.gz: db706901ef49f6a6169b07315af2896a356c8ef1e3ac0e87127f34f953ec5270fe4943cdd2cd25a258e63ecea9b73e3c5852f8652ac2759e83d638f2fec4a035
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
4
|
|
|
5
|
+
## [0.18.0] - 2018-09-12
|
|
6
|
+
### Removed
|
|
7
|
+
- Rails specific code
|
|
8
|
+
|
|
5
9
|
## [0.17.3] - 2018-09-12
|
|
6
10
|
### Fixed
|
|
7
11
|
- Metadata embed now signature
|
|
@@ -147,7 +151,8 @@
|
|
|
147
151
|
- Coveralls Integration
|
|
148
152
|
- Rubygems version badge in README
|
|
149
153
|
|
|
150
|
-
[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.
|
|
154
|
+
[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.18.0...HEAD
|
|
155
|
+
[0.18.0]: https://github.com/italia/spid-ruby/compare/v0.17.3...v0.18.0
|
|
151
156
|
[0.17.3]: https://github.com/italia/spid-ruby/compare/v0.17.2...v0.17.3
|
|
152
157
|
[0.17.2]: https://github.com/italia/spid-ruby/compare/v0.17.1...v0.17.2
|
|
153
158
|
[0.17.1]: https://github.com/italia/spid-ruby/compare/v0.17.0...v0.17.1
|
data/README.md
CHANGED
|
@@ -76,12 +76,35 @@ Per motivi di sicurezza il sistema SPID prevede che un Service Provider abbia un
|
|
|
76
76
|
|
|
77
77
|
Al fine di facilitarne lo scaricamento la gemma `spid-ruby` prevede un task rake che li installa nella directory `config.idp_metadata_dir_path`.
|
|
78
78
|
|
|
79
|
-
A questo punto è possibile lanciare
|
|
80
|
-
|
|
81
79
|
```bash
|
|
82
80
|
$ rake spid:fetch_idp_metadata
|
|
83
81
|
```
|
|
84
82
|
|
|
83
|
+
Essendo dei segreti, è sconsigliato salvare i metadata di produzione nel codebase, quindi è preferibile rimandare il task durante la fase di deploy.
|
|
84
|
+
|
|
85
|
+
Utilizzando [capistrano](https://capistranorb.com/) un modo potrebbe essere:
|
|
86
|
+
```ruby
|
|
87
|
+
# config/deploy.rb
|
|
88
|
+
|
|
89
|
+
set :linked_dirs %(
|
|
90
|
+
/path/to/idp_metadata_dir
|
|
91
|
+
)
|
|
92
|
+
|
|
93
|
+
namespace :deploy do
|
|
94
|
+
task :fetch_idp_metadata do
|
|
95
|
+
on roles(:web) do
|
|
96
|
+
execute :rake, "spid:fetch_idp_metadata"
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Se invece state usando [heroku](https://heroku.com) potete usare un buildpack apposito
|
|
103
|
+
```bash
|
|
104
|
+
$ heroku buildpacks:add https://github.com/cantierecreativo/spid-ruby-heroku-buildpack.git
|
|
105
|
+
```
|
|
106
|
+
che lancierà automaticamente il comando durante il deploy. In questo modo i metadata verranno **congelati** nel dyno e saranno sempre disponibili
|
|
107
|
+
|
|
85
108
|
#### Sinatra
|
|
86
109
|
Occorre modificare il `Rakefile` dell'applicazione aggiungendo
|
|
87
110
|
```ruby
|
|
@@ -90,6 +113,34 @@ Occorre modificare il `Rakefile` dell'applicazione aggiungendo
|
|
|
90
113
|
require "spid/tasks"
|
|
91
114
|
```
|
|
92
115
|
|
|
116
|
+
## Nota sulle chiavi OpenSSL
|
|
117
|
+
Per generare delle chiavi di test è possibile utilizzare il seguende comando:
|
|
118
|
+
```bash
|
|
119
|
+
openssl req -x509 -nodes -sha512 -subj '/C=IT' -newkey rsa:4096 -keyout spid-private-key.pem -out spid-certificate.pem
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
La configurazione di `spid-ruby` prevede che venga fornita direttamente la codifica `.pem` del certificato. Questo perché in sistemi quali [Heroku](https://heroku.com) sarebbe necessario avere le chiavi all'interno del repository git, cosa altamente sconsigliata in quanto segreto.
|
|
123
|
+
|
|
124
|
+
Nel caso di deploy su una macchina personale una possibile soluzione è l'utilizzo di [capistrano](https://capistranorb.com/) in modo che i certificati siano gestiti esternamente dal repository.
|
|
125
|
+
|
|
126
|
+
Esempio di configurazione:
|
|
127
|
+
```ruby
|
|
128
|
+
# config/deploy.rb
|
|
129
|
+
|
|
130
|
+
set :linked_files, %w(
|
|
131
|
+
/path/to/private-key.pem,
|
|
132
|
+
/path/to/certificate.pem
|
|
133
|
+
)
|
|
134
|
+
```
|
|
135
|
+
e nella configurazione
|
|
136
|
+
```ruby
|
|
137
|
+
Spid.configure do |config|
|
|
138
|
+
config.private_key_pem = File.read("/path/to/private-key.pem")
|
|
139
|
+
config.certificate_pem = File.read("/path/to/certificate.pem")
|
|
140
|
+
end
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
|
|
93
144
|
## Funzionamento
|
|
94
145
|
### Login
|
|
95
146
|
|
data/lib/spid.rb
CHANGED
|
@@ -9,7 +9,6 @@ require "spid/version"
|
|
|
9
9
|
require "spid/configuration"
|
|
10
10
|
require "spid/identity_provider_manager"
|
|
11
11
|
require "spid/synchronize_idp_metadata"
|
|
12
|
-
require "spid/railtie" if defined?(Rails)
|
|
13
12
|
|
|
14
13
|
module Spid # :nodoc:
|
|
15
14
|
class UnknownAuthnComparisonMethodError < StandardError; end
|
data/lib/spid/version.rb
CHANGED
data/spid.gemspec
CHANGED
|
@@ -28,6 +28,7 @@ Gem::Specification.new do |spec|
|
|
|
28
28
|
spec.add_runtime_dependency "rack", ">= 1", "< 3"
|
|
29
29
|
spec.add_runtime_dependency "rake", ">= 10.0", "< 13"
|
|
30
30
|
spec.add_runtime_dependency "xmldsig", ">= 0.6.6"
|
|
31
|
+
spec.add_runtime_dependency "listen", ">= 0"
|
|
31
32
|
|
|
32
33
|
spec.add_development_dependency "bundler", "~> 1.16"
|
|
33
34
|
spec.add_development_dependency "bundler-audit", "~> 0"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Librera
|
|
@@ -84,6 +84,20 @@ dependencies:
|
|
|
84
84
|
- - ">="
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
86
|
version: 0.6.6
|
|
87
|
+
- !ruby/object:Gem::Dependency
|
|
88
|
+
name: listen
|
|
89
|
+
requirement: !ruby/object:Gem::Requirement
|
|
90
|
+
requirements:
|
|
91
|
+
- - ">="
|
|
92
|
+
- !ruby/object:Gem::Version
|
|
93
|
+
version: '0'
|
|
94
|
+
type: :runtime
|
|
95
|
+
prerelease: false
|
|
96
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
97
|
+
requirements:
|
|
98
|
+
- - ">="
|
|
99
|
+
- !ruby/object:Gem::Version
|
|
100
|
+
version: '0'
|
|
87
101
|
- !ruby/object:Gem::Dependency
|
|
88
102
|
name: bundler
|
|
89
103
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -318,9 +332,6 @@ files:
|
|
|
318
332
|
- idp_metadata/.gitkeep
|
|
319
333
|
- lib/spid.rb
|
|
320
334
|
- lib/spid/configuration.rb
|
|
321
|
-
- lib/spid/generators.rb
|
|
322
|
-
- lib/spid/generators/install_generator.rb
|
|
323
|
-
- lib/spid/generators/templates/spid.rb
|
|
324
335
|
- lib/spid/identity_provider_manager.rb
|
|
325
336
|
- lib/spid/metadata.rb
|
|
326
337
|
- lib/spid/rack.rb
|
|
@@ -330,7 +341,6 @@ files:
|
|
|
330
341
|
- lib/spid/rack/session.rb
|
|
331
342
|
- lib/spid/rack/slo.rb
|
|
332
343
|
- lib/spid/rack/sso.rb
|
|
333
|
-
- lib/spid/railtie.rb
|
|
334
344
|
- lib/spid/saml2.rb
|
|
335
345
|
- lib/spid/saml2/authn_request.rb
|
|
336
346
|
- lib/spid/saml2/identity_provider.rb
|
data/lib/spid/generators.rb
DELETED
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Spid
|
|
4
|
-
module Generators
|
|
5
|
-
class InstallGenerator < ::Rails::Generators::Base # :nodoc:
|
|
6
|
-
source_root File.expand_path("templates", __dir__)
|
|
7
|
-
|
|
8
|
-
def code_that_runs
|
|
9
|
-
copy_file "spid.rb", "config/initializers/spid.rb"
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
end
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
Spid.configure do |config|
|
|
4
|
-
config.hostname = ENV.fetch("HOST")
|
|
5
|
-
|
|
6
|
-
config.idp_metadata_dir_path = Rails.root.join("config/idp_metadata")
|
|
7
|
-
config.private_key_pem = ENV.fetch("PRIVATE_KEY")
|
|
8
|
-
config.certificate_pem = ENV.fetch("CERTIFICATE")
|
|
9
|
-
|
|
10
|
-
config.metadata_path = "/spid/metadata"
|
|
11
|
-
config.login_path = "/spid/login"
|
|
12
|
-
config.logout_path = "/spid/logout"
|
|
13
|
-
config.acs_path = "/spid/sso"
|
|
14
|
-
config.slo_path = "/spid/slo"
|
|
15
|
-
config.default_relay_state_path = "/"
|
|
16
|
-
|
|
17
|
-
config.digest_method = Spid::SHA512
|
|
18
|
-
config.signature_method = Spid::RSA_SHA512
|
|
19
|
-
config.acs_binding = Spid::BINDINGS_HTTP_POST
|
|
20
|
-
config.slo_binding = Spid::BINDINGS_HTTP_REDIRECT
|
|
21
|
-
config.attribute_services = [
|
|
22
|
-
{ name: "Service1", fields: ["email"] }
|
|
23
|
-
]
|
|
24
|
-
end
|