spid 0.18.0 → 0.19.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89a40be6cd513657d224483f7964c0d63f9479554faa866490f5fe144ced2a44
4
- data.tar.gz: 39cadb77a01ce43ffb023510a7b5b4a6e855ef026aea92f84aae944d13cb3bdf
3
+ metadata.gz: 88d30a5ec3f2a9f08ee40952ebbbe6227bfd9c282542f86d477cb4624a73563f
4
+ data.tar.gz: 6bebd6eaaaab8f143ff3ee39dca472d0bc98ba6546508350f21f41c6acd2f44f
5
5
  SHA512:
6
- metadata.gz: 6a56e687614772ead99c9d2b7601c207ad015f9051384eb3474ff0a29512b68f9c0fbcf16d1001a16274949df0273a2cbe1eb7ac7c54ca65dd5bbd616d9a559b
7
- data.tar.gz: db706901ef49f6a6169b07315af2896a356c8ef1e3ac0e87127f34f953ec5270fe4943cdd2cd25a258e63ecea9b73e3c5852f8652ac2759e83d638f2fec4a035
6
+ metadata.gz: 6b9ac8240be222488e51da6b8e223952de6b6b54dcb17d0caa5baca2c210ce7a93ce173b7dd70f66332119dd08a11a55de529b0e96ceabf6bab6db65857f0c3f
7
+ data.tar.gz: d4711b83f7d0479b706a5a15c6a49c953e8352a1b1c0582879cbb77b7f0daa09e9a0d846bc70665396ebceb91468a5a58a0b59549ebca6788793c0e5b6bb9776
@@ -2,6 +2,11 @@
2
2
 
3
3
  ## [Unreleased]
4
4
 
5
+ ## [0.19.0] - 2018-09-14
6
+ ### Added
7
+ - Opaque relay state
8
+ - Logging of AuthnRequest and Response
9
+
5
10
  ## [0.18.0] - 2018-09-12
6
11
  ### Removed
7
12
  - Rails specific code
@@ -151,7 +156,8 @@
151
156
  - Coveralls Integration
152
157
  - Rubygems version badge in README
153
158
 
154
- [Unreleased]: https://github.com/italia/spid-ruby/compare/v0.18.0...HEAD
159
+ [Unreleased]: https://github.com/italia/spid-ruby/compare/v0.19.0...HEAD
160
+ [0.19.0]: https://github.com/italia/spid-ruby/compare/v0.18.0...v0.19.0
155
161
  [0.18.0]: https://github.com/italia/spid-ruby/compare/v0.17.3...v0.18.0
156
162
  [0.17.3]: https://github.com/italia/spid-ruby/compare/v0.17.2...v0.17.3
157
163
  [0.17.2]: https://github.com/italia/spid-ruby/compare/v0.17.1...v0.17.2
data/README.md CHANGED
@@ -8,6 +8,8 @@
8
8
  | Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
9
9
  | Test coverate | [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) |
10
10
  | Credits | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
11
+ | Slack Channel | [![Join the #spid-ruby channel](https://img.shields.io/badge/Slack%20channel-%23spid--ruby-blue.svg?logo=slack)](https://developersitalia.slack.com/messages/C7F1H35L5 ) [![Get invited](https://slack.developers.italia.it/badge.svg)](https://slack.developers.italia.it/) |
12
+ | Forum | [![SPID on forum.italia.it](https://img.shields.io/badge/Forum-SPID-blue.svg)](https://forum.italia.it/c/spid) |
11
13
 
12
14
  ## Installazione & Configurazione
13
15
 
@@ -54,6 +56,8 @@ tramite il quale potete accedere alle seguenti configurazioni:
54
56
  |config.signature_method|Spid::RSA_SHA256|Algoritmo utilizzato per la generazione della signature XML||
55
57
  |config.acs_binding|Spid::BINDINGS_HTTP_POST|Binding method utilizzato per la ricezione dell'Assertion di autenticazione||
56
58
  |config.slo_binding|Spid::BINDINGS_HTTP_REDIRECT|Binding method utilizzato ler la ricezione dell'Assertion di chiusura della sessione||
59
+ |config.logging_enabled|false|Se true, abilita il logging delle richieste||
60
+ |config.logger|Logger.new($stdout)|Indica lo stream dove viene salvato il log delle AuthnRequest e delle Response||
57
61
 
58
62
  #### Attribute Services
59
63
  Il protocollo SPID prevede la possibilità di specificare almeno un servizio di attributi. Ogni servizio ha un nome e un elenco di attributi richiesti.
@@ -140,7 +144,6 @@ Spid.configure do |config|
140
144
  end
141
145
  ```
142
146
 
143
-
144
147
  ## Funzionamento
145
148
  ### Login
146
149
 
@@ -240,3 +243,43 @@ Per iniziare un logout con SPID l'url da utilizzare è `/spid/logout?idp_name=po
240
243
  |**Response/Assertion generation (2.2.2.2):**||
241
244
  |generation of `Response/Assertion` XML||
242
245
  |Signature||
246
+
247
+ ## Testing
248
+
249
+ Clona il repository
250
+ ```bash
251
+ $ git clone git@github.com:italia/spid-ruby
252
+ $ cd spid-ruby
253
+ $ bundle install
254
+ $ bundle exec rake
255
+ ```
256
+
257
+ ## Contribuire
258
+
259
+ Chiunque è benvenuto nella community e libero di contribuire al suo sviluppo. Ci aspettiamo che chi contribuisca aderisca al codice di condotta [Contributor Covenant](http://contributor-covenant.org).
260
+
261
+ Per contribuire al repository
262
+
263
+ * Forka il progetto
264
+ * Crea il tuo feature branch `git checkout -b my-feature-branch`
265
+ * Committa le tue modifiche `git commit -a -m "Add some feature"`
266
+ * Pusha il tuo branch `git push origin my-feature-branch -u`
267
+ * Crea una pull request
268
+
269
+ Essendo SPID un sistema atto a garatire un sistema di autenticazione certificato con le PA la correttezza del codice deve essere sempre garantita, pertanto ogni pull request che andrà a modificare il codice della libreria dovrà essere corredato degli specifici tests che ne dimostrano la correttezza. Pertanto pull requests senza relativi tests non verranno mergiate.
270
+
271
+
272
+ Nel caso di apertura di una issue relativa ad un bug, siete pregati di fornire o un commit con un test fallimentare o tutti gli step necessari alla riproduzione del bug.
273
+
274
+
275
+ ## License
276
+
277
+ Questa gemma è disponibile in open source sotto i termini della [licenza BSD-3](https://opensource.org/licenses/BSD-3-Clause)
278
+
279
+ ## Code of Conduct
280
+
281
+ Chiunque interagisca con il codice, l'issue tracker o qualunque altro canale di comunicazione è pregato di rispettare il seguente [codice di condotta](https://github.com/italia/spid-ruby/blob/master/CODE_OF_CONDUCT.md).
282
+
283
+ ## Authors
284
+
285
+ * [David Librera](https://github.com/davidlibrera) - [Cantiere Creativo <img src="https://www.cantierecreativo.net/images/illustrations/logo-07f378ea.svg"/>](https://www.cantierecreativo.net)
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "logger"
4
+
3
5
  module Spid
4
6
  class Configuration # :nodoc:
5
7
  attr_accessor :idp_metadata_dir_path
@@ -17,10 +19,14 @@ module Spid
17
19
  attr_accessor :attribute_services
18
20
  attr_accessor :private_key_pem
19
21
  attr_accessor :certificate_pem
22
+ attr_accessor :logging_enabled
23
+ attr_accessor :logger
20
24
 
21
25
  def initialize
22
26
  @idp_metadata_dir_path = "idp_metadata"
23
27
  @attribute_services = []
28
+ @logging_enabled = false
29
+ @logger = ::Logger.new $stdout
24
30
  init_endpoint
25
31
  init_bindings
26
32
  init_dig_sig_methods
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "digest"
4
+
3
5
  module Spid
4
6
  class Rack
5
7
  class Login # :nodoc:
@@ -31,10 +33,12 @@ module Spid
31
33
 
32
34
  def response
33
35
  session["sso_request_uuid"] = responser.uuid
36
+ session["relay_state"] = { relay_state_id => relay_state }
37
+ session["idp"] = idp_name
38
+
39
+ log_message
34
40
  [
35
- 302,
36
- { "Location" => sso_url },
37
- []
41
+ 302, { "Location" => sso_url }, []
38
42
  ]
39
43
  end
40
44
 
@@ -47,7 +51,7 @@ module Spid
47
51
  begin
48
52
  Spid::Sso::Request.new(
49
53
  idp_name: idp_name,
50
- relay_state: relay_state,
54
+ relay_state: relay_state_id,
51
55
  attribute_index: attribute_consuming_service_index,
52
56
  authn_context: authn_context
53
57
  )
@@ -64,7 +68,13 @@ module Spid
64
68
  end
65
69
 
66
70
  def relay_state
67
- request.params["relay_state"]
71
+ request.params["relay_state"] ||
72
+ Spid.configuration.default_relay_state_path
73
+ end
74
+
75
+ def relay_state_id
76
+ digest = Digest::MD5.hexdigest(relay_state)
77
+ "_#{digest}"
68
78
  end
69
79
 
70
80
  def idp_name
@@ -78,6 +88,12 @@ module Spid
78
88
  def attribute_consuming_service_index
79
89
  request.params["attribute_index"] || "0"
80
90
  end
91
+
92
+ def log_message
93
+ return nil unless Spid.configuration.logging_enabled
94
+
95
+ Spid.configuration.logger.info responser.saml_message.delete("\n")
96
+ end
81
97
  end
82
98
  end
83
99
  end
@@ -27,10 +27,12 @@ module Spid
27
27
 
28
28
  def response
29
29
  session["slo_request_uuid"] = responser.uuid
30
+ session["relay_state"] = {
31
+ relay_state_id => relay_state
32
+ }
33
+ session["idp"] = idp_name
30
34
  [
31
- 302,
32
- { "Location" => slo_url },
33
- []
35
+ 302, { "Location" => slo_url }, []
34
36
  ]
35
37
  end
36
38
 
@@ -47,7 +49,7 @@ module Spid
47
49
  begin
48
50
  Spid::Slo::Request.new(
49
51
  idp_name: idp_name,
50
- relay_state: relay_state,
52
+ relay_state: relay_state_id,
51
53
  session_index: spid_session["session_index"]
52
54
  )
53
55
  end
@@ -68,7 +70,13 @@ module Spid
68
70
  end
69
71
 
70
72
  def relay_state
71
- request.params["relay_state"]
73
+ request.params["relay_state"] ||
74
+ Spid.configuration.default_relay_state_path
75
+ end
76
+
77
+ def relay_state_id
78
+ digest = Digest::MD5.hexdigest(relay_state)
79
+ "_#{digest}"
72
80
  end
73
81
 
74
82
  def idp_name
@@ -17,6 +17,7 @@ module Spid
17
17
  app.call(env)
18
18
  end
19
19
 
20
+ # rubocop:disable Metrics/ClassLength
20
21
  class SloEnv # :nodoc:
21
22
  attr_reader :env
22
23
  attr_reader :request
@@ -41,7 +42,7 @@ module Spid
41
42
  def response_sp_initiated
42
43
  [
43
44
  302,
44
- { "Location" => relay_state },
45
+ { "Location" => @relay_state },
45
46
  responser.response
46
47
  ]
47
48
  end
@@ -59,18 +60,28 @@ module Spid
59
60
  end
60
61
 
61
62
  def response
63
+ @relay_state = relay_state unless idp_initiated?
62
64
  validate_session
63
65
  return response_idp_initiated if idp_initiated?
64
66
  response_sp_initiated
65
67
  end
66
68
 
69
+ def relay_state_param
70
+ request.params["RelayState"]
71
+ end
72
+
73
+ def request_relay_state
74
+ if !relay_state_param.nil? ||
75
+ relay_state_param != ""
76
+ session["relay_state"][relay_state_param]
77
+ end
78
+ end
79
+
67
80
  def relay_state
68
- if !request.params["RelayState"].nil? &&
69
- request.params["RelayState"] != ""
70
- request.params["RelayState"]
71
- else
72
- Spid.configuration.default_relay_state_path
81
+ if request_relay_state.nil?
82
+ return Spid.configuration.default_relay_state_path
73
83
  end
84
+ session["relay_state"][relay_state_param]
74
85
  end
75
86
 
76
87
  def valid_get?
@@ -139,6 +150,7 @@ module Spid
139
150
  )
140
151
  end
141
152
  end
153
+ # rubocop:enable Metrics/ClassLength
142
154
  end
143
155
  end
144
156
  end
@@ -24,6 +24,7 @@ module Spid
24
24
  def initialize(env)
25
25
  @env = env
26
26
  @request = ::Rack::Request.new(env)
27
+ @relay_state = relay_state
27
28
  end
28
29
 
29
30
  def session
@@ -35,6 +36,7 @@ module Spid
35
36
  session["session_index"] = responser.session_index
36
37
  session.delete("sso_request_uuid")
37
38
  session.delete("errors")
39
+ session.delete("relay_state")
38
40
  end
39
41
 
40
42
  def store_session_failure
@@ -45,15 +47,14 @@ module Spid
45
47
  end
46
48
 
47
49
  def response
50
+ log_message
48
51
  if valid_response?
49
52
  store_session_success
50
53
  else
51
54
  store_session_failure
52
55
  end
53
56
  [
54
- 302,
55
- { "Location" => relay_state },
56
- []
57
+ 302, { "Location" => @relay_state }, []
57
58
  ]
58
59
  end
59
60
 
@@ -61,13 +62,23 @@ module Spid
61
62
  request.params["SAMLResponse"]
62
63
  end
63
64
 
65
+ def relay_state_param
66
+ request.params["RelayState"]
67
+ end
68
+
69
+ def request_relay_state
70
+ if !relay_state_param.nil? &&
71
+ relay_state_param != "" &&
72
+ !session["relay_state"].nil?
73
+ session["relay_state"][relay_state_param]
74
+ end
75
+ end
76
+
64
77
  def relay_state
65
- if !request.params["RelayState"].nil? &&
66
- request.params["RelayState"] != ""
67
- request.params["RelayState"]
68
- else
69
- Spid.configuration.default_relay_state_path
78
+ if request_relay_state.nil?
79
+ return Spid.configuration.default_relay_state_path
70
80
  end
81
+ session["relay_state"][relay_state_param]
71
82
  end
72
83
 
73
84
  def valid_get?
@@ -102,6 +113,12 @@ module Spid
102
113
  request_uuid: session["sso_request_uuid"]
103
114
  )
104
115
  end
116
+
117
+ def log_message
118
+ return nil unless Spid.configuration.logging_enabled
119
+
120
+ Spid.configuration.logger.info responser.saml_message.delete("\n")
121
+ end
105
122
  end
106
123
  end
107
124
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spid
4
- VERSION = "0.18.0"
4
+ VERSION = "0.19.0"
5
5
  end
@@ -25,10 +25,10 @@ Gem::Specification.new do |spec|
25
25
  spec.required_ruby_version = ">= 2.3.0"
26
26
 
27
27
  spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
28
+ spec.add_runtime_dependency "listen", ">= 0"
28
29
  spec.add_runtime_dependency "rack", ">= 1", "< 3"
29
30
  spec.add_runtime_dependency "rake", ">= 10.0", "< 13"
30
31
  spec.add_runtime_dependency "xmldsig", ">= 0.6.6"
31
- spec.add_runtime_dependency "listen", ">= 0"
32
32
 
33
33
  spec.add_development_dependency "bundler", "~> 1.16"
34
34
  spec.add_development_dependency "bundler-audit", "~> 0"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.18.0
4
+ version: 0.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Librera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-09-12 00:00:00.000000000 Z
11
+ date: 2018-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -30,6 +30,20 @@ dependencies:
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
32
  version: '5.3'
33
+ - !ruby/object:Gem::Dependency
34
+ name: listen
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ type: :runtime
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
33
47
  - !ruby/object:Gem::Dependency
34
48
  name: rack
35
49
  requirement: !ruby/object:Gem::Requirement
@@ -84,20 +98,6 @@ dependencies:
84
98
  - - ">="
85
99
  - !ruby/object:Gem::Version
86
100
  version: 0.6.6
87
- - !ruby/object:Gem::Dependency
88
- name: listen
89
- requirement: !ruby/object:Gem::Requirement
90
- requirements:
91
- - - ">="
92
- - !ruby/object:Gem::Version
93
- version: '0'
94
- type: :runtime
95
- prerelease: false
96
- version_requirements: !ruby/object:Gem::Requirement
97
- requirements:
98
- - - ">="
99
- - !ruby/object:Gem::Version
100
- version: '0'
101
101
  - !ruby/object:Gem::Dependency
102
102
  name: bundler
103
103
  requirement: !ruby/object:Gem::Requirement