RubyGems - spid - Versions diffs - 0.18.0 → 0.19.0 - Mend

spid 0.18.0 → 0.19.0

Files changed (11) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89a40be6cd513657d224483f7964c0d63f9479554faa866490f5fe144ced2a44
-  data.tar.gz: 39cadb77a01ce43ffb023510a7b5b4a6e855ef026aea92f84aae944d13cb3bdf
+  metadata.gz: 88d30a5ec3f2a9f08ee40952ebbbe6227bfd9c282542f86d477cb4624a73563f
+  data.tar.gz: 6bebd6eaaaab8f143ff3ee39dca472d0bc98ba6546508350f21f41c6acd2f44f
 SHA512:
-  metadata.gz: 6a56e687614772ead99c9d2b7601c207ad015f9051384eb3474ff0a29512b68f9c0fbcf16d1001a16274949df0273a2cbe1eb7ac7c54ca65dd5bbd616d9a559b
-  data.tar.gz: db706901ef49f6a6169b07315af2896a356c8ef1e3ac0e87127f34f953ec5270fe4943cdd2cd25a258e63ecea9b73e3c5852f8652ac2759e83d638f2fec4a035
+  metadata.gz: 6b9ac8240be222488e51da6b8e223952de6b6b54dcb17d0caa5baca2c210ce7a93ce173b7dd70f66332119dd08a11a55de529b0e96ceabf6bab6db65857f0c3f
+  data.tar.gz: d4711b83f7d0479b706a5a15c6a49c953e8352a1b1c0582879cbb77b7f0daa09e9a0d846bc70665396ebceb91468a5a58a0b59549ebca6788793c0e5b6bb9776

data/CHANGELOG.md CHANGED

@@ -2,6 +2,11 @@
 ## [Unreleased]
+## [0.19.0] - 2018-09-14
+### Added
+- Opaque relay state
+- Logging of AuthnRequest and Response
 ## [0.18.0] - 2018-09-12
 ### Removed
 - Rails specific code
@@ -151,7 +156,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.18.0...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.19.0...HEAD
+[0.19.0]: https://github.com/italia/spid-ruby/compare/v0.18.0...v0.19.0
 [0.18.0]: https://github.com/italia/spid-ruby/compare/v0.17.3...v0.18.0
 [0.17.3]: https://github.com/italia/spid-ruby/compare/v0.17.2...v0.17.3
 [0.17.2]: https://github.com/italia/spid-ruby/compare/v0.17.1...v0.17.2

data/README.md CHANGED

@@ -8,6 +8,8 @@
 | Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
 | Test coverate          | [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) |
 | Credits                | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
+| Slack Channel          | [![Join the #spid-ruby channel](https://img.shields.io/badge/Slack%20channel-%23spid--ruby-blue.svg?logo=slack)](https://developersitalia.slack.com/messages/C7F1H35L5 ) [![Get invited](https://slack.developers.italia.it/badge.svg)](https://slack.developers.italia.it/) |
+| Forum                  | [![SPID on forum.italia.it](https://img.shields.io/badge/Forum-SPID-blue.svg)](https://forum.italia.it/c/spid) |
 ## Installazione & Configurazione
@@ -54,6 +56,8 @@ tramite il quale potete accedere alle seguenti configurazioni:
 |config.signature_method|Spid::RSA_SHA256|Algoritmo utilizzato per la generazione della signature XML||
 |config.acs_binding|Spid::BINDINGS_HTTP_POST|Binding method utilizzato per la ricezione dell'Assertion di autenticazione||
 |config.slo_binding|Spid::BINDINGS_HTTP_REDIRECT|Binding method utilizzato ler la ricezione dell'Assertion di chiusura della sessione||
+|config.logging_enabled|false|Se true, abilita il logging delle richieste||
+|config.logger|Logger.new($stdout)|Indica lo stream dove viene salvato il log delle AuthnRequest e delle Response||
 #### Attribute Services
 Il protocollo SPID prevede la possibilità di specificare almeno un servizio di attributi. Ogni servizio ha un nome e un elenco di attributi richiesti.
@@ -140,7 +144,6 @@ Spid.configure do |config|
 end
 ```
 ## Funzionamento
 ### Login
@@ -240,3 +243,43 @@ Per iniziare un logout con SPID l'url da utilizzare è `/spid/logout?idp_name=po
 |**Response/Assertion generation (2.2.2.2):**||
 |generation of `Response/Assertion` XML||
 |Signature||
+## Testing
+Clona il repository
+```bash
+$ git clone git@github.com:italia/spid-ruby
+$ cd spid-ruby
+$ bundle install
+$ bundle exec rake
+ ```
+## Contribuire
+Chiunque è benvenuto nella community e libero di contribuire al suo sviluppo. Ci aspettiamo che chi contribuisca aderisca al codice di condotta [Contributor Covenant](http://contributor-covenant.org).
+Per contribuire al repository
+* Forka il progetto
+* Crea il tuo feature branch `git checkout -b my-feature-branch`
+* Committa le tue modifiche `git commit -a -m "Add some feature"`
+* Pusha il tuo branch `git push origin my-feature-branch -u`
+* Crea una pull request
+Essendo SPID un sistema atto a garatire un sistema di autenticazione certificato con le PA la correttezza del codice deve essere sempre garantita, pertanto ogni pull request che andrà a modificare il codice della libreria dovrà essere corredato degli specifici tests che ne dimostrano la correttezza. Pertanto pull requests senza relativi tests non verranno mergiate.
+Nel caso di apertura di una issue relativa ad un bug, siete pregati di fornire o un commit con un test fallimentare o tutti gli step necessari alla riproduzione del bug.
+## License
+Questa gemma è disponibile in open source sotto i termini della [licenza BSD-3](https://opensource.org/licenses/BSD-3-Clause)
+## Code of Conduct
+Chiunque interagisca con il codice, l'issue tracker o qualunque altro canale di comunicazione è pregato di rispettare il seguente [codice di condotta](https://github.com/italia/spid-ruby/blob/master/CODE_OF_CONDUCT.md).
+## Authors
+* [David Librera](https://github.com/davidlibrera) - [Cantiere Creativo <img src="https://www.cantierecreativo.net/images/illustrations/logo-07f378ea.svg"/>](https://www.cantierecreativo.net)

data/lib/spid/configuration.rb CHANGED

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "logger"
 module Spid
   class Configuration # :nodoc:
     attr_accessor :idp_metadata_dir_path
@@ -17,10 +19,14 @@ module Spid
     attr_accessor :attribute_services
     attr_accessor :private_key_pem
     attr_accessor :certificate_pem
+    attr_accessor :logging_enabled
+    attr_accessor :logger
     def initialize
       @idp_metadata_dir_path    = "idp_metadata"
       @attribute_services       = []
+      @logging_enabled          = false
+      @logger                   = ::Logger.new $stdout
       init_endpoint
       init_bindings
       init_dig_sig_methods

data/lib/spid/rack/login.rb CHANGED

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "digest"
 module Spid
   class Rack
     class Login # :nodoc:
@@ -31,10 +33,12 @@ module Spid
         def response
           session["sso_request_uuid"] = responser.uuid
+          session["relay_state"] = { relay_state_id => relay_state }
+          session["idp"] = idp_name
+          log_message
           [
-            302,
-            { "Location" => sso_url },
-            []
+            302, { "Location" => sso_url }, []
           ]
         end
@@ -47,7 +51,7 @@ module Spid
             begin
               Spid::Sso::Request.new(
                 idp_name: idp_name,
-                relay_state: relay_state,
+                relay_state: relay_state_id,
                 attribute_index: attribute_consuming_service_index,
                 authn_context: authn_context
               )
@@ -64,7 +68,13 @@ module Spid
         end
         def relay_state
-          request.params["relay_state"]
+          request.params["relay_state"] ||
+            Spid.configuration.default_relay_state_path
+        end
+        def relay_state_id
+          digest = Digest::MD5.hexdigest(relay_state)
+          "_#{digest}"
         end
         def idp_name
@@ -78,6 +88,12 @@ module Spid
         def attribute_consuming_service_index
           request.params["attribute_index"] || "0"
         end
+        def log_message
+          return nil unless Spid.configuration.logging_enabled
+          Spid.configuration.logger.info responser.saml_message.delete("\n")
+        end
       end
     end
   end

data/lib/spid/rack/logout.rb CHANGED

@@ -27,10 +27,12 @@ module Spid
         def response
           session["slo_request_uuid"] = responser.uuid
+          session["relay_state"] = {
+            relay_state_id => relay_state
+          }
+          session["idp"] = idp_name
           [
-            302,
-            { "Location" => slo_url },
-            []
+            302, { "Location" => slo_url }, []
           ]
         end
@@ -47,7 +49,7 @@ module Spid
             begin
               Spid::Slo::Request.new(
                 idp_name: idp_name,
-                relay_state: relay_state,
+                relay_state: relay_state_id,
                 session_index: spid_session["session_index"]
               )
             end
@@ -68,7 +70,13 @@ module Spid
         end
         def relay_state
-          request.params["relay_state"]
+          request.params["relay_state"] ||
+            Spid.configuration.default_relay_state_path
+        end
+        def relay_state_id
+          digest = Digest::MD5.hexdigest(relay_state)
+          "_#{digest}"
         end
         def idp_name

data/lib/spid/rack/slo.rb CHANGED

@@ -17,6 +17,7 @@ module Spid
         app.call(env)
       end
+      # rubocop:disable Metrics/ClassLength
       class SloEnv # :nodoc:
         attr_reader :env
         attr_reader :request
@@ -41,7 +42,7 @@ module Spid
         def response_sp_initiated
           [
             302,
-            { "Location" => relay_state },
+            { "Location" => @relay_state },
             responser.response
           ]
         end
@@ -59,18 +60,28 @@ module Spid
         end
         def response
+          @relay_state = relay_state unless idp_initiated?
           validate_session
           return response_idp_initiated if idp_initiated?
           response_sp_initiated
         end
+        def relay_state_param
+          request.params["RelayState"]
+        end
+        def request_relay_state
+          if !relay_state_param.nil? ||
+             relay_state_param != ""
+            session["relay_state"][relay_state_param]
+          end
+        end
         def relay_state
-          if !request.params["RelayState"].nil? &&
-             request.params["RelayState"] != ""
-            request.params["RelayState"]
-          else
-            Spid.configuration.default_relay_state_path
+          if request_relay_state.nil?
+            return Spid.configuration.default_relay_state_path
           end
+          session["relay_state"][relay_state_param]
         end
         def valid_get?
@@ -139,6 +150,7 @@ module Spid
           )
         end
       end
+      # rubocop:enable Metrics/ClassLength
     end
   end
 end

data/lib/spid/rack/sso.rb CHANGED

@@ -24,6 +24,7 @@ module Spid
         def initialize(env)
           @env = env
           @request = ::Rack::Request.new(env)
+          @relay_state = relay_state
         end
         def session
@@ -35,6 +36,7 @@ module Spid
           session["session_index"] = responser.session_index
           session.delete("sso_request_uuid")
           session.delete("errors")
+          session.delete("relay_state")
         end
         def store_session_failure
@@ -45,15 +47,14 @@ module Spid
         end
         def response
+          log_message
           if valid_response?
             store_session_success
           else
             store_session_failure
           end
           [
-            302,
-            { "Location" => relay_state },
-            []
+            302, { "Location" => @relay_state }, []
           ]
         end
@@ -61,13 +62,23 @@ module Spid
           request.params["SAMLResponse"]
         end
+        def relay_state_param
+          request.params["RelayState"]
+        end
+        def request_relay_state
+          if !relay_state_param.nil? &&
+             relay_state_param != "" &&
+             !session["relay_state"].nil?
+            session["relay_state"][relay_state_param]
+          end
+        end
         def relay_state
-          if !request.params["RelayState"].nil? &&
-             request.params["RelayState"] != ""
-            request.params["RelayState"]
-          else
-            Spid.configuration.default_relay_state_path
+          if request_relay_state.nil?
+            return Spid.configuration.default_relay_state_path
           end
+          session["relay_state"][relay_state_param]
         end
         def valid_get?
@@ -102,6 +113,12 @@ module Spid
             request_uuid: session["sso_request_uuid"]
           )
         end
+        def log_message
+          return nil unless Spid.configuration.logging_enabled
+          Spid.configuration.logger.info responser.saml_message.delete("\n")
+        end
       end
     end
   end

data/lib/spid/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.18.0"
+  VERSION = "0.19.0"
 end

data/spid.gemspec CHANGED

@@ -25,10 +25,10 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.3.0"
   spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
+  spec.add_runtime_dependency "listen", ">= 0"
   spec.add_runtime_dependency "rack", ">= 1", "< 3"
   spec.add_runtime_dependency "rake", ">= 10.0", "< 13"
   spec.add_runtime_dependency "xmldsig", ">= 0.6.6"
-  spec.add_runtime_dependency "listen", ">= 0"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit", "~> 0"

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 0.19.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-12 00:00:00.000000000 Z
+date: 2018-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -30,6 +30,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.3'
+- !ruby/object:Gem::Dependency
+  name: listen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -84,20 +98,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.6.6
-- !ruby/object:Gem::Dependency
-  name: listen
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement