RubyGems - spid - Versions diffs - 0.3.1 → 0.4.0 - Mend

spid 0.3.1 → 0.4.0

Files changed (16) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/CHANGELOG.md +7 -1
data/idp_metadata/.gitkeep +0 -0
data/lib/spid.rb +6 -1
data/lib/spid/identity_provider_configuration.rb +30 -0
data/lib/spid/identity_providers.rb +15 -2
data/lib/spid/idp_metadata.rb +1 -1
data/lib/spid/metadata.rb +25 -9
data/lib/spid/service_provider_configuration.rb +73 -0
data/lib/spid/sso_request.rb +90 -0
data/lib/spid/sso_response.rb +44 -0
data/lib/spid/version.rb +1 -1
data/spid.gemspec +1 -0
metadata +21 -3
data/lib/spid/generate_authn_request.rb +0 -78

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f94ff48217764f22a3055a10c96d6f95a551ad8c6bd3feb70c7cd13642dc438
-  data.tar.gz: 2e189a0bee7b42c4518a955c856ce641dc5ba0108f9725a907a8ed8505363b40
+  metadata.gz: 11409a6db93f8bc29e6a8b0d6678e9c893441ad99fc67302667ad2493a0b0dc8
+  data.tar.gz: 9e6e5c2c079bf2bc232e92fc7585b7f461614dc521de1eff92427a782d60e8ea
 SHA512:
-  metadata.gz: 893a1e5c15958af449b3d7d2d900bf472c79d44f7b19d4083b0ab80c4b15fea7a46c865b27a2cd7bf7d0bc89d283ce192f9847732418005e687addbfaae6587b
-  data.tar.gz: dc68d4cd16a9b2d088b5e5da333a19b805d3de613102ded4c6d8543748cad7a33692e3373c549d7449d96a68c8ee953456159b5f04bb73ce6fe2a8530c2a33de
+  metadata.gz: 015c7a6b37a8640123c3bb15df3aadfdc9ea21a76acc9ee5886191cdec2b3c95a013b1e8b5039efd0250351180c2f97c6e928161539f435353e985a555895ec3
+  data.tar.gz: 52445d55b3bf64d28ee9caf601b7a1e3146df9721f87beafed2ecc63a6f46f41c45d7ae09deeef9d2bb0c00f857a972d4890f35fd0af889080d7055a957b5742

data/.gitignore CHANGED Viewed

@@ -25,3 +25,4 @@ build-iPhoneOS/
 build-iPhoneSimulator/
 build/
 /Gemfile.lock
+/idp_metadata/*.xml

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,11 @@
 ## [Unreleased]
+## [0.4.0] - 2018-07-13
+### Added
+- ServiceProviderConfiguration class handles configuration for a specific host
+- SsoResponse class
 ## [0.3.1] - 2018-07-09
 ### Added
 - Signature in authn_request
@@ -39,7 +44,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.3.1...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.4.0...HEAD
+[0.4.0]: https://github.com/italia/spid-ruby/compare/v0.3.1...v0.4.0
 [0.3.1]: https://github.com/italia/spid-ruby/compare/v0.3.0...v0.3.1
 [0.3.0]: https://github.com/italia/spid-ruby/compare/v0.2.2...v0.3.0
 [0.2.2]: https://github.com/italia/spid-ruby/compare/v0.2.1...v0.2.2

data/idp_metadata/.gitkeep ADDED Viewed

File without changes

data/lib/spid.rb CHANGED Viewed

@@ -1,15 +1,20 @@
 # frozen_string_literal: true
 require "spid/authn_request"
-require "spid/generate_authn_request"
+require "spid/sso_request"
+require "spid/sso_response"
 require "spid/identity_providers"
 require "spid/metadata"
 require "spid/idp_metadata"
 require "spid/version"
+require "spid/identity_provider_configuration"
+require "spid/service_provider_configuration"
 module Spid # :nodoc:
   class UnknownAuthnComparisonMethodError < StandardError; end
   class UnknownAuthnContextError < StandardError; end
+  class UnknownDigestMethodError < StandardError; end
+  class UnknownSignatureMethodError < StandardError; end
   EXACT_COMPARISON = :exact
   MININUM_COMPARISON = :minumum

data/lib/spid/identity_provider_configuration.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module Spid
+  class IdentityProviderConfiguration # :nodoc:
+    attr_reader :idp_metadata, :idp_metadata_hash
+    def initialize(idp_metadata:)
+      @idp_metadata = idp_metadata
+      @idp_metadata_hash = idp_metadata_parser.parse_to_hash(idp_metadata)
+    end
+    def entity_id
+      @entity_id ||= idp_metadata_hash[:idp_entity_id]
+    end
+    def sso_target_url
+      @sso_target_url ||= idp_metadata_hash[:idp_sso_target_url]
+    end
+    def cert_fingerprint
+      @cert_fingerprint ||= idp_metadata_hash[:idp_cert_fingerprint]
+    end
+    private
+    def idp_metadata_parser
+      @idp_metadata_parser ||= ::OneLogin::RubySaml::IdpMetadataParser.new
+    end
+  end
+end

data/lib/spid/identity_providers.rb CHANGED Viewed

@@ -5,15 +5,18 @@ require "faraday_middleware"
 module Spid
   class IdentityProviders # :nodoc:
+    class MetadataFetchError < StandardError; end
     def self.fetch_all
       new.fetch_all
     end
     def fetch_all
       spid_idp_entities.map do |idp|
+        metadata_url = check_for_final_metadata_url(idp["metadata_url"])
         {
           name: idp["entity_name"].gsub(/ ID$/, "").downcase,
-          metadata_url: idp["metadata_url"],
+          metadata_url: metadata_url,
           entity_id: idp["entity_id"]
         }
       end
@@ -21,8 +24,18 @@ module Spid
     private
+    def check_for_final_metadata_url(metadata_url)
+      response = Faraday.get(metadata_url)
+      case response.status
+      when 200
+        metadata_url
+      when 301, 302
+        response["Location"]
+      end
+    end
     def spid_idp_entities
-      return [] if response.body["spidFederationRegistry"].blank?
+      return [] if response.body["spidFederationRegistry"].nil?
       response.body["spidFederationRegistry"]["entities"]
     end

data/lib/spid/idp_metadata.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Spid
     end
     def [](idp_name)
-      return @metadata[idp_name] if @metadata[idp_name].present?
+      return @metadata[idp_name] unless @metadata[idp_name].nil?
       idp_hash = identity_provider_hash(idp_name)
       @metadata[idp_name] = parser.parse_remote_to_hash(

data/lib/spid/metadata.rb CHANGED Viewed

@@ -6,25 +6,22 @@ require "onelogin/ruby-saml/settings"
 module Spid
   class Metadata # :nodoc:
     attr_reader :metadata_attributes,
+                :service_provider_configuration,
                 :attribute_service_name
     # rubocop:disable Metrics/MethodLength
-    # rubocop:disable Metrics/ParameterLists
     def initialize(
-          issuer:,
-          private_key_filepath:,
-          certificate_filepath:,
-          assertion_consumer_service_url:,
-          single_logout_service_url:,
+          service_provider_configuration:,
           attribute_service_name:,
           digest_method: Spid::SHA256,
           signature_method: Spid::RSA_SHA256
         )
+      @service_provider_configuration = service_provider_configuration
       @attribute_service_name = attribute_service_name
       @metadata_attributes = {
         issuer: issuer,
-        private_key: File.read(private_key_filepath),
-        certificate: File.read(certificate_filepath),
+        private_key: private_key_content,
+        certificate: certificate_content,
         assertion_consumer_service_url: assertion_consumer_service_url,
         single_logout_service_url: single_logout_service_url,
         security: {
@@ -41,13 +38,32 @@ module Spid
         }
       }
     end
-    # rubocop:enable Metrics/ParameterLists
     # rubocop:enable Metrics/MethodLength
     def to_xml
       metadata.generate(saml_settings)
     end
+    def issuer
+      service_provider_configuration.host
+    end
+    def private_key_content
+      service_provider_configuration.private_key
+    end
+    def certificate_content
+      service_provider_configuration.certificate
+    end
+    def assertion_consumer_service_url
+      service_provider_configuration.sso_url
+    end
+    def single_logout_service_url
+      service_provider_configuration.slo_url
+    end
     private
     def metadata

data/lib/spid/service_provider_configuration.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require "uri"
+module Spid
+  class ServiceProviderConfiguration # :nodoc:
+    attr_reader :host,
+                :sso_path,
+                :slo_path,
+                :metadata_path,
+                :private_key_file_path,
+                :certificate_file_path,
+                :digest_method,
+                :signature_method
+    # rubocop:disable Metrics/ParameterLists
+    def initialize(
+          host:,
+          sso_path:,
+          slo_path:,
+          metadata_path:,
+          private_key_file_path:,
+          certificate_file_path:,
+          digest_method:,
+          signature_method:
+        )
+      @host = host
+      @sso_path = sso_path
+      @slo_path = slo_path
+      @metadata_path = metadata_path
+      @private_key_file_path = private_key_file_path
+      @certificate_file_path = certificate_file_path
+      @digest_method = digest_method
+      @signature_method = signature_method
+      validate_attributes
+    end
+    # rubocop:enable Metrics/ParameterLists
+    def sso_url
+      @sso_url ||= URI.join(host, sso_path).to_s
+    end
+    def slo_url
+      @slo_url ||= URI.join(host, slo_path).to_s
+    end
+    def metadata_url
+      @metadata_url ||= URI.join(host, metadata_path).to_s
+    end
+    def private_key
+      @private_key ||= File.read(private_key_file_path)
+    end
+    def certificate
+      @certificate ||= File.read(certificate_file_path)
+    end
+    private
+    def validate_attributes
+      if !DIGEST_METHODS.include?(digest_method)
+        raise UnknownDigestMethodError,
+              "Provided digest method is not valid:" \
+              " use one of #{DIGEST_METHODS.join(', ')}"
+      elsif !SIGNATURE_METHODS.include?(signature_method)
+        raise UnknownSignatureMethodError,
+              "Provided digest method is not valid:" \
+              " use one of #{SIGNATURE_METHODS.join(', ')}"
+      end
+    end
+  end
+end

data/lib/spid/sso_request.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+require "spid/authn_request"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class SsoRequest # :nodoc:
+    attr_reader :service_provider_configuration,
+                :identity_provider_configuration,
+                :authn_context,
+                :authn_context_comparison
+    # rubocop:disable Metrics/MethodLength
+    def initialize(
+          identity_provider_configuration:,
+          service_provider_configuration:,
+          authn_context: Spid::L1,
+          authn_context_comparison: Spid::EXACT_COMPARISON
+        )
+      unless AUTHN_CONTEXTS.include?(authn_context)
+        raise Spid::UnknownAuthnContextError,
+              "Provided authn_context is not valid:" \
+              " use one of #{AUTHN_CONTEXTS.join(', ')}"
+      end
+      unless COMPARISON_METHODS.include?(authn_context_comparison)
+        raise Spid::UnknownAuthnComparisonMethodError,
+              "Provided authn_context_comparison_method is not valid:" \
+              " use one of #{COMPARISON_METHODS.join(', ')}"
+      end
+      @service_provider_configuration = service_provider_configuration
+      @identity_provider_configuration = identity_provider_configuration
+      @authn_context = authn_context
+      @authn_context_comparison = authn_context_comparison
+    end
+    # rubocop:enable Metrics/MethodLength
+    def to_saml
+      authn_request.create(saml_settings)
+    end
+    # rubocop:disable Metrics/MethodLength
+    # rubocop:disable Metrics/AbcSize
+    def authn_request_attributes
+      return @authn_request_attributes if @authn_request_attributes.present?
+      @authn_request_attributes = {
+        idp_sso_target_url: identity_provider_configuration.sso_target_url,
+        assertion_consumer_service_url: service_provider_configuration.sso_url,
+        protocol_binding: protocol_binding,
+        issuer: service_provider_configuration.host,
+        private_key: service_provider_configuration.private_key,
+        certificate: service_provider_configuration.certificate,
+        name_identifier_format: name_identifier_format,
+        authn_context: authn_context,
+        authn_context_comparison: authn_context_comparison,
+        idp_cert_fingerprint: identity_provider_configuration.cert_fingerprint,
+        security: {
+          authn_requests_signed: true,
+          embed_sign: true,
+          digest_method: service_provider_configuration.digest_method,
+          signature_method: service_provider_configuration.signature_method
+        }
+      }
+      @authn_request_attributes[:force_authn] = true if authn_context > Spid::L1
+      @authn_request_attributes
+    end
+    # rubocop:enable Metrics/AbcSize
+    # rubocop:enable Metrics/MethodLength
+    def authn_request
+      AuthnRequest.new
+    end
+    def saml_settings
+      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    end
+    private
+    def protocol_binding
+      "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+    end
+    def name_identifier_format
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+    end
+  end
+end

data/lib/spid/sso_response.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/response"
+require "active_support/inflector/methods"
+module Spid
+  class SsoResponse # :nodoc:
+    attr_reader :body, :sso_settings
+    def initialize(body:, sso_settings:)
+      @body = body
+      @sso_settings = sso_settings
+    end
+    def valid?
+      saml_response.is_valid?
+    end
+    def attributes
+      raw_attributes.each_with_object({}) do |(key, value), acc|
+        acc[normalize_key(key)] = value
+      end
+    end
+    def raw_attributes
+      saml_response.attributes.attributes
+    end
+    private
+    def normalize_key(key)
+      ActiveSupport::Inflector.underscore(
+        key.to_s
+      ).to_sym
+    end
+    def saml_response
+      @saml_response ||= ::OneLogin::RubySaml::Response.new(
+        body,
+        settings: sso_settings
+      )
+    end
+  end
+end

data/lib/spid/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 end

data/spid.gemspec CHANGED Viewed

@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop", "0.57.2"
   spec.add_development_dependency "rubocop-rspec", "1.27.0"
+  spec.add_development_dependency "timecop", "~> 0"
   spec.add_development_dependency "vcr", "~> 4.0", ">= 4.0.0"
   spec.add_development_dependency "webmock", "~> 3.4", ">= 3.4.2"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-07-09 00:00:00.000000000 Z
+date: 2018-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-saml
@@ -204,6 +204,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 1.27.0
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
@@ -261,12 +275,16 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- idp_metadata/.gitkeep
 - lib/spid.rb
 - lib/spid/authn_request.rb
-- lib/spid/generate_authn_request.rb
+- lib/spid/identity_provider_configuration.rb
 - lib/spid/identity_providers.rb
 - lib/spid/idp_metadata.rb
 - lib/spid/metadata.rb
+- lib/spid/service_provider_configuration.rb
+- lib/spid/sso_request.rb
+- lib/spid/sso_response.rb
 - lib/spid/version.rb
 - spid.gemspec
 homepage: https://github.com/italia/spid-ruby

data/lib/spid/generate_authn_request.rb DELETED Viewed

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-require "spid/authn_request"
-require "onelogin/ruby-saml/settings"
-module Spid
-  class GenerateAuthnRequest # :nodoc:
-    attr_reader :authn_request_attributes
-    # rubocop:disable Metrics/MethodLength
-    # rubocop:disable Metrics/ParameterLists
-    def initialize(
-          idp_sso_target_url:,
-          assertion_consumer_service_url:,
-          private_key_filepath:,
-          certificate_filepath:,
-          issuer:,
-          authn_context: Spid::L1,
-          authn_context_comparison: Spid::EXACT_COMPARISON,
-          digest_method: Spid::SHA256,
-          signature_method: Spid::RSA_SHA256
-        )
-      unless AUTHN_CONTEXTS.include?(authn_context)
-        raise Spid::UnknownAuthnContextError,
-              "Provided authn_context is not valid:" \
-              " use one of #{AUTHN_CONTEXTS.join(', ')}"
-      end
-      unless COMPARISON_METHODS.include?(authn_context_comparison)
-        raise Spid::UnknownAuthnComparisonMethodError,
-              "Provided authn_context_comparison_method is not valid:" \
-              " use one of #{COMPARISON_METHODS.join(', ')}"
-      end
-      @authn_request_attributes = {
-        idp_sso_target_url: idp_sso_target_url,
-        assertion_consumer_service_url: assertion_consumer_service_url,
-        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-        issuer: issuer,
-        private_key: File.read(private_key_filepath),
-        certificate: File.read(certificate_filepath),
-        name_identifier_format: name_identifier_format,
-        authn_context: authn_context,
-        authn_context_comparison: authn_context_comparison,
-        security: {
-          authn_requests_signed: true,
-          embed_sign: true,
-          digest_method:             digest_method,
-          signature_method:          signature_method
-        }
-      }
-      return if authn_context <= Spid::L1
-      @authn_request_attributes[:force_authn] = true
-    end
-    # rubocop:enable Metrics/ParameterLists
-    # rubocop:enable Metrics/MethodLength
-    def to_saml
-      authn_request.create(saml_settings)
-    end
-    private
-    def name_identifier_format
-      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
-    end
-    def authn_request
-      AuthnRequest.new
-    end
-    def saml_settings
-      ::OneLogin::RubySaml::Settings.new authn_request_attributes
-    end
-  end
-end