spid 0.7.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +8 -0
  3. data/CHANGELOG.md +11 -1
  4. data/README.md +1 -1
  5. data/lib/spid.rb +24 -12
  6. data/lib/spid/configuration.rb +54 -0
  7. data/lib/spid/identity_provider.rb +60 -0
  8. data/lib/spid/identity_provider_manager.rb +43 -0
  9. data/lib/spid/metadata.rb +14 -12
  10. data/lib/spid/service_provider.rb +107 -0
  11. data/lib/spid/slo.rb +10 -0
  12. data/lib/spid/slo/request.rb +50 -0
  13. data/lib/spid/slo/response.rb +72 -0
  14. data/lib/spid/slo/settings.rb +53 -0
  15. data/lib/spid/sso.rb +10 -0
  16. data/lib/spid/sso/request.rb +53 -0
  17. data/lib/spid/sso/response.rb +80 -0
  18. data/lib/spid/sso/settings.rb +78 -0
  19. data/lib/spid/version.rb +1 -1
  20. metadata +14 -12
  21. data/lib/spid/identity_provider_configuration.rb +0 -34
  22. data/lib/spid/identity_providers.rb +0 -57
  23. data/lib/spid/idp_metadata.rb +0 -38
  24. data/lib/spid/service_provider_configuration.rb +0 -73
  25. data/lib/spid/slo_request.rb +0 -24
  26. data/lib/spid/slo_response.rb +0 -27
  27. data/lib/spid/slo_settings.rb +0 -59
  28. data/lib/spid/sso_request.rb +0 -24
  29. data/lib/spid/sso_response.rb +0 -48
  30. data/lib/spid/sso_settings.rb +0 -77
data/lib/spid/slo.rb ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/slo/request"
4
+ require "spid/slo/response"
5
+ require "spid/slo/settings"
6
+
7
+ module Spid
8
+ module Slo # :nodoc:
9
+ end
10
+ end
data/lib/spid/slo/request.rb ADDED
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/logout_request"
4
+ require "onelogin/ruby-saml/settings"
5
+
6
+ module Spid
7
+ module Slo
8
+ class Request # :nodoc:
9
+ attr_reader :idp_name
10
+ attr_reader :session_index
11
+
12
+ def initialize(idp_name:, session_index:)
13
+ @idp_name = idp_name
14
+ @session_index = session_index
15
+ end
16
+
17
+ def to_saml
18
+ logout_request.create(saml_settings)
19
+ end
20
+
21
+ def saml_settings
22
+ slo_settings.saml_settings
23
+ end
24
+
25
+ def slo_settings
26
+ Settings.new(
27
+ service_provider: service_provider,
28
+ identity_provider: identity_provider,
29
+ session_index: session_index
30
+ )
31
+ end
32
+
33
+ def identity_provider
34
+ @identity_provider ||=
35
+ IdentityProviderManager.find_by_name(idp_name)
36
+ end
37
+
38
+ def service_provider
39
+ @service_provider ||=
40
+ Spid.configuration.service_provider
41
+ end
42
+
43
+ private
44
+
45
+ def logout_request
46
+ LogoutRequest.new
47
+ end
48
+ end
49
+ end
50
+ end
data/lib/spid/slo/response.rb ADDED
@@ -0,0 +1,72 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "onelogin/ruby-saml/logoutresponse"
4
+
5
+ module Spid
6
+ module Slo
7
+ class Response # :nodoc:
8
+ attr_reader :body
9
+ attr_reader :session_index
10
+ attr_reader :matches_request_id
11
+
12
+ def initialize(body:, session_index:, matches_request_id:)
13
+ @body = body
14
+ @session_index = session_index
15
+ @matches_request_id = matches_request_id
16
+ end
17
+
18
+ def valid?
19
+ validated_saml_response.validate
20
+ end
21
+
22
+ def errors
23
+ validated_saml_response.errors
24
+ end
25
+
26
+ def saml_settings
27
+ slo_settings.saml_settings
28
+ end
29
+
30
+ def slo_settings
31
+ Settings.new(
32
+ service_provider: service_provider,
33
+ identity_provider: identity_provider,
34
+ session_index: session_index
35
+ )
36
+ end
37
+
38
+ def identity_provider
39
+ @identity_provider ||=
40
+ IdentityProviderManager.find_by_entity(issuer)
41
+ end
42
+
43
+ def service_provider
44
+ @service_provider ||=
45
+ Spid.configuration.service_provider
46
+ end
47
+
48
+ def issuer
49
+ saml_response.issuer.strip
50
+ end
51
+
52
+ private
53
+
54
+ def saml_response
55
+ ::OneLogin::RubySaml::Logoutresponse.new(
56
+ body,
57
+ nil,
58
+ matches_request_id: matches_request_id
59
+ )
60
+ end
61
+
62
+ def validated_saml_response
63
+ @validated_saml_response ||=
64
+ begin
65
+ response = saml_response
66
+ response.settings = saml_settings
67
+ response
68
+ end
69
+ end
70
+ end
71
+ end
72
+ end
data/lib/spid/slo/settings.rb ADDED
@@ -0,0 +1,53 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "onelogin/ruby-saml/settings"
4
+
5
+ module Spid
6
+ module Slo
7
+ class Settings # :nodoc:
8
+ attr_reader :service_provider,
9
+ :identity_provider,
10
+ :session_index
11
+
12
+ def initialize(
13
+ service_provider:,
14
+ identity_provider:,
15
+ session_index:
16
+ )
17
+ @service_provider = service_provider
18
+ @identity_provider = identity_provider
19
+ @session_index = session_index
20
+ end
21
+
22
+ def saml_settings
23
+ ::OneLogin::RubySaml::Settings.new(slo_attributes)
24
+ end
25
+
26
+ def slo_attributes
27
+ [
28
+ service_provider.slo_attributes,
29
+ identity_provider.slo_attributes,
30
+ inner_slo_attributes
31
+ ].inject(:merge)
32
+ end
33
+
34
+ def inner_slo_attributes
35
+ {
36
+ name_identifier_value: generated_name_identifier_value,
37
+ name_identifier_format: name_identifier_format_value,
38
+ sessionindex: session_index
39
+ }
40
+ end
41
+
42
+ private
43
+
44
+ def generated_name_identifier_value
45
+ ::OneLogin::RubySaml::Utils.uuid
46
+ end
47
+
48
+ def name_identifier_format_value
49
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
50
+ end
51
+ end
52
+ end
53
+ end
data/lib/spid/sso.rb ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/sso/request"
4
+ require "spid/sso/response"
5
+ require "spid/sso/settings"
6
+
7
+ module Spid
8
+ module Sso # :nodoc:
9
+ end
10
+ end
data/lib/spid/sso/request.rb ADDED
@@ -0,0 +1,53 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/authn_request"
4
+ require "onelogin/ruby-saml/settings"
5
+
6
+ module Spid
7
+ module Sso
8
+ class Request # :nodoc:
9
+ attr_reader :idp_name
10
+ attr_reader :authn_context
11
+ attr_reader :authn_context_comparison
12
+
13
+ def initialize(idp_name:, authn_context:, authn_context_comparison:)
14
+ @idp_name = idp_name
15
+ @authn_context = authn_context
16
+ @authn_context_comparison = authn_context_comparison
17
+ end
18
+
19
+ def to_saml
20
+ authn_request.create(saml_settings)
21
+ end
22
+
23
+ def saml_settings
24
+ sso_settings.saml_settings
25
+ end
26
+
27
+ def sso_settings
28
+ Settings.new(
29
+ service_provider: service_provider,
30
+ identity_provider: identity_provider,
31
+ authn_context: authn_context,
32
+ authn_context_comparison: authn_context_comparison
33
+ )
34
+ end
35
+
36
+ def identity_provider
37
+ @identity_provider ||=
38
+ IdentityProviderManager.find_by_name(idp_name)
39
+ end
40
+
41
+ def service_provider
42
+ @service_provider ||=
43
+ Spid.configuration.service_provider
44
+ end
45
+
46
+ private
47
+
48
+ def authn_request
49
+ AuthnRequest.new
50
+ end
51
+ end
52
+ end
53
+ end
data/lib/spid/sso/response.rb ADDED
@@ -0,0 +1,80 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "onelogin/ruby-saml/response"
4
+ require "active_support/inflector/methods"
5
+
6
+ module Spid
7
+ module Sso
8
+ class Response # :nodoc:
9
+ attr_reader :body
10
+
11
+ def initialize(body:)
12
+ @body = body
13
+ end
14
+
15
+ def valid?
16
+ validated_saml_response.is_valid?
17
+ end
18
+
19
+ def saml_settings
20
+ sso_settings.saml_settings
21
+ end
22
+
23
+ def sso_settings
24
+ Settings.new(
25
+ service_provider: service_provider,
26
+ identity_provider: identity_provider
27
+ )
28
+ end
29
+
30
+ def attributes
31
+ raw_attributes.each_with_object({}) do |(key, value), acc|
32
+ acc[normalize_key(key)] = value
33
+ end
34
+ end
35
+
36
+ def issuer
37
+ saml_response.issuers.first
38
+ end
39
+
40
+ def session_index
41
+ saml_response.sessionindex
42
+ end
43
+
44
+ def raw_attributes
45
+ saml_response.attributes.attributes
46
+ end
47
+
48
+ def identity_provider
49
+ @identity_provider ||=
50
+ IdentityProviderManager.find_by_entity(issuer)
51
+ end
52
+
53
+ def service_provider
54
+ @service_provider ||=
55
+ Spid.configuration.service_provider
56
+ end
57
+
58
+ private
59
+
60
+ def normalize_key(key)
61
+ ActiveSupport::Inflector.underscore(
62
+ key.to_s
63
+ ).to_sym
64
+ end
65
+
66
+ def saml_response
67
+ ::OneLogin::RubySaml::Response.new(body)
68
+ end
69
+
70
+ def validated_saml_response
71
+ @validated_saml_response ||=
72
+ begin
73
+ response = saml_response
74
+ response.settings = saml_settings
75
+ response
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
data/lib/spid/sso/settings.rb ADDED
@@ -0,0 +1,78 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Spid
4
+ module Sso
5
+ class Settings # :nodoc:
6
+ attr_reader :service_provider,
7
+ :identity_provider,
8
+ :authn_context,
9
+ :authn_context_comparison
10
+
11
+ # rubocop:disable Metrics/MethodLength
12
+ def initialize(
13
+ service_provider:,
14
+ identity_provider:,
15
+ authn_context: Spid::L1,
16
+ authn_context_comparison: Spid::EXACT_COMPARISON
17
+ )
18
+
19
+ unless AUTHN_CONTEXTS.include?(authn_context)
20
+ raise Spid::UnknownAuthnContextError,
21
+ "Provided authn_context is not valid:" \
22
+ " use one of #{AUTHN_CONTEXTS.join(', ')}"
23
+ end
24
+
25
+ unless COMPARISON_METHODS.include?(authn_context_comparison)
26
+ raise Spid::UnknownAuthnComparisonMethodError,
27
+ "Provided authn_context_comparison_method is not valid:" \
28
+ " use one of #{COMPARISON_METHODS.join(', ')}"
29
+ end
30
+
31
+ @service_provider = service_provider
32
+ @identity_provider = identity_provider
33
+ @authn_context = authn_context
34
+ @authn_context_comparison = authn_context_comparison
35
+ end
36
+ # rubocop:enable Metrics/MethodLength
37
+
38
+ def saml_settings
39
+ ::OneLogin::RubySaml::Settings.new(sso_attributes)
40
+ end
41
+
42
+ def sso_attributes
43
+ [
44
+ service_provider.sso_attributes,
45
+ identity_provider.sso_attributes,
46
+ inner_sso_attributes,
47
+ force_authn_attributes
48
+ ].inject(:merge)
49
+ end
50
+
51
+ def inner_sso_attributes
52
+ {
53
+ protocol_binding: protocol_binding_value,
54
+ name_identifier_format: name_identifier_format_value,
55
+ authn_context: authn_context,
56
+ authn_context_comparison: authn_context_comparison
57
+ }
58
+ end
59
+
60
+ def force_authn_attributes
61
+ return {} if authn_context <= Spid::L1
62
+ {
63
+ force_authn: true
64
+ }
65
+ end
66
+
67
+ private
68
+
69
+ def protocol_binding_value
70
+ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
71
+ end
72
+
73
+ def name_identifier_format_value
74
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
75
+ end
76
+ end
77
+ end
78
+ end
data/lib/spid/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spid
4
- VERSION = "0.7.0"
4
+ VERSION = "0.8.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Librera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-18 00:00:00.000000000 Z
11
+ date: 2018-07-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ruby-saml
@@ -278,18 +278,20 @@ files:
278
278
  - idp_metadata/.gitkeep
279
279
  - lib/spid.rb
280
280
  - lib/spid/authn_request.rb
281
- - lib/spid/identity_provider_configuration.rb
282
- - lib/spid/identity_providers.rb
283
- - lib/spid/idp_metadata.rb
281
+ - lib/spid/configuration.rb
282
+ - lib/spid/identity_provider.rb
283
+ - lib/spid/identity_provider_manager.rb
284
284
  - lib/spid/logout_request.rb
285
285
  - lib/spid/metadata.rb
286
- - lib/spid/service_provider_configuration.rb
287
- - lib/spid/slo_request.rb
288
- - lib/spid/slo_response.rb
289
- - lib/spid/slo_settings.rb
290
- - lib/spid/sso_request.rb
291
- - lib/spid/sso_response.rb
292
- - lib/spid/sso_settings.rb
286
+ - lib/spid/service_provider.rb
287
+ - lib/spid/slo.rb
288
+ - lib/spid/slo/request.rb
289
+ - lib/spid/slo/response.rb
290
+ - lib/spid/slo/settings.rb
291
+ - lib/spid/sso.rb
292
+ - lib/spid/sso/request.rb
293
+ - lib/spid/sso/response.rb
294
+ - lib/spid/sso/settings.rb
293
295
  - lib/spid/version.rb
294
296
  - spid.gemspec
295
297
  homepage: https://github.com/italia/spid-ruby