spid 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/slo/request"
4
+ require "spid/slo/response"
5
+ require "spid/slo/settings"
6
+
7
+ module Spid
8
+ module Slo # :nodoc:
9
+ end
10
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/logout_request"
4
+ require "onelogin/ruby-saml/settings"
5
+
6
+ module Spid
7
+ module Slo
8
+ class Request # :nodoc:
9
+ attr_reader :idp_name
10
+ attr_reader :session_index
11
+
12
+ def initialize(idp_name:, session_index:)
13
+ @idp_name = idp_name
14
+ @session_index = session_index
15
+ end
16
+
17
+ def to_saml
18
+ logout_request.create(saml_settings)
19
+ end
20
+
21
+ def saml_settings
22
+ slo_settings.saml_settings
23
+ end
24
+
25
+ def slo_settings
26
+ Settings.new(
27
+ service_provider: service_provider,
28
+ identity_provider: identity_provider,
29
+ session_index: session_index
30
+ )
31
+ end
32
+
33
+ def identity_provider
34
+ @identity_provider ||=
35
+ IdentityProviderManager.find_by_name(idp_name)
36
+ end
37
+
38
+ def service_provider
39
+ @service_provider ||=
40
+ Spid.configuration.service_provider
41
+ end
42
+
43
+ private
44
+
45
+ def logout_request
46
+ LogoutRequest.new
47
+ end
48
+ end
49
+ end
50
+ end
@@ -0,0 +1,72 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "onelogin/ruby-saml/logoutresponse"
4
+
5
+ module Spid
6
+ module Slo
7
+ class Response # :nodoc:
8
+ attr_reader :body
9
+ attr_reader :session_index
10
+ attr_reader :matches_request_id
11
+
12
+ def initialize(body:, session_index:, matches_request_id:)
13
+ @body = body
14
+ @session_index = session_index
15
+ @matches_request_id = matches_request_id
16
+ end
17
+
18
+ def valid?
19
+ validated_saml_response.validate
20
+ end
21
+
22
+ def errors
23
+ validated_saml_response.errors
24
+ end
25
+
26
+ def saml_settings
27
+ slo_settings.saml_settings
28
+ end
29
+
30
+ def slo_settings
31
+ Settings.new(
32
+ service_provider: service_provider,
33
+ identity_provider: identity_provider,
34
+ session_index: session_index
35
+ )
36
+ end
37
+
38
+ def identity_provider
39
+ @identity_provider ||=
40
+ IdentityProviderManager.find_by_entity(issuer)
41
+ end
42
+
43
+ def service_provider
44
+ @service_provider ||=
45
+ Spid.configuration.service_provider
46
+ end
47
+
48
+ def issuer
49
+ saml_response.issuer.strip
50
+ end
51
+
52
+ private
53
+
54
+ def saml_response
55
+ ::OneLogin::RubySaml::Logoutresponse.new(
56
+ body,
57
+ nil,
58
+ matches_request_id: matches_request_id
59
+ )
60
+ end
61
+
62
+ def validated_saml_response
63
+ @validated_saml_response ||=
64
+ begin
65
+ response = saml_response
66
+ response.settings = saml_settings
67
+ response
68
+ end
69
+ end
70
+ end
71
+ end
72
+ end
@@ -0,0 +1,53 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "onelogin/ruby-saml/settings"
4
+
5
+ module Spid
6
+ module Slo
7
+ class Settings # :nodoc:
8
+ attr_reader :service_provider,
9
+ :identity_provider,
10
+ :session_index
11
+
12
+ def initialize(
13
+ service_provider:,
14
+ identity_provider:,
15
+ session_index:
16
+ )
17
+ @service_provider = service_provider
18
+ @identity_provider = identity_provider
19
+ @session_index = session_index
20
+ end
21
+
22
+ def saml_settings
23
+ ::OneLogin::RubySaml::Settings.new(slo_attributes)
24
+ end
25
+
26
+ def slo_attributes
27
+ [
28
+ service_provider.slo_attributes,
29
+ identity_provider.slo_attributes,
30
+ inner_slo_attributes
31
+ ].inject(:merge)
32
+ end
33
+
34
+ def inner_slo_attributes
35
+ {
36
+ name_identifier_value: generated_name_identifier_value,
37
+ name_identifier_format: name_identifier_format_value,
38
+ sessionindex: session_index
39
+ }
40
+ end
41
+
42
+ private
43
+
44
+ def generated_name_identifier_value
45
+ ::OneLogin::RubySaml::Utils.uuid
46
+ end
47
+
48
+ def name_identifier_format_value
49
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
50
+ end
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/sso/request"
4
+ require "spid/sso/response"
5
+ require "spid/sso/settings"
6
+
7
+ module Spid
8
+ module Sso # :nodoc:
9
+ end
10
+ end
@@ -0,0 +1,53 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "spid/authn_request"
4
+ require "onelogin/ruby-saml/settings"
5
+
6
+ module Spid
7
+ module Sso
8
+ class Request # :nodoc:
9
+ attr_reader :idp_name
10
+ attr_reader :authn_context
11
+ attr_reader :authn_context_comparison
12
+
13
+ def initialize(idp_name:, authn_context:, authn_context_comparison:)
14
+ @idp_name = idp_name
15
+ @authn_context = authn_context
16
+ @authn_context_comparison = authn_context_comparison
17
+ end
18
+
19
+ def to_saml
20
+ authn_request.create(saml_settings)
21
+ end
22
+
23
+ def saml_settings
24
+ sso_settings.saml_settings
25
+ end
26
+
27
+ def sso_settings
28
+ Settings.new(
29
+ service_provider: service_provider,
30
+ identity_provider: identity_provider,
31
+ authn_context: authn_context,
32
+ authn_context_comparison: authn_context_comparison
33
+ )
34
+ end
35
+
36
+ def identity_provider
37
+ @identity_provider ||=
38
+ IdentityProviderManager.find_by_name(idp_name)
39
+ end
40
+
41
+ def service_provider
42
+ @service_provider ||=
43
+ Spid.configuration.service_provider
44
+ end
45
+
46
+ private
47
+
48
+ def authn_request
49
+ AuthnRequest.new
50
+ end
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,80 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "onelogin/ruby-saml/response"
4
+ require "active_support/inflector/methods"
5
+
6
+ module Spid
7
+ module Sso
8
+ class Response # :nodoc:
9
+ attr_reader :body
10
+
11
+ def initialize(body:)
12
+ @body = body
13
+ end
14
+
15
+ def valid?
16
+ validated_saml_response.is_valid?
17
+ end
18
+
19
+ def saml_settings
20
+ sso_settings.saml_settings
21
+ end
22
+
23
+ def sso_settings
24
+ Settings.new(
25
+ service_provider: service_provider,
26
+ identity_provider: identity_provider
27
+ )
28
+ end
29
+
30
+ def attributes
31
+ raw_attributes.each_with_object({}) do |(key, value), acc|
32
+ acc[normalize_key(key)] = value
33
+ end
34
+ end
35
+
36
+ def issuer
37
+ saml_response.issuers.first
38
+ end
39
+
40
+ def session_index
41
+ saml_response.sessionindex
42
+ end
43
+
44
+ def raw_attributes
45
+ saml_response.attributes.attributes
46
+ end
47
+
48
+ def identity_provider
49
+ @identity_provider ||=
50
+ IdentityProviderManager.find_by_entity(issuer)
51
+ end
52
+
53
+ def service_provider
54
+ @service_provider ||=
55
+ Spid.configuration.service_provider
56
+ end
57
+
58
+ private
59
+
60
+ def normalize_key(key)
61
+ ActiveSupport::Inflector.underscore(
62
+ key.to_s
63
+ ).to_sym
64
+ end
65
+
66
+ def saml_response
67
+ ::OneLogin::RubySaml::Response.new(body)
68
+ end
69
+
70
+ def validated_saml_response
71
+ @validated_saml_response ||=
72
+ begin
73
+ response = saml_response
74
+ response.settings = saml_settings
75
+ response
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,78 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Spid
4
+ module Sso
5
+ class Settings # :nodoc:
6
+ attr_reader :service_provider,
7
+ :identity_provider,
8
+ :authn_context,
9
+ :authn_context_comparison
10
+
11
+ # rubocop:disable Metrics/MethodLength
12
+ def initialize(
13
+ service_provider:,
14
+ identity_provider:,
15
+ authn_context: Spid::L1,
16
+ authn_context_comparison: Spid::EXACT_COMPARISON
17
+ )
18
+
19
+ unless AUTHN_CONTEXTS.include?(authn_context)
20
+ raise Spid::UnknownAuthnContextError,
21
+ "Provided authn_context is not valid:" \
22
+ " use one of #{AUTHN_CONTEXTS.join(', ')}"
23
+ end
24
+
25
+ unless COMPARISON_METHODS.include?(authn_context_comparison)
26
+ raise Spid::UnknownAuthnComparisonMethodError,
27
+ "Provided authn_context_comparison_method is not valid:" \
28
+ " use one of #{COMPARISON_METHODS.join(', ')}"
29
+ end
30
+
31
+ @service_provider = service_provider
32
+ @identity_provider = identity_provider
33
+ @authn_context = authn_context
34
+ @authn_context_comparison = authn_context_comparison
35
+ end
36
+ # rubocop:enable Metrics/MethodLength
37
+
38
+ def saml_settings
39
+ ::OneLogin::RubySaml::Settings.new(sso_attributes)
40
+ end
41
+
42
+ def sso_attributes
43
+ [
44
+ service_provider.sso_attributes,
45
+ identity_provider.sso_attributes,
46
+ inner_sso_attributes,
47
+ force_authn_attributes
48
+ ].inject(:merge)
49
+ end
50
+
51
+ def inner_sso_attributes
52
+ {
53
+ protocol_binding: protocol_binding_value,
54
+ name_identifier_format: name_identifier_format_value,
55
+ authn_context: authn_context,
56
+ authn_context_comparison: authn_context_comparison
57
+ }
58
+ end
59
+
60
+ def force_authn_attributes
61
+ return {} if authn_context <= Spid::L1
62
+ {
63
+ force_authn: true
64
+ }
65
+ end
66
+
67
+ private
68
+
69
+ def protocol_binding_value
70
+ "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
71
+ end
72
+
73
+ def name_identifier_format_value
74
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
75
+ end
76
+ end
77
+ end
78
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spid
4
- VERSION = "0.7.0"
4
+ VERSION = "0.8.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Librera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-18 00:00:00.000000000 Z
11
+ date: 2018-07-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ruby-saml
@@ -278,18 +278,20 @@ files:
278
278
  - idp_metadata/.gitkeep
279
279
  - lib/spid.rb
280
280
  - lib/spid/authn_request.rb
281
- - lib/spid/identity_provider_configuration.rb
282
- - lib/spid/identity_providers.rb
283
- - lib/spid/idp_metadata.rb
281
+ - lib/spid/configuration.rb
282
+ - lib/spid/identity_provider.rb
283
+ - lib/spid/identity_provider_manager.rb
284
284
  - lib/spid/logout_request.rb
285
285
  - lib/spid/metadata.rb
286
- - lib/spid/service_provider_configuration.rb
287
- - lib/spid/slo_request.rb
288
- - lib/spid/slo_response.rb
289
- - lib/spid/slo_settings.rb
290
- - lib/spid/sso_request.rb
291
- - lib/spid/sso_response.rb
292
- - lib/spid/sso_settings.rb
286
+ - lib/spid/service_provider.rb
287
+ - lib/spid/slo.rb
288
+ - lib/spid/slo/request.rb
289
+ - lib/spid/slo/response.rb
290
+ - lib/spid/slo/settings.rb
291
+ - lib/spid/sso.rb
292
+ - lib/spid/sso/request.rb
293
+ - lib/spid/sso/response.rb
294
+ - lib/spid/sso/settings.rb
293
295
  - lib/spid/version.rb
294
296
  - spid.gemspec
295
297
  homepage: https://github.com/italia/spid-ruby