spid 0.8.1 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/CHANGELOG.md +7 -0
- data/lib/spid.rb +1 -0
- data/lib/spid/identity_provider.rb +5 -5
- data/lib/spid/rack.rb +29 -0
- data/lib/spid/rack/login.rb +58 -0
- data/lib/spid/rack/logout.rb +69 -0
- data/lib/spid/rack/metadata.rb +46 -0
- data/lib/spid/rack/slo.rb +33 -0
- data/lib/spid/rack/sso.rb +48 -0
- data/lib/spid/service_provider.rb +9 -9
- data/lib/spid/slo/settings.rb +3 -3
- data/lib/spid/sso/request.rb +1 -1
- data/lib/spid/sso/response.rb +1 -1
- data/lib/spid/sso/settings.rb +4 -3
- data/lib/spid/version.rb +1 -1
- data/spid.gemspec +2 -1
- metadata +45 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9cccde8251b49654537f88e24704de56844883d61c3e2939edf7a7b05c277850
|
|
4
|
+
data.tar.gz: 703d39c5c631e0a988dc3b36969e1dff7aeeab8622e70a935b4c52486bd50568
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9025d41fdf1de349f3bc3e595eeca6eab68d8be7d26c9026a5d8aa2544e50574a75151539ad6c30e67e9cb99ce5ed1c94c1d3f9b109814cd171faa23cfe9141e
|
|
7
|
+
data.tar.gz: 793b85a398c663be4c835ff76a4d420170f0d58e6a09bafccd98042d61cfa181718b74769f2443897f85ebef150be11b66b3f9ddc1ac6f26833ac8f14e6dffa9
|
data/.rubocop.yml
CHANGED
|
@@ -17,9 +17,11 @@ Metrics/LineLength:
|
|
|
17
17
|
RSpec/DescribeClass:
|
|
18
18
|
Exclude:
|
|
19
19
|
- spec/integration/**/*.rb
|
|
20
|
+
- spec/requests/**/*.rb
|
|
20
21
|
RSpec/FilePath:
|
|
21
22
|
Exclude:
|
|
22
23
|
- spec/integration/**/*.rb
|
|
24
|
+
- spec/requests/**/*.rb
|
|
23
25
|
RSpec/NestedGroups:
|
|
24
26
|
Enabled: false
|
|
25
27
|
RSpec/SubjectStub:
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
3
|
## [Unreleased]
|
|
4
|
+
### Added
|
|
5
|
+
- Rack middleware that handles spid login requests
|
|
6
|
+
- Rack middleware that handles spid logout requests
|
|
7
|
+
- Rack middleware that handles spid sso assertion
|
|
8
|
+
- Rack middleware that handles spid slo assertion
|
|
9
|
+
- Rack middleware that handles spid metadata requests
|
|
10
|
+
- Rack middleware that contains all specific middlewares
|
|
4
11
|
|
|
5
12
|
## [0.8.0] - 2018-07-26
|
|
6
13
|
### Added
|
data/lib/spid.rb
CHANGED
|
@@ -4,11 +4,11 @@ require "onelogin/ruby-saml/idp_metadata_parser"
|
|
|
4
4
|
|
|
5
5
|
module Spid
|
|
6
6
|
class IdentityProvider # :nodoc:
|
|
7
|
-
attr_reader :name
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
attr_reader :name
|
|
8
|
+
attr_reader :entity_id
|
|
9
|
+
attr_reader :sso_target_url
|
|
10
|
+
attr_reader :slo_target_url
|
|
11
|
+
attr_reader :cert_fingerprint
|
|
12
12
|
|
|
13
13
|
def initialize(
|
|
14
14
|
name:,
|
data/lib/spid/rack.rb
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "rack/builder"
|
|
4
|
+
require "spid/rack/login"
|
|
5
|
+
require "spid/rack/logout"
|
|
6
|
+
require "spid/rack/sso"
|
|
7
|
+
require "spid/rack/slo"
|
|
8
|
+
require "spid/rack/metadata"
|
|
9
|
+
|
|
10
|
+
module Spid
|
|
11
|
+
class Rack # :nodoc:
|
|
12
|
+
attr_reader :app
|
|
13
|
+
|
|
14
|
+
def initialize(app)
|
|
15
|
+
@app = ::Rack::Builder.new do
|
|
16
|
+
use Spid::Rack::Metadata
|
|
17
|
+
use Spid::Rack::Login
|
|
18
|
+
use Spid::Rack::Logout
|
|
19
|
+
use Spid::Rack::Sso
|
|
20
|
+
use Spid::Rack::Slo
|
|
21
|
+
run app
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def call(env)
|
|
26
|
+
app.call(env)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
class Rack
|
|
5
|
+
class Login # :nodoc:
|
|
6
|
+
attr_reader :app
|
|
7
|
+
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
@sso = LoginEnv.new(env)
|
|
14
|
+
if @sso.valid_request?
|
|
15
|
+
@sso.response
|
|
16
|
+
else
|
|
17
|
+
app.call(env)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
class LoginEnv # :nodoc:
|
|
22
|
+
attr_reader :env, :request
|
|
23
|
+
|
|
24
|
+
def initialize(env)
|
|
25
|
+
@env = env
|
|
26
|
+
@request = ::Rack::Request.new(env)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def response
|
|
30
|
+
[
|
|
31
|
+
301,
|
|
32
|
+
{ "Location" => sso_url },
|
|
33
|
+
[]
|
|
34
|
+
]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def sso_url
|
|
38
|
+
Spid::Sso::Request.new(
|
|
39
|
+
idp_name: idp_name
|
|
40
|
+
).to_saml
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def valid_request?
|
|
44
|
+
valid_path? &&
|
|
45
|
+
!idp_name.nil?
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def valid_path?
|
|
49
|
+
request.path == Spid.configuration.start_sso_path
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def idp_name
|
|
53
|
+
request.params["idp_name"]
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
class Rack
|
|
5
|
+
class Logout # :nodoc:
|
|
6
|
+
attr_reader :app
|
|
7
|
+
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
@slo = LogoutEnv.new(env)
|
|
14
|
+
if @slo.valid_request?
|
|
15
|
+
@slo.response
|
|
16
|
+
else
|
|
17
|
+
app.call(env)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
class LogoutEnv # :nodoc:
|
|
22
|
+
attr_reader :env, :request
|
|
23
|
+
|
|
24
|
+
def initialize(env)
|
|
25
|
+
@env = env
|
|
26
|
+
@request = ::Rack::Request.new(env)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def response
|
|
30
|
+
[
|
|
31
|
+
301,
|
|
32
|
+
{ "Location" => slo_url },
|
|
33
|
+
[]
|
|
34
|
+
]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def slo_url
|
|
38
|
+
Spid::Slo::Request.new(
|
|
39
|
+
idp_name: idp_name,
|
|
40
|
+
session_index: spid_session["session-index"]
|
|
41
|
+
).to_saml
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def valid_request?
|
|
45
|
+
valid_path? &&
|
|
46
|
+
!idp_name.nil? &&
|
|
47
|
+
!spid_session.nil?
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def valid_path?
|
|
51
|
+
request.path == Spid.configuration.start_slo_path
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def spid_session
|
|
55
|
+
rack_session["spid"] unless rack_session.nil?
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def rack_session
|
|
59
|
+
return if request.has_header?("rack.session").nil?
|
|
60
|
+
request.get_header("rack.session")
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def idp_name
|
|
64
|
+
request.params["idp_name"]
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
class Rack
|
|
5
|
+
class Metadata # :nodoc:
|
|
6
|
+
attr_reader :app
|
|
7
|
+
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
@metadata = MetadataEnv.new(env)
|
|
14
|
+
|
|
15
|
+
return @metadata.response if @metadata.valid_request?
|
|
16
|
+
|
|
17
|
+
app.call(env)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
class MetadataEnv # :nodoc:
|
|
21
|
+
attr_reader :env, :request
|
|
22
|
+
|
|
23
|
+
def initialize(env)
|
|
24
|
+
@env = env
|
|
25
|
+
@request = ::Rack::Request.new(env)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def metadata
|
|
29
|
+
@metadata ||= ::Spid::Metadata.new
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def response
|
|
33
|
+
[
|
|
34
|
+
200,
|
|
35
|
+
{ "Content-Type" => "application/xml" },
|
|
36
|
+
metadata.to_xml
|
|
37
|
+
]
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def valid_request?
|
|
41
|
+
request.path == Spid.configuration.metadata_path
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
class Rack
|
|
5
|
+
class Slo # :nodoc:
|
|
6
|
+
attr_reader :app
|
|
7
|
+
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
@slo = SloEnv.new(env)
|
|
14
|
+
env["rack.session"].delete("spid") if @slo.valid_request?
|
|
15
|
+
app.call(env)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
class SloEnv # :nodoc:
|
|
19
|
+
attr_reader :env
|
|
20
|
+
attr_reader :request
|
|
21
|
+
|
|
22
|
+
def initialize(env)
|
|
23
|
+
@env = env
|
|
24
|
+
@request = ::Rack::Request.new(env)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def valid_request?
|
|
28
|
+
request.path == Spid.configuration.slo_path
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Spid
|
|
4
|
+
class Rack
|
|
5
|
+
class Sso # :nodoc:
|
|
6
|
+
attr_reader :app
|
|
7
|
+
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
@sso = SsoEnv.new(env)
|
|
14
|
+
|
|
15
|
+
if @sso.valid_request?
|
|
16
|
+
response = @sso.sso_response
|
|
17
|
+
env["rack.session"]["spid"] = {
|
|
18
|
+
"attributes" => response.attributes,
|
|
19
|
+
"session_index" => response.session_index
|
|
20
|
+
}
|
|
21
|
+
end
|
|
22
|
+
app.call(env)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
class SsoEnv # :nodoc:
|
|
26
|
+
attr_reader :env
|
|
27
|
+
attr_reader :request
|
|
28
|
+
|
|
29
|
+
def initialize(env)
|
|
30
|
+
@env = env
|
|
31
|
+
@request = ::Rack::Request.new(env)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def saml_response
|
|
35
|
+
request.params["SAMLResponse"]
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def valid_request?
|
|
39
|
+
request.path == Spid.configuration.acs_path
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def sso_response
|
|
43
|
+
::Spid::Sso::Response.new(body: saml_response)
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -4,15 +4,15 @@ require "uri"
|
|
|
4
4
|
|
|
5
5
|
module Spid
|
|
6
6
|
class ServiceProvider # :nodoc:
|
|
7
|
-
attr_reader :host
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
7
|
+
attr_reader :host
|
|
8
|
+
attr_reader :acs_path
|
|
9
|
+
attr_reader :slo_path
|
|
10
|
+
attr_reader :metadata_path
|
|
11
|
+
attr_reader :private_key
|
|
12
|
+
attr_reader :certificate
|
|
13
|
+
attr_reader :digest_method
|
|
14
|
+
attr_reader :signature_method
|
|
15
|
+
attr_reader :attribute_service_name
|
|
16
16
|
|
|
17
17
|
# rubocop:disable Metrics/ParameterLists
|
|
18
18
|
def initialize(
|
data/lib/spid/slo/settings.rb
CHANGED
|
@@ -5,9 +5,9 @@ require "onelogin/ruby-saml/settings"
|
|
|
5
5
|
module Spid
|
|
6
6
|
module Slo
|
|
7
7
|
class Settings # :nodoc:
|
|
8
|
-
attr_reader :service_provider
|
|
9
|
-
|
|
10
|
-
|
|
8
|
+
attr_reader :service_provider
|
|
9
|
+
attr_reader :identity_provider
|
|
10
|
+
attr_reader :session_index
|
|
11
11
|
|
|
12
12
|
def initialize(
|
|
13
13
|
service_provider:,
|
data/lib/spid/sso/request.rb
CHANGED
data/lib/spid/sso/response.rb
CHANGED
data/lib/spid/sso/settings.rb
CHANGED
|
@@ -3,9 +3,10 @@
|
|
|
3
3
|
module Spid
|
|
4
4
|
module Sso
|
|
5
5
|
class Settings # :nodoc:
|
|
6
|
-
attr_reader :service_provider
|
|
7
|
-
|
|
8
|
-
|
|
6
|
+
attr_reader :service_provider
|
|
7
|
+
attr_reader :identity_provider
|
|
8
|
+
attr_reader :authn_context
|
|
9
|
+
|
|
9
10
|
def initialize(
|
|
10
11
|
service_provider:,
|
|
11
12
|
identity_provider:,
|
data/lib/spid/version.rb
CHANGED
data/spid.gemspec
CHANGED
|
@@ -24,8 +24,9 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
}
|
|
25
25
|
spec.required_ruby_version = ">= 2.3.0"
|
|
26
26
|
|
|
27
|
+
spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
|
|
28
|
+
spec.add_runtime_dependency "rack", ">= 1", "< 3"
|
|
27
29
|
spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
|
|
28
|
-
spec.add_dependency "activesupport", ">= 3.0.0"
|
|
29
30
|
|
|
30
31
|
spec.add_development_dependency "bundler", "~> 1.16"
|
|
31
32
|
spec.add_development_dependency "bundler-audit", "~> 0"
|
metadata
CHANGED
|
@@ -1,49 +1,75 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Librera
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: activesupport
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "~>"
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.8'
|
|
20
17
|
- - ">="
|
|
21
18
|
- !ruby/object:Gem::Version
|
|
22
|
-
version:
|
|
19
|
+
version: 3.0.0
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '5.3'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
26
|
requirements:
|
|
27
|
-
- - "
|
|
27
|
+
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version:
|
|
29
|
+
version: 3.0.0
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '5.3'
|
|
33
|
+
- !ruby/object:Gem::Dependency
|
|
34
|
+
name: rack
|
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
30
37
|
- - ">="
|
|
31
38
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 1
|
|
39
|
+
version: '1'
|
|
40
|
+
- - "<"
|
|
41
|
+
- !ruby/object:Gem::Version
|
|
42
|
+
version: '3'
|
|
43
|
+
type: :runtime
|
|
44
|
+
prerelease: false
|
|
45
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
46
|
+
requirements:
|
|
47
|
+
- - ">="
|
|
48
|
+
- !ruby/object:Gem::Version
|
|
49
|
+
version: '1'
|
|
50
|
+
- - "<"
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: '3'
|
|
33
53
|
- !ruby/object:Gem::Dependency
|
|
34
|
-
name:
|
|
54
|
+
name: ruby-saml
|
|
35
55
|
requirement: !ruby/object:Gem::Requirement
|
|
36
56
|
requirements:
|
|
57
|
+
- - "~>"
|
|
58
|
+
- !ruby/object:Gem::Version
|
|
59
|
+
version: '1.8'
|
|
37
60
|
- - ">="
|
|
38
61
|
- !ruby/object:Gem::Version
|
|
39
|
-
version:
|
|
62
|
+
version: 1.8.0
|
|
40
63
|
type: :runtime
|
|
41
64
|
prerelease: false
|
|
42
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
66
|
requirements:
|
|
67
|
+
- - "~>"
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '1.8'
|
|
44
70
|
- - ">="
|
|
45
71
|
- !ruby/object:Gem::Version
|
|
46
|
-
version:
|
|
72
|
+
version: 1.8.0
|
|
47
73
|
- !ruby/object:Gem::Dependency
|
|
48
74
|
name: bundler
|
|
49
75
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -283,6 +309,12 @@ files:
|
|
|
283
309
|
- lib/spid/identity_provider_manager.rb
|
|
284
310
|
- lib/spid/logout_request.rb
|
|
285
311
|
- lib/spid/metadata.rb
|
|
312
|
+
- lib/spid/rack.rb
|
|
313
|
+
- lib/spid/rack/login.rb
|
|
314
|
+
- lib/spid/rack/logout.rb
|
|
315
|
+
- lib/spid/rack/metadata.rb
|
|
316
|
+
- lib/spid/rack/slo.rb
|
|
317
|
+
- lib/spid/rack/sso.rb
|
|
286
318
|
- lib/spid/service_provider.rb
|
|
287
319
|
- lib/spid/slo.rb
|
|
288
320
|
- lib/spid/slo/request.rb
|