spid 0.8.1 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2549dafdd51acab9539c94dda0bc1340ec6d68931dc3ccf7a422e8398dee397f
-  data.tar.gz: ec855618444a7d613867e80fc76af1b2ffb769622a9e1aa500cd01c2dabf422d
+  metadata.gz: 9cccde8251b49654537f88e24704de56844883d61c3e2939edf7a7b05c277850
+  data.tar.gz: 703d39c5c631e0a988dc3b36969e1dff7aeeab8622e70a935b4c52486bd50568
 SHA512:
-  metadata.gz: c18c6c8c07b64cbb28e300dc73c4fe0441528b118ef8cb58b9573e3211f8e6c4d94378da5fab36dc60c4d9bdb68f7360b2f7090fb7ba5dc5defadb61e5cf7e91
-  data.tar.gz: a823aeb5b71c98ed8324a8ff74e573b7e2b1a44f975ee238569cb0f5a8c9277ed2513c101d314e96b257c61f488b55fd513df1eb9dfca83a344a66caf3064963
+  metadata.gz: 9025d41fdf1de349f3bc3e595eeca6eab68d8be7d26c9026a5d8aa2544e50574a75151539ad6c30e67e9cb99ce5ed1c94c1d3f9b109814cd171faa23cfe9141e
+  data.tar.gz: 793b85a398c663be4c835ff76a4d420170f0d58e6a09bafccd98042d61cfa181718b74769f2443897f85ebef150be11b66b3f9ddc1ac6f26833ac8f14e6dffa9

data/.rubocop.yml

@@ -17,9 +17,11 @@ Metrics/LineLength:
 RSpec/DescribeClass:
   Exclude:
     - spec/integration/**/*.rb
+    - spec/requests/**/*.rb
 RSpec/FilePath:
   Exclude:
     - spec/integration/**/*.rb
+    - spec/requests/**/*.rb
 RSpec/NestedGroups:
   Enabled: false
 RSpec/SubjectStub:

data/CHANGELOG.md

@@ -1,6 +1,13 @@
 # Changelog
 
 ## [Unreleased]
+### Added
+- Rack middleware that handles spid login requests
+- Rack middleware that handles spid logout requests
+- Rack middleware that handles spid sso assertion
+- Rack middleware that handles spid slo assertion
+- Rack middleware that handles spid metadata requests
+- Rack middleware that contains all specific middlewares
 
 ## [0.8.0] - 2018-07-26
 ### Added

data/lib/spid.rb

@@ -4,6 +4,7 @@ require "spid/authn_request"
 require "spid/logout_request"
 require "spid/sso"
 require "spid/slo"
+require "spid/rack"
 require "spid/metadata"
 require "spid/version"
 require "spid/configuration"

data/lib/spid/identity_provider.rb

@@ -4,11 +4,11 @@ require "onelogin/ruby-saml/idp_metadata_parser"
 
 module Spid
   class IdentityProvider # :nodoc:
-    attr_reader :name,
-                :entity_id,
-                :sso_target_url,
-                :slo_target_url,
-                :cert_fingerprint
+    attr_reader :name
+    attr_reader :entity_id
+    attr_reader :sso_target_url
+    attr_reader :slo_target_url
+    attr_reader :cert_fingerprint
 
     def initialize(
           name:,

data/lib/spid/rack.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "rack/builder"
+require "spid/rack/login"
+require "spid/rack/logout"
+require "spid/rack/sso"
+require "spid/rack/slo"
+require "spid/rack/metadata"
+
+module Spid
+  class Rack # :nodoc:
+    attr_reader :app
+
+    def initialize(app)
+      @app = ::Rack::Builder.new do
+        use Spid::Rack::Metadata
+        use Spid::Rack::Login
+        use Spid::Rack::Logout
+        use Spid::Rack::Sso
+        use Spid::Rack::Slo
+        run app
+      end
+    end
+
+    def call(env)
+      app.call(env)
+    end
+  end
+end

data/lib/spid/rack/login.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Spid
+  class Rack
+    class Login # :nodoc:
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        @sso = LoginEnv.new(env)
+        if @sso.valid_request?
+          @sso.response
+        else
+          app.call(env)
+        end
+      end
+
+      class LoginEnv # :nodoc:
+        attr_reader :env, :request
+
+        def initialize(env)
+          @env = env
+          @request = ::Rack::Request.new(env)
+        end
+
+        def response
+          [
+            301,
+            { "Location" => sso_url },
+            []
+          ]
+        end
+
+        def sso_url
+          Spid::Sso::Request.new(
+            idp_name: idp_name
+          ).to_saml
+        end
+
+        def valid_request?
+          valid_path? &&
+            !idp_name.nil?
+        end
+
+        def valid_path?
+          request.path == Spid.configuration.start_sso_path
+        end
+
+        def idp_name
+          request.params["idp_name"]
+        end
+      end
+    end
+  end
+end

data/lib/spid/rack/logout.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Spid
+  class Rack
+    class Logout # :nodoc:
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        @slo = LogoutEnv.new(env)
+        if @slo.valid_request?
+          @slo.response
+        else
+          app.call(env)
+        end
+      end
+
+      class LogoutEnv # :nodoc:
+        attr_reader :env, :request
+
+        def initialize(env)
+          @env = env
+          @request = ::Rack::Request.new(env)
+        end
+
+        def response
+          [
+            301,
+            { "Location" => slo_url },
+            []
+          ]
+        end
+
+        def slo_url
+          Spid::Slo::Request.new(
+            idp_name: idp_name,
+            session_index: spid_session["session-index"]
+          ).to_saml
+        end
+
+        def valid_request?
+          valid_path? &&
+            !idp_name.nil? &&
+            !spid_session.nil?
+        end
+
+        def valid_path?
+          request.path == Spid.configuration.start_slo_path
+        end
+
+        def spid_session
+          rack_session["spid"] unless rack_session.nil?
+        end
+
+        def rack_session
+          return if request.has_header?("rack.session").nil?
+          request.get_header("rack.session")
+        end
+
+        def idp_name
+          request.params["idp_name"]
+        end
+      end
+    end
+  end
+end

data/lib/spid/rack/metadata.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Spid
+  class Rack
+    class Metadata # :nodoc:
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        @metadata = MetadataEnv.new(env)
+
+        return @metadata.response if @metadata.valid_request?
+
+        app.call(env)
+      end
+
+      class MetadataEnv # :nodoc:
+        attr_reader :env, :request
+
+        def initialize(env)
+          @env = env
+          @request = ::Rack::Request.new(env)
+        end
+
+        def metadata
+          @metadata ||= ::Spid::Metadata.new
+        end
+
+        def response
+          [
+            200,
+            { "Content-Type" => "application/xml" },
+            metadata.to_xml
+          ]
+        end
+
+        def valid_request?
+          request.path == Spid.configuration.metadata_path
+        end
+      end
+    end
+  end
+end

data/lib/spid/rack/slo.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Spid
+  class Rack
+    class Slo # :nodoc:
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        @slo = SloEnv.new(env)
+        env["rack.session"].delete("spid") if @slo.valid_request?
+        app.call(env)
+      end
+
+      class SloEnv # :nodoc:
+        attr_reader :env
+        attr_reader :request
+
+        def initialize(env)
+          @env = env
+          @request = ::Rack::Request.new(env)
+        end
+
+        def valid_request?
+          request.path == Spid.configuration.slo_path
+        end
+      end
+    end
+  end
+end

data/lib/spid/rack/sso.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Spid
+  class Rack
+    class Sso # :nodoc:
+      attr_reader :app
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        @sso = SsoEnv.new(env)
+
+        if @sso.valid_request?
+          response = @sso.sso_response
+          env["rack.session"]["spid"] = {
+            "attributes" => response.attributes,
+            "session_index" => response.session_index
+          }
+        end
+        app.call(env)
+      end
+
+      class SsoEnv # :nodoc:
+        attr_reader :env
+        attr_reader :request
+
+        def initialize(env)
+          @env = env
+          @request = ::Rack::Request.new(env)
+        end
+
+        def saml_response
+          request.params["SAMLResponse"]
+        end
+
+        def valid_request?
+          request.path == Spid.configuration.acs_path
+        end
+
+        def sso_response
+          ::Spid::Sso::Response.new(body: saml_response)
+        end
+      end
+    end
+  end
+end

data/lib/spid/service_provider.rb

@@ -4,15 +4,15 @@ require "uri"
 
 module Spid
   class ServiceProvider # :nodoc:
-    attr_reader :host,
-                :acs_path,
-                :slo_path,
-                :metadata_path,
-                :private_key,
-                :certificate,
-                :digest_method,
-                :signature_method,
-                :attribute_service_name
+    attr_reader :host
+    attr_reader :acs_path
+    attr_reader :slo_path
+    attr_reader :metadata_path
+    attr_reader :private_key
+    attr_reader :certificate
+    attr_reader :digest_method
+    attr_reader :signature_method
+    attr_reader :attribute_service_name
 
     # rubocop:disable Metrics/ParameterLists
     def initialize(

data/lib/spid/slo/settings.rb

@@ -5,9 +5,9 @@ require "onelogin/ruby-saml/settings"
 module Spid
   module Slo
     class Settings # :nodoc:
-      attr_reader :service_provider,
-                  :identity_provider,
-                  :session_index
+      attr_reader :service_provider
+      attr_reader :identity_provider
+      attr_reader :session_index
 
       def initialize(
             service_provider:,

data/lib/spid/sso/request.rb

@@ -10,7 +10,7 @@ module Spid
       attr_reader :authn_context
       attr_reader :authn_context_comparison
 
-      def initialize(idp_name:, authn_context:)
+      def initialize(idp_name:, authn_context: Spid::L1)
         @idp_name = idp_name
         @authn_context = authn_context
       end

data/lib/spid/sso/response.rb

@@ -60,7 +60,7 @@ module Spid
       def normalize_key(key)
         ActiveSupport::Inflector.underscore(
           key.to_s
-        ).to_sym
+        ).to_s
       end
 
       def saml_response

data/lib/spid/sso/settings.rb

@@ -3,9 +3,10 @@
 module Spid
   module Sso
     class Settings # :nodoc:
-      attr_reader :service_provider,
-                  :identity_provider,
-                  :authn_context
+      attr_reader :service_provider
+      attr_reader :identity_provider
+      attr_reader :authn_context
+
       def initialize(
             service_provider:,
             identity_provider:,

data/lib/spid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spid
-  VERSION = "0.8.1"
+  VERSION = "0.9.0"
 end

data/spid.gemspec

@@ -24,8 +24,9 @@ Gem::Specification.new do |spec|
   }
   spec.required_ruby_version = ">= 2.3.0"
 
+  spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
+  spec.add_runtime_dependency "rack", ">= 1", "< 3"
   spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
-  spec.add_dependency "activesupport", ">= 3.0.0"
 
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit", "~> 0"

metadata

@@ -1,49 +1,75 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.9.0
 platform: ruby
 authors:
 - David Librera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-26 00:00:00.000000000 Z
+date: 2018-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: ruby-saml
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: 3.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.3'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 1.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -283,6 +309,12 @@ files:
 - lib/spid/identity_provider_manager.rb
 - lib/spid/logout_request.rb
 - lib/spid/metadata.rb
+- lib/spid/rack.rb
+- lib/spid/rack/login.rb
+- lib/spid/rack/logout.rb
+- lib/spid/rack/metadata.rb
+- lib/spid/rack/slo.rb
+- lib/spid/rack/sso.rb
 - lib/spid/service_provider.rb
 - lib/spid/slo.rb
 - lib/spid/slo/request.rb