spid 0.11.0 → 0.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -1
  3. data/lib/spid.rb +22 -0
  4. data/lib/spid/configuration.rb +3 -3
  5. data/lib/spid/rack/login.rb +6 -1
  6. data/lib/spid/saml2/authn_request.rb +2 -1
  7. data/lib/spid/saml2/service_provider.rb +22 -3
  8. data/lib/spid/saml2/settings.rb +13 -2
  9. data/lib/spid/saml2/sp_metadata.rb +36 -0
  10. data/lib/spid/sso/request.rb +5 -1
  11. data/lib/spid/version.rb +1 -1
  12. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8d65f97b5bd606942de9c2bba4a7fe60fadb90de3bf8526d8c80bec3a2ce29ff
4
- data.tar.gz: 72d85f52db6688edb9f90f3176af9889b15052b8bc7a45b3eee1c61e269cb825
3
+ metadata.gz: bc64c3b3b469b3e5e031547db6c09e359902aa6c15b3d37b3426e7549ecc2ebd
4
+ data.tar.gz: 02e57b8f55b111ec4c0ed1074c023e816077df9e687897f0acb1ad58d0b2b3d8
5
5
  SHA512:
6
- metadata.gz: 7c0ed6e05c1b45a9a395ea4f4c41c6b45279adc712546bd167ed17a0a3dfba4f28367b287394c22078e95abe561253903153e253a1a967ac4adcf669393a0448
7
- data.tar.gz: a8f863472e7f5dcd85abbdb514b3aa8509ac42d7eab1c76eac53aa5eab9af5ae4bef44d159855a0d4cdb609f085a58d878299390243cfde3bb9d9754d96ed316
6
+ metadata.gz: 9d2c88ef7f6a5ddaab7ba1e35b6e93c7fea274db9a1fddeaa066d070ec5a49fee3457ef882ced3303b5a5f55aeecdecf5cddccb5ecaf198049b2e770c0c23f91
7
+ data.tar.gz: 3ba760f88fc7e765d4d71e6381753859d0fe84731bd606cffc884f083db0a83e9d367694a3c38716101a227e96171117989eae91acbe9d378b225aeef54b1396
data/CHANGELOG.md CHANGED
@@ -2,6 +2,10 @@
2
2
 
3
3
  ## [Unreleased]
4
4
 
5
+ ## [0.12.0] - 2018-08-27
6
+ ### Added
7
+ - AttributeConsumingService management
8
+
5
9
  ## [0.11.0] - 2018-08-23
6
10
  ### Changed
7
11
  - Use custom Saml2 library instead of ruby-saml gem
@@ -93,7 +97,8 @@
93
97
  - Coveralls Integration
94
98
  - Rubygems version badge in README
95
99
 
96
- [Unreleased]: https://github.com/italia/spid-ruby/compare/v0.11.0...HEAD
100
+ [Unreleased]: https://github.com/italia/spid-ruby/compare/v0.12.0...HEAD
101
+ [0.12.0]: https://github.com/italia/spid-ruby/compare/v0.11.0...v0.12.0
97
102
  [0.11.0]: https://github.com/italia/spid-ruby/compare/v0.10.0...v0.11.0
98
103
  [0.10.0]: https://github.com/italia/spid-ruby/compare/v0.9.0...v0.10.0
99
104
  [0.9.0]: https://github.com/italia/spid-ruby/compare/v0.8.0...v0.9.0
data/lib/spid.rb CHANGED
@@ -14,6 +14,8 @@ module Spid # :nodoc:
14
14
  class UnknownAuthnContextError < StandardError; end
15
15
  class UnknownDigestMethodError < StandardError; end
16
16
  class UnknownSignatureMethodError < StandardError; end
17
+ class UnknownAttributeFieldError < StandardError; end
18
+ class MissingAttributeServicesError < StandardError; end
17
19
 
18
20
  EXACT_COMPARISON = :exact
19
21
  MINIMUM_COMPARISON = :minimum
@@ -69,6 +71,26 @@ module Spid # :nodoc:
69
71
  L3
70
72
  ].freeze
71
73
 
74
+ ATTRIBUTES_MAP = {
75
+ spid_code: "spidCode",
76
+ name: "name",
77
+ family_name: "familyName",
78
+ place_of_birth: "placeOfBirth",
79
+ date_of_birth: "dateOfBirth",
80
+ gender: "gender",
81
+ company_name: "companyName",
82
+ registered_office: "registeredOffice",
83
+ fiscal_number: "fiscalNumber",
84
+ iva_code: "ivaCode",
85
+ id_card: "idCard",
86
+ mobile_phone: "mobilePhone",
87
+ email: "email",
88
+ address: "address",
89
+ digital_address: "digitalAddress"
90
+ }.freeze
91
+
92
+ ATTRIBUTES = ATTRIBUTES_MAP.keys.freeze
93
+
72
94
  class << self
73
95
  attr_writer :configuration
74
96
  end
data/lib/spid/configuration.rb CHANGED
@@ -13,14 +13,14 @@ module Spid
13
13
  attr_accessor :signature_method
14
14
  attr_accessor :private_key
15
15
  attr_accessor :certificate
16
- attr_accessor :attribute_service_name
17
16
  attr_accessor :default_relay_state_path
18
17
  attr_accessor :acs_binding
19
18
  attr_accessor :slo_binding
19
+ attr_accessor :attribute_services
20
20
 
21
21
  def initialize
22
22
  @idp_metadata_dir_path = "idp_metadata"
23
- @attribute_service_name = nil
23
+ @attribute_services = []
24
24
  init_endpoint
25
25
  init_bindings
26
26
  init_dig_sig_methods
@@ -60,7 +60,7 @@ module Spid
60
60
  slo_binding: slo_binding, metadata_path: metadata_path,
61
61
  private_key: private_key, certificate: certificate,
62
62
  digest_method: digest_method, signature_method: signature_method,
63
- attribute_service_name: attribute_service_name, host: hostname
63
+ attribute_services: attribute_services, host: hostname
64
64
  )
65
65
  end
66
66
  end
data/lib/spid/rack/login.rb CHANGED
@@ -37,7 +37,8 @@ module Spid
37
37
  def sso_url
38
38
  Spid::Sso::Request.new(
39
39
  idp_name: idp_name,
40
- relay_state: relay_state
40
+ relay_state: relay_state,
41
+ attribute_index: attribute_consuming_service_index
41
42
  ).url
42
43
  end
43
44
 
@@ -57,6 +58,10 @@ module Spid
57
58
  def idp_name
58
59
  request.params["idp_name"]
59
60
  end
61
+
62
+ def attribute_consuming_service_index
63
+ request.params["attribute_index"] || "0"
64
+ end
60
65
  end
61
66
  end
62
67
  end
data/lib/spid/saml2/authn_request.rb CHANGED
@@ -43,7 +43,8 @@ module Spid
43
43
  "Version" => "2.0",
44
44
  "IssueInstant" => issue_instant,
45
45
  "Destination" => settings.idp_sso_target_url,
46
- "AssertionConsumerServiceIndex" => settings.acs_index
46
+ "AssertionConsumerServiceIndex" => settings.acs_index,
47
+ "AttributeConsumingServiceIndex" => settings.attribute_index
47
48
  }
48
49
  attributes["ForceAuthn"] = true if settings.force_authn?
49
50
  attributes
data/lib/spid/saml2/service_provider.rb CHANGED
@@ -15,7 +15,7 @@ module Spid
15
15
  attr_reader :certificate
16
16
  attr_reader :digest_method
17
17
  attr_reader :signature_method
18
- attr_reader :attribute_service_name
18
+ attr_reader :attribute_services
19
19
 
20
20
  # rubocop:disable Metrics/ParameterLists
21
21
  # rubocop:disable Metrics/MethodLength
@@ -30,7 +30,7 @@ module Spid
30
30
  certificate:,
31
31
  digest_method:,
32
32
  signature_method:,
33
- attribute_service_name:
33
+ attribute_services:
34
34
  )
35
35
  @host = host
36
36
  @acs_path = acs_path
@@ -42,7 +42,8 @@ module Spid
42
42
  @certificate = certificate
43
43
  @digest_method = digest_method
44
44
  @signature_method = signature_method
45
- @attribute_service_name = attribute_service_name
45
+ @attribute_services = attribute_services
46
+ validate_digest_methods
46
47
  validate_attributes
47
48
  end
48
49
  # rubocop:enable Metrics/MethodLength
@@ -63,6 +64,24 @@ module Spid
63
64
  private
64
65
 
65
66
  def validate_attributes
67
+ if attribute_services.empty?
68
+ raise MissingAttributeServicesError,
69
+ "Provide at least one attribute service"
70
+ elsif attribute_services.any? { |as| !validate_attribute_service(as) }
71
+ raise UnknownAttributeFieldError,
72
+ "Provided attribute in services are not valid:" \
73
+ " use only fields in #{ATTRIBUTES.join(', ')}"
74
+ end
75
+ end
76
+
77
+ def validate_attribute_service(attribute_service)
78
+ return false unless attribute_service.key?(:name)
79
+ return false unless attribute_service.key?(:fields)
80
+ not_valid_fields = attribute_service[:fields] - ATTRIBUTES
81
+ not_valid_fields.empty?
82
+ end
83
+
84
+ def validate_digest_methods
66
85
  if !DIGEST_METHODS.include?(digest_method)
67
86
  raise UnknownDigestMethodError,
68
87
  "Provided digest method is not valid:" \
data/lib/spid/saml2/settings.rb CHANGED
@@ -8,9 +8,16 @@ module Spid
8
8
  attr_reader :identity_provider
9
9
  attr_reader :service_provider
10
10
  attr_reader :authn_context
11
-
12
- def initialize(identity_provider:, service_provider:, authn_context: nil)
11
+ attr_reader :attribute_index
12
+
13
+ def initialize(
14
+ identity_provider:,
15
+ service_provider:,
16
+ attribute_index: nil,
17
+ authn_context: nil
18
+ )
13
19
  @authn_context = authn_context || Spid::L1
20
+ @attribute_index = attribute_index
14
21
  unless AUTHN_CONTEXTS.include?(@authn_context)
15
22
  raise Spid::UnknownAuthnContextError,
16
23
  "Provided authn_context '#{@authn_context}' is not valid:" \
@@ -53,6 +60,10 @@ module Spid
53
60
  service_provider.slo_binding
54
61
  end
55
62
 
63
+ def sp_attribute_services
64
+ service_provider.attribute_services
65
+ end
66
+
56
67
  def private_key
57
68
  service_provider.private_key
58
69
  end
data/lib/spid/saml2/sp_metadata.rb CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  module Spid
4
4
  module Saml2
5
+ # rubocop:disable Metrics/ClassLength
5
6
  class SPMetadata # :nodoc:
6
7
  attr_reader :document
7
8
  attr_reader :settings
@@ -37,6 +38,8 @@ module Spid
37
38
  }
38
39
  end
39
40
 
41
+ # rubocop:disable Metrics/MethodLength
42
+ # rubocop:disable Metrics/AbcSize
40
43
  def sp_sso_descriptor
41
44
  @sp_sso_descriptor ||=
42
45
  begin
@@ -45,9 +48,41 @@ module Spid
45
48
  element.add_element key_descriptor
46
49
  element.add_element ac_service
47
50
  element.add_element slo_service
51
+ settings.sp_attribute_services.each.with_index do |service, index|
52
+ name = service[:name]
53
+ fields = service[:fields]
54
+ element.add_element attribute_consuming_service(
55
+ index, name, fields
56
+ )
57
+ end
48
58
  element
49
59
  end
50
60
  end
61
+ # rubocop:enable Metrics/AbcSize
62
+ # rubocop:enable Metrics/MethodLength
63
+
64
+ def attribute_consuming_service(index, name, fields)
65
+ element = REXML::Element.new("md:AttributeConsumingService")
66
+ element.add_attributes("index" => index)
67
+ element.add_element service_name(name)
68
+ fields.each do |field|
69
+ element.add_element requested_attribute(field)
70
+ end
71
+ element
72
+ end
73
+
74
+ def service_name(name)
75
+ element = REXML::Element.new("md:ServiceName")
76
+ element.add_attributes("xml:lang" => "it")
77
+ element.text = name
78
+ element
79
+ end
80
+
81
+ def requested_attribute(name)
82
+ element = REXML::Element.new("md:RequestedAttribute")
83
+ element.add_attributes("Name" => ATTRIBUTES_MAP[name])
84
+ element
85
+ end
51
86
 
52
87
  def sp_sso_descriptor_attributes
53
88
  @sp_sso_descriptor_attributes ||= {
@@ -100,5 +135,6 @@ module Spid
100
135
  end
101
136
  end
102
137
  end
138
+ # rubocop:enable Metrics/ClassLength
103
139
  end
104
140
  end
data/lib/spid/sso/request.rb CHANGED
@@ -5,17 +5,20 @@ module Spid
5
5
  class Request # :nodoc:
6
6
  attr_reader :idp_name
7
7
  attr_reader :relay_state
8
+ attr_reader :attribute_index
8
9
  attr_reader :authn_context
9
10
  attr_reader :authn_context_comparison
10
11
 
11
12
  def initialize(
12
13
  idp_name:,
14
+ attribute_index:,
13
15
  relay_state: nil,
14
16
  authn_context: nil
15
17
  )
16
18
  @idp_name = idp_name
17
19
  @relay_state = relay_state
18
20
  @authn_context = authn_context || Spid::L1
21
+ @attribute_index = attribute_index
19
22
  @relay_state =
20
23
  begin
21
24
  relay_state || Spid.configuration.default_relay_state_path
@@ -53,7 +56,8 @@ module Spid
53
56
  @settings ||= Spid::Saml2::Settings.new(
54
57
  identity_provider: identity_provider,
55
58
  service_provider: service_provider,
56
- authn_context: authn_context
59
+ authn_context: authn_context,
60
+ attribute_index: attribute_index
57
61
  )
58
62
  end
59
63
 
data/lib/spid/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spid
4
- VERSION = "0.11.0"
4
+ VERSION = "0.12.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spid
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 0.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Librera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-23 00:00:00.000000000 Z
11
+ date: 2018-08-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport