RubyGems - spid - Versions diffs - 0.18.0 → 0.19.0 - Mend

spid 0.18.0 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89a40be6cd513657d224483f7964c0d63f9479554faa866490f5fe144ced2a44
-  data.tar.gz: 39cadb77a01ce43ffb023510a7b5b4a6e855ef026aea92f84aae944d13cb3bdf
+  metadata.gz: 88d30a5ec3f2a9f08ee40952ebbbe6227bfd9c282542f86d477cb4624a73563f
+  data.tar.gz: 6bebd6eaaaab8f143ff3ee39dca472d0bc98ba6546508350f21f41c6acd2f44f
 SHA512:
-  metadata.gz: 6a56e687614772ead99c9d2b7601c207ad015f9051384eb3474ff0a29512b68f9c0fbcf16d1001a16274949df0273a2cbe1eb7ac7c54ca65dd5bbd616d9a559b
-  data.tar.gz: db706901ef49f6a6169b07315af2896a356c8ef1e3ac0e87127f34f953ec5270fe4943cdd2cd25a258e63ecea9b73e3c5852f8652ac2759e83d638f2fec4a035
+  metadata.gz: 6b9ac8240be222488e51da6b8e223952de6b6b54dcb17d0caa5baca2c210ce7a93ce173b7dd70f66332119dd08a11a55de529b0e96ceabf6bab6db65857f0c3f
+  data.tar.gz: d4711b83f7d0479b706a5a15c6a49c953e8352a1b1c0582879cbb77b7f0daa09e9a0d846bc70665396ebceb91468a5a58a0b59549ebca6788793c0e5b6bb9776

data/CHANGELOG.md CHANGED

@@ -2,6 +2,11 @@
 ## [Unreleased]
+## [0.19.0] - 2018-09-14
+### Added
+- Opaque relay state
+- Logging of AuthnRequest and Response
 ## [0.18.0] - 2018-09-12
 ### Removed
 - Rails specific code
@@ -151,7 +156,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.18.0...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.19.0...HEAD
+[0.19.0]: https://github.com/italia/spid-ruby/compare/v0.18.0...v0.19.0
 [0.18.0]: https://github.com/italia/spid-ruby/compare/v0.17.3...v0.18.0
 [0.17.3]: https://github.com/italia/spid-ruby/compare/v0.17.2...v0.17.3
 [0.17.2]: https://github.com/italia/spid-ruby/compare/v0.17.1...v0.17.2

data/README.md CHANGED

@@ -8,6 +8,8 @@
 | Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
 | Test coverate          | [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) |
 | Credits                | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
+| Slack Channel          | [![Join the #spid-ruby channel](https://img.shields.io/badge/Slack%20channel-%23spid--ruby-blue.svg?logo=slack)](https://developersitalia.slack.com/messages/C7F1H35L5 ) [![Get invited](https://slack.developers.italia.it/badge.svg)](https://slack.developers.italia.it/) |
+| Forum                  | [![SPID on forum.italia.it](https://img.shields.io/badge/Forum-SPID-blue.svg)](https://forum.italia.it/c/spid) |
 ## Installazione & Configurazione
@@ -54,6 +56,8 @@ tramite il quale potete accedere alle seguenti configurazioni:
 |config.signature_method|Spid::RSA_SHA256|Algoritmo utilizzato per la generazione della signature XML||
 |config.acs_binding|Spid::BINDINGS_HTTP_POST|Binding method utilizzato per la ricezione dell'Assertion di autenticazione||
 |config.slo_binding|Spid::BINDINGS_HTTP_REDIRECT|Binding method utilizzato ler la ricezione dell'Assertion di chiusura della sessione||
+|config.logging_enabled|false|Se true, abilita il logging delle richieste||
+|config.logger|Logger.new($stdout)|Indica lo stream dove viene salvato il log delle AuthnRequest e delle Response||
 #### Attribute Services
 Il protocollo SPID prevede la possibilità di specificare almeno un servizio di attributi. Ogni servizio ha un nome e un elenco di attributi richiesti.
@@ -140,7 +144,6 @@ Spid.configure do |config|
 end
 ```
 ## Funzionamento
 ### Login
@@ -240,3 +243,43 @@ Per iniziare un logout con SPID l'url da utilizzare è `/spid/logout?idp_name=po
 |**Response/Assertion generation (2.2.2.2):**||
 |generation of `Response/Assertion` XML||
 |Signature||
+## Testing
+Clona il repository
+```bash
+$ git clone git@github.com:italia/spid-ruby
+$ cd spid-ruby
+$ bundle install
+$ bundle exec rake
+ ```
+## Contribuire
+Chiunque è benvenuto nella community e libero di contribuire al suo sviluppo. Ci aspettiamo che chi contribuisca aderisca al codice di condotta [Contributor Covenant](http://contributor-covenant.org).
+Per contribuire al repository
+* Forka il progetto
+* Crea il tuo feature branch `git checkout -b my-feature-branch`
+* Committa le tue modifiche `git commit -a -m "Add some feature"`
+* Pusha il tuo branch `git push origin my-feature-branch -u`
+* Crea una pull request
+Essendo SPID un sistema atto a garatire un sistema di autenticazione certificato con le PA la correttezza del codice deve essere sempre garantita, pertanto ogni pull request che andrà a modificare il codice della libreria dovrà essere corredato degli specifici tests che ne dimostrano la correttezza. Pertanto pull requests senza relativi tests non verranno mergiate.
+Nel caso di apertura di una issue relativa ad un bug, siete pregati di fornire o un commit con un test fallimentare o tutti gli step necessari alla riproduzione del bug.
+## License
+Questa gemma è disponibile in open source sotto i termini della [licenza BSD-3](https://opensource.org/licenses/BSD-3-Clause)
+## Code of Conduct
+Chiunque interagisca con il codice, l'issue tracker o qualunque altro canale di comunicazione è pregato di rispettare il seguente [codice di condotta](https://github.com/italia/spid-ruby/blob/master/CODE_OF_CONDUCT.md).
+## Authors
+* [David Librera](https://github.com/davidlibrera) - [Cantiere Creativo <img src="https://www.cantierecreativo.net/images/illustrations/logo-07f378ea.svg"/>](https://www.cantierecreativo.net)

data/lib/spid/configuration.rb CHANGED

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "logger"
 module Spid
   class Configuration # :nodoc:
     attr_accessor :idp_metadata_dir_path
@@ -17,10 +19,14 @@ module Spid
     attr_accessor :attribute_services
     attr_accessor :private_key_pem
     attr_accessor :certificate_pem
+    attr_accessor :logging_enabled
+    attr_accessor :logger
     def initialize
       @idp_metadata_dir_path    = "idp_metadata"
       @attribute_services       = []
+      @logging_enabled          = false
+      @logger                   = ::Logger.new $stdout
       init_endpoint
       init_bindings
       init_dig_sig_methods

data/lib/spid/rack/login.rb CHANGED

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "digest"
 module Spid
   class Rack
     class Login # :nodoc:
@@ -31,10 +33,12 @@ module Spid
         def response
           session["sso_request_uuid"] = responser.uuid
+          session["relay_state"] = { relay_state_id => relay_state }
+          session["idp"] = idp_name
+          log_message
           [
-            302,
-            { "Location" => sso_url },
-            []
+            302, { "Location" => sso_url }, []
           ]
         end
@@ -47,7 +51,7 @@ module Spid
             begin
               Spid::Sso::Request.new(
                 idp_name: idp_name,
-                relay_state: relay_state,
+                relay_state: relay_state_id,
                 attribute_index: attribute_consuming_service_index,
                 authn_context: authn_context
               )
@@ -64,7 +68,13 @@ module Spid
         end
         def relay_state
-          request.params["relay_state"]
+          request.params["relay_state"] ||
+            Spid.configuration.default_relay_state_path
+        end
+        def relay_state_id
+          digest = Digest::MD5.hexdigest(relay_state)
+          "_#{digest}"
         end
         def idp_name
@@ -78,6 +88,12 @@ module Spid
         def attribute_consuming_service_index
           request.params["attribute_index"] || "0"
         end
+        def log_message
+          return nil unless Spid.configuration.logging_enabled
+          Spid.configuration.logger.info responser.saml_message.delete("\n")
+        end
       end
     end
   end

data/lib/spid/rack/logout.rb CHANGED

@@ -27,10 +27,12 @@ module Spid
         def response
           session["slo_request_uuid"] = responser.uuid
+          session["relay_state"] = {
+            relay_state_id => relay_state
+          }
+          session["idp"] = idp_name
           [
-            302,
-            { "Location" => slo_url },
-            []
+            302, { "Location" => slo_url }, []
           ]
         end
@@ -47,7 +49,7 @@ module Spid
             begin
               Spid::Slo::Request.new(
                 idp_name: idp_name,
-                relay_state: relay_state,
+                relay_state: relay_state_id,
                 session_index: spid_session["session_index"]
               )
             end
@@ -68,7 +70,13 @@ module Spid
         end
         def relay_state
-          request.params["relay_state"]
+          request.params["relay_state"] ||
+            Spid.configuration.default_relay_state_path
+        end
+        def relay_state_id
+          digest = Digest::MD5.hexdigest(relay_state)
+          "_#{digest}"
         end
         def idp_name

data/lib/spid/rack/slo.rb CHANGED

@@ -17,6 +17,7 @@ module Spid
         app.call(env)
       end
+      # rubocop:disable Metrics/ClassLength
       class SloEnv # :nodoc:
         attr_reader :env
         attr_reader :request
@@ -41,7 +42,7 @@ module Spid
         def response_sp_initiated
           [
             302,
-            { "Location" => relay_state },
+            { "Location" => @relay_state },
             responser.response
           ]
         end
@@ -59,18 +60,28 @@ module Spid
         end
         def response
+          @relay_state = relay_state unless idp_initiated?
           validate_session
           return response_idp_initiated if idp_initiated?
           response_sp_initiated
         end
+        def relay_state_param
+          request.params["RelayState"]
+        end
+        def request_relay_state
+          if !relay_state_param.nil? ||
+             relay_state_param != ""
+            session["relay_state"][relay_state_param]
+          end
+        end
         def relay_state
-          if !request.params["RelayState"].nil? &&
-             request.params["RelayState"] != ""
-            request.params["RelayState"]
-          else
-            Spid.configuration.default_relay_state_path
+          if request_relay_state.nil?
+            return Spid.configuration.default_relay_state_path
           end
+          session["relay_state"][relay_state_param]
         end
         def valid_get?
@@ -139,6 +150,7 @@ module Spid
           )
         end
       end
+      # rubocop:enable Metrics/ClassLength
     end
   end
 end

data/lib/spid/rack/sso.rb CHANGED

@@ -24,6 +24,7 @@ module Spid
         def initialize(env)
           @env = env
           @request = ::Rack::Request.new(env)
+          @relay_state = relay_state
         end
         def session
@@ -35,6 +36,7 @@ module Spid
           session["session_index"] = responser.session_index
           session.delete("sso_request_uuid")
           session.delete("errors")
+          session.delete("relay_state")
         end
         def store_session_failure
@@ -45,15 +47,14 @@ module Spid
         end
         def response
+          log_message
           if valid_response?
             store_session_success
           else
             store_session_failure
           end
           [
-            302,
-            { "Location" => relay_state },
-            []
+            302, { "Location" => @relay_state }, []
           ]
         end
@@ -61,13 +62,23 @@ module Spid
           request.params["SAMLResponse"]
         end
+        def relay_state_param
+          request.params["RelayState"]
+        end
+        def request_relay_state
+          if !relay_state_param.nil? &&
+             relay_state_param != "" &&
+             !session["relay_state"].nil?
+            session["relay_state"][relay_state_param]
+          end
+        end
         def relay_state
-          if !request.params["RelayState"].nil? &&
-             request.params["RelayState"] != ""
-            request.params["RelayState"]
-          else
-            Spid.configuration.default_relay_state_path
+          if request_relay_state.nil?
+            return Spid.configuration.default_relay_state_path
           end
+          session["relay_state"][relay_state_param]
         end
         def valid_get?
@@ -102,6 +113,12 @@ module Spid
             request_uuid: session["sso_request_uuid"]
           )
         end
+        def log_message
+          return nil unless Spid.configuration.logging_enabled
+          Spid.configuration.logger.info responser.saml_message.delete("\n")
+        end
       end
     end
   end

data/lib/spid/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.18.0"
+  VERSION = "0.19.0"
 end

data/spid.gemspec CHANGED

@@ -25,10 +25,10 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.3.0"
   spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
+  spec.add_runtime_dependency "listen", ">= 0"
   spec.add_runtime_dependency "rack", ">= 1", "< 3"
   spec.add_runtime_dependency "rake", ">= 10.0", "< 13"
   spec.add_runtime_dependency "xmldsig", ">= 0.6.6"
-  spec.add_runtime_dependency "listen", ">= 0"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit", "~> 0"

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 0.19.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-12 00:00:00.000000000 Z
+date: 2018-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -30,6 +30,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.3'
+- !ruby/object:Gem::Dependency
+  name: listen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -84,20 +98,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.6.6
-- !ruby/object:Gem::Dependency
-  name: listen
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement