RubyGems - spid - Versions diffs - 0.1.1 → 0.2.0 - Mend

spid 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.rubocop.yml +15 -2
data/CHANGELOG.md +18 -0
data/README.md +94 -1
data/lib/spid/authn_request.rb +67 -0
data/lib/spid/onelogin_extension.rb +23 -0
data/lib/spid/version.rb +1 -1
data/lib/spid.rb +25 -0
data/spid.gemspec +5 -0
metadata +61 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4263c52fe9ae0ffeeb32f9cd54182eb9f1bf9bb2ab38b9cb5b70e26a38de0b69
-  data.tar.gz: 41027c24f8d1670d872cbd435700ca4c88088069a55d636a7bc0efbeab35d32b
+  metadata.gz: 8bfca421b316c9cb55e172e5eefc1c1acff12376dbb74716c5c3dbee76d316cd
+  data.tar.gz: 7ec28aa7150994bdc8d7e8e2f49161707d55de55a7099b4e910feaca9a700513
 SHA512:
-  metadata.gz: '0592956575aa696a56da640b6dd96dfb697c152ebdea83a5e90605c46f06e3dabe948f19bb07f733730ba036cf00b7ab417a2d5b83bb7d53754afe3241b085f1'
-  data.tar.gz: b91bdb30739159198722722157d3f75382913ad5f0bc7633828d6a4ab58de44b655f4d0220544a96721a9d27d2fc0cdf7bb448db4c6617fdee77e66955ff7c9a
+  metadata.gz: fad0ca14fa9fb3c7de38439dce599dd736fc654537e2503c326ec73611bb7779e451a2ea90c51c3dd24938f638940bdc14a7bf67a970031184cfff072a3ec930
+  data.tar.gz: 86e1822001f127add77c36b3feb27656ab3899b10db2a3a074f6891cc1d257e665d33c02635be31525d90b58922e8af4cd3d5ad3d68e44cafb8475970d503535

data/.rubocop.yml CHANGED Viewed

@@ -1,5 +1,18 @@
+require: rubocop-rspec
 AllCops:
-  TargetRubyVersion: "2.3"
+  Exclude:
+    - bin/stubs/*
+  TargetRubyVersion: 2.3
+Layout/DotPosition:
+  EnforcedStyle: trailing
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*.rb
+RSpec/NestedGroups:
+  Enabled: false
+Style/EmptyMethod:
+  EnforcedStyle: expanded
 Style/StringLiterals:
-  EnforcedStyle: "double_quotes"
+  EnforcedStyle: double_quotes

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,18 @@
+# Changelog
+## [Unreleased]
+## [0.2.0] - 2018-07-02
+### Added
+- Feature table in README
+- Spid::AuthnRequest create a SAML AuthnRequest specific for SPID
+- Added CHANGELOG.md
+## 0.1.1 - 2018-06-27
+### Added
+- TravisCI Integration
+- Coveralls Integration
+- Rubygems version badge in README
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.0.2...HEAD
+[0.2.0]: https://github.com/italia/spid-ruby/compare/v0.1.1...v0.2.0

data/README.md CHANGED Viewed

@@ -1,2 +1,95 @@
-# spid-ruby [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg)](https://travis-ci.org/italia/spid-ruby) [![Gem Version](https://badge.fury.io/rb/spid.svg)](https://badge.fury.io/rb/spid)
+# spid-ruby
 Ruby library for SPID authentication
+| Project                | Spid Ruby |
+| ---------------------- | ------------ |
+| Gem name               | spid |
+| License                | [MIT](https://github.com/italia/spid-ruby/blob/master/LICENSE) |
+| Version                | [![Gem Version](https://badge.fury.io/rb/spid.svg)](http://badge.fury.io/rb/spid) |
+| Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
+| Test coverage          | [![Coverage Status](https://coveralls.io/repos/italia/spid-ruby/badge.svg)](https://coveralls.io/r/italia/spid-ruby) |
+| Credits                | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
+## Features
+|<img src="https://github.com/italia/spid-graphics/blob/master/spid-logos/spid-logo-c-lb.png?raw=true" width="100" /><br />_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Service Providers)_||
+|:---|:---|
+|**Metadata:**||
+|parsing of IdP XML metadata (1.2.2.4)||
+|parsing of AA XML metadata (2.2.4)||
+|SP XML metadata generation (1.3.2)||
+|**AuthnRequest generation (1.2.2.1):**||
+|generation of AuthnRequest XML|✓|
+|HTTP-Redirect binding||
+|HTTP-POST binding|✓|
+|`AssertionConsumerServiceURL` customization||
+|`AssertionConsumerServiceIndex` customization||
+|`AttributeConsumingServiceIndex` customization||
+|`AuthnContextClassRef` (SPID level) customization||
+|`RequestedAuthnContext/@Comparison` customization||
+|`RelayState` customization (1.2.2)||
+|**Response/Assertion parsing**||
+|verification of `Response/Signature` value (if any)||
+|verification of `Response/Signature` certificate (if any) against IdP/AA metadata||
+|verification of `Assertion/Signature` value||
+|verification of `Assertion/Signature` certificate against IdP/AA metadata||
+|verification of `SubjectConfirmationData/@Recipient`||
+|verification of `SubjectConfirmationData/@NotOnOrAfter`||
+|verification of `SubjectConfirmationData/@InResponseTo`||
+|verification of `Issuer`||
+|verification of `Destination`||
+|verification of `Conditions/@NotBefore`||
+|verification of `Conditions/@NotOnOrAfter`||
+|verification of `Audience`||
+|parsing of Response with no `Assertion` (authentication/query failure)||
+|parsing of failure `StatusCode` (Requester/Responder)||
+|**Response/Assertion parsing for SSO (1.2.1, 1.2.2.2, 1.3.1):**||
+|parsing of `NameID`||
+|parsing of `AuthnContextClassRef` (SPID level)||
+|parsing of attributes||
+|**Response/Assertion parsing for attribute query (2.2.2.2, 2.3.1):**||
+|parsing of attributes||
+|**LogoutRequest generation (for SP-initiated logout):**||
+|generation of LogoutRequest XML||
+|HTTP-Redirect binding||
+|HTTP-POST binding||
+|**LogoutResponse parsing (for SP-initiated logout):**||
+|parsing of LogoutResponse XML||
+|verification of `Response/Signature` value (if any)||
+|verification of `Response/Signature` certificate (if any) against IdP metadata||
+|verification of `Issuer`||
+|verification of `Destination`||
+|PartialLogout detection||
+|**LogoutRequest parsing (for third-party-initiated logout):**||
+|parsing of LogoutRequest XML||
+|verification of `Response/Signature` value (if any)||
+|verification of `Response/Signature` certificate (if any) against IdP metadata||
+|verification of `Issuer`||
+|verification of `Destination`||
+|parsing of `NameID`||
+|**LogoutResponse generation (for third-party-initiated logout):**||
+|generation of LogoutResponse XML||
+|HTTP-Redirect binding||
+|HTTP-POST binding||
+|PartialLogout customization||
+|**AttributeQuery generation (2.2.2.1):**||
+|generation of AttributeQuery XML||
+|SOAP binding (client)||
+|<img src="https://github.com/italia/spid-graphics/blob/master/spid-logos/spid-logo-c-lb.png?raw=true" width="100" /><br />_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Attribute Authorities)_||
+|:---|:---|
+|**Metadata:**||
+|parsing of SP XML metadata (1.3.2)||
+|AA XML metadata generation (2.2.4)||
+|**AttributeQuery parsing (2.2.2.1):**||
+|parsing of AttributeQuery XML||
+|verification of `Signature` value||
+|verification of `Signature` certificate against SP metadata||
+|verification of `Issuer`||
+|verification of `Destination`||
+|parsing of `Subject/NameID`||
+|parsing of requested attributes||
+|**Response/Assertion generation (2.2.2.2):**||
+|generation of `Response/Assertion` XML||
+|Signature||

data/lib/spid/authn_request.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/authrequest"
+require "spid/onelogin_extension"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class AuthnRequest # :nodoc:
+    using OneLoginExtension
+    attr_reader :authn_request_attributes
+    # rubocop:disable Metrics/MethodLength
+    def initialize(
+          idp_sso_target_url:,
+          assertion_consumer_service_url:,
+          issuer:,
+          authn_context: Spid::L1,
+          authn_context_comparison: Spid::EXACT_COMPARISON
+        )
+      unless AUTHN_CONTEXTS.include?(authn_context)
+        raise Spid::UnknownAuthnContextError,
+              "Provided authn_context is not valid:" \
+              " use one of #{AUTHN_CONTEXTS.join(', ')}"
+      end
+      unless COMPARISON_METHODS.include?(authn_context_comparison)
+        raise Spid::UnknownAuthnComparisonMethodError,
+              "Provided authn_context_comparison_method is not valid:" \
+              " use one of #{COMPARISON_METHODS.join(', ')}"
+      end
+      @authn_request_attributes = {
+        idp_sso_target_url: idp_sso_target_url,
+        assertion_consumer_service_url: assertion_consumer_service_url,
+        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+        issuer: issuer,
+        name_identifier_format: name_identifier_format,
+        authn_context: authn_context,
+        authn_context_comparison: authn_context_comparison
+      }
+      return if authn_context <= Spid::L1
+      @authn_request_attributes[:force_authn] = true
+    end
+    # rubocop:enable Metrics/MethodLength
+    def to_xml
+      authn_request.create_xml_document(saml_settings)
+    end
+    private
+    def name_identifier_format
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+    end
+    def authn_request
+      ::OneLogin::RubySaml::Authrequest.new
+    end
+    def saml_settings
+      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    end
+  end
+end

data/lib/spid/onelogin_extension.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/authrequest"
+module Spid
+  module OneLoginExtension # :nodoc:
+    refine ::OneLogin::RubySaml::Authrequest do
+      def create_xml_document(settings)
+        original_document = super(settings)
+        issuer_element = original_document.elements["//saml:Issuer"]
+        issuer_element.attributes["Format"] = format_entity
+        issuer_element.attributes["NameQualifier"] = settings.issuer
+        original_document
+      end
+      private
+      def format_entity
+        "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
+      end
+    end
+  end
+end

data/lib/spid/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/spid.rb CHANGED Viewed

@@ -1,6 +1,31 @@
 # frozen_string_literal: true
+require "spid/authn_request"
 require "spid/version"
 module Spid # :nodoc:
+  class UnknownAuthnComparisonMethodError < StandardError; end
+  class UnknownAuthnContextError < StandardError; end
+  EXACT_COMPARISON = :exact
+  MININUM_COMPARISON = :minumum
+  BETTER_COMPARISON = :better
+  MAXIMUM_COMPARISON = :maximum
+  COMPARISON_METHODS = [
+    EXACT_COMPARISON,
+    MININUM_COMPARISON,
+    BETTER_COMPARISON,
+    MAXIMUM_COMPARISON
+  ].freeze
+  L1 = "urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL1"
+  L2 = "urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL2"
+  L3 = "urn:oasis:names:tc:SAML:2.0:ac:classes:SpidL3"
+  AUTHN_CONTEXTS = [
+    L1,
+    L2,
+    L3
+  ].freeze
 end

data/spid.gemspec CHANGED Viewed

@@ -18,10 +18,15 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.3.0"
+  spec.add_runtime_dependency "ruby-saml", "~> 1.8.0"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit"
   spec.add_development_dependency "coveralls"
+  spec.add_development_dependency "nokogiri"
+  spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "rubocop-rspec"
 end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-06-27 00:00:00.000000000 Z
+date: 2018-07-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +66,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +136,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description:
 email:
 - davidlibrera@gmail.com
@@ -105,12 +161,15 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - lib/spid.rb
+- lib/spid/authn_request.rb
+- lib/spid/onelogin_extension.rb
 - lib/spid/version.rb
 - spid.gemspec
 homepage: https://github.com/italia/spid-ruby