RubyGems - spid - Versions diffs - 0.2.2 → 0.3.0 - Mend

spid 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +1 -0
data/CHANGELOG.md +8 -1
data/Gemfile +4 -0
data/README.md +15 -3
data/lib/spid.rb +24 -0
data/lib/spid/authn_request.rb +9 -55
data/lib/spid/generate_authn_request.rb +64 -0
data/lib/spid/identity_providers.rb +44 -0
data/lib/spid/idp_metadata.rb +38 -0
data/lib/spid/metadata.rb +73 -0
data/lib/spid/version.rb +1 -1
data/spid.gemspec +5 -0
metadata +88 -3
data/lib/spid/onelogin_extension.rb +0 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4e8d4ff447582b107751730b91bb3a2d20cc234516a3d0d3d54e3e8082478e8
-  data.tar.gz: e03ddeedd4ee9bb7dec109f53cfcb04035c29f7d58eb63ee5365f0bd89829bfc
+  metadata.gz: 202babbba4b9dae4431cf63d52deea481da1399657cda044e5782893f098b832
+  data.tar.gz: e03e68a394474fb59b7c20a4c7e336a21eff7aab876508cab468dcabd8e24449
 SHA512:
-  metadata.gz: a151e6770817d6f2ff0e6d18f3178bb6d1a5cb8335df7574bfc49169e8f16271bde3454bb8ba5b1abb1f466f07ba5b5b7d241bcc22328c7850af68e79aa6943d
-  data.tar.gz: 308b1f110d1e5ef74b6aaffbb1b64ac5260bae7c952c6006c8731c9f368d21452d4c706109cbdde5f211aececd79d6cbf1e4ff487e7cfd2195431148fbbb8a9f
+  metadata.gz: 9e5c12ec6d34ea8722bed6101ef27a7a2e754f80f4cd3d932bc7739a6355858603382755765fb57795273107f21cd449edd076f326e7744c59c2c29aa8d9e6bc
+  data.tar.gz: f611115901ccdff48084602cdcba4654452544dc13899da3954906679593f88ef1dd740649c549a6046b64e734c8ff1aa558ee3713e834563302339bfb768827

data/.travis.yml CHANGED Viewed

@@ -1,4 +1,5 @@
 language: ruby
+cache: bundler
 rvm:
  - 2.3
  - 2.4

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,12 @@
 ## [Unreleased]
+## [0.3.0] - 2018-07-06
+### Added
+- Fetch all identity provider from https://registry.spid.gov.it
+- Parse and store metadata from single Identity Provider
 ## [0.2.2] - 2018-07-02
 ### Fixed
 - Spid::L1 constant duplicated
@@ -26,7 +32,8 @@
 - Coveralls Integration
 - Rubygems version badge in README
-[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.2.2...HEAD
+[Unreleased]: https://github.com/italia/spid-ruby/compare/v0.3.0...HEAD
+[0.3.0]: https://github.com/italia/spid-ruby/compare/v0.2.2...v0.3.0
 [0.2.2]: https://github.com/italia/spid-ruby/compare/v0.2.1...v0.2.2
 [0.2.1]: https://github.com/italia/spid-ruby/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/italia/spid-ruby/compare/v0.1.1...v0.2.0

data/Gemfile CHANGED Viewed

@@ -6,3 +6,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # Specify your gem's dependencies in spid.gemspec
 gemspec
+gem "ruby-saml",
+    github: "onelogin/ruby-saml",
+    ref: "b0301c9da6c5c1674c29a8544c9e32d153bdbcca"

data/README.md CHANGED Viewed

@@ -2,15 +2,27 @@
 Ruby library for SPID authentication
 | Project                | Spid Ruby |
 | ---------------------- | ------------ |
 | Gem name               | spid |
 | License                | [MIT](https://github.com/italia/spid-ruby/blob/master/LICENSE) |
 | Version                | [![Gem Version](https://badge.fury.io/rb/spid.svg)](http://badge.fury.io/rb/spid) |
 | Continuous integration | [![Build Status](https://secure.travis-ci.org/italia/spid-ruby.svg?branch=master)](https://travis-ci.org/italia/spid-ruby) |
-| Test coverage          | [![Coverage Status](https://coveralls.io/repos/italia/spid-ruby/badge.svg)](https://coveralls.io/r/italia/spid-ruby) |
+| Test coverate          | [![Coverage Status](https://coveralls.io/repos/github/italia/spid-ruby/badge.svg?branch=master)](https://coveralls.io/github/italia/spid-ruby?branch=master) |
 | Credits                | [Contributors](https://github.com/italia/spid-ruby/graphs/contributors) |
+## Installation
+Add into your Gemfile
+```
+gem "ruby-saml",
+  github: "onelogin/ruby-saml",
+  ref: "b0301c9da6c5c1674c29a8544c9e32d153bdbcca"
+gem "spid"
+```
 ## Features
 |<img src="https://github.com/italia/spid-graphics/blob/master/spid-logos/spid-logo-c-lb.png?raw=true" width="100" /><br />_Compliance with [SPID regulations](http://www.agid.gov.it/sites/default/files/circolari/spid-regole_tecniche_v1.pdf) (for Service Providers)_||
@@ -26,8 +38,8 @@ Ruby library for SPID authentication
 |`AssertionConsumerServiceURL` customization||
 |`AssertionConsumerServiceIndex` customization||
 |`AttributeConsumingServiceIndex` customization||
-|`AuthnContextClassRef` (SPID level) customization||
-|`RequestedAuthnContext/@Comparison` customization||
+|`AuthnContextClassRef` (SPID level) customization|✓|
+|`RequestedAuthnContext/@Comparison` customization|✓|
 |`RelayState` customization (1.2.2)||
 |**Response/Assertion parsing**||
 |verification of `Response/Signature` value (if any)||

data/lib/spid.rb CHANGED Viewed

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 require "spid/authn_request"
+require "spid/generate_authn_request"
+require "spid/identity_providers"
+require "spid/metadata"
+require "spid/idp_metadata"
 require "spid/version"
 module Spid # :nodoc:
@@ -19,6 +23,26 @@ module Spid # :nodoc:
     MAXIMUM_COMPARISON
   ].freeze
+  SHA256 = XMLSecurity::Document::SHA256
+  SHA384 = XMLSecurity::Document::SHA384
+  SHA512 = XMLSecurity::Document::SHA512
+  DIGEST_METHODS = [
+    SHA256,
+    SHA384,
+    SHA512
+  ].freeze
+  RSA_SHA256 = XMLSecurity::Document::RSA_SHA256
+  RSA_SHA384 = XMLSecurity::Document::RSA_SHA384
+  RSA_SHA512 = XMLSecurity::Document::RSA_SHA512
+  SIGNATURE_METHODS = [
+    RSA_SHA256,
+    RSA_SHA384,
+    RSA_SHA512
+  ].freeze
   L1 = "https://www.spid.gov.it/SpidL1"
   L2 = "https://www.spid.gov.it/SpidL2"
   L3 = "https://www.spid.gov.it/SpidL3"

data/lib/spid/authn_request.rb CHANGED Viewed

@@ -1,67 +1,21 @@
 # frozen_string_literal: true
 require "onelogin/ruby-saml/authrequest"
-require "spid/onelogin_extension"
-require "onelogin/ruby-saml/settings"
 module Spid
-  class AuthnRequest # :nodoc:
-    using OneLoginExtension
-    attr_reader :authn_request_attributes
-    # rubocop:disable Metrics/MethodLength
-    def initialize(
-          idp_sso_target_url:,
-          assertion_consumer_service_url:,
-          issuer:,
-          authn_context: Spid::L1,
-          authn_context_comparison: Spid::EXACT_COMPARISON
-        )
-      unless AUTHN_CONTEXTS.include?(authn_context)
-        raise Spid::UnknownAuthnContextError,
-              "Provided authn_context is not valid:" \
-              " use one of #{AUTHN_CONTEXTS.join(', ')}"
-      end
-      unless COMPARISON_METHODS.include?(authn_context_comparison)
-        raise Spid::UnknownAuthnComparisonMethodError,
-              "Provided authn_context_comparison_method is not valid:" \
-              " use one of #{COMPARISON_METHODS.join(', ')}"
-      end
-      @authn_request_attributes = {
-        idp_sso_target_url: idp_sso_target_url,
-        assertion_consumer_service_url: assertion_consumer_service_url,
-        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-        issuer: issuer,
-        name_identifier_format: name_identifier_format,
-        authn_context: authn_context,
-        authn_context_comparison: authn_context_comparison
-      }
-      return if authn_context <= Spid::L1
-      @authn_request_attributes[:force_authn] = true
-    end
-    # rubocop:enable Metrics/MethodLength
-    def to_xml
-      authn_request.create_xml_document(saml_settings)
+  class AuthnRequest < ::OneLogin::RubySaml::Authrequest # :nodoc:
+    def create_xml_document(settings)
+      original_document = super(settings)
+      issuer_element = original_document.elements["//saml:Issuer"]
+      issuer_element.attributes["Format"] = format_entity
+      issuer_element.attributes["NameQualifier"] = settings.issuer
+      original_document
     end
     private
-    def name_identifier_format
-      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
-    end
-    def authn_request
-      ::OneLogin::RubySaml::Authrequest.new
-    end
-    def saml_settings
-      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    def format_entity
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
     end
   end
 end

data/lib/spid/generate_authn_request.rb ADDED Viewed

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+require "spid/authn_request"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class GenerateAuthnRequest # :nodoc:
+    attr_reader :authn_request_attributes
+    # rubocop:disable Metrics/MethodLength
+    def initialize(
+          idp_sso_target_url:,
+          assertion_consumer_service_url:,
+          issuer:,
+          authn_context: Spid::L1,
+          authn_context_comparison: Spid::EXACT_COMPARISON
+        )
+      unless AUTHN_CONTEXTS.include?(authn_context)
+        raise Spid::UnknownAuthnContextError,
+              "Provided authn_context is not valid:" \
+              " use one of #{AUTHN_CONTEXTS.join(', ')}"
+      end
+      unless COMPARISON_METHODS.include?(authn_context_comparison)
+        raise Spid::UnknownAuthnComparisonMethodError,
+              "Provided authn_context_comparison_method is not valid:" \
+              " use one of #{COMPARISON_METHODS.join(', ')}"
+      end
+      @authn_request_attributes = {
+        idp_sso_target_url: idp_sso_target_url,
+        assertion_consumer_service_url: assertion_consumer_service_url,
+        protocol_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+        issuer: issuer,
+        name_identifier_format: name_identifier_format,
+        authn_context: authn_context,
+        authn_context_comparison: authn_context_comparison
+      }
+      return if authn_context <= Spid::L1
+      @authn_request_attributes[:force_authn] = true
+    end
+    # rubocop:enable Metrics/MethodLength
+    def to_saml
+      authn_request.create(saml_settings)
+    end
+    private
+    def name_identifier_format
+      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+    end
+    def authn_request
+      AuthnRequest.new
+    end
+    def saml_settings
+      ::OneLogin::RubySaml::Settings.new authn_request_attributes
+    end
+  end
+end

data/lib/spid/identity_providers.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+require "faraday"
+require "faraday_middleware"
+module Spid
+  class IdentityProviders # :nodoc:
+    def self.fetch_all
+      new.fetch_all
+    end
+    def fetch_all
+      spid_idp_entities.map do |idp|
+        {
+          name: idp["entity_name"].gsub(/ ID$/, "").downcase,
+          metadata_url: idp["metadata_url"],
+          entity_id: idp["entity_id"]
+        }
+      end
+    end
+    private
+    def spid_idp_entities
+      return [] if response.body["spidFederationRegistry"].blank?
+      response.body["spidFederationRegistry"]["entities"]
+    end
+    def response
+      connection.get do |req|
+        req.url "/api/identity-providers"
+        req.headers["Accept"] = "application/json"
+      end
+    end
+    def connection
+      Faraday.new("https://registry.spid.gov.it") do |conn|
+        conn.response :json, content_type: /\bjson$/
+        conn.adapter Faraday.default_adapter
+      end
+    end
+  end
+end

data/lib/spid/idp_metadata.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+require "singleton"
+require "onelogin/ruby-saml/idp_metadata_parser"
+module Spid
+  class IdpMetadata # :nodoc:
+    include Singleton
+    def initialize
+      @identity_providers = Spid::IdentityProviders.fetch_all
+      @metadata = {}
+    end
+    def [](idp_name)
+      return @metadata[idp_name] if @metadata[idp_name].present?
+      idp_hash = identity_provider_hash(idp_name)
+      @metadata[idp_name] = parser.parse_remote_to_hash(
+        idp_hash[:metadata_url],
+        idp_hash[:metadata_url].start_with?("https://")
+      )
+      @metadata[idp_name]
+    end
+    def identity_provider_hash(idp_name)
+      @identity_providers.find do |idp|
+        idp[:name] == idp_name.to_s
+      end
+    end
+    private
+    def parser
+      @parser ||= ::OneLogin::RubySaml::IdpMetadataParser.new
+    end
+  end
+end

data/lib/spid/metadata.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require "onelogin/ruby-saml/metadata"
+require "onelogin/ruby-saml/settings"
+module Spid
+  class Metadata # :nodoc:
+    attr_reader :metadata_attributes,
+                :attribute_service_name
+    # rubocop:disable Metrics/MethodLength
+    # rubocop:disable Metrics/ParameterLists
+    def initialize(
+          issuer:,
+          private_key_filepath:,
+          certificate_filepath:,
+          assertion_consumer_service_url:,
+          single_logout_service_url:,
+          attribute_service_name:,
+          digest_method: Spid::SHA256,
+          signature_method: Spid::RSA_SHA256
+        )
+      @attribute_service_name = attribute_service_name
+      @metadata_attributes = {
+        issuer: issuer,
+        private_key: File.read(private_key_filepath),
+        certificate: File.read(certificate_filepath),
+        assertion_consumer_service_url: assertion_consumer_service_url,
+        single_logout_service_url: single_logout_service_url,
+        security: {
+          authn_requests_signed:     true,
+          logout_requests_signed:    false,
+          logout_responses_signed:   false,
+          want_assertions_signed:    false,
+          want_assertions_encrypted: false,
+          want_name_id:              false,
+          metadata_signed:           true,
+          embed_sign:                false,
+          digest_method:             digest_method,
+          signature_method:          signature_method
+        }
+      }
+    end
+    # rubocop:enable Metrics/ParameterLists
+    # rubocop:enable Metrics/MethodLength
+    def to_xml
+      metadata.generate(saml_settings)
+    end
+    private
+    def metadata
+      ::OneLogin::RubySaml::Metadata.new
+    end
+    def saml_settings
+      @saml_settings = ::OneLogin::RubySaml::Settings.new metadata_attributes
+      outer_self = self
+      @saml_settings.attribute_consuming_service.configure do
+        service_index 0
+        service_name outer_self.attribute_service_name
+        add_attribute name: "Name",
+                      name_format: "Name Format",
+                      friendly_name: "Friendly Name"
+      end
+      @saml_settings
+    end
+  end
+end

data/lib/spid/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.2.2"
+  VERSION = "0.3.0"
 end

data/spid.gemspec CHANGED Viewed

@@ -26,13 +26,18 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
+  spec.add_development_dependency "activesupport", ">= 3.0.0"
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit", "~> 0"
   spec.add_development_dependency "coveralls", "~> 0"
+  spec.add_development_dependency "faraday", "~> 0"
+  spec.add_development_dependency "faraday_middleware", "~> 0"
   spec.add_development_dependency "nokogiri", "~> 1.8", ">= 1.8.3"
   spec.add_development_dependency "pry", "~> 0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop", "0.57.2"
   spec.add_development_dependency "rubocop-rspec", "1.27.0"
+  spec.add_development_dependency "vcr", "~> 4.0", ">= 4.0.0"
+  spec.add_development_dependency "webmock", "~> 3.4", ">= 3.4.2"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-07-02 00:00:00.000000000 Z
+date: 2018-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-saml
@@ -30,6 +30,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -72,6 +86,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -162,6 +204,46 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 1.27.0
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.2
 description:
 email:
 - davidlibrera@gmail.com
@@ -181,7 +263,10 @@ files:
 - Rakefile
 - lib/spid.rb
 - lib/spid/authn_request.rb
-- lib/spid/onelogin_extension.rb
+- lib/spid/generate_authn_request.rb
+- lib/spid/identity_providers.rb
+- lib/spid/idp_metadata.rb
+- lib/spid/metadata.rb
 - lib/spid/version.rb
 - spid.gemspec
 homepage: https://github.com/italia/spid-ruby

data/lib/spid/onelogin_extension.rb DELETED Viewed

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-require "onelogin/ruby-saml/authrequest"
-module Spid
-  module OneLoginExtension # :nodoc:
-    refine ::OneLogin::RubySaml::Authrequest do
-      def create_xml_document(settings)
-        original_document = super(settings)
-        issuer_element = original_document.elements["//saml:Issuer"]
-        issuer_element.attributes["Format"] = format_entity
-        issuer_element.attributes["NameQualifier"] = settings.issuer
-        original_document
-      end
-      private
-      def format_entity
-        "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
-      end
-    end
-  end
-end