viisp-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6331d0c1295838706bc587d2382c2cd2d0f2b5d4
+  data.tar.gz: 8e703d61b9ce1a2be0985acf939915ab05403626
+SHA512:
+  metadata.gz: 33e015a4a3ccdf70b4b235148b34c8ae084a325cf7b74cd4db86fe8938155193f279dfd7e2416e051fec166379efc6029d8a8e06006d095860b21c3f1923095d
+  data.tar.gz: d374e996f9fd6bf5b68e9bef62f59b941f9250aee54cb9954af20e278402b283f907b38059016bda692e6db2a6d1bd806beaa0bf1c315bb72a834c1517cf01c8

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.ruby-version

@@ -0,0 +1 @@
+2.4.1

data/.travis.yml

@@ -0,0 +1,6 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.1
+  - 2.4.1
+before_install: gem install bundler -v 1.16.0

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at laurynas.butkus@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in viisp-auth.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,58 @@
+PATH
+  remote: .
+  specs:
+    viisp-auth (0.1.0)
+      faraday
+      nokogiri
+      xmldsig (~> 0.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    faraday (0.13.1)
+      multipart-post (>= 1.2, < 3)
+    hashdiff (0.3.7)
+    mini_portile2 (2.3.0)
+    multipart-post (2.0.0)
+    nokogiri (1.8.1)
+      mini_portile2 (~> 2.3.0)
+    public_suffix (3.0.1)
+    rake (10.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.0)
+    safe_yaml (1.0.4)
+    webmock (3.1.1)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    xmldsig (0.6.5)
+      nokogiri (>= 1.6.8, < 2.0.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  viisp-auth!
+  webmock (~> 3.1)
+
+BUNDLED WITH
+   1.16.0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Laurynas Butkus
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,106 @@
+# VIISP::Auth
+
+[![Build Status](https://travis-ci.org/laurynas/viisp-auth.svg?branch=master)](https://travis-ci.org/laurynas/viisp-auth)
+
+Lithuanian E-Government Gateway "Elektroniniai valdžios vartai" identity service client.
+
+VIISP identity service documentation: https://www.epaslaugos.lt/portal/content/1257
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'viisp-auth'
+```
+
+## Configuration
+
+```ruby
+VIISP::Auth.configure do |c|
+  c.pid = '1234'
+  c.private_key = OpenSSL::PKey::RSA.new(File.read('your-private-key.pem'))
+  c.postback_url = 'https://localhost'
+
+  # optional
+  c.providers = %w[auth.lt.identity.card auth.lt.bank]
+  c.attributes = %w[lt-personal-code lt-company-code] 
+  c.user_information = %w[firstName lastName companyName email]
+
+  # enable test mode
+  # (in test mode there is no need to set pid and private_key)
+  c.test = true
+end
+```
+
+## Usage
+
+Get an authentication ticket:
+
+```ruby
+ticket = VIISP::Auth.ticket
+```
+
+Redirected user to authentication portal with ticket using http POST.
+`VIISP::Auth.portal_endpoint` is a convenience method to get portal URL.
+
+Redirect form for testing: https://jsfiddle.net/kmrzpqwk/
+
+After successful authentication identity data can be fetched once.
+
+```ruby
+identity = VIISP::Auth.identity(
+  ticket: ticket,
+  include_source_data: true,
+)
+```
+
+Identity example:
+
+```ruby
+{
+  "authentication_provider" => "auth.lt.bank",
+  "attributes" => {
+    "lt-personal-code" => "XXXXXXXXXXX"
+  },
+  "user_information" => {
+    "firstName" => "VARDENIS",
+    "lastName" => "PAVARDENIS",
+    "companyName" => nil
+  },
+  "custom_data" => "correlation-123",
+  "source_data" => {
+    "type" => "BANKLINK",
+    "parameters" => {
+      "VK_USER" => "12345678900",
+      "VK_TIME" => "08:57:29"
+    }
+  }
+}
+```
+
+### Ticket arguments
+
+You can pass `custom_data` and override some configuration attributes when requesting ticket.
+
+```ruby
+ticket = VIISP::Auth.ticket(
+  custom_data: 'custom data',
+  postback_url: 'https://localhost',
+  providers: %w[auth.lt.identity.card auth.lt.bank],
+  attributes: %w[lt-personal-code lt-company-code],
+  user_information: %w[firstName lastName companyName email],
+)
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/laurynas/viisp-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the VIISP::Auth project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/laurynas/viisp-auth/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/certs/epaslaugos_ident.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAmoCCQDttqj6tPOteDANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMC
+TFQxGTAXBgNVBAgTEFZpbG5pYXVzIG0uIHNhdi4xEDAOBgNVBAcTB1ZpbG5pdXMx
+FjAUBgNVBAoTDUlWUEsgcHJpZSBMUlYxLjAsBgNVBAsTJVRhcnB6aW55YmluaXUg
+ZHVvbWVudSB2YWxkeW1vIHNreXJpdXMxGjAYBgNVBAMTEXd3dy5lcGFzbGF1Z29z
+Lmx0MSQwIgYJKoZIhvcNAQkBFhV0LnNha2FsYXVza2FzQGl2cGsubHQwHhcNMDgw
+OTA4MDgxMjM5WhcNMTMwOTA3MDgxMjM5WjCBxDELMAkGA1UEBhMCTFQxGTAXBgNV
+BAgTEFZpbG5pYXVzIG0uIHNhdi4xEDAOBgNVBAcTB1ZpbG5pdXMxFjAUBgNVBAoT
+DUlWUEsgcHJpZSBMUlYxLjAsBgNVBAsTJVRhcnB6aW55YmluaXUgZHVvbWVudSB2
+YWxkeW1vIHNreXJpdXMxGjAYBgNVBAMTEXd3dy5lcGFzbGF1Z29zLmx0MSQwIgYJ
+KoZIhvcNAQkBFhV0LnNha2FsYXVza2FzQGl2cGsubHQwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBANPh3WGh5Dy0JGjvl1Wv/rZfaaIfjIMhGTfDvxgO9Sf5WKnC
+6OB4rTZo1bprKPShhgnyaC0aD7rSIJF7JdsemmdYjGmEHXA5ZIQZ4+OkzwMufoYA
+JN6zZqYjGfen9m/kfF3jNyfNIZC2c2HkVyC9i5h+7eMeqfYyPNvhsrZiXM0XAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAVZaqAMGeMKoR1AKgSbHEcQDnEr36QkbndwRi
+mv9FolBbK7AVleg0qHvwk8qEFt/teMxe/BMxa5eVF/FOlPj6whSkRSBQdgRXM313
+FbMHxP3mCvkFfNDUiarlP7vsEoSDig9jtE/+PGwSJMcco8cCUr2zf9pbfZrKFBbx
+IEQI9wk=
+-----END CERTIFICATE-----

data/certs/testKey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAi+rh6NJ7Z6Q8XiMSVK/Z8DYXIyk5j7N9GUX8AOSKONabse4u
+s7/ogR0x7OOf0FsrdxAhQls59Wn1vDxujSVOu3v1JhML/v/WK8glcxM433oEEpb0
+C56XRHlt27Qkbsn6v3njC1z0NGyDFdAtg5PaMx7YmjyWR6ezMKj9wR5cK4CRZ7id
+m2PwzQaLUDFm7wUFXudZNkQ6pb60OvDw4ey1t68EVCPtq4nGdHG+3jlSDTTJc/03
+qk50pa6Nb/t5+EWsE3jFt/uhHim1rC2pMf5UrT26FL6/DjA0PxQFecc76zeuv3xb
+GSP7B7ubpG8fyatGb4oLB4eU0ceCJvqljGMP0wIDAQABAoIBAHsy5JxGyVZm7KjP
+JNLgzHuQhSr2n7KCjsJ0NwLqOTL29LzlRsYLUsRtWoqFmzCxNkJuN3rgLNaE6FVI
+uOcbVIoNCbzuxH9R8dk3MJJ0+Hz+SRu9Q0H/8J3gdfUgV3wd6OY0gtB8lqKacYoB
+djIHO/gLTxnwAzsw1L0h793dx7ac/x+yXoROXtCo8rJMxrY/iVjVHCb6wD48Vjqq
+JtOK3pn4LfHxzDzKCs2fBNDw880DCfN6tXi/D/+JSAlGhKdVN3eOxyNM/1POUQfP
+8IqMUWeQE+sOcWH7/Z85l40BOBoKqHAdWqHbXJLMI/4BwAv5/yKWtFcNNotEX8af
+mKH1qaECgYEAvegEsV3Ft07nldFoNcjzK0CyplcRUQ3PP8x22kb4Hguq0ZKHJIfz
+9DOYQpivt/f7Xn+W2Mkg/PKxE7lFVR/MqJRGw2lX2MUW72neycVRaSA+jz+5Lz2I
+I7He1kQPcSZyQvQNev2CeXqvukuNHkyjcDtkspCZsO1Ru+4arXCbblsCgYEAvJ0J
+qpJme3AV6WxMPn0OIt8REi42wftk6qUl30lGp3YctGSKWQOLkQGJJr2FrUrLB61j
+zV88kLwhz3t3ihmUg9pOfKIBeVxgIW7RQyinlDyGYOoKClxpNpLxYr92BhN8M9vN
+zLUHU15bF0qt03e3O8Pq5dvZBhOGYQ2EeEHDDekCgYAcd4s8izH4KHvOmXVlmpnZ
+AfnFtYeC/u7yQVQPpFPNLTKN98kKUNbg5FsOoJS2nxWvNLEIDh5DzJ1+t2cNO5cS
+LiftYv0oIWMuwFAFLu7lM1AtaP/5dN/TefZNaCZob7rxDmR260mDrEBrTKf6wsI9
+MKoHmmVvgCOgaDDXjum9wQKBgHnSUAD8p/aIMY7fZOtjaDL7spH0iWeHEOpBGpH6
+SQk2T1nwKi9OC+HvhP8hn+qKiVH/Gpv2LC8rZAcXruDinrr+0HzNQnh5Qpm1crGW
+243x/bUw1KVWhJo8FG58TSWlhi4UhPr33bBqHBmSIW2ZQB747oniEm1LRRsAWRQ3
+HV2pAoGAR1ik8TmDQ4eD5CUlGKwQfL4LMCFl2XdCJNqwAjQ1maEKPj0u/zBBuKJ2
+9Et3e3xoqo6Fz2m4u7+l3czoYquittKGS0s0iSC2F4wXhT0PaE8WrocPO2oK+9bc
+jZU8N3XM9rPmJruEw8sEsE4t/Cvi+rxTYp8zVgg0H9nkPyw4L7Y=
+-----END RSA PRIVATE KEY-----

data/lib/viisp/auth.rb

@@ -0,0 +1,50 @@
+require 'nokogiri'
+require 'viisp/auth/version'
+require 'viisp/auth/configuration'
+require 'viisp/auth/errors'
+require 'viisp/auth/client'
+require 'viisp/auth/signing'
+require 'viisp/auth/identity'
+require 'viisp/auth/requests/soap'
+require 'viisp/auth/requests/signature'
+require 'viisp/auth/requests/ticket'
+require 'viisp/auth/requests/identity'
+
+module VIISP
+  module Auth
+    module_function
+
+    def configure
+      yield(configuration)
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def client
+      @client ||= Client.new
+    end
+
+    def portal_endpoint
+      configuration.portal_endpoint
+    end
+
+    def ticket(options = {})
+      request = Requests::Ticket.new(options).build
+
+      doc = client.post(request)
+      doc.remove_namespaces!
+      doc.at('ticket')&.text
+    end
+
+    def identity(options = {})
+      request = Requests::Identity.new(options).build
+
+      doc = client.post(request)
+      doc.remove_namespaces!
+
+      Identity.new(doc).to_hash
+    end
+  end
+end

data/lib/viisp/auth/client.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'faraday'
+
+module VIISP
+  module Auth
+    class Client
+      def post(document)
+        with_error_handling do
+          request = Signing.sign(document)
+          response = connection.post('', request)
+          xml = Nokogiri::XML(response.body)
+          Signing.validate!(xml)
+          xml
+        end
+      end
+
+      private
+
+      def with_error_handling
+        yield
+      rescue Faraday::ClientError => e
+        raise(RequestError, "#{e.message}. #{e.response}")
+      end
+
+      def connection
+        @connection ||= Faraday.new(url: configuration.endpoint) do |builder|
+          builder.options[:timeout] = configuration.read_timeout
+          builder.options[:open_timeout] = configuration.open_timeout
+
+          builder.headers['Accept'] = 'application/xml'
+
+          builder.response :raise_error
+
+          builder.adapter Faraday.default_adapter
+        end
+      end
+
+      def configuration
+        VIISP::Auth.configuration
+      end
+    end
+  end
+end