From d9f17bed4758a51f100f07c22f04a40eae8a4ecf Mon Sep 17 00:00:00 2001 From: David Librera Date: Tue, 11 Sep 2018 20:08:58 +0200 Subject: [PATCH 01/21] Not run rubocop on /bin/stubs directory --- .rubocop.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.rubocop.yml b/.rubocop.yml index cc32da4..ebcd9d7 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1 +1,5 @@ inherit_from: .rubocop_todo.yml + +AllCops: + Exclude: + - bin/stubs/* From 6c7022768c4ec7e51294ec2c534a0595cc56d396 Mon Sep 17 00:00:00 2001 From: David Librera Date: Tue, 11 Sep 2018 20:09:17 +0200 Subject: [PATCH 02/21] Force version on rubocop --- spid-rails.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spid-rails.gemspec b/spid-rails.gemspec index 828ac6c..2c17035 100644 --- a/spid-rails.gemspec +++ b/spid-rails.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.4' s.add_development_dependency 'bundler-audit' - s.add_development_dependency 'rubocop' + s.add_development_dependency 'rubocop', '0.57.2' s.add_development_dependency 'simplecov' s.add_development_dependency 'sqlite3', '~> 1.3' end From 4fb21d8201f0dc75063799a32df4685dc79585df Mon Sep 17 00:00:00 2001 From: David Librera Date: Tue, 11 Sep 2018 20:26:42 +0200 Subject: [PATCH 03/21] Allow rails 4.2 or greater --- spid-rails.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spid-rails.gemspec b/spid-rails.gemspec index 2c17035..8f96548 100644 --- a/spid-rails.gemspec +++ b/spid-rails.gemspec @@ -18,7 +18,7 @@ Gem::Specification.new do |s| s.files = Dir['{app,config,db,lib}/**/*', 'MIT-LICENSE', 'Rakefile', 'README.md'] - s.add_dependency 'rails', '~> 5.1', '>= 5.1.4' + s.add_dependency 'rails', '>= 4.2' s.add_dependency 'ruby-saml', '~> 1.8.0' # Resolve CVE-2018-3741 vulnerability From fbc5da79b61c0b43a7f5667e98d56d5ff0461109 Mon Sep 17 00:00:00 2001 From: David Librera Date: Tue, 11 Sep 2018 20:28:11 +0200 Subject: [PATCH 04/21] Use add_runtime_dependency --- spid-rails.gemspec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spid-rails.gemspec b/spid-rails.gemspec index 8f96548..fc01f5e 100644 --- a/spid-rails.gemspec +++ b/spid-rails.gemspec @@ -18,11 +18,11 @@ Gem::Specification.new do |s| s.files = Dir['{app,config,db,lib}/**/*', 'MIT-LICENSE', 'Rakefile', 'README.md'] - s.add_dependency 'rails', '>= 4.2' - s.add_dependency 'ruby-saml', '~> 1.8.0' + s.add_runtime_dependency 'rails', '~> 5.1', '>= 5.1.4' + s.add_runtime_dependency 'ruby-saml', '~> 1.8.0' # Resolve CVE-2018-3741 vulnerability - s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.4' + s.add_runtime_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.4' s.add_development_dependency 'bundler-audit' s.add_development_dependency 'rubocop', '0.57.2' From 965e46d8600a8c4280b4b7f756af55d70c14a03f Mon Sep 17 00:00:00 2001 From: David Librera Date: Tue, 11 Sep 2018 20:28:44 +0200 Subject: [PATCH 05/21] Use spid gem --- spid-rails.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/spid-rails.gemspec b/spid-rails.gemspec index fc01f5e..61f990a 100644 --- a/spid-rails.gemspec +++ b/spid-rails.gemspec @@ -23,6 +23,7 @@ Gem::Specification.new do |s| # Resolve CVE-2018-3741 vulnerability s.add_runtime_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.4' + s.add_runtime_dependency 'spid', '>= 0.17.2' s.add_development_dependency 'bundler-audit' s.add_development_dependency 'rubocop', '0.57.2' From d8e9fd73c64a6a4651cb83de2df7254708140131 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:46:43 +0200 Subject: [PATCH 06/21] Change metadata conformity in order to use spid metadata rack component --- lib/spid-rails.rb | 40 +------------- lib/spid-rails/engine.rb | 7 +-- lib/spid-rails/route_helper.rb | 16 ++++++ spid-rails.gemspec | 3 +- test/dummy/config/application.rb | 1 + test/dummy/config/initializers/spid.rb | 24 +++++++++ test/dummy/config/spid-certificate.pem | 29 +++++++++++ test/dummy/config/spid-private-key.pem | 52 +++++++++++++++++++ .../spid/rails/metadata_conformity_test.rb | 12 +++-- 9 files changed, 137 insertions(+), 47 deletions(-) create mode 100644 lib/spid-rails/route_helper.rb create mode 100644 test/dummy/config/initializers/spid.rb create mode 100644 test/dummy/config/spid-certificate.pem create mode 100644 test/dummy/config/spid-private-key.pem diff --git a/lib/spid-rails.rb b/lib/spid-rails.rb index 2c1b004..0e3703c 100644 --- a/lib/spid-rails.rb +++ b/lib/spid-rails.rb @@ -1,44 +1,8 @@ +require 'spid' require 'spid-rails/engine' +require 'spid-rails/route_helper' module Spid module Rails - - # Mount point di Spid sull'applicazione - mattr_accessor :mount_point - @@mount_point = 'spid' - - # Url alla quale e' disponibile il metadata del provider - mattr_accessor :metadata_path - @@metadata_path = 'metadata' - - # Url alla quale ricevere le risposte di autenticazione Saml - mattr_accessor :sso_path - @@sso_path = 'sso' - - # Url alla quale ricevere le risposte di logout Saml - mattr_accessor :slo_path - @@slo_path = 'slo' - - # Percorso relativo alla root dell'app - # al quale reperire la coppia chiave privata - certificato - mattr_accessor :keys_path - @@keys_path = 'lib/.keys/' - - # Livello di crittografia SHA per la generazione delle signature - mattr_accessor :sha - @@sha = 256 - - def self.app_metadata_path - "#{mount_point}/#{@@metadata_path}" - end - - def self.app_sso_path - "#{mount_point}/#{@@sso_path}" - end - - def self.app_slo_path - "#{mount_point}/#{@@slo_path}" - end - end end diff --git a/lib/spid-rails/engine.rb b/lib/spid-rails/engine.rb index a700f90..c2718ef 100644 --- a/lib/spid-rails/engine.rb +++ b/lib/spid-rails/engine.rb @@ -5,11 +5,8 @@ module Spid module Rails class Engine < ::Rails::Engine - isolate_namespace Spid::Rails - - initializer 'spid-rails.load_custom_idp_list' do - path_to_list = ::Rails.root.join('config', 'spid-rails', 'idp_import.yml') - Spid::Idp.import(path_to_list) if File.exist?(path_to_list) + initializer 'spid_rails_engine' do |_app| + ActionView::Base.send :include, ::Spid::Rails::RouteHelper end end diff --git a/lib/spid-rails/route_helper.rb b/lib/spid-rails/route_helper.rb new file mode 100644 index 0000000..8825b26 --- /dev/null +++ b/lib/spid-rails/route_helper.rb @@ -0,0 +1,16 @@ +module Spid + module Rails + module RouteHelper + def metadata_path + Spid.configuration.metadata_path + end + + def metadata_url + URI.join( + Spid.configuration.hostname, + metadata_path + ).to_s + end + end + end +end diff --git a/spid-rails.gemspec b/spid-rails.gemspec index 61f990a..ad59a3b 100644 --- a/spid-rails.gemspec +++ b/spid-rails.gemspec @@ -23,9 +23,10 @@ Gem::Specification.new do |s| # Resolve CVE-2018-3741 vulnerability s.add_runtime_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.4' - s.add_runtime_dependency 'spid', '>= 0.17.2' + s.add_runtime_dependency 'spid', '>= 0.17.3' s.add_development_dependency 'bundler-audit' + s.add_development_dependency 'pry-byebug' s.add_development_dependency 'rubocop', '0.57.2' s.add_development_dependency 'simplecov' s.add_development_dependency 'sqlite3', '~> 1.3' diff --git a/test/dummy/config/application.rb b/test/dummy/config/application.rb index d7953ad..58fdef5 100644 --- a/test/dummy/config/application.rb +++ b/test/dummy/config/application.rb @@ -13,5 +13,6 @@ class Application < Rails::Application # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. + config.middleware.use(::Spid::Rack) end end diff --git a/test/dummy/config/initializers/spid.rb b/test/dummy/config/initializers/spid.rb new file mode 100644 index 0000000..0188710 --- /dev/null +++ b/test/dummy/config/initializers/spid.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +Spid.configure do |config| + config.hostname = 'http://localhost' + + config.idp_metadata_dir_path = Rails.root.join('config/idp_metadata') + config.private_key_pem = File.read(Rails.root.join('config', 'spid-private-key.pem')) + config.certificate_pem = File.read(Rails.root.join('config', 'spid-certificate.pem')) + + config.metadata_path = '/spid/metadata' + config.login_path = '/spid/login' + config.logout_path = '/spid/logout' + config.acs_path = '/spid/sso' + config.slo_path = '/spid/slo' + config.default_relay_state_path = '/' + + config.digest_method = Spid::SHA512 + config.signature_method = Spid::RSA_SHA512 + config.acs_binding = Spid::BINDINGS_HTTP_POST + config.slo_binding = Spid::BINDINGS_HTTP_REDIRECT + config.attribute_services = [ + { name: 'Service1', fields: ['email'] } + ] +end diff --git a/test/dummy/config/spid-certificate.pem b/test/dummy/config/spid-certificate.pem new file mode 100644 index 0000000..ca2f5f4 --- /dev/null +++ b/test/dummy/config/spid-certificate.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8DCCAtigAwIBAgIJAJQAgt9YnDLlMA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNV +BAYTAklUMB4XDTE4MDkxMTE4MzE1OVoXDTE4MTAxMTE4MzE1OVowDTELMAkGA1UE +BhMCSVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2zZVrb60LrY4m +XvBMDJEpryFz1gybAmPO43Zppj2QmFKmZRuoNZLfegU/u84hE0CoYRWpsC8C5BWg +YsChAwBfgkojXS//NjvxlngCn+KogZM4nb1XVqj4zkYNenZQy/Q41JYtoIJ5AymF +kIr8sXrzPm2qNXQ7Fl2MQYr3L1JJ3Kxl4Z5N7n65AMuEmt1gCI9R6tm3kAGjiGeE +MzYqejrPHzvOkUuDf+TbakJ4KXoCzghmleK4bsWU+PKpYUNZAA8HgZfUKMVHdOss +1ih5V+XpYgZJBYyXYP8F84dAo4epMdo6toIUmuQ1Yva+EhIkFGvS4O1FCAKPp/EI +L1F2y/xZwmqDwXhfkXbfvjVB+wYtnAoYfeRS+5my620BTBniyMjX9TxMoM4Xr9/c +z97gGs2KEqoTkq3B3CpyTI7II77utQkHcfnLU6KS/NPC+Tagmt0r7AMWduNd4HAM +naAWyYy8Vf+Xf+bcojL9BPqEZ1/mEkIQBARqaZ+oYzJKoVX8fqFf0w4nSy7wjPKD +SLj/pRt0M2uPNb+BlGRTJi4xbvHAWvt0I1AwNOUNHyOkegmHYGy+aD1HhyxYXtiv +XpNhQmUfmRK2cYqGTCQ1iEx90TWWlzMIUtpgsL8ht4eVATrGnduuMhL5WxayC8Q9 +IPtADt40ofu7EJg27DzPnoWPFTGSbwIDAQABo1MwUTAdBgNVHQ4EFgQU/x3y6dwQ +HCR79TgwRZNv/2De1JkwHwYDVR0jBBgwFoAU/x3y6dwQHCR79TgwRZNv/2De1Jkw +DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATg37Qe9zm+AdX878 +0vFb6++E0VJvsgwa+/NE9hFHL1klYIWxfCGWXnG4lbtKbBVKzKzyW3tx3NQR74Xf +/+dOffTB1ARumIi+l0z79bAXEb/qOLfShYqK11PXW5rVWfSSo9ehOQsHGRwidctO +pongFOd8Z3QVJ2SUKrBaM25baV3e5XRwNrYkyhNtDYM743rGYQ5qSANGXd0O5q8v +9a5ZY8jprMf8XEFlOB3W/QQjQtqSl+WuoNe+XozyJG+e49fX4vPp7iW8i/u57Xth +EalQ82hvA6G30Oo6qgOj18XoIl0rdlJF0s4ZWj+IAkDTTmkxCKINFFQqVzn04xJR +8joPiUe0EIwJrhTKqx88c5t/a5VocxezhDtHEC0OXWBjN+P5zr+RJgOrroM5B6t+ +OLDKyYssK0+QyTUqhmbWzfiq+bkRGxs8weLdeZON8u796/csmolSusv4obT517d0 +CW8mrSnCga+UaSKe3qPY/YAUNCR6q2Xr6XhJKtXKnCo9sYzKhshzv/297Zmtqk7p +ULGaN+m3QebQc/JcBt9AKCtaYOwQWwCVS6g/9XUXTYJbMtT4Q2B3G3FB7yDtT+NB +5Qrdt4ynXQfP2lR+c5lFoUADFx5LA8nyW0+4JurXH+kCo5Wuf7eZTtziWb2uldOg +GWqg80wWN2pu3djScqYjUce56SM= +-----END CERTIFICATE----- diff --git a/test/dummy/config/spid-private-key.pem b/test/dummy/config/spid-private-key.pem new file mode 100644 index 0000000..5763c3f --- /dev/null +++ b/test/dummy/config/spid-private-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC2zZVrb60LrY4m +XvBMDJEpryFz1gybAmPO43Zppj2QmFKmZRuoNZLfegU/u84hE0CoYRWpsC8C5BWg +YsChAwBfgkojXS//NjvxlngCn+KogZM4nb1XVqj4zkYNenZQy/Q41JYtoIJ5AymF +kIr8sXrzPm2qNXQ7Fl2MQYr3L1JJ3Kxl4Z5N7n65AMuEmt1gCI9R6tm3kAGjiGeE +MzYqejrPHzvOkUuDf+TbakJ4KXoCzghmleK4bsWU+PKpYUNZAA8HgZfUKMVHdOss +1ih5V+XpYgZJBYyXYP8F84dAo4epMdo6toIUmuQ1Yva+EhIkFGvS4O1FCAKPp/EI +L1F2y/xZwmqDwXhfkXbfvjVB+wYtnAoYfeRS+5my620BTBniyMjX9TxMoM4Xr9/c +z97gGs2KEqoTkq3B3CpyTI7II77utQkHcfnLU6KS/NPC+Tagmt0r7AMWduNd4HAM +naAWyYy8Vf+Xf+bcojL9BPqEZ1/mEkIQBARqaZ+oYzJKoVX8fqFf0w4nSy7wjPKD +SLj/pRt0M2uPNb+BlGRTJi4xbvHAWvt0I1AwNOUNHyOkegmHYGy+aD1HhyxYXtiv +XpNhQmUfmRK2cYqGTCQ1iEx90TWWlzMIUtpgsL8ht4eVATrGnduuMhL5WxayC8Q9 +IPtADt40ofu7EJg27DzPnoWPFTGSbwIDAQABAoICAGyRfvu28NRtuG4rlpXkJNbX +74tHhmcNrU9zoqEunYPiI7w1co6deuSFKNboaI0WTSFzv5TvUYxrADkoTXWTPcZ7 +sCJ+twHhKQrbrd0JLmmbw18tuAVGL8bNY6efouNrrlmOUL86hCLw8NkltpZLplUP +L7yWULjDGL4zMyCJl1rM2AsOS6HHUrX3tefEvlPJ4azqSXIO8ho46hoG/FWQEJtw +1mlhu7KW48o4us94+sDtsumSfXvCNlC65gwY+xHByitQGWdk6337/6y6aIFg5eiN +UmROCmjhr7TOJPcL6IdhV1XljS5Fq+HVK+xI+UM6aatt8R09m5/MQ4fz6nMexXlc +axuM+rqbzlw6lzs6TwPR1iX+Ma5ilLYJSrWQ+seY1p6cCV75VDDjuIUOHTe1D/Pc +sBu71Dg51/uH7hZlh35gPGGoEMf2DKTJi65dp2C90bpYxw2DPXcgU4wJxKFOs4fH +Fn5P1qUFadN37MfF7Ij0jjiX1DnB67KO2+HQwcXDPfSL4OyRimxY89+Fb1GzhVwA +/FxFpdtlMfkM/uAe262sVt6ucl45XFLOSUYfoQXC/2Rr+BukVKF6O5yBWLmIDTj5 +Zq7y01+IAvKi1NaB6Zdlr6Ke1lnmPf7eT3W7pUtTH/7L9JU2I616vYoFNaBgbY44 +/LVCjl8rxzOsJ7I1d4jRAoIBAQDlUtQ5UZkq+4gF91naKHoE/36nuoSZJ9hNriyW +fyFMdO4yp1iYi3JF5i5ur59vsMUYZoVMPr3OF38maX/BKR4rdjVexGrLcnFnh2tE +cAStLlsz9YyVVIg8P6T60s4eGnzFmgDxkRcgPDKHbE5JgyedzIaYnDibACH306po +VGcylT6mWxO8Bwiv7C9/uRHKMlrBGHgvXp2VB2tgR3xscqRIvcuKZ4Hu+VobgJ62 +XVLMffr5AbJz8QYPK+8z6XgDR4CTquy0JyztnR0whjNqX8jmFqlBmo/gMKDUtBVe +XuVkjcnPs7j1QORbPykqK/xGXeNhJ3eKjGE50BeJWZEIH+qpAoIBAQDMEWQ/+q9W +aFkJEjrAtscIaS/pCqxLNQ7Riqs/3aQYXHeLbTAnyIIYeCdJ5LB4cdnlJSJK/D0c +XVqbb/akF/7a4z1HVDyR0BmmZUOGg6bYWax+4ClOylXFX2VOOrMmjPsjdx64IfpV +n09WC5lXLfjHqippxu8EDWsiTUcURp6VdMQQWWNm6SXbRhUcLLR9paQucKb6Qzv3 +OYF/4csQgc2CAHILe0DaFfMLcyo4xtpplO/3MNngCls7DGjXynfwHQQS7853Itaz +ICp9kepAvXJNJutC8HpePAGeDCIzjE9z/VEViTm18eCCqgyjjXa3P/7q7R+fxzlw +Ab1hqTRgcRtXAoIBADisE45mv/eDWcY/rpDfV+hMS7yft40x756i4JoAqPYAH62c +9aQdMgxcKjVoaXpssQiqrV5+UuHPpLiVceEGjFIpUF8vI0VL7wKq0LOFC2LRBfD9 +SdTNoy1gfSEPX6jI2vTqbjlEpfZtaf9VoLNCGlRA6zJjyQllKv/X61EFKsuxXl42 +O9ZH1rnDIKnrzp2tfAgkR+9M7pyZzMtqXzFd04O2g8qccdvg+4e4bYCb545pw9At +vzAv7FNrhB3MIMCOtxPHNd//nnbKUSBgyewL59YU25c+3zeETPrD1lQQF5iWAb22 +qIrTkpuKLF4jqKCrKzojSsOOlah36Jkk7VaYrKECggEBALcH/k+4K92nd/w/4nyJ +M5lipvsxfHl0HFdrNc/xnsXO4dYnV+LG35DM7AhF2tYc35+8H7b76F/xh1wVHzXs +48Q1vvekITNzYB4zg0459MLmI2Yk7kfiCO4fcwCoe5jfKD2WEPJ8X0i+u+zkOGPO +Mu36vVHkgOq0klvQzijscj6A3X4AfryF71Nt129O1ZBAqjKRDeM3vKgwZutpfLXQ +hp/MgH21zeQNfdHOOJd2G95JHLYsla5x+4PJzJuH2O1/SPEnL5sBn2pINnQsFNx+ +Tu/OMYL3p/mvfo/gOCjd90GEel6Dl0SOrpzjorRrJIiWGLFjf1LS4LyKgu7+UaES +sb8CggEAETqsuYqzTmCLeW4QYfUnfwR5eXN/Y+eqoxWGyY3YTckKQJSJe9CqMzZK +sokDpVT/XaLjzf5PHILd+/QvaeNmungk4CsgfplUJd4m+f/5P211kYQrri7Fdq7O +TnhzlmOnKRt6nDNrGjsAT2L5gKbSTA69v+RmTwMmkNIYLq3uCd264uh1L3kljiLV +ZF3OWn/4vCoZR7Kksv69ggl4g3OfZpvnuXgWyvLqnrP0S6NdzZ0oCOq7UCSUiVi1 +GiGZjqLP73vGGya1dJdTbTG2o1eofKklZ8hX1PJPUPvBiT/z2XatiB6y8hRDOnEp +afU9bVH6vSWMpdn0TCyFbueJMb7JeA== +-----END PRIVATE KEY----- diff --git a/test/integration/spid/rails/metadata_conformity_test.rb b/test/integration/spid/rails/metadata_conformity_test.rb index 9703b4f..f0ae559 100644 --- a/test/integration/spid/rails/metadata_conformity_test.rb +++ b/test/integration/spid/rails/metadata_conformity_test.rb @@ -6,11 +6,17 @@ module Rails # Testa conformità a regole tecniche disponibili a # http://spid-regole-tecniche.readthedocs.io/en/latest/regole-tecniche-sp.html#metadata class MetadataConformityTest < ActionDispatch::IntegrationTest - include Engine.routes.url_helpers + include Spid::Rails::RouteHelper setup do - @routes = Engine.routes - @namespaces = Metadata.xml_namespaces + @namespaces = { + saml: 'urn:oasis:names:tc:SAML:2.0:assertion', + samlp: 'urn:oasis:names:tc:SAML:2.0:protocol', + md: 'urn:oasis:names:tc:SAML:2.0:metadata', + ds: 'http://www.w3.org/2000/09/xmldsig#', + xenc: 'http://www.w3.org/2001/04/xmlenc#', + xs: 'http://www.w3.org/2001/XMLSchema' + } @allowed_signature_algorithms = Certificate.signature_algorithms @allowed_digest_algorithms = Certificate.digest_algorithms get metadata_url From e9cb9584db83c025d646511249567ffdd9f6ecc4 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:51:58 +0200 Subject: [PATCH 07/21] Private Key and Certificate should not be added to git repository, so this generator is no longer required --- lib/generators/spid/rails/keys_generator.rb | 45 ------------------- .../spid/rails/keys_generator_test.rb | 26 ----------- 2 files changed, 71 deletions(-) delete mode 100644 lib/generators/spid/rails/keys_generator.rb delete mode 100644 test/lib/generators/spid/rails/keys_generator_test.rb diff --git a/lib/generators/spid/rails/keys_generator.rb b/lib/generators/spid/rails/keys_generator.rb deleted file mode 100644 index 7e34a60..0000000 --- a/lib/generators/spid/rails/keys_generator.rb +++ /dev/null @@ -1,45 +0,0 @@ -module Spid - module Rails - - module Generators - - class KeysGenerator < ::Rails::Generators::Base - class_option :cn, type: :string, default: 'spid-rails-test', desc: 'Common name for the X509 certificate' - class_option :size, type: :numeric, default: 1024, desc: 'RSA key bit size' - class_option :digest, type: :string, default: 'SHA256', desc: 'Digest algorithm for signing the certificate' - class_option :validity, type: :numeric, default: 1, desc: 'Certificate validity expressed in months' - - desc "Description:\n" + - " Generate a RSA key and use it to generate a self-signed certificate in the keys path\n" + - ' WARNING: this generator is ment to be used only for testing purpose.' - - def create_key - @key = OpenSSL::PKey::RSA.new options[:size] - end - - def create_certificate - name = OpenSSL::X509::Name.parse "CN=#{options[:cn]}" - sha_alg = OpenSSL::Digest.const_get(options[:digest]).new - @cert = OpenSSL::X509::Certificate.new - @cert.version = 2 - @cert.serial = 0 - @cert.not_before = Time.now - @cert.not_after = @cert.not_before + options[:validity].months - @cert.public_key = @key.public_key - @cert.subject = name - @cert.issuer = name - @cert.sign @key, sha_alg - end - - def write_keys - path = './' + Spid::Rails.keys_path - create_file path + 'private_key.pem', @key.to_pem - create_file path + 'certificate.pem', @cert.to_pem - end - - end - - end - - end -end diff --git a/test/lib/generators/spid/rails/keys_generator_test.rb b/test/lib/generators/spid/rails/keys_generator_test.rb deleted file mode 100644 index ce97c53..0000000 --- a/test/lib/generators/spid/rails/keys_generator_test.rb +++ /dev/null @@ -1,26 +0,0 @@ -require 'test_helper' -require 'generators/spid/rails/keys_generator' - -module Spid - module Rails - - module Generators - - class KeysGeneratorTest < ::Rails::Generators::TestCase - tests KeysGenerator - destination ::Rails.root.join('../tmp/generators') - setup :prepare_destination - - test 'generator runs without errors' do - assert_nothing_raised do - run_generator - end - assert_file 'lib/.keys/private_key.pem' - assert_file 'lib/.keys/certificate.pem' - end - end - - end - - end -end From 9a1e828e4f0e6a658b83d1faddf56313c9f689d4 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:52:05 +0200 Subject: [PATCH 08/21] Remove controllers --- .../spid/rails/application_controller.rb | 9 ---- .../spid/rails/metadata_controller.rb | 17 ------- .../single_logout_operations_controller.rb | 45 ------------------- .../spid/rails/single_sign_ons_controller.rb | 38 ---------------- config/routes.rb | 16 ------- .../spid/rails/metadata_controller_test.rb | 21 --------- ...gle_logout_operarations_controller_test.rb | 30 ------------- .../rails/single_sign_ons_controller_test.rb | 28 ------------ 8 files changed, 204 deletions(-) delete mode 100644 app/controllers/spid/rails/application_controller.rb delete mode 100644 app/controllers/spid/rails/metadata_controller.rb delete mode 100644 app/controllers/spid/rails/single_logout_operations_controller.rb delete mode 100644 app/controllers/spid/rails/single_sign_ons_controller.rb delete mode 100644 config/routes.rb delete mode 100644 test/controllers/spid/rails/metadata_controller_test.rb delete mode 100644 test/controllers/spid/rails/single_logout_operarations_controller_test.rb delete mode 100644 test/controllers/spid/rails/single_sign_ons_controller_test.rb diff --git a/app/controllers/spid/rails/application_controller.rb b/app/controllers/spid/rails/application_controller.rb deleted file mode 100644 index e65cb04..0000000 --- a/app/controllers/spid/rails/application_controller.rb +++ /dev/null @@ -1,9 +0,0 @@ -module Spid - module Rails - - class ApplicationController < ActionController::Base - protect_from_forgery with: :exception - end - - end -end diff --git a/app/controllers/spid/rails/metadata_controller.rb b/app/controllers/spid/rails/metadata_controller.rb deleted file mode 100644 index c257c3f..0000000 --- a/app/controllers/spid/rails/metadata_controller.rb +++ /dev/null @@ -1,17 +0,0 @@ -require_dependency 'spid/rails/application_controller' - -# Metadata del Service Provider -module Spid - module Rails - - class MetadataController < ApplicationController - - def show - metadata = Metadata.create(host: main_app.root_url) - render xml: metadata.to_xml - end - - end - - end -end diff --git a/app/controllers/spid/rails/single_logout_operations_controller.rb b/app/controllers/spid/rails/single_logout_operations_controller.rb deleted file mode 100644 index 2f0a5eb..0000000 --- a/app/controllers/spid/rails/single_logout_operations_controller.rb +++ /dev/null @@ -1,45 +0,0 @@ -require_dependency 'spid/rails/application_controller' - -module Spid - module Rails - - class SingleLogoutOperationsController < ApplicationController - skip_before_action :verify_authenticity_token, only: :create - - def new - logout_request = SloRequest.new(slo_params) - redirect_to logout_request.to_saml - session[:spid_slo_id] = logout_request.uuid - end - - def create - _logout_response = SloResponse.new(params[:SAMLResponse], - session[:spid_slo_id], - slo_params) - # TODO: approfondire validazione logout - destroy_spid_session - redirect_to main_app.root_path, notice: 'Logout utente eseguito con successo' - end - - private - - def slo_params - { - host: main_app.root_url, - idp: session[:sso_params]['idp'], - session_index: session[:spid_index] - } - end - - def destroy_spid_session - session[:sso_params] = nil - session[:spid_index] = nil - session[:spid_slo_id] = nil - session[:spid_relay_state] = nil - session[:spid_login_time] = nil - end - - end - - end -end diff --git a/app/controllers/spid/rails/single_sign_ons_controller.rb b/app/controllers/spid/rails/single_sign_ons_controller.rb deleted file mode 100644 index b0a914b..0000000 --- a/app/controllers/spid/rails/single_sign_ons_controller.rb +++ /dev/null @@ -1,38 +0,0 @@ -require_dependency 'spid/rails/application_controller' - -module Spid - module Rails - - class SingleSignOnsController < ApplicationController - skip_before_action :verify_authenticity_token, only: :create - - def new - request = SsoRequest.new(sso_params) - redirect_to request.to_saml - session[:sso_params] = sso_params - end - - def create - response = SsoResponse.new(params[:SAMLResponse], session[:sso_params]) - if response.valid? - session[:spid_index] = response.session_index - session[:spid_login_time] = Time.now - redirect_to session[:relay_state] || main_app.root_path, notice: 'Utente autenticato con successo' - else - redirect_to main_app.root_path, notice: 'Autenticazione fallita' - end - end - - private - - def sso_params - sso_params = params.require(:sso).permit(:idp, :spid_level, bindings: []) - sso_params[:host] = main_app.root_url - sso_params[:relay_state] = session[:spid_relay_state] || main_app.root_url - sso_params - end - - end - - end -end diff --git a/config/routes.rb b/config/routes.rb deleted file mode 100644 index 6ceb5f0..0000000 --- a/config/routes.rb +++ /dev/null @@ -1,16 +0,0 @@ -Rails.application.routes.draw do - mount Spid::Rails::Engine, at: Spid::Rails.mount_point -end - -Spid::Rails::Engine.routes.draw do - resource :metadata, only: :show, - path: Spid::Rails.metadata_path - resource :sso, only: [:new, :create], - controller: :single_sign_ons, - path: Spid::Rails.sso_path - resource :slo, only: [:new, :create], - controller: :single_logout_operations, - path: Spid::Rails.slo_path do - get '/', to: 'single_logout_operations#create' - end -end diff --git a/test/controllers/spid/rails/metadata_controller_test.rb b/test/controllers/spid/rails/metadata_controller_test.rb deleted file mode 100644 index a7e684c..0000000 --- a/test/controllers/spid/rails/metadata_controller_test.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'test_helper' - -module Spid - module Rails - - class MetadataControllerTest < ActionDispatch::IntegrationTest - include Engine.routes.url_helpers - - setup do - @routes = Engine.routes - end - - test 'get metadata url' do - get metadata_url - assert_response :success - end - - end - - end -end diff --git a/test/controllers/spid/rails/single_logout_operarations_controller_test.rb b/test/controllers/spid/rails/single_logout_operarations_controller_test.rb deleted file mode 100644 index e9f298e..0000000 --- a/test/controllers/spid/rails/single_logout_operarations_controller_test.rb +++ /dev/null @@ -1,30 +0,0 @@ -require 'test_helper' - -module Spid - module Rails - - class SingleLogoutOperationsControllerTest < ActionDispatch::IntegrationTest - include Engine.routes.url_helpers - - setup do - @routes = Engine.routes - get spid_rails.new_sso_url(sso: { idp: :poste_test }) - end - - test 'get new slo' do - get spid_rails.new_slo_url() - assert_response :redirect - end - - test 'create slo' do - get spid_rails.new_slo_url - post spid_rails.slo_url('SAMLResponse' => File.read('test/templates/logout_response')) - assert_response :redirect - # TODO: verificare come usare main_app in test - assert_redirected_to '/' - end - - end - - end -end diff --git a/test/controllers/spid/rails/single_sign_ons_controller_test.rb b/test/controllers/spid/rails/single_sign_ons_controller_test.rb deleted file mode 100644 index 952f64f..0000000 --- a/test/controllers/spid/rails/single_sign_ons_controller_test.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'test_helper' - -module Spid - module Rails - - class SingleSignOnsControllerTest < ActionDispatch::IntegrationTest - include Engine.routes.url_helpers - - setup do - @routes = Engine.routes - end - - # TODO: implementare vcr - test 'get new sso' do - get new_sso_url(sso: { idp: :poste_test }) - assert_response :redirect - end - - test 'create sso' do - get new_sso_url(sso: { idp: :poste }) - post sso_url('SAMLResponse' => File.read('test/templates/authn_response')) - assert_redirected_to '/' - end - - end - - end -end From bd7186d7ddba33817d409cd8a42071fd1df47c35 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:54:44 +0200 Subject: [PATCH 09/21] Remove models --- app/models/spid/certificate.rb | 45 --------- app/models/spid/idp.rb | 34 ------- app/models/spid/metadata.rb | 74 --------------- app/models/spid/rails/application_record.rb | 9 -- app/models/spid/settings.rb | 92 ------------------- app/models/spid/settings/metadata.rb | 11 --- app/models/spid/settings/slo.rb | 13 --- app/models/spid/settings/sso.rb | 17 ---- app/models/spid/slo_request.rb | 22 ----- app/models/spid/slo_response.rb | 27 ------ app/models/spid/sso_request.rb | 46 ---------- app/models/spid/sso_response.rb | 31 ------- .../spid/rails/metadata_conformity_test.rb | 4 +- 13 files changed, 2 insertions(+), 423 deletions(-) delete mode 100644 app/models/spid/certificate.rb delete mode 100644 app/models/spid/idp.rb delete mode 100644 app/models/spid/metadata.rb delete mode 100644 app/models/spid/rails/application_record.rb delete mode 100644 app/models/spid/settings.rb delete mode 100644 app/models/spid/settings/metadata.rb delete mode 100644 app/models/spid/settings/slo.rb delete mode 100644 app/models/spid/settings/sso.rb delete mode 100644 app/models/spid/slo_request.rb delete mode 100644 app/models/spid/slo_response.rb delete mode 100644 app/models/spid/sso_request.rb delete mode 100644 app/models/spid/sso_response.rb diff --git a/app/models/spid/certificate.rb b/app/models/spid/certificate.rb deleted file mode 100644 index fd54371..0000000 --- a/app/models/spid/certificate.rb +++ /dev/null @@ -1,45 +0,0 @@ -module Spid - - class Certificate - - def self.signature_algorithm sha - case sha.to_s - when '256' - XMLSecurity::Document::RSA_SHA256 - when '384' - XMLSecurity::Document::RSA_SHA384 - when '512' - XMLSecurity::Document::RSA_SHA512 - end - end - - def self.digest_algorithm sha - case sha.to_s - when '256' - XMLSecurity::Document::SHA256 - when '384' - XMLSecurity::Document::SHA384 - when '512' - XMLSecurity::Document::SHA512 - end - end - - def self.signature_algorithms - [ - XMLSecurity::Document::RSA_SHA256, - XMLSecurity::Document::RSA_SHA384, - XMLSecurity::Document::RSA_SHA512, - ] - end - - def self.digest_algorithms - [ - XMLSecurity::Document::SHA256, - XMLSecurity::Document::SHA384, - XMLSecurity::Document::SHA512, - ] - end - - end - -end diff --git a/app/models/spid/idp.rb b/app/models/spid/idp.rb deleted file mode 100644 index 8df1274..0000000 --- a/app/models/spid/idp.rb +++ /dev/null @@ -1,34 +0,0 @@ -module Spid - - class Idp - @list = YAML.load_file( - Spid::Rails::Engine.root.join('config', 'spid-rails', 'idp_list.yml') - ) - - attr_reader :metadata_url - - def self.find(name) - raise 'Idp not found' unless @list.key?(name) - idp_attributes = @list[name] - new(idp_attributes.symbolize_keys) - end - - def self.import(file_path) - list = YAML.load_file(file_path)[::Rails.env] - list.each do |name, params| - @list[name] = params - end - end - - def initialize(metadata_url:, validate_cert: true) - @metadata_url = metadata_url - @validate_cert = validate_cert - end - - def validate_cert? - @validate_cert - end - - end - -end diff --git a/app/models/spid/metadata.rb b/app/models/spid/metadata.rb deleted file mode 100644 index db9bf02..0000000 --- a/app/models/spid/metadata.rb +++ /dev/null @@ -1,74 +0,0 @@ -module Spid - - class Metadata - attr_accessor :settings - - def self.create **settings - obj = self.new(**settings) - obj.save if obj.valid? - end - - def initialize spid_params - spid_settings = Settings::Metadata.new(spid_params) - @settings = spid_settings.to_hash - end - - def valid? - raise 'EntityID deve essere presente (impostare issuer)' if settings[:issuer].blank? - raise 'Signature deve essere presente (impostare private_key)' if settings[:private_key].blank? - raise 'Signature deve essere presente (impostare certificate)' if settings[:certificate].blank? - validate_signature_encryption - validate_digest_encryption - validate_key_size - - true - end - - def validate_signature_encryption - signature_algorithms = Certificate.signature_algorithms - if signature_algorithms.exclude?(settings[:security][:signature_method]) - raise 'Signature deve essere presente (impostare encryption sha a 256, 384, 512)' - end - end - - def validate_digest_encryption - digest_algorithms = Certificate.digest_algorithms - if digest_algorithms.exclude?(settings[:security][:digest_method]) - raise 'Signature deve essere presente (impostare encryption sha a 256, 384, 512)' - end - end - - def validate_key_size - key = OpenSSL::PKey::RSA.new settings[:private_key] - key_size = key.n.num_bytes * 8 - if key_size < 1024 - raise 'Signature deve essere presente (impostare una chiave di almeno a 1024 bit' - end - end - - def save - valid? - metadata = OneLogin::RubySaml::Metadata.new - saml_settings = OneLogin::RubySaml::Settings.new @settings - @to_xml = metadata.generate(saml_settings) - self - end - - def to_xml - save and @to_xml - end - - def self.xml_namespaces - { - saml: 'urn:oasis:names:tc:SAML:2.0:assertion', - samlp: 'urn:oasis:names:tc:SAML:2.0:protocol', - md: 'urn:oasis:names:tc:SAML:2.0:metadata', - ds: 'http://www.w3.org/2000/09/xmldsig#', - xenc: 'http://www.w3.org/2001/04/xmlenc#', - xs: 'http://www.w3.org/2001/XMLSchema' - } - end - - end - -end diff --git a/app/models/spid/rails/application_record.rb b/app/models/spid/rails/application_record.rb deleted file mode 100644 index 67d6349..0000000 --- a/app/models/spid/rails/application_record.rb +++ /dev/null @@ -1,9 +0,0 @@ -module Spid - module Rails - - class ApplicationRecord < ActiveRecord::Base - self.abstract_class = true - end - - end -end diff --git a/app/models/spid/settings.rb b/app/models/spid/settings.rb deleted file mode 100644 index 0896bb3..0000000 --- a/app/models/spid/settings.rb +++ /dev/null @@ -1,92 +0,0 @@ -module Spid - - class Settings - - attr_accessor :host - - attr_accessor :metadata_path - - attr_accessor :sso_path - - attr_accessor :slo_path - - attr_accessor :keys_path - - attr_accessor :sha - - attr_accessor :idp - - attr_accessor :bindings - - attr_accessor :spid_level - - attr_accessor :session_index - - attr_accessor :relay_state - - def initialize spid_params - @metadata_path = Spid::Rails.app_metadata_path - @sso_path = Spid::Rails.app_sso_path - @slo_path = Spid::Rails.app_slo_path - @keys_path = Spid::Rails.keys_path - @sha = Spid::Rails.sha - @bindings = [:redirect] - @spid_level = 1 - spid_params.each do |k, v| - send("#{k}=", v) - end - end - - def security_attributes - dig_alg = Certificate.digest_algorithm(@sha) - sig_alg = Certificate.signature_algorithm(@sha) - { - metadata_signed: true, - digest_method: dig_alg, - signature_method: sig_alg, - authn_requests_signed: true, - want_assertions_signed: true - } - end - - def sp_attributes - { - issuer: host, - assertion_consumer_service_url: host + sso_path, - single_logout_service_url: host + slo_path, - private_key: File.read("#{::Rails.root}/#{keys_path}/private_key.pem"), - certificate: File.read("#{::Rails.root}/#{keys_path}/certificate.pem"), - security: security_attributes - } - end - - def idp_attributes - idp = Spid::Idp.find(@idp.to_s) - bindings = @bindings.map { |verb| self.class.saml_bindings[verb] } - parser = OneLogin::RubySaml::IdpMetadataParser.new - parser.parse_remote_to_hash idp.metadata_url, - idp.validate_cert?, - sso_binding: bindings - end - - private - - def authn_context - "https://www.spid.gov.it/SpidL#{@spid_level}" - end - - def force_authn - return true if @spid_level != 1 - end - - # TODO spostare in utils - def self.saml_bindings - { - post: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', - redirect: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' - } - end - - end - -end diff --git a/app/models/spid/settings/metadata.rb b/app/models/spid/settings/metadata.rb deleted file mode 100644 index ea4ce12..0000000 --- a/app/models/spid/settings/metadata.rb +++ /dev/null @@ -1,11 +0,0 @@ -module Spid - - class Settings::Metadata < Settings - - def to_hash - sp_attributes - end - - end - -end diff --git a/app/models/spid/settings/slo.rb b/app/models/spid/settings/slo.rb deleted file mode 100644 index c04481b..0000000 --- a/app/models/spid/settings/slo.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Spid - - class Settings::Slo < Settings - - def to_hash - sso_attributes = sp_attributes.merge(idp_attributes) - sso_attributes[:sessionindex] = @session_index - sso_attributes - end - - end - -end diff --git a/app/models/spid/settings/sso.rb b/app/models/spid/settings/sso.rb deleted file mode 100644 index 469b69a..0000000 --- a/app/models/spid/settings/sso.rb +++ /dev/null @@ -1,17 +0,0 @@ -module Spid - - class Settings::Sso < Settings - - def to_hash - sso_attributes = sp_attributes.merge(idp_attributes) - sso_attributes[:authn_context] = authn_context - sso_attributes[:authn_context_comparison] = 'minimum' - sso_attributes[:force_authn] = force_authn - sso_attributes[:protocol_binding] = self.class.saml_bindings[:post] - sso_attributes[:relay_state] = relay_state - sso_attributes - end - - end - -end diff --git a/app/models/spid/slo_request.rb b/app/models/spid/slo_request.rb deleted file mode 100644 index 30ca8dd..0000000 --- a/app/models/spid/slo_request.rb +++ /dev/null @@ -1,22 +0,0 @@ -module Spid - - class SloRequest - - def initialize slo_params - spid_settings = Settings::Slo.new(slo_params) - @settings = spid_settings.to_hash - @request = OneLogin::RubySaml::Logoutrequest.new - end - - def uuid - @request.uuid - end - - def to_saml - saml_settings = OneLogin::RubySaml::Settings.new(@settings) - @request.create(saml_settings) - end - - end - -end diff --git a/app/models/spid/slo_response.rb b/app/models/spid/slo_response.rb deleted file mode 100644 index 6d1cd2d..0000000 --- a/app/models/spid/slo_response.rb +++ /dev/null @@ -1,27 +0,0 @@ -module Spid - - class SloResponse - - def initialize saml_response, slo_id, slo_params - spid_settings = Settings::Slo.new(slo_params) - settings = OneLogin::RubySaml::Settings.new(spid_settings.to_hash) - @response = OneLogin::RubySaml::Logoutresponse.new(saml_response, - settings, - matches_request_id: slo_id) - end - - def valid? - @response.validate - end - - def inspect - @response.inspect - end - - def errors - @response.errors - end - - end - -end diff --git a/app/models/spid/sso_request.rb b/app/models/spid/sso_request.rb deleted file mode 100644 index 18224e4..0000000 --- a/app/models/spid/sso_request.rb +++ /dev/null @@ -1,46 +0,0 @@ -module Spid - - class SsoRequest - - attr_accessor :settings - - def initialize spid_params - spid_settings = Settings::Sso.new(spid_params) - @settings = spid_settings.to_hash - end - - def valid? - if settings[:idp_sso_target_url].blank? - raise 'Destination deve essere presente (impostare idp_sso_target_url)' - end - if settings[:authn_context].last != '1' && settings[:force_authn] != true - raise 'ForceAuthn deve essere presente per livelli di aitenticazione diversi da SPIDL1 (impostare force_authn a true)' - end - if settings[:authn_context_comparison] != 'minimum' - raise "AuthnContextComparison deve essere settato a 'minimum' (impostare authn_context_comparison a 'minimum')" - end - if settings[:protocol_binding] != Settings.saml_bindings[:post] - raise "Issuer deve contenere l'attributo ProtocolBinding con binding POST (impostare protocl_binding a ':post')" - end - end - - def save - valid? - request = OneLogin::RubySaml::Authrequest.new - saml_settings = OneLogin::RubySaml::Settings.new @settings - @to_saml = request.create(saml_settings) - self - end - - def to_saml - save and @to_saml - end - - def self.create **settings - obj = self.new(**settings) - obj.save - end - - end - -end diff --git a/app/models/spid/sso_response.rb b/app/models/spid/sso_response.rb deleted file mode 100644 index 2fc436f..0000000 --- a/app/models/spid/sso_response.rb +++ /dev/null @@ -1,31 +0,0 @@ -module Spid - - class SsoResponse - - def initialize saml_response, sso_params - response = OneLogin::RubySaml::Response.new(saml_response) - settings = Settings::Sso.new(sso_params) - saml_settings = OneLogin::RubySaml::Settings.new(settings.to_hash) - response.settings = saml_settings - @response = response - end - - def valid? - @response.is_valid? - end - - def inspect - @response.inspect - end - - def session_index - @response.sessionindex - end - - def errors - @response.errors - end - - end - -end diff --git a/test/integration/spid/rails/metadata_conformity_test.rb b/test/integration/spid/rails/metadata_conformity_test.rb index f0ae559..0b29136 100644 --- a/test/integration/spid/rails/metadata_conformity_test.rb +++ b/test/integration/spid/rails/metadata_conformity_test.rb @@ -17,8 +17,8 @@ class MetadataConformityTest < ActionDispatch::IntegrationTest xenc: 'http://www.w3.org/2001/04/xmlenc#', xs: 'http://www.w3.org/2001/XMLSchema' } - @allowed_signature_algorithms = Certificate.signature_algorithms - @allowed_digest_algorithms = Certificate.digest_algorithms + @allowed_signature_algorithms = Spid::SIGNATURE_METHODS + @allowed_digest_algorithms = Spid::DIGEST_METHODS get metadata_url @metadata = css_select('*') end From 8ad36aa8685fa25f957b4b59a390aff8e16b81cd Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:55:30 +0200 Subject: [PATCH 10/21] Remove not used components --- app/helpers/spid/rails/application_helper.rb | 8 -------- app/jobs/spid/rails/application_job.rb | 8 -------- app/mailers/spid/rails/application_mailer.rb | 10 ---------- app/views/layouts/spid-rails/application.html.erb | 14 -------------- 4 files changed, 40 deletions(-) delete mode 100644 app/helpers/spid/rails/application_helper.rb delete mode 100644 app/jobs/spid/rails/application_job.rb delete mode 100644 app/mailers/spid/rails/application_mailer.rb delete mode 100644 app/views/layouts/spid-rails/application.html.erb diff --git a/app/helpers/spid/rails/application_helper.rb b/app/helpers/spid/rails/application_helper.rb deleted file mode 100644 index c6c667a..0000000 --- a/app/helpers/spid/rails/application_helper.rb +++ /dev/null @@ -1,8 +0,0 @@ -module Spid - module Rails - - module ApplicationHelper - end - - end -end diff --git a/app/jobs/spid/rails/application_job.rb b/app/jobs/spid/rails/application_job.rb deleted file mode 100644 index 99097c9..0000000 --- a/app/jobs/spid/rails/application_job.rb +++ /dev/null @@ -1,8 +0,0 @@ -module Spid - module Rails - - class ApplicationJob < ActiveJob::Base - end - - end -end diff --git a/app/mailers/spid/rails/application_mailer.rb b/app/mailers/spid/rails/application_mailer.rb deleted file mode 100644 index 1483950..0000000 --- a/app/mailers/spid/rails/application_mailer.rb +++ /dev/null @@ -1,10 +0,0 @@ -module Spid - module Rails - - class ApplicationMailer < ActionMailer::Base - default from: 'from@example.com' - layout 'mailer' - end - - end -end diff --git a/app/views/layouts/spid-rails/application.html.erb b/app/views/layouts/spid-rails/application.html.erb deleted file mode 100644 index 3d6a7d0..0000000 --- a/app/views/layouts/spid-rails/application.html.erb +++ /dev/null @@ -1,14 +0,0 @@ - - - - Spid rails - <%= stylesheet_link_tag "spid-rails/application", media: "all" %> - <%= javascript_include_tag "spid-rails/application" %> - <%= csrf_meta_tags %> - - - -<%= yield %> - - - From 002381f02d9e215f4fd1f85a84d28a11246f92c9 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:57:38 +0200 Subject: [PATCH 11/21] Not more required --- lib/spid-rails/engine.rb | 1 - .../onelogin/rubysaml/authrequest.rb | 79 ------------------- 2 files changed, 80 deletions(-) delete mode 100644 lib/spid-rails/onelogin/rubysaml/authrequest.rb diff --git a/lib/spid-rails/engine.rb b/lib/spid-rails/engine.rb index c2718ef..dba46e0 100644 --- a/lib/spid-rails/engine.rb +++ b/lib/spid-rails/engine.rb @@ -1,5 +1,4 @@ require 'onelogin/ruby-saml' -require 'spid-rails/onelogin/rubysaml/authrequest' module Spid module Rails diff --git a/lib/spid-rails/onelogin/rubysaml/authrequest.rb b/lib/spid-rails/onelogin/rubysaml/authrequest.rb deleted file mode 100644 index 24c03e5..0000000 --- a/lib/spid-rails/onelogin/rubysaml/authrequest.rb +++ /dev/null @@ -1,79 +0,0 @@ -# Necessario override della classe originaria della libreria, -# al fine di rendere conforme il nodo Issuer alle regole tecniche SPID, -# (aggiunte righe 32 e 33) - -module OneLogin - module RubySaml - class Authrequest - - def create_xml_document(settings) - time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ') - - request_doc = XMLSecurity::Document.new - request_doc.uuid = uuid - - root = request_doc.add_element 'samlp:AuthnRequest', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', 'xmlns:saml' => 'urn:oasis:names:tc:SAML:2.0:assertion' } - root.attributes['ID'] = uuid - root.attributes['IssueInstant'] = time - root.attributes['Version'] = '2.0' - root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil? - root.attributes['IsPassive'] = settings.passive unless settings.passive.nil? - root.attributes['ProtocolBinding'] = settings.protocol_binding unless settings.protocol_binding.nil? - root.attributes['AttributeConsumingServiceIndex'] = settings.attributes_index unless settings.attributes_index.nil? - root.attributes['ForceAuthn'] = settings.force_authn unless settings.force_authn.nil? - - # Conditionally defined elements based on settings - if settings.assertion_consumer_service_url != nil - root.attributes['AssertionConsumerServiceURL'] = settings.assertion_consumer_service_url - end - # NameQualifier e Format da requisiti SPID - if settings.issuer != nil - issuer = root.add_element 'saml:Issuer', { - 'NameQualifier' => settings.issuer, - 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity' - } - issuer.text = settings.issuer - end - if settings.name_identifier_format != nil - root.add_element 'samlp:NameIDPolicy', { - # Might want to make AllowCreate a setting? - 'AllowCreate' => 'true', - 'Format' => settings.name_identifier_format - } - end - - if settings.authn_context || settings.authn_context_decl_ref - - if settings.authn_context_comparison != nil - comparison = settings.authn_context_comparison - else - comparison = 'exact' - end - - requested_context = root.add_element 'samlp:RequestedAuthnContext', { - 'Comparison' => comparison, - } - - if settings.authn_context != nil - authn_contexts_class_ref = settings.authn_context.is_a?(Array) ? settings.authn_context : [settings.authn_context] - authn_contexts_class_ref.each do |authn_context_class_ref| - class_ref = requested_context.add_element 'saml:AuthnContextClassRef' - class_ref.text = authn_context_class_ref - end - end - - if settings.authn_context_decl_ref != nil - authn_contexts_decl_refs = settings.authn_context_decl_ref.is_a?(Array) ? settings.authn_context_decl_ref : [settings.authn_context_decl_ref] - authn_contexts_decl_refs.each do |authn_context_decl_ref| - decl_ref = requested_context.add_element 'saml:AuthnContextDeclRef' - decl_ref.text = authn_context_decl_ref - end - end - end - - request_doc - end - - end - end -end From ededd08ab29f52e3958a0a910715e37fea4e970d Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 14:57:50 +0200 Subject: [PATCH 12/21] Require Spid::Rails::Version module --- lib/spid-rails.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/spid-rails.rb b/lib/spid-rails.rb index 0e3703c..3b4cb92 100644 --- a/lib/spid-rails.rb +++ b/lib/spid-rails.rb @@ -1,6 +1,7 @@ require 'spid' require 'spid-rails/engine' require 'spid-rails/route_helper' +require 'spid-rails/version' module Spid module Rails From 5b4ddc12c7ba591f73c770fed0b59de57de2df8f Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 15:46:34 +0200 Subject: [PATCH 13/21] Use new configuration class in config generator --- .../spid/rails/templates/spid-rails.rb | 40 +++++++++---------- .../spid/rails/config_generator_test.rb | 2 +- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/lib/generators/spid/rails/templates/spid-rails.rb b/lib/generators/spid/rails/templates/spid-rails.rb index 55309b4..f4ae3a5 100644 --- a/lib/generators/spid/rails/templates/spid-rails.rb +++ b/lib/generators/spid/rails/templates/spid-rails.rb @@ -1,26 +1,24 @@ -Spid::Rails.tap do |config| - # Mount point di Spid sull'applicazione - # default: 'spid' - # config.mount_point = 'spid' +# frozen_string_literal: true - # Url alla quale e' disponibile il metadata del provider - # default: 'metadata' - # config.metadata_path = 'metadata' +Spid.configure do |config| + config.hostname = ENV.fetch('HOST') - # Url alla quale ricevere le risposte di autenticazione Saml - # default: 'sso' - # config.sso_path = 'sso' + config.idp_metadata_dir_path = Rails.root.join('config/idp_metadata') + config.private_key_pem = ENV.fetch('PRIVATE_KEY') + config.certificate_pem = ENV.fetch('CERTIFICATE') - # Url alla quale ricevere le risposte di logout Saml - # default: 'slo' - # config.slo_path = 'slo' + config.metadata_path = '/spid/metadata' + config.login_path = '/spid/login' + config.logout_path = '/spid/logout' + config.acs_path = '/spid/sso' + config.slo_path = '/spid/slo' + config.default_relay_state_path = '/' - # Percorso relativo alla root dell'app - # al quale reperire la coppia chiave privata - certificato - # default: 'lib/.keys' - # config.keys_path = 'lib/.keys/' - - # Livello di crittografia SHA per la generazione delle signature - # default: 256 - # config.sha = 256 + config.digest_method = Spid::SHA512 + config.signature_method = Spid::RSA_SHA512 + config.acs_binding = Spid::BINDINGS_HTTP_POST + config.slo_binding = Spid::BINDINGS_HTTP_REDIRECT + config.attribute_services = [ + { name: 'Service1', fields: ['email'] } + ] end diff --git a/test/lib/generators/spid/rails/config_generator_test.rb b/test/lib/generators/spid/rails/config_generator_test.rb index ef3e32a..15db265 100644 --- a/test/lib/generators/spid/rails/config_generator_test.rb +++ b/test/lib/generators/spid/rails/config_generator_test.rb @@ -18,7 +18,7 @@ class ConfigGeneratorTest < ::Rails::Generators::TestCase end end end - + end end From 0dd635f29bd5ccc651b372a5eba00e3a055f37bd Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 15:47:18 +0200 Subject: [PATCH 14/21] Exclude templates and version from coverage statistics --- test/test_helper.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index 5b35dc2..cc07323 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -1,5 +1,10 @@ require 'simplecov' -SimpleCov.start 'rails' +SimpleCov.start 'rails' do + add_filter do |src| + src.filename =~ %r{lib/generators/spid/rails/templates} || + src.filename =~ %r{lib/spid-rails/version.rb$} + end +end require File.expand_path('../../test/dummy/config/environment.rb', __FILE__) ActiveRecord::Migrator.migrations_paths = [File.expand_path('../../test/dummy/db/migrate', __FILE__)] From 10231f590e0773c9cac9b3f29b504c57b6407a00 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 15:48:50 +0200 Subject: [PATCH 15/21] Now application stores metadata as files --- .../spid/rails/idp_importer_generator.rb | 21 ---------------- .../spid/rails/templates/idp_import.yml | 11 -------- .../spid/rails/idp_importer_generator_test.rb | 25 ------------------- 3 files changed, 57 deletions(-) delete mode 100644 lib/generators/spid/rails/idp_importer_generator.rb delete mode 100644 lib/generators/spid/rails/templates/idp_import.yml delete mode 100644 test/lib/generators/spid/rails/idp_importer_generator_test.rb diff --git a/lib/generators/spid/rails/idp_importer_generator.rb b/lib/generators/spid/rails/idp_importer_generator.rb deleted file mode 100644 index eb23c2d..0000000 --- a/lib/generators/spid/rails/idp_importer_generator.rb +++ /dev/null @@ -1,21 +0,0 @@ -module Spid - module Rails - - module Generators - - class IdpImporterGenerator < ::Rails::Generators::Base - - source_root File.expand_path('templates', __dir__) - - desc 'Crea il file di import custom degli Idp (config/spid-rails/idp_import.yml).' - - def create_import_file - template 'idp_import.yml', './config/spid-rails/idp_import.yml' - end - - end - - end - - end -end diff --git a/lib/generators/spid/rails/templates/idp_import.yml b/lib/generators/spid/rails/templates/idp_import.yml deleted file mode 100644 index d737db3..0000000 --- a/lib/generators/spid/rails/templates/idp_import.yml +++ /dev/null @@ -1,11 +0,0 @@ -# Identity Providers are loaded on a per environment basis - -development: - agid_test: - metadata_url: https://idp.spid.gov.it:8080/assets/idp-metadata.xml - validate_cert: false - -test: - local_test: - metadata_url: https://localhost:8080/assets/idp-metadata.xml - validate_cert: false diff --git a/test/lib/generators/spid/rails/idp_importer_generator_test.rb b/test/lib/generators/spid/rails/idp_importer_generator_test.rb deleted file mode 100644 index 3bb87a6..0000000 --- a/test/lib/generators/spid/rails/idp_importer_generator_test.rb +++ /dev/null @@ -1,25 +0,0 @@ -require 'test_helper' -require 'generators/spid/rails/idp_importer_generator' - -module Spid - module Rails - - module Generators - - class IdpImporterGeneratorTest < ::Rails::Generators::TestCase - tests IdpImporterGenerator - destination ::Rails.root.join('../tmp/generators') - setup :prepare_destination - - test 'generator create file without errors' do - assert_nothing_raised do - run_generator - assert_file 'config/spid-rails/idp_import.yml' - end - end - end - - end - - end -end From f5c37a22e1ad6e7ecf35d057d1fc2e733752d75f Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 16:06:57 +0200 Subject: [PATCH 16/21] Update README --- README.md | 158 ++++++------------------------------------------------ 1 file changed, 17 insertions(+), 141 deletions(-) diff --git a/README.md b/README.md index a428beb..0033acc 100644 --- a/README.md +++ b/README.md @@ -12,17 +12,15 @@ repository: https://github.com/rubynetti/rubynetti-rails - [X] Sistema di configurazione - [ ] Integrazione con omniauth - [ ] Integrazione o esempio di integrazione con devise -- [ ] Configurazione richiesta attributi utente +- [X] Configurazione richiesta attributi utente ## Installazione -All'interno del Gemfile indicare questa gemma: - +Aggiungere nel Gemfile ```ruby gem 'spid-rails' ``` - -Eseguire +ed eseguire ```bash $ bundle @@ -30,8 +28,7 @@ $ bundle ## Come si usa? -La gemma può essere aggiunta a qualunque applicazione Rails al fine di utilizzare il sistema di login Spid. -Il metadata generato può essere utilizzato per farsi accreditare e in seguito dialogare con qualunque Identity Provider Spid accreditato. +Questa gemma è un wrapper della gemma [spid-ruby](https://github.com/italia/spid-ruby) con funzionalità per semplificare l'utilizzo con rails ### Configurazione @@ -41,145 +38,24 @@ Per creare il file di configurazione: ```bash $ rails g spid:rails:config ``` +che creerà il file din configurazione `config/initializer/spid-rails.rb` con la configurazione default -Il file viene aggiunto agli initializer dell'applicazione e permette il settaggio personalizzato del mount-point dell'engine e i relativi end-point per le procedure Spid di login, logout e visualizzazione del metadata del Service Provider. - -Le restanti impostazioni permettono di configurare il percorso di sistema dove reperire la coppia chiave privata/certificato e il livello di crittografia per l'eventuale signature. - -```ruby -# config/initializers/spid-rails.rb - -# Impostazioni di default dello Spid Engine - -Spid::Rails.tap do |config| - - # Mount point di Spid sull'applicazione - # default: 'spid' - # config.mount_point = 'spid' - - # Url alla quale e' disponibile il metadata del provider - # default: 'metadata' - # config.metadata_path = 'metadata' - - # Url alla quale ricevere le risposte di autenticazione Saml - # default: 'sso' - # config.sso_path = 'sso' - - # Url alla quale ricevere le risposte di logout Saml - # default: 'slo' - # config.slo_path = 'slo' - - # Percorso relativo alla root dell'app - # al quale reperire la coppia chiave privata - certificato - # default: 'lib/.keys' - # config.keys_path = 'lib/.keys/' - - # Livello di crittografia SHA per la generazione delle signature - # default: 256 - # config.sha = 256 - -end -``` - - -Per utilizzare Identity provider custom o modificare quelli presenti: - -```bash -$ rails g spid:rails:idp_importer -``` - -Il file viene aggiunto alla cartella _config/spid-rails_ e permette di specificare idp per i diversi ambienti dell'applicazione. - -```YAML -# app/config/spid-rails/idp_import.yml - -shared: &shared - local_test: - metadata_url: 'https://localhost:8080' - validate_cert: false - -development: - <<: *shared - agid: - metadata_url: 'https://idp.spid.gov.it:8080/assets/idp-metadata.xml' - validate_cert: false - -test: - <<: *shared -``` - +### Helpers +La gemma fornirà una serie di helpers per la generazione dei paths: -### Nelle view +#### spid_login_path +`spid_login_path(idp_name: idp_entity_id, authn_context: Spid::L1, attribute_service_index: 0)` -Una volta installata la gemma, verranno creati una serie di helper utilizzabili nelle view e nei controller. +che genera un url per iniziare il processo di autenticazione con un identity provider: -```spid_rails.metadata_path``` e ```spid_rails.metadata_url``` restituiscono il percorso al quale è reperibile il metadata del Service Provider. -```ruby -# Esempio di link al metadata del ServiceProvider -link_to "Metadata SP", spid_rails.metadata_path -``` - - -```spid_rails.new_sso_path``` e ```spid_rails.new_sso_url``` restituiscono il percorso tramite il quale inizializzare una richiesa di autenticazione all'Identity Provider. -È necessario fornire come parametro l'Idp cui indirizzare la richiesta, facoltativo il livello di autenticazione Spid (default: '1') e i bindings della richiesta all' Idp (default: ['redirect']). -```ruby -# Esempio di link al login tramite l'Idp di test https:://idp.spid.gov.it -link_to "Login con Spid", spid_rails.new_sso_path(sso: { idp: :agid_test, spid_level: 2 }) -``` - -Gli Identity Provider attualmente supportati sono: -- 'aruba' : servizio Idp di Aruba Pec S.p.A. -- 'infocert' : servizio Idp di Infocert S.p.A -- 'namirial' : servizio Idp di Namirial S.p.A. -- 'poste' : servizio Idp di Poste Italiane S.p.A. -- 'spiditalia' : servizio Idp di REGISTER.IT S.p.A. -- 'sielte' : servizio Idp di Sielte S.p.A. -- 'tim' : servizio Idp di TI Trust Technologies S.r.l. -- 'agid_test' : servizio idp di test di Agid -- 'poste_test' : servizio Idp di test di Poste Italiane S.p.A. - - -```spid_rails.new_slo_path``` e ```spid_rails.new_slo_url``` infine restituiscono il percorso tramite il quale inizializzare una richiesa di logout all'Identity Provider che ha autenticato la sessione corrente. -```ruby -# Esempio di link al logout -link_to "Logout", spid_rails.new_slo_path -``` - - -### Nei controller - -Dopo l'autenticazione e fino al logout vengono aggiunte alla sessione le seguenti variabili: - -```session[:sso_params]``` che restituisce i parametri coi quali è stata effettuata l'ultima richiesta di autenticazione, in particolare l'idp - -```session[:spid_index]``` che restituisce l'identificativo dell'attuale sessione Spid e viene utilizzato nella procedura di logout - -```session[:spid_login_time]``` che restituisce il _time_ in cui è avvenuto il login - -È inoltre possibile settare la variabile ```session[:spid_relay_state]```, contenente l'indirizzo al quale si vuole essere reindirizzati in caso l'autenticazione abbia successo - -Un esempio rudimentale di verifica del login dell'utente all'interno di un'azione del controller potrebbe essere il seguente -```ruby -# app/controllers/my_controller.rb -class MyController < Application controller - before_action :validate_spid_session - - ... - - private - - def validate_spid_session - if session[:spid_index].blank? - session[:spid_relay_state] = request.path - redirect_to login_path - end - end - -end -``` - -dove _login_path_ indirizza alla pagina in cui è posizionato il pulsante Spid. +* idp_name: Obbligatorio, è l'entity_id dell'IdP con cui vogliamo instaurare l'autenticazione +* authn_context: E' il valore del tipo di autenticazione richiesta. Default: `https://www.spid.gov.id/L1` +*attribute_service_index: Nel caso in cui l'applicazione disponga di più `AttributeConsumingService`, l'indice del servizio che vogliamo utilizzare. Default: 0 +#### spid_logout_path +`spid_logout_path(idp_name: idp_entity_id)` +Come sopra, crea un link per iniziare il processo di logout verso l'IdP ## License The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT). + From ca7f84039f88b71a8b81fa58b1117ca637df4a09 Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 16:44:08 +0200 Subject: [PATCH 17/21] Autoload tasks rake --- lib/spid-rails.rb | 1 + lib/spid-rails/railtie.rb | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 lib/spid-rails/railtie.rb diff --git a/lib/spid-rails.rb b/lib/spid-rails.rb index 3b4cb92..861c1fb 100644 --- a/lib/spid-rails.rb +++ b/lib/spid-rails.rb @@ -1,4 +1,5 @@ require 'spid' +require 'spid-rails/railtie' require 'spid-rails/engine' require 'spid-rails/route_helper' require 'spid-rails/version' diff --git a/lib/spid-rails/railtie.rb b/lib/spid-rails/railtie.rb new file mode 100644 index 0000000..3fd1103 --- /dev/null +++ b/lib/spid-rails/railtie.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +module Spid + module Rails + class Railtie < ::Rails::Railtie # :nodoc: + rake_tasks do |_app| + require 'spid/tasks' + end + end + end +end From dc445b7da4d92e83f2ccc45fed2770b7a915adda Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 17:01:09 +0200 Subject: [PATCH 18/21] Update README with config instructions --- README.md | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 0033acc..f1ef536 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,6 @@ ed eseguire $ bundle ``` - -## Come si usa? -Questa gemma è un wrapper della gemma [spid-ruby](https://github.com/italia/spid-ruby) con funzionalità per semplificare l'utilizzo con rails - - ### Configurazione Per creare il file di configurazione: @@ -38,7 +33,25 @@ Per creare il file di configurazione: ```bash $ rails g spid:rails:config ``` -che creerà il file din configurazione `config/initializer/spid-rails.rb` con la configurazione default +che creerà il file `config/initializer/spid-rails.rb` con la configurazione default. + +Una volta creata la configurazione bisogna aggiungere il middleware **dopo** il middleware di gestione della sessione. In `config/application.rb` + +```ruby +# config/application.rb + +module MyApplication + class Application < ::Rails::Application + config.middleware.insert_after( + ::ActionDispatch::Session::CookieStore, + ::Spid::Rack + ) + end +end +``` + +Questa gemma è un wrapper della gemma [spid-ruby](https://github.com/italia/spid-ruby) con funzionalità per semplificare l'utilizzo con rails + ### Helpers La gemma fornirà una serie di helpers per la generazione dei paths: @@ -50,7 +63,7 @@ che genera un url per iniziare il processo di autenticazione con un identity pro * idp_name: Obbligatorio, è l'entity_id dell'IdP con cui vogliamo instaurare l'autenticazione * authn_context: E' il valore del tipo di autenticazione richiesta. Default: `https://www.spid.gov.id/L1` -*attribute_service_index: Nel caso in cui l'applicazione disponga di più `AttributeConsumingService`, l'indice del servizio che vogliamo utilizzare. Default: 0 +* attribute_service_index: Nel caso in cui l'applicazione disponga di più `AttributeConsumingService`, l'indice del servizio che vogliamo utilizzare. Default: 0 #### spid_logout_path `spid_logout_path(idp_name: idp_entity_id)` @@ -58,4 +71,3 @@ Come sopra, crea un link per iniziare il processo di logout verso l'IdP ## License The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT). - From d0f38456e44176791cfc138486283ee72c34cb2f Mon Sep 17 00:00:00 2001 From: David Librera Date: Wed, 12 Sep 2018 19:01:55 +0200 Subject: [PATCH 19/21] Update spid gem --- spid-rails.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spid-rails.gemspec b/spid-rails.gemspec index ad59a3b..46702fe 100644 --- a/spid-rails.gemspec +++ b/spid-rails.gemspec @@ -23,7 +23,7 @@ Gem::Specification.new do |s| # Resolve CVE-2018-3741 vulnerability s.add_runtime_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.4' - s.add_runtime_dependency 'spid', '>= 0.17.3' + s.add_runtime_dependency 'spid', '>= 0.18.0' s.add_development_dependency 'bundler-audit' s.add_development_dependency 'pry-byebug' From b91ac2e70c94a42c0469aafabc33c6c43ab056cf Mon Sep 17 00:00:00 2001 From: David Librera Date: Thu, 13 Sep 2018 17:30:37 +0200 Subject: [PATCH 20/21] Helper for login and logout paths --- lib/spid-rails/route_helper.rb | 38 ++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/lib/spid-rails/route_helper.rb b/lib/spid-rails/route_helper.rb index 8825b26..7ae91aa 100644 --- a/lib/spid-rails/route_helper.rb +++ b/lib/spid-rails/route_helper.rb @@ -11,6 +11,44 @@ def metadata_url metadata_path ).to_s end + + def spid_login_path( + idp_name:, + authn_context: nil, + attribute_service_index: nil + ) + options = { idp_name: idp_name } + options[:authn_context] = authn_context if authn_context.present? + if attribute_service_index.present? + options[:attribute_service_index] = attribute_service_index + end + [ + Spid.configuration.login_path, + options.to_param + ].join("?") + end + + def spid_logout_path(idp_name:) + options = { idp_name: idp_name } + [ + Spid.configuration.logout_path, + options.to_param + ].join("?") + end + + def spid_login_url(options) + URI.join( + Spid.configuration.hostname, + spid_login_path(options) + ).to_s + end + + def spid_logout_url(options) + URI.join( + Spid.configuration.hostname, + spid_logout_path(options) + ).to_s + end end end end From 26ad8b74dbc94eff671fef7ddd45153520085c9c Mon Sep 17 00:00:00 2001 From: David Librera Date: Fri, 14 Sep 2018 10:11:44 +0200 Subject: [PATCH 21/21] Fix rubocop offenses --- lib/spid-rails/route_helper.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/spid-rails/route_helper.rb b/lib/spid-rails/route_helper.rb index 7ae91aa..1e9c1a8 100644 --- a/lib/spid-rails/route_helper.rb +++ b/lib/spid-rails/route_helper.rb @@ -19,13 +19,11 @@ def spid_login_path( ) options = { idp_name: idp_name } options[:authn_context] = authn_context if authn_context.present? - if attribute_service_index.present? - options[:attribute_service_index] = attribute_service_index - end + options[:attribute_service_index] = attribute_service_index if attribute_service_index.present? [ Spid.configuration.login_path, options.to_param - ].join("?") + ].join('?') end def spid_logout_path(idp_name:) @@ -33,7 +31,7 @@ def spid_logout_path(idp_name:) [ Spid.configuration.logout_path, options.to_param - ].join("?") + ].join('?') end def spid_login_url(options)