Commit 5191516

mo <mo.khan@gmail.com>
2017-11-11 23:15:26
store SAMLRequest in session.
main
1 parent 44c86f3
Changed files (6)
app
controllers
sessions_controller.rb
config
initializers
session_store.rb
db
migrate
20171111230910_add_sessions_table.rb
schema.rb
Gemfile
Gemfile.lock
app/controllers/sessions_controller.rb
@@ -3,16 +3,19 @@ class SessionsController < ApplicationController
   before_action :load_saml_request, only: [:new, :create]
 
   def new
+    session[:SAMLRequest] ||= params[:SAMLRequest]
+    session[:RelayState] ||= params[:RelayState]
   end
 
   def create
     if user = User.login(user_params[:email], user_params[:password])
-      create_session_for(user)
+      reset_session
+      session[:user_id] = user.id
       @saml_response = @saml_request.response_for(user)
       @relay_state = params[:RelayState]
       render layout: nil
     else
-      redirect_to new_session_path(saml_params), error: "Invalid Credentials"
+      redirect_to new_session_path, error: "Invalid Credentials"
     end
   end
 
@@ -22,19 +25,7 @@ class SessionsController < ApplicationController
     params.require(:user).permit(:email, :password)
   end
 
-  def create_session_for(user)
-    reset_session
-    session[:user_id] = user.id
-  end
-
-  def saml_params(storage = params)
-    {
-      RelayState: storage[:RelayState],
-      SAMLRequest: storage[:SAMLRequest],
-    }
-  end
-
-  def load_saml_request(raw_saml_request = params[:SAMLRequest])
+  def load_saml_request(raw_saml_request = session[:SAMLRequest] || params[:SAMLRequest])
     @saml_request = Saml::Kit::Request.deserialize(raw_saml_request)
     if @saml_request.invalid?
       render_error(:forbidden, model: @saml_request)
config/initializers/session_store.rb
@@ -0,0 +1,1 @@
+Rails.application.config.session_store :active_record_store, key: "_proof"
db/migrate/20171111230910_add_sessions_table.rb
@@ -0,0 +1,12 @@
+class AddSessionsTable < ActiveRecord::Migration[4.2]
+  def change
+    create_table :sessions do |t|
+      t.string :session_id, :null => false
+      t.text :data
+      t.timestamps
+    end
+
+    add_index :sessions, :session_id, :unique => true
+    add_index :sessions, :updated_at
+  end
+end
db/schema.rb
@@ -10,7 +10,16 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20171021193946) do
+ActiveRecord::Schema.define(version: 20171111230910) do
+
+  create_table "sessions", force: :cascade do |t|
+    t.string "session_id", null: false
+    t.text "data"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.index ["session_id"], name: "index_sessions_on_session_id", unique: true
+    t.index ["updated_at"], name: "index_sessions_on_updated_at"
+  end
 
   create_table "users", force: :cascade do |t|
     t.string "email"
Gemfile
@@ -60,3 +60,4 @@ gem 'dotenv-rails'
 gem 'saml-kit', path: '../saml-kit'
 gem 'rails-assets-bootstrap', source: 'https://rails-assets.org'
 gem 'jwt'
+gem 'activerecord-session_store'
Gemfile.lock
@@ -44,6 +44,12 @@ GEM
       activemodel (= 5.1.4)
       activesupport (= 5.1.4)
       arel (~> 8.0)
+    activerecord-session_store (1.1.0)
+      actionpack (>= 4.0, < 5.2)
+      activerecord (>= 4.0, < 5.2)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0, < 5.2)
     activesupport (5.1.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (~> 0.7)
@@ -231,6 +237,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  activerecord-session_store
   bcrypt (~> 3.1.7)
   byebug
   capybara (~> 2.13)