Commit 70bbc32

mo <mo.khan@gmail.com>
2017-11-19 18:34:14
implement logout flow.
main
1 parent 7071c9e
Changed files (1)
app
controllers
sessions_controller.rb
app/controllers/sessions_controller.rb
@@ -1,6 +1,9 @@
 class SessionsController < ApplicationController
   skip_before_action :verify_authenticity_token, only: [:new, :destroy]
   before_action :load_saml_request, only: [:new, :create, :destroy]
+  rescue_from ActiveRecord::RecordInvalid do |record|
+    render_error(:forbidden, model: record)
+  end
 
   def new
     session[:SAMLRequest] ||= params[:SAMLRequest]
@@ -11,8 +14,8 @@ class SessionsController < ApplicationController
     if user = User.login(user_params[:email], user_params[:password])
       reset_session
       session[:user_id] = user.id
-      binding = @saml_request.provider.single_logout_service_for(binding: :post)
-      @url, @saml_params = binding.serialize(@saml_request.response_for(user), relay_state: session[:RelayState])
+      response_binding = @saml_request.provider.assertion_consumer_service_for(binding: :post)
+      @url, @saml_params = response_binding.serialize(@saml_request.response_for(user), relay_state: session[:RelayState])
       render layout: "spinner"
     else
       redirect_to new_session_path, error: "Invalid Credentials"
@@ -20,12 +23,17 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    user = User.find_by(uuid: @saml_request.name_id)
-
-    saml_binding = binding_for(request)
-    @url, @saml_params = saml_binding.serialize(@saml_request.response_for(user), relay_state: params[:RelayState])
-    reset_session
-    render layout: "spinner"
+    if params['SAMLRequest'].present?
+      saml_request = load_saml_request
+      user = User.find_by(uuid: saml_request.name_id)
+      response_binding = saml_request.provider.single_logout_service_for(binding: :post)
+      saml_response = saml_request.response_for(user)
+      @url, @saml_params = response_binding.serialize(saml_response, relay_state: params[:RelayState])
+      reset_session
+      render layout: "spinner"
+    elsif params['SAMLResponse'].present?
+    else
+    end
   end
 
   private
@@ -35,18 +43,16 @@ class SessionsController < ApplicationController
   end
 
   def load_saml_request(raw_saml_request = session[:SAMLRequest] || params[:SAMLRequest])
-    saml_binding = binding_for(request)
-    @saml_request = saml_binding.deserialize(params)
-    if @saml_request.invalid?
-      render_error(:forbidden, model: @saml_request)
-    end
+    @saml_request = request_binding_for(request).deserialize(params)
+    raise ActiveRecord::RecordInvalid.new(@saml_request) if @saml_request.invalid?
+    @saml_request
   end
 
   def idp
     Idp.default(request)
   end
 
-  def binding_for(request)
+  def request_binding_for(request)
     target_binding = request.post? ? :post : :http_redirect
     idp.single_sign_on_service_for(binding: target_binding)
   end