Commit 7575b87

mo <mo.khan@gmail.com>
2017-11-10 21:29:05
check if request is trusted.
main
1 parent ea4f449
Changed files (3)
app
controllers
sessions_controller.rb
models
user.rb
views
sessions
create.html.erb
app/controllers/sessions_controller.rb
@@ -8,7 +8,9 @@ class SessionsController < ApplicationController
   def create
     if user = User.login(user_params[:email], user_params[:password])
       create_session_for(user)
-      post_to_service_provider(user)
+      @saml_response = @saml_request.response_for(user)
+      @relay_state = params[:RelayState]
+      render layout: nil
     else
       redirect_to new_session_path(saml_params), error: "Invalid Credentials"
     end
@@ -25,12 +27,6 @@ class SessionsController < ApplicationController
     session[:user_id] = user.id
   end
 
-  def post_to_service_provider(user)
-    @saml_response = @saml_request.response_for(user)
-    @relay_state = params[:RelayState]
-    render template: "sessions/saml_post", layout: nil
-  end
-
   def saml_params(storage = params)
     {
       RelayState: storage[:RelayState],
app/models/user.rb
@@ -13,16 +13,7 @@ class User < ApplicationRecord
   end
 
   def assertion_attributes_for(request)
-    {
-      id: uuid,
-      email: email,
-      created_at: created_at,
-      access_token: access_token,
-    }
-  end
-
-  def access_token
-    BearerToken.new.encode(id: uuid)
+    request.trusted? ? trusted_attributes : {}
   end
 
   def self.login(email, password)
@@ -33,4 +24,19 @@ class User < ApplicationRecord
   rescue ActiveRecord::RecordNotFound
     nil
   end
+
+  private
+
+  def access_token
+    BearerToken.new.encode(id: uuid)
+  end
+
+  def trusted_attributes
+    {
+      id: uuid,
+      email: email,
+      created_at: created_at,
+      access_token: access_token,
+    }
+  end
 end
app/views/sessions/saml_post.html.erb → app/views/sessions/create.html.erb
@@ -39,7 +39,7 @@
   <body onload="document.forms[0].submit();">
     <div class="spinner"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" viewBox="0 0 25 25"><defs><style>line{fill:none;stroke:#1a1a1a;stroke-linecap:round;stroke-miterlimit:10;stroke-width:2px;}.o25{opacity:0.25;}.o85{opacity:0.85;}.o7{opacity:0.7;}.o55{opacity:0.55;}.o35{opacity:0.35;}</style></defs><line x1="12.5" y1="2" x2="12.5" y2="7.05463"/><line class="o25" x1="12.5" y1="23" x2="12.5" y2="17.94537"/><line class="o85" x1="7.25" y1="3.40674" x2="9.77942" y2="7.78778"/><line class="o25" x1="17.75" y1="21.59326" x2="15.22058" y2="17.21222"/><line class="o25" x1="17.21222" y1="15.22058" x2="21.59326" y2="17.75"/><line class="o7" x1="7.78778" y1="9.77942" x2="3.40674" y2="7.25"/><line class="o25" x1="23" y1="12.5" x2="17.94537" y2="12.5"/><line class="o55" x1="7.05463" y1="12.5" x2="2" y2="12.5"/><line class="o35" x1="7.78778" y1="15.22058" x2="3.40674" y2="17.75"/><line class="o25" x1="21.59326" y1="7.25" x2="17.21222" y2="9.77942"/><line class="o25" x1="9.77942" y1="17.21222" x2="7.25" y2="21.59326"/><line class="o25" x1="17.75" y1="3.40674" x2="15.22058" y2="7.78778"/></svg></div>
     <%= form_tag(@saml_response.acs_url, style: "position: absolute; left: -10000px; top: -10000px;") do %>
-      <%= hidden_field_tag("SAMLResponse", @saml_response.encode) %>
+      <%= hidden_field_tag("SAMLResponse", @saml_response.serialize) %>
       <%= hidden_field_tag("RelayState", @relay_state) %>
       <%= submit_tag "Submit" %>
     <% end %>