Commit d50d8cf

mokha <mokha@cisco.com>
2017-12-01 23:03:19
use simpler api for building request/response.
main
1 parent eddf855
Changed files (5)
app
controllers
sessions_controller.rb
models
idp.rb
views
sessions
_response.html.erb
Gemfile
Gemfile.lock
app/controllers/sessions_controller.rb
@@ -31,9 +31,9 @@ class SessionsController < ApplicationController
         raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
       end
       user = User.find_by(uuid: saml_request.name_id)
-      response_binding = saml_request.provider.single_logout_service_for(binding: :http_post)
-      @saml_response = saml_request.response_for(user)
-      @url, @saml_params = response_binding.serialize(@saml_response, relay_state: saml_params[:RelayState])
+      @url, @saml_params = saml_request.response_for(user, binding: :http_post, relay_state: saml_params[:RelayState]) do |builder|
+        @saml_response_builder = builder
+      end
       reset_session
     elsif saml_params[:SAMLResponse].present?
     else
@@ -63,9 +63,9 @@ class SessionsController < ApplicationController
   end
 
   def post_back(saml_request, user)
-    response_binding = saml_request.provider.assertion_consumer_service_for(binding: :http_post)
-    @saml_response = saml_request.response_for(user)
-    @url, @saml_params = response_binding.serialize(@saml_response, relay_state: saml_params[:RelayState])
+    @url, @saml_params = saml_request.response_for(user, binding: :http_post, relay_state: saml_params[:RelayState]) do |builder|
+      @saml_response_builder = builder
+    end
     reset_session
     session[:user_id] = user.id
     render :create
app/models/idp.rb
@@ -1,27 +1,28 @@
 class Idp
   class << self
     def default(request)
-      @idp ||= begin
-        host = "#{request.protocol}#{request.host}:#{request.port}"
-        url_helpers = Rails.application.routes.url_helpers
-        builder = Saml::Kit::IdentityProviderMetadata::Builder.new
-        builder.sign = false
-        builder.contact_email = 'hi@example.com'
-        builder.organization_name = "Acme, Inc"
-        builder.organization_url = url_helpers.root_url(host: host)
-        builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_post)
-        builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_redirect)
-        builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :http_post)
-        builder.name_id_formats = [
-          Saml::Kit::Namespaces::EMAIL_ADDRESS,
-          Saml::Kit::Namespaces::PERSISTENT,
-          Saml::Kit::Namespaces::TRANSIENT,
-        ]
-        builder.attributes << :id
-        builder.attributes << :email
-        builder.attributes << :created_at
-        builder.build
-      end
+      @idp ||=
+        begin
+          host = "#{request.protocol}#{request.host}:#{request.port}"
+          url_helpers = Rails.application.routes.url_helpers
+          Saml::Kit::IdentityProviderMetadata.build do |builder|
+            builder.sign = false
+            builder.contact_email = 'hi@example.com'
+            builder.organization_name = "Acme, Inc"
+            builder.organization_url = url_helpers.root_url(host: host)
+            builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_post)
+            builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_redirect)
+            builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :http_post)
+            builder.name_id_formats = [
+              Saml::Kit::Namespaces::EMAIL_ADDRESS,
+              Saml::Kit::Namespaces::PERSISTENT,
+              Saml::Kit::Namespaces::TRANSIENT,
+            ]
+            builder.attributes << :id
+            builder.attributes << :email
+            builder.attributes << :created_at
+          end
+        end
     end
   end
 end
app/views/sessions/_response.html.erb
@@ -8,7 +8,7 @@
           <%= hidden_field_tag key, value %>
         <% end %>
       <% end %>
-      <%= debug @saml_response.build.to_xhtml %>
+      <%= debug @saml_response_builder.build.to_xhtml %>
     </div>
   </div>
 </div>
Gemfile
@@ -61,7 +61,7 @@ end
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 gem 'dotenv-rails'
-gem 'saml-kit', '~> 0.2.0'
+gem 'saml-kit', path: '../saml-kit'
 gem 'rails-assets-bootstrap', source: 'https://rails-assets.org'
 gem 'jwt'
 gem 'activerecord-session_store'
Gemfile.lock
@@ -1,3 +1,13 @@
+PATH
+  remote: ../saml-kit
+  specs:
+    saml-kit (0.2.2)
+      activemodel (>= 4.2.0)
+      activesupport (>= 4.2.0)
+      builder (~> 3.2)
+      nokogiri (~> 1.8)
+      xmldsig (~> 0.6)
+
 GEM
   remote: https://rubygems.org/
   remote: https://rails-assets.org/
@@ -175,12 +185,6 @@ GEM
     ruby_dep (1.5.0)
     rubyzip (1.2.1)
     safe_yaml (1.0.4)
-    saml-kit (0.2.0)
-      activemodel (>= 4.2.0)
-      activesupport (>= 4.2.0)
-      builder (~> 3.2)
-      nokogiri (~> 1.8)
-      xmldsig (~> 0.6)
     sass (3.5.2)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
@@ -256,7 +260,7 @@ DEPENDENCIES
   rails-controller-testing
   rails_12factor
   rspec-rails (~> 3.6)
-  saml-kit (~> 0.2.0)
+  saml-kit!
   sass-rails (~> 5.0)
   selenium-webdriver
   spring