Commit f038c2b
2017-11-14 00:28:33
1 parent
2516202
Changed files (8)
airport
app
controllers
models
views
layouts
sessions
saml-kit
spec
airport/app/controllers/sessions_controller.rb
@@ -19,7 +19,8 @@ class SessionsController < ApplicationController
def destroy
@post_uri = idp_metadata.single_logout_service_for(binding: :post)
- @saml_request = idp_metadata.build_request(Saml::Kit::LogoutRequest).serialize
+ @saml_request = idp_metadata.build_request(Saml::Kit::LogoutRequest, current_user).serialize
+ render layout: "spinner"
end
private
airport/app/models/user.rb
@@ -6,4 +6,12 @@ class User
@email = attributes[:email]
@attributes = attributes
end
+
+ def name_id_for(name_id_format)
+ if Saml::Kit::Namespaces::PERSISTENT == name_id_format
+ id
+ else
+ email
+ end
+ end
end
airport/app/views/layouts/spinner.html.erb
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <style type="text/css" media="all">
+ html,
+ body {
+ width: 100%;
+ height: 100%;
+ }
+
+ body {
+ display: -ms-flexbox;
+ display: flex;
+ -ms-flex-align: center;
+ align-items: center;
+ -ms-flex-pack: center;
+ justify-content: center;
+ }
+
+ @keyframes spinner {
+ 0% { transform: rotate(0deg) }
+ 100% { transform: rotate(360deg) }
+ }
+
+ .spinner {
+ width: 48px;
+ height: 48px;
+ animation: spinner 0.65s infinite steps(12);
+ }
+
+ .spinner svg {
+ width: 48px;
+ height: 48px;
+ }
+ </style>
+ </head>
+ <body>
+ <div class="spinner"><svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" viewBox="0 0 25 25"><defs><style>line{fill:none;stroke:#1a1a1a;stroke-linecap:round;stroke-miterlimit:10;stroke-width:2px;}.o25{opacity:0.25;}.o85{opacity:0.85;}.o7{opacity:0.7;}.o55{opacity:0.55;}.o35{opacity:0.35;}</style></defs><line x1="12.5" y1="2" x2="12.5" y2="7.05463"/><line class="o25" x1="12.5" y1="23" x2="12.5" y2="17.94537"/><line class="o85" x1="7.25" y1="3.40674" x2="9.77942" y2="7.78778"/><line class="o25" x1="17.75" y1="21.59326" x2="15.22058" y2="17.21222"/><line class="o25" x1="17.21222" y1="15.22058" x2="21.59326" y2="17.75"/><line class="o7" x1="7.78778" y1="9.77942" x2="3.40674" y2="7.25"/><line class="o25" x1="23" y1="12.5" x2="17.94537" y2="12.5"/><line class="o55" x1="7.05463" y1="12.5" x2="2" y2="12.5"/><line class="o35" x1="7.78778" y1="15.22058" x2="3.40674" y2="17.75"/><line class="o25" x1="21.59326" y1="7.25" x2="17.21222" y2="9.77942"/><line class="o25" x1="9.77942" y1="17.21222" x2="7.25" y2="21.59326"/><line class="o25" x1="17.75" y1="3.40674" x2="15.22058" y2="7.78778"/></svg></div>
+ <%= yield %>
+ </body>
+</html>
airport/app/views/sessions/destroy.html.erb
@@ -0,0 +1,10 @@
+<%= form_tag(@post_uri, style: "position: absolute; left: -10000px; top: -10000px;") do %>
+ <%= hidden_field_tag("SAMLRequest", @saml_request) %>
+ <%= submit_tag "Submit" %>
+<% end %>
+
+<%= javascript_tag do %>
+ window.onload = function() {
+ document.forms[0].submit();
+ };
+<% end %>
saml-kit/lib/saml/kit/authentication_request.rb
@@ -128,14 +128,14 @@ module Saml
end
class Builder
- attr_accessor :id, :issued_at, :issuer, :acs_url, :name_id_format
+ attr_accessor :id, :now, :issuer, :acs_url, :name_id_format
attr_reader :sign
- def initialize(configuration = Saml::Kit.configuration, sign: true)
+ def initialize(user = nil, configuration: Saml::Kit.configuration, sign: true)
@id = SecureRandom.uuid
- @issued_at = Time.now.utc
@issuer = configuration.issuer
@name_id_format = Namespaces::PERSISTENT
+ @now = Time.now.utc
@sign = sign
end
@@ -161,7 +161,7 @@ module Saml
"xmlns:saml" => Namespaces::ASSERTION,
ID: "_#{id}",
Version: "2.0",
- IssueInstant: issued_at.utc.iso8601,
+ IssueInstant: now.utc.iso8601,
}
options[:AssertionConsumerServiceURL] = acs_url if acs_url.present?
options
saml-kit/lib/saml/kit/identity_provider_metadata.rb
@@ -39,8 +39,8 @@ module Saml
end
end
- def build_request(type)
- builder = type::Builder.new(sign: want_authn_requests_signed)
+ def build_request(type, user = nil)
+ builder = type::Builder.new(user, sign: want_authn_requests_signed)
yield builder if block_given?
builder.build
end
saml-kit/lib/saml/kit/logout_request.rb
@@ -5,7 +5,7 @@ module Saml
include XsdValidatable
include ActiveModel::Validations
validates_presence_of :content
- validates_presence_of :single_logout_service, if: :logout_request?
+ validates_presence_of :single_logout_service, if: :logout?
validate :must_be_request
validate :must_have_valid_signature
validate :must_be_registered
@@ -104,11 +104,11 @@ module Saml
def must_be_request
return if to_h.nil?
- errors[:base] << error_message(:invalid) unless logout_request?
+ errors[:base] << error_message(:invalid) unless logout?
end
def must_be_registered
- return unless logout_request?
+ return unless logout?
if provider.nil?
errors[:provider] << error_message(:unregistered)
return
@@ -121,7 +121,7 @@ module Saml
matches_xsd?(PROTOCOL_XSD)
end
- def logout_request?
+ def logout?
return false if to_xml.blank?
to_h[name].present?
end
@@ -131,13 +131,13 @@ module Saml
attr_accessor :sign
attr_reader :user
- def initialize(user, configuration: Saml::Kit.configuration)
+ def initialize(user, configuration: Saml::Kit.configuration, sign: true)
@user = user
@id = SecureRandom.uuid
@issuer = configuration.issuer
@name_id_format = Saml::Kit::Namespaces::PERSISTENT
@now = Time.now.utc
- @sign = true
+ @sign = sign
end
def to_xml
saml-kit/spec/saml/authentication_request_spec.rb
@@ -22,7 +22,7 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
it { expect(subject.name_id_format).to eql(name_id_format) }
describe "#to_xml" do
- subject { described_class::Builder.new(configuration) }
+ subject { described_class::Builder.new(configuration: configuration) }
let(:configuration) do
config = Saml::Kit::Configuration.new
config.issuer = issuer