Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow request uuid to be stored #174

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: allow request uuid to be stored #174

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Expand Up @@ -155,6 +155,10 @@ be present.

* `:uid_attribute` - Attribute that uniquely identifies the user. If unset, the name identifier returned by the IdP is used.

* `:store_request_uuid` - Used to store the request's UUID for later verification of InReponseTo.
By default it saves the request uuid in the session as "saml_transaction_id",
but also accepts a proc that will then be called with the uuid for custom storage.

* See the `OneLogin::RubySaml::Settings` class in the [Ruby SAML gem](https://github.com/onelogin/ruby-saml) for additional supported options.

## IdP Metadata
Expand Down
11 changes: 11 additions & 0 deletions lib/omniauth/strategies/saml.rb
View file
Open in desktop
Expand Up @@ -30,15 +30,26 @@ def self.inherited(subclass)
option :slo_default_relay_state
option :uid_attribute
option :idp_slo_session_destroy, proc { |_env, session| session.clear }
option :store_request_uuid

def request_phase
authn_request = OneLogin::RubySaml::Authrequest.new

store_request_uuid(authn_request.uuid)

with_settings do |settings|
redirect(authn_request.create(settings, additional_params_for_authn_request))
end
end

def store_request_uuid(uuid)
if options.store_request_uuid.respond_to?(:call)
options.store_request_uuid.call(uuid)
elsif options.store_request_uuid
session["saml_transaction_id"] = uuid
end
end

def callback_phase
raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing") unless request.params["SAMLResponse"]

Expand Down
23 changes: 23 additions & 0 deletions spec/omniauth/strategies/saml_spec.rb
View file
Open in desktop
Expand Up @@ -115,6 +115,29 @@ def post_xml(xml=:example_response, opts = {})
expect(query['SigAlg']).to eq XMLSecurity::Document::RSA_SHA256
end
end

context 'with store_request_uuid set' do
let(:store_request_uuid) { true }
let(:uuid_regex) { /_\w{8}-\w{4}-\w{4}-\w{4}-\w{11}/ }

before do
saml_options[:store_request_uuid] = store_request_uuid

get '/auth/saml'
end

it 'stores uuid as saml_transaction_id' do
expect(session['saml_transaction_id']).to match(uuid_regex)
end

context 'using a proc' do
let(:store_request_uuid) { Proc.new { |uuid| @uuid_stored = uuid } }

it 'allows customized storage of request uuid' do
expect(@uuid_stored).to match(uuid_regex)
end
end
end
end

describe 'POST /auth/saml/callback' do
Expand Down