forked from toyokazu/omniauth-shibboleth
/
shibboleth.rb
109 lines (99 loc) · 3.05 KB
/
shibboleth.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
module OmniAuth
module Strategies
class Shibboleth
include OmniAuth::Strategy
option :shib_session_id_field, 'Shib-Session-ID'
option :shib_application_id_field, 'Shib-Application-ID'
option :uid_field, 'eppn'
option :name_field, 'displayName'
option :info_fields, {}
option :extra_fields, []
option :debug, false
option :fail_with_empty_uid, false
option :request_type, :env
option :multi_values, :raw
def request_phase
[
302,
{
'Location' => script_name + callback_path + query_string,
'Content-Type' => 'text/plain'
},
["You are being redirected to Shibboleth SP/IdP for sign-in."]
]
end
def request_params
case options.request_type
when :env, 'env', :header, 'header'
request.env
when :params, 'params'
request.params
end
end
def request_param(key)
multi_value_handler(
case options.request_type
when :env, 'env'
request.env[key]
when :header, 'header'
request.env["HTTP_#{key.upcase.gsub('-', '_')}"]
when :params, 'params'
request.params[key]
end
)
end
def multi_value_handler(param_value)
case options.multi_values
when :raw, 'raw'
param_value
when :first, 'first'
return nil if param_value.nil?
param_value.split(/(?<!\\);/).first.gsub('\\;', ';')
else
eval(options.multi_values).call(param_value)
end
end
def callback_phase
if options.debug
# dump attributes
return [
200,
{
'Content-Type' => 'text/plain'
},
["!!!!! This message is generated by omniauth-shibboleth. To remove it set :debug to false. !!!!!\n#{request_params.sort.map {|i| "#{i[0]}: #{i[1]}" }.join("\n")}"]
]
end
return fail!(:no_shibboleth_session) unless (request_param(options.shib_session_id_field.to_s) || request_param(options.shib_application_id_field.to_s))
return fail!(:empty_uid) if options.fail_with_empty_uid && option_handler(options.uid_field).empty?
super
end
def option_handler(option_field)
if option_field.class == String ||
option_field.class == Symbol
request_param(option_field.to_s)
elsif option_field.class == Proc
option_field.call(self.method(:request_param))
end
end
uid do
option_handler(options.uid_field)
end
info do
res = {
:name => option_handler(options.name_field)
}
options.info_fields.each_pair do |key, field|
res[key] = option_handler(field)
end
res
end
extra do
options.extra_fields.inject({:raw_info => {}}) do |hash, field|
hash[:raw_info][field] = request_param(field.to_s)
hash
end
end
end
end
end