32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# File 'lib/devise_saml_authenticatable/model.rb', line 32
def authenticate_with_saml(saml_response, relay_state)
key = Devise.saml_default_user_key
decorated_response = ::SamlAuthenticatable::SamlResponse.new(
saml_response,
attribute_map(saml_response),
)
if Devise.saml_use_subject
auth_value = saml_response.name_id
else
auth_value = decorated_response.attribute_value_by_resource_key(key)
end
auth_value.try(:downcase!) if Devise.case_insensitive_keys.include?(key)
resource = Devise.saml_resource_locator.call(self, decorated_response, auth_value)
raise "Only one validator configuration can be used at a time" if Devise.saml_resource_validator && Devise.saml_resource_validator_hook
if Devise.saml_resource_validator || Devise.saml_resource_validator_hook
valid = if Devise.saml_resource_validator then Devise.saml_resource_validator.new.validate(resource, saml_response)
else Devise.saml_resource_validator_hook.call(resource, decorated_response, auth_value)
end
if !valid
logger.info("User(#{auth_value}) did not pass custom validation.")
return nil
end
end
if resource.nil?
if Devise.saml_create_user
logger.info("Creating user(#{auth_value}).")
resource = new
else
logger.info("User(#{auth_value}) not found. Not configured to create the user.")
return nil
end
end
if Devise.saml_update_user || (resource.new_record? && Devise.saml_create_user)
Devise.saml_update_resource_hook.call(resource, decorated_response, auth_value)
end
resource
end
|