Class: OmniAuth::Strategies::Citadele

Inherits:

Object

Object
OmniAuth::Strategies::Citadele

show all

Includes:: ActionDispatch::ContentSecurityPolicy::Request, OmniAuth::Strategy

Defined in:: lib/omniauth/strategies/citadele.rb

Constant Summary collapse

PRODUCTION_ENDPOINT =

'https://online.citadele.lv/amai/start.htm'

TEST_ENDPOINT =

'https://astra.citadele.lv/amai/start.htm'

AUTH_REQUEST =

'AUTHREQ'

AUTH_VERSION =

'5.0'

Class Method Summary collapse

.render_nonce? ⇒ Boolean

Instance Method Summary collapse

Class Method Details

.render_nonce? ⇒ `Boolean`

Returns:

(Boolean)



16
17
18

# File 'lib/omniauth/strategies/citadele.rb', line 16

def self.render_nonce?
   defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
end

Instance Method Details

#callback_phase ⇒ `Object`

# File 'lib/omniauth/strategies/citadele.rb', line 126

def callback_phase
  begin
    pub_crt = OpenSSL::X509::Certificate.new(options.public_crt).public_key
  rescue => e
    return fail!(:public_crt_load_err, e)
  end

  # Code = 100 -> success, 200, 300, 400 -> failure
  case response_data[:code]
  when '200'
    return fail!(:authentication_cancelled_error)
  when '300'
    return fail!(response_data[:message])
  end

  if response_data[:request] != 'AUTHRESP'
    return fail!(:unsupported_response_request)
  end

  xmldsig = Xmldsig::SignedDocument.new(request.params['xmldata'])
  if !xmldsig.validate(pub_crt)
    return fail!(:invalid_response_signature_err)
  end

  super
end

#parse_response(xml) ⇒ `Object`

# File 'lib/omniauth/strategies/citadele.rb', line 89

def parse_response(xml)
  doc = Nokogiri::XML(xml) do |config|
    config.strict.nonet
  end
  doc.remove_namespaces!
  {
    timestamp: doc.xpath("//Timestamp").text,
    from: doc.xpath("//From").text,
    request: doc.xpath("//Request").text,
    request_uid: doc.xpath("//RequestUID").text,
    version: doc.xpath("//Version").text,
    language: doc.xpath("//Language").text,
    person_code: doc.xpath("//PersonCode").text,
    person: doc.xpath("//Person").text,
    code: doc.xpath("//Code").text,
    message: doc.xpath("//Message").text
  }
end

#request_phase ⇒ `Object`

# File 'lib/omniauth/strategies/citadele.rb', line 153

def request_phase
  begin
    priv_key = OpenSSL::PKey::RSA.new(options.private_key)
  rescue => e
    return fail!(:private_key_load_err, e)
  end

  begin
    private_crt = OpenSSL::X509::Certificate.new(options.private_crt)
  rescue => e
    return fail!(:private_crt_load_err, e)
  end

  x509_subject_name = private_crt.subject.to_s
  x509_certificate = private_crt.to_s.gsub(/[-]{5}(BEGIN|END).*?[-]{5}/, '').gsub('\n', '')

  set_locale_from_query_param

  request_data = {
    timestamp: timestamp, # '20170905175959000'
    from: options.from,
    request: AUTH_REQUEST,
    request_uid: request_uid, # '7387bf5b-fa27-4fdd-add6-a6bfb2599f77'
    version: AUTH_VERSION,
    language: resolve_bank_ui_language,
    return_url: callback_url,
    x509_subject_name: x509_subject_name,
    x509_certificate: x509_certificate
  }
  field_value = return_signed_request_xml(request_data, priv_key)
  field_value.gsub!('"', '&quot;')

  form = OmniAuth::Form.new(title: I18n.t('omniauth.citadele.please_wait'), url: options.site)
  form.html "<input id=\"xmldata\" name=\"xmldata\" type=\"hidden\" value=\"#{field_value}\" />"
  form.button I18n.t('omniauth.citadele.click_here_if_not_redirected')

  nonce_attribute = nil
  if self.class.render_nonce?
    nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
  end

  form.instance_variable_set('@html',
    form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
  form.to_response
end

#request_uid ⇒ `Object`



38
39
40

# File 'lib/omniauth/strategies/citadele.rb', line 38

def request_uid
  @request_uid ||= SecureRandom.uuid
end

#response_data ⇒ `Object`



108
109
110

# File 'lib/omniauth/strategies/citadele.rb', line 108

def response_data
  @response_data ||= parse_response(request.params['xmldata'])
end

#return_signed_request_xml(request_data, priv_key) ⇒ `Object`

# File 'lib/omniauth/strategies/citadele.rb', line 42

def return_signed_request_xml(request_data, priv_key)
  unsigned_xml = "  <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n  <FIDAVISTA xmlns=\"http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-1\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-1 http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-1/fidavista.xsd\">\n    <Header>\n      <Timestamp>\#{request_data[:timestamp]}</Timestamp>\n      <From>\#{request_data[:from]}</From>\n      <Extension>\n        <Amai xmlns=\"http://online.citadele.lv/XMLSchemas/amai/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://online.citadele.lv/XMLSchemas/amai/ http://online.citadele.lv/XMLSchemas/amai/amai.xsd\">\n          <Request>\#{request_data[:request]}</Request>\n          <RequestUID>\#{request_data[:request_uid]}</RequestUID>\n          <Version>\#{request_data[:version]}</Version>\n          <Language>\#{request_data[:language]}</Language>\n          <ReturnURL>\#{request_data[:return_url]}</ReturnURL>\n          <SignatureData>\n            <Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <SignedInfo>\n                <CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\n                <SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\n                <Reference URI=\"\">\n                  <Transforms>\n                    <Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n                    <Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />\n                  </Transforms>\n                  <DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n                  <DigestValue></DigestValue>\n                </Reference>\n              </SignedInfo>\n              <SignatureValue></SignatureValue>\n              <KeyInfo>\n                <X509Data>\n                  <X509SubjectName>\#{request_data[:x509_subject_name]}</X509SubjectName>\n                  <X509Certificate>\#{request_data[:x509_certificate]}</X509Certificate>\n                </X509Data>\n              </KeyInfo>\n            </Signature>\n          </SignatureData>\n        </Amai>\n      </Extension>\n    </Header>\n  </FIDAVISTA>\n  XML\n  unsigned_xml.gsub!('\\n', '')\n  unsigned_document = Xmldsig::SignedDocument.new(unsigned_xml)\n  unsigned_document.sign(priv_key)\nend\n"

#timestamp ⇒ `Object`



34
35
36

# File 'lib/omniauth/strategies/citadele.rb', line 34

def timestamp
  @timestamp ||= Time.now.strftime("%Y%m%d%H%M%S%3N")
end

Class: OmniAuth::Strategies::Citadele

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.render_nonce? ⇒ Boolean

Instance Method Details

#callback_phase ⇒ Object

#parse_response(xml) ⇒ Object

#request_phase ⇒ Object

#request_uid ⇒ Object

#response_data ⇒ Object

#return_signed_request_xml(request_data, priv_key) ⇒ Object

#timestamp ⇒ Object

.render_nonce? ⇒ `Boolean`

#callback_phase ⇒ `Object`

#parse_response(xml) ⇒ `Object`

#request_phase ⇒ `Object`

#request_uid ⇒ `Object`

#response_data ⇒ `Object`

#return_signed_request_xml(request_data, priv_key) ⇒ `Object`

#timestamp ⇒ `Object`