Class: OmniAuth::Strategies::Raven

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth/strategies/raven.rb

Instance Method Summary collapse

Instance Method Details

#callback_phaseObject 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/omniauth/strategies/raven.rb', line 51

def callback_phase

  return fail!("null_response") if request.params['WLS-Response'] == ""
    
      wls_response = request.params['WLS-Response'].to_s
      ver, status, msg, issue, id, url, principal, auth, sso, life, params, kid, sig = wls_response.split('!')

      #Check the protocol version
      return fail!("invalid_protocol_version") unless ver == options[:raven_opt][:version]
      
      #Check the url
      return fail!("mismatched urls", Exception.new("url: " + url + " vs callback: " + callback_url) ) unless url == callback_url.split('?').first
    
      #Check the time skew
      issuetime = timeforRFC3339( issue )
      skew = issuetime - Time.now
      return fail!("time_skew") unless skew.abs < options[:raven_opt][:max_skew]

      #Optionally check that interaction with the user took place
      return fail!(:invalid_response, Exception.new("No raven interaction took place, but it was requested") ) if ( options[:raven_opt][:iact] == 'yes' &&  auth == "" )
      
      #Optionally check that this response matches a request
      if @match_response_and_request
        response_id = unescape( params )
        request_id = session['request_id']
        return fail!("mismatched_response", Exception.new("req_id:" + request_id + " vs resp_id:" + response_id) ) unless request_id == response_id
      end
      
      #If we got here, and status is 200, then yield the principal
      if status == '200'
        #Check that the Key Id is one we currently accept
        publickey = OmniAuth.raven_pubkey
        return fail!("invalid_keyno") unless kid == OmniAuth.raven_keyno
        
        #Check the signature
        length_to_drop = -(sig.length + kid.length + 3)
        signedbit = wls_response[ 0 .. length_to_drop]
        return fail!("mismatched_signature") unless publickey.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(sig.tr('-._','+/=')), signedbit) 

        # Return the status
        @name = principal
        @email = principal+"@cam.ac.uk"

        super
      else
        #And return the error code if it is something else.
        return fail!(:invalid_credentials, Exception.new("Raven status:" + status) )
      end
      
end

#request_phaseObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/omniauth/strategies/raven.rb', line 34

def request_phase

      params = session['request_id'] = rand( 999999 ).to_s

  auth_url = options[:raven_opt][:url] + 
         "?ver="    + uriescape(options[:raven_opt][:version]) +
         ";url="    + uriescape(callback_url) +
         ";desc="   + uriescape(options[:raven_opt][:desc]) +
         ";msg="    + uriescape(options[:raven_opt][:msg]) +
         ";iact="   + uriescape(options[:raven_opt][:iact]) +
         ";aauth="  + uriescape(options[:raven_opt][:aauth]) +
         ";params=" + uriescape(params) +
         ";fail="   + uriescape(options[:raven_opt][:fail])

      return redirect auth_url
end