Class: OmniAuth::Strategies::Seb
- Inherits:
-
Object
- Object
- OmniAuth::Strategies::Seb
show all
- Includes:
- ActionDispatch::ContentSecurityPolicy::Request, OmniAuth::Strategy
- Defined in:
- lib/omniauth/strategies/seb.rb,
lib/omniauth/strategies/seb/message.rb,
lib/omniauth/strategies/seb/response.rb
Defined Under Namespace
Classes: Message, Response, ValidationError
Constant Summary
collapse
- AUTH_SERVICE =
'0005'
Class Method Summary
collapse
Instance Method Summary
collapse
Class Method Details
.render_nonce? ⇒ Boolean
15
16
17
|
# File 'lib/omniauth/strategies/seb.rb', line 15
def self.render_nonce?
defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
end
|
Instance Method Details
#callback_phase ⇒ Object
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# File 'lib/omniauth/strategies/seb.rb', line 47
def callback_phase
begin
pub_crt = OpenSSL::X509::Certificate.new(options.public_crt).public_key
rescue => e
return fail!(:public_crt_load_err, e)
end
if request.params['IB_SND_ID'] != 'SEBUB'
return fail!(:invalid_response_snd_id_err)
end
if request.params['IB_SERVICE'] != '0001'
return fail!(:invalid_response_service_err)
end
message = OmniAuth::Strategies::Seb::Response.new(request.params)
message.validate!(pub_crt)
super
rescue ValidationError => e
fail!(:invalid_response_crc, e)
end
|
#request_phase ⇒ Object
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
# File 'lib/omniauth/strategies/seb.rb', line 70
def request_phase
fail!(:invalid_snd_id) if options.snd_id.nil?
set_locale_from_query_param
message = OmniAuth::Strategies::Seb::Message.new(
'IB_SND_ID': options.snd_id,
'IB_SERVICE': AUTH_SERVICE,
'IB_LANG': resolve_bank_ui_language
)
form = OmniAuth::Form.new(title: I18n.t('omniauth.seb.please_wait'), url: options.site)
message.each_pair do |k,v|
form.html "<input type=\"hidden\" name=\"#{escape(k.to_s)}\" value=\"#{escape(v)}\" />"
end
form.button I18n.t('omniauth.seb.click_here_if_not_redirected')
nonce_attribute = nil
if self.class.render_nonce?
nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
end
form.instance_variable_set('@html',
form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
form.to_response
end
|