Class: OmniAuth::Strategies::UcamRaven

Inherits:

Object

Object
OmniAuth::Strategies::UcamRaven

show all

Includes:: OmniAuth::Strategy

Defined in:: lib/omniauth/strategies/ucam-raven.rb

Instance Method Summary collapse

Instance Method Details

#callback_phase ⇒ `Object`

# File 'lib/omniauth/strategies/ucam-raven.rb', line 46

def callback_phase
  # Check we get what we're expecting.
  if wls_response.nil? || wls_response == ""
    return fail!(:wls_response_not_present)
  end
  return fail!(:authentication_cancelled_by_user) if wls_response[1].to_i == 410
  return fail!(:no_mutually_acceptable_authentication_types_available) if wls_response[1].to_i == 510
  return fail!(:unsupported_protocol_version) if wls_response[1].to_i == 520
  return fail!(:general_request_parameter_error) if wls_response[1].to_i == 530
  return fail!(:interaction_would_be_required) if wls_response[1].to_i == 540
  return fail!(:waa_not_authorised) if wls_response[1].to_i == 560
  return fail!(:authentication_declined) if wls_response[1].to_i == 570
  return fail!(:invalid_response_status) unless wls_response[1].to_i == 200
  return fail!(:raven_version_mismatch) unless wls_response[0].to_i == 3
  return fail!(:invalid_response_url) unless wls_response[5] == callback_url.split('?').first
  return fail!(:too_few_wls_response_parameters) if wls_response.length < 14
  return fail!(:too_many_wls_response_parameters) if wls_response.length > 14

  # Check the time skew in seconds.
  skew = ((DateTime.now.new_offset(0) - date_from_rfc3339(wls_response[3])) * 24 * 60 * 60).to_i
  return fail!(:skew_too_large) unless skew < options.skew

  # Check the key id.
return fail!(:unexpected_rsa_key_id) unless wls_response[12].to_i == options.key_id

  # Check the response RSA signature.
  signed_part = wls_response.first(12).join('!')
  base64_part = wls_response[13].tr('-._','+/=')
  signature = Base64.decode64(base64_part)
  key = OpenSSL::PKey::RSA.new File.read options.key_path
  digest  = OpenSSL::Digest::SHA1.new
return fail!(:rsa_signature_check_failed) unless key.verify(digest, signature, signed_part)

  # Done all we need to do; call super.
  super
end

#request_phase ⇒ `Object`

# File 'lib/omniauth/strategies/ucam-raven.rb', line 31

def request_phase
  url = "#{options.url}?"
  url << "ver=3"
  url << "&url=#{callback_url}"
  url << "&desc=#{URI::encode options.desc}" if options.desc
  url << "&aauth=#{URI::encode options.aauth}" if options.aauth
  url << "&iact=#{URI::encode options.iact}" if options.iact
  url << "&msg=#{URI::encode options.msg}" if options.msg
  url << "&params=#{URI::encode options.params}" if options.params
  url << "&date=#{date_to_rfc3339}" if options.date
  # skew is DEPRECATED - we don't pass it to the WLS.
  url << "&fail=#{URI::encode options.fail}" if options.fail
  redirect url
end

Class: OmniAuth::Strategies::UcamRaven

Instance Method Summary collapse

Instance Method Details

#callback_phase ⇒ Object

#request_phase ⇒ Object

#callback_phase ⇒ `Object`

#request_phase ⇒ `Object`