Class: OmniAuth::Strategies::Raven

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth/strategies/raven.rb

Instance Method Summary collapse

Instance Method Details

#callback_phaseObject 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/omniauth/strategies/raven.rb', line 51

def callback_phase

	return fail!("null_response") if request.params['WLS-Response'] == ""
		
			wls_response = request.params['WLS-Response'].to_s
			ver, status, msg, issue, id, url, principal, auth, sso, life, params, kid, sig = wls_response.split('!')

			#Check the protocol version
			return fail!("invalid_protocol_version") unless ver == options[:raven_opt][:version]
			
			#Check the url
			return fail!("mismatched urls", Exception.new("url: " + url + " vs callback: " + callback_url) ) unless url == callback_url.split('?').first
		
			#Check the time skew
			issuetime = timeforRFC3339( issue )
			skew = issuetime - Time.now
			return fail!("time_skew") unless skew.abs < options[:raven_opt][:max_skew]

			#Optionally check that interaction with the user took place
			return fail!(:invalid_response, Exception.new("No raven interaction took place, but it was requested") ) if ( options[:raven_opt][:iact] == 'yes' &&  auth == "" )
			
			#Optionally check that this response matches a request
			if @match_response_and_request
				response_id = unescape( params )
				request_id = session['request_id']
				return fail!("mismatched_response", Exception.new("req_id:" + request_id + " vs resp_id:" + response_id) ) unless request_id == response_id
			end
			
			#If we got here, and status is 200, then yield the principal
			if status == '200'
				#Check that the Key Id is one we currently accept
				publickey = OmniAuth.raven_pubkey
				return fail!("invalid_keyno") unless kid == OmniAuth.raven_keyno
				
				#Check the signature
				length_to_drop = -(sig.length + kid.length + 3)
				signedbit = wls_response[ 0 .. length_to_drop]
				return fail!("mismatched_signature") unless publickey.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(sig.tr('-._','+/=')), signedbit)	

				# Return the status
				@name = principal
				@email = principal+"@cam.ac.uk"

				super
			else
				#And return the error code if it is something else.
				return fail!(:invalid_credentials, Exception.new("Raven status:" + status) )
			end
			
end

#request_phaseObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/omniauth/strategies/raven.rb', line 34

def request_phase

			params = session['request_id'] = rand( 999999 ).to_s

	auth_url = options[:raven_opt][:url] + 
			   "?ver="    + uriescape(options[:raven_opt][:version]) +
			   ";url="    + uriescape(callback_url) +
			   ";desc="   + uriescape(options[:raven_opt][:desc]) +
			   ";msg="    + uriescape(options[:raven_opt][:msg]) +
			   ";iact="   + uriescape(options[:raven_opt][:iact]) +
			   ";aauth="  + uriescape(options[:raven_opt][:aauth]) +
			   ";params=" + uriescape(params) +
			   ";fail="   + uriescape(options[:raven_opt][:fail])

			return redirect auth_url
end