Class: OmniAuth::Strategies::Swedbank

Inherits:

Object

• Object
• OmniAuth::Strategies::Swedbank

Includes:

ActionDispatch::ContentSecurityPolicy::Request, OmniAuth::Strategy

Defined in:

lib/omniauth/strategies/swedbank.rb

Constant Summary

AUTH_SERVICE =

'4002'

AUTH_VERSION =

'008'

Class Method Summary

• .render_nonce? ⇒ Boolean

Instance Method Summary

• #callback_phase ⇒ Object
• #prepend_length(value) ⇒ Object
• #request_phase ⇒ Object
• #signature(priv_key) ⇒ Object
• #signature_input ⇒ Object
• #stamp ⇒ Object

Class Method Details

.render_nonce? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/swedbank.rb', line 12

def self.render_nonce?
   defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
end

Instance Method Details

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/swedbank.rb', line 69

def callback_phase
  begin
    pub_key = OpenSSL::X509::Certificate.new(options.public_key).public_key
  rescue => e
    return fail!(:public_key_load_err, e)
  end

  if request.params['VK_SERVICE'] != '3003'
    return fail!(:unsupported_response_service_err)
  end

  if request.params['VK_VERSION'] != '008'
    return fail!(:unsupported_response_version_err)
  end

  if request.params['VK_ENCODING'] != 'UTF-8'
    return fail!(:unsupported_response_encoding_err)
  end

  sig_str = [
    request.params['VK_SERVICE'],
    request.params['VK_VERSION'],
    request.params['VK_SND_ID'],
    request.params['VK_REC_ID'],
    request.params['VK_NONCE'],
    request.params['VK_INFO']
  ].map{|v| prepend_length(v)}.join

  raw_signature = Base64.decode64(request.params['VK_MAC'])

  if !pub_key.verify(OpenSSL::Digest::SHA1.new, raw_signature, sig_str)
    return fail!(:invalid_response_signature_err)
  end

  super
end

#prepend_length(value) ⇒ Object

# File 'lib/omniauth/strategies/swedbank.rb', line 35

def prepend_length(value)
  # prepend length to string in 0xx format
  [ value.to_s.length.to_s.rjust(3, '0'), value.dup.to_s.force_encoding('ascii')].join
end

#request_phase ⇒ Object

# File 'lib/omniauth/strategies/swedbank.rb', line 106

def request_phase
  begin
    priv_key = OpenSSL::PKey::RSA.new(options.private_key)
  rescue => e
    return fail!(:private_key_load_err, e)
  end

  set_locale_from_query_param

  form = OmniAuth::Form.new(:title => I18n.t('omniauth.swedbank.please_wait'), :url => options.site)

  {
    'VK_SERVICE' => AUTH_SERVICE,
    'VK_VERSION' => AUTH_VERSION,
    'VK_SND_ID' => options.snd_id,
    'VK_REC_ID' => options.rec_id,
    'VK_NONCE' => stamp,
    'VK_RETURN' => callback_url,
    'VK_MAC' => signature(priv_key),
    'VK_LANG' => resolve_bank_ui_language,
    'VK_ENCODING' => 'UTF-8'
  }.each do |name, val|
    form.html "<input type=\"hidden\" name=\"#{name}\" value=\"#{escape(val)}\" />"
  end

  form.button I18n.t('omniauth.swedbank.click_here_if_not_redirected')

  nonce_attribute = nil
  if self.class.render_nonce?
    nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
  end
  form.instance_variable_set('@html',
    form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
  form.to_response
end

#signature(priv_key) ⇒ Object

# File 'lib/omniauth/strategies/swedbank.rb', line 51

def signature(priv_key)
  Base64.encode64(priv_key.sign(OpenSSL::Digest::SHA1.new, signature_input))
end

#signature_input ⇒ Object

# File 'lib/omniauth/strategies/swedbank.rb', line 40

def signature_input
  [
    AUTH_SERVICE,             # VK_SERVICE
    AUTH_VERSION,             # VK_VERSION
    options.snd_id,           # VK_SND_ID
    options.rec_id,           # VK_REC_ID
    stamp,                    # VK_NONCE
    callback_url              # VK_RETURN
  ].map{|v| prepend_length(v)}.join
end

#stamp ⇒ Object

# File 'lib/omniauth/strategies/swedbank.rb', line 30

def stamp
  return @stamp if @stamp
  @stamp = Time.now.strftime('%Y%m%d%H%M%S') + SecureRandom.random_number(999999).to_s.rjust(6, '0')
end