Class: RackEntraIdAuth::EntraIdRequest
- Inherits:
-
Object
- Object
- RackEntraIdAuth::EntraIdRequest
- Defined in:
- lib/rack_entra_id_auth/entra_id_request.rb
Instance Attribute Summary collapse
-
#request ⇒ Object
readonly
Returns the value of attribute request.
Instance Method Summary collapse
-
#base_url ⇒ String
Returns the request’s base URL and path without the path_info at the end.
-
#initialize(request, saml_setting_overrides = {}) ⇒ EntraIdRequest
constructor
A new instance of EntraIdRequest.
-
#login? ⇒ Bool
Returns whether the request is a Service Provider initiated sign-on request.
-
#login_response? ⇒ Bool
Returns whether the request contains a single sign-on response (for Service Provider initiated single sign-on requests).
-
#logout? ⇒ Bool
Returns whether the request is a Service Provider initiated logout request.
-
#logout_request? ⇒ Bool
Returns whether the request contains a single logout request (for ID Provider initiated single logout requests).
-
#logout_response? ⇒ Bool
Returns whether the request contains a single logout response for Service Provider initiated logout request.
-
#relay_state_url ⇒ String
Returns the RelayState in the header of the request or its query parameters.
-
#saml_auth_response(auth_request_id: request.session[:auth_request_id], skip_conditions: false, allowed_clock_drift: nil, skip_subject_confirmation: false, skip_recipient_check: false, skip_audience: false) ⇒ OneLogin::RubySaml::Response
A single sign-on response for the SAMLResponse in the request’s header.
-
#saml_logout_request(allowed_clock_drift: nil, relax_signature_validation: false) ⇒ OneLogin::RubySaml::Logoutresponse
A single logout request for the SAMLRequest in the request’s query parameters.
-
#saml_logout_response(logout_request_id: request.session[:logout_request_id], relax_signature_validation: false) ⇒ OneLogin::RubySaml::Logoutresponse
A single logout response for the SAMLResponse in the request’s query parameters.
-
#slo_response_url(request_id: nil, logout_message: nil, params: {}, logout_status_code: nil) ⇒ String
Returns a single logout reponse URL for the settings provided.
-
#slo_url(params = {}) ⇒ String|nil
Returns a single logout request URL for the settings provided if an ID Provider single logout target URL is present in the settings (idp_slo_service_url), otherwise returns nil.
-
#sso_url(params = {}) ⇒ String
Returns a single sign-on authentication request URL for the settings provided.
Constructor Details
#initialize(request, saml_setting_overrides = {}) ⇒ EntraIdRequest
Returns a new instance of EntraIdRequest.
7 8 9 10 11 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 7 def initialize(request, saml_setting_overrides = {}) @request = request @saml_settings = OneLogin::RubySaml::Settings.new(RackEntraIdAuth.config.ruby_saml_settings.merge(saml_setting_overrides)) end |
Instance Attribute Details
#request ⇒ Object (readonly)
Returns the value of attribute request.
5 6 7 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 5 def request @request end |
Instance Method Details
#base_url ⇒ String
Returns the request’s base URL and path without the path_info at the end.
17 18 19 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 17 def base_url "#{request.base_url}#{request.path}".sub(Regexp.new("#{request.path_info}$"), '') end |
#login? ⇒ Bool
Returns whether the request is a Service Provider initiated sign-on request. Returns true if the request’s path info equals the login path configuration (login_path), otherwise returns false.
27 28 29 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 27 def login? request.path_info.eql?(RackEntraIdAuth.config.login_path) end |
#login_response? ⇒ Bool
Returns whether the request contains a single sign-on response (for Service Provider initiated single sign-on requests). Returns true if the request’s header contains a SAMLResponse and if the request’s base_url and path match the ACS service url setting (assertion_consumer_service_url), otherwise returns false.
39 40 41 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 39 def login_response? saml_response.present? and "#{request.base_url}#{request.path}".eql?(@saml_settings.assertion_consumer_service_url) end |
#logout? ⇒ Bool
Returns whether the request is a Service Provider initiated logout request. Returns true if the request’s path info equals the logout path configuration (logout_path), otherwise returns false.
49 50 51 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 49 def logout? request.path_info.eql?(RackEntraIdAuth.config.logout_path) end |
#logout_request? ⇒ Bool
Returns whether the request contains a single logout request (for ID Provider initiated single logout requests). Returns true if the request contains a SAMLRequest query parameter and if the request’s base_url and path match the single logout service url setting (single_logout_service_url), otherwise returns false.
61 62 63 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 61 def logout_request? request.params['SAMLRequest'].present? and "#{request.base_url}#{request.path}".eql?(@saml_settings.single_logout_service_url) end |
#logout_response? ⇒ Bool
Returns whether the request contains a single logout response for Service Provider initiated logout request. Returns true if the request contains a SAMLResponse query parameter and if the request’s base_url and path match the single logout service url setting (single_logout_service_url), otherwise returns false.
73 74 75 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 73 def logout_response? request.params['SAMLResponse'].present? and "#{request.base_url}#{request.path}".eql?(@saml_settings.single_logout_service_url) end |
#relay_state_url ⇒ String
Returns the RelayState in the header of the request or its query parameters.
82 83 84 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 82 def relay_state_url request.get_header('rack.request.form_hash')['RelayState'] rescue request.params['RelayState'] || base_url end |
#saml_auth_response(auth_request_id: request.session[:auth_request_id], skip_conditions: false, allowed_clock_drift: nil, skip_subject_confirmation: false, skip_recipient_check: false, skip_audience: false) ⇒ OneLogin::RubySaml::Response
A single sign-on response for the SAMLResponse in the request’s header. This is the response sent by the ID Provider for Service Provider initiated single sign-on requests.
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 105 def saml_auth_response (auth_request_id: request.session[:auth_request_id], skip_conditions: false, allowed_clock_drift: nil, skip_subject_confirmation: false, skip_recipient_check: false, skip_audience: false) response = OneLogin::RubySaml::Response.new( saml_response, { :settings => @saml_settings, :matches_request_id => auth_request_id, :skip_conditions => skip_conditions, :allowed_clock_drift => allowed_clock_drift, :skip_subject_confirmation => skip_subject_confirmation, :skip_recipient_check => skip_recipient_check, :skip_audience => skip_audience }) # the auth request's ID is no longer needed request.session.delete(:auth_request_id) response end |
#saml_logout_request(allowed_clock_drift: nil, relax_signature_validation: false) ⇒ OneLogin::RubySaml::Logoutresponse
A single logout request for the SAMLRequest in the request’s query parameters. This is the request sent by the ID Provider for ID Provider initiated single logout requests.
135 136 137 138 139 140 141 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 135 def saml_logout_request (allowed_clock_drift: nil, relax_signature_validation: false) OneLogin::RubySaml::SloLogoutrequest.new( request.params['SAMLRequest'], { :settings => @saml_settings, :allowed_clock_drift => allowed_clock_drift, :relax_signature_validation => relax_signature_validation }) end |
#saml_logout_response(logout_request_id: request.session[:logout_request_id], relax_signature_validation: false) ⇒ OneLogin::RubySaml::Logoutresponse
A single logout response for the SAMLResponse in the request’s query parameters. This is the response sent by the ID Provider for Service Provider initiated single logout requests.
157 158 159 160 161 162 163 164 165 166 167 168 169 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 157 def saml_logout_response (logout_request_id: request.session[:logout_request_id], relax_signature_validation: false) logout_response = OneLogin::RubySaml::Logoutresponse.new( request.params['SAMLResponse'], @saml_settings, { :get_params => request.params, :matches_request_id => logout_request_id, :relax_signature_validation => relax_signature_validation }) # the logout request's ID is no longer needed request.session.delete(:logout_request_id) logout_response end |
#slo_response_url(request_id: nil, logout_message: nil, params: {}, logout_status_code: nil) ⇒ String
Returns a single logout reponse URL for the settings provided. Used for ID Provider initiated log outs.
186 187 188 189 190 191 192 193 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 186 def slo_response_url (request_id: nil, logout_message: nil, params: {}, logout_status_code: nil) OneLogin::RubySaml::SloLogoutresponse.new.create( @saml_settings, request_id, , params, logout_status_code) end |
#slo_url(params = {}) ⇒ String|nil
Returns a single logout request URL for the settings provided if an ID Provider single logout target URL is present in the settings (idp_slo_service_url), otherwise returns nil. Used for Service Provider initiated log outs.
205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 205 def slo_url (params = {}) logout_request = OneLogin::RubySaml::Logoutrequest.new if @saml_settings.idp_slo_service_url.present? # store the logout request's uuid to validate it in the response request.session[:logout_request_id] = logout_request.uuid # return nil if no single logout url is set logout_request.create(@saml_settings, params) end end |
#sso_url(params = {}) ⇒ String
Returns a single sign-on authentication request URL for the settings provided. Used for Service Provider initiated sign-ins.
225 226 227 228 229 230 231 232 |
# File 'lib/rack_entra_id_auth/entra_id_request.rb', line 225 def sso_url (params = {}) auth_request = OneLogin::RubySaml::Authrequest.new # store the auth request's uuid to validate it in the response request.session[:auth_request_id] = auth_request.uuid auth_request.create(@saml_settings, params) end |