Skip to content

Commit

Permalink
Merge pull request #1 from 5andi5/upgrade
Browse files Browse the repository at this point in the history
Upgrade to OmniAuth 2
  • Loading branch information
ebeigarts authored Sep 27, 2023
2 parents f9163ae + c921f1e commit 68fc675
Show file tree
Hide file tree
Showing 7 changed files with 70 additions and 20 deletions.
1 change: 1 addition & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ rvm:
- 2.4
- 2.5
- 2.6
- 3.2
script: bundle exec rspec
4 changes: 2 additions & 2 deletions Gemfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
source 'https://rubygems.org'

# Specify your gem's dependencies in omniauth-nordea.gemspec
gemspec
# Specify your gem's dependencies in omniauth-seb-elink.gemspec
gemspec
16 changes: 9 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,22 @@

Omniauth strategy for using SEB e-link as an authentication service provider.

[![Build Status](https://travis-ci.org/mak-it/omniauth-seb-elink.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-seb-elink)
[![Build Status](https://travis-ci.org/mitigate-dev/omniauth-seb-elink.svg?branch=master)](https://travis-ci.org/mitigate-dev/omniauth-seb-elink)

Supported Ruby versions: 2.2+

## Related projects
- [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele
- [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
- [omniauth-swedbank](https://github.com/mak-it/omniauth-swedbank) - strategy for authenticating with Swedbank

- [omniauth-citadele](https://github.com/mitigate-dev/omniauth-citadele) - strategy for authenticating with Citadele
- [omniauth-dnb](https://github.com/mitigate-dev/omniauth-dnb) - strategy for authenticating with DNB
- [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea
- [omniauth-swedbank](https://github.com/mitigate-dev/omniauth-swedbank) - strategy for authenticating with Swedbank

## Installation

Add this line to your application's Gemfile:
Add these lines to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails):

gem 'omniauth-rails_csrf_protection'
gem 'omniauth-seb-elink'

And then execute:
Expand All @@ -24,7 +26,7 @@ And then execute:

Or install it yourself as:

$ gem install omniauth-seb-elink
$ gem install omniauth-rails_csrf_protection omniauth-seb-elink

## Usage

Expand Down
39 changes: 36 additions & 3 deletions lib/omniauth/strategies/seb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ class ValidationError < StandardError; end

include OmniAuth::Strategy

def self.render_nonce?
defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
end
if render_nonce?
include ActionDispatch::ContentSecurityPolicy::Request
delegate :get_header, :set_header, to: :request
end

args [:public_crt, :snd_id]

option :public_crt, nil
Expand Down Expand Up @@ -62,24 +70,49 @@ def callback_phase
def request_phase
fail!(:invalid_snd_id) if options.snd_id.nil?

set_locale_from_query_param

message = OmniAuth::Strategies::Seb::Message.new(
'IB_SND_ID': options.snd_id,
'IB_SERVICE': AUTH_SERVICE,
'IB_LANG': 'LAT'
'IB_LANG': resolve_bank_ui_language
)

# Build redirect form
form = OmniAuth::Form.new(title: I18n.t('omniauth.seb.please_wait'), url: options.site)

message.each_pair do |k,v|
form.html "<input type=\"hidden\" name=\"#{k}\" value=\"#{v}\" />"
form.html "<input type=\"hidden\" name=\"#{escape(k.to_s)}\" value=\"#{escape(v)}\" />"
end

form.button I18n.t('omniauth.seb.click_here_if_not_redirected')
nonce_attribute = nil
if self.class.render_nonce?
nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
end
form.instance_variable_set('@html',
form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
form.to_response
end

private

def set_locale_from_query_param
locale = request.params['locale']
I18n.locale = locale if I18n.locale_available?(locale)
end

def resolve_bank_ui_language
case I18n.locale
when :ru then 'RUS'
when :en then 'ENG'
else 'LAT'
end
end

def escape(html_attribute_value)
CGI.escapeHTML(html_attribute_value) unless html_attribute_value.nil?
end
end
end
end
8 changes: 6 additions & 2 deletions lib/omniauth/strategies/seb/response.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,12 @@ def validate!(pub_key)
raw_str = SIGNED_KEYS.map{|k| prepend_length(@hash[k])}.join
received_sig_str = Base64.decode64(@hash['IB_CRC'])

if !pub_key.verify(OpenSSL::Digest::SHA1.new, received_sig_str, raw_str)
raise ValidationError, 'Invalid signature'
if !pub_key.verify(OpenSSL::Digest::SHA512.new, received_sig_str, raw_str)
if !pub_key.verify(OpenSSL::Digest::SHA1.new, received_sig_str, raw_str)
raise ValidationError, 'Invalid signature'
else
OmniAuth.logger.debug('Received message with old SHA1 signature from SEB')
end
end

self
Expand Down
8 changes: 4 additions & 4 deletions omniauth-seb-elink.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ require 'omniauth/seb/version'
Gem::Specification.new do |gem|
gem.name = 'omniauth-seb-elink'
gem.version = Omniauth::Seb::VERSION
gem.authors = ['MAK IT']
gem.email = ['admin@makit.lv']
gem.authors = ['Mitigate']
gem.email = ['admin@mitigate.dev']
gem.description = %q{OmniAuth strategy for SEB e-link}
gem.summary = %q{OmniAuth strategy for SEB e-link}
gem.homepage = 'https://github.com/mak-it/omniauth-seb-elink'
gem.homepage = 'https://github.com/mitigate-dev/omniauth-seb-elink'
gem.license = 'MIT'

gem.files = `git ls-files`.split($/)
Expand All @@ -20,7 +20,7 @@ Gem::Specification.new do |gem|

gem.required_ruby_version = '>= 2.2.2'

gem.add_runtime_dependency 'omniauth', '~> 1.0'
gem.add_runtime_dependency 'omniauth', '~> 2.1'
gem.add_runtime_dependency 'i18n'

gem.add_development_dependency 'rack-test'
Expand Down
14 changes: 12 additions & 2 deletions spec/omniauth/strategies/seb_spec.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
require 'spec_helper'
require 'rack-protection'

describe OmniAuth::Strategies::Seb do
PUBLIC_CRT = File.read(File.join(RSpec.configuration.cert_folder, 'response.public.pem'))
Expand All @@ -10,8 +11,17 @@
b.run lambda{|env| [404, {}, ['Not Found']]}
end.to_app }

let(:token){ Rack::Protection::AuthenticityToken.random_token }

context 'request phase' do
before(:each) { get '/auth/seb' }
before(:each) do
post(
'/auth/seb',
{},
'rack.session' => {csrf: token},
'HTTP_X_CSRF_TOKEN' => token
)
end

it 'displays a single form' do
expect(last_response.status).to eq(200)
Expand All @@ -25,7 +35,7 @@
EXPECTED_VALUES = {
'IB_SND_ID': SND_ID,
'IB_SERVICE': OmniAuth::Strategies::Seb::AUTH_SERVICE,
'IB_LANG': 'LAT'
'IB_LANG': 'ENG'
}

EXPECTED_VALUES.each_pair do |k,v|
Expand Down

0 comments on commit 68fc675

Please sign in to comment.