Commit f5ebff23ef25b059697f4b59cd364f4d6ad1c88d

Authored by Aníbal Pacheco
1 parent 1e59700730
Exists in master

Encode and decode SAML-response to make it valid under non ascii characters

Showing 1 changed file with 8 additions and 5 deletions Inline Diff

app/controllers/saml_controller.rb View file @ f5ebff2
1 require 'base64'
require 'ruby-saml' 1 2 require 'ruby-saml'
2 3
class SamlController < ApplicationController 3 4 class SamlController < ApplicationController
skip_before_filter :verify_authenticity_token, :only => [:consume] 4 5 skip_before_filter :verify_authenticity_token, :only => [:consume]
skip_before_filter :check_if_login_required 5 6 skip_before_filter :check_if_login_required
6 7
def index 7 8 def index
settings = Account.get_saml_settings 8 9 settings = Account.get_saml_settings
request = OneLogin::RubySaml::Authrequest.new 9 10 request = OneLogin::RubySaml::Authrequest.new
back_url = params[:back_url].to_s 10 11 back_url = params[:back_url].to_s
if back_url.present? 11 12 if back_url.present?
cookies[:back_url] = back_url 12 13 cookies[:back_url] = back_url
end 13 14 end
redirect_to(request.create(settings)) 14 15 redirect_to(request.create(settings))
end 15 16 end
16 17
def consume 17 18 def consume
response = OneLogin::RubySaml::Response.new(params[:SAMLResponse]) 18 19 response = OneLogin::RubySaml::Response.new(Base64.decode64(
20 params[:SAMLResponse]).force_encoding('utf-8').encode('windows-1252'))
response.settings = Account.get_saml_settings 19 21 response.settings = Account.get_saml_settings
20 22
name_id_tokens = response.name_id.split('-') 21 23 name_id_tokens = response.name_id.downcase.split('-')
name_id_map = {'68909' => 'CI', '68912' => 'PSP', 'DO' => 'DO'} 22 24 name_id_map = {'68909' => 'ci', '68912' => 'psp', 'do' => 'do'}
if response.is_valid? && user = User.find_by_login([name_id_tokens[0], 23 25 name_id = [name_id_tokens[0], name_id_map[name_id_tokens[1]],
name_id_map[name_id_tokens[1]], name_id_tokens[2]].join('-')) 24 26 name_id_tokens[2]].join('-')
27 if response.is_valid? && user = User.find_by_login(name_id)
25 28
self.logged_user = user 26 29 self.logged_user = user
# generate a key and set cookie if autologin 27 30 # generate a key and set cookie if autologin
if params[:autologin] && Setting.autologin? 28 31 if params[:autologin] && Setting.autologin?
token = Token.create(:user => user, :action => 'autologin') 29 32 token = Token.create(:user => user, :action => 'autologin')
cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now } 30 33 cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now }
end 31 34 end
call_hook(:controller_account_success_authentication_after, {:user => user }) 32 35 call_hook(:controller_account_success_authentication_after, {:user => user })
33 36
back_url = cookies[:back_url].to_s 34 37 back_url = cookies[:back_url].to_s
if back_url.present? 35 38 if back_url.present?
redirect_to back_url 36 39 redirect_to back_url
else 37 40 else
redirect_back_or_default :controller => 'my', :action => 'page' 38 41 redirect_back_or_default :controller => 'my', :action => 'page'
end 39 42 end
40 43
else 41 44 else
invalid_credentials(user) 42 45 invalid_credentials(user)
error = l(:notice_account_invalid_creditentials) 43 46 error = l(:notice_account_invalid_creditentials)
end 44 47 end
end 45 48 end
46 49
def complete 47 50 def complete
end 48 51 end