Added View for SAML Login and Configuration

gate-sso · Jul 24, 2018 · f60b287 · f60b287
1 parent ca400c8
commit f60b287
Show file tree

Hide file tree

Showing 7 changed files with 133 additions and 1 deletion.
diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb
@@ -0,0 +1,36 @@
+class SamlIdpController < SamlIdp::IdpController
+  layout false
+  before_action :setup_saml_configuration
+
+  private
+
+  def idp_authenticate(email, password)
+    User.find_and_check_user(email, password) ? User.find_active_user_by_email(email) : nil
+  end
+
+  def idp_make_saml_response(found_user)
+    encode_response found_user
+  end
+
+  def idp_logout
+    # user = User.by_email(saml_request.name_id)
+    # user.logout
+  end
+
+  def setup_saml_configuration
+    slug = params[:slug]
+    org = Organisation.find_by_slug(slug)
+    saml_url = "#{Figaro.env.gate_url}/#{slug}/saml"
+    SamlIdp.configure do |config|
+      config.x509_certificate = org.cert_key
+      config.secret_key = org.cert_private_key
+      config.organization_name = org.name
+      config.organization_url = org.website
+      config.base_saml_location = saml_url
+      config.attribute_service_location = "#{saml_url}/attributes"
+      config.single_service_post_location = "#{saml_url}/auth"
+      config.single_logout_service_post_location = "#{saml_url}/logout"
+      config.single_logout_service_redirect_location = "#{saml_url}/logout"
+    end
+  end
+end
diff --git a/app/models/organisation.rb b/app/models/organisation.rb
@@ -14,6 +14,10 @@ class Organisation < ActiveRecord::Base
     name website domain country state address admin_email_address slug unit_name
   ).freeze
 
+  def self.find_by_slug(slug)
+    Organisation.where(slug: slug).first
+  end
+
   def self.setup(attrs = {})
     attrs = attrs.stringify_keys
     attrs = attrs.select { |k, _v| UPDATE_KEYS.include?(k) }

diff --git a/app/views/saml_idp/idp/new.html.erb b/app/views/saml_idp/idp/new.html.erb
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
+<head>
+  <meta charset="UTF-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1"/>
+  <title>GoJek &#8211; Single Sign on</title>
+  <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css"/>
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css" integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4" crossorigin="anonymous">
+  <style type="text/css">
+    #container { margin-top: 50px; }
+    .login-header {
+      padding: 20px;
+      background-color: #d5d5d5;
+      margin-bottom: 10px;
+      border-radius: 4px 4px 0px 0px;
+    }
+    #login {
+      background-color: #efefef;
+      border-radius: 4px;
+    }
+    #login .login-header .fa-circle { color: #1190AB; }
+    #login form  { padding: 30px; padding-top: 15px; }
+    #login_container { width: 100%; max-width: 430px; margin: auto; }
+  </style>
+</head>
+<body>
+<div id="container" class="container-fluid">
+  <div class="row text-center">
+    <div id="login_container">
+      <%= image_tag("logo.png") %>
+      <p>Single Sign-on Multifactor Authentication.</p>
+      <div id="login">
+	      <div class="login-header">
+		      <h2>Login</h2>
+      		<span class="fa-stack fa-2x hidden-xs">
+		        <i class="fa fa-circle fa-stack-2x"></i>
+      		  <i class="fa fa-lock fa-stack-1x fa-inverse"></i>
+		      </span>
+	      </div>
+	      <%= form_tag auth_path, class: 'text-left' do %>
+		      <%= hidden_field_tag("SAMLRequest", params[:SAMLRequest]) %>
+      		<%= hidden_field_tag("RelayState", params[:RelayState]) %>
+		      <div class="form-group">
+    		    <%= label_tag :email %>
+		        <%= email_field_tag :email, params[:email], :autocapitalize => "off", :autocorrect => "off", :autofocus => "autofocus", :spellcheck => "false", :size => 30, :class => "email_pwd txt form-control" %>
+		      </div>
+		      <div class="form-group">
+		        <%= label_tag "Google Authenticator Code" %>
+		        <%= password_field_tag :password, params[:password], :autocapitalize => "off", :autocorrect => "off", :spellcheck => "false", :size => 30, :class => "email_pwd txt form-control" %>
+		      </div>
+		      <%= submit_tag "Sign in", :class => "button big blueish btn btn-primary" %>
+	      <% end %>
+      </div>
+    </div>
+  </div>
+</div>
+</body>
+</html>
diff --git a/config/application.yml.sample b/config/application.yml.sample
@@ -14,3 +14,4 @@ GATE_DB_USER: ''
 GATE_DB_PASSWORD: ''
 DEFAULT_HOST_PATTERN: 's*'
 UID_BUFFER: 5000
+GATE_URL: 'https://gate.gojek.co.id/'
diff --git a/config/initializers/saml_idp.rb b/config/initializers/saml_idp.rb
@@ -0,0 +1,19 @@
+SamlIdp.configure do |config|
+  config.session_expiry = 86400
+  config.name_id.formats = {
+    email_address: -> (principal) { principal.email_address },
+    transient: -> (principal) {principal.user_login_id},
+    persistent: -> (principal) {principal.user_login_id},
+    name: -> (principal) {principal.name},
+  }
+  config.attributes = {
+    'eduPersonPrincipalName' => {
+      'name' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
+      'name_format' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+      'getter' => ->(principal) { "#{principal.email}" }
+    },
+    EmailAddress: { getter: :email_address  },
+    FirstName: { getter: :name  },
+    LastName: { getter: :name  }
+  }
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,10 +1,17 @@
 Rails.application.routes.draw do
   devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }, :path_names => { :sign_in => 'login', :sign_out => 'logout' }
 
+  scope '/:slug/saml' do
+    get '/auth' => 'saml_idp#new'
+    get '/metadata' => 'saml_idp#show'
+    post '/auth' => 'saml_idp#create'
+    match '/logout' => 'saml_idp#logout', via: [:get, :post, :delete]
+  end
+
   devise_scope :user do
     authenticated :user do
       resources :organisations, except: %i(destroy) do
-        get 'setup_saml', to: :setup_saml
+        get 'setup_saml', action: :setup_saml
       end
     end
 

diff --git a/spec/models/organisation_spec.rb b/spec/models/organisation_spec.rb
@@ -1,6 +1,13 @@
 require 'rails_helper'
 
 RSpec.describe Organisation, type: :model do
+  describe '.find_by_slug' do
+    let(:org) { create(:organisation) }
+    it 'should return organisation based on slug' do
+      expect(Organisation.find_by_slug(org.slug)).to eq(org)
+    end
+  end
+
   describe '.setup' do
     let(:org_data) { attributes_for(:organisation) }
     it 'should create organisation' do