Skip to content
Snippets Groups Projects
  1. Jan 25, 2022
  2. Jan 18, 2022
  3. Jan 05, 2022
  4. Jan 04, 2022
    • David Taylor's avatar
      DEV: Avoid storing state in the SAMLAuthenticator instance (#61) · b486bfdb
      David Taylor authored
      There is only one SAMLAuthenticator instance per-process. Storing user-specific state in it is risky (although, in our default unicorn-based config, is unlikely to cause issues because we only handle one concurrent request per process).
      
      This commit also updates our implementation to use the built-in `#single` and `#multi` methods provided by the SAML gem. This avoids the need for our custom `&.first`, `&.split` and `&.join` implementation.
      b486bfdb
  5. Dec 29, 2021
  6. Dec 23, 2021
  7. Dec 16, 2021
  8. Dec 15, 2021
    • David Taylor's avatar
      FIX: Ensure JS script path is correct for subfolder (#57) · 7792d1eb
      David Taylor authored
      The change in 245b70d4 means that the CSP middleware now activates for the `/auth/saml` route. That's good, but it also broke things for subfolder installations because the CSP includes the base_path, while the SAML script path did not. This commit fixes that, and adds an integration spec to ensure the script is included in the script_src directive for regular and subfolder sites.
      7792d1eb
    • David Taylor's avatar
      FIX: Add `content-type` header to auto-submitting form (#56) · 21a23caa
      David Taylor authored
      In the vast majority of cases, this wasn't causing a problem because browsers will auto-detect the content-type. However, if any intermediate proxies add the `X-Content-Type-Options: nosniff` header, then the html will be displayed as plain text, and login will be broken.
      21a23caa
    • David Taylor's avatar
      FIX: Do not compress SAML request for POST binding (#55) · 792a51c9
      David Taylor authored
      The SAML spec requires compression for the standard Redirect binding. However, it is not used in the POST binding. This regressed during the refactoring of 95ccea3f
      792a51c9
  9. Dec 13, 2021
  10. Dec 10, 2021
  11. Dec 09, 2021
  12. Dec 08, 2021
    • David Taylor's avatar
      DEV: Fallback to locale strings for name/title (#45) · f0a76061
      David Taylor authored
      This means that the name/title can be set per-site and per-locale. This change is backwards-compatible - any existing sites which have configured the GlobalSettings will use those cluster-wide.
      f0a76061
    • David Taylor's avatar
      DEV: Move `saml_request_method` handling into the OmniAuth strategy (#44) · 95ccea3f
      David Taylor authored
      Putting this logic into the omniauth strategy is much cleaner because:
      - we no longer need a Rails controller and the associated `custom_url` parameter
      - we can re-use the `authn_request` instance which is automatically generated by the omniauth strategy, rather than re-implementing that logic
      - the behavior is decided at runtime, rather than during initialization. This makes it testable, and is another step on the way to making the plugin multisite-compatible
      
      This commit also introduces a spec for the feature.
      95ccea3f
    • David Taylor's avatar
      DEV: Configure Omniauth strategy at runtime (#43) · 12cae03c
      David Taylor authored
      This will allow much easier testing of the strategy, and is one more step towards making the SAML plugin multisite-compatible
      12cae03c
  13. Dec 07, 2021
    • David Taylor's avatar
      FIX: Update name selection logic (#42) · 9b079332
      David Taylor authored
      For `name`, the previous intention was to use the `fullName` attribute, and then fallback to "firstname lastname". However, a bug in the implementation meant that the `fullName` was skipped.
      
      This commit updates the logic to lean on omniauth-saml's attribute_statements for the fullName, firstName and lastName attributes, and also updates the priority logic so that fullName is indeed prioritized.
      9b079332
  14. Dec 06, 2021
  15. Oct 27, 2021
  16. Oct 21, 2021
  17. Sep 27, 2021
  18. Sep 24, 2021
  19. Sep 22, 2021
  20. Jul 27, 2021
  21. Jul 23, 2021
  22. Mar 25, 2021
  23. Nov 12, 2020
Loading