Class: OmniAuth::Strategies::Latvija

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth/strategies/latvija.rb,
lib/omniauth/strategies/latvija/response.rb,
lib/omniauth/strategies/latvija/decryptor.rb,
lib/omniauth/strategies/latvija/signed_document.rb

Overview

Authenticate with Latvija.lv.

Examples:

Basic Rails Usage


Add this to config/initializers/omniauth.rb

  Rails.application.config.middleware.use OmniAuth::Builder do
    provider :latvija, {
      endpoint:    "https://epaktv.vraa.gov.lv/IVIS.LVP.STS/Default.aspx",
      certificate: File.read("/path/to/cert"),
      private:     File.read("/path/to/private_key"),
      realm:       "urn:federation:example.com"
    }
  end

Defined Under Namespace

Classes: Decryptor, Response, SignedDocument, ValidationError

Instance Method Summary collapse

Instance Method Details

#callback_phaseObject 



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/omniauth/strategies/latvija.rb', line 70

def callback_phase
  if request.params['wresult']
    @response = OmniAuth::Strategies::Latvija::Response.new(
      request.params['wresult'],
      certificate: options[:certificate],
      private_key: options[:private_key]
    )
    @response.validate!
    super
  else
    fail!(:invalid_response)
  end
rescue Exception => e
  fail!(:invalid_response, e)
end

#full_nameObject 



94
95
96
 
# File 'lib/omniauth/strategies/latvija.rb', line 94

def full_name
  @full_name ||= "#{raw_info['givenname']} #{raw_info['surname']}"
end

#legacy_uidsObject 



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/omniauth/strategies/latvija.rb', line 98

def legacy_uids
  # UIDs that could have been assigned to this identity by previous versions of the gem, or due to peronal identifier change

  legacy_uids = [
    "#{full_name}, #{raw_info["privatepersonalidentifier"]}", # generated by gem version <= 4.0
    @response.name_identifier # VPM internal UID fallback, generated by gem version <= 6.3.0
  ]

  raw_info.fetch('historical_privatepersonalidentifier', []).each do |historical_identifier|
    legacy_uids << "#{full_name}, #{historical_identifier}" # generated by gem version <= 4.0
    legacy_uids << "PK:#{historical_identifier}" # due to personal identifier change
  end

  legacy_uids
end

#raw_infoObject 



86
87
88
 
# File 'lib/omniauth/strategies/latvija.rb', line 86

def raw_info
  @response.attributes
end

#request_phaseObject 



56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/omniauth/strategies/latvija.rb', line 56

def request_phase
  params = {
    wa: 'wsignin1.0',
    wct: Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ'),
    wtrealm: options[:realm],
    wreply: callback_url,
    wctx: callback_url,
    wreq: '<trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><trust:Claims xmlns:i="http://schemas.xmlsoap.org/ws/2005/05/identity" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"><i:ClaimType Uri="http://docs.oasis-open.org/wsfed/authorization/200706/claims/action" Optional="false" /></trust:Claims><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType></trust:RequestSecurityToken>'
  }
  params[:wfresh] = options[:wfresh] if options[:wfresh]
  query_string = params.collect { |key, value| "#{key}=#{Rack::Utils.escape(value)}" }.join('&')
  redirect "#{options[:endpoint]}?#{query_string}"
end

#uidObject 



90
91
92
 
# File 'lib/omniauth/strategies/latvija.rb', line 90

def uid
  "PK:#{raw_info['privatepersonalidentifier']}"
end