auth_hash.rb 1.09 KB
Newer Older
1 2
# frozen_string_literal: true

3 4 5 6 7 8 9 10
module Gitlab
  module Auth
    module Saml
      class AuthHash < Gitlab::Auth::OAuth::AuthHash
        def groups
          Array.wrap(get_raw(Gitlab::Auth::Saml::Config.groups))
        end

11 12
        def authn_context
          response_object = auth_hash.extra[:response_object]
13
          return if response_object.blank?
14 15 16

          document = response_object.decrypted_document
          document ||= response_object.document
17
          return if document.blank?
18 19 20 21

          extract_authn_context(document)
        end

22 23 24 25 26 27 28
        private

        def get_raw(key)
          # Needs to call `all` because of https://git.io/vVo4u
          # otherwise just the first value is returned
          auth_hash.extra[:raw_info].all[key]
        end
29 30

        def extract_authn_context(document)
31
          REXML::XPath.first(document, "//*[name()='saml:AuthnStatement' or name()='saml2:AuthnStatement']/*[name()='saml:AuthnContext' or name()='saml2:AuthnContext']/*[name()='saml:AuthnContextClassRef' or name()='saml2:AuthnContextClassRef']/text()").to_s
32
        end
33 34 35 36
      end
    end
  end
end