Upgrade to OmniAuth 2

.travis.yml

@@ -3,5 +3,6 @@ rvm:
   - 2.2.6
   - 2.3.3
   - 2.4.1
+  - 3.2.2
 before_install:
   - gem install bundler

LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017 MAK IT
+Copyright (c) 2017 Mitigate
 
 MIT License
 

README.md

@@ -1,22 +1,23 @@
 # OmniAuth DNB
 
-Omniauth strategy for using [DNB Link](https://www.dnb.lv/en/business/acceptance-payments-and-customer-authentication-online-dnb-link) as an authentication service provider.
+Omniauth strategy for using [Luminor Link](https://www.luminor.lv/en/terms-conditions#luminor-link) as an authentication service provider.
 
-[![Build Status](https://travis-ci.org/mak-it/omniauth-dnb.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-dnb)
+[![Build Status](https://travis-ci.org/mitigate-dev/omniauth-dnb.svg?branch=master)](https://travis-ci.org/mitigate-dev/omniauth-dnb)
 
 Supported Ruby versions: 2.2+
 
 ## Related projects
 
-- [omniauth-citadele](https://github.com/mak-it/omniauth-citadele) - strategy for authenticating with Citadele
-- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
-- [omniauth-seb-elink](https://github.com/mak-it/omniauth-seb-elink) - strategy for authenticating with SEB
-- [omniauth-swedbank](https://github.com/mak-it/omniauth-swedbank) - strategy for authenticating with Swedbank
+- [omniauth-citadele](https://github.com/mitigate-dev/omniauth-citadele) - strategy for authenticating with Citadele
+- [omniauth-nordea](https://github.com/mitigate-dev/omniauth-nordea) - strategy for authenticating with Nordea
+- [omniauth-seb-elink](https://github.com/mitigate-dev/omniauth-seb-elink) - strategy for authenticating with SEB
+- [omniauth-swedbank](https://github.com/mitigate-dev/omniauth-swedbank) - strategy for authenticating with Swedbank
 
 ## Installation
 
-Add this line to your application's Gemfile:
+Add this line to your application's Gemfile (omniauth-rails_csrf_protection is required if using Rails):
 
+    gem 'omniauth-rails_csrf_protection'
     gem 'omniauth-dnb'
 
 And then execute:
@@ -25,7 +26,7 @@ And then execute:
 
 Or install it yourself as:
 
-    $ gem install omniauth-dnb
+    $ gem install omniauth-rails_csrf_protection omniauth-dnb
 
 ## Usage
 

lib/omniauth/strategies/dnb.rb

@@ -12,6 +12,14 @@ class Dnb
       AUTH_SERVICE = '3001'
       AUTH_VERSION = '101'
 
+      def self.render_nonce?
+         defined?(ActionDispatch::ContentSecurityPolicy::Request) != nil
+      end
+      if render_nonce?
+        include ActionDispatch::ContentSecurityPolicy::Request
+        delegate :get_header, :set_header, to: :request
+      end
+
       args [:private_key, :public_key, :snd_id]
 
       option :private_key, nil
@@ -118,6 +126,8 @@ def request_phase
           return fail!(:private_key_load_err, e)
         end
 
+        set_locale_from_query_param
+
         form = OmniAuth::Form.new(:title => I18n.t('omniauth.dnb.please_wait'), :url => options.site)
 
         {
@@ -127,17 +137,43 @@ def request_phase
           'VK_STAMP' => stamp,
           'VK_RETURN' => callback_url,
           'VK_MAC' => signature(priv_key),
-          'VK_LANG' => 'LAT',
+          'VK_LANG' => resolve_bank_ui_language,
         }.each do |name, val|
           form.html "<input type=\"hidden\" name=\"#{name}\" value=\"#{val}\" />"
         end
 
         form.button I18n.t('omniauth.dnb.click_here_if_not_redirected')
 
+        nonce_attribute = nil
+        if self.class.render_nonce?
+          nonce_attribute = " nonce='#{escape(content_security_policy_nonce)}'"
+        end
+
         form.instance_variable_set('@html',
-          form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
+          form.to_html.gsub('</form>', "</form><script type=\"text/javascript\"#{nonce_attribute}>document.forms[0].submit();</script>"))
         form.to_response
       end
+
+      private
+
+      def set_locale_from_query_param
+        locale = request.params['locale']
+        if (locale != nil && locale.strip != '' && I18n.locale_available?(locale))
+          I18n.locale = locale
+        end
+      end
+
+      def resolve_bank_ui_language
+        case I18n.locale
+        when :ru then 'RUS'
+        when :en then 'ENG'
+        else 'LAT'
+        end
+      end
+
+      def escape(html_attribute_value)
+         CGI.escapeHTML(html_attribute_value) unless html_attribute_value.nil?
+      end
     end
   end
 end

omniauth-dnb.gemspec

@@ -5,11 +5,11 @@ require 'omniauth/dnb/version'
 Gem::Specification.new do |spec|
   spec.name          = 'omniauth-dnb'
   spec.version       = Omniauth::Dnb::VERSION
-  spec.authors       = ['MAK IT']
-  spec.email         = ['admin@makit.lv']
-  spec.description   = %q{OmniAuth strategy for DNB Link}
-  spec.summary       = %q{OmniAuth strategy for DNB Link}
-  spec.homepage      = 'https://github.com/mak-it/omniauth-dnb'
+  spec.authors       = ['Mitigate']
+  spec.email         = ['admin@mitigate.dev']
+  spec.description   = %q{OmniAuth strategy for Luminor (DNB) Link}
+  spec.summary       = %q{OmniAuth strategy for Luminor (DNB) Link}
+  spec.homepage      = 'https://github.com/mitigate-dev/omniauth-dnb'
   spec.license       = 'MIT'
 
   spec.files         = `git ls-files`.split($/)
@@ -19,12 +19,13 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.2.2'
 
-  spec.add_runtime_dependency 'omniauth', '~> 1.0'
+  spec.add_runtime_dependency 'omniauth', '~> 2.1'
   spec.add_runtime_dependency 'i18n'
 
+  spec.add_development_dependency 'rack', '~> 2.0'
   spec.add_development_dependency 'rack-test'
   spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'bundler', '~> 1.13'
+  spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake', '~> 12.0'
   spec.add_development_dependency 'byebug'
 end

spec/omniauth/strategies/dnb_spec.rb

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require 'rack-protection'
 
 describe OmniAuth::Strategies::Dnb do
 
@@ -10,11 +11,19 @@
     b.use(OmniAuth::Strategies::Dnb, PRIVATE_KEY, PUBLIC_KEY, 'MY_SND_ID')
     b.run lambda{|env| [404, {}, ['Not Found']]}
   end.to_app }
+  let(:token){ Rack::Protection::AuthenticityToken.random_token }
   let(:last_response_stamp) { last_response.body.match(/name="VK_STAMP" value="([^"]*)"/)[1] }
   let(:last_response_mac)   { last_response.body.match(/name="VK_MAC" value="([^"]*)"/)[1] }
 
   context 'request phase' do
-    before(:each){ get '/auth/dnb' }
+    before(:each) do
+      post(
+        '/auth/dnb',
+        {},
+        'rack.session' => {csrf: token},
+        'HTTP_X_CSRF_TOKEN' => token
+      )
+    end
 
     it 'displays a single form' do
       expect(last_response.status).to eq(200)
@@ -61,7 +70,7 @@
       end
 
       it 'has the default VK_LANG value' do
-        expect(last_response.body.scan('<input type="hidden" name="VK_LANG" value="LAT"').size).to eq(1)
+        expect(last_response.body.scan('<input type="hidden" name="VK_LANG" value="ENG"').size).to eq(1)
       end
     end