From 06a4e0783c1886ca46468c4caeb42a41d56fd956 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 5 Mar 2025 12:26:47 -0700
Subject: refactor: move SAML routes to /saml/ path

---
 bin/ui | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

(limited to 'bin/ui')

diff --git a/bin/ui b/bin/ui
index 278876f..cc8bfe3 100755
--- a/bin/ui
+++ b/bin/ui
@@ -14,9 +14,10 @@ gemfile do
   gem "webrick", "~> 1.0"
 end
 
-$scheme = ENV.fetch('SCHEME', 'http')
-$port = ENV.fetch('PORT', 8283).to_i
-$host = ENV.fetch('HOST', "localhost:#{$port}")
+$scheme = ENV.fetch("SCHEME", "http")
+$port = ENV.fetch("PORT", 8283).to_i
+$host = ENV.fetch("HOST", "localhost:#{$port}")
+$idp_host = ENV.fetch("IDP_HOST", "localhost:8282")
 
 class OnDemandRegistry < Saml::Kit::DefaultRegistry
   def metadata_for(entity_id)
@@ -29,7 +30,7 @@ class OnDemandRegistry < Saml::Kit::DefaultRegistry
 end
 
 Saml::Kit.configure do |x|
-  x.entity_id = "#{$scheme}://#{$host}/metadata.xml"
+  x.entity_id = "#{$scheme}://#{$host}/saml/metadata.xml"
   x.registry = OnDemandRegistry.new
   x.logger = Logger.new("/dev/stderr")
 end
@@ -55,14 +56,14 @@ class UI
     case env['REQUEST_METHOD']
     when 'GET'
       case path
-      when "/metadata.xml"
-        return metadata
+      when "/oauth/callback"
+        return oauth_callback(Rack::Request.new(env))
       when "/oidc/new"
-        return redirect_to("http://localhost:8282/oauth/authorize?client_id=service-provider&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid")
+        return redirect_to("http://#{$idp_host}/oauth/authorize?client_id=service-provider&state=example&redirect_uri=#{$scheme}://#{$host}/oauth/callback&response_type=code&response_mode=query&scope=openid")
+      when "/saml/metadata.xml"
+        return metadata
       when "/saml/new"
         return saml_post_to_idp(Rack::Request.new(env))
-      when "/oauth/callback"
-        return oauth_callback(Rack::Request.new(env))
       else
         # return saml_post_to_idp(Rack::Request.new(env))
         return redirect_to("/saml/new")
@@ -90,7 +91,7 @@ class UI
 
   def oauth_callback(request)
     response = Net::Hippie.default_client.post(
-      "http://localhost:8282/oauth/token",
+      "http://#{$idp_host}/oauth/token",
       headers: { 'Authorization' => Net::Hippie.basic_auth('client_id', 'secret') },
       body: {
         grant_type: "authorization_code",
@@ -102,7 +103,7 @@ class UI
   end
 
   def saml_post_to_idp(request)
-    idp = Saml::Kit.registry.metadata_for('http://localhost:8282/metadata.xml')
+    idp = Saml::Kit.registry.metadata_for("http://#{$idp_host}/saml/metadata.xml")
     relay_state = Base64.strict_encode64(JSON.generate(redirect_to: '/dashboard'))
 
     @saml_builder = nil
@@ -132,7 +133,7 @@ class UI
   end
 
   def saml_assertions(request)
-    sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/metadata.xml")
+    sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/saml/metadata.xml")
     saml_binding = sp.assertion_consumer_service_for(binding: :http_post)
     saml_response = saml_binding.deserialize(request.params)
     raise saml_response.errors unless saml_response.valid?
-- 
cgit v1.2.3