working saml, cas, probably openid_connect. shibboleth gets to idp an…

…d logs in but looses session on the way back

merge all the omniauth related code together
solve saml metadata issue, put in saml redirect loading page, put in choose your sso page
remove shibboleth since it can be done with saml and saml is more configurable

.env

@@ -32,10 +32,10 @@ SOLR_PORT=8983
 SOLR_URL=http://solr:SolrRocks@solr:8983/solr/
 
 # Comment out these 5 for single tenancy / Uncomment for multi
-HYKU_ADMIN_HOST=hyku.test
+HYKU_ADMIN_HOST=local3000.notch8.cloud
 HYKU_ADMIN_ONLY_TENANT_CREATION=false
-HYKU_DEFAULT_HOST=%{tenant}.hyku.test
-HYKU_ROOT_HOST=hyku.test
+HYKU_DEFAULT_HOST=%{tenant}.local3000.notch8.cloud
+HYKU_ROOT_HOST=local3000.notch8.cloud
 HYKU_MULTITENANT=true
 # Comment out these 2 for multi tenancy / Uncomment for single
 # HYKU_ROOT_HOST=hyku.test

Gemfile

@@ -1,144 +1,93 @@
 # frozen_string_literal: true
 
+# rubocop:disable Metrics/LineLength
 source 'https://rubygems.org'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '~> 5.2.5'
 
+gem 'active-fedora', '>= 11.1.4'
+gem 'active_elastic_job', github: 'active-elastic-job/active-elastic-job', ref: 'ec51c5d9dedc4a1b47f2db41f26d5fceb251e979', group: %i[aws]
 gem 'activerecord-nulldb-adapter'
 gem 'addressable', '2.8.1' # remove once https://github.com/postrank-labs/postrank-uri/issues/49 is fixed
-# Use sqlite3 as the database for Active Record
-gem 'pg'
-# Use Puma as the app server
-gem 'puma', '~> 4.3'
-# Use SCSS for stylesheets
-gem 'sass-rails', '~> 5.0'
-# Use CoffeeScript for .coffee assets and views
-gem 'coffee-rails', '~> 4.2'
-# See https://github.com/rails/execjs#readme for more supported runtimes
-# gem 'therubyracer', platforms: :ruby
-
-# Use jquery as the JavaScript library
-gem 'jquery-rails'
-# Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
-gem 'turbolinks', '~> 5'
-# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-gem 'jbuilder', '~> 2.5'
-# bundle exec rake doc:rails generates the API under doc/api.
-# gem 'sdoc', '~> 0.4.0', group: :doc
-
-# Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
-
-gem 'active-fedora', '>= 11.1.4'
-gem 'flutie'
-# Use Capistrano for deployment
-# gem 'capistrano-rails', group: :development
-
-group :development, :test do
-  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
-  gem 'byebug'
-  gem 'pry-byebug'
-
-  gem 'i18n-debug', require: false
-  gem 'i18n-tasks'
-  gem 'rspec'
-  gem 'rspec-rails', '>= 3.6.0'
-
-  gem 'simplecov', require: false
-
-  gem 'fcrepo_wrapper', '~> 0.4'
-  gem 'solr_wrapper', '~> 2.0'
-
-  gem 'rubocop', '~> 0.50', '<= 0.52.1'
-  gem 'rubocop-rspec', '~> 1.22', '<= 1.22.2'
-end
-
-group :test do
-  gem 'capybara'
-  gem 'capybara-screenshot', '~> 1.0'
-  gem 'database_cleaner'
-  gem 'factory_bot_rails'
-  gem 'launchy'
-  # rack-test >= 0.71 does not work with older Capybara versions (< 2.17). See #214 for more details
-  gem 'rack-test', '0.7.0'
-  gem 'rails-controller-testing'
-  gem 'rspec-activemodel-mocks'
-  gem 'rspec-its'
-  gem 'rspec-retry'
-  gem 'rspec_junit_formatter'
-  gem 'selenium-webdriver', '4.8.1'
-  gem 'shoulda-matchers', '~> 4.0'
-  gem 'webdrivers', '~> 4.7.0'
-  gem 'webmock'
-end
-
-group :development do
-  # Access an IRB console on exception pages or by using <%= console %> in views
-  gem 'web-console', '>= 3.3.0'
-
-  gem 'listen', '>= 3.0.5', '< 3.2'
-  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
-  gem 'easy_translate'
-  gem 'scss_lint', require: false
-  gem 'spring', '~> 1.7'
-  gem 'spring-watcher-listen', '~> 2.0.0'
-end
-
-gem 'bulkrax', '~> 5.0'
-
+gem 'apartment'
+gem 'aws-sdk-sqs', group: %i[aws]
 gem 'blacklight', '~> 6.7'
 gem 'blacklight_oai_provider', '~> 6.1', '>= 6.1.1'
-
-gem 'hyrax', '~> 3.5.0'
-
 gem 'bolognese', '>= 1.9.10'
-gem 'hyrax-doi', git: 'https://github.com/samvera-labs/hyrax-doi.git', branch: 'main'
-gem 'hyrax-iiif_av', git: 'https://github.com/samvera-labs/hyrax-iiif_av.git', branch: 'main'
-gem 'iiif_print', git: 'https://github.com/scientist-softserv/iiif_print.git', branch: 'main'
-gem 'postrank-uri', '>= 1.0.24'
-gem 'redlock', '>= 0.1.2', '< 2.0' # lock redlock per https://github.com/samvera/hyrax/pull/5961
-gem 'rsolr', '~> 2.0'
-
+gem 'bootstrap-datepicker-rails'
+gem 'bulkrax', '~> 5.0'
+gem 'byebug', group: %i[development test]
+gem 'capybara', group: %i[test]
+gem 'capybara-screenshot', '~> 1.0', group: %i[test]
+gem 'carrierwave-aws', '~> 1.3', group: %i[aws test]
+gem 'cocoon'
+gem 'codemirror-rails'
+gem 'coffee-rails', '~> 4.2' # Use CoffeeScript for .coffee assets and views
+gem 'database_cleaner', group: %i[test]
 gem 'devise'
 gem 'devise-guests', '~> 0.3'
 gem 'devise-i18n'
 gem 'devise_invitable', '~> 1.6'
-
-gem 'apartment'
-gem 'is_it_working'
-gem 'rolify'
-
+gem 'dry-monads', '~> 1.4.0' # Locked because 1.5.0 was not compatible with Hyrax v.3.4.2
+gem 'easy_translate', group: %i[development]
+gem 'factory_bot_rails', group: %i[test]
+gem 'fcrepo_wrapper', '~> 0.4', group: %i[development test]
 gem 'flipflop', '~> 2.6.0' # waiting for hyrax 4 upgrade
+gem 'flutie'
+gem 'hyrax', '~> 3.5.0'
+gem 'hyrax-doi', github: 'samvera-labs/hyrax-doi', branch: 'main'
+gem 'hyrax-iiif_av', github: 'samvera-labs/hyrax-iiif_av', branch: 'main'
+gem 'i18n-debug', require: false, group: %i[development test]
+gem 'i18n-tasks', group: %i[development test]
+gem 'iiif_print', github: 'scientist-softserv/iiif_print', branch: 'main'
+gem 'jbuilder', '~> 2.5'
+gem 'jquery-rails' # Use jquery as the JavaScript library
+gem 'launchy', group: %i[test]
+gem 'listen', '>= 3.0.5', '< 3.2', group: %i[development]
 gem 'lograge'
-
 gem 'mods', '~> 2.4'
-
-group :aws, :test do
-  gem 'carrierwave-aws', '~> 1.3'
-end
-
-group :aws do
-  gem 'active_elastic_job', git: 'https://github.com/active-elastic-job/active-elastic-job.git',
-                            ref: 'ec51c5d9dedc4a1b47f2db41f26d5fceb251e979'
-  gem 'aws-sdk-sqs'
-end
-
-gem 'bootstrap-datepicker-rails'
-gem "cocoon"
-gem 'codemirror-rails'
 gem 'negative_captcha'
 gem 'okcomputer'
+gem 'omniauth-cas', github: 'stanhu/omniauth-cas', ref: '4211e6d05941b4a981f9a36b49ec166cecd0e271'
+gem 'omniauth-multi-provider'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
+gem 'omniauth-saml', '~> 2.1'
+gem 'omniauth_openid_connect'
 gem 'parser', '~> 2.5.3'
+gem 'pg'
+gem 'postrank-uri', '>= 1.0.24'
+gem 'pry-byebug', group: %i[development test]
+gem 'puma', '~> 4.3' # Use Puma as the app server
+gem 'rack-test', '0.7.0', group: %i[test] # rack-test >= 0.71 does not work with older Capybara versions (< 2.17). See #214 for more details
+gem 'rails-controller-testing', group: %i[test]
 gem 'rdf', '~> 3.1.15' # rdf 3.2.0 removed SerializedTransaction which ldp requires
+gem 'redlock', '>= 0.1.2', '< 2.0' # lock redlock per https://github.com/samvera/hyrax/pull/5961
 gem 'riiif', '~> 1.1'
+gem 'rolify'
+gem 'rsolr', '~> 2.0'
+gem 'rspec', group: %i[development test]
+gem 'rspec-activemodel-mocks', group: %i[test]
+gem 'rspec-its', group: %i[test]
+gem 'rspec-rails', '>= 3.6.0', group: %i[development test]
+gem 'rspec-retry', group: %i[test]
+gem 'rspec_junit_formatter', group: %i[test]
+gem 'rubocop', '~> 0.50', '<= 0.52.1', group: %i[development test]
+gem 'rubocop-rspec', '~> 1.22', '<= 1.22.2', group: %i[development test]
+gem 'sass-rails', '~> 5.0' # Use SCSS for stylesheets
+gem 'scss_lint', require: false, group: %i[development]
 gem 'secure_headers'
+gem 'selenium-webdriver', '4.8.1', group: %i[test]
+gem 'shoulda-matchers', '~> 4.0', group: %i[test]
 gem 'sidekiq', "< 7.0" # sidekiq 7 requires upgrade to redis 6
+gem 'simplecov', require: false, group: %i[development test]
+gem 'solr_wrapper', '~> 2.0', group: %i[development test]
+gem 'spring', '~> 1.7', group: %i[development]
+gem 'spring-watcher-listen', '~> 2.0.0', group: %i[development]
 gem 'terser' # to support the Safe Navigation / Optional Chaining operator (?.) and avoid uglifier precompile issue
 gem 'tether-rails'
-
-# When first attempting to upgrade to Hyrax v3.4.2, this dry-monads gem was upgraded to v1.5.0.
-# This version threw the following error:
-# NameError: uninitialized constant Dry::Monads::Result::Transformer
-# Locking it to v1.4.x does not throw an error.
-gem 'dry-monads', '~> 1.4.0'
+gem 'turbolinks', '~> 5'
+gem 'web-console', '>= 3.3.0', group: %i[development] # <%= console %> in views
+gem 'webdrivers', '~> 4.7.0', group: %i[test]
+gem 'webmock', group: %i[test]
+# rubocop:enable Metrics/LineLength

Gemfile.lock

@@ -42,6 +42,16 @@ GIT
       rails (~> 5.0)
       rdf-vocab (~> 3.0)
 
+GIT
+  remote: https://github.com/stanhu/omniauth-cas.git
+  revision: 4211e6d05941b4a981f9a36b49ec166cecd0e271
+  ref: 4211e6d05941b4a981f9a36b49ec166cecd0e271
+  specs:
+    omniauth-cas (2.0.0)
+      addressable (~> 2.3)
+      nokogiri (~> 1.5)
+      omniauth (>= 1.2, < 3)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -114,6 +124,7 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
+    aes_key_wrap (1.1.0)
     almond-rails (0.3.0)
       rails (>= 4.2)
     amazing_print (1.4.0)
@@ -124,6 +135,7 @@ GEM
       rack (>= 1.3.6)
     arel (9.0.0)
     ast (2.4.2)
+    attr_required (1.0.1)
     autoprefixer-rails (10.4.13.0)
       execjs (~> 2)
     awesome_nested_set (3.5.0)
@@ -168,6 +180,7 @@ GEM
       smart_properties
     bibtex-ruby (6.0.0)
       latex-decode (~> 0.0)
+    bindata (2.4.15)
     bindex (0.8.1)
     blacklight (6.25.0)
       bootstrap-sass (~> 3.2)
@@ -599,7 +612,6 @@ GEM
       json
     iiif_manifest (1.3.1)
       activesupport (>= 4)
-    is_it_working (1.1.0)
     iso-639 (0.3.6)
     iso8601 (0.9.1)
     jbuilder (2.11.5)
@@ -619,6 +631,11 @@ GEM
       railties (>= 3.2.16)
     json (2.6.3)
     json-canonicalization (0.3.2)
+    json-jwt (1.15.3)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
+      httpclient
     json-ld (3.1.10)
       htmlentities (~> 4.3)
       json-canonicalization (~> 0.2)
@@ -803,6 +820,32 @@ GEM
     oj (3.14.3)
     oj_mimic_json (1.0.1)
     okcomputer (1.18.4)
+    omniauth (2.1.1)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-multi-provider (0.4.0)
+      omniauth
+    omniauth-rails_csrf_protection (1.0.1)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
+    omniauth-saml (2.1.0)
+      omniauth (~> 2.0)
+      ruby-saml (~> 1.12)
+    omniauth_openid_connect (0.6.1)
+      omniauth (>= 1.9, < 3)
+      openid_connect (~> 1.1)
+    openid_connect (1.4.2)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.15.0)
+      net-smtp
+      rack-oauth2 (~> 1.21)
+      swd (~> 1.3)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (~> 1.2)
     openseadragon (0.6.0)
       rails (> 3.2.0)
     optimist (3.0.1)
@@ -840,7 +883,15 @@ GEM
       rails (>= 5.0, < 7.1)
       rdf
     racc (1.7.1)
-    rack (2.2.7)
+    rack (2.2.8)
+    rack-oauth2 (1.21.3)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
+    rack-protection (3.0.6)
+      rack
     rack-test (0.7.0)
       rack (>= 1.0, < 3)
     rails (5.2.8.1)
@@ -1025,6 +1076,9 @@ GEM
       multipart-post
       oauth2
     ruby-progressbar (1.13.0)
+    ruby-saml (1.15.0)
+      nokogiri (>= 1.13.10)
+      rexml
     ruby2_keywords (0.0.5)
     ruby_dep (1.5.0)
     rubyzip (2.3.2)
@@ -1124,6 +1178,10 @@ GEM
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
     ssrf_filter (1.0.8)
+    swd (1.3.0)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
     sxp (1.1.0)
       rdf (~> 3.1)
     temple (0.10.0)
@@ -1156,6 +1214,12 @@ GEM
     unicode-types (1.8.0)
     unicode_utils (1.4.0)
     validatable (1.6.7)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.15)
+      activemodel (>= 3.0.0)
+      public_suffix
     valkyrie (2.2.0)
       activemodel
       activesupport
@@ -1183,6 +1247,9 @@ GEM
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (> 3.141, < 5.0)
+    webfinger (1.2.0)
+      activesupport
+      httpclient (>= 2.4)
     webmock (3.18.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
@@ -1235,7 +1302,6 @@ DEPENDENCIES
   i18n-debug
   i18n-tasks
   iiif_print!
-  is_it_working
   jbuilder (~> 2.5)
   jquery-rails
   launchy
@@ -1244,6 +1310,11 @@ DEPENDENCIES
   mods (~> 2.4)
   negative_captcha
   okcomputer
+  omniauth-cas!
+  omniauth-multi-provider
+  omniauth-rails_csrf_protection (~> 1.0)
+  omniauth-saml (~> 2.1)
+  omniauth_openid_connect
   parser (~> 2.5.3)
   pg
   postrank-uri (>= 1.0.24)