From 250c64bb3b1df6f12ec6e9712b447a3716cb2927 Mon Sep 17 00:00:00 2001
From: James Edwards-Jones <jedwardsjones@gitlab.com>
Date: Sun, 24 Mar 2019 19:40:46 +0800
Subject: [PATCH] feat: allow request uuid to be stored

Introduces a :store_request_uuid option for later comparison with InResponseTo

By default it saves the request uuid in the session as "saml_transaction_id",
but also accepts a proc that will then be called with the uuid for custom storage.
---
 lib/omniauth/strategies/saml.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/omniauth/strategies/saml.rb b/lib/omniauth/strategies/saml.rb
index bbee4af..75d84e0 100644
--- a/lib/omniauth/strategies/saml.rb
+++ b/lib/omniauth/strategies/saml.rb
@@ -30,15 +30,26 @@ def self.inherited(subclass)
       option :slo_default_relay_state
       option :uid_attribute
       option :idp_slo_session_destroy, proc { |_env, session| session.clear }
+      option :store_request_uuid
 
       def request_phase
         authn_request = OneLogin::RubySaml::Authrequest.new
 
+        store_request_uuid(authn_request.uuid)
+
         with_settings do |settings|
           redirect(authn_request.create(settings, additional_params_for_authn_request))
         end
       end
 
+      def store_request_uuid(uuid)
+        if options.store_request_uuid.respond_to?(:call)
+          options.store_request_uuid.call(uuid)
+        elsif options.store_request_uuid
+          session["saml_transaction_id"] = uuid
+        end
+      end
+
       def callback_phase
         raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing") unless request.params["SAMLResponse"]