Commit 39d16f1
Changed files (3)
app
controllers
views
sessions
spec
requests
app/controllers/sessions_controller.rb
@@ -35,8 +35,8 @@ class SessionsController < ApplicationController
end
def destroy
+ binding = binding_for(:http_post, session_url)
if saml_params[:SAMLRequest].present?
- binding = binding_for(:http_post, session_url)
saml_request = binding.deserialize(saml_params).tap do |saml|
raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
end
@@ -47,6 +47,12 @@ class SessionsController < ApplicationController
end
reset_session
elsif saml_params[:SAMLResponse].present?
+ saml_request = binding.deserialize(saml_params)
+ if saml_request.invalid?
+ raise ActiveRecord::RecordInvalid.new(saml_request)
+ end
+ reset_session
+ redirect_to new_session_path
else
end
end
app/views/sessions/_response.html.erb
@@ -8,7 +8,7 @@
<%= hidden_field_tag key, value %>
<% end %>
<% end %>
- <%= debug @saml_response_builder.build.to_xhtml %>
+ <%= debug @saml_response_builder.try(:build).try(:to_xhtml) %>
</div>
</div>
</div>
spec/requests/sessions_controller_spec.rb
@@ -132,5 +132,18 @@ describe SessionsController do
expect(response.body).to include("SAMLResponse")
expect(response.body).to include(sp_metadata.single_logout_service_for(binding: :http_post).location)
end
+
+ it 'redirects to the login page' do
+ allow(registry).to receive(:metadata_for).with(issuer).and_return(sp_metadata)
+ authn_request = Saml::Kit::AuthenticationRequest.build
+ builder = Saml::Kit::LogoutResponse.builder(authn_request) do |x|
+ x.issuer = issuer
+ x.embed_signature = false
+ end
+
+ url, saml_params = post_binding.serialize(builder)
+ post url, params: saml_params
+ expect(response).to redirect_to(new_session_url)
+ end
end
end