Commit b98d3af

mo <mo.khan@gmail.com>
2017-12-19 18:24:10
use new response_for api.
main
1 parent 3d14863
Changed files (3)
app
controllers
sessions_controller.rb
Gemfile
Gemfile.lock
app/controllers/sessions_controller.rb
@@ -33,8 +33,9 @@ class SessionsController < ApplicationController
       saml_request = binding.deserialize(raw_params).tap do |saml|
         raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
       end
-      user = User.find_by(uuid: saml_request.name_id)
-      @url, @saml_params = saml_request.response_for(user, binding: :http_post, relay_state: saml_params[:RelayState]) do |builder|
+      raise 'Unknown NameId' unless current_user.uuid == saml_request.name_id
+
+      @url, @saml_params = saml_request.response_for(binding: :http_post, relay_state: saml_params[:RelayState]) do |builder|
         @saml_response_builder = builder
       end
       reset_session
Gemfile
@@ -61,7 +61,7 @@ end
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 gem 'dotenv-rails'
-gem 'saml-kit', '0.2.10'
+gem 'saml-kit', '0.2.12'
 gem 'rails-assets-bootstrap', source: 'https://rails-assets.org'
 gem 'jwt'
 gem 'activerecord-session_store'
Gemfile.lock
@@ -175,7 +175,7 @@ GEM
     ruby_dep (1.5.0)
     rubyzip (1.2.1)
     safe_yaml (1.0.4)
-    saml-kit (0.2.10)
+    saml-kit (0.2.12)
       activemodel (>= 4.2.0)
       builder (~> 3.2)
       nokogiri (~> 1.8)
@@ -256,7 +256,7 @@ DEPENDENCIES
   rails-controller-testing
   rails_12factor
   rspec-rails (~> 3.6)
-  saml-kit (= 0.2.10)
+  saml-kit (= 0.2.12)
   sass-rails (~> 5.0)
   selenium-webdriver
   spring