Commit f4b69ba

mo <mo.khan@gmail.com>
2017-12-23 19:15:18
add spec for generating a logout response.
main
1 parent 9651bd5
Changed files (2)
app
controllers
sessions_controller.rb
spec
requests
sessions_controller_spec.rb
app/controllers/sessions_controller.rb
@@ -18,7 +18,10 @@ class SessionsController < ApplicationController
 
   def create
     if user = User.login(user_params[:email], user_params[:password])
-      return redirect_to(dashboard_path) unless session[:saml].present?
+      unless session[:saml].present?
+        login(user)
+        return redirect_to(dashboard_path)
+      end
 
       binding = idp.single_sign_on_service_for(binding: session[:saml][:binding])
       saml_request = binding.deserialize(session[:saml][:params])
@@ -33,7 +36,7 @@ class SessionsController < ApplicationController
 
   def destroy
     if saml_params[:SAMLRequest].present?
-      binding = idp.single_logout_service_for(binding: :http_post)
+      binding = Saml::Kit::Bindings::HttpPost.new(location: session_url)
       saml_request = binding.deserialize(saml_params).tap do |saml|
         raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
       end
@@ -63,8 +66,12 @@ class SessionsController < ApplicationController
     @url, @saml_params = saml_request.response_for(user, binding: :http_post, relay_state: relay_state) do |builder|
       @saml_response_builder = builder
     end
+    login(user)
+    render :create
+  end
+
+  def login(user)
     reset_session
     session[:user_id] = user.id
-    render :create
   end
 end
spec/requests/sessions_controller_spec.rb
@@ -6,6 +6,7 @@ describe SessionsController do
   let(:sp_metadata) do
     Saml::Kit::ServiceProviderMetadata.build do |x|
       x.add_assertion_consumer_service(FFaker::Internet.uri("https"), binding: :http_post)
+      x.add_single_logout_service(FFaker::Internet.uri("https"), binding: :http_post)
     end
   end
   def http_login(user)
@@ -110,4 +111,25 @@ describe SessionsController do
       expect(response.body).to include(relay_state)
     end
   end
+
+  describe "#destroy" do
+    let(:post_binding) { Saml::Kit::Bindings::HttpPost.new(location: "/session/logout") }
+    let(:user) { User.create!(email: FFaker::Internet.email, password: FFaker::Internet.password) }
+
+    it 'posts the response back to the service provider' do
+      allow(registry).to receive(:metadata_for).with(issuer).and_return(sp_metadata)
+      builder = Saml::Kit::LogoutRequest.builder(user) do |x|
+        x.issuer = issuer
+        x.embed_signature = false
+      end
+
+      http_login(user)
+
+      url, saml_params = post_binding.serialize(builder)
+      post url, params: saml_params
+      expect(response).to have_http_status(:ok)
+      expect(response.body).to include("SAMLResponse")
+      expect(response.body).to include(sp_metadata.single_logout_service_for(binding: :http_post).location)
+    end
+  end
 end