main
1# frozen_string_literal: true
2
3require 'spec_helper'
4
5RSpec.describe Saml::Kit::Builders::Assertion do
6 describe '#build' do
7 subject { described_class.new(user, authn_request, configuration: configuration) }
8
9 let(:email) { FFaker::Internet.email }
10 let(:assertion_consumer_service_url) { FFaker::Internet.uri('https') }
11 let(:user) { User.new(attributes: { email: email, created_at: Time.now.utc.iso8601 }) }
12 let(:authn_request) { instance_double(Saml::Kit::AuthenticationRequest, id: Xml::Kit::Id.generate, assertion_consumer_service_url: assertion_consumer_service_url, issuer: issuer, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, trusted?: true, signed?: true) }
13 let(:provider) { instance_double(Saml::Kit::ServiceProviderMetadata, want_assertions_signed: false, encryption_certificates: [configuration.certificates(use: :encryption).last]) }
14 let(:issuer) { FFaker::Internet.uri('https') }
15 let(:registry) { instance_double(Saml::Kit::DefaultRegistry) }
16 let(:configuration) do
17 Saml::Kit::Configuration.new do |config|
18 config.entity_id = issuer
19 config.registry = registry
20 config.generate_key_pair_for(use: :signing)
21 config.generate_key_pair_for(use: :encryption)
22 end
23 end
24 let(:metadata) do
25 Saml::Kit::Metadata.build(configuration: configuration, &:build_identity_provider)
26 end
27
28 before { allow(registry).to receive(:metadata_for).and_return(metadata) }
29
30 specify { expect(subject.build).to be_valid }
31 specify { expect(subject.build.issuer).to eql(issuer) }
32 specify { expect(subject.build.name_id).to eql(user.name_id) }
33 specify { expect(subject.build.name_id_format).to eql(Saml::Kit::Namespaces::EMAIL_ADDRESS) }
34 specify { expect(subject.build).to be_signed }
35 specify { expect(subject.build).not_to be_expired }
36 specify { expect(subject.build).to be_active }
37 specify { expect(subject.build).not_to be_encrypted }
38 specify { expect(subject.build.conditions.audiences).to include(issuer) }
39 specify { expect(subject.build.attributes).to eql('email' => user.attributes[:email], 'created_at' => user.attributes[:created_at]) }
40 end
41end