Commit 09765c3

mo <mo@mokhan.ca>
2017-12-13 02:38:44
let the binding specify the destination.
main
1 parent eee4717
Changed files (3)
lib
saml
kit
builders
assertion.rb
response.rb
spec
saml
builders
response_spec.rb
lib/saml/kit/builders/assertion.rb
@@ -5,7 +5,7 @@ module Saml
         include Templatable
         extend Forwardable
 
-        def_delegators :@response_builder, :encrypt, :sign, :request, :issuer, :reference_id, :now, :configuration, :user, :version
+        def_delegators :@response_builder, :encrypt, :sign, :request, :issuer, :reference_id, :now, :configuration, :user, :version, :destination
 
         def initialize(response_builder)
           @response_builder = response_builder
@@ -38,7 +38,7 @@ module Saml
           {
             InResponseTo: request.id,
             NotOnOrAfter: 3.hours.since(now).utc.iso8601,
-            Recipient: request.assertion_consumer_service_url,
+            Recipient: destination,
           }
         end
lib/saml/kit/builders/response.rb
@@ -18,7 +18,6 @@ module Saml
           @version = "2.0"
           @status_code = Namespaces::SUCCESS
           @issuer = configuration.issuer
-          @destination = destination_for(request)
           @sign = want_assertions_signed
           @encrypt = false
           @configuration = configuration
@@ -45,14 +44,6 @@ module Saml
           request.provider.encryption_certificates.first
         end
 
-        def destination_for(request)
-          if request.signed? && request.trusted?
-            request.assertion_consumer_service_url || request.provider.assertion_consumer_service_for(binding: :http_post).try(:location)
-          else
-            request.provider.assertion_consumer_service_for(binding: :http_post).try(:location)
-          end
-        end
-
         def response_options
           {
             ID: id,
spec/saml/builders/response_spec.rb
@@ -34,6 +34,7 @@ RSpec.describe Saml::Kit::Builders::Response do
     it 'returns a proper response for the user' do
       travel_to 1.second.from_now
       allow(Saml::Kit.configuration).to receive(:issuer).and_return(issuer)
+      subject.destination = assertion_consumer_service_url
       hash = Hash.from_xml(subject.to_xml)
 
       expect(hash['Response']['ID']).to be_present
@@ -120,29 +121,4 @@ RSpec.describe Saml::Kit::Builders::Response do
       expect(result['Response']['Assertion']['Signature']).to be_present
     end
   end
-
-  describe "#destination" do
-    let(:assertion_consumer_service_url) { "https://#{FFaker::Internet.domain_name}/acs" }
-    let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: []) }
-    subject { described_class.new(user, request).build }
-
-    describe "when the request is signed and trusted" do
-      let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: SecureRandom.uuid, assertion_consumer_service_url: assertion_consumer_service_url, issuer: FFaker::Movie.title, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: nil, signed?: true, trusted?: true) }
-
-      it 'returns the ACS embedded in the request' do
-        expect(subject.destination).to eql(assertion_consumer_service_url)
-      end
-    end
-
-    describe "when the request is not trusted" do
-      let(:registered_acs_url) { FFaker::Internet.uri("https") }
-      let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: SecureRandom.uuid, assertion_consumer_service_url: assertion_consumer_service_url, issuer: FFaker::Movie.title, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, signed?: true, trusted?: false) }
-      let(:provider) { instance_double(Saml::Kit::ServiceProviderMetadata, want_assertions_signed: false) }
-
-      it 'returns the registered ACS embedded in the metadata' do
-        allow(provider).to receive(:assertion_consumer_service_for).and_return(double(location: registered_acs_url))
-        expect(subject.destination).to eql(registered_acs_url)
-      end
-    end
-  end
 end