Commit 0f26c47
Changed files (3)
lib
saml
spec
saml
lib/saml/kit/binding.rb
@@ -12,18 +12,18 @@ module Saml
binding == other
end
- def serialize(document_type, relay_state: nil)
+ def serialize(builder, relay_state: nil)
if http_redirect?
- builder = document_type::Builder.new(sign: false)
+ builder.sign = false
builder.destination = location
document = builder.build
[UrlBuilder.new.build(document, relay_state: relay_state), {}]
elsif post?
- builder = document_type::Builder.new(sign: true)
+ builder.sign = true
builder.destination = location
document = builder.build
saml_params = {
- 'SAMLRequest' => Base64.strict_encode64(document.to_xml),
+ document.query_string_parameter => Base64.strict_encode64(document.to_xml),
'RelayState' => relay_state,
}
[location, saml_params]
lib/saml/kit/logout_response.rb
@@ -54,7 +54,7 @@ module Saml
end
class Builder
- attr_accessor :id, :issuer, :version, :status_code, :sign, :now
+ attr_accessor :id, :issuer, :version, :status_code, :sign, :now, :destination
attr_reader :request
def initialize(user, request, configuration: Saml::Kit.configuration, sign: true)
@@ -92,7 +92,7 @@ module Saml
ID: "_#{id}",
Version: "2.0",
IssueInstant: now.utc.iso8601,
- Destination: "",
+ Destination: destination,
InResponseTo: request.id,
}
end
spec/saml/binding_spec.rb
@@ -9,7 +9,8 @@ RSpec.describe Saml::Kit::Binding do
let(:subject) { Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::HTTP_REDIRECT, location: location) }
it 'encodes the request using the HTTP-Redirect encoding' do
- url, _ = subject.serialize(Saml::Kit::AuthenticationRequest, relay_state: relay_state)
+ builder = Saml::Kit::AuthenticationRequest::Builder.new
+ url, _ = subject.serialize(builder, relay_state: relay_state)
expect(url).to start_with(location)
expect(url).to have_query_param('SAMLRequest')
expect(url).to have_query_param('SigAlg')
@@ -20,8 +21,9 @@ RSpec.describe Saml::Kit::Binding do
describe "HTTP-POST Binding" do
let(:subject) { Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::POST, location: location) }
- it 'encodes the request using the HTTP-POST encoding' do
- url, saml_params = subject.serialize(Saml::Kit::AuthenticationRequest, relay_state: relay_state)
+ it 'encodes the request using the HTTP-POST encoding for a AuthenticationRequest' do
+ builder = Saml::Kit::AuthenticationRequest::Builder.new
+ url, saml_params = subject.serialize(builder, relay_state: relay_state)
expect(url).to eql(location)
expect(saml_params['RelayState']).to eql(relay_state)
@@ -31,6 +33,35 @@ RSpec.describe Saml::Kit::Binding do
expect(xml['AuthnRequest']['Destination']).to eql(location)
expect(xml['AuthnRequest']['Signature']).to be_present
end
+
+ it 'returns a SAMLRequest for a LogoutRequest' do
+ user = double(:user, name_id_for: SecureRandom.uuid)
+ builder = Saml::Kit::LogoutRequest::Builder.new(user)
+ url, saml_params = subject.serialize(builder, relay_state: relay_state)
+
+ expect(url).to eql(location)
+ expect(saml_params['RelayState']).to eql(relay_state)
+ expect(saml_params['SAMLRequest']).to be_present
+ xml = Hash.from_xml(Base64.decode64(saml_params['SAMLRequest']))
+ expect(xml['LogoutRequest']).to be_present
+ expect(xml['LogoutRequest']['Destination']).to eql(location)
+ expect(xml['LogoutRequest']['Signature']).to be_present
+ end
+
+ it 'returns a SAMLResponse for a LogoutResponse' do
+ user = double(:user, name_id_for: SecureRandom.uuid)
+ request = instance_double(Saml::Kit::AuthenticationRequest, id: SecureRandom.uuid)
+ builder = Saml::Kit::LogoutResponse::Builder.new(user, request)
+ url, saml_params = subject.serialize(builder, relay_state: relay_state)
+
+ expect(url).to eql(location)
+ expect(saml_params['RelayState']).to eql(relay_state)
+ expect(saml_params['SAMLResponse']).to be_present
+ xml = Hash.from_xml(Base64.decode64(saml_params['SAMLResponse']))
+ expect(xml['LogoutResponse']).to be_present
+ expect(xml['LogoutResponse']['Destination']).to eql(location)
+ expect(xml['LogoutResponse']['Signature']).to be_present
+ end
end
it 'ignores other bindings' do