Commit 360f1ca

mo <mo.khan@gmail.com>
2017-12-17 21:12:00
normalize params in redirect binding.
main
1 parent a737a41
Changed files (2)
lib
saml
kit
bindings
http_redirect.rb
spec
saml
bindings
http_redirect_spec.rb
lib/saml/kit/bindings/http_redirect.rb
@@ -16,8 +16,9 @@ module Saml
         end
 
         def deserialize(params, configuration: Saml::Kit.configuration)
-          document = deserialize_document_from!(params, configuration)
-          ensure_valid_signature!(params, document)
+          parameters = normalize(params)
+          document = deserialize_document_from!(parameters, configuration)
+          ensure_valid_signature!(parameters, document)
           document
         end
 
@@ -25,21 +26,20 @@ module Saml
 
         def deserialize_document_from!(params, configuration)
           xml = inflate(decode(unescape(saml_param_from(params))))
-          Saml::Kit.logger.debug(xml)
           Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
         end
 
         def ensure_valid_signature!(params, document)
-          return if params['Signature'].blank? || params['SigAlg'].blank?
+          return if params[:Signature].blank? || params[:SigAlg].blank?
 
-          signature = decode(params['Signature'])
-          canonical_form = ['SAMLRequest', 'SAMLResponse', 'RelayState', 'SigAlg'].map do |key|
+          signature = decode(params[:Signature])
+          canonical_form = [:SAMLRequest, :SAMLResponse, :RelayState, :SigAlg].map do |key|
             value = params[key]
             value.present? ? "#{key}=#{value}" : nil
           end.compact.join('&')
 
           return if document.provider.nil?
-          if document.provider.verify(algorithm_for(params['SigAlg']), signature, canonical_form)
+          if document.provider.verify(algorithm_for(params[:SigAlg]), signature, canonical_form)
             document.signature_verified!
           else
             raise ArgumentError.new("Invalid Signature")
@@ -58,6 +58,23 @@ module Saml
             OpenSSL::Digest::SHA1.new
           end
         end
+
+        def normalize(params)
+          if params.respond_to? :inject
+            params.inject({}) do |memo, (key, value)|
+              memo[key.to_sym] = value
+              memo
+            end
+          else
+            {
+              SAMLRequest: params['SAMLRequest'] || params[:SAMLRequest],
+              SAMLResponse: params['SAMLResponse'] || params[:SAMLResponse],
+              RelayState: params['RelayState'] || params[:RelayState],
+              Signature: params['Signature'] || params[:Signature],
+              SigAlg: params['SigAlg'] || params[:SigAlg],
+            }
+          end
+        end
       end
     end
   end
spec/saml/bindings/http_redirect_spec.rb
@@ -37,6 +37,21 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
       expect(result).to be_instance_of(Saml::Kit::AuthenticationRequest)
     end
 
+    it 'deserializes the SAMLRequest to an AuthnRequest with symbols for keys' do
+      configuration = Saml::Kit::Configuration.new do |config|
+        config.issuer = issuer
+        config.generate_key_pair_for(use: :signing)
+      end
+      provider = Saml::Kit::IdentityProviderMetadata.build(configuration: configuration)
+      url, _ = subject.serialize(Saml::Kit::AuthenticationRequest.builder(configuration: configuration))
+      allow(configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
+
+      result = subject.deserialize(query_params_from(url).symbolize_keys, configuration: configuration)
+      expect(result).to be_instance_of(Saml::Kit::AuthenticationRequest)
+      expect(result).to be_signed
+      expect(result).to be_trusted
+    end
+
     it 'deserializes the SAMLRequest to an AuthnRequest with symbols for keys' do
       url, _ = subject.serialize(Saml::Kit::AuthenticationRequest.builder)
       result = subject.deserialize(query_params_from(url).symbolize_keys)