Commit 375e3b4
Changed files (9)
lib
saml
spec
saml
lib/saml/kit/locales/en.yml
@@ -2,6 +2,8 @@
en:
saml/kit:
errors:
+ Assertion:
+ expired: "must not be expired."
AuthnRequest:
invalid: "must contain AuthnRequest."
invalid_fingerprint: "does not match."
@@ -17,7 +19,6 @@ en:
LogoutResponse:
unregistered: "is unregistered."
Response:
- expired: "must not be expired."
invalid: "must contain Response."
invalid_fingerprint: "does not match."
invalid_response_to: "must match request id."
lib/saml/kit/assertion.rb
@@ -1,7 +1,14 @@
module Saml
module Kit
class Assertion
+ include ActiveModel::Validations
+ include Translatable
+
+ validate :must_be_active_session
+ attr_reader :name
+
def initialize(xml_hash, configuration:)
+ @name = "Assertion"
@xml_hash = xml_hash
@configuration = configuration
end
@@ -77,6 +84,11 @@ module Saml
Saml::Kit.logger.error(error)
Time.at(0).to_datetime
end
+
+ def must_be_active_session
+ return if active?
+ errors[:base] << error_message(:expired)
+ end
end
end
end
lib/saml/kit/document.rb
@@ -2,8 +2,9 @@ module Saml
module Kit
class Document
PROTOCOL_XSD = File.expand_path("./xsd/saml-schema-protocol-2.0.xsd", File.dirname(__FILE__)).freeze
- include XsdValidatable
include ActiveModel::Validations
+ include XsdValidatable
+ include Translatable
include Trustable
include Buildable
validates_presence_of :content
lib/saml/kit/metadata.rb
@@ -1,10 +1,11 @@
module Saml
module Kit
class Metadata
+ METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
include ActiveModel::Validations
include XsdValidatable
+ include Translatable
include Buildable
- METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
validates_presence_of :metadata
validate :must_contain_descriptor
lib/saml/kit/response.rb
@@ -6,8 +6,8 @@ module Saml
def_delegators :assertion, :name_id, :[], :attributes, :active?, :audiences
- validate :must_be_active_session
validate :must_match_issuer
+ validate :must_be_valid_assertion
def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
@request_id = request_id
@@ -15,15 +15,16 @@ module Saml
end
def assertion
- @assertion = Saml::Kit::Assertion.new(to_h, configuration: @configuration)
+ @assertion ||= Saml::Kit::Assertion.new(to_h, configuration: @configuration)
end
private
- def must_be_active_session
- return unless expected_type?
- return unless success?
- errors[:base] << error_message(:expired) unless active?
+ def must_be_valid_assertion
+ assertion.valid?
+ assertion.errors.each do |attribute, error|
+ self.errors[:assertion] << error
+ end
end
def must_match_issuer
lib/saml/kit/translatable.rb
@@ -0,0 +1,10 @@
+module Saml
+ module Kit
+ module Translatable
+ def error_message(attribute, type: :invalid)
+ I18n.translate(attribute, scope: "saml/kit.errors.#{name}")
+ #errors.generate_message(attribute, type: :invalid)
+ end
+ end
+ end
+end
lib/saml/kit/xsd_validatable.rb
@@ -10,10 +10,6 @@ module Saml
end
end
end
-
- def error_message(key)
- I18n.translate(key, scope: "saml/kit.errors.#{name}")
- end
end
end
end
lib/saml/kit.rb
@@ -24,6 +24,7 @@ require "saml/kit/xsd_validatable"
require "saml/kit/respondable"
require "saml/kit/requestable"
require "saml/kit/trustable"
+require "saml/kit/translatable"
require "saml/kit/document"
require "saml/kit/assertion"
spec/saml/response_spec.rb
@@ -119,7 +119,7 @@ RSpec.describe Saml::Kit::Response do
subject = described_class.build(user, request)
travel_to Saml::Kit.configuration.session_timeout.from_now + 5.seconds
expect(subject).to_not be_valid
- expect(subject.errors[:base]).to be_present
+ expect(subject.errors[:assertion]).to be_present
end
it 'is invalid before the valid session window' do
@@ -129,7 +129,7 @@ RSpec.describe Saml::Kit::Response do
subject = described_class.build(user, request)
travel_to 5.seconds.ago
expect(subject).to be_invalid
- expect(subject.errors[:base]).to be_present
+ expect(subject.errors[:assertion]).to be_present
end
it 'is invalid when the audience does not match the expected issuer' do