Commit 510f28a

mo <mo@mokhan.ca>
2017-11-18 02:50:21
push up request id match validation.
main
1 parent dad130b
Changed files (2)
lib
saml
kit
respondable.rb
response.rb
lib/saml/kit/respondable.rb
@@ -2,9 +2,11 @@ module Saml
   module Kit
     module Respondable
       extend ActiveSupport::Concern
+      attr_reader :request_id
 
       included do
         validates_inclusion_of :status_code, in: [Namespaces::SUCCESS]
+        validate :must_match_request_id
       end
 
       def query_string_parameter
@@ -18,6 +20,16 @@ module Saml
       def in_response_to
         to_h.fetch(name, {}).fetch('InResponseTo', nil)
       end
+
+      private
+
+      def must_match_request_id
+        return if request_id.nil?
+
+        if in_response_to != request_id
+          errors[:in_response_to] << error_message(:invalid_response_to)
+        end
+      end
     end
   end
 end
lib/saml/kit/response.rb
@@ -3,9 +3,6 @@ module Saml
     class Response < Document
       include Respondable
 
-      attr_reader :request_id
-
-      validate :must_match_request_id
       validate :must_be_active_session
       validate :must_match_issuer
 
@@ -47,14 +44,6 @@ module Saml
 
       private
 
-      def must_match_request_id
-        return if request_id.nil?
-
-        if in_response_to != request_id
-          errors[:in_response_to] << error_message(:invalid_response_to)
-        end
-      end
-
       def must_be_active_session
         return unless expected_type?
         errors[:base] << error_message(:expired) unless active?