Commit 68fc461

mo <mo@mokhan.ca>
2017-11-18 02:29:50
push up signature validation.
main
1 parent ec7749a
Changed files (4)
lib
saml
kit
authentication_request.rb
logout_request.rb
response.rb
trustable.rb
lib/saml/kit/authentication_request.rb
@@ -3,7 +3,6 @@ module Saml
     class AuthenticationRequest < Document
       include Requestable
       validates_presence_of :acs_url, if: :login?
-      validate :must_have_valid_signature
       validate :must_be_registered
 
       def initialize(xml)
@@ -44,16 +43,6 @@ module Saml
         errors[:fingerprint] << error_message(:invalid_fingerprint)
       end
 
-      def must_have_valid_signature
-        return if to_xml.blank?
-
-        xml = Saml::Kit::Xml.new(to_xml)
-        xml.valid?
-        xml.errors.each do |error|
-          errors[:base] << error
-        end
-      end
-
       def login?
         request?
       end
lib/saml/kit/logout_request.rb
@@ -3,7 +3,6 @@ module Saml
     class LogoutRequest < Document
       include Requestable
       validates_presence_of :single_logout_service, if: :logout?
-      validate :must_have_valid_signature
       validate :must_be_registered
 
       def initialize(xml)
@@ -30,16 +29,6 @@ module Saml
 
       private
 
-      def must_have_valid_signature
-        return if to_xml.blank?
-
-        xml = Saml::Kit::Xml.new(to_xml)
-        xml.valid?
-        xml.errors.each do |error|
-          errors[:base] << error
-        end
-      end
-
       def must_be_registered
         return unless logout?
         if provider.nil?
lib/saml/kit/response.rb
@@ -5,7 +5,6 @@ module Saml
 
       attr_reader :request_id
       validates_presence_of :id
-      validate :must_have_valid_signature
       validate :must_be_registered
       validate :must_be_valid_version
       validates_inclusion_of :status_code, in: [Namespaces::SUCCESS]
@@ -52,16 +51,6 @@ module Saml
 
       private
 
-      def must_have_valid_signature
-        return if to_xml.blank?
-
-        xml = Saml::Kit::Xml.new(to_xml)
-        xml.valid?
-        xml.errors.each do |error|
-          errors[:base] << error
-        end
-      end
-
       def must_be_registered
         return unless login?
         return if trusted?
lib/saml/kit/trustable.rb
@@ -1,6 +1,12 @@
 module Saml
   module Kit
     module Trustable
+      extend ActiveSupport::Concern
+
+      included do
+        validate :must_have_valid_signature
+      end
+
       def certificate
         return unless signed?
         to_h.fetch(name, {}).fetch('Signature', {}).fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
@@ -28,6 +34,18 @@ module Saml
       def registry
         Saml::Kit.configuration.registry
       end
+
+      private
+
+      def must_have_valid_signature
+        return if to_xml.blank?
+
+        xml = Saml::Kit::Xml.new(to_xml)
+        xml.valid?
+        xml.errors.each do |error|
+          errors[:base] << error
+        end
+      end
     end
   end
 end