Commit 73b0d90
Changed files (9)
lib
lib/saml/kit/locales/en.yml
@@ -12,7 +12,7 @@ en:
IDPSSODescriptor:
invalid: "must contain IDPSSODescriptor."
invalid_signature: "invalid signature."
- InvalidRequest:
+ InvalidDocument:
invalid: "must contain valid SAMLRequest"
Response:
invalid: "must contain Response."
lib/saml/kit/binding.rb
@@ -26,32 +26,14 @@ module Saml
protected
- def deserialize_request(raw_request)
- xml = Saml::Kit::Content.deserialize(raw_request)
- hash = Hash.from_xml(xml)
- if hash['AuthnRequest'].present?
- AuthenticationRequest.new(xml)
+ def saml_param_from(params)
+ if params['SAMLRequest'].present?
+ params['SAMLRequest']
+ elsif params['SAMLResponse'].present?
+ params['SAMLResponse']
else
- LogoutRequest.new(xml)
+ raise ArgumentError.new("SAMLRequest or SAMLResponse parameter is required.")
end
- rescue => error
- Saml::Kit.logger.error(error)
- Saml::Kit.logger.error(error.backtrace.join("\n"))
- InvalidRequest.new(raw_request)
- end
-
- def deserialize_response(saml_response)
- xml = Saml::Kit::Content.deserialize(saml_response)
- hash = Hash.from_xml(xml)
- if hash['Response'].present?
- Response.new(xml)
- else
- LogoutResponse.new(xml)
- end
- rescue => error
- Saml::Kit.logger.error(error)
- Saml::Kit.logger.error(error.backtrace.join("\n"))
- InvalidResponse.new(saml_response)
end
end
end
lib/saml/kit/document.rb
@@ -0,0 +1,23 @@
+
+module Saml
+ module Kit
+ class Document
+ def self.to_saml_document(saml)
+ xml = Saml::Kit::Content.deserialize(saml)
+ hash = Hash.from_xml(xml)
+ if hash['Response'].present?
+ Response.new(xml)
+ elsif hash['LogoutResponse'].present?
+ LogoutResponse.new(xml)
+ elsif hash['AuthnRequest'].present?
+ AuthenticationRequest.new(xml)
+ elsif hash['LogoutRequest'].present?
+ LogoutRequest.new(xml)
+ end
+ rescue => error
+ Saml::Kit.logger.error(error)
+ InvalidDocument.new(saml)
+ end
+ end
+ end
+end
lib/saml/kit/http_post_binding.rb
@@ -13,13 +13,8 @@ module Saml
end
def deserialize(params)
- if params['SAMLRequest'].present?
- deserialize_request(params['SAMLRequest'])
- elsif params['SAMLResponse'].present?
- deserialize_response(params['SAMLResponse'])
- else
- raise ArgumentError.new("Missing SAMLRequest or SAMLResponse")
- end
+ saml_param = saml_param_from(params)
+ Saml::Kit::Document.to_saml_document(saml_param)
end
end
end
lib/saml/kit/http_redirect_binding.rb
@@ -17,13 +17,8 @@ module Saml
private
def deserialize_document_from!(params)
- if params['SAMLRequest'].present?
- deserialize_request(CGI.unescape(params['SAMLRequest']))
- elsif params['SAMLResponse'].present?
- deserialize_response(CGI.unescape(params['SAMLResponse']))
- else
- raise ArgumentError.new("SAMLRequest or SAMLResponse parameter is required.")
- end
+ saml_param = saml_param_from(params)
+ Saml::Kit::Document.to_saml_document(CGI.unescape(saml_param))
end
def ensure_valid_signature!(params, document)
@@ -39,7 +34,6 @@ module Saml
raise ArgumentError.new("Invalid Signature") unless valid
end
-
def algorithm_for(algorithm)
case algorithm =~ /(rsa-)?sha(.*?)$/i && $2.to_i
when 256
lib/saml/kit/invalid_request.rb → lib/saml/kit/invalid_document.rb
@@ -9,26 +9,14 @@ module Saml
model.errors[:base] << model.error_message(:invalid)
end
- def initialize(raw, name)
+ def initialize(raw)
@raw = raw
+ @name = "InvalidDocument"
end
def to_xml
raw
end
-
- end
-
- class InvalidRequest < InvalidDocument
- def initialize(raw)
- super raw, "InvalidRequest"
- end
- end
-
- class InvalidResponse < InvalidDocument
- def initialize(raw)
- super raw, "InvalidResponse"
- end
end
end
end
lib/saml/kit.rb
@@ -17,6 +17,7 @@ require "saml/kit/authentication_request"
require "saml/kit/binding"
require "saml/kit/configuration"
require "saml/kit/content"
+require "saml/kit/document"
require "saml/kit/default_registry"
require "saml/kit/fingerprint"
require "saml/kit/logout_response"
@@ -28,7 +29,7 @@ require "saml/kit/metadata"
require "saml/kit/request"
require "saml/kit/response"
require "saml/kit/identity_provider_metadata"
-require "saml/kit/invalid_request"
+require "saml/kit/invalid_document"
require "saml/kit/self_signed_certificate"
require "saml/kit/service_provider_metadata"
require "saml/kit/signature"
spec/saml/http_post_binding_spec.rb
@@ -88,7 +88,7 @@ RSpec.describe Saml::Kit::HttpPostBinding do
it 'raises an error when SAMLRequest and SAMLResponse are missing' do
expect do
subject.deserialize({})
- end.to raise_error(/Missing SAMLRequest or SAMLResponse/)
+ end.to raise_error(/SAMLRequest or SAMLResponse parameter is required/)
end
[
spec/saml/http_redirect_binding_spec.rb
@@ -42,7 +42,7 @@ RSpec.describe Saml::Kit::HttpRedirectBinding do
it 'returns an invalid request when the SAMLRequest is invalid' do
result = subject.deserialize({ 'SAMLRequest' => "nonsense" })
- expect(result).to be_instance_of(Saml::Kit::InvalidRequest)
+ expect(result).to be_instance_of(Saml::Kit::InvalidDocument)
end
it 'deserializes the SAMLResponse to a Response' do
@@ -63,7 +63,7 @@ RSpec.describe Saml::Kit::HttpRedirectBinding do
it 'returns an invalid response when the SAMLResponse is invalid' do
result = subject.deserialize({ 'SAMLResponse' => "nonsense" })
- expect(result).to be_instance_of(Saml::Kit::InvalidResponse)
+ expect(result).to be_instance_of(Saml::Kit::InvalidDocument)
end
it 'raises an error when a saml parameter is not specified' do