Commit 7a20dff
Changed files (6)
lib/saml/kit/authentication_request.rb
@@ -2,6 +2,7 @@ module Saml
module Kit
class AuthenticationRequest
PROTOCOL_XSD = File.expand_path("./xsd/saml-schema-protocol-2.0.xsd", File.dirname(__FILE__)).freeze
+ include XsdValidatable
include ActiveModel::Validations
validates_presence_of :content
@@ -86,13 +87,7 @@ module Saml
end
def must_match_xsd
- Dir.chdir(File.dirname(PROTOCOL_XSD)) do
- xsd = Nokogiri::XML::Schema(IO.read(PROTOCOL_XSD))
- document = Nokogiri::XML(to_xml)
- xsd.validate(document).each do |error|
- errors[:base] << error.message
- end
- end
+ matches_xsd?(PROTOCOL_XSD)
end
def login_request?
@@ -100,10 +95,6 @@ module Saml
@hash[name].present?
end
- def error_message(key)
- I18n.translate(key, scope: "saml/kit.errors.#{name}")
- end
-
class Builder
attr_accessor :id, :issued_at, :issuer, :acs_url, :name_id_format
lib/saml/kit/metadata.rb
@@ -2,6 +2,7 @@ module Saml
module Kit
class Metadata
include ActiveModel::Validations
+ include XsdValidatable
METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
NAMESPACES = {
@@ -94,23 +95,18 @@ module Saml
end
def must_contain_descriptor
- errors[:metadata] << error_message(:invalid) unless metadata
+ errors[:base] << error_message(:invalid) unless metadata
end
def must_match_xsd
- Dir.chdir(File.dirname(METADATA_XSD)) do
- xsd = Nokogiri::XML::Schema(IO.read(METADATA_XSD))
- xsd.validate(document).each do |error|
- errors[:metadata] << error.message
- end
- end
+ matches_xsd?(METADATA_XSD)
end
def must_have_valid_signature
return if to_xml.blank?
unless valid_signature?
- errors[:metadata] << error_message(:invalid_signature)
+ errors[:base] << error_message(:invalid_signature)
end
end
@@ -118,14 +114,10 @@ module Saml
xml = Saml::Kit::Xml.new(to_xml)
result = xml.valid?
xml.errors.each do |error|
- errors[:metadata] << error
+ errors[:base] << error
end
result
end
-
- def error_message(key)
- I18n.translate(key, scope: "saml/kit.errors.#{name}")
- end
end
end
end
lib/saml/kit/xsd_validatable.rb
@@ -0,0 +1,19 @@
+module Saml
+ module Kit
+ module XsdValidatable
+ def matches_xsd?(xsd)
+ Dir.chdir(File.dirname(xsd)) do
+ xsd = Nokogiri::XML::Schema(IO.read(xsd))
+ document = Nokogiri::XML(to_xml)
+ xsd.validate(document).each do |error|
+ errors[:base] << error.message
+ end
+ end
+ end
+
+ def error_message(key)
+ I18n.translate(key, scope: "saml/kit.errors.#{name}")
+ end
+ end
+ end
+end
lib/saml/kit.rb
@@ -11,6 +11,7 @@ require "nokogiri"
require "securerandom"
require "xmldsig"
+require "saml/kit/xsd_validatable"
require "saml/kit/authentication_request"
require "saml/kit/configuration"
require "saml/kit/default_registry"
spec/saml/identity_provider_metadata_spec.rb
@@ -175,7 +175,6 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
end
describe "#validate" do
- let(:errors) { [] }
let(:service_provider_metadata) do
builder = Saml::Kit::ServiceProviderMetadata::Builder.new
builder.to_xml
@@ -190,7 +189,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it 'is invalid, when given service provider metadata' do
subject = described_class.new(service_provider_metadata)
expect(subject).to_not be_valid
- expect(subject.errors[:metadata]).to include(I18n.translate("saml/kit.errors.IDPSSODescriptor.invalid"))
+ expect(subject.errors[:base]).to include(I18n.translate("saml/kit.errors.IDPSSODescriptor.invalid"))
end
it 'is invalid, when the metadata is nil' do
@@ -209,7 +208,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
end
subject = described_class.new(xml.target!)
expect(subject).to_not be_valid
- expect(subject.errors[:metadata][0]).to include("1:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor'")
+ expect(subject.errors[:base][0]).to include("1:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor'")
end
it 'is invalid, when the signature is invalid' do
@@ -219,7 +218,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
subject = described_class.new(metadata_xml)
expect(subject).to be_invalid
- expect(subject.errors[:metadata]).to include("invalid signature.")
+ expect(subject.errors[:base]).to include("invalid signature.")
end
end
end
spec/saml/service_provider_metadata_spec.rb
@@ -120,7 +120,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
it 'is invalid, when given identity provider metadata' do
subject = described_class.new(IO.read("spec/fixtures/metadata/okta.xml"))
expect(subject).to be_invalid
- expect(subject.errors[:metadata]).to include(I18n.translate("saml/kit.errors.SPSSODescriptor.invalid"))
+ expect(subject.errors[:base]).to include(I18n.translate("saml/kit.errors.SPSSODescriptor.invalid"))
end
it 'is invalid, when the metadata is nil' do
@@ -139,7 +139,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
end
subject = described_class.new(xml.target!)
expect(subject).to_not be_valid
- expect(subject.errors[:metadata][0]).to include("1:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor'")
+ expect(subject.errors[:base][0]).to include("1:0: ERROR: Element '{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor'")
end
it 'is invalid, when the signature is invalid' do
@@ -147,7 +147,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
metadata_xml = service_provider_metadata.gsub(acs_post_url, new_url)
subject = described_class.new(metadata_xml)
expect(subject).to be_invalid
- expect(subject.errors[:metadata]).to include("invalid signature.")
+ expect(subject.errors[:base]).to include("invalid signature.")
end
end