Commit 7e48290
2017-11-07 21:43:15
1 parent
8bcc668
Changed files (4)
airport
app
controllers
views
sessions
proof
app
controllers
saml-kit
lib
saml
kit
locales
airport/app/controllers/sessions_controller.rb
@@ -8,8 +8,10 @@ class SessionsController < ApplicationController
end
def create
- saml_response = Saml::Kit::Response.parse(params[:SAMLResponse])
- session[:user] = { id: saml_response.name_id }.merge(saml_response.attributes)
+ @saml_response = Saml::Kit::Response.parse(params[:SAMLResponse])
+ return render :error, status: :forbidden if @saml_response.invalid?
+
+ session[:user] = { id: @saml_response.name_id }.merge(@saml_response.attributes)
redirect_to dashboard_path
end
airport/app/views/sessions/error.html.erb
@@ -0,0 +1,12 @@
+<div class="container">
+ <div class="row">
+ <div class="col">
+ <h1>Error</h1>
+ <ul>
+ <% @saml_response.errors.full_messages.each do |message| %>
+ <li><%= message %></li>
+ <% end %>
+ </ul>
+ </div>
+ </div>
+</div>
proof/app/controllers/sessions_controller.rb
@@ -40,6 +40,6 @@ class SessionsController < ApplicationController
def validate_saml_request(raw_saml_request = params[:SAMLRequest])
@saml_request = Saml::Kit::Request.decode(raw_saml_request)
- render_http_status(:forbidden, item: @saml_request) unless @saml_request.valid?
+ render_http_status(:forbidden, item: @saml_request) if @saml_request.invalid?
end
end
saml-kit/lib/saml/kit/locales/en.yml
@@ -14,7 +14,7 @@ en:
invalid_signature: "invalid signature."
Response:
invalid: "must contain Response."
- unregistered: "must originate from registered service provider."
+ unregistered: "must originate from registered identity provider."
expired: "must not be expired."
invalid_version: "must be 2.0."
invalid_response_to: "must match request id."