Commit 7f080fc
Changed files (12)
lib/saml/kit/builders/authentication_request.rb
@@ -6,7 +6,7 @@ module Saml
attr_accessor :version
def initialize(configuration: Saml::Kit.configuration, sign: true)
- @id = SecureRandom.uuid
+ @id = "_#{SecureRandom.uuid}"
@issuer = configuration.issuer
@name_id_format = Namespaces::PERSISTENT
@now = Time.now.utc
@@ -34,7 +34,7 @@ module Saml
options = {
"xmlns:samlp" => Namespaces::PROTOCOL,
"xmlns:saml" => Namespaces::ASSERTION,
- ID: "_#{id}",
+ ID: id,
Version: version,
IssueInstant: now.utc.iso8601,
Destination: destination,
lib/saml/kit/builders/identity_provider_metadata.rb
@@ -7,7 +7,7 @@ module Saml
attr_reader :logout_urls, :single_sign_on_urls
def initialize(configuration = Saml::Kit.configuration)
- @id = SecureRandom.uuid
+ @id = "_#{SecureRandom.uuid}"
@entity_id = configuration.issuer
@attributes = []
@name_id_formats = [Namespaces::PERSISTENT]
@@ -86,7 +86,7 @@ module Saml
'xmlns': Namespaces::METADATA,
'xmlns:ds': Namespaces::XMLDSIG,
'xmlns:saml': Namespaces::ASSERTION,
- ID: "_#{id}",
+ ID: id,
entityID: entity_id,
}
end
lib/saml/kit/builders/logout_request.rb
@@ -8,7 +8,7 @@ module Saml
def initialize(user, configuration: Saml::Kit.configuration, sign: true)
@user = user
- @id = SecureRandom.uuid
+ @id = "_#{SecureRandom.uuid}"
@issuer = configuration.issuer
@name_id_format = Saml::Kit::Namespaces::PERSISTENT
@now = Time.now.utc
@@ -35,7 +35,7 @@ module Saml
def logout_request_options
{
- ID: "_#{id}",
+ ID: id,
Version: version,
IssueInstant: now.utc.iso8601,
Destination: destination,
lib/saml/kit/builders/logout_response.rb
@@ -9,7 +9,7 @@ module Saml
@user = user
@now = Time.now.utc
@request = request
- @id = SecureRandom.uuid
+ @id = "_#{SecureRandom.uuid}"
@version = "2.0"
@status_code = Namespaces::SUCCESS
@sign = sign
@@ -37,7 +37,7 @@ module Saml
def logout_response_options
{
xmlns: Namespaces::PROTOCOL,
- ID: "_#{id}",
+ ID: id,
Version: version,
IssueInstant: now.utc.iso8601,
Destination: destination,
lib/saml/kit/builders/response.rb
@@ -10,8 +10,8 @@ module Saml
def initialize(user, request)
@user = user
@request = request
- @id = SecureRandom.uuid
- @reference_id = SecureRandom.uuid
+ @id = "_#{SecureRandom.uuid}"
+ @reference_id = "_#{SecureRandom.uuid}"
@now = Time.now.utc
@version = "2.0"
@status_code = Namespaces::SUCCESS
@@ -135,7 +135,7 @@ module Saml
def response_options
{
- ID: id.present? ? "_#{id}" : nil,
+ ID: id,
Version: version,
IssueInstant: now.iso8601,
Destination: destination,
@@ -147,7 +147,7 @@ module Saml
def assertion_options
{
- ID: "_#{reference_id}",
+ ID: reference_id,
IssueInstant: now.iso8601,
Version: "2.0",
xmlns: Namespaces::ASSERTION,
lib/saml/kit/builders/service_provider_metadata.rb
@@ -6,7 +6,7 @@ module Saml
attr_accessor :want_assertions_signed
def initialize(configuration = Saml::Kit.configuration)
- @id = SecureRandom.uuid
+ @id = "_#{SecureRandom.uuid}"
@configuration = configuration
@entity_id = configuration.issuer
@acs_urls = []
@@ -71,7 +71,7 @@ module Saml
def entity_descriptor_options
{
'xmlns': Namespaces::METADATA,
- ID: "_#{id}",
+ ID: id,
entityID: entity_id,
}
end
lib/saml/kit/signature.rb
@@ -34,7 +34,7 @@ module Saml
xml.SignedInfo do
xml.CanonicalizationMethod Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
xml.SignatureMethod Algorithm: SIGNATURE_METHODS[configuration.signature_method]
- xml.Reference URI: "#_#{reference_id}" do
+ xml.Reference URI: "##{reference_id}" do
xml.Transforms do
xml.Transform Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
xml.Transform Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
spec/saml/builders/logout_request_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe Saml::Kit::Builders::LogoutRequest do
it 'produces the expected xml' do
travel_to 1.second.from_now
- subject.id = SecureRandom.uuid
+ subject.id = "_#{SecureRandom.uuid}"
subject.destination = FFaker::Internet.http_url
subject.issuer = FFaker::Internet.http_url
subject.name_id_format = Saml::Kit::Namespaces::TRANSIENT
@@ -15,7 +15,7 @@ RSpec.describe Saml::Kit::Builders::LogoutRequest do
result = subject.to_xml
xml_hash = Hash.from_xml(result)
- expect(xml_hash['LogoutRequest']['ID']).to eql("_#{subject.id}")
+ expect(xml_hash['LogoutRequest']['ID']).to eql(subject.id)
expect(xml_hash['LogoutRequest']['Version']).to eql("2.0")
expect(xml_hash['LogoutRequest']['IssueInstant']).to eql(Time.now.utc.iso8601)
expect(xml_hash['LogoutRequest']['Destination']).to eql(subject.destination)
spec/saml/authentication_request_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
RSpec.describe Saml::Kit::AuthenticationRequest do
subject { described_class.new(raw_xml) }
- let(:id) { SecureRandom.uuid }
+ let(:id) { "_#{SecureRandom.uuid}" }
let(:assertion_consumer_service_url) { "https://#{FFaker::Internet.domain_name}/acs" }
let(:issuer) { FFaker::Movie.title }
let(:destination) { FFaker::Internet.http_url }
@@ -19,7 +19,7 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
end
it { expect(subject.issuer).to eql(issuer) }
- it { expect(subject.id).to eql("_#{id}") }
+ it { expect(subject.id).to eql(id) }
it { expect(subject.assertion_consumer_service_url).to eql(assertion_consumer_service_url) }
it { expect(subject.name_id_format).to eql(name_id_format) }
it { expect(subject.destination).to eql(destination) }
@@ -77,9 +77,9 @@ RSpec.describe Saml::Kit::AuthenticationRequest do
end
it 'validates the schema of the request' do
- id = SecureRandom.uuid
+ id = "_#{SecureRandom.uuid}"
signed_xml = Saml::Kit::Signature.sign(sign: true) do |xml, signature|
- xml.tag!('samlp:AuthnRequest', "xmlns:samlp" => Saml::Kit::Namespaces::PROTOCOL, AssertionConsumerServiceURL: assertion_consumer_service_url, ID: "_#{id}") do
+ xml.tag!('samlp:AuthnRequest', "xmlns:samlp" => Saml::Kit::Namespaces::PROTOCOL, AssertionConsumerServiceURL: assertion_consumer_service_url, ID: id) do
signature.template(id)
xml.Fake do
xml.NotAllowed "Huh?"
spec/saml/logout_request_spec.rb
@@ -107,9 +107,9 @@ RSpec.describe Saml::Kit::LogoutRequest do
end
it 'validates the schema of the request' do
- id = SecureRandom.uuid
+ id = "_#{SecureRandom.uuid}"
signed_xml = Saml::Kit::Signature.sign(sign: true) do |xml, signature|
- xml.LogoutRequest ID: "_#{id}" do
+ xml.LogoutRequest ID: id do
signature.template(id)
xml.Fake do
xml.NotAllowed "Huh?"
spec/saml/response_spec.rb
@@ -54,9 +54,9 @@ RSpec.describe Saml::Kit::Response do
it 'validates the schema of the response' do
allow(registry).to receive(:metadata_for).and_return(metadata)
allow(metadata).to receive(:matches?).and_return(true)
- id = SecureRandom.uuid
+ id = "_#{SecureRandom.uuid}"
signed_xml = Saml::Kit::Signature.sign(sign: true) do |xml, signature|
- xml.tag! "samlp:Response", "xmlns:samlp" => Saml::Kit::Namespaces::PROTOCOL, ID: "_#{id}" do
+ xml.tag! "samlp:Response", "xmlns:samlp" => Saml::Kit::Namespaces::PROTOCOL, ID: id do
signature.template(id)
xml.Fake do
xml.NotAllowed "Huh?"
spec/saml/signature_spec.rb
@@ -9,7 +9,7 @@ RSpec.describe Saml::Kit::Signature do
config
end
- let(:reference_id) { SecureRandom.uuid }
+ let(:reference_id) { "_#{SecureRandom.uuid}" }
let(:rsa_key) { OpenSSL::PKey::RSA.new(2048) }
let(:public_key) { rsa_key.public_key }
let(:certificate) do
@@ -34,7 +34,7 @@ RSpec.describe Saml::Kit::Signature do
options = {
"xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
"xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion",
- ID: "_#{reference_id}",
+ ID: reference_id,
}
signed_xml = described_class.sign(sign: true, configuration: configuration) do |xml, signature|
xml.tag!('samlp:AuthnRequest', options) do
@@ -49,7 +49,7 @@ RSpec.describe Saml::Kit::Signature do
expect(signature['SignedInfo']['CanonicalizationMethod']['Algorithm']).to eql('http://www.w3.org/2001/10/xml-exc-c14n#')
expect(signature['SignedInfo']['SignatureMethod']['Algorithm']).to eql("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
- expect(signature['SignedInfo']['Reference']['URI']).to eql("#_#{reference_id}")
+ expect(signature['SignedInfo']['Reference']['URI']).to eql("##{reference_id}")
expect(signature['SignedInfo']['Reference']['Transforms']['Transform']).to match_array([
{ "Algorithm" => "http://www.w3.org/2000/09/xmldsig#enveloped-signature" },
{ "Algorithm" => "http://www.w3.org/2001/10/xml-exc-c14n#" }