Commit 86d59a8
Changed files (13)
lib
saml
spec
lib/saml/kit/assertion.rb
@@ -129,9 +129,8 @@ module Saml
end
def must_match_issuer
- unless audiences.include?(configuration.entity_id)
- errors[:audience] << error_message(:must_match_issuer)
- end
+ return if audiences.include?(configuration.entity_id)
+ errors[:audience] << error_message(:must_match_issuer)
end
def must_be_active_session
@@ -140,10 +139,10 @@ module Saml
end
def must_have_valid_signature
- if signed? && signature.invalid?
- signature.errors.each do |attribute, message|
- errors.add(attribute, message)
- end
+ return if !signed? || signature.valid?
+
+ signature.errors.each do |attribute, message|
+ errors.add(attribute, message)
end
end
lib/saml/kit/response.rb
@@ -38,9 +38,8 @@ module Saml
end
def must_contain_single_assertion
- if assertion_nodes.count > 1
- errors[:base] << error_message(:must_contain_single_assertion)
- end
+ return if assertion_nodes.count <= 1
+ errors[:base] << error_message(:must_contain_single_assertion)
end
def assertion_nodes
lib/saml/kit.rb
@@ -42,7 +42,8 @@ require 'saml/kit/invalid_document'
require 'saml/kit/service_provider_metadata'
require 'saml/kit/signature'
-I18n.load_path += Dir[File.expand_path('kit/locales/*.yml', File.dirname(__FILE__))]
+I18n.load_path +=
+ Dir[File.expand_path('kit/locales/*.yml', File.dirname(__FILE__))]
module Saml
module Kit
spec/examples/logout_request_spec.rb
@@ -1,7 +1,7 @@
-require_relative './user'
+require_relative './principal'
RSpec.describe "Logout Request" do
- let(:user) { User.new(id: SecureRandom.uuid, email: "hello@example.com") }
+ let(:user) { Principal.new(id: SecureRandom.uuid, email: "hello@example.com") }
it 'produces a SAMLRequest' do
xml = Saml::Kit::Metadata.build_xml do |builder|
spec/examples/logout_response_spec.rb
@@ -1,7 +1,7 @@
-require_relative './user'
+require_relative './principal'
RSpec.describe "Logout Response" do
- let(:user) { User.new(id: SecureRandom.uuid, email: "hello@example.com") }
+ let(:user) { Principal.new(id: SecureRandom.uuid, email: "hello@example.com") }
it 'generates a logout response' do
xml = Saml::Kit::Metadata.build_xml do |builder|
spec/examples/user.rb → spec/examples/principal.rb
@@ -1,4 +1,4 @@
-class User
+class Principal
attr_reader :id, :email
def initialize(id:, email:)
spec/examples/response_spec.rb
@@ -1,7 +1,7 @@
-require_relative './user'
+require_relative './principal'
RSpec.describe "Response" do
- let(:user) { User.new(id: SecureRandom.uuid, email: "hello@example.com") }
+ let(:user) { Principal.new(id: SecureRandom.uuid, email: "hello@example.com") }
let(:request) { Saml::Kit::AuthenticationRequest.build }
it 'consumes a Response' do
spec/saml/kit/bindings/http_post_spec.rb
@@ -43,7 +43,7 @@ RSpec.describe Saml::Kit::Bindings::HttpPost do
end
it 'returns a SAMLRequest for a LogoutRequest' do
- user = double(:user, name_id_for: SecureRandom.uuid)
+ user = User.new
builder = Saml::Kit::LogoutRequest.builder_class.new(user, configuration: configuration)
url, saml_params = subject.serialize(builder, relay_state: relay_state)
@@ -88,7 +88,7 @@ RSpec.describe Saml::Kit::Bindings::HttpPost do
end
it 'deserializes to a LogoutRequest' do
- user = double(:user, name_id_for: SecureRandom.uuid)
+ user = User.new
builder = Saml::Kit::LogoutRequest.builder_class.new(user)
_, params = subject.serialize(builder)
result = subject.deserialize(params)
@@ -96,8 +96,8 @@ RSpec.describe Saml::Kit::Bindings::HttpPost do
end
it 'deserializes to a Response' do
- user = double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: [])
- request = double(:request, id: SecureRandom.uuid, provider: nil, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: FFaker::Internet.http_url, signed?: true, trusted?: true)
+ user = User.new
+ request = instance_double(Saml::Kit::AuthenticationRequest, id: SecureRandom.uuid, provider: nil, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: FFaker::Internet.http_url, signed?: true, trusted?: true)
builder = Saml::Kit::Response.builder_class.new(user, request)
_, params = subject.serialize(builder)
result = subject.deserialize(params)
spec/saml/kit/bindings/http_redirect_spec.rb
@@ -57,7 +57,7 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
expect(result).to be_trusted
end
- it 'deserializes the SAMLRequest to an AuthnRequest with symbols for keys' do
+ it 'deserializes the SAMLRequest to an AuthnRequest' do
url, = subject.serialize(Saml::Kit::AuthenticationRequest.builder)
result = subject.deserialize(query_params_from(url).symbolize_keys)
expect(result).to be_instance_of(Saml::Kit::AuthenticationRequest)
@@ -65,12 +65,14 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
it 'deserializes the SAMLRequest to an AuthnRequest when given a custom params object' do
class Parameters
+ attr_reader :params
+
def initialize(params)
@params = params
end
def [](key)
- @params[key]
+ params[key]
end
end
url, = subject.serialize(Saml::Kit::AuthenticationRequest.builder)
@@ -79,7 +81,7 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
end
it 'deserializes the SAMLRequest to a LogoutRequest' do
- user = double(:user, name_id_for: SecureRandom.uuid)
+ user = User.new
url, = subject.serialize(Saml::Kit::LogoutRequest.builder(user))
result = subject.deserialize(query_params_from(url))
expect(result).to be_instance_of(Saml::Kit::LogoutRequest)
@@ -92,15 +94,15 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
end
it 'deserializes the SAMLResponse to a Response' do
- user = double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: [])
- request = double(:request, id: SecureRandom.uuid, provider: nil, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: entity_id, signed?: true, trusted?: true)
+ user = User.new
+ request = instance_double(Saml::Kit::AuthenticationRequest, id: SecureRandom.uuid, provider: nil, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: entity_id, signed?: true, trusted?: true)
url, = subject.serialize(Saml::Kit::Response.builder(user, request))
result = subject.deserialize(query_params_from(url))
expect(result).to be_instance_of(Saml::Kit::Response)
end
it 'deserializes the SAMLResponse to a LogoutResponse' do
- request = double(:request, id: SecureRandom.uuid, provider: provider, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: FFaker::Internet.http_url)
+ request = instance_double(Saml::Kit::LogoutRequest, id: SecureRandom.uuid, provider: provider, issuer: FFaker::Internet.http_url)
url, = subject.serialize(Saml::Kit::LogoutResponse.builder(request))
result = subject.deserialize(query_params_from(url))
expect(result).to be_instance_of(Saml::Kit::LogoutResponse)
spec/saml/kit/builders/logout_request_spec.rb
@@ -1,7 +1,7 @@
RSpec.describe Saml::Kit::Builders::LogoutRequest do
subject { described_class.new(user, configuration: configuration) }
- let(:user) { double(:user, name_id_for: name_id) }
+ let(:user) { User.new(name_id: name_id) }
let(:name_id) { SecureRandom.uuid }
let(:configuration) do
Saml::Kit::Configuration.new do |config|
spec/saml/kit/builders/logout_response_spec.rb
@@ -1,7 +1,7 @@
RSpec.describe Saml::Kit::Builders::LogoutResponse do
subject { described_class.new(request) }
- let(:user) { double(:user, name_id_for: SecureRandom.uuid) }
+ let(:user) { User.new }
let(:request) { Saml::Kit::Builders::LogoutRequest.new(user).build }
let(:issuer) { FFaker::Internet.http_url }
let(:destination) { FFaker::Internet.http_url }
spec/saml/kit/builders/response_spec.rb
@@ -10,9 +10,9 @@ RSpec.describe Saml::Kit::Builders::Response do
end
let(:email) { FFaker::Internet.email }
let(:assertion_consumer_service_url) { FFaker::Internet.uri('https') }
- let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: { email: email, created_at: Time.now.utc.iso8601 }) }
- let(:request) { double(:request, id: Xml::Kit::Id.generate, assertion_consumer_service_url: assertion_consumer_service_url, issuer: issuer, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, trusted?: true, signed?: true) }
- let(:provider) { double(:provider, want_assertions_signed: false, encryption_certificates: [configuration.certificates(use: :encryption).last]) }
+ let(:user) { User.new(attributes: { email: email, created_at: Time.now.utc.iso8601 }) }
+ let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: Xml::Kit::Id.generate, assertion_consumer_service_url: assertion_consumer_service_url, issuer: issuer, name_id_format: Saml::Kit::Namespaces::EMAIL_ADDRESS, provider: provider, trusted?: true, signed?: true) }
+ let(:provider) { instance_double(Saml::Kit::ServiceProviderMetadata, want_assertions_signed: false, encryption_certificates: [configuration.certificates(use: :encryption).last]) }
let(:issuer) { FFaker::Internet.uri('https') }
describe '#build' do
@@ -59,7 +59,7 @@ RSpec.describe Saml::Kit::Builders::Response do
expect(hash['Response']['Assertion']['Version']).to eql('2.0')
expect(hash['Response']['Assertion']['Issuer']).to eql(issuer)
- expect(hash['Response']['Assertion']['Subject']['NameID']).to eql(user.name_id_for)
+ expect(hash['Response']['Assertion']['Subject']['NameID']).to eql(user.name_id)
expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['Method']).to eql('urn:oasis:names:tc:SAML:2.0:cm:bearer')
expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['NotOnOrAfter']).to eql(3.hours.from_now.utc.iso8601)
expect(hash['Response']['Assertion']['Subject']['SubjectConfirmation']['SubjectConfirmationData']['Recipient']).to eql(assertion_consumer_service_url)
spec/saml/kit/assertion_spec.rb
@@ -35,7 +35,7 @@ RSpec.describe Saml::Kit::Assertion do
</Response>
XML
subject = described_class.new(Nokogiri::XML(xml), configuration: configuration)
- travel_to (configuration.clock_drift - 1.second).before(now)
+ travel_to((configuration.clock_drift - 1.second).before(now))
expect(subject).to be_active
expect(subject).not_to be_expired
end