Commit b2de272

mo <mo.khan@gmail.com>
2017-12-15 20:42:01
move audience validation to assertion.
main
1 parent 375e3b4
Changed files (3)
lib
saml
kit
assertion.rb
response.rb
spec
saml
response_spec.rb
lib/saml/kit/assertion.rb
@@ -4,6 +4,7 @@ module Saml
       include ActiveModel::Validations
       include Translatable
 
+      validate :must_match_issuer
       validate :must_be_active_session
       attr_reader :name
 
@@ -85,6 +86,12 @@ module Saml
         Time.at(0).to_datetime
       end
 
+      def must_match_issuer
+        unless audiences.include?(@configuration.issuer)
+          errors[:audience] << error_message(:must_match_issuer)
+        end
+      end
+
       def must_be_active_session
         return if active?
         errors[:base] << error_message(:expired)
lib/saml/kit/response.rb
@@ -4,9 +4,8 @@ module Saml
       include Respondable
       extend Forwardable
 
-      def_delegators :assertion, :name_id, :[], :attributes, :active?, :audiences
+      def_delegators :assertion, :name_id, :[], :attributes
 
-      validate :must_match_issuer
       validate :must_be_valid_assertion
 
       def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
@@ -23,16 +22,7 @@ module Saml
       def must_be_valid_assertion
         assertion.valid?
         assertion.errors.each do |attribute, error|
-          self.errors[:assertion] << error
-        end
-      end
-
-      def must_match_issuer
-        return unless expected_type?
-        return unless success?
-
-        unless audiences.include?(configuration.issuer)
-          errors[:audience] << error_message(:must_match_issuer)
+          self.errors[attribute] << error
         end
       end
spec/saml/response_spec.rb
@@ -119,7 +119,7 @@ RSpec.describe Saml::Kit::Response do
       subject = described_class.build(user, request)
       travel_to Saml::Kit.configuration.session_timeout.from_now + 5.seconds
       expect(subject).to_not be_valid
-      expect(subject.errors[:assertion]).to be_present
+      expect(subject.errors[:base]).to be_present
     end
 
     it 'is invalid before the valid session window' do
@@ -129,7 +129,7 @@ RSpec.describe Saml::Kit::Response do
       subject = described_class.build(user, request)
       travel_to 5.seconds.ago
       expect(subject).to be_invalid
-      expect(subject.errors[:assertion]).to be_present
+      expect(subject.errors[:base]).to be_present
     end
 
     it 'is invalid when the audience does not match the expected issuer' do