Commit b7b01d4
Changed files (17)
.github
workflows
lib
spec
.github/workflows/ci.yml
@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
- ruby-version: ['2.4', '2.5', '2.6', '2.7']
+ ruby-version: ['2.5', '2.6', '2.7']
steps:
- uses: actions/checkout@v2
- name: Set up Ruby
@@ -41,5 +41,4 @@ jobs:
ruby-version: '2.7'
bundler-cache: true
- name: Running audit…
- continue-on-error: true
run: sh bin/audit
lib/saml/kit/concerns/respondable.rb
@@ -45,7 +45,7 @@ module Saml
return if request_id.nil?
return if in_response_to == request_id
- errors[:in_response_to] << error_message(:invalid_response_to)
+ errors.add(:in_response_to, error_message(:invalid_response_to))
end
end
end
lib/saml/kit/concerns/trustable.rb
@@ -54,7 +54,7 @@ module Saml
signature.valid?
signature.errors.each do |attribute, error|
- errors[attribute] << error
+ errors.add(attribute, error)
end
end
@@ -62,14 +62,14 @@ module Saml
return unless expected_type?
return if provider.present?
- errors[:provider] << error_message(:unregistered)
+ errors.add(:provider, error_message(:unregistered))
end
def must_be_trusted
return if trusted?
return if provider.present? && !signed?
- errors[:fingerprint] << error_message(:invalid_fingerprint)
+ errors.add(:fingerprint, error_message(:invalid_fingerprint))
end
end
end
lib/saml/kit/concerns/xsd_validatable.rb
@@ -20,7 +20,7 @@ module Saml
Dir.chdir(File.dirname(xsd)) do
xsd = Nokogiri::XML::Schema(IO.read(xsd))
xsd.validate(to_nokogiri.document).each do |error|
- errors[:base] << error.message
+ errors.add(:base, error.message)
end
end
end
lib/saml/kit/assertion.rb
@@ -114,13 +114,13 @@ module Saml
def must_match_issuer
return if audiences.empty? || audiences.include?(configuration.entity_id)
- errors[:audience] << error_message(:must_match_issuer)
+ errors.add(:audience, error_message(:must_match_issuer))
end
def must_be_active_session
return if active?
- errors[:base] << error_message(:expired)
+ errors.add(:base, error_message(:expired))
end
def must_have_valid_signature
lib/saml/kit/document.rb
@@ -101,7 +101,7 @@ module Saml
end
def must_be_expected_type
- errors[:base] << error_message(:invalid) unless expected_type?
+ errors.add(:base, error_message(:invalid)) unless expected_type?
end
def expected_type?
@@ -112,7 +112,7 @@ module Saml
return unless expected_type?
return if version == '2.0'
- errors[:version] << error_message(:invalid_version)
+ errors.add(:version, error_message(:invalid_version))
end
end
end
lib/saml/kit/invalid_document.rb
@@ -7,7 +7,7 @@ module Saml
# {include:file:spec/saml/kit/invalid_document_spec.rb}
class InvalidDocument < Document
validate do |model|
- model.errors[:base] << model.error_message(:invalid)
+ model.errors.add(:base, model.error_message(:invalid))
end
def initialize(xml, *)
lib/saml/kit/metadata.rb
@@ -182,7 +182,7 @@ module Saml
end
def must_contain_descriptor
- errors[:base] << error_message(:invalid) unless metadata
+ errors.add(:base, error_message(:invalid)) unless metadata
end
def must_match_xsd
@@ -193,7 +193,7 @@ module Saml
return if !signature.present? || signature.valid?
signature.errors.each do |attribute, error|
- errors[attribute] << error
+ errors.add(attribute, error)
end
end
end
lib/saml/kit/null_assertion.rb
@@ -53,7 +53,7 @@ module Saml
end
def invalid
- errors[:assertion].push(error_message(:invalid))
+ errors.add(:assertion, error_message(:invalid))
end
def name
lib/saml/kit/response.rb
@@ -45,14 +45,14 @@ module Saml
assertion.valid?
assertion.errors.each do |attribute, error|
attribute = :assertion if attribute == :base
- errors[attribute] << error
+ errors.add(attribute, error)
end
end
def must_contain_single_assertion
return if assertion_nodes.count <= 1
- errors[:base] << error_message(:must_contain_single_assertion)
+ errors.add(:base, error_message(:must_contain_single_assertion))
end
def assertion_nodes
spec/saml/kit/composite_metadata_spec.rb
@@ -89,19 +89,23 @@ RSpec.describe Saml::Kit::CompositeMetadata do
it { expect(subject.want_authn_requests_signed).to be_truthy }
it { expect(subject.attributes).to match_array([name: 'id', format: nil]) }
it { expect(subject.login_request_for(binding: :http_post)).to be_present }
+
it do
expect(subject.assertion_consumer_services).to match_array([
Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service)
])
end
+
it do
expect(subject.assertion_consumer_service_for(binding: :http_post)).to eql(
Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service)
)
end
+
it { expect(subject.want_assertions_signed).to be_truthy }
it { expect(subject.entity_id).to eql(entity_id) }
it { expect(subject.name_id_formats).to match_array([Saml::Kit::Namespaces::PERSISTENT]) }
+
it do
expect(subject.certificates).to match_array([
sp_signing_certificate,
@@ -117,39 +121,46 @@ RSpec.describe Saml::Kit::CompositeMetadata do
idp_encryption_certificate,
])
end
+
it do
expect(subject.signing_certificates).to match_array([
sp_signing_certificate,
idp_signing_certificate,
])
end
+
it do
expect(subject.services('SingleLogoutService')).to match_array([
Saml::Kit::Bindings::HttpPost.new(location: sp_logout_service),
Saml::Kit::Bindings::HttpPost.new(location: idp_logout_service),
])
end
+
it do
expect(subject.service_for(type: 'SingleLogoutService', binding: :http_post)).to eql(
Saml::Kit::Bindings::HttpPost.new(location: sp_logout_service)
)
end
+
it do
expect(subject.services('AssertionConsumerService')).to match_array([
Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service),
])
end
+
it do
expect(subject.service_for(type: 'AssertionConsumerService', binding: :http_post)).to eql(
Saml::Kit::Bindings::HttpPost.new(location: assertion_consumer_service)
)
end
+
it do
expect(subject.services('SingleSignOnService')).to match_array([
Saml::Kit::Bindings::HttpPost.new(location: sign_on_service),
Saml::Kit::Bindings::HttpRedirect.new(location: sign_on_service),
])
end
+
it do
expect(subject.service_for(type: 'SingleSignOnService', binding: :http_post)).to eql(
Saml::Kit::Bindings::HttpPost.new(location: sign_on_service)
spec/saml/kit/identity_provider_metadata_spec.rb
@@ -11,6 +11,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it { expect(subject.entity_id).to eql('http://www.okta.com/1') }
it { expect(subject.name_id_formats).to match_array([Saml::Kit::Namespaces::EMAIL_ADDRESS, Saml::Kit::Namespaces::UNSPECIFIED_NAMEID]) }
+
it do
location = 'https://dev.oktapreview.com/app/example/1/sso/saml'
expect(subject.single_sign_on_services.map(&:to_h)).to match_array([
@@ -18,12 +19,15 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
{ binding: Saml::Kit::Bindings::HTTP_REDIRECT, location: location },
])
end
+
it { expect(subject.single_logout_services).to be_empty }
+
it do
fingerprint = '9F:74:13:3B:BC:5A:7B:8B:2D:4F:8B:EF:1E:88:EB:D1:AE:BC:19:BF:CA:19:C6:2F:0F:4B:31:1D:68:98:B0:1B'
expect(subject.certificates).to match_array([::Xml::Kit::Certificate.new(certificate, use: :signing)])
expect(subject.certificates.first.fingerprint.to_s).to eql(fingerprint)
end
+
it { expect(subject.attributes).to be_empty }
end
@@ -38,6 +42,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
end
it { expect(subject.entity_id).to eql('http://www.example.com/adfs/services/trust') }
+
it do
expect(subject.name_id_formats).to match_array([
Saml::Kit::Namespaces::EMAIL_ADDRESS,
@@ -45,6 +50,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
Saml::Kit::Namespaces::TRANSIENT,
])
end
+
it do
location = 'https://www.example.com/adfs/ls/'
expect(subject.single_sign_on_services.map(&:to_h)).to match_array([
@@ -52,6 +58,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
{ location: location, binding: Saml::Kit::Bindings::HTTP_POST },
])
end
+
it do
location = 'https://www.example.com/adfs/ls/'
expect(subject.single_logout_services.map(&:to_h)).to match_array([
@@ -59,12 +66,14 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
{ location: location, binding: Saml::Kit::Bindings::HTTP_POST },
])
end
+
it do
expect(subject.certificates).to match_array([
::Xml::Kit::Certificate.new(signing_certificate, use: :signing),
::Xml::Kit::Certificate.new(encryption_certificate, use: :encryption),
])
end
+
it { expect(subject.attributes).to be_present }
end
spec/saml/kit/signature_spec.rb
@@ -17,6 +17,7 @@ RSpec.describe Saml::Kit::Signature do
specify { expect(subject.signature_method).to eql(xml_hash['Signature']['SignedInfo']['SignatureMethod']['Algorithm']) }
specify { expect(subject.canonicalization_method).to eql(xml_hash['Signature']['SignedInfo']['CanonicalizationMethod']['Algorithm']) }
specify { expect(subject.transforms).to eql(xml_hash['Signature']['SignedInfo']['Reference']['Transforms']['Transform'].map { |x| x['Algorithm'] }) }
+
specify do
expected = ::Xml::Kit::Certificate.new(xml_hash['Signature']['KeyInfo']['X509Data']['X509Certificate'], use: :signing)
expect(subject.certificate).to eql(expected)
spec/spec_helper.rb
@@ -14,7 +14,7 @@ require 'webmock/rspec'
Saml::Kit.configuration.logger.level = Xml::Kit.logger.level = Logger::FATAL
-Dir[File.join(Dir.pwd, 'spec/support/**/*.rb')].each { |f| require f }
+Dir[File.join(Dir.pwd, 'spec/support/**/*.rb')].sort.each { |f| require f }
RSpec.configure do |config|
config.include ActiveSupport::Testing::TimeHelpers
# Enable flags like --only-failures and --next-failure
.rubocop.yml
@@ -12,12 +12,12 @@ AllCops:
- 'spec/examples/**/*'
- 'tmp/**/*'
- 'vendor/**/*'
- TargetRubyVersion: 2.4
+ TargetRubyVersion: 2.5
-Layout/AlignArguments:
+Layout/ArgumentAlignment:
EnforcedStyle: with_fixed_indentation
-Layout/AlignParameters:
+Layout/ParameterAlignment:
Enabled: true
EnforcedStyle: with_fixed_indentation
IndentationWidth: 2
@@ -41,10 +41,10 @@ Layout/ClassStructure:
Layout/EndOfLine:
EnforcedStyle: lf
-Layout/IndentFirstArrayElement:
+Layout/FirstArrayElementIndentation:
EnforcedStyle: consistent
-Layout/IndentHeredoc:
+Layout/HeredocIndentation:
EnforcedStyle: active_support
Layout/MultilineMethodCallIndentation:
@@ -106,6 +106,9 @@ RSpec/ExampleLength:
RSpec/MultipleExpectations:
Enabled: false
+RSpec/MultipleMemoizedHelpers:
+ Enabled: false
+
RSpec/NamedSubject:
Enabled: false
Gemfile.lock
@@ -2,98 +2,105 @@ PATH
remote: .
specs:
saml-kit (1.1.0)
- activemodel (>= 4.2.0)
+ activemodel (~> 5.1)
net-hippie (~> 0.1)
- xml-kit (>= 0.3.0, < 1.0.0)
+ xml-kit (~> 0.4)
GEM
remote: https://rubygems.org/
specs:
- activemodel (5.2.4.3)
- activesupport (= 5.2.4.3)
- activesupport (5.2.4.3)
+ activemodel (5.2.4.4)
+ activesupport (= 5.2.4.4)
+ activesupport (5.2.4.4)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
tzinfo (~> 1.1)
- addressable (2.6.0)
- public_suffix (>= 2.0.2, < 4.0)
- ast (2.4.0)
- benchmark-malloc (0.1.0)
- benchmark-perf (0.5.0)
- benchmark-trend (0.3.0)
- builder (3.2.3)
- bundler-audit (0.6.1)
+ addressable (2.7.0)
+ public_suffix (>= 2.0.2, < 5.0)
+ ast (2.4.2)
+ benchmark-malloc (0.2.0)
+ benchmark-perf (0.6.0)
+ benchmark-trend (0.4.0)
+ builder (3.2.4)
+ bundler-audit (0.7.0.1)
bundler (>= 1.2.0, < 3)
- thor (~> 0.18)
- concurrent-ruby (1.1.6)
- crack (0.4.3)
- safe_yaml (~> 1.0.0)
- diff-lcs (1.3)
- docile (1.3.2)
- ffaker (2.12.0)
- hashdiff (1.0.0)
- i18n (1.8.2)
+ thor (>= 0.18, < 2)
+ concurrent-ruby (1.1.8)
+ crack (0.4.5)
+ rexml
+ diff-lcs (1.4.4)
+ docile (1.3.5)
+ ffaker (2.17.0)
+ hashdiff (1.0.1)
+ i18n (1.8.8)
concurrent-ruby (~> 1.0)
- jaro_winkler (1.5.3)
- json (2.3.0)
- mini_portile2 (2.4.0)
- minitest (5.14.1)
- net-hippie (0.2.6)
- nokogiri (1.10.8)
- mini_portile2 (~> 2.4.0)
- parallel (1.17.0)
- parser (2.6.3.0)
- ast (~> 2.4.0)
- public_suffix (3.1.1)
+ mini_portile2 (2.5.0)
+ minitest (5.14.3)
+ net-hippie (0.3.2)
+ nokogiri (1.11.1)
+ mini_portile2 (~> 2.5.0)
+ racc (~> 1.4)
+ parallel (1.20.1)
+ parser (3.0.0.0)
+ ast (~> 2.4.1)
+ public_suffix (4.0.6)
+ racc (1.5.2)
rainbow (3.0.0)
- rake (13.0.1)
- rspec (3.8.0)
- rspec-core (~> 3.8.0)
- rspec-expectations (~> 3.8.0)
- rspec-mocks (~> 3.8.0)
- rspec-benchmark (0.5.0)
- benchmark-malloc (~> 0.1.0)
- benchmark-perf (~> 0.5.0)
- benchmark-trend (~> 0.3.0)
- rspec (>= 3.0.0, < 4.0.0)
- rspec-core (3.8.2)
- rspec-support (~> 3.8.0)
- rspec-expectations (3.8.4)
+ rake (13.0.3)
+ regexp_parser (2.0.3)
+ rexml (3.2.4)
+ rspec (3.10.0)
+ rspec-core (~> 3.10.0)
+ rspec-expectations (~> 3.10.0)
+ rspec-mocks (~> 3.10.0)
+ rspec-benchmark (0.6.0)
+ benchmark-malloc (~> 0.2)
+ benchmark-perf (~> 0.6)
+ benchmark-trend (~> 0.4)
+ rspec (>= 3.0)
+ rspec-core (3.10.1)
+ rspec-support (~> 3.10.0)
+ rspec-expectations (3.10.1)
diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.8.0)
- rspec-mocks (3.8.1)
+ rspec-support (~> 3.10.0)
+ rspec-mocks (3.10.2)
diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.8.0)
- rspec-support (3.8.2)
- rubocop (0.74.0)
- jaro_winkler (~> 1.5.1)
+ rspec-support (~> 3.10.0)
+ rspec-support (3.10.2)
+ rubocop (0.93.1)
parallel (~> 1.10)
- parser (>= 2.6)
+ parser (>= 2.7.1.5)
rainbow (>= 2.2.2, < 4.0)
+ regexp_parser (>= 1.8)
+ rexml
+ rubocop-ast (>= 0.6.0)
ruby-progressbar (~> 1.7)
- unicode-display_width (>= 1.4.0, < 1.7)
- rubocop-rspec (1.35.0)
- rubocop (>= 0.60.0)
- ruby-prof (1.0.0)
- ruby-progressbar (1.10.1)
- safe_yaml (1.0.5)
- simplecov (0.17.0)
+ unicode-display_width (>= 1.4.0, < 2.0)
+ rubocop-ast (1.4.1)
+ parser (>= 2.7.1.5)
+ rubocop-rspec (1.44.1)
+ rubocop (~> 0.87)
+ rubocop-ast (>= 0.7.1)
+ ruby-prof (1.4.2)
+ ruby-progressbar (1.11.0)
+ simplecov (0.21.2)
docile (~> 1.1)
- json (>= 1.8, < 3)
- simplecov-html (~> 0.10.0)
- simplecov-html (0.10.2)
- thor (0.20.3)
+ simplecov-html (~> 0.11)
+ simplecov_json_formatter (~> 0.1)
+ simplecov-html (0.12.3)
+ simplecov_json_formatter (0.1.2)
+ thor (1.1.0)
thread_safe (0.3.6)
- tilt (2.0.9)
- tzinfo (1.2.7)
+ tilt (2.0.10)
+ tzinfo (1.2.9)
thread_safe (~> 0.1)
- unicode-display_width (1.6.0)
- webmock (3.6.2)
+ unicode-display_width (1.7.0)
+ webmock (3.11.2)
addressable (>= 2.3.6)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
- xml-kit (0.4.0)
+ xml-kit (0.5.0)
activemodel (>= 4.2.0)
builder (~> 3.2)
nokogiri (~> 1.10)
saml-kit.gemspec
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
spec.description = 'A simple toolkit for working with SAML.'
spec.homepage = 'https://github.com/xlgmokha/saml-kit'
spec.license = 'MIT'
- spec.required_ruby_version = '~> 2.4'
+ spec.required_ruby_version = '~> 2.5'
spec.files = `git ls-files -z`.split("\x0").reject do |f|
(
@@ -28,9 +28,9 @@ Gem::Specification.new do |spec|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
spec.require_paths = ['lib']
- spec.add_dependency 'activemodel', '>= 4.2.0'
+ spec.add_dependency 'activemodel', '~> 5.1'
spec.add_dependency 'net-hippie', '~> 0.1'
- spec.add_dependency 'xml-kit', '>= 0.3.0', '< 1.0.0'
+ spec.add_dependency 'xml-kit', '~> 0.4'
spec.add_development_dependency 'bundler', '~> 2.0'
spec.add_development_dependency 'bundler-audit', '~> 0.6'
spec.add_development_dependency 'ffaker', '~> 2.7'