Commit dc28041
Changed files (34)
lib
saml
kit
builders
rspec
exe/saml-kit-create-self-signed-certificate
@@ -3,11 +3,15 @@
require 'saml/kit'
-Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-create-self-signed-certificate")
+message = "Use the 'saml-kit-cli' gem instead."\
+ ' saml-kit-create-self-signed-certificate'
+Saml::Kit.deprecate(message)
puts 'Enter Passphrase:'
passphrase = STDIN.read.strip
-certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
+certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(
+ passphrase: passphrase
+)
puts '** BEGIN File Format **'
print certificate
exe/saml-kit-decode-http-post
@@ -3,7 +3,8 @@
require 'saml/kit'
-Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-post")
+message = "Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-post"
+Saml::Kit.deprecate(message)
saml = STDIN.read
binding = Saml::Kit::Bindings::HttpPost.new(location: '')
exe/saml-kit-decode-http-redirect
@@ -3,7 +3,8 @@
require 'saml/kit'
-Saml::Kit.deprecate("Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-redirect*")
+message = "Use the 'saml-kit-cli' gem instead. saml-kit-decode-http-redirect*"
+Saml::Kit.deprecate(message)
input = STDIN.read
binding = Saml::Kit::Bindings::HttpRedirect.new(location: '')
lib/saml/kit/bindings/binding.rb
@@ -61,7 +61,8 @@ module Saml
elsif parameters[:SAMLResponse].present?
parameters[:SAMLResponse]
else
- raise ArgumentError, 'SAMLRequest or SAMLResponse parameter is required.'
+ message = 'SAMLRequest or SAMLResponse parameter is required.'
+ raise ArgumentError, message
end
end
end
lib/saml/kit/bindings/http_post.rb
@@ -19,8 +19,9 @@ module Saml
def serialize(builder, relay_state: nil)
builder.destination = location
document = builder.build
+ xml = document.to_xml
saml_params = {
- document.query_string_parameter => Base64.strict_encode64(document.to_xml),
+ document.query_string_parameter => Base64.strict_encode64(xml),
}
saml_params['RelayState'] = relay_state if relay_state.present?
[location, saml_params]
@@ -28,7 +29,10 @@ module Saml
def deserialize(params, configuration: Saml::Kit.configuration)
xml = decode(saml_param_from(params))
- Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
+ Saml::Kit::Document.to_saml_document(
+ xml,
+ configuration: configuration
+ )
end
end
end
lib/saml/kit/bindings/http_redirect.rb
@@ -20,7 +20,8 @@ module Saml
builder.embed_signature = false
builder.destination = location
document = builder.build
- [UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}]
+ url_builder = UrlBuilder.new(configuration: builder.configuration)
+ [url_builder.build(document, relay_state: relay_state), {}]
end
def deserialize(params, configuration: Saml::Kit.configuration)
@@ -34,7 +35,10 @@ module Saml
def deserialize_document_from(params, configuration)
xml = inflate(decode(unescape(saml_param_from(params))))
- Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
+ Saml::Kit::Document.to_saml_document(
+ xml,
+ configuration: configuration
+ )
end
def ensure_valid_signature(params, document)
lib/saml/kit/bindings/url_builder.rb
@@ -23,8 +23,9 @@ module Saml
payload = canonicalize(saml_document, relay_state)
"#{destination}?#{payload}&Signature=#{signature_for(payload)}"
else
+ xml = saml_document.to_xml
payload = to_query_string(
- saml_document.query_string_parameter => serialize(saml_document.to_xml),
+ saml_document.query_string_parameter => serialize(xml),
'RelayState' => relay_state
)
"#{destination}?#{payload}"
@@ -39,8 +40,9 @@ module Saml
end
def canonicalize(saml_document, relay_state)
+ xml = saml_document.to_xml
to_query_string(
- saml_document.query_string_parameter => serialize(saml_document.to_xml),
+ saml_document.query_string_parameter => serialize(xml),
'RelayState' => relay_state,
'SigAlg' => ::Xml::Kit::Namespaces::SHA256
)
lib/saml/kit/builders/assertion.rb
@@ -9,7 +9,9 @@ module Saml
include XmlTemplatable
extend Forwardable
- def_delegators :@response_builder, :request, :issuer, :reference_id, :now, :configuration, :user, :version, :destination
+ def_delegators :@response_builder,
+ :request, :issuer, :reference_id, :now, :configuration, :user,
+ :version, :destination
def initialize(response_builder, embed_signature)
@response_builder = response_builder
@@ -62,7 +64,8 @@ module Saml
{
AuthnInstant: now.iso8601,
SessionIndex: reference_id,
- SessionNotOnOrAfter: configuration.session_timeout.since(now).utc.iso8601,
+ SessionNotOnOrAfter:
+ configuration.session_timeout.since(now).utc.iso8601,
}
end
end
lib/saml/kit/builders/authentication_request.rb
@@ -7,7 +7,8 @@ module Saml
# {include:file:spec/saml/kit/builders/authentication_request_spec.rb}
class AuthenticationRequest
include XmlTemplatable
- attr_accessor :id, :now, :issuer, :assertion_consumer_service_url, :name_id_format, :destination
+ attr_accessor :id, :now, :issuer, :assertion_consumer_service_url
+ attr_accessor :name_id_format, :destination
attr_accessor :version
attr_reader :configuration
@@ -36,7 +37,8 @@ module Saml
Destination: destination,
}
if assertion_consumer_service_url.present?
- options[:AssertionConsumerServiceURL] = assertion_consumer_service_url
+ options[:AssertionConsumerServiceURL] =
+ assertion_consumer_service_url
end
options
end
lib/saml/kit/builders/encrypted_assertion.rb
@@ -10,7 +10,9 @@ module Saml
extend Forwardable
attr_reader :assertion
- def_delegators :@response_builder, :configuration, :encryption_certificate
+ def_delegators :@response_builder,
+ :configuration,
+ :encryption_certificate
def initialize(response_builder, assertion)
@response_builder = response_builder
lib/saml/kit/builders/identity_provider_metadata.rb
@@ -13,7 +13,9 @@ module Saml
attr_reader :logout_urls, :single_sign_on_urls
attr_reader :configuration
attr_reader :metadata
- def_delegators :metadata, :id, :id=, :entity_id, :entity_id=, :organization_name, :organization_name=, :organization_url, :organization_url=, :contact_email, :contact_email=, :to_xml
+ def_delegators :metadata, :id, :id=, :entity_id, :entity_id=,
+ :organization_name, :organization_name=, :organization_url,
+ :organization_url=, :contact_email, :contact_email=, :to_xml
def initialize(configuration: Saml::Kit.configuration)
@attributes = []
@@ -24,16 +26,24 @@ module Saml
@name_id_formats = [Namespaces::PERSISTENT]
@single_sign_on_urls = []
@want_authn_requests_signed = true
- @metadata = Saml::Kit::Builders::Metadata.new(configuration: configuration)
+ @metadata = Saml::Kit::Builders::Metadata.new(
+ configuration: configuration
+ )
@metadata.identity_provider = self
end
def add_single_sign_on_service(url, binding: :http_post)
- @single_sign_on_urls.push(location: url, binding: Bindings.binding_for(binding))
+ @single_sign_on_urls.push(
+ location: url,
+ binding: Bindings.binding_for(binding)
+ )
end
def add_single_logout_service(url, binding: :http_post)
- @logout_urls.push(location: url, binding: Bindings.binding_for(binding))
+ @logout_urls.push(
+ location: url,
+ binding: Bindings.binding_for(binding)
+ )
end
def build
lib/saml/kit/builders/metadata.rb
@@ -22,14 +22,18 @@ module Saml
end
def build_service_provider
- @service_provider = Saml::Kit::ServiceProviderMetadata.builder(configuration: configuration) do |xx|
- yield xx if block_given?
+ @service_provider = Saml::Kit::ServiceProviderMetadata.builder(
+ configuration: configuration
+ ) do |x|
+ yield x if block_given?
end
end
def build_identity_provider
- @identity_provider = Saml::Kit::IdentityProviderMetadata.builder(configuration: configuration) do |xx|
- yield xx if block_given?
+ @identity_provider = Saml::Kit::IdentityProviderMetadata.builder(
+ configuration: configuration
+ ) do |x|
+ yield x if block_given?
end
end
lib/saml/kit/builders/response.rb
@@ -13,7 +13,9 @@ module Saml
attr_accessor :issuer, :destination
attr_reader :configuration
- def initialize(user, request = nil, configuration: Saml::Kit.configuration)
+ def initialize(
+ user, request = nil, configuration: Saml::Kit.configuration
+ )
@user = user
@request = request
@id = ::Xml::Kit::Id.generate
@@ -23,13 +25,18 @@ module Saml
@status_code = Namespaces::SUCCESS
@status_message = nil
@issuer = configuration.entity_id
- @encryption_certificate = request.try(:provider).try(:encryption_certificates).try(:last)
+ @encryption_certificate = request.try(:provider)
+ .try(:encryption_certificates).try(:last)
@encrypt = encryption_certificate.present?
@configuration = configuration
end
def build
- Saml::Kit::Response.new(to_xml, request_id: request.try(:id), configuration: configuration)
+ Saml::Kit::Response.new(
+ to_xml,
+ request_id: request.try(:id),
+ configuration: configuration
+ )
end
def assertion=(value)
@@ -39,7 +46,9 @@ module Saml
def assertion
@assertion ||=
begin
- assertion = Saml::Kit::Builders::Assertion.new(self, embed_signature)
+ assertion = Saml::Kit::Builders::Assertion.new(
+ self, embed_signature
+ )
if encrypt
Saml::Kit::Builders::EncryptedAssertion.new(self, assertion)
else
lib/saml/kit/builders/service_provider_metadata.rb
@@ -12,7 +12,9 @@ module Saml
attr_accessor :want_assertions_signed
attr_reader :configuration
attr_reader :metadata
- def_delegators :metadata, :id, :id=, :entity_id, :entity_id=, :organization_name, :organization_name=, :organization_url, :organization_url=, :contact_email, :contact_email=, :to_xml
+ def_delegators :metadata, :id, :id=, :entity_id, :entity_id=,
+ :organization_name, :organization_name=, :organization_url,
+ :organization_url=, :contact_email, :contact_email=, :to_xml
def initialize(configuration: Saml::Kit.configuration)
@acs_urls = []
@@ -20,7 +22,9 @@ module Saml
@logout_urls = []
@name_id_formats = [Namespaces::PERSISTENT]
@want_assertions_signed = true
- @metadata = Saml::Kit::Builders::Metadata.new(configuration: configuration)
+ @metadata = Saml::Kit::Builders::Metadata.new(
+ configuration: configuration
+ )
@metadata.service_provider = self
end
@@ -29,7 +33,10 @@ module Saml
end
def add_single_logout_service(url, binding: :http_post)
- @logout_urls.push(location: url, binding: Bindings.binding_for(binding))
+ @logout_urls.push(
+ location: url,
+ binding: Bindings.binding_for(binding)
+ )
end
def build
lib/saml/kit/rspec/have_xpath.rb
@@ -6,11 +6,13 @@ RSpec::Matchers.define :have_xpath do |xpath|
end
failure_message do |actual|
- "Expected xpath: #{xpath.inspect} to match in:\n #{xml_pretty_print(actual)}"
+ xml = xml_pretty_print(actual)
+ "Expected xpath: #{xpath.inspect} to match in:\n #{xml}"
end
failure_message_when_negated do |actual|
- "Expected xpath: #{xpath.inspect} not to match in:\n #{xml_pretty_print(actual)}"
+ xml = xml_pretty_print(actual)
+ "Expected xpath: #{xpath.inspect} not to match in:\n #{xml}"
end
def xml_pretty_print(raw_xml)
lib/saml/kit/assertion.rb
@@ -20,14 +20,18 @@ module Saml
attr_reader :name
attr_accessor :occurred_at
- def initialize(node, configuration: Saml::Kit.configuration, private_keys: [])
+ def initialize(
+ node, configuration: Saml::Kit.configuration, private_keys: []
+ )
@name = 'Assertion'
@node = node
@configuration = configuration
@occurred_at = Time.current
@cannot_decrypt = false
@encrypted = false
- private_keys = (configuration.private_keys(use: :encryption) + private_keys).uniq
+ private_keys = (
+ configuration.private_keys(use: :encryption) + private_keys
+ ).uniq
decrypt(::Xml::Kit::Decryption.new(private_keys: private_keys))
end
@@ -57,8 +61,11 @@ module Saml
end
def attributes
- @attributes ||= search('./saml:AttributeStatement/saml:Attribute').inject({}) do |memo, item|
- memo[item.attribute('Name').value] = item.at_xpath('./saml:AttributeValue', Saml::Kit::Document::NAMESPACES).try(:text)
+ xpath = './saml:AttributeStatement/saml:Attribute'
+ @attributes ||= search(xpath).inject({}) do |memo, item|
+ namespaces = Saml::Kit::Document::NAMESPACES
+ attribute = item.at_xpath('./saml:AttributeValue', namespaces)
+ memo[item.attribute('Name').value] = attribute.try(:text)
memo
end.with_indifferent_access
end
@@ -72,7 +79,8 @@ module Saml
end
def audiences
- search('./saml:Conditions/saml:AudienceRestriction/saml:Audience').map(&:text)
+ xpath = './saml:Conditions/saml:AudienceRestriction/saml:Audience'
+ search(xpath).map(&:text)
end
def encrypted?
lib/saml/kit/authentication_request.rb
@@ -11,9 +11,17 @@ module Saml
# end
#
# <?xml version="1.0" encoding="UTF-8"?>
- # <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_ca3a0e72-9530-41f1-9518-c53716de88b2" Version="2.0" IssueInstant="2017-12-19T16:27:44Z" Destination="http://hartmann.info" AssertionConsumerServiceURL="https://carroll.com/acs">
+ # <samlp:AuthnRequest
+ # xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ # xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ # ID="_ca3a0e72-9530-41f1-9518-c53716de88b2"
+ # Version="2.0"
+ # IssueInstant="2017-12-19T16:27:44Z"
+ # Destination="http://hartmann.info"
+ # AssertionConsumerServiceURL="https://carroll.com/acs">
# <saml:Issuer>Day of the Dangerous Cousins</saml:Issuer>
- # <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
+ # <samlp:NameIDPolicy
+ # Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
# </samlp:AuthnRequest>
#
# Example:
@@ -25,13 +33,16 @@ module Saml
# Create an instance of an AuthnRequest document.
#
# @param xml [String] the raw xml.
- # @param configuration [Saml::Kit::Configuration] defaults to the global configuration.
+ # @param configuration [Saml::Kit::Configuration] defaults to the global
+ # configuration.
def initialize(xml, configuration: Saml::Kit.configuration)
super(xml, name: 'AuthnRequest', configuration: configuration)
end
# Extract the AssertionConsumerServiceURL from the AuthnRequest
- # <samlp:AuthnRequest AssertionConsumerServiceURL="https://carroll.com/acs"></samlp:AuthnRequest>
+ # <samlp:AuthnRequest
+ # AssertionConsumerServiceURL="https://carroll.com/acs">
+ # </samlp:AuthnRequest>
def assertion_consumer_service_url
at_xpath('./*/@AssertionConsumerServiceURL').try(:value)
end
@@ -42,23 +53,31 @@ module Saml
# Extract the NameIDPolicy from the AuthnRequest
# <samlp:AuthnRequest>
- # <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
+ # <samlp:NameIDPolicy
+ # Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
# </samlp:AuthnRequest>
def name_id_policy
at_xpath('./*/samlp:NameIDPolicy/@Format').try(:value)
end
# Generate a Response for a specific user.
- # @param user [Object] this is a custom user object that can be used for generating a nameid and assertion attributes.
- # @param binding [Symbol] the SAML binding to use `:http_post` or `:http_redirect`.
- # @param configuration [Saml::Kit::Configuration] the configuration to use to build the response.
- def response_for(user, binding:, relay_state: nil, configuration: Saml::Kit.configuration)
- response_binding = provider.assertion_consumer_service_for(binding: binding)
- response = Saml::Kit::Response.builder(user, self, configuration: configuration) do |builder|
- builder.embed_signature = provider.want_assertions_signed
- yield builder if block_given?
- end
- response_binding.serialize(response, relay_state: relay_state)
+ # @param user [Object] this is a custom user object that can be used for
+ # generating a nameid and assertion attributes.
+ # @param binding [Symbol] the SAML binding to use
+ # `:http_post` or `:http_redirect`.
+ # @param configuration [Saml::Kit::Configuration] the configuration to
+ # use to build the response.
+ def response_for(
+ user, binding:, relay_state: nil, configuration: Saml::Kit.configuration
+ )
+ response =
+ Response.builder(user, self, configuration: configuration) do |x|
+ x.embed_signature = provider.want_assertions_signed
+ yield x if block_given?
+ end
+ provider
+ .assertion_consumer_service_for(binding: binding)
+ .serialize(response, relay_state: relay_state)
end
end
end
lib/saml/kit/bindings.rb
@@ -11,9 +11,10 @@ module Saml
# the different SAML bindings that are
# supported by this gem.
module Bindings
- HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'.freeze
- HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'.freeze
- HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'.freeze
+ BINDINGS_2_0 = 'urn:oasis:names:tc:SAML:2.0:bindings'.freeze
+ HTTP_ARTIFACT = "#{BINDINGS_2_0}:HTTP-Artifact".freeze
+ HTTP_POST = "#{BINDINGS_2_0}:HTTP-POST".freeze
+ HTTP_REDIRECT = "#{BINDINGS_2_0}:HTTP-Redirect".freeze
ALL = {
http_post: HTTP_POST,
http_redirect: HTTP_REDIRECT,
lib/saml/kit/composite_metadata.rb
@@ -20,7 +20,9 @@ module Saml
end
def services(type)
- xpath = map { |xxx| "//md:EntityDescriptor/md:#{xxx.name}/md:#{type}" }.join('|')
+ xpath = map do |x|
+ "//md:EntityDescriptor/md:#{x.name}/md:#{type}"
+ end.join('|')
search(xpath).map do |item|
binding = item.attribute('Binding').value
location = item.attribute('Location').value
@@ -37,7 +39,7 @@ module Saml
end
def method_missing(name, *args)
- if (target = find { |xxx| xxx.respond_to?(name) })
+ if (target = find { |x| x.respond_to?(name) })
target.public_send(name, *args)
else
super
@@ -45,7 +47,7 @@ module Saml
end
def respond_to_missing?(method, *)
- find { |xxx| xxx.respond_to?(method) }
+ find { |x| x.respond_to?(method) }
end
end
end
lib/saml/kit/configuration.rb
@@ -2,7 +2,8 @@
module Saml
module Kit
- # This class represents the main configuration that is use for generating SAML documents.
+ # This class represents the main configuration that is use for generating
+ # SAML documents.
#
# Saml::Kit::Configuration.new do |config|
# config.entity_id = "com:saml:kit"
@@ -19,17 +20,25 @@ module Saml
# Saml::Kit.configure do |configuration|
# configuration.entity_id = "https://www.example.com/saml/metadata"
# configuration.generate_key_pair_for(use: :signing)
- # configuration.add_key_pair(ENV["X509_CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PRIVATE_KEY_PASSPHRASE'], use: :encryption)
+ # configuration.add_key_pair(
+ # ENV["X509_CERTIFICATE"],
+ # ENV["PRIVATE_KEY"],
+ # passphrase: ENV['PRIVATE_KEY_PASSPHRASE'],
+ # use: :encryption
+ # )
# end
class Configuration
USES = %i[signing encryption].freeze
# The issuer to use in requests or responses from this entity to use.
attr_accessor :entity_id
- # The signature method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
+ # The signature method to use when generating signatures
+ # (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
attr_accessor :signature_method
- # The digest method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::DIGEST_METHODS})
+ # The digest method to use when generating signatures
+ # (See {Saml::Kit::Builders::XmlSignature::DIGEST_METHODS})
attr_accessor :digest_method
- # The metadata registry to use for searching for metadata associated with an issuer.
+ # The metadata registry to use for searching for metadata associated
+ # with an issuer.
attr_accessor :registry
# The session timeout to use when generating an Assertion.
attr_accessor :session_timeout
@@ -57,7 +66,11 @@ module Saml
# @param use [Symbol] the type of key pair, `:signing` or `:encryption`
def add_key_pair(certificate, private_key, passphrase: nil, use: :signing)
ensure_proper_use(use)
- @key_pairs.push(::Xml::Kit::KeyPair.new(certificate, private_key, passphrase, use.to_sym))
+ @key_pairs.push(
+ ::Xml::Kit::KeyPair.new(
+ certificate, private_key, passphrase, use.to_sym
+ )
+ )
end
# Generates a unique key pair that can be used for signing or encryption.
@@ -66,27 +79,32 @@ module Saml
# @param passphrase [String] the private key passphrase to use.
def generate_key_pair_for(use:, passphrase: SecureRandom.uuid)
ensure_proper_use(use)
- certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
+ certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(
+ passphrase: passphrase
+ )
add_key_pair(certificate, private_key, passphrase: passphrase, use: use)
end
# Return each key pair for a specific use.
#
- # @param use [Symbol] the type of key pair to return `nil`, `:signing` or `:encryption`
+ # @param use [Symbol] the type of key pair to return
+ # `nil`, `:signing` or `:encryption`
def key_pairs(use: nil)
use.present? ? @key_pairs.find_all { |xxx| xxx.for?(use) } : @key_pairs
end
# Return each certificate for a specific use.
#
- # @param use [Symbol] the type of key pair to return `nil`, `:signing` or `:encryption`
+ # @param use [Symbol] the type of key pair to return
+ # `nil`, `:signing` or `:encryption`
def certificates(use: nil)
key_pairs(use: use).flat_map(&:certificate)
end
# Return each private for a specific use.
#
- # @param use [Symbol] the type of key pair to return `nil`, `:signing` or `:encryption`
+ # @param use [Symbol] the type of key pair to return
+ # `nil`, `:signing` or `:encryption`
def private_keys(use: nil)
key_pairs(use: use).flat_map(&:private_key)
end
lib/saml/kit/default_registry.rb
@@ -2,8 +2,10 @@
module Saml
module Kit
- # The default metadata registry is used to fetch the metadata associated with an issuer or entity id.
- # The metadata associated with an issuer is used to verify trust for any SAML documents that are received.
+ # The default metadata registry is used to fetch the metadata associated
+ # with an issuer or entity id.
+ # The metadata associated with an issuer is used to verify trust for any
+ # SAML documents that are received.
#
# You can replace the default registry with your own at startup.
#
@@ -47,7 +49,8 @@ module Saml
end
# Register metadata via a remote URL.
- # This will attempt to connect to the remove URL to download the metadata and register it in the registry.
+ # This will attempt to connect to the remove URL to download the
+ # metadata and register it in the registry.
#
# @param url [String] the url to download the metadata from.
# @param verify_ssl [Boolean] enable/disable SSL peer verification.
@@ -58,7 +61,8 @@ module Saml
# Returns the metadata document associated with an issuer or entityID.
#
- # @param entity_id [String] the unique entityID/Issuer associated with metadata.
+ # @param entity_id [String] unique entityID/Issuer associated with
+ # metadata.
def metadata_for(entity_id)
@items[entity_id]
end
@@ -74,7 +78,10 @@ module Saml
def ensure_valid_metadata(metadata)
error = ArgumentError.new('Cannot register invalid metadata')
- raise error if metadata.nil? || !metadata.respond_to?(:entity_id) || metadata.invalid?
+ raise error if
+ metadata.nil? ||
+ !metadata.respond_to?(:entity_id) ||
+ metadata.invalid?
end
# This class is responsible for
lib/saml/kit/document.rb
@@ -9,7 +9,9 @@ module Saml
include Translatable
include Trustable
include Buildable
- PROTOCOL_XSD = File.expand_path('./xsd/saml-schema-protocol-2.0.xsd', File.dirname(__FILE__)).freeze
+ PROTOCOL_XSD = File.expand_path(
+ './xsd/saml-schema-protocol-2.0.xsd', File.dirname(__FILE__)
+ ).freeze
NAMESPACES = {
"NameFormat": ::Saml::Kit::Namespaces::ATTR_SPLAT,
"ds": ::Xml::Kit::Namespaces::XMLDSIG,
@@ -106,14 +108,18 @@ module Saml
# Returns the raw xml as a Saml::Kit SAML document.
#
# @param xml [String] the raw xml string.
- # @param configuration [Saml::Kit::Configuration] the configuration to use for unpacking the document.
+ # @param configuration [Saml::Kit::Configuration] configuration to use
+ # for unpacking the document.
def to_saml_document(xml, configuration: Saml::Kit.configuration)
+ namespaces = { "samlp": ::Saml::Kit::Namespaces::PROTOCOL }
+ document = Nokogiri::XML(xml)
+ element = document.at_xpath(XPATH, namespaces)
constructor = {
'AuthnRequest' => Saml::Kit::AuthenticationRequest,
'LogoutRequest' => Saml::Kit::LogoutRequest,
'LogoutResponse' => Saml::Kit::LogoutResponse,
'Response' => Saml::Kit::Response,
- }[Nokogiri::XML(xml).at_xpath(XPATH, "samlp": ::Saml::Kit::Namespaces::PROTOCOL).name] || InvalidDocument
+ }[element.name] || InvalidDocument
constructor.new(xml, configuration: configuration)
rescue StandardError => error
Saml::Kit.logger.error(error)
lib/saml/kit/identity_provider_metadata.rb
@@ -2,16 +2,31 @@
module Saml
module Kit
- # This class is used to parse the IDPSSODescriptor from a SAML metadata document.
+ # This class parses the IDPSSODescriptor from a SAML metadata document.
#
# raw_xml = <<-XML
# <?xml version="1.0" encoding="UTF-8"?>
- # <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cfa24e2f-0ec0-4ee3-abb8-b2fcfe394c1c" entityID="">
- # <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- # <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/logout"/>
- # <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
- # <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/login"/>
- # <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.example.com/login"/>
+ # <EntityDescriptor
+ # xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ # xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ # xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ # ID="_cfa24e2f-0ec0-4ee3-abb8-b2fcfe394c1c"
+ # entityID="my-entity-id">
+ # <IDPSSODescriptor
+ # WantAuthnRequestsSigned="true"
+ # protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ # <SingleLogoutService
+ # Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ # Location="https://www.example.com/logout" />
+ # <NameIDFormat>
+ # urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+ # </NameIDFormat>
+ # <SingleSignOnService
+ # Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ # Location="https://www.example.com/login" />
+ # <SingleSignOnService
+ # Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ # Location="https://www.example.com/login" />
# <saml:Attribute Name="id"/>
# </IDPSSODescriptor>
# </EntityDescriptor>
@@ -70,14 +85,18 @@ module Saml
# Creates a AuthnRequest document for the specified binding.
#
# @param binding [Symbol] `:http_post` or `:http_redirect`.
- # @param relay_state [Object] The RelayState to include the returned SAML params.
- # @param configuration [Saml::Kit::Configuration] the configuration to use for generating the request.
- # @return [Array] The url and saml params encoded using the rules for the specified binding.
- def login_request_for(binding:, relay_state: nil, configuration: Saml::Kit.configuration)
- builder = Saml::Kit::AuthenticationRequest.builder(configuration: configuration) do |xxx|
- xxx.embed_signature = want_authn_requests_signed
- yield xxx if block_given?
- end
+ # @param relay_state [Object] RelayState to include the returned params.
+ # @param configuration [Saml::Kit::Configuration] the configuration to
+ # use for generating the request.
+ # @return [Array] Url and params encoded using rules for binding.
+ def login_request_for(
+ binding:, relay_state: nil, configuration: Saml::Kit.configuration
+ )
+ builder =
+ AuthenticationRequest.builder(configuration: configuration) do |x|
+ x.embed_signature = want_authn_requests_signed
+ yield x if block_given?
+ end
request_binding = single_sign_on_service_for(binding: binding)
request_binding.serialize(builder, relay_state: relay_state)
end
lib/saml/kit/logout_request.rb
@@ -16,7 +16,8 @@ module Saml
#
# See {Saml::Kit::Builders::LogoutRequest} for a list of available settings.
#
- # This class can also be used to generate the correspondong LogoutResponse for a LogoutRequest.
+ # This class can also be used to generate the correspondong LogoutResponse
+ # for a LogoutRequest.
#
# document = Saml::Kit::LogoutRequest.new(raw_xml)
# url, saml_params = document.response_for(binding: :http_post)
@@ -31,7 +32,7 @@ module Saml
# A new instance of LogoutRequest
#
# @param xml [String] The raw xml string.
- # @param configuration [Saml::Kit::Configuration] the configuration to use.
+ # @param configuration [Saml::Kit::Configuration] configuration to use.
def initialize(xml, configuration: Saml::Kit.configuration)
super(xml, name: 'LogoutRequest', configuration: configuration)
end
@@ -45,11 +46,15 @@ module Saml
at_xpath('./*/saml:NameID/@Format').try(:value)
end
- # Generates a Serialized LogoutResponse using the encoding rules for the specified binding.
+ # Generates a Serialized LogoutResponse using the encoding rules for
+ # the specified binding.
#
- # @param binding [Symbol] The binding to use `:http_redirect` or `:http_post`.
- # @param relay_state [Object] The RelayState to include in the RelayState param.
- # @return [Array] Returns an array with a url and Hash of parameters to return to the requestor.
+ # @param binding [Symbol] The binding to use `:http_redirect` or
+ # `:http_post`.
+ # @param relay_state [Object] The RelayState to include in the
+ # RelayState param.
+ # @return [Array] Returns an array with a url and Hash of parameters to
+ # return to the requestor.
def response_for(binding:, relay_state: nil)
builder = Saml::Kit::LogoutResponse.builder(self) do |xxx|
yield xxx if block_given?
lib/saml/kit/logout_response.rb
@@ -10,7 +10,9 @@ module Saml
class LogoutResponse < Document
include Respondable
- def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
+ def initialize(
+ xml, request_id: nil, configuration: Saml::Kit.configuration
+ )
@request_id = request_id
super(xml, name: 'LogoutResponse', configuration: configuration)
end
lib/saml/kit/metadata.rb
@@ -8,20 +8,21 @@ module Saml
#
# It can also be used to generate a new metadata string.
#
- # metadata = Saml::Kit::Metadata.build do |builder|
- # builder.entity_id = "my-issuer"
- # builder.build_service_provider do |x|
- # x.add_assertion_consumer_service(assertions_url, binding: :http_post)
- # x.add_single_logout_service(logout_url, binding: :http_post)
- # end
- # builder.build_identity_provider do |x|
- # x.add_single_sign_on_service(login_url, binding: :http_redirect)
- # x.add_single_logout_service(logout_url, binding: :http_post)
- # end
- # end
- # puts metadata.to_xml(pretty: true)
+ # metadata = Saml::Kit::Metadata.build do |builder|
+ # builder.entity_id = "my-issuer"
+ # builder.build_service_provider do |x|
+ # x.add_assertion_consumer_service(assertions_url, binding: :http_post)
+ # x.add_single_logout_service(logout_url, binding: :http_post)
+ # end
+ # builder.build_identity_provider do |x|
+ # x.add_single_sign_on_service(login_url, binding: :http_redirect)
+ # x.add_single_logout_service(logout_url, binding: :http_post)
+ # end
+ # end
+ # puts metadata.to_xml(pretty: true)
#
- # See {Saml::Kit::Builders::ServiceProviderMetadata} and {Saml::Kit::Builders::IdentityProviderMetadata}
+ # See {Saml::Kit::Builders::ServiceProviderMetadata} and
+ # {Saml::Kit::Builders::IdentityProviderMetadata}
# for a list of options that can be specified.
# {include:file:spec/examples/metadata_spec.rb}
class Metadata
@@ -29,7 +30,9 @@ module Saml
include XsdValidatable
include Translatable
include Buildable
- METADATA_XSD = File.expand_path('./xsd/saml-schema-metadata-2.0.xsd', File.dirname(__FILE__)).freeze
+ METADATA_XSD = File.expand_path(
+ './xsd/saml-schema-metadata-2.0.xsd', File.dirname(__FILE__)
+ ).freeze
NAMESPACES = {
NameFormat: Namespaces::ATTR_SPLAT,
ds: ::Xml::Kit::Namespaces::XMLDSIG,
@@ -62,12 +65,14 @@ module Saml
# Returns the Organization Name
def organization_name
- at_xpath('/md:EntityDescriptor/md:Organization/md:OrganizationName').try(:text)
+ xpath = '/md:EntityDescriptor/md:Organization/md:OrganizationName'
+ at_xpath(xpath).try(:text)
end
# Returns the Organization URL
def organization_url
- at_xpath('/md:EntityDescriptor/md:Organization/md:OrganizationURL').try(:text)
+ xpath = '/md:EntityDescriptor/md:Organization/md:OrganizationURL'
+ at_xpath(xpath).try(:text)
end
# Returns the Company
@@ -76,10 +81,15 @@ module Saml
end
# Returns each of the X509 certificates.
- def certificates
- @certificates ||= search("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
- cert = item.at_xpath('./ds:KeyInfo/ds:X509Data/ds:X509Certificate', 'ds' => ::Xml::Kit::Namespaces::XMLDSIG).try(:text)
- ::Xml::Kit::Certificate.new(cert, use: item.attribute('use').try(:value))
+ def certificates(
+ xpath = "/md:EntityDescriptor/md:#{name}/md:KeyDescriptor"
+ )
+ @certificates ||= search(xpath).map do |item|
+ xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
+ namespaces = { 'ds' => ::Xml::Kit::Namespaces::XMLDSIG }
+ cert = item.at_xpath(xpath, namespaces).try(:text)
+ use_attribute = item.attribute('use')
+ ::Xml::Kit::Certificate.new(cert, use: use_attribute.try(:value))
end
end
@@ -95,7 +105,8 @@ module Saml
# Returns each of the service endpoints supported by this metadata.
#
- # @param type [String] the type of service. .E.g. `AssertionConsumerServiceURL`
+ # @param type [String] the type of service.
+ # .E.g. `AssertionConsumerServiceURL`
def services(type)
search("/md:EntityDescriptor/md:#{name}/md:#{type}").map do |item|
binding = item.attribute('Binding').value
@@ -107,7 +118,9 @@ module Saml
# Returns a specifing service binding.
#
# @param binding [Symbol] can be `:http_post` or `:http_redirect`.
- # @param type [Symbol] can be on the service element like `AssertionConsumerServiceURL`, `SingleSignOnService` or `SingleLogoutService`.
+ # @param type [Symbol] can be on the service element like
+ # `AssertionConsumerServiceURL`, `SingleSignOnService` or
+ # `SingleLogoutService`.
def service_for(binding:, type:)
binding = Saml::Kit::Bindings.binding_for(binding)
services(type).find { |xxx| xxx.binding?(binding) }
@@ -127,23 +140,31 @@ module Saml
# Creates a serialized LogoutRequest.
#
- # @param user [Object] a user object that responds to `name_id_for` and `assertion_attributes_for`.
+ # @param user [Object] a user object that responds to `name_id_for` and
+ # `assertion_attributes_for`.
# @param binding [Symbol] can be `:http_post` or `:http_redirect`.
# @param relay_state [String] the relay state to have echo'd back.
- # @return [Array] Returns an array with a url and Hash of parameters to send to the other party.
+ # @return [Array] Returns an array with a url and Hash of parameters to
+ # send to the other party.
def logout_request_for(user, binding: :http_post, relay_state: nil)
- builder = Saml::Kit::LogoutRequest.builder(user) { |xxx| yield xxx if block_given? }
+ builder = Saml::Kit::LogoutRequest.builder(user) do |xxx|
+ yield xxx if block_given?
+ end
request_binding = single_logout_service_for(binding: binding)
request_binding.serialize(builder, relay_state: relay_state)
end
# Returns the certificate that matches the fingerprint
#
- # @param fingerprint [Saml::Kit::Fingerprint] the fingerprint to search for.
- # @param use [Symbol] the type of certificates to look at. Can be `:signing` or `:encryption`.
- # @return [Xml::Kit::Certificate] returns the matching `{Xml::Kit::Certificate}`
+ # @param fingerprint [Saml::Kit::Fingerprint] the fingerprint to search.
+ # @param use [Symbol] the type of certificates to look at.
+ # Can be `:signing` or `:encryption`.
+ # @return [Xml::Kit::Certificate] returns the matching
+ # `{Xml::Kit::Certificate}`
def matches?(fingerprint, use: :signing)
- certificates.find { |xxx| xxx.for?(use) && xxx.fingerprint == fingerprint }
+ certificates.find do |xxx|
+ xxx.for?(use) && xxx.fingerprint == fingerprint
+ end
end
# Returns the XML document converted to a Hash.
@@ -153,7 +174,8 @@ module Saml
# Returns the XML document as a String.
#
- # @param pretty [Boolean] true to return a human friendly version of the XML.
+ # @param pretty [Boolean] true to return a human friendly version
+ # of the XML.
def to_xml(pretty: nil)
pretty ? to_nokogiri.to_xml(indent: 2) : to_s
end
@@ -165,18 +187,20 @@ module Saml
# Verifies the signature and data using the signing certificates.
#
- # @param algorithm [OpenSSL::Digest] the digest algorithm to use. E.g. `OpenSSL::Digest::SHA256`
+ # @param algorithm [OpenSSL::Digest] the digest algorithm to use.
+ # E.g. `OpenSSL::Digest::SHA256`
# @param signature [String] the signature to verify
# @param data [String] the data that is used to produce the signature.
- # @return [Xml::Kit::Certificate] the certificate that was used to produce the signature.
+ # @return [Xml::Kit::Certificate] the certificate that was used to
+ # produce the signature.
def verify(algorithm, signature, data)
signing_certificates.find do |certificate|
certificate.public_key.verify(algorithm, signature, data)
end
end
- def signature
- @signature ||= Signature.new(at_xpath('/md:EntityDescriptor/ds:Signature'))
+ def signature(xpath = '/md:EntityDescriptor/ds:Signature')
+ @signature ||= Signature.new(at_xpath(xpath))
end
class << self
@@ -187,8 +211,10 @@ module Saml
def from(content)
document = Nokogiri::XML(content)
return unless document.at_xpath('/md:EntityDescriptor', NAMESPACES)
- sp = document.at_xpath('/md:EntityDescriptor/md:SPSSODescriptor', NAMESPACES)
- idp = document.at_xpath('/md:EntityDescriptor/md:IDPSSODescriptor', NAMESPACES)
+ xpath = '/md:EntityDescriptor/md:SPSSODescriptor'
+ sp = document.at_xpath(xpath, NAMESPACES)
+ xpath = '/md:EntityDescriptor/md:IDPSSODescriptor'
+ idp = document.at_xpath(xpath, NAMESPACES)
if sp && idp
Saml::Kit::CompositeMetadata.new(content)
elsif sp
lib/saml/kit/namespaces.rb
@@ -18,7 +18,8 @@ module Saml
INVALID_NAME_ID_POLICY = "#{STATUS}:InvalidNameIDPolicy".freeze
METADATA = "#{SAML_2_0}:metadata".freeze
PASSWORD = "#{SAML_2_0}:ac:classes:Password".freeze
- PASSWORD_PROTECTED = "#{SAML_2_0}:ac:classes:PasswordProtectedTransport".freeze
+ PASSWORD_PROTECTED =
+ "#{SAML_2_0}:ac:classes:PasswordProtectedTransport".freeze
PERSISTENT = "#{NAME_ID_FORMAT_2_0}:persistent".freeze
PROTOCOL = "#{SAML_2_0}:protocol".freeze
REQUESTER_ERROR = "#{STATUS}:Requester".freeze
lib/saml/kit/response.rb
@@ -14,7 +14,11 @@ module Saml
validate :must_be_valid_assertion
validate :must_contain_single_assertion
- def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
+ def initialize(
+ xml,
+ request_id: nil,
+ configuration: Saml::Kit.configuration
+ )
@request_id = request_id
super(xml, name: 'Response', configuration: configuration)
end
@@ -26,7 +30,11 @@ module Saml
if node.nil?
Saml::Kit::NullAssertion.new
else
- Saml::Kit::Assertion.new(node, configuration: @configuration, private_keys: private_keys)
+ Saml::Kit::Assertion.new(
+ node,
+ configuration: @configuration,
+ private_keys: private_keys
+ )
end
end
end
lib/saml/kit/service_provider_metadata.rb
@@ -25,7 +25,8 @@ module Saml
# Returns true when the metadata demands that Assertions must be signed.
def want_assertions_signed
- attribute = at_xpath("/md:EntityDescriptor/md:#{name}").attribute('WantAssertionsSigned')
+ element = at_xpath("/md:EntityDescriptor/md:#{name}")
+ attribute = element.attribute('WantAssertionsSigned')
return true if attribute.nil?
attribute.text.casecmp('true').zero?
end
lib/saml/kit/signature.rb
@@ -21,12 +21,14 @@ module Saml
# Returns the embedded X509 Certificate
def certificate
- value = at_xpath('./ds:KeyInfo/ds:X509Data/ds:X509Certificate').try(:text)
+ xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
+ value = at_xpath(xpath).try(:text)
return if value.nil?
::Xml::Kit::Certificate.new(value, use: :signing)
end
- # Returns true when the fingerprint of the certificate matches one of the certificates registered in the metadata.
+ # Returns true when the fingerprint of the certificate matches one of
+ # the certificates registered in the metadata.
def trusted?(metadata)
return false if metadata.nil?
metadata.matches?(certificate.fingerprint, use: :signing).present?
@@ -44,7 +46,8 @@ module Saml
end
def digest_method
- at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm').try(:value)
+ xpath = './ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm'
+ at_xpath(xpath).try(:value)
end
def signature_value
@@ -56,11 +59,20 @@ module Saml
end
def canonicalization_method
- at_xpath('./ds:SignedInfo/ds:CanonicalizationMethod/@Algorithm').try(:value)
+ xpath = './ds:SignedInfo/ds:CanonicalizationMethod/@Algorithm'
+ at_xpath(xpath).try(:value)
end
def transforms
- node.search('./ds:SignedInfo/ds:Reference/ds:Transforms/ds:Transform/@Algorithm', Saml::Kit::Document::NAMESPACES).try(:map, &:value)
+ xpath = xpath_for([
+ '.',
+ 'ds:SignedInfo',
+ 'ds:Reference',
+ 'ds:Transforms',
+ 'ds:Transform',
+ '@Algorithm',
+ ])
+ node.search(xpath, Saml::Kit::Document::NAMESPACES).try(:map, &:value)
end
# Returns the XML Hash.
@@ -115,6 +127,10 @@ module Saml
def dsignature
@dsignature ||= Xmldsig::Signature.new(node, 'ID=$uri or @Id')
end
+
+ def xpath_for(segments)
+ segments.join('/')
+ end
end
end
end
lib/saml/kit/trustable.rb
@@ -9,14 +9,15 @@ module Saml
extend ActiveSupport::Concern
included do
- validate :must_have_valid_signature, unless: :signature_manually_verified
+ validate :must_have_valid_signature, unless: :signature_verified
validate :must_be_registered
validate :must_be_trusted
end
- # Returns true when the document has an embedded XML Signature or has been verified externally.
+ # Returns true when the document has an embedded XML Signature or has
+ # been verified externally.
def signed?
- signature_manually_verified || signature.present?
+ signature_verified || signature.present?
end
# @!visibility private
@@ -24,9 +25,10 @@ module Saml
@signature ||= Signature.new(at_xpath("/samlp:#{name}/ds:Signature"))
end
- # Returns true when documents is signed and the signing certificate belongs to a known service entity.
+ # Returns true when documents is signed and the signing certificate
+ # belongs to a known service entity.
def trusted?
- return true if signature_manually_verified
+ return true if signature_verified
return false unless signed?
signature.trusted?(provider)
end
@@ -38,12 +40,12 @@ module Saml
# @!visibility private
def signature_verified!
- @signature_manually_verified = true
+ @signature_verified = true
end
private
- attr_reader :signature_manually_verified
+ attr_reader :signature_verified
def must_have_valid_signature
return if to_xml.blank?
lib/saml/kit/xml_templatable.rb
@@ -16,7 +16,8 @@ module Saml
"#{self.class.name.split('::').last.underscore}.builder"
end
- # Returns true if an embedded signature is requested and at least one signing certificate is available via the configuration.
+ # Returns true if an embedded signature is requested and at least one
+ # signing certificate is available via the configuration.
def sign?
return configuration.sign? if embed_signature.nil?
(embed_signature && configuration.sign?) ||
.rubocop.yml
@@ -14,6 +14,11 @@ AllCops:
- 'vendor/**/*'
TargetRubyVersion: 2.2
+Layout/AlignParameters:
+ Enabled: true
+ EnforcedStyle: with_fixed_indentation
+ IndentationWidth: 2
+
Layout/ClassStructure:
Enabled: true
Categories:
@@ -39,6 +44,10 @@ Layout/IndentArray:
Layout/IndentHeredoc:
EnforcedStyle: active_support
+Layout/MultilineMethodCallIndentation:
+ Enabled: true
+ EnforcedStyle: indented
+
Lint/AmbiguousBlockAssociation:
Exclude:
- 'spec/**/*.rb'
@@ -61,6 +70,7 @@ Metrics/ModuleLength:
Metrics/LineLength:
Exclude:
+ - 'lib/saml/kit/builders/templates/*.builder'
- 'spec/**/*.rb'
Naming/FileName:
.rubocop_todo.yml
@@ -13,7 +13,7 @@ Metrics/AbcSize:
# Offense count: 3
# Configuration parameters: CountComments.
Metrics/ClassLength:
- Max: 136
+ Max: 150
# Offense count: 6
# Configuration parameters: CountComments.
@@ -24,15 +24,3 @@ Metrics/MethodLength:
Style/DateTime:
Exclude:
- 'lib/saml/kit/assertion.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
-Style/IfUnlessModifier:
- Exclude:
- - 'lib/saml/kit/builders/authentication_request.rb'
-
-# Offense count: 128
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
-# URISchemes: http, https
-Metrics/LineLength:
- Max: 313