Commit e6f57a7

mo <mo@mokhan.ca>
2017-11-16 18:11:37
update binding to start to enforce binding rules.
main
1 parent dcf64bf
Changed files (4)
lib
saml
kit
binding.rb
url_builder.rb
spec
saml
binding_spec.rb
support
matchers
have_query_param.rb
lib/saml/kit/binding.rb
@@ -12,6 +12,25 @@ module Saml
         binding == other
       end
 
+      def serialize(document_type, relay_state: nil)
+        if http_redirect?
+          builder = document_type::Builder.new(sign: false)
+          builder.destination = location
+          document = builder.build
+          [UrlBuilder.new.build(document, relay_state: relay_state), {}]
+        else
+          saml_params = {
+            'SAMLRequest' => "x",
+            'RelayState' => relay_state,
+          }
+          [location, saml_params]
+        end
+      end
+
+      def http_redirect?
+        binding == Namespaces::HTTP_REDIRECT
+      end
+
       def to_h
         { binding: binding, location: location }
       end
lib/saml/kit/url_builder.rb
@@ -5,7 +5,7 @@ module Saml
         @private_key = private_key
       end
 
-      def build(saml_document, binding: :http_redirect, relay_state: nil)
+      def build(saml_document, relay_state: nil)
         payload = build_payload(saml_document, relay_state)
         "#{saml_document.destination}?#{payload}&Signature=#{signature_for(payload)}"
       end
spec/saml/binding_spec.rb
@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+RSpec.describe Saml::Kit::Binding do
+  describe "#serialize" do
+    let(:relay_state) { "ECHO" }
+    let(:location) { FFaker::Internet.http_url }
+
+    describe "HTTP-REDIRECT BINDING" do
+      let(:subject) { Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::HTTP_REDIRECT, location: location) }
+
+      it 'encodes the request using the HTTP-Redirect encoding' do
+        url, _ = subject.serialize(Saml::Kit::AuthenticationRequest, relay_state: relay_state)
+        expect(url).to start_with(location)
+        expect(url).to have_query_param('SAMLRequest')
+        expect(url).to have_query_param('SigAlg')
+        expect(url).to have_query_param('Signature')
+      end
+    end
+
+    describe "HTTP-POST Binding" do
+      let(:subject) { Saml::Kit::Binding.new(binding: Saml::Kit::Namespaces::POST, location: location) }
+
+      it 'encodes the request using the HTTP-POST encoding' do
+        url, saml_params = subject.serialize(Saml::Kit::AuthenticationRequest, relay_state: relay_state)
+
+        expect(url).to eql(location)
+        expect(saml_params['SAMLRequest']).to be_present
+        expect(saml_params['RelayState']).to eql(relay_state)
+      end
+    end
+  end
+end
spec/support/matchers/have_query_param.rb
@@ -0,0 +1,13 @@
+RSpec::Matchers.define :have_query_param do |key|
+  match do |url|
+    query_params(url)['SAMLRequest'].present?
+  end
+
+  def query_params(url)
+    Hash[uri_for(url).query.split("&").map { |x| x.split('=', 2) }]
+  end
+
+  def uri_for(url)
+    URI.parse(url)
+  end
+end