Commit fcd9c9e
2017-11-22 21:19:50
1 parent
80ef3ca
Changed files (13)
airport
app
controllers
models
proof
app
controllers
models
saml-kit
airport/app/controllers/assertions_controller.rb
@@ -3,7 +3,7 @@ class AssertionsController < ApplicationController
skip_before_action :authenticate!, only: [:create, :destroy]
def create
- saml_binding = sp.assertion_consumer_service_for(binding: :post)
+ saml_binding = sp.assertion_consumer_service_for(binding: :http_post)
@saml_response = saml_binding.deserialize(params)
logger.debug(@saml_response.to_xml(pretty: true))
return render :error, status: :forbidden if @saml_response.invalid?
@@ -16,7 +16,7 @@ class AssertionsController < ApplicationController
if params['SAMLRequest'].present?
# IDP initiated logout
elsif params['SAMLResponse'].present?
- saml_binding = sp.single_logout_service_for(binding: :post)
+ saml_binding = sp.single_logout_service_for(binding: :http_post)
saml_response = saml_binding.deserialize(params)
raise ActiveRecordRecordInvalid.new(saml_response) if saml_response.invalid?
reset_session
airport/app/controllers/sessions_controller.rb
@@ -12,12 +12,12 @@ class SessionsController < ApplicationController
# HTTP POST
# * URI
# * SAMLRequest/SAMLResponse
- post_binding = idp.single_sign_on_service_for(binding: :post)
+ post_binding = idp.single_sign_on_service_for(binding: :http_post)
@post_uri, @saml_params = post_binding.serialize(builder_for(:login), relay_state: relay_state)
end
def destroy
- saml_binding = idp.single_logout_service_for(binding: :post)
+ saml_binding = idp.single_logout_service_for(binding: :http_post)
@url, @saml_params = saml_binding.serialize(builder_for(:logout))
render layout: "spinner"
end
@@ -36,7 +36,7 @@ class SessionsController < ApplicationController
case type
when :login
builder = Saml::Kit::AuthenticationRequest::Builder.new
- builder.acs_url = Sp.default(request).assertion_consumer_service_for(binding: :post).location
+ builder.acs_url = Sp.default(request).assertion_consumer_service_for(binding: :http_post).location
builder
when :logout
Saml::Kit::LogoutRequest::Builder.new(current_user)
airport/app/models/sp.rb
@@ -6,8 +6,8 @@ class Sp
host = "#{request.protocol}#{request.host}:#{request.port}"
builder = Saml::Kit::ServiceProviderMetadata::Builder.new
builder.sign = false
- builder.add_assertion_consumer_service(url_helpers.consume_url(host: host), binding: :post)
- builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :post)
+ builder.add_assertion_consumer_service(url_helpers.consume_url(host: host), binding: :http_post)
+ builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :http_post)
builder.build
end
end
proof/app/controllers/sessions_controller.rb
@@ -2,7 +2,7 @@ class SessionsController < ApplicationController
skip_before_action :verify_authenticity_token, only: [:new, :destroy]
def new
- target_binding = request.post? ? :post : :http_redirect
+ target_binding = request.post? ? :http_post : :http_redirect
binding = idp.single_sign_on_service_for(binding: target_binding)
saml_request = binding.deserialize(raw_params)
if saml_request.invalid?
@@ -19,7 +19,7 @@ class SessionsController < ApplicationController
return render_error(:forbidden, model: saml_request)
end
- response_binding = saml_request.provider.assertion_consumer_service_for(binding: :post)
+ response_binding = saml_request.provider.assertion_consumer_service_for(binding: :http_post)
saml_response = saml_request.response_for(user)
@url, @saml_params = response_binding.serialize(saml_response, relay_state: saml_params[:RelayState])
reset_session
@@ -33,12 +33,12 @@ class SessionsController < ApplicationController
def destroy
if saml_params[:SAMLRequest].present?
- binding = idp.single_logout_service_for(binding: :post)
+ binding = idp.single_logout_service_for(binding: :http_post)
saml_request = binding.deserialize(raw_params).tap do |saml|
raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
end
user = User.find_by(uuid: saml_request.name_id)
- response_binding = saml_request.provider.single_logout_service_for(binding: :post)
+ response_binding = saml_request.provider.single_logout_service_for(binding: :http_post)
saml_response = saml_request.response_for(user)
@url, @saml_params = response_binding.serialize(saml_response, relay_state: saml_params[:RelayState])
reset_session
proof/app/models/idp.rb
@@ -10,9 +10,9 @@ class Idp
builder.contact_email = 'hi@example.com'
builder.organization_name = "Acme, Inc"
builder.organization_url = url_helpers.root_url(host: host)
- builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :post)
+ builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_post)
builder.add_single_sign_on_service(url_helpers.new_session_url(host: host), binding: :http_redirect)
- builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :post)
+ builder.add_single_logout_service(url_helpers.logout_url(host: host), binding: :http_post)
builder.name_id_formats = [
Saml::Kit::Namespaces::EMAIL_ADDRESS,
Saml::Kit::Namespaces::PERSISTENT,
saml-kit/lib/saml/kit/bindings.rb
@@ -10,7 +10,6 @@ module Saml
HTTP_POST = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
HTTP_REDIRECT = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
ALL = {
- post: HTTP_POST,
http_post: HTTP_POST,
http_redirect: HTTP_REDIRECT,
http_artifact: HTTP_ARTIFACT,
saml-kit/lib/saml/kit/logout_response.rb
@@ -25,7 +25,7 @@ module Saml
@issuer = configuration.issuer
provider = configuration.registry.metadata_for(@issuer)
if provider
- @destination = provider.single_logout_service_for(binding: :post).try(:location)
+ @destination = provider.single_logout_service_for(binding: :http_post).try(:location)
end
end
saml-kit/lib/saml/kit/response.rb
@@ -158,9 +158,9 @@ module Saml
def destination_for(request)
if request.signed? && request.trusted?
- request.acs_url || request.provider.assertion_consumer_service_for(binding: :post).try(:location)
+ request.acs_url || request.provider.assertion_consumer_service_for(binding: :http_post).try(:location)
else
- request.provider.assertion_consumer_service_for(binding: :post).try(:location)
+ request.provider.assertion_consumer_service_for(binding: :http_post).try(:location)
end
end
saml-kit/lib/saml/kit/service_provider_metadata.rb
@@ -35,11 +35,11 @@ module Saml
@want_assertions_signed = true
end
- def add_assertion_consumer_service(url, binding: :post)
+ def add_assertion_consumer_service(url, binding: :http_post)
@acs_urls.push(location: url, binding: Bindings.binding_for(binding))
end
- def add_single_logout_service(url, binding: :post)
+ def add_single_logout_service(url, binding: :http_post)
@logout_urls.push(location: url, binding: Bindings.binding_for(binding))
end
saml-kit/spec/saml/bindings/http_redirect_spec.rb
@@ -84,7 +84,7 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
it 'returns a signed document, when a signature is missing' do
builder = Saml::Kit::ServiceProviderMetadata::Builder.new
- builder.add_assertion_consumer_service(FFaker::Internet.http_url, binding: :post)
+ builder.add_assertion_consumer_service(FFaker::Internet.http_url, binding: :http_post)
provider = builder.build
allow(Saml::Kit.configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
saml-kit/spec/saml/identity_provider_metadata_spec.rb
@@ -71,9 +71,9 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
it 'valid when given valid identity provider metadata' do
builder = described_class::Builder.new
builder.attributes = [:email]
- builder.add_single_sign_on_service(FFaker::Internet.http_url, binding: :post)
+ builder.add_single_sign_on_service(FFaker::Internet.http_url, binding: :http_post)
builder.add_single_sign_on_service(FFaker::Internet.http_url, binding: :http_redirect)
- builder.add_single_logout_service(FFaker::Internet.http_url, binding: :post)
+ builder.add_single_logout_service(FFaker::Internet.http_url, binding: :http_post)
builder.add_single_logout_service(FFaker::Internet.http_url, binding: :http_redirect)
expect(builder.build).to be_valid
end
@@ -122,12 +122,12 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
subject do
builder = Saml::Kit::IdentityProviderMetadata::Builder.new
builder.add_single_sign_on_service(redirect_url, binding: :http_redirect)
- builder.add_single_sign_on_service(post_url, binding: :post)
+ builder.add_single_sign_on_service(post_url, binding: :http_post)
builder.build
end
it 'returns the POST binding' do
- result = subject.single_sign_on_service_for(binding: :post)
+ result = subject.single_sign_on_service_for(binding: :http_post)
expect(result.location).to eql(post_url)
expect(result.binding).to eql(Saml::Kit::Bindings::HTTP_POST)
end
@@ -174,11 +174,11 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
before :each do
builder.add_single_logout_service(redirect_url, binding: :http_redirect)
- builder.add_single_logout_service(post_url, binding: :post)
+ builder.add_single_logout_service(post_url, binding: :http_post)
end
it 'returns the location for the matching binding' do
- expect(subject.single_logout_service_for(binding: :post).location).to eql(post_url)
+ expect(subject.single_logout_service_for(binding: :http_post).location).to eql(post_url)
expect(subject.single_logout_service_for(binding: :http_redirect).location).to eql(redirect_url)
end
@@ -205,7 +205,7 @@ RSpec.describe Saml::Kit::IdentityProviderMetadata do
Saml::Kit::Namespaces::EMAIL_ADDRESS,
]
subject.add_single_sign_on_service("https://www.example.com/login", binding: :http_redirect)
- subject.add_single_logout_service("https://www.example.com/logout", binding: :post)
+ subject.add_single_logout_service("https://www.example.com/logout", binding: :http_post)
subject.attributes << "id"
result = Hash.from_xml(subject.build.to_xml)
saml-kit/spec/saml/service_provider_metadata_spec.rb
@@ -26,7 +26,7 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
XML
it 'builds the service provider metadata' do
subject.entity_id = entity_id
- subject.add_assertion_consumer_service(acs_url, binding: :post)
+ subject.add_assertion_consumer_service(acs_url, binding: :http_post)
subject.name_id_formats = [
Saml::Kit::Namespaces::PERSISTENT,
Saml::Kit::Namespaces::TRANSIENT,
@@ -59,9 +59,9 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
let(:builder) { described_class::Builder.new }
subject do
builder.entity_id = entity_id
- builder.add_assertion_consumer_service(acs_post_url, binding: :post)
+ builder.add_assertion_consumer_service(acs_post_url, binding: :http_post)
builder.add_assertion_consumer_service(acs_redirect_url, binding: :http_redirect)
- builder.add_single_logout_service(logout_post_url, binding: :post)
+ builder.add_single_logout_service(logout_post_url, binding: :http_post)
builder.add_single_logout_service(logout_redirect_url, binding: :http_redirect)
builder.build
end
@@ -106,9 +106,9 @@ RSpec.describe Saml::Kit::ServiceProviderMetadata do
let(:service_provider_metadata) do
builder = described_class::Builder.new
builder.entity_id = entity_id
- builder.add_assertion_consumer_service(acs_post_url, binding: :post)
+ builder.add_assertion_consumer_service(acs_post_url, binding: :http_post)
builder.add_assertion_consumer_service(acs_redirect_url, binding: :http_redirect)
- builder.add_single_logout_service(logout_post_url, binding: :post)
+ builder.add_single_logout_service(logout_post_url, binding: :http_post)
builder.add_single_logout_service(logout_redirect_url, binding: :http_redirect)
builder.to_xml
end
saml-kit/spec/saml/xml_spec.rb
@@ -8,9 +8,9 @@ RSpec.describe Saml::Kit::Xml do
let(:signed_xml) do
builder = Saml::Kit::ServiceProviderMetadata::Builder.new
builder.entity_id = FFaker::Movie.title
- builder.add_assertion_consumer_service(login_url, binding: :post)
+ builder.add_assertion_consumer_service(login_url, binding: :http_post)
builder.add_assertion_consumer_service(login_url, binding: :http_redirect)
- builder.add_single_logout_service(logout_url, binding: :post)
+ builder.add_single_logout_service(logout_url, binding: :http_post)
builder.add_single_logout_service(logout_url, binding: :http_redirect)
builder.to_xml
end