Comparing changes
v0.3.5
→
v0.3.6
6 commits
24 files changed
Commits
Changed files (24)
lib
spec
saml
support
matchers
lib/saml/kit/builders/authentication_request.rb
@@ -12,7 +12,7 @@ module Saml
def initialize(configuration: Saml::Kit.configuration)
@configuration = configuration
@id = ::Xml::Kit::Id.generate
- @issuer = configuration.issuer
+ @issuer = configuration.entity_id
@name_id_format = Namespaces::PERSISTENT
@now = Time.now.utc
@version = "2.0"
lib/saml/kit/builders/identity_provider_metadata.rb
@@ -16,7 +16,7 @@ module Saml
def initialize(configuration: Saml::Kit.configuration)
@attributes = []
@configuration = configuration
- @entity_id = configuration.issuer
+ @entity_id = configuration.entity_id
@id = ::Xml::Kit::Id.generate
@logout_urls = []
@name_id_formats = [Namespaces::PERSISTENT]
lib/saml/kit/builders/logout_request.rb
@@ -13,7 +13,7 @@ module Saml
@configuration = configuration
@user = user
@id = ::Xml::Kit::Id.generate
- @issuer = configuration.issuer
+ @issuer = configuration.entity_id
@name_id_format = Saml::Kit::Namespaces::PERSISTENT
@now = Time.now.utc
@version = "2.0"
lib/saml/kit/builders/logout_response.rb
@@ -12,7 +12,7 @@ module Saml
def initialize(request, configuration: Saml::Kit.configuration)
@configuration = configuration
@id = ::Xml::Kit::Id.generate
- @issuer = configuration.issuer
+ @issuer = configuration.entity_id
@now = Time.now.utc
@request = request
@status_code = Namespaces::SUCCESS
lib/saml/kit/builders/metadata.rb
@@ -15,7 +15,7 @@ module Saml
def initialize(configuration: Saml::Kit.configuration)
@id = ::Xml::Kit::Id.generate
- @entity_id = configuration.issuer
+ @entity_id = configuration.entity_id
@configuration = configuration
end
lib/saml/kit/builders/response.rb
@@ -19,7 +19,7 @@ module Saml
@now = Time.now.utc
@version = "2.0"
@status_code = Namespaces::SUCCESS
- @issuer = configuration.issuer
+ @issuer = configuration.entity_id
@encrypt = encryption_certificate.present?
@configuration = configuration
end
lib/saml/kit/rspec/have_query_param.rb
@@ -0,0 +1,19 @@
+require 'uri'
+
+RSpec::Matchers.define :have_query_param do |key|
+ match do |url|
+ query_params_from(url)[key].present?
+ end
+
+ def query_params_from(url)
+ Hash[query_for(url).split("&").map { |x| x.split('=', 2) }]
+ end
+
+ def uri_for(url)
+ URI.parse(url)
+ end
+
+ def query_for(url)
+ uri_for(url).query
+ end
+end
spec/support/matchers/have_xml.rb → lib/saml/kit/rspec/have_xpath.rb
File renamed without changes
lib/saml/kit/assertion.rb
@@ -100,7 +100,7 @@ module Saml
end
def must_match_issuer
- unless audiences.include?(configuration.issuer)
+ unless audiences.include?(configuration.entity_id)
errors[:audience] << error_message(:must_match_issuer)
end
end
lib/saml/kit/buildable.rb
@@ -4,12 +4,16 @@ module Saml
extend ActiveSupport::Concern
class_methods do
- def build(*args, &block) # :yields builder
- builder(*args, &block).build
+ def build(*args) # :yields builder
+ builder(*args) do |builder|
+ yield builder if block_given?
+ end.build
end
- def build_xml(*args, &block) # :yields builder
- builder(*args, &block).to_xml
+ def build_xml(*args) # :yields builder
+ builder(*args) do |builder|
+ yield builder if block_given?
+ end.to_xml
end
def builder(*args) # :yields builder
lib/saml/kit/configuration.rb
@@ -3,7 +3,7 @@ module Saml
# This class represents the main configuration that is use for generating SAML documents.
#
# Saml::Kit::Configuration.new do |config|
- # config.issuer = "com:saml:kit"
+ # config.entity_id = "com:saml:kit"
# config.signature_method = :SHA256
# config.digest_method = :SHA256
# config.registry = Saml::Kit::DefaultRegistry.new
@@ -15,14 +15,14 @@ module Saml
# that runs at the start of the program.
#
# Saml::Kit.configure do |configuration|
- # configuration.issuer = "https://www.example.com/saml/metadata"
+ # configuration.entity_id = "https://www.example.com/saml/metadata"
# configuration.generate_key_pair_for(use: :signing)
# configuration.add_key_pair(ENV["X509_CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PRIVATE_KEY_PASSPHRASE'], use: :encryption)
# end
class Configuration
USES = [:signing, :encryption]
- # The issuer or entity_id to use.
- attr_accessor :issuer
+ # The issuer to use in requests or responses from this entity to use.
+ attr_accessor :entity_id
# The signature method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::SIGNATURE_METHODS})
attr_accessor :signature_method
# The digest method to use when generating signatures (See {Saml::Kit::Builders::XmlSignature::DIGEST_METHODS})
@@ -112,6 +112,18 @@ module Saml
certificates(use: :signing).any?
end
+ # @deprecated Use {#entity_id} instead of this method.
+ def issuer
+ Saml::Kit.deprecate("issuer is deprecated. Use entity_id instead")
+ self.entity_id
+ end
+
+ # @deprecated Use {#entity_id=} instead of this method.
+ def issuer=(value)
+ Saml::Kit.deprecate("issuer= is deprecated. Use entity_id= instead")
+ self.entity_id = value
+ end
+
private
def ensure_proper_use!(use)
lib/saml/kit/default_registry.rb
@@ -22,7 +22,7 @@ module Saml
# end
#
# Saml::Kit.configure do |configuration|
- # configuration.issuer = ENV['ISSUER']
+ # configuration.entity_id = ENV['ENTITY_ID']
# configuration.registry = OnDemandRegistry.new(configuration.registry)
# configuration.logger = Rails.logger
# end
lib/saml/kit/rspec.rb
@@ -0,0 +1,2 @@
+require 'saml/kit/rspec/have_query_param'
+require 'saml/kit/rspec/have_xpath'
lib/saml/kit/version.rb
@@ -1,5 +1,5 @@
module Saml
module Kit
- VERSION = "0.3.5"
+ VERSION = "0.3.6"
end
end
lib/saml-kit.rb
@@ -0,0 +1,1 @@
+require 'saml/kit'
spec/saml/bindings/http_redirect_spec.rb
@@ -21,12 +21,12 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
end
describe "#deserialize" do
- let(:issuer) { FFaker::Internet.http_url }
+ let(:entity_id) { FFaker::Internet.http_url }
let(:provider) { Saml::Kit::IdentityProviderMetadata.build }
before :each do
- allow(Saml::Kit.configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
- allow(Saml::Kit.configuration).to receive(:issuer).and_return(issuer)
+ allow(Saml::Kit.configuration.registry).to receive(:metadata_for).with(entity_id).and_return(provider)
+ allow(Saml::Kit.configuration).to receive(:entity_id).and_return(entity_id)
end
it 'deserializes the SAMLRequest to an AuthnRequest' do
@@ -37,12 +37,12 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
it 'deserializes the SAMLRequest to an AuthnRequest with symbols for keys' do
configuration = Saml::Kit::Configuration.new do |config|
- config.issuer = issuer
+ config.entity_id = entity_id
config.generate_key_pair_for(use: :signing)
end
provider = Saml::Kit::IdentityProviderMetadata.build(configuration: configuration)
url, _ = subject.serialize(Saml::Kit::AuthenticationRequest.builder(configuration: configuration))
- allow(configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
+ allow(configuration.registry).to receive(:metadata_for).with(entity_id).and_return(provider)
result = subject.deserialize(query_params_from(url).symbolize_keys, configuration: configuration)
expect(result).to be_instance_of(Saml::Kit::AuthenticationRequest)
@@ -86,7 +86,7 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
it 'deserializes the SAMLResponse to a Response' do
user = double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: [])
- request = double(:request, id: SecureRandom.uuid, provider: nil, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: issuer, signed?: true, trusted?: true)
+ request = double(:request, id: SecureRandom.uuid, provider: nil, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: entity_id, signed?: true, trusted?: true)
url, _ = subject.serialize(Saml::Kit::Response.builder(user, request))
result = subject.deserialize(query_params_from(url))
expect(result).to be_instance_of(Saml::Kit::Response)
@@ -113,7 +113,7 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
it 'raises an error when the signature does not match' do
configuration = Saml::Kit::Configuration.new do |config|
- config.issuer = issuer
+ config.entity_id = entity_id
config.generate_key_pair_for(use: :signing)
end
url, _ = subject.serialize(
@@ -132,7 +132,7 @@ RSpec.describe Saml::Kit::Bindings::HttpRedirect do
provider = Saml::Kit::ServiceProviderMetadata.build do |builder|
builder.add_assertion_consumer_service(FFaker::Internet.http_url, binding: :http_post)
end
- allow(Saml::Kit.configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
+ allow(Saml::Kit.configuration.registry).to receive(:metadata_for).with(entity_id).and_return(provider)
url, _ = subject.serialize(Saml::Kit::AuthenticationRequest.builder)
result = subject.deserialize(query_params_from(url))
spec/saml/builders/authentication_request_spec.rb
@@ -2,7 +2,7 @@ RSpec.describe Saml::Kit::Builders::AuthenticationRequest do
subject { described_class.new(configuration: configuration) }
let(:configuration) do
config = Saml::Kit::Configuration.new
- config.issuer = issuer
+ config.entity_id = issuer
config
end
spec/saml/builders/response_spec.rb
@@ -2,7 +2,7 @@ RSpec.describe Saml::Kit::Builders::Response do
subject { described_class.new(user, request, configuration: configuration) }
let(:configuration) do
Saml::Kit::Configuration.new do |config|
- config.issuer = issuer
+ config.entity_id = issuer
config.generate_key_pair_for(use: :signing)
config.generate_key_pair_for(use: :encryption)
end
@@ -40,7 +40,7 @@ RSpec.describe Saml::Kit::Builders::Response do
describe "#to_xml" do
it 'returns a proper response for the user' do
travel_to 1.second.from_now
- allow(Saml::Kit.configuration).to receive(:issuer).and_return(issuer)
+ allow(Saml::Kit.configuration).to receive(:entity_id).and_return(issuer)
subject.destination = assertion_consumer_service_url
subject.encrypt = false
hash = Hash.from_xml(subject.to_xml)
@@ -154,7 +154,7 @@ RSpec.describe Saml::Kit::Builders::Response do
describe ".build" do
let(:configuration) do
Saml::Kit::Configuration.new do |config|
- config.issuer = issuer
+ config.entity_id = issuer
config.generate_key_pair_for(use: :signing)
config.generate_key_pair_for(use: :signing)
config.generate_key_pair_for(use: :signing)
spec/saml/logout_request_spec.rb
@@ -2,11 +2,11 @@ RSpec.describe Saml::Kit::LogoutRequest do
subject { described_class.build(user, configuration: configuration) }
let(:user) { double(:user, name_id_for: name_id) }
let(:name_id) { SecureRandom.uuid }
- let(:issuer) { FFaker::Internet.uri("https") }
+ let(:entity_id) { FFaker::Internet.uri("https") }
let(:registry) { instance_double(Saml::Kit::DefaultRegistry) }
let(:configuration) do
Saml::Kit::Configuration.new do |config|
- config.issuer = issuer
+ config.entity_id = entity_id
config.registry = registry
config.generate_key_pair_for(use: :signing)
end
@@ -14,9 +14,9 @@ RSpec.describe Saml::Kit::LogoutRequest do
it 'parses the issuer' do
subject = described_class.build(user, configuration: configuration) do |builder|
- builder.issuer = issuer
+ builder.issuer = entity_id
end
- expect(subject.issuer).to eql(issuer)
+ expect(subject.issuer).to eql(entity_id)
end
it 'parses the issue instant' do
@@ -43,7 +43,7 @@ RSpec.describe Saml::Kit::LogoutRequest do
describe "#valid?" do
let(:metadata) do
Saml::Kit::ServiceProviderMetadata.build(configuration: configuration) do |builder|
- builder.entity_id = issuer
+ builder.entity_id = entity_id
builder.add_single_logout_service(FFaker::Internet.uri("https"), binding: :http_post)
end
end
spec/saml/response_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe Saml::Kit::Response do
subject { described_class.build(user, request, configuration: configuration) }
let(:configuration) do
Saml::Kit::Configuration.new do |config|
- config.issuer = request.issuer
+ config.entity_id = request.issuer
config.registry = registry
config.generate_key_pair_for(use: :signing)
end
spec/support/matchers/have_query_param.rb
@@ -1,5 +0,0 @@
-RSpec::Matchers.define :have_query_param do |key|
- match do |url|
- query_params_from(url)['SAMLRequest'].present?
- end
-end
spec/support/test_helpers.rb
@@ -11,3 +11,7 @@ module TestHelpers
uri_for(url).query
end
end
+
+RSpec.configure do |config|
+ config.include TestHelpers
+end
spec/spec_helper.rb
@@ -4,6 +4,7 @@ SimpleCov.start do
end
require "bundler/setup"
require "saml/kit"
+require "saml/kit/rspec"
require "active_support/testing/time_helpers"
require "ffaker"
require "webmock/rspec"
@@ -13,7 +14,6 @@ Saml::Kit.configuration.logger.level = Xml::Kit.logger.level = Logger::FATAL
Dir[File.join(Dir.pwd, 'spec/support/**/*.rb')].each { |f| require f }
RSpec.configure do |config|
config.include ActiveSupport::Testing::TimeHelpers
- config.include TestHelpers
# Enable flags like --only-failures and --next-failure
config.example_status_persistence_file_path = ".rspec_status"
README.md
@@ -33,7 +33,7 @@ To specify a global configuration: (useful for a rails application)
```ruby
Saml::Kit.configure do |configuration|
- configuration.issuer = ENV['ISSUER']
+ configuration.entity_id = ENV['ISSUER']
configuration.generate_key_pair_for(use: :signing)
configuration.add_key_pair(ENV["CERTIFICATE"], ENV["PRIVATE_KEY"], passphrase: ENV['PASSPHRASE'], use: :signing)
configuration.generate_key_pair_for(use: :encryption)