devise_saml_authenticatable 1.4.0 → 1.6.2

data/spec/devise_saml_authenticatable/saml_mapped_attributes_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+require 'devise_saml_authenticatable/saml_mapped_attributes'
+
+describe SamlAuthenticatable::SamlMappedAttributes do
+  let(:instance) { described_class.new(saml_attributes, attribute_map) }
+  let(:attribute_map_file) { File.join(File.dirname(__FILE__), '../support/attribute-map.yml') }
+  let(:attribute_map) { YAML.load(File.read(attribute_map_file)) }
+  let(:saml_attributes) do
+    {
+      "first_name" => ["John"],
+      "last_name"=>["Smith"],
+      "email"=>["john.smith@example.com"]
+    }
+  end
+
+  describe "#value_by_resource_key" do
+    RSpec.shared_examples "correctly maps the value of the resource key" do |saml_key, resource_key, expected_value|
+      subject(:perform) { instance.value_by_resource_key(resource_key) }
+
+      it "correctly maps the resource key, #{resource_key}, to the value of the '#{saml_key}' SAML key" do
+        saml_attributes[saml_key] = saml_attributes.delete(resource_key)
+        expect(perform).to eq(expected_value)
+      end
+    end
+
+    context "first_name" do
+      saml_keys = ['urn:mace:dir:attribute-def:first_name', 'first_name', 'firstName', 'firstname']
+
+      saml_keys.each do |saml_key|
+        include_examples 'correctly maps the value of the resource key', saml_key, 'first_name', ['John']
+      end
+    end
+
+    context 'last_name' do
+      saml_keys = ['urn:mace:dir:attribute-def:last_name', 'last_name', 'lastName', 'lastname']
+
+      saml_keys.each do |saml_key|
+        include_examples 'correctly maps the value of the resource key', saml_key, 'last_name', ['Smith']
+      end
+    end
+
+    context 'email' do
+      saml_keys = ['urn:mace:dir:attribute-def:email', 'email_address', 'emailAddress', 'email']
+
+      saml_keys.each do |saml_key|
+        include_examples 'correctly maps the value of the resource key', saml_key, 'email', ['john.smith@example.com']
+      end
+    end
+  end
+end

data/spec/features/saml_authentication_spec.rb

@@ -5,6 +5,7 @@ require 'uri'
 require 'capybara/rspec'
 require 'capybara/poltergeist'
 Capybara.default_driver = :poltergeist
+Capybara.server = :webrick
 
 describe "SAML Authentication", type: :feature do
   let(:idp_port) { 8009 }
@@ -56,7 +57,7 @@ describe "SAML Authentication", type: :feature do
       expect(current_url).to eq("http://localhost:8020/")
 
       click_on "Log out"
-      #confirm the logout response redirected to the SP which in turn attempted to sign th e
+      # confirm the logout response redirected to the SP which in turn attempted to sign the user back in
       expect(current_url).to match(%r(\Ahttp://localhost:8009/saml/auth\?SAMLRequest=))
 
       # prove user is now signed out
@@ -84,8 +85,8 @@ describe "SAML Authentication", type: :feature do
       @sp_pid  = start_app('sp',  sp_port)
     end
     after(:each) do
-      stop_app(@idp_pid)
-      stop_app(@sp_pid)
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
     end
 
     it_behaves_like "it authenticates and creates users"
@@ -99,8 +100,8 @@ describe "SAML Authentication", type: :feature do
       @sp_pid  = start_app('sp',  sp_port)
     end
     after(:each) do
-      stop_app(@idp_pid)
-      stop_app(@sp_pid)
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
     end
 
     it_behaves_like "it authenticates and creates users"
@@ -114,8 +115,8 @@ describe "SAML Authentication", type: :feature do
       @sp_pid  = start_app('sp',  sp_port)
     end
     after(:each) do
-      stop_app(@idp_pid)
-      stop_app(@sp_pid)
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
     end
 
     it_behaves_like "it authenticates and creates users"
@@ -130,8 +131,8 @@ describe "SAML Authentication", type: :feature do
       @sp_pid  = start_app('sp',  sp_port)
     end
     after(:each) do
-      stop_app(@idp_pid)
-      stop_app(@sp_pid)
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
     end
 
     it_behaves_like "it authenticates and creates users"
@@ -142,37 +143,21 @@ describe "SAML Authentication", type: :feature do
       create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "false")
       create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'IDP_SETTINGS_ADAPTER' => "IdpSettingsAdapter", 'IDP_ENTITY_ID_READER' => "OurEntityIdReader")
 
-      @idp_pid = start_app('idp', idp_port)
+      # use a different port for this entity ID; configured in spec/support/idp_settings_adapter.rb.erb
+      @idp_pid = start_app('idp', 8010)
       @sp_pid  = start_app('sp',  sp_port)
     end
 
     after(:each) do
-      stop_app(@idp_pid)
-      stop_app(@sp_pid)
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
     end
 
     it "authenticates an existing user on a SP via an IdP" do
       create_user("you@example.com")
 
       visit 'http://localhost:8020/users/saml/sign_in/?entity_id=http%3A%2F%2Flocalhost%3A8020%2Fsaml%2Fmetadata'
-      expect(current_url).to match(%r(\Ahttp://www.example.com/sso\?SAMLRequest=))
-    end
-
-    it "logs a user out of the IdP via the SP" do
-      sign_in
-
-      # prove user is still signed in
-      visit 'http://localhost:8020/'
-      expect(page).to have_content("you@example.com")
-      expect(current_url).to eq("http://localhost:8020/")
-
-      click_on "Log out"
-      #confirm the logout response redirected to the SP which in turn attempted to sign th e
-      expect(current_url).to match(%r(\Ahttp://www.example.com/slo\?SAMLRequest=))
-
-      # prove user is now signed out
-      visit 'http://localhost:8020/users/saml/sign_in/?entity_id=http%3A%2F%2Flocalhost%3A8020%2Fsaml%2Fmetadata'
-      expect(current_url).to match(%r(\Ahttp://www.example.com/sso\?SAMLRequest=))
+      expect(current_url).to match(%r(\Ahttp://localhost:8010/saml/auth\?SAMLRequest=))
     end
   end
 
@@ -187,8 +172,8 @@ describe "SAML Authentication", type: :feature do
     end
 
     after(:each) do
-      stop_app(@idp_pid)
-      stop_app(@sp_pid)
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
     end
 
     it_behaves_like "it authenticates and creates users"
@@ -203,24 +188,47 @@ describe "SAML Authentication", type: :feature do
         fill_in "Email", with: "you@example.com"
         fill_in "Password", with: "asdf"
         click_on "Sign in"
-        expect(page).to have_content("Example Domain This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission.")
+        expect(page).to have_content(:all, "Example Domain This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.")
         expect(current_url).to eq("http://www.example.com/")
       end
     end
   end
 
+  context "when the saml_attribute_map is set" do
+    before(:each) do
+      create_app(
+        "idp",
+        "EMAIL_ADDRESS_ATTRIBUTE_KEY" => "myemailaddress",
+        "NAME_ATTRIBUTE_KEY" => "myname",
+        "INCLUDE_SUBJECT_IN_ATTRIBUTES" => "false",
+      )
+      create_app(
+        "sp",
+        "ATTRIBUTE_MAP_RESOLVER" => "AttributeMapResolver",
+        "USE_SUBJECT_TO_AUTHENTICATE" => "true",
+      )
+      @idp_pid = start_app("idp", idp_port)
+      @sp_pid  = start_app("sp", sp_port)
+    end
+    after(:each) do
+      stop_app("idp", @idp_pid)
+      stop_app("sp", @sp_pid)
+    end
+
+    it_behaves_like "it authenticates and creates users"
+  end
+
   def create_user(email)
     response = Net::HTTP.post_form(URI('http://localhost:8020/users'), email: email)
     expect(response.code).to eq('201')
   end
 
-  def sign_in
-    visit 'http://localhost:8020/'
-    expect(current_url).to match(%r(\Ahttp://localhost:8009/saml/auth\?SAMLRequest=))
+  def sign_in(entity_id: "")
+    visit "http://localhost:8020/users/saml/sign_in/?entity_id=#{URI.escape(entity_id)}"
     fill_in "Email", with: "you@example.com"
     fill_in "Password", with: "asdf"
     click_on "Sign in"
-    Timeout.timeout(Capybara.default_wait_time) do
+    Timeout.timeout(Capybara.default_max_wait_time) do
       loop do
         sleep 0.1
         break if current_url == "http://localhost:8020/"

data/spec/rails_helper.rb

@@ -3,12 +3,16 @@ ENV["RAILS_ENV"] ||= 'test'
 require 'spec_helper'
 
 create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "false")
-require 'support/sp/config/environment'
+require "#{working_directory}/sp/config/environment"
 require 'rspec/rails'
 
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
-ActiveRecord::Migrator.migrate(File.expand_path("../support/sp/db/migrate/", __FILE__))
+if ActiveRecord::Base.connection.respond_to?(:migration_context)
+  ActiveRecord::Base.connection.migration_context.migrate
+else
+  ActiveRecord::Migrator.migrate("#{working_directory}/sp/db/migrate/")
+end
 
 RSpec.configure do |config|
   config.use_transactional_fixtures = true

data/spec/routes/routes_spec.rb

@@ -0,0 +1,102 @@
+require 'rails_helper'
+
+describe 'SamlAuthenticatable Routes', type: :routing do
+  describe 'GET /users/saml/sign_in (login)' do
+    it 'routes to Devise::SamlSessionsController#new' do
+      expect(get: '/users/saml/sign_in').to route_to(controller: 'devise/saml_sessions', action: 'new')
+      expect(get: new_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'new')
+    end
+  end
+
+  describe 'POST /users/saml/auth (session creation)' do
+    it 'routes to Devise::SamlSessionsController#create' do
+      expect(post: '/users/saml/auth').to route_to(controller: 'devise/saml_sessions', action: 'create')
+    end
+  end
+
+  describe 'DELETE /users/sign_out (logout)' do
+    it 'routes to Devise::SamlSessionsController#destroy' do
+      expect(delete: '/users/sign_out').to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+      expect(delete: destroy_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+    end
+  end
+
+  describe 'GET /users/saml/metadata' do
+    it 'routes to Devise::SamlSessionsController#metadata' do
+      expect(get: '/users/saml/metadata').to route_to(controller: 'devise/saml_sessions', action: 'metadata')
+    end
+  end
+
+  describe 'GET /users/saml/idp_sign_out (IdP-initiated logout)' do
+    it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+      expect(get: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+    end
+  end
+
+  describe 'POST /users/saml/idp_sign_out (IdP-initiated logout)' do
+    it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+      expect(post: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+    end
+  end
+
+  context 'when saml_route_helper_prefix is "sso"' do
+    before(:all) do
+      ::Devise.saml_route_helper_prefix = 'sso'
+
+      # A very simple Rails engine
+      module SamlRouteHelperPrefixEngine
+        class Engine < ::Rails::Engine
+          isolate_namespace SamlRouteHelperPrefixEngine
+        end
+
+        Engine.routes.draw do
+          devise_for :users, module: :devise
+        end
+      end
+    end
+    after(:all) do
+      ::Devise.saml_route_helper_prefix = nil
+    end
+    routes { SamlRouteHelperPrefixEngine::Engine.routes }
+
+    describe 'GET /users/saml/sign_in (login)' do
+      it 'routes to Devise::SamlSessionsController#new' do
+        expect(get: '/users/saml/sign_in').to route_to(controller: 'devise/saml_sessions', action: 'new')
+        expect(get: new_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'new')
+      end
+    end
+
+    describe 'POST /users/saml/auth (session creation)' do
+      it 'routes to Devise::SamlSessionsController#create' do
+        expect(post: '/users/saml/auth').to route_to(controller: 'devise/saml_sessions', action: 'create')
+      end
+    end
+
+    describe 'DELETE /users/sign_out (logout)' do
+      it 'routes to Devise::SamlSessionsController#destroy' do
+        expect(delete: '/users/sign_out').to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+        expect(delete: destroy_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+      end
+    end
+
+    describe 'GET /users/saml/metadata' do
+      it 'routes to Devise::SamlSessionsController#metadata' do
+        expect(get: '/users/saml/metadata').to route_to(controller: 'devise/saml_sessions', action: 'metadata')
+      end
+    end
+
+    describe 'GET /users/saml/idp_sign_out (IdP-initiated logout)' do
+      it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+        expect(get: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+        expect(get: idp_destroy_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+      end
+    end
+
+    describe 'POST /users/saml/idp_sign_out (IdP-initiated logout)' do
+      it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+        expect(post: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+        expect(post: idp_destroy_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,3 +1,5 @@
+require "fileutils"
+
 RSpec.configure do |config|
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
@@ -28,8 +30,13 @@ RSpec.configure do |config|
     Devise.saml_session_index_key = @original_saml_session_index_key
     Devise.idp_settings_adapter = nil
   end
+
+  config.after :suite do
+    FileUtils.rm_rf($working_directory) if $working_directory
+  end
 end
 
 require 'support/rails_app'
 
+require "action_controller" # https://github.com/heartcombo/responders/pull/95
 require 'devise_saml_authenticatable'

data/spec/support/Gemfile.rails4

@@ -6,26 +6,36 @@ gemspec path: '../..'
 group :test do
   gem 'rspec', '~> 3.0'
   gem 'rails', '~> 4.0'
-  gem 'rspec-rails'
-  gem 'sqlite3'
+  gem 'rspec-rails', '~> 3.9'
+  gem 'sqlite3', '~> 1.3.6'
   gem 'capybara'
   gem 'poltergeist'
 
   # Lock down versions of gems for older versions of Ruby
-  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.0")
-    gem 'addressable', '~> 2.4.0'
-    gem 'mime-types', '~> 2.99'
-    gem 'public_suffix', '~> 1.4.6'
-    gem 'rake', '~> 12.2.0'
-  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.1")
-    gem 'public_suffix', '~> 2.0.5'
-    gem 'rake'
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.1")
+    gem 'rake', '~> 12.2'
   else
     gem 'rake'
   end
 
   if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.1")
     gem 'devise', '~> 3.5'
+    gem 'minitest', '~> 5.11.0'
     gem 'nokogiri', '~> 1.6.8'
+    gem 'public_suffix', '~> 2.0.5'
+  end
+
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.1")
+    gem 'responders', '~> 1.0'
+  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
+    gem 'responders', '~> 2.0'
+  end
+
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.2")
+    gem 'byebug', '~> 9.0'
+  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.3")
+    gem 'byebug', '~> 10.0'
+  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
+    gem 'byebug', '~> 11.0.0'
   end
 end

data/spec/support/Gemfile.rails5

@@ -7,8 +7,19 @@ group :test do
   gem 'rake'
   gem 'rspec', '~> 3.0'
   gem 'rails', '~> 5.0.0'
-  gem 'rspec-rails'
-  gem 'sqlite3'
+  gem 'rspec-rails', '~> 3.9'
+  gem 'sqlite3', '~> 1.3.6'
   gem 'capybara'
   gem 'poltergeist'
+
+  # Lock down versions of gems for older versions of Ruby
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
+    gem 'responders', '~> 2.4'
+  end
+
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.3")
+    gem 'byebug', '~> 10.0'
+  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
+    gem 'byebug', '~> 11.0.0'
+  end
 end

data/spec/support/Gemfile.rails5.1

@@ -0,0 +1,25 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_saml_authenticatable.gemspec
+gemspec path: '../..'
+
+group :test do
+  gem 'rake'
+  gem 'rspec', '~> 3.0'
+  gem 'rails', '~> 5.1.0'
+  gem 'rspec-rails', '~> 3.9'
+  gem 'sqlite3', '~> 1.3.6'
+  gem 'capybara'
+  gem 'poltergeist'
+
+  # Lock down versions of gems for older versions of Ruby
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
+    gem 'responders', '~> 2.4'
+  end
+
+  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.3")
+    gem 'byebug', '~> 10.0'
+  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
+    gem 'byebug', '~> 11.0.0'
+  end
+end