devise_saml_authenticatable 1.6.1 → 1.8.0

data/spec/devise_saml_authenticatable/saml_config_spec.rb

@@ -1,6 +1,9 @@
 require 'spec_helper'
+require 'support/ruby_saml_support'
 
 describe DeviseSamlAuthenticatable::SamlConfig do
+  include RubySamlSupport
+
   let(:saml_config) { controller.saml_config }
   let(:controller) { Class.new { include DeviseSamlAuthenticatable::SamlConfig }.new }
 
@@ -26,32 +29,54 @@ describe DeviseSamlAuthenticatable::SamlConfig do
       let(:saml_config) { controller.saml_config(idp_entity_id) }
       let(:idp_providers_adapter) {
         Class.new {
+          extend RubySamlSupport
+
           def self.settings(idp_entity_id)
             #some hash of stuff (by doing a fetch, in our case, but could also be a giant hash keyed by idp_entity_id)
             if idp_entity_id == "http://www.example.com"
-              {
+              base = {
                 assertion_consumer_service_url: "acs_url",
                 assertion_consumer_service_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
                 name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
                 issuer: "sp_issuer",
                 idp_entity_id: "http://www.example.com",
                 authn_context: "",
-                idp_slo_target_url: "idp_slo_url",
-                idp_sso_target_url: "idp_sso_url",
                 idp_cert: "idp_cert"
               }
+              with_ruby_saml_1_12_or_greater(proc {
+                base.merge!(
+                  idp_slo_service_url: "idp_slo_url",
+                  idp_sso_service_url: "idp_sso_url",
+                )
+              }, else_do: proc {
+                base.merge!(
+                  idp_slo_target_url: "idp_slo_url",
+                  idp_sso_target_url: "idp_sso_url",
+                )
+              })
+              base
             elsif idp_entity_id == "http://www.example.com_other"
-              {
+              base = {
                 assertion_consumer_service_url: "acs_url_other",
                 assertion_consumer_service_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST_other",
                 name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress_other",
                 issuer: "sp_issuer_other",
                 idp_entity_id: "http://www.example.com_other",
                 authn_context: "_other",
-                idp_slo_target_url: "idp_slo_url_other",
-                idp_sso_target_url: "idp_sso_url_other",
                 idp_cert: "idp_cert_other"
               }
+              with_ruby_saml_1_12_or_greater(proc {
+                base.merge!(
+                  idp_slo_service_url: "idp_slo_url_other",
+                  idp_sso_service_url: "idp_sso_url_other",
+                )
+              }, else_do: proc {
+                base.merge!(
+                  idp_slo_target_url: "idp_slo_url_other",
+                  idp_sso_target_url: "idp_sso_url_other",
+                )
+              })
+              base
             else
               {}
             end
@@ -63,7 +88,11 @@ describe DeviseSamlAuthenticatable::SamlConfig do
         let(:idp_entity_id) { "http://www.example.com" }
         it "uses the settings from the adapter for that idp" do
           expect(saml_config.idp_entity_id).to eq (idp_entity_id)
-          expect(saml_config.idp_sso_target_url).to eq ("idp_sso_url")
+          with_ruby_saml_1_12_or_greater(proc {
+            expect(saml_config.idp_sso_service_url).to eq('idp_sso_url')
+          }, else_do: proc {
+            expect(saml_config.idp_sso_target_url).to eq('idp_sso_url')
+          })
           expect(saml_config.class).to eq OneLogin::RubySaml::Settings
         end
       end
@@ -72,7 +101,11 @@ describe DeviseSamlAuthenticatable::SamlConfig do
         let(:idp_entity_id) { "http://www.example.com_other" }
         it "returns the other idp settings" do
           expect(saml_config.idp_entity_id).to eq (idp_entity_id)
-          expect(saml_config.idp_sso_target_url).to eq ("idp_sso_url_other")
+          with_ruby_saml_1_12_or_greater(proc {
+            expect(saml_config.idp_sso_service_url).to eq('idp_sso_url_other')
+          }, else_do: proc {
+            expect(saml_config.idp_sso_target_url).to eq('idp_sso_url_other')
+          })
           expect(saml_config.class).to eq OneLogin::RubySaml::Settings
         end
       end
@@ -80,11 +113,8 @@ describe DeviseSamlAuthenticatable::SamlConfig do
   end
 
   context "when config/idp.yml exists" do
-    before do
-      allow(Rails).to receive(:env).and_return("environment")
-      allow(Rails).to receive(:root).and_return("/railsroot")
-      allow(File).to receive(:exists?).with("/railsroot/config/idp.yml").and_return(true)
-      allow(File).to receive(:read).with("/railsroot/config/idp.yml").and_return(<<-IDP)
+    let(:idp_yaml) {
+      yaml = <<-IDP
 ---
 environment:
   assertion_consumer_logout_service_binding: assertion_consumer_logout_service_binding
@@ -104,8 +134,6 @@ environment:
   idp_cert_fingerprint: idp_cert_fingerprint
   idp_cert_fingerprint_algorithm: idp_cert_fingerprint_algorithm
   idp_entity_id: idp_entity_id
-  idp_slo_target_url: idp_slo_target_url
-  idp_sso_target_url: idp_sso_target_url
   issuer: issuer
   name_identifier_format: name_identifier_format
   name_identifier_value: name_identifier_value
@@ -116,6 +144,20 @@ environment:
   sessionindex: sessionindex
   sp_name_qualifier: sp_name_qualifier
       IDP
+    with_ruby_saml_1_12_or_greater(proc { yaml << <<SERVICE_URLS }, else_do: proc { yaml << <<TARGET_URLS })
+  idp_slo_service_url: idp_slo_service_url
+  idp_sso_service_url: idp_sso_service_url
+SERVICE_URLS
+  idp_slo_target_url: idp_slo_service_url
+  idp_sso_target_url: idp_sso_service_url
+TARGET_URLS
+      yaml
+    }
+    before do
+      allow(Rails).to receive(:env).and_return("environment")
+      allow(Rails).to receive(:root).and_return("/railsroot")
+      allow(File).to receive(:exists?).with("/railsroot/config/idp.yml").and_return(true)
+      allow(File).to receive(:read).with("/railsroot/config/idp.yml").and_return(idp_yaml)
     end
 
     it "uses that file's contents" do
@@ -136,8 +178,13 @@ environment:
       expect(saml_config.idp_cert_fingerprint).to eq('idp_cert_fingerprint')
       expect(saml_config.idp_cert_fingerprint_algorithm).to eq('idp_cert_fingerprint_algorithm')
       expect(saml_config.idp_entity_id).to eq('idp_entity_id')
-      expect(saml_config.idp_slo_target_url).to eq('idp_slo_target_url')
-      expect(saml_config.idp_sso_target_url).to eq('idp_sso_target_url')
+      with_ruby_saml_1_12_or_greater(proc {
+        expect(saml_config.idp_slo_service_url).to eq('idp_slo_service_url')
+        expect(saml_config.idp_sso_service_url).to eq('idp_sso_service_url')
+      }, else_do: proc {
+        expect(saml_config.idp_slo_target_url).to eq('idp_slo_service_url')
+        expect(saml_config.idp_sso_target_url).to eq('idp_sso_service_url')
+      })
       expect(saml_config.issuer).to eq('issuer')
       expect(saml_config.name_identifier_format).to eq('name_identifier_format')
       expect(saml_config.name_identifier_value).to eq('name_identifier_value')

data/spec/devise_saml_authenticatable/strategy_spec.rb

@@ -1,6 +1,9 @@
 require 'rails_helper'
+require 'support/ruby_saml_support'
 
 describe Devise::Strategies::SamlAuthenticatable do
+  include RubySamlSupport
+
   subject(:strategy) { described_class.new(env, :user) }
   let(:env) { {} }
   let(:errors) { ["Test1", "Test2"] }
@@ -16,7 +19,7 @@ describe Devise::Strategies::SamlAuthenticatable do
   let(:user) { double(:user) }
   before do
     allow(strategy).to receive(:mapping).and_return(mapping)
-    allow(user).to receive(:after_saml_authentication)
+    allow(user).to(receive(:after_saml_authentication)) if user
   end
 
   let(:params) { {} }
@@ -54,17 +57,27 @@ describe Devise::Strategies::SamlAuthenticatable do
       let(:idp_providers_adapter) {
         Class.new {
           def self.settings(idp_entity_id)
-            {
+            base = {
               assertion_consumer_service_url: "acs_url",
               assertion_consumer_service_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
               name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
               issuer: "sp_issuer",
               idp_entity_id: "http://www.example.com",
               authn_context: "",
-              idp_slo_target_url: "idp_slo_url",
-              idp_sso_target_url: "http://idp_sso_url",
               idp_cert: "idp_cert"
             }
+            with_ruby_saml_1_12_or_greater(proc {
+              base.merge!(
+                idp_slo_service_url: "idp_slo_url",
+                idp_sso_service_url: "http://idp_sso_url",
+              )
+            }, else_do: proc {
+              base.merge!(
+                idp_slo_target_url: "idp_slo_url",
+                idp_sso_target_url: "http://idp_sso_url",
+              )
+            })
+            base
           end
         }
       }
@@ -93,8 +106,10 @@ describe Devise::Strategies::SamlAuthenticatable do
       let(:user) { nil }
 
       it "fails to authenticate" do
-        expect(strategy).to receive(:fail!).with(:invalid)
         strategy.authenticate!
+        expect(strategy).to be_halted
+        expect(strategy.message).to be(:invalid)
+        expect(strategy.result).to be(:failure)
       end
 
       it 'logs the error' do
@@ -152,6 +167,40 @@ describe Devise::Strategies::SamlAuthenticatable do
         strategy.authenticate!
       end
     end
+
+    context "when saml_validate_in_response_to is opted-in to" do
+      let(:transaction_id) { "abc123" }
+
+      before do
+        allow(Devise).to receive(:saml_validate_in_response_to).and_return(true)
+        allow_any_instance_of(ActionDispatch::Request).to receive(:session).and_return(session)
+      end
+
+      context "when the session has a saml_transaction_id" do
+        let(:session) { { saml_transaction_id: transaction_id }}
+
+        it "is valid with the matches_request_id parameter" do
+          expect(OneLogin::RubySaml::Response).to receive(:new).with(params[:SAMLResponse], hash_including(matches_request_id: transaction_id))
+          expect(strategy).to be_valid
+        end
+
+        it "authenticates with the matches_request_id parameter" do
+          expect(OneLogin::RubySaml::Response).to receive(:new).with(params[:SAMLResponse], hash_including(matches_request_id: transaction_id))
+
+          expect(strategy).to receive(:success!).with(user)
+          strategy.authenticate!
+        end
+      end
+
+      context "when the session is missing a saml_transaction_id" do
+        let(:session) { { } }
+
+        it "uses 'ID_MISSING' for matches_request_id so validation will fail" do
+          expect(OneLogin::RubySaml::Response).to receive(:new).with(params[:SAMLResponse], hash_including(matches_request_id: "ID_MISSING"))
+          strategy.authenticate!
+        end
+      end
+    end
   end
 
   it "is not valid without a SAMLResponse parameter" do

data/spec/features/saml_authentication_spec.rb

@@ -3,8 +3,21 @@ require 'net/http'
 require 'timeout'
 require 'uri'
 require 'capybara/rspec'
-require 'capybara/poltergeist'
-Capybara.default_driver = :poltergeist
+require 'selenium-webdriver'
+
+Capybara.register_driver :chrome do |app|
+  options = Selenium::WebDriver::Chrome::Options.new
+  options.add_argument('--headless')
+  options.add_argument('--allow-insecure-localhost')
+  options.add_argument('--ignore-certificate-errors')
+
+  Capybara::Selenium::Driver.new(
+    app,
+    browser: :chrome,
+    capabilities: [options]
+  )
+end
+Capybara.default_driver = :chrome
 Capybara.server = :webrick
 
 describe "SAML Authentication", type: :feature do
@@ -141,7 +154,7 @@ describe "SAML Authentication", type: :feature do
   context "when the idp_settings_adapter key is set" do
     before(:each) do
       create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "false")
-      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'IDP_SETTINGS_ADAPTER' => "IdpSettingsAdapter", 'IDP_ENTITY_ID_READER' => "OurEntityIdReader")
+      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'IDP_SETTINGS_ADAPTER' => '"IdpSettingsAdapter"', 'IDP_ENTITY_ID_READER' => '"OurEntityIdReader"')
 
       # use a different port for this entity ID; configured in spec/support/idp_settings_adapter.rb.erb
       @idp_pid = start_app('idp', 8010)
@@ -165,7 +178,7 @@ describe "SAML Authentication", type: :feature do
     let(:valid_destination) { "true" }
     before(:each) do
       create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "false", 'VALID_DESTINATION' => valid_destination)
-      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'SAML_FAILED_CALLBACK' => "OurSamlFailedCallbackHandler")
+      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'SAML_FAILED_CALLBACK' => '"OurSamlFailedCallbackHandler"')
 
       @idp_pid = start_app('idp', idp_port)
       @sp_pid  = start_app('sp',  sp_port)
@@ -204,7 +217,7 @@ describe "SAML Authentication", type: :feature do
       )
       create_app(
         "sp",
-        "ATTRIBUTE_MAP_RESOLVER" => "AttributeMapResolver",
+        "ATTRIBUTE_MAP_RESOLVER" => '"AttributeMapResolver"',
         "USE_SUBJECT_TO_AUTHENTICATE" => "true",
       )
       @idp_pid = start_app("idp", idp_port)
@@ -224,7 +237,7 @@ describe "SAML Authentication", type: :feature do
   end
 
   def sign_in(entity_id: "")
-    visit "http://localhost:8020/users/saml/sign_in/?entity_id=#{URI.escape(entity_id)}"
+    visit "http://localhost:8020/users/saml/sign_in/?entity_id=#{URI.encode_www_form_component(entity_id)}"
     fill_in "Email", with: "you@example.com"
     fill_in "Password", with: "asdf"
     click_on "Sign in"

data/spec/support/Gemfile.rails5.2

@@ -6,20 +6,9 @@ gemspec path: '../..'
 group :test do
   gem 'rake'
   gem 'rspec', '~> 3.0'
-  gem 'rails', '~> 5.2'
+  gem 'rails', '~> 5.2.0'
   gem 'rspec-rails', '~> 3.9'
   gem 'sqlite3', '~> 1.3.6'
   gem 'capybara'
-  gem 'poltergeist'
-
-  # Lock down versions of gems for older versions of Ruby
-  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
-    gem 'responders', '~> 2.4'
-  end
-
-  if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.3")
-    gem 'byebug', '~> 10.0'
-  elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
-    gem 'byebug', '~> 11.0.0'
-  end
+  gem 'selenium-webdriver'
 end

data/spec/support/Gemfile.rails6

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_saml_authenticatable.gemspec
+gemspec path: '../..'
+
+group :test do
+  gem 'rake'
+  gem 'rspec', '~> 3.0'
+  gem 'rails', '~> 6.0.0'
+  gem 'rspec-rails', '~> 5.0'
+  gem 'sqlite3', '~> 1.4.0'
+  gem 'capybara'
+  gem 'selenium-webdriver'
+
+  if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.0")
+    gem 'webrick'
+  end
+end

data/spec/support/Gemfile.rails6.1

@@ -0,0 +1,24 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_saml_authenticatable.gemspec
+gemspec path: '../..'
+
+group :test do
+  gem 'rake'
+  gem 'rspec', '~> 3.0'
+  gem 'rails', '~> 6.1.0'
+  gem 'rspec-rails', '~> 5.0'
+  gem 'sqlite3', '~> 1.4.0'
+  gem 'capybara'
+  gem 'selenium-webdriver'
+
+  if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.0")
+    gem 'webrick'
+  end
+
+  if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1")
+    gem 'net-smtp', require: false
+    gem 'net-imap', require: false
+    gem 'net-pop', require: false
+  end
+end

data/spec/support/idp_settings_adapter.rb.erb

@@ -1,17 +1,27 @@
 class IdpSettingsAdapter
   def self.settings(idp_entity_id)
     if idp_entity_id == "http://localhost:8020/saml/metadata"
-      {
-          assertion_consumer_service_url: "http://localhost:8020/users/saml/auth",
-          assertion_consumer_service_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
-          name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
-          issuer: "sp_issuer",
-          idp_entity_id: "http://localhost:8020/saml/metadata",
-          authn_context: "",
+      base = {
+        assertion_consumer_service_url: "http://localhost:8020/users/saml/auth",
+        assertion_consumer_service_binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+        name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
+        issuer: "sp_issuer",
+        idp_entity_id: "http://localhost:8020/saml/metadata",
+        authn_context: "",
+        idp_cert_fingerprint: "9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D"
+      }
+      if Gem::Version.new(OneLogin::RubySaml::VERSION) >= Gem::Version.new("1.12.0")
+        base.merge!(
+          idp_slo_service_url: "http://localhost:8010/saml/logout",
+          idp_sso_service_url: "http://localhost:8010/saml/auth",
+        )
+      else
+        base.merge!(
           idp_slo_target_url: "http://localhost:8010/saml/logout",
           idp_sso_target_url: "http://localhost:8010/saml/auth",
-          idp_cert_fingerprint: "9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D"
-      }
+        )
+      end
+      base
     else
       {}
     end

data/spec/support/idp_template.rb

@@ -5,22 +5,14 @@
 @include_subject_in_attributes = ENV.fetch('INCLUDE_SUBJECT_IN_ATTRIBUTES')
 @valid_destination = ENV.fetch('VALID_DESTINATION', "true")
 
-if Rails::VERSION::MAJOR < 5 || (Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR < 2)
-  gsub_file 'config/secrets.yml', /secret_key_base:.*$/, 'secret_key_base: "34814fd41f91c493b89aa01ac73c44d241a31245b5bc5542fa4b7317525e1dcfa60ba947b3d085e4e229456fdee0d8af6aac6a63cf750d807ea6fe5d853dff4a"'
-end
-
-gem 'ruby-saml-idp', '~> 0.3.3'
+gem 'stub_saml_idp'
 gem 'thin'
 
-insert_into_file('Gemfile', after: /\z/) {
-  <<-GEMFILE
-# Lock down versions of gems for older versions of Ruby
-if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.1")
-  gem 'devise', '~> 3.5'
-  gem 'nokogiri', '~> 1.6.8'
+if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1")
+  gem 'net-smtp', require: false
+  gem 'net-imap', require: false
+  gem 'net-pop', require: false
 end
-  GEMFILE
-}
 
 route "get '/saml/auth' => 'saml_idp#new'"
 route "post '/saml/auth' => 'saml_idp#create'"

data/spec/support/rails_app.rb

@@ -19,14 +19,13 @@ end
 
 def create_app(name, env = {})
   puts "[#{name}] Creating Rails app"
-  rails_new_options = %w[-T -J -S --skip-spring --skip-listen --skip-bootsnap]
+  rails_new_options = %w[-A -G -C -T -J -S --skip-spring --skip-listen --skip-bootsnap --skip-action-mailbox --skip-jbuilder --skip-active-storage]
   rails_new_options << "-O" if name == "idp"
-  with_clean_env do
-    Dir.chdir(working_directory) do
-      FileUtils.rm_rf(name)
-      puts("rails _#{Rails.version}_ new #{name} #{rails_new_options.join(" ")} -m #{File.expand_path("../#{name}_template.rb", __FILE__)}")
-      system(env, "rails", "_#{Rails.version}_", "new", name, *rails_new_options, "-m", File.expand_path("../#{name}_template.rb", __FILE__))
-    end
+  env.merge!("RUBY_SAML_VERSION" => OneLogin::RubySaml::VERSION)
+  Dir.chdir(working_directory) do
+    FileUtils.rm_rf(name)
+    puts("[#{working_directory}] rails _#{Rails.version}_ new #{name} #{rails_new_options.join(" ")} -m #{File.expand_path("../#{name}_template.rb", __FILE__)}")
+    system(env, "rails", "_#{Rails.version}_", "new", name, *rails_new_options, "-m", File.expand_path("../#{name}_template.rb", __FILE__))
   end
 end
 

data/spec/support/ruby_saml_support.rb

@@ -0,0 +1,10 @@
+module RubySamlSupport
+  VERSION_1_12 = Gem::Version.new("1.12.0")
+  def with_ruby_saml_1_12_or_greater(body, args = {else_do: nil})
+    if Gem::Version.new(OneLogin::RubySaml::VERSION) >= VERSION_1_12
+      body.call
+    else
+      args[:else_do].call
+    end
+  end
+end

data/spec/support/saml_idp_controller.rb.erb

@@ -1,4 +1,4 @@
-class SamlIdpController < SamlIdp::IdpController
+class SamlIdpController < StubSamlIdp::IdpController
   def new
     if session[:user_id]
       @saml_response = idp_make_saml_response(session[:user_id])
@@ -79,13 +79,8 @@ class SamlIdpController < SamlIdp::IdpController
   end
 
   # == SLO functionality, see https://github.com/lawrencepit/ruby-saml-idp/pull/10
-  <% if Rails::VERSION::MAJOR < 5 %>
-  skip_before_filter :validate_saml_request, :only => [:logout, :sp_sign_out]
-  before_filter :validate_saml_slo_request, :only => [:logout]
-  <% else %>
   skip_before_action :validate_saml_request, :only => [:logout, :sp_sign_out]
   before_action :validate_saml_slo_request, :only => [:logout]
-  <% end %>
 
   public
 

data/spec/support/sp_template.rb

@@ -6,28 +6,20 @@ attribute_map_resolver = ENV.fetch("ATTRIBUTE_MAP_RESOLVER", "nil")
 saml_session_index_key = ENV.fetch('SAML_SESSION_INDEX_KEY', ":session_index")
 use_subject_to_authenticate = ENV.fetch('USE_SUBJECT_TO_AUTHENTICATE')
 idp_settings_adapter = ENV.fetch('IDP_SETTINGS_ADAPTER', "nil")
-idp_entity_id_reader = ENV.fetch('IDP_ENTITY_ID_READER', "DeviseSamlAuthenticatable::DefaultIdpEntityIdReader")
+idp_entity_id_reader = ENV.fetch('IDP_ENTITY_ID_READER', '"DeviseSamlAuthenticatable::DefaultIdpEntityIdReader"')
 saml_failed_callback = ENV.fetch('SAML_FAILED_CALLBACK', "nil")
-
-if Rails::VERSION::MAJOR < 5 || (Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR < 2)
-  gsub_file 'config/secrets.yml', /secret_key_base:.*$/, 'secret_key_base: "8b5889df1fcf03f76c7d66da02d8776bcc85b06bed7d9c592f076d9c8a5455ee6d4beae45986c3c030b40208db5e612f2a6ef8283036a352e3fae83c5eda36be"'
-end
+ruby_saml_version = ENV.fetch("RUBY_SAML_VERSION")
 
 gem 'devise_saml_authenticatable', path: File.expand_path("../../..", __FILE__)
-gem 'ruby-saml', OneLogin::RubySaml::VERSION
+gem 'ruby-saml', ruby_saml_version
 gem 'thin'
 
-insert_into_file('Gemfile', after: /\z/) {
-  <<-GEMFILE
-# Lock down versions of gems for older versions of Ruby
-if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.1")
-  gem 'devise', '~> 3.5'
-  gem 'nokogiri', '~> 1.6.8'
-elsif Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("2.4")
-  gem 'responders', '~> 2.4'
+if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1")
+  gem 'net-smtp', require: false
+  gem 'net-imap', require: false
+  gem 'net-pop', require: false
 end
-  GEMFILE
-}
+
 if Rails::VERSION::MAJOR < 6
   # sqlite3 is hard-coded in Rails < 6 to v1.3.x
   gsub_file 'Gemfile', /^gem 'sqlite3'.*$/, "gem 'sqlite3', '~> 1.3.6'"
@@ -92,13 +84,24 @@ after_bundle do
   config.saml_configure do |settings|
     settings.assertion_consumer_service_url = "http://localhost:8020/users/saml/auth"
     settings.issuer = "http://localhost:8020/saml/metadata"
-    settings.idp_slo_target_url = "http://localhost:8009/saml/logout"
-    settings.idp_sso_target_url = "http://localhost:8009/saml/auth"
     settings.idp_cert_fingerprint = "9E:65:2E:03:06:8D:80:F2:86:C7:6C:77:A1:D9:14:97:0A:4D:F4:4D"
     settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
   end
 end
   CONFIG
+  if Gem::Version.new(ruby_saml_version) >= Gem::Version.new("1.12.0")
+    gsub_file 'config/initializers/devise.rb', /^  config\.saml_configure do \|settings\|$/, <<CONFIG
+  config.saml_configure do |settings|
+    settings.idp_slo_service_url = "http://localhost:8009/saml/logout"
+    settings.idp_sso_service_url = "http://localhost:8009/saml/auth"
+CONFIG
+  else
+    gsub_file 'config/initializers/devise.rb', /^  config\.saml_configure do \|settings\|$/, <<CONFIG
+  config.saml_configure do |settings|
+    settings.idp_slo_target_url = "http://localhost:8009/saml/logout"
+    settings.idp_sso_target_url = "http://localhost:8009/saml/auth"
+CONFIG
+  end
 
   generate :controller, 'home', 'index'
   insert_into_file('app/controllers/home_controller.rb', after: "class HomeController < ApplicationController\n") {

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_saml_authenticatable
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 1.8.0
 platform: ruby
 authors:
 - Josef Sauter
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-14 00:00:00.000000000 Z
+date: 2022-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -45,9 +45,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".ruby-version"
 - Gemfile
 - LICENSE
 - README.md
@@ -78,16 +79,16 @@ files:
 - spec/rails_helper.rb
 - spec/routes/routes_spec.rb
 - spec/spec_helper.rb
-- spec/support/Gemfile.rails4
-- spec/support/Gemfile.rails5
-- spec/support/Gemfile.rails5.1
 - spec/support/Gemfile.rails5.2
+- spec/support/Gemfile.rails6
+- spec/support/Gemfile.rails6.1
 - spec/support/attribute-map.yml
 - spec/support/attribute_map_resolver.rb.erb
 - spec/support/idp_settings_adapter.rb.erb
 - spec/support/idp_template.rb
 - spec/support/rails_app.rb
 - spec/support/response_encrypted_nameid.xml.base64
+- spec/support/ruby_saml_support.rb
 - spec/support/saml_idp-saml_slo_post.html.erb
 - spec/support/saml_idp_controller.rb.erb
 - spec/support/sp_template.rb
@@ -110,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: SAML Authentication for devise
@@ -126,16 +127,16 @@ test_files:
 - spec/rails_helper.rb
 - spec/routes/routes_spec.rb
 - spec/spec_helper.rb
-- spec/support/Gemfile.rails4
-- spec/support/Gemfile.rails5
-- spec/support/Gemfile.rails5.1
 - spec/support/Gemfile.rails5.2
+- spec/support/Gemfile.rails6
+- spec/support/Gemfile.rails6.1
 - spec/support/attribute-map.yml
 - spec/support/attribute_map_resolver.rb.erb
 - spec/support/idp_settings_adapter.rb.erb
 - spec/support/idp_template.rb
 - spec/support/rails_app.rb
 - spec/support/response_encrypted_nameid.xml.base64
+- spec/support/ruby_saml_support.rb
 - spec/support/saml_idp-saml_slo_post.html.erb
 - spec/support/saml_idp_controller.rb.erb
 - spec/support/sp_template.rb