devise_saml_authenticatable 1.2.1 → 1.2.2

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    YzUzNzQwNTZmMTVkNDAyZDc5NmM1OTUxMzIyNGJjYTdlOTJkZDljZQ==
-  data.tar.gz: !binary |-
-    MDY1NTJiZTA4NjhlOTc2YmM2ZjlhYWMxNDcyMDNiMzUxMTBiNTBkNA==
+SHA1:
+  metadata.gz: d2e501ba6f2facaaa55601864a66fbf5799f2b93
+  data.tar.gz: 644a41f1ef4dafdac806600b8a5646e3a00acbf6
 SHA512:
-  metadata.gz: !binary |-
-    MDkxOWU4OTc5NWNhNDQ4ZDc3NThhZDc1ZDhkZjc2MzNlMTZmYTI0NTk3MGJk
-    NjMwMTg4YWVhMDQyM2NhNWVkYzNiY2JmYWViNzY5ZWJjN2FkMzk2ZGExNzlh
-    ZGMzNzU0NWU2MDZiZjM5MTMxNTNkZjA1MGUxZTgwOTljYTNhODE=
-  data.tar.gz: !binary |-
-    ZDYzODA0NzBlMWFmMjNhMjZmNzE4ZjBmMDllYzkyMzM3YWYxOGY4NTNiMTEy
-    ZTJhYjZmYTg4MDY5MDAyZmVmYzkzYWMzNjY0YzRkZGQxMzZlOWJkMzkwMzQx
-    NDYxMzAwMDU0OTE1ZTZlYWI5MTE3YzJlZjU1YzM4NjkxY2M3YmE=
+  metadata.gz: a4096feb553134033f04079e7c10a1ace113fc048f79dbf712ee0fe5b478ce6696ccd4434c5c05f4aecced1c55e79f13415027bfa613ca2937a216e8bb6949cd
+  data.tar.gz: 20c0f29acc30f4db788fa8ada4bfbff4df88421d48403f52b39cdb9876f1907be732a3641a0d9cdd7e3997f63809f71894769e8791014183a226333bedc2353e

data/.rspec

@@ -1,2 +1,3 @@
 --color
+--format doc
 --require spec_helper

data/.travis.yml

@@ -11,7 +11,7 @@ script:
 notifications:
   hipchat:
     rooms:
-      secure: eWahLFbtvZaJgulhDdnmbIxtSnl2lGR4zHqcJ6d7ExG0HzfxzCknHkau4YfqhANRa3+e66F4rCNoU3+db1EKE5jij7+oIOgRHAmVwLi9WRswzb7NQfWV0/PyUjdF6T7Ac/sfQRkFIDTUL2npYMr2zTQnjDcYrT7e0IkRxNA3VXWogzhqnC4sXKLr8j9zLLw5BdFfELcJD021Rpd7O1EmAt+hahxaJCipyXV2l/kDANR24jnlXgaQn8HJwgRXsBARAQe1QgApnrmbqnGnWc4T1GbI7kExsKGCUbHxYBOp+99m25T6MK66xnvRltwKaUeMXuUyWRZtmAV3LlbACRMX3n5qkDqg8P2OPNvWWua84hkRmUNUska7YrSLX7aCWvGfA6Vr1INnsueLl5sYjHhHZnaS8Wl0iC9ltxBUY4ikg1QlHSghXFQvMC5UAROJ2x7BHGV3kDRTc52ZLdy5BDuJrf/OFEhpuTp+HQALmEKkcJKFUdBn8Cu20wF0pF8o5XvYnSozuqytJKP+b/3+U0X4SEYqbkYCi/PcSnXTtSTIl0+7uxmEBCwPKpXRkkCfVsLqIVUkyVj1d1qIxG8Zbikn5NxK6USV5+Zl4KTDFUVD4r4T8fXCV09+8q0t/uyVjCDv3g1vGRcHvxQyDiLrs7q4DL3GNQY3trrEQ6WneA8nsLw=
+      secure: cuDak5a6fBeg+sp61COqxQfzdcFEsjwCqtwvCISso0RNh5SR8v+uVYKcA8rlK+GE1l9uR7tLRHeHF3ZmzvFSOat07NvpScvjZXi+OSpWlc6rwQ6Pl6bBP6gu6sREiKVe0eT/uGrvJloyWKZaXIhiiBzQ+ZERx/ssGA9WMmNkhlwy1OgGnPNurNNHZLBjEZn1V6kdyxiXx6QPASNpjNEgN1G8dUh3qzcWUGVQGNZSJk65A6ie1MveNyecTjDhw+ADBU8nS28Ja4y6ohRm4FzofSgespYrvfygIZ5rYF0HPMj5FW1ZDWtM5355ojCk8RLT+ZkuhssCn1OJk7ogaOVjnYcOFRxEfpu3eIbjtMmUz3j4umatFqbgas+6SXMVIPkr5HUoTrP8HNFssIpcEBOnPwAF8QCpx+daHc0r2cc8lGuXhtJfpW0P2F0dmwJNiQ7//nz2y2xs84x4Gb7MV9tEDYp0FqEClMuFBkPNizBljarm04PkiLSrqvR52aMDfQz7YAX2oXAvFjPzI1GC0K8x7xX8TuHT9yuHy7fI+rUSNivZYLKO+IEZqPPDdJpXISUbVwanZoNvmQYk5PZV21MfDSGwQrz8eO/uFiAblj18yIlNbAfb2hdZDVYsm4EvWxELJtfaTxgrj6M3Y3m/KbCbCoDp+2jE307M2rxL0Gum2gk=
     template:
       - '%{repository}<a href="%{build_url}">#%{build_number}</a> (%{branch} - <a href="%{compare_url}">%{commit}</a> : %{author}): %{message}'
     format: html

data/Gemfile

@@ -6,9 +6,8 @@ gemspec
 group :test do
   gem 'rake'
   gem 'rspec', '~> 3.0'
-  gem 'rails'
+  gem 'rails', '~> 4.0'
   gem 'rspec-rails'
   gem 'sqlite3'
   gem 'capybara-webkit'
 end
-

data/README.md

@@ -127,9 +127,9 @@ Logout support is included by immediately terminating the local session and then
 Logout requests from the IDP are supported by the `idp_sign_out` end point.  Directing logout requests to `users/saml/idp_sign_out` will logout the respective user by invalidating their current sessions.
 `saml_session_index_key` must be configured to support this feature.
 
-## Limitations
+## Signing and Encrypting Authentication Requests
 
-1. The Authentication Requests (from your app to the IdP) are not signed and encrypted
+ruby-saml 1.0.0 supports signature and decrypt. Teh only requirement is to place the public certificate and the private key. Please reffer to these features in the ruby-saml documentation [here](https://github.com/onelogin/ruby-saml#signing)
 
 ## Thanks
 

data/app/controllers/devise/saml_sessions_controller.rb

@@ -3,23 +3,22 @@ require "ruby-saml"
 class Devise::SamlSessionsController < Devise::SessionsController
   include DeviseSamlAuthenticatable::SamlConfig
   unloadable if Rails::VERSION::MAJOR < 4
-  before_filter :get_saml_config
   skip_before_filter :verify_authenticity_token
 
   def new
     request = OneLogin::RubySaml::Authrequest.new
-    action = request.create(@saml_config)
+    action = request.create(saml_config)
     redirect_to action
   end
-      
+
   def metadata
     meta = OneLogin::RubySaml::Metadata.new
-    render :xml => meta.generate(@saml_config)
+    render :xml => meta.generate(saml_config)
   end
 
   def idp_sign_out
     if params[:SAMLRequest] && Devise.saml_session_index_key
-      logout_request = OneLogin::RubySaml::SloLogoutrequest.new(params[:SAMLRequest], settings: @saml_config)
+      logout_request = OneLogin::RubySaml::SloLogoutrequest.new(params[:SAMLRequest], settings: saml_config)
       resource_class.reset_session_key_for(logout_request.name_id)
 
       redirect_to generate_idp_logout_response(logout_request)
@@ -42,12 +41,11 @@ class Devise::SamlSessionsController < Devise::SessionsController
   # Override devise to send user to IdP logout for SLO
   def after_sign_out_path_for(_)
     request = OneLogin::RubySaml::Logoutrequest.new
-    request.create(@saml_config)
+    request.create(saml_config)
   end
 
   def generate_idp_logout_response(logout_request)
     logout_request_id = logout_request.id
-    OneLogin::RubySaml::SloLogoutresponse.new.create(@saml_config, logout_request_id, nil)
+    OneLogin::RubySaml::SloLogoutresponse.new.create(saml_config, logout_request_id, nil)
   end
 end
-

data/lib/devise_saml_authenticatable/model.rb

@@ -25,13 +25,15 @@ module Devise
       end
 
       def after_saml_authentication(session_index)
-        if self.respond_to? Devise.saml_session_index_key
+        if Devise.saml_session_index_key && self.respond_to?(Devise.saml_session_index_key)
           self.update_attribute(Devise.saml_session_index_key, session_index)
         end
       end
 
       def authenticatable_salt
-        if self.respond_to?(Devise.saml_session_index_key) && self.send(Devise.saml_session_index_key).present?
+        if Devise.saml_session_index_key &&
+           self.respond_to?(Devise.saml_session_index_key) &&
+           self.send(Devise.saml_session_index_key).present?
           self.send(Devise.saml_session_index_key)
         else
           super

data/lib/devise_saml_authenticatable/saml_config.rb

@@ -1,7 +1,9 @@
 require 'ruby-saml'
 module DeviseSamlAuthenticatable
   module SamlConfig
-    def get_saml_config
+    def saml_config
+      return @saml_config if @saml_config
+
       idp_config_path = "#{Rails.root}/config/idp.yml"
       # Support 0.0.x-style configuration via a YAML file
       if File.exists?(idp_config_path)

data/lib/devise_saml_authenticatable/strategy.rb

@@ -1,4 +1,4 @@
-require 'devise/strategies/authenticatable' 
+require 'devise/strategies/authenticatable'
 
 module Devise
   module Strategies
@@ -6,7 +6,7 @@ module Devise
       include DeviseSamlAuthenticatable::SamlConfig
       def valid?
         if params[:SAMLResponse]
-          response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], get_saml_config)
+          response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], saml_config)
           !(response.response.include? 'LogoutResponse')
         else
           false
@@ -14,7 +14,7 @@ module Devise
       end
 
       def authenticate!
-        @response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], settings: get_saml_config)
+        @response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], settings: saml_config)
         resource = mapping.to.authenticate_with_saml(@response)
         if @response.is_valid? && resource
           resource.after_saml_authentication(@response.sessionindex)

data/lib/devise_saml_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module DeviseSamlAuthenticatable
-  VERSION = "1.2.1"
+  VERSION = "1.2.2"
 end

data/spec/devise_saml_authenticatable/saml_config_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe DeviseSamlAuthenticatable::SamlConfig do
-  subject(:saml_config) { controller.get_saml_config }
+  subject(:saml_config) { controller.saml_config }
   let(:controller) { Class.new { include DeviseSamlAuthenticatable::SamlConfig }.new }
 
   # Replace global config since this test changes it

data/spec/devise_saml_authenticatable/strategy_spec.rb

@@ -11,7 +11,7 @@ describe Devise::Strategies::SamlAuthenticatable do
 
   let(:saml_config) { OneLogin::RubySaml::Settings.new }
   before do
-    allow(strategy).to receive(:get_saml_config).and_return(saml_config)
+    allow(strategy).to receive(:saml_config).and_return(saml_config)
   end
 
   let(:mapping) { double(:mapping, to: user_class) }

data/spec/features/saml_authentication_spec.rb

@@ -63,8 +63,10 @@ describe "SAML Authentication", type: :feature do
       visit 'http://localhost:8020/'
       expect(current_url).to match(%r(\Ahttp://localhost:8009/saml/auth\?SAMLRequest=))
     end
+  end
 
-    it 'logs a user out of the SP via the IpD' do
+  shared_examples_for "it logs a user out via the IdP" do
+    it 'logs a user out of the SP via the IdP' do
       sign_in
 
       visit "http://localhost:#{idp_port}/saml/sp_sign_out"
@@ -76,8 +78,8 @@ describe "SAML Authentication", type: :feature do
 
   context "when the attributes are used to authenticate" do
     before(:each) do
-      create_app('idp', %w(y))
-      create_app('sp', %w(n))
+      create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "true")
+      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "false")
       @idp_pid = start_app('idp', idp_port)
       @sp_pid  = start_app('sp',  sp_port)
     end
@@ -91,8 +93,39 @@ describe "SAML Authentication", type: :feature do
 
   context "when the subject is used to authenticate" do
     before(:each) do
-      create_app('idp', %w(n))
-      create_app('sp', %w(y))
+      create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "false")
+      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true")
+      @idp_pid = start_app('idp', idp_port)
+      @sp_pid  = start_app('sp',  sp_port)
+    end
+    after(:each) do
+      stop_app(@idp_pid)
+      stop_app(@sp_pid)
+    end
+
+    it_behaves_like "it authenticates and creates users"
+  end
+
+  context "when the session index key is set" do
+    before(:each) do
+      create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "false")
+      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'SAML_SESSION_INDEX_KEY' => ":session_index")
+      @idp_pid = start_app('idp', idp_port)
+      @sp_pid  = start_app('sp',  sp_port)
+    end
+    after(:each) do
+      stop_app(@idp_pid)
+      stop_app(@sp_pid)
+    end
+
+    it_behaves_like "it authenticates and creates users"
+    it_behaves_like "it logs a user out via the IdP"
+  end
+
+  context "when the session index key is not set" do
+    before(:each) do
+      create_app('idp', 'INCLUDE_SUBJECT_IN_ATTRIBUTES' => "false")
+      create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "true", 'SAML_SESSION_INDEX_KEY' => "nil")
       @idp_pid = start_app('idp', idp_port)
       @sp_pid  = start_app('sp',  sp_port)
     end

data/spec/rails_helper.rb

@@ -2,7 +2,7 @@ ENV["RAILS_ENV"] ||= 'test'
 
 require 'spec_helper'
 
-create_app('sp', %w(n))
+create_app('sp', 'USE_SUBJECT_TO_AUTHENTICATE' => "false")
 require 'support/sp/config/environment'
 require 'rspec/rails'
 
@@ -17,4 +17,4 @@ end
 Devise.setup do |config|
   config.saml_default_user_key = :email
   config.saml_session_index_key = :session_index
-end
+end

data/spec/support/idp_template.rb

@@ -1,6 +1,6 @@
 # Set up a SAML IdP
 
-@include_subject_in_attributes = ask("Include the subject in the attributes?", limit: %w(y n)) == "y"
+@include_subject_in_attributes = ENV.fetch('INCLUDE_SUBJECT_IN_ATTRIBUTES')
 
 gem 'ruby-saml-idp'
 gem 'thin'
@@ -18,4 +18,4 @@ gsub_file 'config/application.rb', /end[\n\w]*end$/, <<-CONFIG
     config.slo_sp_url = "http://localhost:8020/users/saml/idp_sign_out"
   end
 end
-CONFIG
+CONFIG

data/spec/support/rails_app.rb

@@ -11,24 +11,13 @@ def app_ready?(pid, port)
     system("lsof -i:#{port}", out: '/dev/null')
 end
 
-def create_app(name, answers = [])
+def create_app(name, env = {})
   rails_new_options = %w(-T -J -S --skip-spring)
   rails_new_options << "-O" if name == 'idp'
   Bundler.with_clean_env do
     Dir.chdir(File.expand_path('../../support', __FILE__)) do
       FileUtils.rm_rf(name)
-      Open3.popen3("rails", "new", name, *rails_new_options, "-m", "#{name}_template.rb") do |stdin, stdout, stderr, wait_thread|
-        while answers.any?
-          question = stdout.gets
-          answer = answers.shift
-          stdin.puts answer
-          $stdout.puts "#{question} #{answer}"
-        end
-        wait_thread.join
-
-        $stdout.puts stdout.read
-        $stderr.puts stderr.read
-      end
+      system(env, "rails", "new", name, *rails_new_options, "-m", "#{name}_template.rb")
     end
   end
 end

data/spec/support/sp_template.rb

@@ -1,6 +1,7 @@
 # Set up a SAML Service Provider
 
-use_subject_to_authenticate = ask("Use subject to authenticate?", limit: %w(y n)) == "y"
+saml_session_index_key = ENV.fetch('SAML_SESSION_INDEX_KEY', ":session_index")
+use_subject_to_authenticate = ENV.fetch('USE_SUBJECT_TO_AUTHENTICATE')
 
 gem 'devise_saml_authenticatable', path: '../../..'
 gem 'thin'
@@ -32,7 +33,7 @@ after_bundle do
   generate 'devise:install'
   gsub_file 'config/initializers/devise.rb', /^end$/, <<-CONFIG
   config.saml_default_user_key = :email
-  config.saml_session_index_key = :session_index
+  config.saml_session_index_key = #{saml_session_index_key}
 
   config.saml_use_subject = #{use_subject_to_authenticate}
   config.saml_create_user = true

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: devise_saml_authenticatable
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.2.2
 platform: ruby
 authors:
 - Josef Sauter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-10 00:00:00.000000000 Z
+date: 2016-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>'
+    - - ">"
       - !ruby/object:Gem::Version
         version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
 description: SAML Authentication for devise
@@ -45,9 +45,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -84,12 +84,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []