devise_saml_authenticatable 1.4.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 377131d065bd2670e5830eff8c0cdf75fa221d69
-  data.tar.gz: 9304fbf24d72a198ea36290fe45f25a63be62790
+  metadata.gz: 388799cd1bf9c14ad21b7a042d63957d965ec080
+  data.tar.gz: b5e153ee444879be849e6ddda43e2762a3905092
 SHA512:
-  metadata.gz: 0d4d5fb0973e73ee61052e9ba5f2a34cc5bf721659e32d0b760db46d355648cd1d825e7510278e73f7597aa4fb52c87187270441131bf409baf1308583ccfeb7
-  data.tar.gz: 0749346b7c5d0db06780fe811763eb62ffebb49f0f0d0c5d6de45c69fd04baafb3fd3c8957c95628c403044bfc26b2ee27460db28817c05d3ca5802d58b3842d
+  metadata.gz: 2c304efa473b057a46895b96db3d6d076ebdaa332de7c7d6a3480b86a3ae3e33d17123b5f565d229c5412a9496cc9c549e34960aa119f8a1c18180eea87eb05e
+  data.tar.gz: 40a2dd033fd20cccc2803dc587309be272005a5d84c8e80a0325b038079fcd2deb9b6aad78f8afb30c2462f9952efe1e49ffa100b9187480c5234a6565aaf566

data/.travis.yml

@@ -3,12 +3,14 @@ rvm:
   - "1.9.3"
   - "2.0.0"
   - "2.1.10"
-  - "2.2.9"
-  - "2.3.6"
-  - "2.4.3"
-  - "2.5.0"
+  - "2.2.10"
+  - "2.3.8"
+  - "2.4.5"
+  - "2.5.3"
+  - "2.6.0"
 gemfile:
   - Gemfile
+  - spec/support/Gemfile.rails5.1
   - spec/support/Gemfile.rails5
   - spec/support/Gemfile.rails4
 matrix:
@@ -17,18 +19,26 @@ matrix:
       gemfile: Gemfile
     - rvm: "1.9.3"
       gemfile: spec/support/Gemfile.rails5
+    - rvm: "1.9.3"
+      gemfile: spec/support/Gemfile.rails5.1
     - rvm: "2.0.0"
       gemfile: Gemfile
     - rvm: "2.0.0"
       gemfile: spec/support/Gemfile.rails5
+    - rvm: "2.0.0"
+      gemfile: spec/support/Gemfile.rails5.1
     - rvm: "2.1.10"
       gemfile: Gemfile
     - rvm: "2.1.10"
       gemfile: spec/support/Gemfile.rails5
+    - rvm: "2.1.10"
+      gemfile: spec/support/Gemfile.rails5.1
+    - rvm: "2.6.0"
+      gemfile: spec/support/Gemfile.rails4
 
 before_install:
   # update bundler to avoid https://github.com/travis-ci/travis-ci/issues/5239
-  - gem install bundler
+  - command -v bundle || gem install bundler -v '~> 1.17.3'
 
 script:
   - bundle exec rake

data/README.md

@@ -20,6 +20,10 @@ Or install it yourself as:
 
 ## Usage
 
+Follow the [normal devise installation process](https://github.com/plataformatec/devise/tree/master#getting-started). The controller filters and helpers are unchanged from normal devise usage.
+
+### Configuring Models
+
 In `app/models/<YOUR_MODEL>.rb` set the `:saml_authenticatable` strategy.
 
 In the example the model is `user.rb`:
@@ -32,6 +36,37 @@ In the example the model is `user.rb`:
   end
 ```
 
+### Configuring routes
+
+In `config/routes.rb` add `devise_for` to set up helper methods and routes:
+
+```ruby
+devise_for :users
+```
+
+The named routes can be customized in the initializer config file.
+
+### Configuring the IdP
+
+An extra step in SAML SSO setup is adding your application to your identity provider. The required setup is specific to each IdP, but we have some examples in [our wiki](https://github.com/apokalipto/devise_saml_authenticatable/wiki). You'll need to tell your IdP how to send requests and responses to your application.
+
+- Creating a new session: `/users/saml/auth`
+    - IdPs may call this the "consumer," "recipient," "destination," or even "single sign-on." This is where they send a SAML response for an authenticated user.
+- Metadata: `/users/saml/metadata`
+    - IdPs may call this the "audience."
+- Single Logout: `/users/saml/idp_sign_out`
+    - if desired, you can ask the IdP to send a Logout request to this endpoint to sign the user out of your application when they sign out of the IdP itself.
+
+Your IdP should give you some information you need to configure in [ruby-saml](https://github.com/onelogin/ruby-saml), as in the next section:
+
+- Issuer (`idp_entity_id`)
+- SSO endpoint (`idp_sso_target_url`)
+- SLO endpoint (`idp_slo_target_url`)
+- Certificate fingerprint (`idp_cert_fingerprint`) and algorithm (`idp_cert_fingerprint_algorithm`)
+    - Or the certificate itself (`idp_cert`)
+
+### Configuring handling of IdP requests and responses
+
 In `config/initializers/devise.rb`:
 
 ```ruby
@@ -69,6 +104,12 @@ In `config/initializers/devise.rb`:
     # and implements a #handle method. This method can then redirect the user, return error messages, etc.
     # config.saml_failed_callback = nil
 
+    # You can customize the named routes generated in case of named route collisions with
+    # other Devise modules or libraries. Set the saml_route_helper_prefix to a string that will
+    # be appended to the named route.
+    # If saml_route_helper_prefix = 'saml' then the new_user_session route becomes new_saml_user_session
+    # config.saml_route_helper_prefix = 'saml'
+
     # Configure with your SAML settings (see ruby-saml's README for more information: https://github.com/onelogin/ruby-saml).
     config.saml_configure do |settings|
       # assertion_consumer_service_url is required starting with ruby-saml 1.4.3: https://github.com/onelogin/ruby-saml#updating-from-142-to-143
@@ -79,24 +120,8 @@ In `config/initializers/devise.rb`:
       settings.authn_context                      = ""
       settings.idp_slo_target_url                 = "http://localhost/simplesaml/www/saml2/idp/SingleLogoutService.php"
       settings.idp_sso_target_url                 = "http://localhost/simplesaml/www/saml2/idp/SSOService.php"
-      settings.idp_cert                           = <<-CERT.chomp
------BEGIN CERTIFICATE-----
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111_______IDP_CERTIFICATE________111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-1111111111111111111111111111111111111111111111111111111111111111
-111111111111111111
------END CERTIFICATE-----
-      CERT
+      settings.idp_cert_fingerprint               = "00:A1:2B:3C:44:55:6F:A7:88:CC:DD:EE:22:33:44:55:D6:77:8F:99"
+      settings.idp_cert_fingerprint_algorithm     = "http://www.w3.org/2000/09/xmldsig#sha1"
     end
   end
 ```

data/lib/devise_saml_authenticatable.rb

@@ -19,6 +19,10 @@ end
 
 # Get saml information from config/saml.yml now
 module Devise
+  # Allow route customization to avoid collision
+  mattr_accessor :saml_route_helper_prefix
+  @@saml_route_helper_prefix
+
   # Allow logging
   mattr_accessor :saml_logger
   @@saml_logger = true
@@ -64,9 +68,17 @@ module Devise
 
   # Implements a #validate method that takes the retrieved resource and response right after retrieval,
   # and returns true if it's valid.  False will cause authentication to fail.
+  # Only one of saml_resource_validator and saml_resource_validator_hook may be used.
   mattr_accessor :saml_resource_validator
   @@saml_resource_validator
 
+  # Proc that determines whether a technically correct SAML response is valid per some custom logic.
+  # Receives the user object (or nil, if no match was found), decorated saml_response and
+  # auth_value, inspects the combination for acceptability of login (or create+login, if enabled),
+  # and returns true if it's valid.  False will cause authentication to fail.
+  mattr_accessor :saml_resource_validator_hook
+  @@saml_resource_validator_hook
+
   # Custom value for ruby-saml allowed_clock_drift
   mattr_accessor :allowed_clock_drift_in_seconds
   @@allowed_clock_drift_in_seconds

data/lib/devise_saml_authenticatable/model.rb

@@ -44,8 +44,12 @@ module Devise
 
           resource = Devise.saml_resource_locator.call(self, decorated_response, auth_value)
 
-          if Devise.saml_resource_validator
-            if not Devise.saml_resource_validator.new.validate(resource, saml_response)
+          raise "Only one validator configuration can be used at a time" if Devise.saml_resource_validator && Devise.saml_resource_validator_hook
+          if Devise.saml_resource_validator || Devise.saml_resource_validator_hook
+            valid = if Devise.saml_resource_validator then Devise.saml_resource_validator.new.validate(resource, saml_response)
+                    else Devise.saml_resource_validator_hook.call(resource, decorated_response, auth_value)
+                    end
+            if !valid
               logger.info("User(#{auth_value}) did not pass custom validation.")
               return nil
             end

data/lib/devise_saml_authenticatable/routes.rb

@@ -1,12 +1,23 @@
 ActionDispatch::Routing::Mapper.class_eval do
   protected
   def devise_saml_authenticatable(mapping, controllers)
-    resource :session, :only => [], :controller => controllers[:saml_sessions], :path => "" do
-      get :new, :path => "saml/sign_in", :as => "new"
-      post :create, :path=>"saml/auth"
-      match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via
-      get :metadata, :path=>"saml/metadata"
-      match :idp_sign_out, :path=>"saml/idp_sign_out", via: [:get, :post]
+    if ::Devise.saml_route_helper_prefix
+      prefix = ::Devise.saml_route_helper_prefix
+      resource :session, only: [], controller: controllers[:saml_sessions], path: '' do
+        get :new, path: 'saml/sign_in', as: "new_#{prefix}"
+        post :create, path: 'saml/auth', as: prefix
+        match :destroy, path: mapping.path_names[:sign_out], as: "destroy_#{prefix}", via: mapping.sign_out_via
+        get :metadata, path: 'saml/metadata'
+        match :idp_sign_out, path: 'saml/idp_sign_out', as: "idp_destroy_#{prefix}", via: [:get, :post]
+      end
+    else
+      resource :session, only: [], controller: controllers[:saml_sessions], path: '' do
+        get :new, path: 'saml/sign_in', as: 'new'
+        post :create, path: 'saml/auth'
+        match :destroy, path: mapping.path_names[:sign_out], as: 'destroy', via: mapping.sign_out_via
+        get :metadata, path: 'saml/metadata'
+        match :idp_sign_out, path: 'saml/idp_sign_out', via: [:get, :post]
+      end
     end
   end
 end

data/lib/devise_saml_authenticatable/saml_mapped_attributes.rb

@@ -3,7 +3,6 @@ module SamlAuthenticatable
     def initialize(attributes, attribute_map)
       @attributes = attributes
       @attribute_map = attribute_map
-      @inverted_attribute_map = @attribute_map.invert
     end
 
     def saml_attribute_keys
@@ -15,7 +14,21 @@ module SamlAuthenticatable
     end
 
     def value_by_resource_key(key)
-      value_by_saml_attribute_key(@inverted_attribute_map.fetch(String(key)))
+      str_key = String(key)
+
+      # Find all of the SAML attributes that map to the resource key
+      attribute_map_for_key = @attribute_map.select { |_, resource_key| String(resource_key) == str_key }
+
+      saml_value = nil
+
+      # Find the first non-nil value
+      attribute_map_for_key.each_key do |saml_key|
+        saml_value = value_by_saml_attribute_key(saml_key)
+
+        break unless saml_value.nil?
+      end
+
+      saml_value
     end
 
     def value_by_saml_attribute_key(key)

data/lib/devise_saml_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module DeviseSamlAuthenticatable
-  VERSION = "1.4.1"
+  VERSION = "1.5.0"
 end

data/spec/devise_saml_authenticatable/model_spec.rb

@@ -39,13 +39,15 @@ describe Devise::Models::SamlAuthenticatable do
 
   before do
     allow(Rails).to receive(:root).and_return("/railsroot")
-    allow(File).to receive(:read).with("/railsroot/config/attribute-map.yml").and_return(<<-ATTRIBUTEMAP)
+    allow(File).to receive(:read).with("/railsroot/config/attribute-map.yml").and_return(attributemap)
+  end
+
+  let(:attributemap) {<<-ATTRIBUTEMAP
 ---
 "saml-email-format": email
 "saml-name-format":  name
       ATTRIBUTEMAP
-  end
-
+  }
   let(:response) { double(:response, attributes: attributes, name_id: name_id) }
   let(:attributes) {
     OneLogin::RubySaml::Attributes.new(
@@ -179,8 +181,8 @@ describe Devise::Models::SamlAuthenticatable do
     end
   end
 
-  context "when configured with a resource validator" do
-    let(:validator_class) { double("validator_class") }
+  context "when configured with a resource validator class" do
+    let(:validator_class) { double("validator") }
     let(:validator) { double("validator") }
     let(:user) { Model.new(new_record: false) }
 
@@ -212,6 +214,41 @@ describe Devise::Models::SamlAuthenticatable do
     end
   end
 
+
+  context "when configured with a resource validator hook" do
+    let(:validator_hook) { double("validator_hook") }
+    let(:decorated_response) { ::SamlAuthenticatable::SamlResponse.new(response, YAML.load(attributemap)) }
+    let(:user) { Model.new(new_record: false) }
+
+    before do
+      allow(Devise).to receive(:saml_resource_validator_hook).and_return(validator_hook)
+      allow(::SamlAuthenticatable::SamlResponse).to receive(:new).with(response, YAML.load(attributemap)).and_return(decorated_response)
+    end
+
+    context "and sent a valid value" do
+      before do
+        expect(validator_hook).to receive(:call).with(user, decorated_response, 'user@example.com').and_return(true)
+      end
+
+      it "returns the user" do
+        expect(Model).to receive(:where).with(email: 'user@example.com').and_return([user])
+        expect(Model.authenticate_with_saml(response, nil)).to eq(user)
+      end
+    end
+
+    context "and sent an invalid value" do
+      before do
+        expect(validator_hook).to receive(:call).with(user, decorated_response, 'user@example.com').and_return(false)
+      end
+
+      it "returns nil" do
+        expect(Model).to receive(:where).with(email: 'user@example.com').and_return([user])
+        expect(Model.authenticate_with_saml(response, nil)).to be_nil
+      end
+    end
+  end
+
+
   context "when configured to use a custom update hook" do
     it "can replicate the default behaviour in a custom hook" do
       configure_hook do |user, saml_response|

data/spec/devise_saml_authenticatable/saml_mapped_attributes_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+require 'devise_saml_authenticatable/saml_mapped_attributes'
+
+describe SamlAuthenticatable::SamlMappedAttributes do
+  let(:instance) { described_class.new(saml_attributes, attribute_map) }
+  let(:attribute_map_file) { File.join(File.dirname(__FILE__), '../support/attribute-map.yml') }
+  let(:attribute_map) { YAML.load(File.read(attribute_map_file)) }
+  let(:saml_attributes) do
+    {
+      "first_name" => ["John"],
+      "last_name"=>["Smith"],
+      "email"=>["john.smith@example.com"]
+    }
+  end
+
+  describe "#value_by_resource_key" do
+    RSpec.shared_examples "correctly maps the value of the resource key" do |saml_key, resource_key, expected_value|
+      subject(:perform) { instance.value_by_resource_key(resource_key) }
+
+      it "correctly maps the resource key, #{resource_key}, to the value of the '#{saml_key}' SAML key" do
+        saml_attributes[saml_key] = saml_attributes.delete(resource_key)
+        expect(perform).to eq(expected_value)
+      end
+    end
+
+    context "first_name" do
+      saml_keys = ['urn:mace:dir:attribute-def:first_name', 'first_name', 'firstName', 'firstname']
+
+      saml_keys.each do |saml_key|
+        include_examples 'correctly maps the value of the resource key', saml_key, 'first_name', ['John']
+      end
+    end
+
+    context 'last_name' do
+      saml_keys = ['urn:mace:dir:attribute-def:last_name', 'last_name', 'lastName', 'lastname']
+
+      saml_keys.each do |saml_key|
+        include_examples 'correctly maps the value of the resource key', saml_key, 'last_name', ['Smith']
+      end
+    end
+
+    context 'email' do
+      saml_keys = ['urn:mace:dir:attribute-def:email', 'email_address', 'emailAddress', 'email']
+
+      saml_keys.each do |saml_key|
+        include_examples 'correctly maps the value of the resource key', saml_key, 'email', ['john.smith@example.com']
+      end
+    end
+  end
+end

data/spec/features/saml_authentication_spec.rb

@@ -5,6 +5,7 @@ require 'uri'
 require 'capybara/rspec'
 require 'capybara/poltergeist'
 Capybara.default_driver = :poltergeist
+Capybara.server = :webrick
 
 describe "SAML Authentication", type: :feature do
   let(:idp_port) { 8009 }
@@ -203,7 +204,7 @@ describe "SAML Authentication", type: :feature do
         fill_in "Email", with: "you@example.com"
         fill_in "Password", with: "asdf"
         click_on "Sign in"
-        expect(page).to have_content("Example Domain This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission.")
+        expect(page).to have_content(:all, "Example Domain This domain is established to be used for illustrative examples in documents. You may use this domain in examples without prior coordination or asking for permission.")
         expect(current_url).to eq("http://www.example.com/")
       end
     end
@@ -220,7 +221,7 @@ describe "SAML Authentication", type: :feature do
     fill_in "Email", with: "you@example.com"
     fill_in "Password", with: "asdf"
     click_on "Sign in"
-    Timeout.timeout(Capybara.default_wait_time) do
+    Timeout.timeout(Capybara.default_max_wait_time) do
       loop do
         sleep 0.1
         break if current_url == "http://localhost:8020/"

data/spec/rails_helper.rb

@@ -8,7 +8,11 @@ require 'rspec/rails'
 
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
-ActiveRecord::Migrator.migrate(File.expand_path("../support/sp/db/migrate/", __FILE__))
+if ActiveRecord::Base.connection.respond_to?(:migration_context)
+  ActiveRecord::Base.connection.migration_context.migrate
+else
+  ActiveRecord::Migrator.migrate(File.expand_path("../support/sp/db/migrate/", __FILE__))
+end
 
 RSpec.configure do |config|
   config.use_transactional_fixtures = true

data/spec/routes/routes_spec.rb

@@ -0,0 +1,102 @@
+require 'rails_helper'
+
+describe 'SamlAuthenticatable Routes', type: :routing do
+  describe 'GET /users/saml/sign_in (login)' do
+    it 'routes to Devise::SamlSessionsController#new' do
+      expect(get: '/users/saml/sign_in').to route_to(controller: 'devise/saml_sessions', action: 'new')
+      expect(get: new_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'new')
+    end
+  end
+
+  describe 'POST /users/saml/auth (session creation)' do
+    it 'routes to Devise::SamlSessionsController#create' do
+      expect(post: '/users/saml/auth').to route_to(controller: 'devise/saml_sessions', action: 'create')
+    end
+  end
+
+  describe 'DELETE /users/sign_out (logout)' do
+    it 'routes to Devise::SamlSessionsController#destroy' do
+      expect(delete: '/users/sign_out').to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+      expect(delete: destroy_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+    end
+  end
+
+  describe 'GET /users/saml/metadata' do
+    it 'routes to Devise::SamlSessionsController#metadata' do
+      expect(get: '/users/saml/metadata').to route_to(controller: 'devise/saml_sessions', action: 'metadata')
+    end
+  end
+
+  describe 'GET /users/saml/idp_sign_out (IdP-initiated logout)' do
+    it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+      expect(get: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+    end
+  end
+
+  describe 'POST /users/saml/idp_sign_out (IdP-initiated logout)' do
+    it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+      expect(post: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+    end
+  end
+
+  context 'when saml_route_helper_prefix is "sso"' do
+    before(:all) do
+      ::Devise.saml_route_helper_prefix = 'sso'
+
+      # A very simple Rails engine
+      module SamlRouteHelperPrefixEngine
+        class Engine < ::Rails::Engine
+          isolate_namespace SamlRouteHelperPrefixEngine
+        end
+
+        Engine.routes.draw do
+          devise_for :users, module: :devise
+        end
+      end
+    end
+    after(:all) do
+      ::Devise.saml_route_helper_prefix = nil
+    end
+    routes { SamlRouteHelperPrefixEngine::Engine.routes }
+
+    describe 'GET /users/saml/sign_in (login)' do
+      it 'routes to Devise::SamlSessionsController#new' do
+        expect(get: '/users/saml/sign_in').to route_to(controller: 'devise/saml_sessions', action: 'new')
+        expect(get: new_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'new')
+      end
+    end
+
+    describe 'POST /users/saml/auth (session creation)' do
+      it 'routes to Devise::SamlSessionsController#create' do
+        expect(post: '/users/saml/auth').to route_to(controller: 'devise/saml_sessions', action: 'create')
+      end
+    end
+
+    describe 'DELETE /users/sign_out (logout)' do
+      it 'routes to Devise::SamlSessionsController#destroy' do
+        expect(delete: '/users/sign_out').to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+        expect(delete: destroy_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'destroy')
+      end
+    end
+
+    describe 'GET /users/saml/metadata' do
+      it 'routes to Devise::SamlSessionsController#metadata' do
+        expect(get: '/users/saml/metadata').to route_to(controller: 'devise/saml_sessions', action: 'metadata')
+      end
+    end
+
+    describe 'GET /users/saml/idp_sign_out (IdP-initiated logout)' do
+      it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+        expect(get: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+        expect(get: idp_destroy_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+      end
+    end
+
+    describe 'POST /users/saml/idp_sign_out (IdP-initiated logout)' do
+      it 'routes to Devise::SamlSessionsController#idp_sign_out' do
+        expect(post: '/users/saml/idp_sign_out').to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+        expect(post: idp_destroy_sso_user_session_path).to route_to(controller: 'devise/saml_sessions', action: 'idp_sign_out')
+      end
+    end
+  end
+end

data/spec/support/Gemfile.rails5.1

@@ -0,0 +1,14 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in devise_saml_authenticatable.gemspec
+gemspec path: '../..'
+
+group :test do
+  gem 'rake'
+  gem 'rspec', '~> 3.0'
+  gem 'rails', '~> 5.1.0'
+  gem 'rspec-rails'
+  gem 'sqlite3'
+  gem 'capybara'
+  gem 'poltergeist'
+end

data/spec/support/attribute-map.yml

@@ -0,0 +1,12 @@
+"urn:mace:dir:attribute-def:first_name": "first_name"
+"first_name": "first_name"
+"firstName": "first_name"
+"firstname": "first_name"
+"urn:mace:dir:attribute-def:last_name": "last_name"
+"last_name": "last_name"
+"lastName": "last_name"
+"lastname": "last_name"
+"urn:mace:dir:attribute-def:email": "email"
+"email_address": "email"
+"emailAddress": "email"
+"email": "email"

data/spec/support/idp_template.rb

@@ -3,7 +3,9 @@
 @include_subject_in_attributes = ENV.fetch('INCLUDE_SUBJECT_IN_ATTRIBUTES')
 @valid_destination = ENV.fetch('VALID_DESTINATION', "true")
 
-gsub_file 'config/secrets.yml', /secret_key_base:.*$/, 'secret_key_base: "34814fd41f91c493b89aa01ac73c44d241a31245b5bc5542fa4b7317525e1dcfa60ba947b3d085e4e229456fdee0d8af6aac6a63cf750d807ea6fe5d853dff4a"'
+if Rails::VERSION::MAJOR < 5 || (Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR < 2)
+  gsub_file 'config/secrets.yml', /secret_key_base:.*$/, 'secret_key_base: "34814fd41f91c493b89aa01ac73c44d241a31245b5bc5542fa4b7317525e1dcfa60ba947b3d085e4e229456fdee0d8af6aac6a63cf750d807ea6fe5d853dff4a"'
+end
 
 gem 'ruby-saml-idp', git: "https://github.com/lawrencepit/ruby-saml-idp.git", ref: "ec715b252e849105c7a96df27b731c6e7f725a51"
 gem 'thin'

data/spec/support/rails_app.rb

@@ -17,7 +17,7 @@ rescue Errno::ESRCH
 end
 
 def create_app(name, env = {})
-  rails_new_options = %w(-T -J -S --skip-spring --skip-listen)
+  rails_new_options = %w(-T -J -S --skip-spring --skip-listen --skip-bootsnap)
   rails_new_options << "-O" if name == 'idp'
   Dir.chdir(File.expand_path('../../support', __FILE__)) do
     FileUtils.rm_rf(name)

data/spec/support/sp_template.rb

@@ -8,7 +8,9 @@ idp_settings_adapter = ENV.fetch('IDP_SETTINGS_ADAPTER', "nil")
 idp_entity_id_reader = ENV.fetch('IDP_ENTITY_ID_READER', "DeviseSamlAuthenticatable::DefaultIdpEntityIdReader")
 saml_failed_callback = ENV.fetch('SAML_FAILED_CALLBACK', "nil")
 
-gsub_file 'config/secrets.yml', /secret_key_base:.*$/, 'secret_key_base: "8b5889df1fcf03f76c7d66da02d8776bcc85b06bed7d9c592f076d9c8a5455ee6d4beae45986c3c030b40208db5e612f2a6ef8283036a352e3fae83c5eda36be"'
+if Rails::VERSION::MAJOR < 5 || (Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR < 2)
+  gsub_file 'config/secrets.yml', /secret_key_base:.*$/, 'secret_key_base: "8b5889df1fcf03f76c7d66da02d8776bcc85b06bed7d9c592f076d9c8a5455ee6d4beae45986c3c030b40208db5e612f2a6ef8283036a352e3fae83c5eda36be"'
+end
 
 gem 'devise_saml_authenticatable', path: '../../..'
 gem 'ruby-saml', OneLogin::RubySaml::VERSION

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_saml_authenticatable
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Josef Sauter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-08 00:00:00.000000000 Z
+date: 2019-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -70,12 +70,16 @@ files:
 - spec/devise_saml_authenticatable/default_idp_entity_id_reader_spec.rb
 - spec/devise_saml_authenticatable/model_spec.rb
 - spec/devise_saml_authenticatable/saml_config_spec.rb
+- spec/devise_saml_authenticatable/saml_mapped_attributes_spec.rb
 - spec/devise_saml_authenticatable/strategy_spec.rb
 - spec/features/saml_authentication_spec.rb
 - spec/rails_helper.rb
+- spec/routes/routes_spec.rb
 - spec/spec_helper.rb
 - spec/support/Gemfile.rails4
 - spec/support/Gemfile.rails5
+- spec/support/Gemfile.rails5.1
+- spec/support/attribute-map.yml
 - spec/support/idp_settings_adapter.rb.erb
 - spec/support/idp_template.rb
 - spec/support/rails_app.rb
@@ -112,12 +116,16 @@ test_files:
 - spec/devise_saml_authenticatable/default_idp_entity_id_reader_spec.rb
 - spec/devise_saml_authenticatable/model_spec.rb
 - spec/devise_saml_authenticatable/saml_config_spec.rb
+- spec/devise_saml_authenticatable/saml_mapped_attributes_spec.rb
 - spec/devise_saml_authenticatable/strategy_spec.rb
 - spec/features/saml_authentication_spec.rb
 - spec/rails_helper.rb
+- spec/routes/routes_spec.rb
 - spec/spec_helper.rb
 - spec/support/Gemfile.rails4
 - spec/support/Gemfile.rails5
+- spec/support/Gemfile.rails5.1
+- spec/support/attribute-map.yml
 - spec/support/idp_settings_adapter.rb.erb
 - spec/support/idp_template.rb
 - spec/support/rails_app.rb