omniauth-saml 1.5.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of omniauth-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +4 -0
- data/lib/omniauth-saml/version.rb +1 -1
- data/lib/omniauth/strategies/saml.rb +9 -1
- data/spec/omniauth/strategies/saml_spec.rb +11 -0
- metadata +14 -14
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dbc50594dcc8687f230341b090cf59c01c4398de
|
|
4
|
+
data.tar.gz: 7950589848f80e1016bf3651f45b53f7a22a5867
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 223bf2b718cd9bbede71929f931b4cb2b1ab4c3996ccfd6fea4e898d3f91a061f0e7f8453d0f1a97000901d727861055790461a3902211bcb26519b93c0cb1df
|
|
7
|
+
data.tar.gz: 735fb8c25ab720ea7a7d8cf53074bfde7aee7ed3554df78e523d964d714b03bde5209a399c28ad409cd204fe0a62f02b29bec5d8a065e6678d624d751cc5020e
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ A generic SAML strategy for OmniAuth.
|
|
|
4
4
|
|
|
5
5
|
https://github.com/omniauth/omniauth-saml
|
|
6
6
|
|
|
7
|
+
## 1.6.0 (2016-06-27)
|
|
8
|
+
* Ensure that subclasses of `OmniAuth::Stategies::SAML` are registered with OmniAuth as strategies (https://github.com/omniauth/omniauth-saml/pull/95)
|
|
9
|
+
* Update ruby-saml to 1.3 to address [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) (Signature wrapping attacks)
|
|
10
|
+
|
|
7
11
|
## 1.5.0 (2016-02-25)
|
|
8
12
|
|
|
9
13
|
* Initialize OneLogin::RubySaml::Response instance with settings
|
data/README.md
CHANGED
|
@@ -21,6 +21,10 @@ https://github.com/omniauth/omniauth-saml
|
|
|
21
21
|
* [OmniAuth](http://www.omniauth.org/) 1.3+
|
|
22
22
|
* Ruby 1.9.x or Ruby 2.1.x+
|
|
23
23
|
|
|
24
|
+
## Versioning
|
|
25
|
+
|
|
26
|
+
We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle.
|
|
27
|
+
|
|
24
28
|
## Usage
|
|
25
29
|
|
|
26
30
|
Use the SAML strategy as a middleware in your application:
|
|
@@ -6,6 +6,10 @@ module OmniAuth
|
|
|
6
6
|
class SAML
|
|
7
7
|
include OmniAuth::Strategy
|
|
8
8
|
|
|
9
|
+
def self.inherited(subclass)
|
|
10
|
+
OmniAuth::Strategy.included(subclass)
|
|
11
|
+
end
|
|
12
|
+
|
|
9
13
|
OTHER_REQUEST_OPTIONS = [:skip_conditions, :allowed_clock_drift, :matches_request_id, :skip_subject_confirmation].freeze
|
|
10
14
|
|
|
11
15
|
option :name_identifier_format, nil
|
|
@@ -96,8 +100,12 @@ module OmniAuth
|
|
|
96
100
|
Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
|
|
97
101
|
end
|
|
98
102
|
|
|
103
|
+
def on_metadata_path?
|
|
104
|
+
on_path?("#{request_path}/metadata")
|
|
105
|
+
end
|
|
106
|
+
|
|
99
107
|
def other_phase
|
|
100
|
-
if
|
|
108
|
+
if on_metadata_path?
|
|
101
109
|
# omniauth does not set the strategy on the other_phase
|
|
102
110
|
@env['omniauth.strategy'] ||= self
|
|
103
111
|
setup_phase
|
|
@@ -218,4 +218,15 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
|
|
|
218
218
|
last_response.body.should match /Required attributes/
|
|
219
219
|
end
|
|
220
220
|
end
|
|
221
|
+
|
|
222
|
+
it 'implements #on_metadata_path?' do
|
|
223
|
+
expect(described_class.new(nil)).to respond_to(:on_metadata_path?)
|
|
224
|
+
end
|
|
225
|
+
|
|
226
|
+
describe 'subclass behavior' do
|
|
227
|
+
it 'registers subclasses in OmniAuth.strategies' do
|
|
228
|
+
subclass = Class.new(described_class)
|
|
229
|
+
expect(OmniAuth.strategies).to include(described_class, subclass)
|
|
230
|
+
end
|
|
231
|
+
end
|
|
221
232
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-saml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Raecoo Cao
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2016-
|
|
17
|
+
date: 2016-06-27 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: omniauth
|
|
@@ -36,48 +36,42 @@ dependencies:
|
|
|
36
36
|
requirements:
|
|
37
37
|
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: '1.
|
|
40
|
-
- - ">="
|
|
41
|
-
- !ruby/object:Gem::Version
|
|
42
|
-
version: 1.1.1
|
|
39
|
+
version: '1.3'
|
|
43
40
|
type: :runtime
|
|
44
41
|
prerelease: false
|
|
45
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
46
43
|
requirements:
|
|
47
44
|
- - "~>"
|
|
48
45
|
- !ruby/object:Gem::Version
|
|
49
|
-
version: '1.
|
|
50
|
-
- - ">="
|
|
51
|
-
- !ruby/object:Gem::Version
|
|
52
|
-
version: 1.1.1
|
|
46
|
+
version: '1.3'
|
|
53
47
|
- !ruby/object:Gem::Dependency
|
|
54
48
|
name: rspec
|
|
55
49
|
requirement: !ruby/object:Gem::Requirement
|
|
56
50
|
requirements:
|
|
57
51
|
- - "~>"
|
|
58
52
|
- !ruby/object:Gem::Version
|
|
59
|
-
version: '
|
|
53
|
+
version: '3.4'
|
|
60
54
|
type: :development
|
|
61
55
|
prerelease: false
|
|
62
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
63
57
|
requirements:
|
|
64
58
|
- - "~>"
|
|
65
59
|
- !ruby/object:Gem::Version
|
|
66
|
-
version: '
|
|
60
|
+
version: '3.4'
|
|
67
61
|
- !ruby/object:Gem::Dependency
|
|
68
62
|
name: simplecov
|
|
69
63
|
requirement: !ruby/object:Gem::Requirement
|
|
70
64
|
requirements:
|
|
71
65
|
- - "~>"
|
|
72
66
|
- !ruby/object:Gem::Version
|
|
73
|
-
version: '0.
|
|
67
|
+
version: '0.11'
|
|
74
68
|
type: :development
|
|
75
69
|
prerelease: false
|
|
76
70
|
version_requirements: !ruby/object:Gem::Requirement
|
|
77
71
|
requirements:
|
|
78
72
|
- - "~>"
|
|
79
73
|
- !ruby/object:Gem::Version
|
|
80
|
-
version: '0.
|
|
74
|
+
version: '0.11'
|
|
81
75
|
- !ruby/object:Gem::Dependency
|
|
82
76
|
name: rack-test
|
|
83
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -85,6 +79,9 @@ dependencies:
|
|
|
85
79
|
- - "~>"
|
|
86
80
|
- !ruby/object:Gem::Version
|
|
87
81
|
version: '0.6'
|
|
82
|
+
- - ">="
|
|
83
|
+
- !ruby/object:Gem::Version
|
|
84
|
+
version: 0.6.3
|
|
88
85
|
type: :development
|
|
89
86
|
prerelease: false
|
|
90
87
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -92,6 +89,9 @@ dependencies:
|
|
|
92
89
|
- - "~>"
|
|
93
90
|
- !ruby/object:Gem::Version
|
|
94
91
|
version: '0.6'
|
|
92
|
+
- - ">="
|
|
93
|
+
- !ruby/object:Gem::Version
|
|
94
|
+
version: 0.6.3
|
|
95
95
|
description: A generic SAML strategy for OmniAuth.
|
|
96
96
|
email: rajiv@alum.mit.edu
|
|
97
97
|
executables: []
|