omniauth-saml 1.5.0 → 1.6.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of omniauth-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5157e12042f1980c72b6fa603d6cee7d818cf153
4
- data.tar.gz: 44f05863e67b9b0463ddc195348174c4869b684c
3
+ metadata.gz: dbc50594dcc8687f230341b090cf59c01c4398de
4
+ data.tar.gz: 7950589848f80e1016bf3651f45b53f7a22a5867
5
5
  SHA512:
6
- metadata.gz: fa3e6fd1d482e5787351d91e65201edfebc63999204f6ba32484a332947661d09d793bb045a5ca24426f7406d7dab706e71fd2d6a1468147eb1c72a9e33b952c
7
- data.tar.gz: 6640bee32d302612b03db9b5fe37816026f78c1e7666cb8c0a95525cee0a1728df46335fd15e5932119ccb710401d8cbcd4442837bbb24c585c98edea126aa99
6
+ metadata.gz: 223bf2b718cd9bbede71929f931b4cb2b1ab4c3996ccfd6fea4e898d3f91a061f0e7f8453d0f1a97000901d727861055790461a3902211bcb26519b93c0cb1df
7
+ data.tar.gz: 735fb8c25ab720ea7a7d8cf53074bfde7aee7ed3554df78e523d964d714b03bde5209a399c28ad409cd204fe0a62f02b29bec5d8a065e6678d624d751cc5020e
data/CHANGELOG.md CHANGED
@@ -4,6 +4,10 @@ A generic SAML strategy for OmniAuth.
4
4
 
5
5
  https://github.com/omniauth/omniauth-saml
6
6
 
7
+ ## 1.6.0 (2016-06-27)
8
+ * Ensure that subclasses of `OmniAuth::Stategies::SAML` are registered with OmniAuth as strategies (https://github.com/omniauth/omniauth-saml/pull/95)
9
+ * Update ruby-saml to 1.3 to address [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) (Signature wrapping attacks)
10
+
7
11
  ## 1.5.0 (2016-02-25)
8
12
 
9
13
  * Initialize OneLogin::RubySaml::Response instance with settings
data/README.md CHANGED
@@ -21,6 +21,10 @@ https://github.com/omniauth/omniauth-saml
21
21
  * [OmniAuth](http://www.omniauth.org/) 1.3+
22
22
  * Ruby 1.9.x or Ruby 2.1.x+
23
23
 
24
+ ## Versioning
25
+
26
+ We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle.
27
+
24
28
  ## Usage
25
29
 
26
30
  Use the SAML strategy as a middleware in your application:
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module SAML
3
- VERSION = '1.5.0'
3
+ VERSION = '1.6.0'
4
4
  end
5
5
  end
@@ -6,6 +6,10 @@ module OmniAuth
6
6
  class SAML
7
7
  include OmniAuth::Strategy
8
8
 
9
+ def self.inherited(subclass)
10
+ OmniAuth::Strategy.included(subclass)
11
+ end
12
+
9
13
  OTHER_REQUEST_OPTIONS = [:skip_conditions, :allowed_clock_drift, :matches_request_id, :skip_subject_confirmation].freeze
10
14
 
11
15
  option :name_identifier_format, nil
@@ -96,8 +100,12 @@ module OmniAuth
96
100
  Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
97
101
  end
98
102
 
103
+ def on_metadata_path?
104
+ on_path?("#{request_path}/metadata")
105
+ end
106
+
99
107
  def other_phase
100
- if on_path?("#{request_path}/metadata")
108
+ if on_metadata_path?
101
109
  # omniauth does not set the strategy on the other_phase
102
110
  @env['omniauth.strategy'] ||= self
103
111
  setup_phase
@@ -218,4 +218,15 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
218
218
  last_response.body.should match /Required attributes/
219
219
  end
220
220
  end
221
+
222
+ it 'implements #on_metadata_path?' do
223
+ expect(described_class.new(nil)).to respond_to(:on_metadata_path?)
224
+ end
225
+
226
+ describe 'subclass behavior' do
227
+ it 'registers subclasses in OmniAuth.strategies' do
228
+ subclass = Class.new(described_class)
229
+ expect(OmniAuth.strategies).to include(described_class, subclass)
230
+ end
231
+ end
221
232
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2016-02-25 00:00:00.000000000 Z
17
+ date: 2016-06-27 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: omniauth
@@ -36,48 +36,42 @@ dependencies:
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: '1.1'
40
- - - ">="
41
- - !ruby/object:Gem::Version
42
- version: 1.1.1
39
+ version: '1.3'
43
40
  type: :runtime
44
41
  prerelease: false
45
42
  version_requirements: !ruby/object:Gem::Requirement
46
43
  requirements:
47
44
  - - "~>"
48
45
  - !ruby/object:Gem::Version
49
- version: '1.1'
50
- - - ">="
51
- - !ruby/object:Gem::Version
52
- version: 1.1.1
46
+ version: '1.3'
53
47
  - !ruby/object:Gem::Dependency
54
48
  name: rspec
55
49
  requirement: !ruby/object:Gem::Requirement
56
50
  requirements:
57
51
  - - "~>"
58
52
  - !ruby/object:Gem::Version
59
- version: '2.8'
53
+ version: '3.4'
60
54
  type: :development
61
55
  prerelease: false
62
56
  version_requirements: !ruby/object:Gem::Requirement
63
57
  requirements:
64
58
  - - "~>"
65
59
  - !ruby/object:Gem::Version
66
- version: '2.8'
60
+ version: '3.4'
67
61
  - !ruby/object:Gem::Dependency
68
62
  name: simplecov
69
63
  requirement: !ruby/object:Gem::Requirement
70
64
  requirements:
71
65
  - - "~>"
72
66
  - !ruby/object:Gem::Version
73
- version: '0.6'
67
+ version: '0.11'
74
68
  type: :development
75
69
  prerelease: false
76
70
  version_requirements: !ruby/object:Gem::Requirement
77
71
  requirements:
78
72
  - - "~>"
79
73
  - !ruby/object:Gem::Version
80
- version: '0.6'
74
+ version: '0.11'
81
75
  - !ruby/object:Gem::Dependency
82
76
  name: rack-test
83
77
  requirement: !ruby/object:Gem::Requirement
@@ -85,6 +79,9 @@ dependencies:
85
79
  - - "~>"
86
80
  - !ruby/object:Gem::Version
87
81
  version: '0.6'
82
+ - - ">="
83
+ - !ruby/object:Gem::Version
84
+ version: 0.6.3
88
85
  type: :development
89
86
  prerelease: false
90
87
  version_requirements: !ruby/object:Gem::Requirement
@@ -92,6 +89,9 @@ dependencies:
92
89
  - - "~>"
93
90
  - !ruby/object:Gem::Version
94
91
  version: '0.6'
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: 0.6.3
95
95
  description: A generic SAML strategy for OmniAuth.
96
96
  email: rajiv@alum.mit.edu
97
97
  executables: []