omniauth-saml 1.5.0 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5157e12042f1980c72b6fa603d6cee7d818cf153
-  data.tar.gz: 44f05863e67b9b0463ddc195348174c4869b684c
+  metadata.gz: dbc50594dcc8687f230341b090cf59c01c4398de
+  data.tar.gz: 7950589848f80e1016bf3651f45b53f7a22a5867
 SHA512:
-  metadata.gz: fa3e6fd1d482e5787351d91e65201edfebc63999204f6ba32484a332947661d09d793bb045a5ca24426f7406d7dab706e71fd2d6a1468147eb1c72a9e33b952c
-  data.tar.gz: 6640bee32d302612b03db9b5fe37816026f78c1e7666cb8c0a95525cee0a1728df46335fd15e5932119ccb710401d8cbcd4442837bbb24c585c98edea126aa99
+  metadata.gz: 223bf2b718cd9bbede71929f931b4cb2b1ab4c3996ccfd6fea4e898d3f91a061f0e7f8453d0f1a97000901d727861055790461a3902211bcb26519b93c0cb1df
+  data.tar.gz: 735fb8c25ab720ea7a7d8cf53074bfde7aee7ed3554df78e523d964d714b03bde5209a399c28ad409cd204fe0a62f02b29bec5d8a065e6678d624d751cc5020e

data/CHANGELOG.md

@@ -4,6 +4,10 @@ A generic SAML strategy for OmniAuth.
 
 https://github.com/omniauth/omniauth-saml
 
+## 1.6.0 (2016-06-27)
+* Ensure that subclasses of `OmniAuth::Stategies::SAML` are registered with OmniAuth as strategies (https://github.com/omniauth/omniauth-saml/pull/95)
+* Update ruby-saml to 1.3 to address [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) (Signature wrapping attacks)
+
 ## 1.5.0 (2016-02-25)
 
 * Initialize OneLogin::RubySaml::Response instance with settings

data/README.md

@@ -21,6 +21,10 @@ https://github.com/omniauth/omniauth-saml
 * [OmniAuth](http://www.omniauth.org/) 1.3+
 * Ruby 1.9.x or Ruby 2.1.x+
 
+## Versioning
+
+We tag and release gems according to the [Semantic Versioning](http://semver.org/) principle.
+
 ## Usage
 
 Use the SAML strategy as a middleware in your application:

data/lib/omniauth-saml/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module SAML
-    VERSION = '1.5.0'
+    VERSION = '1.6.0'
   end
 end

data/lib/omniauth/strategies/saml.rb

@@ -6,6 +6,10 @@ module OmniAuth
     class SAML
       include OmniAuth::Strategy
 
+      def self.inherited(subclass)
+        OmniAuth::Strategy.included(subclass)
+      end
+
       OTHER_REQUEST_OPTIONS = [:skip_conditions, :allowed_clock_drift, :matches_request_id, :skip_subject_confirmation].freeze
 
       option :name_identifier_format, nil
@@ -96,8 +100,12 @@ module OmniAuth
         Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
       end
 
+      def on_metadata_path?
+        on_path?("#{request_path}/metadata")
+      end
+
       def other_phase
-        if on_path?("#{request_path}/metadata")
+        if on_metadata_path?
           # omniauth does not set the strategy on the other_phase
           @env['omniauth.strategy'] ||= self
           setup_phase

data/spec/omniauth/strategies/saml_spec.rb

@@ -218,4 +218,15 @@ describe OmniAuth::Strategies::SAML, :type => :strategy do
       last_response.body.should match /Required attributes/
     end
   end
+
+  it 'implements #on_metadata_path?' do
+    expect(described_class.new(nil)).to respond_to(:on_metadata_path?)
+  end
+
+  describe 'subclass behavior' do
+    it 'registers subclasses in OmniAuth.strategies' do
+      subclass = Class.new(described_class)
+      expect(OmniAuth.strategies).to include(described_class, subclass)
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-saml
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 1.6.0
 platform: ruby
 authors:
 - Raecoo Cao
@@ -14,7 +14,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-25 00:00:00.000000000 Z
+date: 2016-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -36,48 +36,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -85,6 +79,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.6.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -92,6 +89,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.6.3
 description: A generic SAML strategy for OmniAuth.
 email: rajiv@alum.mit.edu
 executables: []