omniauth-signicat 1.6.2 → 1.6.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 05a174ed5554d8195893b87261e594545a9184b0
4
- data.tar.gz: 6e5f6200fab15559ff66a5e332033893a6a12cbb
3
+ metadata.gz: b063ec261ec4f10496e553009779cb8bde3574ac
4
+ data.tar.gz: 1cddb209f3d6d3b237630113fd74f6662adf42e9
5
5
  SHA512:
6
- metadata.gz: de66cc3ac40a9ef934c8906b6594285d69d4acb1115764466ff53d96434a68d0f44474142796d608724fef02c454a6b2e40f9135d00941fddd201b0337230096
7
- data.tar.gz: 13312615e62872be46f32b8a872a0a66c444e739c98c9941835f5fbbc0450f73bf2d7d93cd024d1b5b7425792adf9b6f12bcc94d86638361ba278ec076e479f3
6
+ metadata.gz: ab55247c456e10bbde3f14e357ec9e4479d8953f54bc632bd3030158a4628aa03b76d20b693daeec8c57000dbe7abb8edeba6b0ef6b595d73cb348f18eb3e3fa
7
+ data.tar.gz: 260c8696c9aaca699a20a53cd392b18c8fff379d625ceaa1d53c9953a7f927de9d33bbf8611564a1ac5e4c240a10353b9b09d09f7c4ab7dfe35559ad6cdc37fb
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Signicat
3
- VERSION = '1.6.2'.freeze
3
+ VERSION = '1.6.3'.freeze
4
4
  end
5
5
  end
@@ -3,6 +3,7 @@ require 'cgi'
3
3
  require 'base64'
4
4
  require 'nokogiri'
5
5
  require 'digest/sha1'
6
+ require 'openssl'
6
7
 
7
8
  module OmniAuth
8
9
  module Strategies
@@ -73,12 +74,17 @@ module OmniAuth
73
74
 
74
75
  def verify_signature!(xml)
75
76
  key = extract_public_key(xml)
77
+ begin
78
+ signed_info = extract_signed_info(xml)
79
+ signature = extract_signature(xml)
80
+ return if key.verify(OpenSSL::Digest::SHA1.new, signature, signed_info)
76
81
 
77
- signed_info = extract_signed_info(xml)
78
- signature = extract_signature(xml)
79
- return if key.verify(OpenSSL::Digest::SHA1.new, signature, signed_info)
82
+ raise OmniAuth::Strategies::Signicat::ValidationError, 'Invalid signature (SHA1)'
83
+ rescue OmniAuth::Strategies::Signicat::ValidationError
84
+ return if key.verify(OpenSSL::Digest::SHA256.new, signature, signed_info)
80
85
 
81
- raise OmniAuth::Strategies::Signicat::ValidationError, 'Invalid signature'
86
+ raise OmniAuth::Strategies::Signicat::ValidationError, 'Invalid signature (SHA256)'
87
+ end
82
88
  end
83
89
 
84
90
  def extract_public_key(xml)
@@ -31,7 +31,7 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
31
31
  end
32
32
 
33
33
  it 'should redirect correctly' do
34
- last_response.location.should include 'https://preprod.signicat.com/std/method/demo?id=nbid:default:nb'
34
+ expect(last_response.location).to include 'https://preprod.signicat.com/std/method/demo?id=nbid:default:nb'
35
35
  end
36
36
 
37
37
  context 'when passing phone and subject' do
@@ -44,8 +44,8 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
44
44
  end
45
45
 
46
46
  it 'should include prefilled query params' do
47
- last_response.location.should include '&prefilled.subject=010170'
48
- last_response.location.should include '&prefilled.phone=99988777'
47
+ expect(last_response.location).to include '&prefilled.subject=010170'
48
+ expect(last_response.location).to include '&prefilled.phone=99988777'
49
49
  end
50
50
  end
51
51
 
@@ -58,7 +58,7 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
58
58
  end
59
59
 
60
60
  it 'should include prefilled query params' do
61
- last_response.location.should include '&prefilled.subject=01017012345'
61
+ expect(last_response.location).to include '&prefilled.subject=01017012345'
62
62
  end
63
63
  end
64
64
  end
@@ -69,20 +69,20 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
69
69
  let(:xml) { :example_response }
70
70
 
71
71
  before :each do
72
- Time.stub(:now).and_return(Time.utc(2016, 5, 10, 8, 57, 00))
72
+ allow(Time).to receive(:now).and_return(Time.utc(2016, 5, 10, 8, 57, 00))
73
73
  end
74
74
 
75
75
  shared_examples_for 'a valid response' do
76
76
  it 'should set the uid to the nameID in the SAML response' do
77
- auth_hash['uid'].should == '9578-6000-4-140135'
77
+ expect(auth_hash['uid']).to eq '9578-6000-4-140135'
78
78
  end
79
79
 
80
80
  it 'should set the info' do
81
- auth_hash[:info].should == {
81
+ expect(auth_hash[:info]).to eq({
82
82
  'firstname' => 'Bjørn Test',
83
83
  'lastname' => 'Teisvær',
84
84
  'date-of-birth' => '1961-03-23'
85
- }
85
+ })
86
86
  end
87
87
 
88
88
  it 'should set the raw info to all attributes' do
@@ -19,6 +19,12 @@ RSpec.configure do |config|
19
19
  config.include Rack::Test::Methods
20
20
  config.filter_run :focus
21
21
  config.run_all_when_everything_filtered = true
22
+ config.expect_with :rspec do |c|
23
+ c.syntax = :expect
24
+ end
25
+ config.mock_with :rspec do |c|
26
+ c.syntax = :expect
27
+ end
22
28
  end
23
29
 
24
30
  def load_xml(filename = :example_response)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-signicat
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2
4
+ version: 1.6.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Theodor Tonum
@@ -15,7 +15,7 @@ authors:
15
15
  autorequire:
16
16
  bindir: bin
17
17
  cert_chain: []
18
- date: 2016-12-15 00:00:00.000000000 Z
18
+ date: 2019-03-11 00:00:00.000000000 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: omniauth
@@ -128,10 +128,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
128
128
  version: '0'
129
129
  requirements: []
130
130
  rubyforge_project:
131
- rubygems_version: 2.6.8
131
+ rubygems_version: 2.6.11
132
132
  signing_key:
133
133
  specification_version: 4
134
134
  summary: Signicat strategy for OmniAuth.
135
135
  test_files:
136
- - spec/omniauth/strategies/signicat_spec.rb
137
136
  - spec/spec_helper.rb
137
+ - spec/omniauth/strategies/signicat_spec.rb