RubyGems - omniauth-signicat - Versions diffs - 1.6.2 → 1.6.3 - Mend

omniauth-signicat 1.6.2 → 1.6.3

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/omniauth-signicat/version.rb +1 -1
data/lib/omniauth/strategies/signicat.rb +10 -4
data/spec/omniauth/strategies/signicat_spec.rb +8 -8
data/spec/spec_helper.rb +6 -0
metadata +4 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 05a174ed5554d8195893b87261e594545a9184b0
-  data.tar.gz: 6e5f6200fab15559ff66a5e332033893a6a12cbb
+  metadata.gz: b063ec261ec4f10496e553009779cb8bde3574ac
+  data.tar.gz: 1cddb209f3d6d3b237630113fd74f6662adf42e9
 SHA512:
-  metadata.gz: de66cc3ac40a9ef934c8906b6594285d69d4acb1115764466ff53d96434a68d0f44474142796d608724fef02c454a6b2e40f9135d00941fddd201b0337230096
-  data.tar.gz: 13312615e62872be46f32b8a872a0a66c444e739c98c9941835f5fbbc0450f73bf2d7d93cd024d1b5b7425792adf9b6f12bcc94d86638361ba278ec076e479f3
+  metadata.gz: ab55247c456e10bbde3f14e357ec9e4479d8953f54bc632bd3030158a4628aa03b76d20b693daeec8c57000dbe7abb8edeba6b0ef6b595d73cb348f18eb3e3fa
+  data.tar.gz: 260c8696c9aaca699a20a53cd392b18c8fff379d625ceaa1d53c9953a7f927de9d33bbf8611564a1ac5e4c240a10353b9b09d09f7c4ab7dfe35559ad6cdc37fb

data/lib/omniauth-signicat/version.rb CHANGED

@@ -1,5 +1,5 @@
 module OmniAuth
   module Signicat
-    VERSION = '1.6.2'.freeze
+    VERSION = '1.6.3'.freeze
   end
 end

data/lib/omniauth/strategies/signicat.rb CHANGED

@@ -3,6 +3,7 @@ require 'cgi'
 require 'base64'
 require 'nokogiri'
 require 'digest/sha1'
+require 'openssl'
 module OmniAuth
   module Strategies
@@ -73,12 +74,17 @@ module OmniAuth
       def verify_signature!(xml)
         key = extract_public_key(xml)
+        begin
+          signed_info = extract_signed_info(xml)
+          signature = extract_signature(xml)
+          return if key.verify(OpenSSL::Digest::SHA1.new, signature, signed_info)
-        signed_info = extract_signed_info(xml)
-        signature = extract_signature(xml)
-        return if key.verify(OpenSSL::Digest::SHA1.new, signature, signed_info)
+          raise OmniAuth::Strategies::Signicat::ValidationError, 'Invalid signature (SHA1)'
+        rescue OmniAuth::Strategies::Signicat::ValidationError
+          return if key.verify(OpenSSL::Digest::SHA256.new, signature, signed_info)
-        raise OmniAuth::Strategies::Signicat::ValidationError, 'Invalid signature'
+          raise OmniAuth::Strategies::Signicat::ValidationError, 'Invalid signature (SHA256)'
+        end
       end
       def extract_public_key(xml)

data/spec/omniauth/strategies/signicat_spec.rb CHANGED

@@ -31,7 +31,7 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
     end
     it 'should redirect correctly' do
-      last_response.location.should include 'https://preprod.signicat.com/std/method/demo?id=nbid:default:nb'
+      expect(last_response.location).to include 'https://preprod.signicat.com/std/method/demo?id=nbid:default:nb'
     end
     context 'when passing phone and subject' do
@@ -44,8 +44,8 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
       end
       it 'should include prefilled query params' do
-        last_response.location.should include '&prefilled.subject=010170'
-        last_response.location.should include '&prefilled.phone=99988777'
+        expect(last_response.location).to include '&prefilled.subject=010170'
+        expect(last_response.location).to include '&prefilled.phone=99988777'
       end
     end
@@ -58,7 +58,7 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
       end
       it 'should include prefilled query params' do
-        last_response.location.should include '&prefilled.subject=01017012345'
+        expect(last_response.location).to include '&prefilled.subject=01017012345'
       end
     end
   end
@@ -69,20 +69,20 @@ describe OmniAuth::Strategies::Signicat, type: :strategy do
     let(:xml) { :example_response }
     before :each do
-      Time.stub(:now).and_return(Time.utc(2016, 5, 10, 8, 57, 00))
+      allow(Time).to receive(:now).and_return(Time.utc(2016, 5, 10, 8, 57, 00))
     end
     shared_examples_for 'a valid response' do
       it 'should set the uid to the nameID in the SAML response' do
-        auth_hash['uid'].should == '9578-6000-4-140135'
+        expect(auth_hash['uid']).to eq '9578-6000-4-140135'
       end
       it 'should set the info' do
-        auth_hash[:info].should == {
+        expect(auth_hash[:info]).to eq({
           'firstname' => 'Bjørn Test',
           'lastname' => 'Teisvær',
           'date-of-birth' => '1961-03-23'
-        }
+        })
       end
       it 'should set the raw info to all attributes' do

data/spec/spec_helper.rb CHANGED

@@ -19,6 +19,12 @@ RSpec.configure do |config|
   config.include Rack::Test::Methods
   config.filter_run :focus
   config.run_all_when_everything_filtered = true
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+  config.mock_with :rspec do |c|
+    c.syntax = :expect
+  end
 end
 def load_xml(filename = :example_response)

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-signicat
 version: !ruby/object:Gem::Version
-  version: 1.6.2
+  version: 1.6.3
 platform: ruby
 authors:
 - Theodor Tonum
@@ -15,7 +15,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-12-15 00:00:00.000000000 Z
+date: 2019-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -128,10 +128,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: Signicat strategy for OmniAuth.
 test_files:
-- spec/omniauth/strategies/signicat_spec.rb
 - spec/spec_helper.rb
+- spec/omniauth/strategies/signicat_spec.rb