RubyGems - ruby-saml-bekk - Versions diffs - 0.3.2 → 0.3.3 - Mend

ruby-saml-bekk 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/VERSION +1 -1
data/lib/onelogin/saml/logoutrequest.rb +9 -9
data/lib/onelogin/saml/logoutresponse.rb +5 -0
data/lib/onelogin/saml/response.rb +4 -0
data/lib/onelogin/saml/settings.rb +1 -2
data/test/ruby-saml_test.rb +39 -5
metadata +2 -2

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.3.2
1	+ 0.3.3

data/lib/onelogin/saml/logoutrequest.rb CHANGED Viewed

@@ -1,36 +1,36 @@
-require 'base64'
 require 'uuid'
-require 'cgi'
 module Onelogin::Saml
   class Logoutrequest
+    include Codeing
     attr_reader :transaction_id
     def initialize
       @transaction_id = UUID.new.generate
     end
-    def create(settings,nameid,params={})
+    def create(settings, params={})
       issue_instant = Onelogin::Saml::Logoutrequest.timestamp
-      request = xml(settings, nameid, issue_instant)
+      request = xml(settings, issue_instant)
-      deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]
-      base64_request    = Base64.encode64(deflated_request)
+      deflated_request  = deflate(request)
+      base64_request    = encode(deflated_request)
       params["SAMLRequest"] = base64_request
-      query_string = params.map {|key, value| "#{key}=#{CGI.escape(value)}"}.join("&")
+      query_string = params.map {|key, value| "#{key}=#{escape(value)}"}.join("&")
       settings.idp_slo_target_url + "?#{query_string}"
      end
-    def xml(settings, nameid, issue_instant)
+    def xml(settings, issue_instant)
       request = <<-EOF
         <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
             ID="#{transaction_id}" Version="2.0" IssueInstant="#{issue_instant}">
                 <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#{settings.issuer}</saml:Issuer>
                 <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                     NameQualifier="#{settings.sp_name_qualifier}"
-                    Format="#{settings.name_identifier_format}">#{nameid}</saml:NameID>
+                    Format="#{settings.name_identifier_format}">#{settings.name_id}</saml:NameID>
+            <samlp:SessionIndex xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">#{settings.sessionindex}</samlp:SessionIndex>
         </samlp:LogoutRequest>
       EOF

data/lib/onelogin/saml/logoutresponse.rb CHANGED Viewed

@@ -24,6 +24,11 @@ module Onelogin
         document.elements["/samlp:LogoutResponse"].attributes["InResponseTo"]
       end
+      def success?
+        document.elements["/samlp:LogoutResponse/samlp:Status/samlp:StatusCode"].attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
+      end
     protected
       def document
         REXML::Document.new(@response)

data/lib/onelogin/saml/response.rb CHANGED Viewed

@@ -43,6 +43,10 @@ module Onelogin::Saml
       @expires_at ||= Time.parse(document.elements["/samlp:Response/saml:Assertion/saml:AuthnStatement"].attributes["SessionNotOnOrAfter"])
     end
+    def sessionindex
+      document.elements["/samlp:Response/saml:Assertion/saml:AuthnStatement"].attributes["SessionIndex"]
+    end
   private
     def make_hash_access_indiferent(hash)

data/lib/onelogin/saml/settings.rb CHANGED Viewed

@@ -3,7 +3,6 @@ module Onelogin::Saml
     attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
     attr_accessor :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
     attr_accessor :idp_slo_target_url
-    SLO_ELEMENT_PATH = "/EntityDescriptor/IDPSSODescriptor/SingleLogoutService[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']"
+    attr_accessor :sessionindex, :name_id
   end
 end

data/test/ruby-saml_test.rb CHANGED Viewed

@@ -11,7 +11,7 @@ class RubySamlTest < Test::Unit::TestCase
     end
     should "should provide getters and settings" do
       accessors = [
-        :assertion_consumer_service_url, :issuer, :sp_name_qualifier, :sp_name_qualifier,
+        :assertion_consumer_service_url, :issuer, :sp_name_qualifier,
         :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
       ]
@@ -82,6 +82,13 @@ class RubySamlTest < Test::Unit::TestCase
       end
     end
+    context "#sessionindex" do
+      should "get the sessionindex" do
+        response = Onelogin::Saml::Response.new(response_document)
+        assert_equal "_531c32d283bdff7e04e487bcdbc4dd8d", response.sessionindex
+      end
+    end
     context "#session_expires_at" do
       should "extract the value of the SessionNotOnOrAfter attribute" do
         response = Onelogin::Saml::Response.new(response_document)
@@ -127,7 +134,9 @@ class RubySamlTest < Test::Unit::TestCase
     should "generate a correct logout request" do
       logoutrequest = Onelogin::Saml::Logoutrequest.new
-      logout_xml = logoutrequest.xml(@settings, "demo", "test")
+      @settings.name_id = "demo"
+      @settings.sessionindex = "s2c8e391dbfcb2f71796595c803cf8b4079119ff01"
+      logout_xml = logoutrequest.xml(@settings, "test")
       expected_xml = <<-EOF
     <samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
@@ -136,6 +145,7 @@ class RubySamlTest < Test::Unit::TestCase
                 <saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"
                     NameQualifier=\"sp name\"
                     Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\">demo</saml:NameID>
+            <samlp:SessionIndex xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">s2c8e391dbfcb2f71796595c803cf8b4079119ff01</samlp:SessionIndex>
         </samlp:LogoutRequest>
       EOF
@@ -145,9 +155,11 @@ class RubySamlTest < Test::Unit::TestCase
     should "generate a correct request" do
       logoutrequest = Onelogin::Saml::Logoutrequest.new
-      logout_url = logoutrequest.create(@settings, "demo")
+      @settings.name_id = "demo"
+      @settings.sessionindex = "sessionindex"
+      logout_url = logoutrequest.create(@settings, {})
-      expected_url = "http://slotarget.com/?SAMLRequest=nZFbS8QwEIXf91eEea%2FWUmQbtgVhEQqroILv03S6BJqkZqbgz7cX0fW2D57H%0Aycl35jBKrdoxun7Qh3AMozzSy0gs6tX1nvXyUsIYvQ7IlrVHR6zF6Kebu4PO%0ALlI9xCDBhB426kT1voQWr%2FOGmjTJ0ORJepVRgoUpknzbGLOlosvzFtQzRbbB%0AlzDBQNXMI9WeBb2UIHZKE3QNVF%2FoH1vrxR9Ptj2%2FLDJTlCkOKrv83F2eYP4K%0AuZ849f4fIT94s2baw4i97SzFEnhQM%2BJ3722IDuV83DyxbdItVi0RPVvyAlVL%0ALrz3Wxt89lvH325ebd4A%0A"
+      expected_url = "http://slotarget.com/?SAMLRequest=nZJNa8MwDEDv%2FRXG92xZCKMxTWBQBoFusBV2VxxlGGI7sxToz18%2Bui1hWw%2FV%0A0ZbekywLMceOwLadOvh33%2FMrfvRILE62daSmm1z2wSkPZEg5sEiKtTo%2BPB1U%0AchOrLnj22rdyIxZR7nNZw31aYRVHCeg0iu8SjCDTWZRuK623mDVpWkvxhoGM%0Ad7kcYFKURD2Wjhgc55LNYGOwlSxW9O%2Bu1ZQfFt1ebhaIMPCgk4WZKne3C8x%2F%0AkueBU%2B6vkPzijTHSXnpoTWMw5JI6MSL%2Bzn30wQJf1o0npo6aKVVxAEcGHcui%0ARuvP880TrOc7r%2F2INL5%2F6Wo8XbH1guZ6M9bPtjXzR%2Fp1u%2FpoxeYT%0A"
       assert_equal expected_url, logout_url
     end
@@ -166,7 +178,7 @@ class RubySamlTest < Test::Unit::TestCase
                           <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{issuer}</saml:Issuer>
                           <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
                           <samlp:StatusCode  xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
-                          Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\">
+                          Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\">
                           </samlp:StatusCode>
                           </samlp:Status>
                           </samlp:LogoutResponse>"
@@ -177,6 +189,28 @@ class RubySamlTest < Test::Unit::TestCase
       assert_equal logoutresponse.issuer, issuer
       assert_equal logoutresponse.in_response_to, transaction_id
+      assert_equal true, logoutresponse.success?
+    end
+    should "validate the a failing response" do
+      logout_xml = "<samlp:LogoutResponse  xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+                          ID=\"sedf164edc2121a23d4ca4b31d35261e5563dc352\" Version=\"2.0\"
+                          IssueInstant=\"2011-03-07T14:43:34Z\" Destination=\"http://localhost:3000/saml/consume_logout\"
+                          InResponseTo=\"adflkjalkfjalsdfjlaskjdf\">
+                          <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://test-idp.test.no:443/issuer</saml:Issuer>
+                          <samlp:Status xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
+                          <samlp:StatusCode  xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+                          Value=\"urn:oasis:names:tc:SAML:2.0:status:Requester\">
+                          </samlp:StatusCode>
+                          </samlp:Status>
+                          </samlp:LogoutResponse>"
+      logoutresponse = Onelogin::Saml::Logoutresponse.new(encode(deflate(logout_xml)))
+      assert_equal false, logoutresponse.success?
     end
   end

metadata CHANGED Viewed

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 3
-  - 2
-  version: 0.3.2
+  - 3
+  version: 0.3.3
 platform: ruby
 authors:
 - OneLogin LLC