RubyGems - ruby-saml-mod - Versions diffs - 0.2.0 → 0.2.1 - Mend

ruby-saml-mod 0.2.0 → 0.2.1

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/onelogin/saml/auth_request.rb +44 -38
data/spec/response_spec.rb +4 -4
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c9b8339af98b853334c4cd343eff1454a9ed537a
-  data.tar.gz: 7702ec985b556013a1d812f646e415ec16cfe58f
+  metadata.gz: 70a7eb538a2bbed9d2269ccf27a1ae560a40734c
+  data.tar.gz: dca9f7dd1a7e5e7d3a7e8967af606b3688144c09
 SHA512:
-  metadata.gz: 1e1accc268ecc2fad5023f99552d8c2a53cca7ddd548092236534bcb0d6016ec51a40d0960b8706afceacd9fe5ecfeb204751985f0b15c90e78e1bbaeeb5cade
-  data.tar.gz: 868e76914f77d9766ebc31449b9262c28dd689a4ea815ed23c6269ada3a0e4422ec2941e73c87bfd3e9d53671ee0e5c0c1f6b58ab2151ba969cee116a3599f7d
+  metadata.gz: 1be665813508c314582bebac318758085c74ca7fd3621c58e6df191df83639981eb48fa3b3d6cbad8047765962abddd6fb920a8b8d0f9062d2075293f1ba8d87
+  data.tar.gz: a9d34492f6c2e8feb08a1bccccb2a53545c88ef336bc1cfb8345fff663ccbee7857bc338970d233877a8b295b44d03779b5f5cadcdeaa2655b5af57acb24e134

data/lib/onelogin/saml/auth_request.rb CHANGED Viewed

@@ -1,47 +1,53 @@
-module Onelogin::Saml
-  class AuthRequest < BaseAssertion
-    attr_accessor :requested_authn_context,
-                  :assertion_consumer_service_url,
-                  :name_identifier_format
-    def self.parse(raw_assertion, settings = nil)
-      raise NotImplementedError
+ module Onelogin::Saml
+  class AuthRequest
+    attr_reader :settings, :id, :request_xml, :forward_url
+    def initialize(settings)
+      @settings = settings
     end
-    def self.generate(settings)
-      super(settings, {
-        destination: settings.idp_sso_target_url,
-        requested_authn_context: settings.requested_authn_context,
-        assertion_consumer_service_url: Array(settings.assertion_consumer_service_url).first,
-        name_identifier_format: settings.name_identifier_format
-      })
+    def self.create(settings)
+      ar = AuthRequest.new(settings)
+      ar.generate_request
     end
+    def generate_request
+      @id = Onelogin::Saml::AuthRequest.generate_unique_id(42)
+      issue_instant = Onelogin::Saml::AuthRequest.get_timestamp
-    def generate
-      if self.requested_authn_context
-        xml = <<-XML
-          <samlp:RequestedAuthnContext Comparison="exact">
-            <saml:AuthnContextClassRef>#{self.requested_authn_context}</saml:AuthnContextClassRef>
-          </samlp:RequestedAuthnContext>
-        XML
+      @request_xml =
+        "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{@id}\" Version=\"2.0\" IssueInstant=\"#{issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{Array(settings.assertion_consumer_service_url).first}\">" +
+        "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{@settings.issuer}</saml:Issuer>\n" +
+        "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{@settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n"
+      if @settings.requested_authn_context
+        @request_xml += "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">"
+        @request_xml += "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{@settings.requested_authn_context}</saml:AuthnContextClassRef>"
+        @request_xml += "</samlp:RequestedAuthnContext>\n"
       end
+      @request_xml += "</samlp:AuthnRequest>"
-      <<-XML
-        <samlp:AuthnRequest
-          xmlns:samlp="#{Onelogin::NAMESPACES['samlp']}"
-          xmlns:saml="#{Onelogin::NAMESPACES['saml']}"
-          ID="#{self.id}"
-          Version="2.0"
-          ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-          AssertionConsumerServiceURL=\"#{self.assertion_consumer_service_url}\"
-          IssueInstant="#{self.issue_instant}">
-          <saml:Issuer>#{self.issuer}</saml:Issuer>
-          <samlp:NameIDPolicy Format="#{self.name_identifier_format}" AllowCreate="true"></samlp:NameIDPolicy>
+      deflated_request  = Zlib::Deflate.deflate(@request_xml, 9)[2..-5]
+      base64_request    = Base64.strict_encode64(deflated_request)
+      encoded_request   = CGI.escape(base64_request)
-          #{xml}
-        </samlp:AuthnRequest>
-      XML
+      @forward_url = @settings.idp_sso_target_url + (@settings.idp_sso_target_url.include?("?") ? "&" : "?") + "SAMLRequest=" + encoded_request
+    end
+    private
+    def self.generate_unique_id(length)
+      chars = ("a".."f").to_a + ("0".."9").to_a
+      chars_len = chars.size
+      unique_id = ("a".."f").to_a[rand(6)]
+      2.upto(length) { |i| unique_id << chars[rand(chars_len)] }
+      unique_id
+    end
+    def self.get_timestamp
+      Time.new.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
     end
   end
 end

data/spec/response_spec.rb CHANGED Viewed

@@ -164,9 +164,9 @@ describe Onelogin::Saml::Response do
         :idp_slo_target_url => "http://example.com/logout.php"
       )
-      request = Onelogin::Saml::AuthRequest::generate(settings)
+      forward_url = Onelogin::Saml::AuthRequest::create(settings)
       prefix = "http://example.com/login.php?SAMLRequest="
-      expect(request.forward_url[0...prefix.size]).to eql(prefix)
+      expect(forward_url[0...prefix.size]).to eql(prefix)
       request = Onelogin::Saml::LogoutRequest::generate(name_qualifier, name_id, session_index, settings)
       prefix = "http://example.com/logout.php?SAMLRequest="
@@ -181,9 +181,9 @@ describe Onelogin::Saml::Response do
         :idp_slo_target_url => "http://example.com/logout.php?param=foo"
       )
-      request = Onelogin::Saml::AuthRequest::generate(settings)
+      forward_url = Onelogin::Saml::AuthRequest::create(settings)
       prefix = "http://example.com/login.php?param=foo&SAMLRequest="
-      expect(request.forward_url[0...prefix.size]).to eql(prefix)
+      expect(forward_url[0...prefix.size]).to eql(prefix)
       request = Onelogin::Saml::LogoutRequest::generate(name_qualifier, name_id, session_index, settings)
       prefix = "http://example.com/logout.php?param=foo&SAMLRequest="

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml-mod
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - OneLogin LLC
@@ -14,7 +14,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-31 00:00:00.000000000 Z
+date: 2014-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: libxml-ruby