ruby-saml 0.7.1 → 0.7.2

data/lib/onelogin/ruby-saml/authrequest.rb

@@ -34,7 +34,7 @@ module Onelogin
 
       def create_authentication_xml_doc(settings)
         uuid = "_" + UUID.new.generate
-        time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%S")
+        time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
         # Create AuthnRequest root element using REXML 
         request_doc = REXML::Document.new
 
@@ -42,6 +42,7 @@ module Onelogin
         root.attributes['ID'] = uuid
         root.attributes['IssueInstant'] = time
         root.attributes['Version'] = "2.0"
+        root.attributes['Destination'] = settings.idp_sso_target_url unless settings.idp_sso_target_url.nil?
 
         # Conditionally defined elements based on settings
         if settings.assertion_consumer_service_url != nil

data/lib/onelogin/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module Onelogin
   module Saml
-    VERSION = '0.7.1'
+    VERSION = '0.7.2'
   end
 end

data/lib/xml_security.rb

@@ -37,7 +37,7 @@ module XMLSecurity
     C14N = "http://www.w3.org/2001/10/xml-exc-c14n#"
     DSIG = "http://www.w3.org/2000/09/xmldsig#"
 
-    attr_accessor :signed_element_id, :sig_element, :noko_sig_element
+    attr_accessor :signed_element_id
 
     def initialize(response)
       super(response)
@@ -69,23 +69,26 @@ module XMLSecurity
 
       document = Nokogiri.parse(self.to_s)
 
+      # create a working copy so we don't modify the original
+      @working_copy ||= REXML::Document.new(self.to_s).root
+
       # store and remove signature node
-      self.sig_element ||= begin
-        element = REXML::XPath.first(self, "//ds:Signature", {"ds"=>DSIG})
+      @sig_element ||= begin
+        element = REXML::XPath.first(@working_copy, "//ds:Signature", {"ds"=>DSIG})
         element.remove
       end
 
 
       # verify signature
-      signed_info_element     = REXML::XPath.first(sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
-      self.noko_sig_element ||= document.at_xpath('//ds:Signature', 'ds' => DSIG)
+      signed_info_element     = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
+      noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
       noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
-      canon_algorithm = canon_algorithm REXML::XPath.first(sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
+      canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
       canon_string = noko_signed_info_element.canonicalize(canon_algorithm)
       noko_sig_element.remove
 
       # check digests
-      REXML::XPath.each(sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
+      REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
         uri                           = ref.attributes.get_attribute("URI").value
 
         hashed_element                = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
@@ -102,7 +105,7 @@ module XMLSecurity
         end
       end
 
-      base64_signature        = REXML::XPath.first(sig_element, "//ds:SignatureValue", {"ds"=>DSIG}).text
+      base64_signature        = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG}).text
       signature               = Base64.decode64(base64_signature)
 
       # get certificate object

data/test/request_test.rb

@@ -19,6 +19,21 @@ class RequestTest < Test::Unit::TestCase
       assert_match /^<samlp:AuthnRequest/, inflated
     end
 
+    should "create the deflated SAMLRequest URL parameter including the Destination" do
+      settings = Onelogin::Saml::Settings.new
+      settings.idp_sso_target_url = "http://example.com"
+      auth_url = Onelogin::Saml::Authrequest.new.create(settings)
+      payload  = CGI.unescape(auth_url.split("=").last)
+      decoded  = Base64.decode64(payload)
+
+      zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+
+      assert_match /<samlp:AuthnRequest[^<]* Destination='http:\/\/example.com'/, inflated
+    end
+
     should "create the SAMLRequest URL parameter without deflating" do
       settings = Onelogin::Saml::Settings.new
       settings.compress_request = false

data/test/response_test.rb

@@ -76,6 +76,25 @@ class RubySamlTest < Test::Unit::TestCase
         assert response.is_valid?
       end
 
+      should "should be idempotent when the response is initialized with invalid data" do
+        response = Onelogin::Saml::Response.new(response_document_4)
+        response.stubs(:conditions).returns(nil)
+        settings = Onelogin::Saml::Settings.new
+        response.settings = settings
+        assert !response.is_valid?
+        assert !response.is_valid?
+      end
+
+      should "should be idempotent when the response is initialized with valid data" do
+        response = Onelogin::Saml::Response.new(response_document_4)
+        response.stubs(:conditions).returns(nil)
+        settings = Onelogin::Saml::Settings.new
+        response.settings = settings
+        settings.idp_cert_fingerprint = signature_fingerprint_1
+        assert response.is_valid?
+        assert response.is_valid?
+      end
+
       should "return true when using certificate instead of fingerprint" do
         response = Onelogin::Saml::Response.new(response_document_4)
         response.stubs(:conditions).returns(nil)

metadata

@@ -1,78 +1,72 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: ruby-saml
-version: !ruby/object:Gem::Version 
-  hash: 1
+version: !ruby/object:Gem::Version
+  version: 0.7.2
   prerelease: 
-  segments: 
-  - 0
-  - 7
-  - 1
-  version: 0.7.1
 platform: ruby
-authors: 
+authors:
 - OneLogin LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2013-01-23 00:00:00 -08:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-02-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: canonix
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - "="
-      - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 0
-        - 1
-        - 1
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
         version: 0.1.1
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: uuid
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
+  name: uuid
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 2
-        - 3
-        version: "2.3"
+      - !ruby/object:Gem::Version
+        version: '2.3'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: nokogiri
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id003
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: SAML toolkit for Ruby on Rails
 email: support@onelogin.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - LICENSE
 - README.md
-files: 
+files:
 - .document
 - .gitignore
 - .travis.yml
@@ -121,41 +115,32 @@ files:
 - test/settings_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb
-has_rdoc: true
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - --charset=UTF-8
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 1.6.2
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: SAML Ruby Tookit
-test_files: 
+test_files:
 - test/certificates/certificate1
 - test/logoutrequest_test.rb
 - test/logoutresponse_test.rb
@@ -181,3 +166,4 @@ test_files:
 - test/settings_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb
+has_rdoc: