ruby-saml 0.8.11 → 0.8.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

@@ -1,94 +1,91 @@
1
- require 'test_helper'
2
- require 'xml_security'
1
+ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
3
2
 
4
- class XmlSecurityTest < Test::Unit::TestCase
3
+ class XmlSecurityTest < Minitest::Test
5
4
  include XMLSecurity
6
5
 
7
- context "XmlSecurity" do
8
- setup do
6
+ describe "XmlSecurity" do
7
+ before do
9
8
  @document = XMLSecurity::SignedDocument.new(Base64.decode64(response_document))
10
9
  @base64cert = @document.elements["//ds:X509Certificate"].text
11
10
  end
12
11
 
13
- should "should run validate without throwing NS related exceptions" do
12
+ it "should run validate without throwing NS related exceptions" do
14
13
  assert !@document.validate_signature(@base64cert, true)
15
14
  end
16
15
 
17
- should "should run validate with throwing NS related exceptions" do
18
- assert_raise(OneLogin::RubySaml::ValidationError) do
16
+ it "should run validate with throwing NS related exceptions" do
17
+ assert_raises(OneLogin::RubySaml::ValidationError) do
19
18
  @document.validate_signature(@base64cert, false)
20
19
  end
21
20
  end
22
21
 
23
- should "not raise an error when softly validating the document multiple times" do
24
- assert_nothing_raised do
25
- 2.times { @document.validate_signature(@base64cert, true) }
26
- end
22
+ it "not raise an error when softly validating the document multiple times" do
23
+ 2.times { @document.validate_signature(@base64cert, true) }
27
24
  end
28
25
 
29
- should "should raise Fingerprint mismatch" do
30
- exception = assert_raise(OneLogin::RubySaml::ValidationError) do
26
+ it "should raise Fingerprint mismatch" do
27
+ exception = assert_raises(OneLogin::RubySaml::ValidationError) do
31
28
  @document.validate_document("no:fi:ng:er:pr:in:t", false)
32
29
  end
33
30
  assert_equal("Fingerprint mismatch", exception.message)
34
31
  end
35
32
 
36
- should "should raise Digest mismatch" do
37
- exception = assert_raise(OneLogin::RubySaml::ValidationError) do
33
+ it "should raise Digest mismatch" do
34
+ exception = assert_raises(OneLogin::RubySaml::ValidationError) do
38
35
  @document.validate_signature(@base64cert, false)
39
36
  end
40
37
  assert_equal("Digest mismatch", exception.message)
41
38
  end
42
39
 
43
- should "should raise Key validation error" do
40
+ it "should raise Key validation error" do
44
41
  response = Base64.decode64(response_document)
45
42
  response.sub!("<ds:DigestValue>pJQ7MS/ek4KRRWGmv/H43ReHYMs=</ds:DigestValue>",
46
43
  "<ds:DigestValue>b9xsAXLsynugg3Wc1CI3kpWku+0=</ds:DigestValue>")
47
44
  document = XMLSecurity::SignedDocument.new(response)
48
45
  base64cert = document.elements["//ds:X509Certificate"].text
49
- exception = assert_raise(OneLogin::RubySaml::ValidationError) do
46
+ exception = assert_raises(OneLogin::RubySaml::ValidationError) do
50
47
  document.validate_signature(base64cert, false)
51
48
  end
52
49
  assert_equal("Key validation error", exception.message)
53
50
  end
54
51
 
55
- should "raise validation error when the X509Certificate is missing" do
52
+ it "raise validation error when the X509Certificate is missing" do
56
53
  response = Base64.decode64(response_document)
57
54
  response.sub!(/<ds:X509Certificate>.*<\/ds:X509Certificate>/, "")
58
55
  document = XMLSecurity::SignedDocument.new(response)
59
- exception = assert_raise(OneLogin::RubySaml::ValidationError) do
56
+ exception = assert_raises(OneLogin::RubySaml::ValidationError) do
60
57
  document.validate_document("a fingerprint", false) # The fingerprint isn't relevant to this test
61
58
  end
62
59
  assert_equal("Certificate element missing in response (ds:X509Certificate)", exception.message)
63
60
  end
64
61
  end
65
62
 
66
- context "Algorithms" do
67
- should "validate using SHA1" do
63
+ describe "Algorithms" do
64
+ it "validate using SHA1" do
68
65
  @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
69
66
  assert @document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
70
67
  end
71
68
 
72
- should "validate using SHA256" do
69
+ it "validate using SHA256" do
73
70
  @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
74
71
  assert @document.validate_document("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")
75
72
  end
76
73
 
77
- should "validate using SHA384" do
74
+ it "validate using SHA384" do
78
75
  @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
79
76
  assert @document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
80
77
  end
81
78
 
82
- should "validate using SHA512" do
79
+ it "validate using SHA512" do
83
80
  @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
84
81
  assert @document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
85
82
  end
86
83
  end
87
84
 
88
- context "XmlSecurity::SignedDocument" do
85
+ describe "XmlSecurity::SignedDocument" do
89
86
 
90
- context "#extract_inclusive_namespaces" do
91
- should "support explicit namespace resolution for exclusive canonicalization" do
87
+ describe "#extract_inclusive_namespaces" do
88
+ it "support explicit namespace resolution for exclusive canonicalization" do
92
89
  response = fixture(:open_saml_response, false)
93
90
  document = XMLSecurity::SignedDocument.new(response)
94
91
  inclusive_namespaces = document.send(:extract_inclusive_namespaces)
@@ -96,7 +93,7 @@ class XmlSecurityTest < Test::Unit::TestCase
96
93
  assert_equal %w[ xs ], inclusive_namespaces
97
94
  end
98
95
 
99
- should "support implicit namespace resolution for exclusive canonicalization" do
96
+ it "support implicit namespace resolution for exclusive canonicalization" do
100
97
  response = fixture(:no_signature_ns, false)
101
98
  document = XMLSecurity::SignedDocument.new(response)
102
99
  inclusive_namespaces = document.send(:extract_inclusive_namespaces)
@@ -104,7 +101,8 @@ class XmlSecurityTest < Test::Unit::TestCase
104
101
  assert_equal %w[ #default saml ds xs xsi ], inclusive_namespaces
105
102
  end
106
103
 
107
- should_eventually 'support inclusive canonicalization' do
104
+ it 'support inclusive canonicalization' do
105
+ skip('test not yet implemented')
108
106
 
109
107
  response = OneLogin::RubySaml::Response.new(fixture("tdnf_response.xml"))
110
108
  response.stubs(:conditions).returns(nil)
@@ -117,7 +115,7 @@ class XmlSecurityTest < Test::Unit::TestCase
117
115
  assert response.validate!
118
116
  end
119
117
 
120
- should "return an empty list when inclusive namespace element is missing" do
118
+ it "return an empty list when inclusive namespace element is missing" do
121
119
  response = fixture(:no_signature_ns, false)
122
120
  response.slice! %r{<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default saml ds xs xsi"/>}
123
121
 
@@ -128,27 +126,27 @@ class XmlSecurityTest < Test::Unit::TestCase
128
126
  end
129
127
  end
130
128
 
131
- context "StarfieldTMS" do
132
- setup do
129
+ describe "StarfieldTMS" do
130
+ before do
133
131
  @response = OneLogin::RubySaml::Response.new(fixture(:starfield_response))
134
132
  @response.settings = OneLogin::RubySaml::Settings.new(
135
133
  :idp_cert_fingerprint => "8D:BA:53:8E:A3:B6:F9:F1:69:6C:BB:D9:D8:BD:41:B3:AC:4F:9D:4D"
136
134
  )
137
135
  end
138
136
 
139
- should "be able to validate a good response" do
137
+ it "be able to validate a good response" do
140
138
  Timecop.freeze Time.parse('2012-11-28 17:55:00 UTC') do
141
139
  assert @response.validate!
142
140
  end
143
141
  end
144
142
 
145
- should "fail before response is valid" do
143
+ it "fail before response is valid" do
146
144
  Timecop.freeze Time.parse('2012-11-20 17:55:00 UTC') do
147
145
  assert ! @response.is_valid?
148
146
  end
149
147
  end
150
148
 
151
- should "fail after response expires" do
149
+ it "fail after response expires" do
152
150
  Timecop.freeze Time.parse('2012-11-30 17:55:00 UTC') do
153
151
  assert ! @response.is_valid?
154
152
  end
metadata CHANGED
@@ -1,54 +1,49 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
- version: !ruby/object:Gem::Version
4
- version: 0.8.11
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.8.12
5
5
  platform: ruby
6
- authors:
6
+ authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-05 00:00:00.000000000 Z
12
- dependencies:
13
- - !ruby/object:Gem::Dependency
11
+
12
+ date: 2020-05-08 00:00:00 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
14
15
  name: uuid
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '2.3'
20
- type: :runtime
21
16
  prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '2.3'
27
- - !ruby/object:Gem::Dependency
28
- name: nokogiri
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: 1.5.0
17
+ requirement: &id001 !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: "2.3"
34
22
  type: :runtime
23
+ version_requirements: *id001
24
+ - !ruby/object:Gem::Dependency
25
+ name: nokogiri
35
26
  prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
27
+ requirement: &id002 !ruby/object:Gem::Requirement
28
+ requirements:
38
29
  - - ">="
39
- - !ruby/object:Gem::Version
30
+ - !ruby/object:Gem::Version
40
31
  version: 1.5.0
32
+ type: :runtime
33
+ version_requirements: *id002
41
34
  description: SAML toolkit for Ruby on Rails
42
35
  email: support@onelogin.com
43
36
  executables: []
37
+
44
38
  extensions: []
45
- extra_rdoc_files:
39
+
40
+ extra_rdoc_files:
46
41
  - LICENSE
47
42
  - README.md
48
- files:
49
- - ".document"
50
- - ".gitignore"
51
- - ".travis.yml"
43
+ files:
44
+ - .document
45
+ - .gitignore
46
+ - .travis.yml
52
47
  - Gemfile
53
48
  - LICENSE
54
49
  - README.md
@@ -86,6 +81,7 @@ files:
86
81
  - test/responses/adfs_response_sha256.xml
87
82
  - test/responses/adfs_response_sha384.xml
88
83
  - test/responses/adfs_response_sha512.xml
84
+ - test/responses/encrypted_new_attack.xml.base64
89
85
  - test/responses/logoutresponse_fixtures.rb
90
86
  - test/responses/no_signature_ns.xml
91
87
  - test/responses/open_saml_response.xml
@@ -99,10 +95,14 @@ files:
99
95
  - test/responses/response_node_text_attack.xml.base64
100
96
  - test/responses/response_with_ampersands.xml
101
97
  - test/responses/response_with_ampersands.xml.base64
98
+ - test/responses/response_with_concealed_signed_assertion.xml
99
+ - test/responses/response_with_doubled_signed_assertion.xml
102
100
  - test/responses/response_with_multiple_attribute_statements.xml
103
101
  - test/responses/response_with_multiple_attribute_values.xml
102
+ - test/responses/response_wrapped.xml.base64
104
103
  - test/responses/simple_saml_php.xml
105
104
  - test/responses/starfield_response.xml.base64
105
+ - test/responses/valid_response.xml.base64
106
106
  - test/responses/wrapped_response_2.xml.base64
107
107
  - test/settings_test.rb
108
108
  - test/slo_logoutresponse_test.rb
@@ -111,29 +111,31 @@ files:
111
111
  - test/xml_security_test.rb
112
112
  homepage: http://github.com/onelogin/ruby-saml
113
113
  licenses: []
114
+
114
115
  metadata: {}
116
+
115
117
  post_install_message:
116
- rdoc_options:
117
- - "--charset=UTF-8"
118
- require_paths:
118
+ rdoc_options:
119
+ - --charset=UTF-8
120
+ require_paths:
119
121
  - lib
120
- required_ruby_version: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - ">="
123
- - !ruby/object:Gem::Version
124
- version: '0'
125
- required_rubygems_version: !ruby/object:Gem::Requirement
126
- requirements:
127
- - - ">="
128
- - !ruby/object:Gem::Version
129
- version: '0'
122
+ required_ruby_version: !ruby/object:Gem::Requirement
123
+ requirements:
124
+ - &id003
125
+ - ">="
126
+ - !ruby/object:Gem::Version
127
+ version: "0"
128
+ required_rubygems_version: !ruby/object:Gem::Requirement
129
+ requirements:
130
+ - *id003
130
131
  requirements: []
132
+
131
133
  rubyforge_project: http://www.rubygems.org/gems/ruby-saml
132
- rubygems_version: 2.5.1
134
+ rubygems_version: 2.7.7
133
135
  signing_key:
134
136
  specification_version: 4
135
137
  summary: SAML Ruby Tookit
136
- test_files:
138
+ test_files:
137
139
  - test/certificates/certificate1
138
140
  - test/certificates/r1_certificate2_base64
139
141
  - test/certificates/ruby-saml.crt
@@ -146,6 +148,7 @@ test_files:
146
148
  - test/responses/adfs_response_sha256.xml
147
149
  - test/responses/adfs_response_sha384.xml
148
150
  - test/responses/adfs_response_sha512.xml
151
+ - test/responses/encrypted_new_attack.xml.base64
149
152
  - test/responses/logoutresponse_fixtures.rb
150
153
  - test/responses/no_signature_ns.xml
151
154
  - test/responses/open_saml_response.xml
@@ -159,10 +162,14 @@ test_files:
159
162
  - test/responses/response_node_text_attack.xml.base64
160
163
  - test/responses/response_with_ampersands.xml
161
164
  - test/responses/response_with_ampersands.xml.base64
165
+ - test/responses/response_with_concealed_signed_assertion.xml
166
+ - test/responses/response_with_doubled_signed_assertion.xml
162
167
  - test/responses/response_with_multiple_attribute_statements.xml
163
168
  - test/responses/response_with_multiple_attribute_values.xml
169
+ - test/responses/response_wrapped.xml.base64
164
170
  - test/responses/simple_saml_php.xml
165
171
  - test/responses/starfield_response.xml.base64
172
+ - test/responses/valid_response.xml.base64
166
173
  - test/responses/wrapped_response_2.xml.base64
167
174
  - test/settings_test.rb
168
175
  - test/slo_logoutresponse_test.rb