ruby-saml 0.8.14 → 0.8.18

data/test/utils_test.rb

@@ -2,6 +2,194 @@ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
 class UtilsTest < Minitest::Test
   describe "Utils" do
+
+    describe "format_cert" do
+      let(:formatted_certificate) {read_certificate("formatted_certificate")}
+      let(:formatted_chained_certificate) {read_certificate("formatted_chained_certificate")}
+
+      it "returns empty string when the cert is an empty string" do
+        cert = ""
+        assert_equal "", OneLogin::RubySaml::Utils.format_cert(cert)
+      end
+
+      it "returns nil when the cert is nil" do
+        cert = nil
+        assert_nil OneLogin::RubySaml::Utils.format_cert(cert)
+      end
+
+      it "returns the certificate when it is valid" do
+        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_certificate)
+      end
+
+      it "reformats the certificate when there are spaces and no line breaks" do
+        invalid_certificate1 = read_certificate("invalid_certificate1")
+        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate1)
+      end
+
+      it "reformats the certificate when there are spaces and no headers" do
+        invalid_certificate2 = read_certificate("invalid_certificate2")
+        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate2)
+      end
+
+      it "returns the cert when it's encoded" do
+        encoded_certificate = read_certificate("certificate.der")
+        assert_equal encoded_certificate, OneLogin::RubySaml::Utils.format_cert(encoded_certificate)
+      end
+
+      it "reformats the certificate when there line breaks and no headers" do
+        invalid_certificate3 = read_certificate("invalid_certificate3")
+        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate3)
+      end
+
+      it "returns the chained certificate when it is a valid chained certificate" do
+        assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_chained_certificate)
+      end
+
+      it "reformats the chained certificate when there are spaces and no line breaks" do
+        invalid_chained_certificate1 = read_certificate("invalid_chained_certificate1")
+        assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_chained_certificate1)
+      end
+
+    end
+
+    describe "format_private_key" do
+      let(:formatted_private_key) do
+        read_certificate("formatted_private_key")
+      end
+
+      it "returns empty string when the private key is an empty string" do
+        private_key = ""
+        assert_equal "", OneLogin::RubySaml::Utils.format_private_key(private_key)
+      end
+
+      it "returns nil when the private key is nil" do
+        private_key = nil
+        assert_nil OneLogin::RubySaml::Utils.format_private_key(private_key)
+      end
+
+      it "returns the private key when it is valid" do
+        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_private_key)
+      end
+
+      it "reformats the private key when there are spaces and no line breaks" do
+        invalid_private_key1 = read_certificate("invalid_private_key1")
+        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key1)
+      end
+
+      it "reformats the private key when there are spaces and no headers" do
+        invalid_private_key2 = read_certificate("invalid_private_key2")
+        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key2)
+      end
+
+      it "reformats the private key when there line breaks and no headers" do
+        invalid_private_key3 = read_certificate("invalid_private_key3")
+        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key3)
+      end
+
+      describe "an RSA public key" do
+        let(:formatted_rsa_private_key) do
+          read_certificate("formatted_rsa_private_key")
+        end
+
+        it "returns the private key when it is valid" do
+          assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_rsa_private_key)
+        end
+
+        it "reformats the private key when there are spaces and no line breaks" do
+          invalid_rsa_private_key1 = read_certificate("invalid_rsa_private_key1")
+          assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key1)
+        end
+
+        it "reformats the private key when there are spaces and no headers" do
+          invalid_rsa_private_key2 = read_certificate("invalid_rsa_private_key2")
+          assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key2)
+        end
+
+        it "reformats the private key when there line breaks and no headers" do
+          invalid_rsa_private_key3 = read_certificate("invalid_rsa_private_key3")
+          assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key3)
+        end
+      end
+    end
+
+    describe "build_query" do
+      it "returns the query string" do
+        params = {}
+        params[:type] = "SAMLRequest"
+        params[:data] = "PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8+"
+        params[:relay_state] = "http://example.com"
+        params[:sig_alg] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+        query_string = OneLogin::RubySaml::Utils.build_query(params)
+        assert_equal "SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8%2B&RelayState=http%3A%2F%2Fexample.com&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1", query_string
+      end
+    end
+
+    describe "#status_error_msg" do
+      it "returns a error msg with a status message" do
+        error_msg = "The status code of the Logout Response was not Success"
+        status_code = "urn:oasis:names:tc:SAML:2.0:status:Requester"
+        status_message = "The request could not be performed due to an error on the part of the requester."
+        status_error_msg = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code, status_message)
+        assert_equal = "The status code of the Logout Response was not Success, was Requester -> The request could not be performed due to an error on the part of the requester.", status_error_msg
+
+        status_error_msg2 = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code)
+        assert_equal = "The status code of the Logout Response was not Success, was Requester", status_error_msg2
+
+        status_error_msg3 = OneLogin::RubySaml::Utils.status_error_msg(error_msg)
+        assert_equal = "The status code of the Logout Response was not Success", status_error_msg3
+      end
+    end
+
+    describe 'uri_match' do
+      it 'matches two urls' do
+        destination = 'http://www.example.com/test?var=stuff'
+        settings = 'http://www.example.com/test?var=stuff'
+        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it 'fails to match two urls' do
+        destination = 'http://www.example.com/test?var=stuff'
+        settings = 'http://www.example.com/othertest?var=stuff'
+        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it "matches two URLs if the scheme case doesn't match" do
+        destination = 'http://www.example.com/test?var=stuff'
+        settings = 'HTTP://www.example.com/test?var=stuff'
+        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it "matches two URLs if the host case doesn't match" do
+        destination = 'http://www.EXAMPLE.com/test?var=stuff'
+        settings = 'http://www.example.com/test?var=stuff'
+        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it "fails to match two URLs if the path case doesn't match" do
+        destination = 'http://www.example.com/TEST?var=stuff'
+        settings = 'http://www.example.com/test?var=stuff'
+        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it "fails to match two URLs if the query case doesn't match" do
+        destination = 'http://www.example.com/test?var=stuff'
+        settings = 'http://www.example.com/test?var=STUFF'
+        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it 'matches two non urls' do
+        destination = 'stuff'
+        settings = 'stuff'
+        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+
+      it "fails to match two non urls" do
+        destination = 'stuff'
+        settings = 'not stuff'
+        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
+      end
+    end
+
     describe 'element_text' do
       it 'returns the element text' do
         element = REXML::Document.new('<element>element text</element>').elements.first
@@ -36,6 +224,8 @@ class UtilsTest < Minitest::Test
         element = REXML::Document.new('<element></element>').elements.first
         assert_equal '', OneLogin::RubySaml::Utils.element_text(element)
       end
+
+
     end
   end
-end
+end

data/test/xml_security_test.rb

@@ -383,6 +383,11 @@ class XmlSecurityTest < Minitest::Test
           options[:cert] = idp_cert
           assert document.document.validate_document(idp_cert, true, options), 'Document should be valid'
         end
+
+        it 'is valid if cert text instead x509cert provided' do
+          options[:cert] = ruby_saml_cert_text
+          assert document.document.validate_document(idp_cert, true, options), 'Document should be valid'
+        end
       end
 
       describe 'when response has no cert and you dont provide cert' do

metadata

@@ -1,46 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 0.8.14
-  prerelease:
+  version: 0.8.18
 platform: ruby
 authors:
 - OneLogin LLC
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-19 00:00:00.000000000 Z
+date: 2021-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuid
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.5.0
 description: SAML toolkit for Ruby on Rails
@@ -51,9 +46,9 @@ extra_rdoc_files:
 - LICENSE
 - README.md
 files:
-- .document
-- .gitignore
-- .travis.yml
+- ".document"
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -68,6 +63,7 @@ files:
 - lib/onelogin/ruby-saml/response.rb
 - lib/onelogin/ruby-saml/setting_error.rb
 - lib/onelogin/ruby-saml/settings.rb
+- lib/onelogin/ruby-saml/slo_logoutrequest.rb
 - lib/onelogin/ruby-saml/slo_logoutresponse.rb
 - lib/onelogin/ruby-saml/utils.rb
 - lib/onelogin/ruby-saml/validation_error.rb
@@ -79,7 +75,22 @@ files:
 - lib/schemas/xmldsig_schema.xsd
 - lib/xml_security.rb
 - ruby-saml.gemspec
+- test/certificates/certificate.der
 - test/certificates/certificate1
+- test/certificates/formatted_certificate
+- test/certificates/formatted_chained_certificate
+- test/certificates/formatted_private_key
+- test/certificates/formatted_rsa_private_key
+- test/certificates/invalid_certificate1
+- test/certificates/invalid_certificate2
+- test/certificates/invalid_certificate3
+- test/certificates/invalid_chained_certificate1
+- test/certificates/invalid_private_key1
+- test/certificates/invalid_private_key2
+- test/certificates/invalid_private_key3
+- test/certificates/invalid_rsa_private_key1
+- test/certificates/invalid_rsa_private_key2
+- test/certificates/invalid_rsa_private_key3
 - test/certificates/r1_certificate2_base64
 - test/certificates/ruby-saml-2.crt
 - test/certificates/ruby-saml.crt
@@ -87,6 +98,7 @@ files:
 - test/logoutrequest_test.rb
 - test/logoutresponse_test.rb
 - test/request_test.rb
+- test/requests/logoutrequest_fixtures.rb
 - test/response_test.rb
 - test/responses/adfs_response_sha1.xml
 - test/responses/adfs_response_sha256.xml
@@ -94,6 +106,8 @@ files:
 - test/responses/adfs_response_sha512.xml
 - test/responses/adfs_response_xmlns.xml
 - test/responses/encrypted_new_attack.xml.base64
+- test/responses/invalids/invalid_issuer_assertion.xml.base64
+- test/responses/invalids/invalid_issuer_message.xml.base64
 - test/responses/invalids/multiple_signed.xml.base64
 - test/responses/invalids/no_signature.xml.base64
 - test/responses/invalids/response_with_concealed_signed_assertion.xml
@@ -126,37 +140,52 @@ files:
 - test/responses/valid_response_without_x509certificate.xml.base64
 - test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
+- test/slo_logoutrequest_test.rb
 - test/slo_logoutresponse_test.rb
 - test/test_helper.rb
 - test/utils_test.rb
 - test/xml_security_test.rb
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
-post_install_message:
+metadata: {}
+post_install_message: 
 rdoc_options:
-- --charset=UTF-8
+- "--charset=UTF-8"
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 1.8.23.2
-signing_key:
-specification_version: 3
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
 summary: SAML Ruby Tookit
 test_files:
+- test/certificates/certificate.der
 - test/certificates/certificate1
+- test/certificates/formatted_certificate
+- test/certificates/formatted_chained_certificate
+- test/certificates/formatted_private_key
+- test/certificates/formatted_rsa_private_key
+- test/certificates/invalid_certificate1
+- test/certificates/invalid_certificate2
+- test/certificates/invalid_certificate3
+- test/certificates/invalid_chained_certificate1
+- test/certificates/invalid_private_key1
+- test/certificates/invalid_private_key2
+- test/certificates/invalid_private_key3
+- test/certificates/invalid_rsa_private_key1
+- test/certificates/invalid_rsa_private_key2
+- test/certificates/invalid_rsa_private_key3
 - test/certificates/r1_certificate2_base64
 - test/certificates/ruby-saml-2.crt
 - test/certificates/ruby-saml.crt
@@ -164,6 +193,7 @@ test_files:
 - test/logoutrequest_test.rb
 - test/logoutresponse_test.rb
 - test/request_test.rb
+- test/requests/logoutrequest_fixtures.rb
 - test/response_test.rb
 - test/responses/adfs_response_sha1.xml
 - test/responses/adfs_response_sha256.xml
@@ -171,6 +201,8 @@ test_files:
 - test/responses/adfs_response_sha512.xml
 - test/responses/adfs_response_xmlns.xml
 - test/responses/encrypted_new_attack.xml.base64
+- test/responses/invalids/invalid_issuer_assertion.xml.base64
+- test/responses/invalids/invalid_issuer_message.xml.base64
 - test/responses/invalids/multiple_signed.xml.base64
 - test/responses/invalids/no_signature.xml.base64
 - test/responses/invalids/response_with_concealed_signed_assertion.xml
@@ -203,6 +235,7 @@ test_files:
 - test/responses/valid_response_without_x509certificate.xml.base64
 - test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
+- test/slo_logoutrequest_test.rb
 - test/slo_logoutresponse_test.rb
 - test/test_helper.rb
 - test/utils_test.rb