ruby-saml 0.8.14 → 0.8.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

Files changed (41) hide show
  1. checksums.yaml +7 -0
  2. data/lib/onelogin/ruby-saml/authrequest.rb +5 -1
  3. data/lib/onelogin/ruby-saml/logoutrequest.rb +7 -2
  4. data/lib/onelogin/ruby-saml/logoutresponse.rb +19 -27
  5. data/lib/onelogin/ruby-saml/response.rb +104 -15
  6. data/lib/onelogin/ruby-saml/settings.rb +28 -10
  7. data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +112 -0
  8. data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +21 -13
  9. data/lib/onelogin/ruby-saml/utils.rb +27 -0
  10. data/lib/onelogin/ruby-saml/version.rb +1 -1
  11. data/lib/ruby-saml.rb +1 -0
  12. data/lib/xml_security.rb +5 -1
  13. data/test/certificates/certificate.der +0 -0
  14. data/test/certificates/formatted_certificate +14 -0
  15. data/test/certificates/formatted_chained_certificate +42 -0
  16. data/test/certificates/formatted_private_key +12 -0
  17. data/test/certificates/formatted_rsa_private_key +12 -0
  18. data/test/certificates/invalid_certificate1 +1 -0
  19. data/test/certificates/invalid_certificate2 +1 -0
  20. data/test/certificates/invalid_certificate3 +12 -0
  21. data/test/certificates/invalid_chained_certificate1 +1 -0
  22. data/test/certificates/invalid_private_key1 +1 -0
  23. data/test/certificates/invalid_private_key2 +1 -0
  24. data/test/certificates/invalid_private_key3 +10 -0
  25. data/test/certificates/invalid_rsa_private_key1 +1 -0
  26. data/test/certificates/invalid_rsa_private_key2 +1 -0
  27. data/test/certificates/invalid_rsa_private_key3 +10 -0
  28. data/test/logoutrequest_test.rb +11 -0
  29. data/test/logoutresponse_test.rb +10 -17
  30. data/test/request_test.rb +10 -0
  31. data/test/requests/logoutrequest_fixtures.rb +47 -0
  32. data/test/response_test.rb +60 -0
  33. data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +1 -0
  34. data/test/responses/invalids/invalid_issuer_message.xml.base64 +1 -0
  35. data/test/responses/logoutresponse_fixtures.rb +7 -6
  36. data/test/settings_test.rb +106 -0
  37. data/test/slo_logoutrequest_test.rb +73 -0
  38. data/test/slo_logoutresponse_test.rb +19 -0
  39. data/test/utils_test.rb +191 -1
  40. data/test/xml_security_test.rb +5 -0
  41. metadata +57 -24
data/test/utils_test.rb CHANGED
@@ -2,6 +2,194 @@ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
2
 
3
3
  class UtilsTest < Minitest::Test
4
4
  describe "Utils" do
5
+
6
+ describe "format_cert" do
7
+ let(:formatted_certificate) {read_certificate("formatted_certificate")}
8
+ let(:formatted_chained_certificate) {read_certificate("formatted_chained_certificate")}
9
+
10
+ it "returns empty string when the cert is an empty string" do
11
+ cert = ""
12
+ assert_equal "", OneLogin::RubySaml::Utils.format_cert(cert)
13
+ end
14
+
15
+ it "returns nil when the cert is nil" do
16
+ cert = nil
17
+ assert_nil OneLogin::RubySaml::Utils.format_cert(cert)
18
+ end
19
+
20
+ it "returns the certificate when it is valid" do
21
+ assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_certificate)
22
+ end
23
+
24
+ it "reformats the certificate when there are spaces and no line breaks" do
25
+ invalid_certificate1 = read_certificate("invalid_certificate1")
26
+ assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate1)
27
+ end
28
+
29
+ it "reformats the certificate when there are spaces and no headers" do
30
+ invalid_certificate2 = read_certificate("invalid_certificate2")
31
+ assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate2)
32
+ end
33
+
34
+ it "returns the cert when it's encoded" do
35
+ encoded_certificate = read_certificate("certificate.der")
36
+ assert_equal encoded_certificate, OneLogin::RubySaml::Utils.format_cert(encoded_certificate)
37
+ end
38
+
39
+ it "reformats the certificate when there line breaks and no headers" do
40
+ invalid_certificate3 = read_certificate("invalid_certificate3")
41
+ assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate3)
42
+ end
43
+
44
+ it "returns the chained certificate when it is a valid chained certificate" do
45
+ assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_chained_certificate)
46
+ end
47
+
48
+ it "reformats the chained certificate when there are spaces and no line breaks" do
49
+ invalid_chained_certificate1 = read_certificate("invalid_chained_certificate1")
50
+ assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_chained_certificate1)
51
+ end
52
+
53
+ end
54
+
55
+ describe "format_private_key" do
56
+ let(:formatted_private_key) do
57
+ read_certificate("formatted_private_key")
58
+ end
59
+
60
+ it "returns empty string when the private key is an empty string" do
61
+ private_key = ""
62
+ assert_equal "", OneLogin::RubySaml::Utils.format_private_key(private_key)
63
+ end
64
+
65
+ it "returns nil when the private key is nil" do
66
+ private_key = nil
67
+ assert_nil OneLogin::RubySaml::Utils.format_private_key(private_key)
68
+ end
69
+
70
+ it "returns the private key when it is valid" do
71
+ assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_private_key)
72
+ end
73
+
74
+ it "reformats the private key when there are spaces and no line breaks" do
75
+ invalid_private_key1 = read_certificate("invalid_private_key1")
76
+ assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key1)
77
+ end
78
+
79
+ it "reformats the private key when there are spaces and no headers" do
80
+ invalid_private_key2 = read_certificate("invalid_private_key2")
81
+ assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key2)
82
+ end
83
+
84
+ it "reformats the private key when there line breaks and no headers" do
85
+ invalid_private_key3 = read_certificate("invalid_private_key3")
86
+ assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key3)
87
+ end
88
+
89
+ describe "an RSA public key" do
90
+ let(:formatted_rsa_private_key) do
91
+ read_certificate("formatted_rsa_private_key")
92
+ end
93
+
94
+ it "returns the private key when it is valid" do
95
+ assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_rsa_private_key)
96
+ end
97
+
98
+ it "reformats the private key when there are spaces and no line breaks" do
99
+ invalid_rsa_private_key1 = read_certificate("invalid_rsa_private_key1")
100
+ assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key1)
101
+ end
102
+
103
+ it "reformats the private key when there are spaces and no headers" do
104
+ invalid_rsa_private_key2 = read_certificate("invalid_rsa_private_key2")
105
+ assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key2)
106
+ end
107
+
108
+ it "reformats the private key when there line breaks and no headers" do
109
+ invalid_rsa_private_key3 = read_certificate("invalid_rsa_private_key3")
110
+ assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key3)
111
+ end
112
+ end
113
+ end
114
+
115
+ describe "build_query" do
116
+ it "returns the query string" do
117
+ params = {}
118
+ params[:type] = "SAMLRequest"
119
+ params[:data] = "PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8+"
120
+ params[:relay_state] = "http://example.com"
121
+ params[:sig_alg] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
122
+ query_string = OneLogin::RubySaml::Utils.build_query(params)
123
+ assert_equal "SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8%2B&RelayState=http%3A%2F%2Fexample.com&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1", query_string
124
+ end
125
+ end
126
+
127
+ describe "#status_error_msg" do
128
+ it "returns a error msg with a status message" do
129
+ error_msg = "The status code of the Logout Response was not Success"
130
+ status_code = "urn:oasis:names:tc:SAML:2.0:status:Requester"
131
+ status_message = "The request could not be performed due to an error on the part of the requester."
132
+ status_error_msg = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code, status_message)
133
+ assert_equal = "The status code of the Logout Response was not Success, was Requester -> The request could not be performed due to an error on the part of the requester.", status_error_msg
134
+
135
+ status_error_msg2 = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code)
136
+ assert_equal = "The status code of the Logout Response was not Success, was Requester", status_error_msg2
137
+
138
+ status_error_msg3 = OneLogin::RubySaml::Utils.status_error_msg(error_msg)
139
+ assert_equal = "The status code of the Logout Response was not Success", status_error_msg3
140
+ end
141
+ end
142
+
143
+ describe 'uri_match' do
144
+ it 'matches two urls' do
145
+ destination = 'http://www.example.com/test?var=stuff'
146
+ settings = 'http://www.example.com/test?var=stuff'
147
+ assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
148
+ end
149
+
150
+ it 'fails to match two urls' do
151
+ destination = 'http://www.example.com/test?var=stuff'
152
+ settings = 'http://www.example.com/othertest?var=stuff'
153
+ assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
154
+ end
155
+
156
+ it "matches two URLs if the scheme case doesn't match" do
157
+ destination = 'http://www.example.com/test?var=stuff'
158
+ settings = 'HTTP://www.example.com/test?var=stuff'
159
+ assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
160
+ end
161
+
162
+ it "matches two URLs if the host case doesn't match" do
163
+ destination = 'http://www.EXAMPLE.com/test?var=stuff'
164
+ settings = 'http://www.example.com/test?var=stuff'
165
+ assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
166
+ end
167
+
168
+ it "fails to match two URLs if the path case doesn't match" do
169
+ destination = 'http://www.example.com/TEST?var=stuff'
170
+ settings = 'http://www.example.com/test?var=stuff'
171
+ assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
172
+ end
173
+
174
+ it "fails to match two URLs if the query case doesn't match" do
175
+ destination = 'http://www.example.com/test?var=stuff'
176
+ settings = 'http://www.example.com/test?var=STUFF'
177
+ assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
178
+ end
179
+
180
+ it 'matches two non urls' do
181
+ destination = 'stuff'
182
+ settings = 'stuff'
183
+ assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
184
+ end
185
+
186
+ it "fails to match two non urls" do
187
+ destination = 'stuff'
188
+ settings = 'not stuff'
189
+ assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
190
+ end
191
+ end
192
+
5
193
  describe 'element_text' do
6
194
  it 'returns the element text' do
7
195
  element = REXML::Document.new('<element>element text</element>').elements.first
@@ -36,6 +224,8 @@ class UtilsTest < Minitest::Test
36
224
  element = REXML::Document.new('<element></element>').elements.first
37
225
  assert_equal '', OneLogin::RubySaml::Utils.element_text(element)
38
226
  end
227
+
228
+
39
229
  end
40
230
  end
41
- end
231
+ end
@@ -383,6 +383,11 @@ class XmlSecurityTest < Minitest::Test
383
383
  options[:cert] = idp_cert
384
384
  assert document.document.validate_document(idp_cert, true, options), 'Document should be valid'
385
385
  end
386
+
387
+ it 'is valid if cert text instead x509cert provided' do
388
+ options[:cert] = ruby_saml_cert_text
389
+ assert document.document.validate_document(idp_cert, true, options), 'Document should be valid'
390
+ end
386
391
  end
387
392
 
388
393
  describe 'when response has no cert and you dont provide cert' do
metadata CHANGED
@@ -1,46 +1,41 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.14
5
- prerelease:
4
+ version: 0.8.18
6
5
  platform: ruby
7
6
  authors:
8
7
  - OneLogin LLC
9
- autorequire:
8
+ autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2020-10-19 00:00:00.000000000 Z
11
+ date: 2021-09-21 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: uuid
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
- - - ~>
17
+ - - "~>"
20
18
  - !ruby/object:Gem::Version
21
19
  version: '2.3'
22
20
  type: :runtime
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
- - - ~>
24
+ - - "~>"
28
25
  - !ruby/object:Gem::Version
29
26
  version: '2.3'
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: nokogiri
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
- - - ! '>='
31
+ - - ">="
36
32
  - !ruby/object:Gem::Version
37
33
  version: 1.5.0
38
34
  type: :runtime
39
35
  prerelease: false
40
36
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
37
  requirements:
43
- - - ! '>='
38
+ - - ">="
44
39
  - !ruby/object:Gem::Version
45
40
  version: 1.5.0
46
41
  description: SAML toolkit for Ruby on Rails
@@ -51,9 +46,9 @@ extra_rdoc_files:
51
46
  - LICENSE
52
47
  - README.md
53
48
  files:
54
- - .document
55
- - .gitignore
56
- - .travis.yml
49
+ - ".document"
50
+ - ".gitignore"
51
+ - ".travis.yml"
57
52
  - Gemfile
58
53
  - LICENSE
59
54
  - README.md
@@ -68,6 +63,7 @@ files:
68
63
  - lib/onelogin/ruby-saml/response.rb
69
64
  - lib/onelogin/ruby-saml/setting_error.rb
70
65
  - lib/onelogin/ruby-saml/settings.rb
66
+ - lib/onelogin/ruby-saml/slo_logoutrequest.rb
71
67
  - lib/onelogin/ruby-saml/slo_logoutresponse.rb
72
68
  - lib/onelogin/ruby-saml/utils.rb
73
69
  - lib/onelogin/ruby-saml/validation_error.rb
@@ -79,7 +75,22 @@ files:
79
75
  - lib/schemas/xmldsig_schema.xsd
80
76
  - lib/xml_security.rb
81
77
  - ruby-saml.gemspec
78
+ - test/certificates/certificate.der
82
79
  - test/certificates/certificate1
80
+ - test/certificates/formatted_certificate
81
+ - test/certificates/formatted_chained_certificate
82
+ - test/certificates/formatted_private_key
83
+ - test/certificates/formatted_rsa_private_key
84
+ - test/certificates/invalid_certificate1
85
+ - test/certificates/invalid_certificate2
86
+ - test/certificates/invalid_certificate3
87
+ - test/certificates/invalid_chained_certificate1
88
+ - test/certificates/invalid_private_key1
89
+ - test/certificates/invalid_private_key2
90
+ - test/certificates/invalid_private_key3
91
+ - test/certificates/invalid_rsa_private_key1
92
+ - test/certificates/invalid_rsa_private_key2
93
+ - test/certificates/invalid_rsa_private_key3
83
94
  - test/certificates/r1_certificate2_base64
84
95
  - test/certificates/ruby-saml-2.crt
85
96
  - test/certificates/ruby-saml.crt
@@ -87,6 +98,7 @@ files:
87
98
  - test/logoutrequest_test.rb
88
99
  - test/logoutresponse_test.rb
89
100
  - test/request_test.rb
101
+ - test/requests/logoutrequest_fixtures.rb
90
102
  - test/response_test.rb
91
103
  - test/responses/adfs_response_sha1.xml
92
104
  - test/responses/adfs_response_sha256.xml
@@ -94,6 +106,8 @@ files:
94
106
  - test/responses/adfs_response_sha512.xml
95
107
  - test/responses/adfs_response_xmlns.xml
96
108
  - test/responses/encrypted_new_attack.xml.base64
109
+ - test/responses/invalids/invalid_issuer_assertion.xml.base64
110
+ - test/responses/invalids/invalid_issuer_message.xml.base64
97
111
  - test/responses/invalids/multiple_signed.xml.base64
98
112
  - test/responses/invalids/no_signature.xml.base64
99
113
  - test/responses/invalids/response_with_concealed_signed_assertion.xml
@@ -126,37 +140,52 @@ files:
126
140
  - test/responses/valid_response_without_x509certificate.xml.base64
127
141
  - test/responses/wrapped_response_2.xml.base64
128
142
  - test/settings_test.rb
143
+ - test/slo_logoutrequest_test.rb
129
144
  - test/slo_logoutresponse_test.rb
130
145
  - test/test_helper.rb
131
146
  - test/utils_test.rb
132
147
  - test/xml_security_test.rb
133
148
  homepage: http://github.com/onelogin/ruby-saml
134
149
  licenses: []
135
- post_install_message:
150
+ metadata: {}
151
+ post_install_message:
136
152
  rdoc_options:
137
- - --charset=UTF-8
153
+ - "--charset=UTF-8"
138
154
  require_paths:
139
155
  - lib
140
156
  required_ruby_version: !ruby/object:Gem::Requirement
141
- none: false
142
157
  requirements:
143
- - - ! '>='
158
+ - - ">="
144
159
  - !ruby/object:Gem::Version
145
160
  version: '0'
146
161
  required_rubygems_version: !ruby/object:Gem::Requirement
147
- none: false
148
162
  requirements:
149
- - - ! '>='
163
+ - - ">="
150
164
  - !ruby/object:Gem::Version
151
165
  version: '0'
152
166
  requirements: []
153
167
  rubyforge_project: http://www.rubygems.org/gems/ruby-saml
154
- rubygems_version: 1.8.23.2
155
- signing_key:
156
- specification_version: 3
168
+ rubygems_version: 2.4.8
169
+ signing_key:
170
+ specification_version: 4
157
171
  summary: SAML Ruby Tookit
158
172
  test_files:
173
+ - test/certificates/certificate.der
159
174
  - test/certificates/certificate1
175
+ - test/certificates/formatted_certificate
176
+ - test/certificates/formatted_chained_certificate
177
+ - test/certificates/formatted_private_key
178
+ - test/certificates/formatted_rsa_private_key
179
+ - test/certificates/invalid_certificate1
180
+ - test/certificates/invalid_certificate2
181
+ - test/certificates/invalid_certificate3
182
+ - test/certificates/invalid_chained_certificate1
183
+ - test/certificates/invalid_private_key1
184
+ - test/certificates/invalid_private_key2
185
+ - test/certificates/invalid_private_key3
186
+ - test/certificates/invalid_rsa_private_key1
187
+ - test/certificates/invalid_rsa_private_key2
188
+ - test/certificates/invalid_rsa_private_key3
160
189
  - test/certificates/r1_certificate2_base64
161
190
  - test/certificates/ruby-saml-2.crt
162
191
  - test/certificates/ruby-saml.crt
@@ -164,6 +193,7 @@ test_files:
164
193
  - test/logoutrequest_test.rb
165
194
  - test/logoutresponse_test.rb
166
195
  - test/request_test.rb
196
+ - test/requests/logoutrequest_fixtures.rb
167
197
  - test/response_test.rb
168
198
  - test/responses/adfs_response_sha1.xml
169
199
  - test/responses/adfs_response_sha256.xml
@@ -171,6 +201,8 @@ test_files:
171
201
  - test/responses/adfs_response_sha512.xml
172
202
  - test/responses/adfs_response_xmlns.xml
173
203
  - test/responses/encrypted_new_attack.xml.base64
204
+ - test/responses/invalids/invalid_issuer_assertion.xml.base64
205
+ - test/responses/invalids/invalid_issuer_message.xml.base64
174
206
  - test/responses/invalids/multiple_signed.xml.base64
175
207
  - test/responses/invalids/no_signature.xml.base64
176
208
  - test/responses/invalids/response_with_concealed_signed_assertion.xml
@@ -203,6 +235,7 @@ test_files:
203
235
  - test/responses/valid_response_without_x509certificate.xml.base64
204
236
  - test/responses/wrapped_response_2.xml.base64
205
237
  - test/settings_test.rb
238
+ - test/slo_logoutrequest_test.rb
206
239
  - test/slo_logoutresponse_test.rb
207
240
  - test/test_helper.rb
208
241
  - test/utils_test.rb