RubyGems - ruby-saml - Versions diffs - 0.8.16 → 0.8.17 - Mend

ruby-saml 0.8.16 → 0.8.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (9) hide show

checksums.yaml +5 -5
data/lib/onelogin/ruby-saml/logoutrequest.rb +2 -1
data/lib/onelogin/ruby-saml/response.rb +36 -4
data/lib/onelogin/ruby-saml/settings.rb +1 -0
data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +12 -9
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/test/response_test.rb +17 -0
data/test/slo_logoutresponse_test.rb +8 -0
metadata +7 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 68cb87ca6e3a580cea96b7784b71f60afe0f0982fc9b3c7b2de4fdda0ea1af31
-  data.tar.gz: 216f43c0d0a179f3a9c506f198c31e2a01a08a8661bfaafbe3cb50811b1acf88
+SHA1:
+  metadata.gz: 1ec15a6a64795cd0b10b796d6aef230a7d7d439c
+  data.tar.gz: a07ddee9fb7bfe9ca2f20cde2c9cadfd5bbac121
 SHA512:
-  metadata.gz: 35ba610649dbff55acae0612782ab7e81947907212b9c454494f9baa5c3926a126430eed919356049261a9cb40767d7079874f56f1b4cb1bd7efb637f4f6ba4f
-  data.tar.gz: a3e9ce681547c0e648f477198a134749c9febb1f86e042d2bb3266e01a740767672a667d0c85a162d0f11489e87ee4c1a53cbd15d45e6aeefeb31fc30a2fe99f
+  metadata.gz: 013b1a3b9b2eb015253dcc4992a1d8be73a3dce996271d701375914e3e7f3e64f6eff3094af1ade43fc807ce452093d05c071cf79b5b2cc8b63d3041688f9344
+  data.tar.gz: ed258b192c0cbd0b5c589183ecacd9591dad637783430130a9dfd97b6c68c1062520cf91255ed997adf693f1c7f344d84cf0184a821202c8c8ea85509c069864

data/lib/onelogin/ruby-saml/logoutrequest.rb CHANGED Viewed

@@ -114,7 +114,8 @@ module OneLogin
         if settings.name_identifier_value
           name_id = root.add_element "saml:NameID", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
-          name_id.attributes['NameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
+          nameid.attributes['NameQualifier'] = settings.idp_name_qualifier if settings.idp_name_qualifier
+          nameid.attributes['SPNameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
           name_id.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
           name_id.text = settings.name_identifier_value
         end

data/lib/onelogin/ruby-saml/response.rb CHANGED Viewed

@@ -35,16 +35,48 @@ module OneLogin
         validate(false)
       end
-      # The value of the user identifier as designated by the initialization request response
-      def name_id
+      def name_id_node
         @name_id ||= begin
-          node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
-          Utils.element_text(node)
+          xpath_first_from_signed_assertion('/a:Subject/a:NameID')
         end
       end
+      # The value of the user identifier as designated by the initialization request response
+      def name_id
+        @name_id ||= Utils.element_text(name_id_node)
+      end
       alias nameid name_id
+      # @return [String] the NameID Format provided by the SAML response from the IdP.
+      #
+      def name_id_format
+        @name_id_format ||=
+          if name_id_node && name_id_node.attribute("Format")
+            name_id_node.attribute("Format").value
+          end
+      end
+      alias_method :nameid_format, :name_id_format
+      # @return [String] the NameID SPNameQualifier provided by the SAML response from the IdP.
+      #
+      def name_id_spnamequalifier
+        @name_id_spnamequalifier ||=
+          if name_id_node && name_id_node.attribute("SPNameQualifier")
+            name_id_node.attribute("SPNameQualifier").value
+          end
+      end
+      # @return [String] the NameID NameQualifier provided by the SAML response from the IdP.
+      #
+      def name_id_namequalifier
+        @name_id_namequalifier ||=
+          if name_id_node && name_id_node.attribute("NameQualifier")
+            name_id_node.attribute("NameQualifier").value
+          end
+      end
       def sessionindex
         @sessionindex ||= begin
           node = xpath_first_from_signed_assertion('/a:AuthnStatement')

data/lib/onelogin/ruby-saml/settings.rb CHANGED Viewed

@@ -33,6 +33,7 @@ module OneLogin
       attr_accessor :assertion_consumer_service_url
       attr_accessor :authn_context
       attr_accessor :sp_name_qualifier
+      attr_accessor :idp_name_qualifier
       attr_accessor :name_identifier_format
       attr_accessor :name_identifier_value
       attr_accessor :name_identifier_value_requested

data/lib/onelogin/ruby-saml/slo_logoutresponse.rb CHANGED Viewed

@@ -26,10 +26,11 @@ module OneLogin
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [String] Logout Request string that includes the SAMLRequest
       #
-      def create(settings, request_id = nil, logout_message = nil, params = {})
-        params = create_params(settings, request_id, logout_message, params)
+      def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
+        params = create_params(settings, request_id, logout_message, params, logout_status_code)
         params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
         saml_response = CGI.escape(params.delete("SAMLResponse"))
         response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
@@ -45,9 +46,10 @@ module OneLogin
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [Hash] Parameters
       #
-      def create_params(settings, request_id = nil, logout_message = nil, params = {})
+      def create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
         # The method expects :RelayState but sometimes we get 'RelayState' instead.
         # Based on the HashWithIndifferentAccess value in Rails we could experience
         # conflicts so this line will solve them.
@@ -58,7 +60,7 @@ module OneLogin
           params.delete('RelayState')
         end
-        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message)
+        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message, logout_status_code)
         response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
         response = ""
@@ -104,12 +106,12 @@ module OneLogin
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @return [String] The SAMLResponse String.
       #
-      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
-        document = create_xml_document(settings, request_id, logout_message)
+      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil)
+        document = create_xml_document(settings, request_id, logout_message, logout_status_code)
         sign_document(document, settings)
       end
-      def create_xml_document(settings, request_id = nil, logout_message = nil)
+      def create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil)
         time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
         response_doc = XMLSecurity::Document.new
@@ -131,8 +133,9 @@ module OneLogin
         status = root.add_element 'samlp:Status'
         # success status code
-        status_code = status.add_element 'samlp:StatusCode'
-        status_code.attributes['Value'] = 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        status_code ||= 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        status_code_elem = status.add_element 'samlp:StatusCode'
+        status_code_elem.attributes['Value'] = status_code
         # success status message
         logout_message ||= 'Successfully Signed Out'

data/lib/onelogin/ruby-saml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '0.8.16'
+    VERSION = '0.8.17'
   end
 end

data/test/response_test.rb CHANGED Viewed

@@ -368,6 +368,23 @@ class ResponseTest <  Minitest::Test
       end
     end
+    describe "#name_id_format" do
+      it "extract the value of the name id element" do
+        response = OneLogin::RubySaml::Response.new(response_document)
+        response_signed = OneLogin::RubySaml::Response.new(response_document_valid_signed)
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response.name_id_format
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response_signed.name_id_format
+      end
+    end
+    describe "#sessionindex" do
+      it "extract the value of the sessionindex element" do
+        response = OneLogin::RubySaml::Response.new(fixture(:simple_saml_php))
+        assert_equal "_51be37965feb5579d803141076936dc2e9d1d98ebf", response.sessionindex
+      end
+    end
     describe "#check_conditions" do
       it "check time conditions" do
         response = OneLogin::RubySaml::Response.new(response_document)

data/test/slo_logoutresponse_test.rb CHANGED Viewed

@@ -61,6 +61,14 @@ class SloLogoutresponseTest < Minitest::Test
       assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
     end
+    it "set a custom logout message and an status on the response" do
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, "Custom Logout Message", {}, "urn:oasis:names:tc:SAML:2.0:status:PartialLogout")
+      inflated = decode_saml_response_payload(unauth_url)
+      assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
+      assert_match /<samlp:StatusCode Value='urn:oasis:names:tc:SAML:2.0:status:PartialLogout/, inflated
+    end
     describe "when the settings indicate to sign (embedded) logout response" do
       before do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 0.8.16
+  version: 0.8.17
 platform: ruby
 authors:
 - OneLogin LLC
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-19 00:00:00.000000000 Z
+date: 2021-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuid
@@ -148,7 +148,7 @@ files:
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -164,8 +164,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
-signing_key:
+rubyforge_project: http://www.rubygems.org/gems/ruby-saml
+rubygems_version: 2.6.8
+signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
 test_files: