RubyGems - ruby-saml - Versions diffs - 0.8.18 → 0.9 - Mend

ruby-saml 0.8.18 → 0.9

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (90) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.travis.yml +1 -6
data/Gemfile +2 -12
data/README.md +363 -35
data/Rakefile +14 -0
data/changelog.md +22 -9
data/lib/onelogin/ruby-saml/attribute_service.rb +34 -0
data/lib/onelogin/ruby-saml/attributes.rb +26 -64
data/lib/onelogin/ruby-saml/authrequest.rb +47 -93
data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +87 -0
data/lib/onelogin/ruby-saml/logoutrequest.rb +36 -100
data/lib/onelogin/ruby-saml/logoutresponse.rb +25 -35
data/lib/onelogin/ruby-saml/metadata.rb +46 -16
data/lib/onelogin/ruby-saml/response.rb +63 -373
data/lib/onelogin/ruby-saml/saml_message.rb +78 -0
data/lib/onelogin/ruby-saml/settings.rb +54 -122
data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +25 -71
data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +37 -102
data/lib/onelogin/ruby-saml/utils.rb +32 -199
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/lib/ruby-saml.rb +5 -2
data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} +283 -283
data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} +302 -302
data/lib/schemas/sstc-metadata-attr.xsd +35 -0
data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
data/lib/schemas/{xenc_schema.xsd → xenc-schema.xsd} +1 -11
data/lib/schemas/xml.xsd +287 -0
data/lib/schemas/{xmldsig_schema.xsd → xmldsig-core-schema.xsd} +0 -9
data/lib/xml_security.rb +83 -235
data/ruby-saml.gemspec +1 -0
data/test/idp_metadata_parser_test.rb +54 -0
data/test/logoutrequest_test.rb +68 -155
data/test/logoutresponse_test.rb +43 -32
data/test/metadata_test.rb +87 -0
data/test/request_test.rb +102 -99
data/test/response_test.rb +181 -495
data/test/responses/idp_descriptor.xml +3 -0
data/test/responses/logoutresponse_fixtures.rb +7 -8
data/test/responses/response_no_cert_and_encrypted_attrs.xml +29 -0
data/test/responses/response_with_multiple_attribute_values.xml +1 -1
data/test/responses/slo_request.xml +4 -0
data/test/settings_test.rb +25 -112
data/test/slo_logoutrequest_test.rb +40 -50
data/test/slo_logoutresponse_test.rb +86 -185
data/test/test_helper.rb +27 -102
data/test/xml_security_test.rb +114 -337
metadata +30 -81
data/lib/onelogin/ruby-saml/setting_error.rb +0 -6
data/test/certificates/certificate.der +0 -0
data/test/certificates/formatted_certificate +0 -14
data/test/certificates/formatted_chained_certificate +0 -42
data/test/certificates/formatted_private_key +0 -12
data/test/certificates/formatted_rsa_private_key +0 -12
data/test/certificates/invalid_certificate1 +0 -1
data/test/certificates/invalid_certificate2 +0 -1
data/test/certificates/invalid_certificate3 +0 -12
data/test/certificates/invalid_chained_certificate1 +0 -1
data/test/certificates/invalid_private_key1 +0 -1
data/test/certificates/invalid_private_key2 +0 -1
data/test/certificates/invalid_private_key3 +0 -10
data/test/certificates/invalid_rsa_private_key1 +0 -1
data/test/certificates/invalid_rsa_private_key2 +0 -1
data/test/certificates/invalid_rsa_private_key3 +0 -10
data/test/certificates/ruby-saml-2.crt +0 -15
data/test/requests/logoutrequest_fixtures.rb +0 -47
data/test/responses/encrypted_new_attack.xml.base64 +0 -1
data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
data/test/responses/invalids/no_signature.xml.base64 +0 -1
data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
data/test/responses/response_node_text_attack.xml.base64 +0 -1
data/test/responses/response_with_concealed_signed_assertion.xml +0 -51
data/test/responses/response_with_doubled_signed_assertion.xml +0 -49
data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
data/test/responses/response_with_signed_assertion_3.xml +0 -30
data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
data/test/responses/response_wrapped.xml.base64 +0 -150
data/test/responses/valid_response.xml.base64 +0 -1
data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
data/test/utils_test.rb +0 -231

data/test/utils_test.rb DELETED Viewed

@@ -1,231 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
-class UtilsTest < Minitest::Test
-  describe "Utils" do
-    describe "format_cert" do
-      let(:formatted_certificate) {read_certificate("formatted_certificate")}
-      let(:formatted_chained_certificate) {read_certificate("formatted_chained_certificate")}
-      it "returns empty string when the cert is an empty string" do
-        cert = ""
-        assert_equal "", OneLogin::RubySaml::Utils.format_cert(cert)
-      end
-      it "returns nil when the cert is nil" do
-        cert = nil
-        assert_nil OneLogin::RubySaml::Utils.format_cert(cert)
-      end
-      it "returns the certificate when it is valid" do
-        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_certificate)
-      end
-      it "reformats the certificate when there are spaces and no line breaks" do
-        invalid_certificate1 = read_certificate("invalid_certificate1")
-        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate1)
-      end
-      it "reformats the certificate when there are spaces and no headers" do
-        invalid_certificate2 = read_certificate("invalid_certificate2")
-        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate2)
-      end
-      it "returns the cert when it's encoded" do
-        encoded_certificate = read_certificate("certificate.der")
-        assert_equal encoded_certificate, OneLogin::RubySaml::Utils.format_cert(encoded_certificate)
-      end
-      it "reformats the certificate when there line breaks and no headers" do
-        invalid_certificate3 = read_certificate("invalid_certificate3")
-        assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate3)
-      end
-      it "returns the chained certificate when it is a valid chained certificate" do
-        assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_chained_certificate)
-      end
-      it "reformats the chained certificate when there are spaces and no line breaks" do
-        invalid_chained_certificate1 = read_certificate("invalid_chained_certificate1")
-        assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_chained_certificate1)
-      end
-    end
-    describe "format_private_key" do
-      let(:formatted_private_key) do
-        read_certificate("formatted_private_key")
-      end
-      it "returns empty string when the private key is an empty string" do
-        private_key = ""
-        assert_equal "", OneLogin::RubySaml::Utils.format_private_key(private_key)
-      end
-      it "returns nil when the private key is nil" do
-        private_key = nil
-        assert_nil OneLogin::RubySaml::Utils.format_private_key(private_key)
-      end
-      it "returns the private key when it is valid" do
-        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_private_key)
-      end
-      it "reformats the private key when there are spaces and no line breaks" do
-        invalid_private_key1 = read_certificate("invalid_private_key1")
-        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key1)
-      end
-      it "reformats the private key when there are spaces and no headers" do
-        invalid_private_key2 = read_certificate("invalid_private_key2")
-        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key2)
-      end
-      it "reformats the private key when there line breaks and no headers" do
-        invalid_private_key3 = read_certificate("invalid_private_key3")
-        assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key3)
-      end
-      describe "an RSA public key" do
-        let(:formatted_rsa_private_key) do
-          read_certificate("formatted_rsa_private_key")
-        end
-        it "returns the private key when it is valid" do
-          assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_rsa_private_key)
-        end
-        it "reformats the private key when there are spaces and no line breaks" do
-          invalid_rsa_private_key1 = read_certificate("invalid_rsa_private_key1")
-          assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key1)
-        end
-        it "reformats the private key when there are spaces and no headers" do
-          invalid_rsa_private_key2 = read_certificate("invalid_rsa_private_key2")
-          assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key2)
-        end
-        it "reformats the private key when there line breaks and no headers" do
-          invalid_rsa_private_key3 = read_certificate("invalid_rsa_private_key3")
-          assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key3)
-        end
-      end
-    end
-    describe "build_query" do
-      it "returns the query string" do
-        params = {}
-        params[:type] = "SAMLRequest"
-        params[:data] = "PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8+"
-        params[:relay_state] = "http://example.com"
-        params[:sig_alg] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
-        query_string = OneLogin::RubySaml::Utils.build_query(params)
-        assert_equal "SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8%2B&RelayState=http%3A%2F%2Fexample.com&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1", query_string
-      end
-    end
-    describe "#status_error_msg" do
-      it "returns a error msg with a status message" do
-        error_msg = "The status code of the Logout Response was not Success"
-        status_code = "urn:oasis:names:tc:SAML:2.0:status:Requester"
-        status_message = "The request could not be performed due to an error on the part of the requester."
-        status_error_msg = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code, status_message)
-        assert_equal = "The status code of the Logout Response was not Success, was Requester -> The request could not be performed due to an error on the part of the requester.", status_error_msg
-        status_error_msg2 = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code)
-        assert_equal = "The status code of the Logout Response was not Success, was Requester", status_error_msg2
-        status_error_msg3 = OneLogin::RubySaml::Utils.status_error_msg(error_msg)
-        assert_equal = "The status code of the Logout Response was not Success", status_error_msg3
-      end
-    end
-    describe 'uri_match' do
-      it 'matches two urls' do
-        destination = 'http://www.example.com/test?var=stuff'
-        settings = 'http://www.example.com/test?var=stuff'
-        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it 'fails to match two urls' do
-        destination = 'http://www.example.com/test?var=stuff'
-        settings = 'http://www.example.com/othertest?var=stuff'
-        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it "matches two URLs if the scheme case doesn't match" do
-        destination = 'http://www.example.com/test?var=stuff'
-        settings = 'HTTP://www.example.com/test?var=stuff'
-        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it "matches two URLs if the host case doesn't match" do
-        destination = 'http://www.EXAMPLE.com/test?var=stuff'
-        settings = 'http://www.example.com/test?var=stuff'
-        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it "fails to match two URLs if the path case doesn't match" do
-        destination = 'http://www.example.com/TEST?var=stuff'
-        settings = 'http://www.example.com/test?var=stuff'
-        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it "fails to match two URLs if the query case doesn't match" do
-        destination = 'http://www.example.com/test?var=stuff'
-        settings = 'http://www.example.com/test?var=STUFF'
-        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it 'matches two non urls' do
-        destination = 'stuff'
-        settings = 'stuff'
-        assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-      it "fails to match two non urls" do
-        destination = 'stuff'
-        settings = 'not stuff'
-        assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
-      end
-    end
-    describe 'element_text' do
-      it 'returns the element text' do
-        element = REXML::Document.new('<element>element text</element>').elements.first
-        assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
-      end
-      it 'returns all segments of the element text' do
-        element = REXML::Document.new('<element>element <!-- comment -->text</element>').elements.first
-        assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
-      end
-      it 'returns normalized element text' do
-        element = REXML::Document.new('<element>element &amp; text</element>').elements.first
-        assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
-      end
-      it 'returns the CDATA element text' do
-        element = REXML::Document.new('<element><![CDATA[element & text]]></element>').elements.first
-        assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
-      end
-      it 'returns the element text with newlines and additional whitespace' do
-        element = REXML::Document.new("<element>  element \n text  </element>").elements.first
-        assert_equal "  element \n text  ", OneLogin::RubySaml::Utils.element_text(element)
-      end
-      it 'returns nil when element is nil' do
-        assert_nil OneLogin::RubySaml::Utils.element_text(nil)
-      end
-      it 'returns empty string when element has no text' do
-        element = REXML::Document.new('<element></element>').elements.first
-        assert_equal '', OneLogin::RubySaml::Utils.element_text(element)
-      end
-    end
-  end
-end