ruby-saml 0.9 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +2 -1
- data/Gemfile +0 -21
- data/README.md +8 -2
- data/changelog.md +4 -0
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/ruby-saml.gemspec +30 -2
- data/test/idp_metadata_parser_test.rb +7 -7
- data/test/logoutrequest_test.rb +19 -31
- data/test/logoutresponse_test.rb +22 -28
- data/test/metadata_test.rb +69 -68
- data/test/request_test.rb +23 -23
- data/test/response_test.rb +67 -67
- data/test/settings_test.rb +8 -9
- data/test/slo_logoutrequest_test.rb +15 -16
- data/test/slo_logoutresponse_test.rb +12 -25
- data/test/test_helper.rb +36 -2
- data/test/xml_security_test.rb +42 -47
- metadata +105 -7
data/test/request_test.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
|
2
2
|
|
3
|
-
class RequestTest < Test
|
3
|
+
class RequestTest < Minitest::Test
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
describe "Authrequest" do
|
6
|
+
it "create the deflated SAMLRequest URL parameter" do
|
7
7
|
settings = OneLogin::RubySaml::Settings.new
|
8
8
|
settings.idp_sso_target_url = "http://example.com"
|
9
9
|
auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
|
@@ -19,7 +19,7 @@ class RequestTest < Test::Unit::TestCase
|
|
19
19
|
assert_match /^<samlp:AuthnRequest/, inflated
|
20
20
|
end
|
21
21
|
|
22
|
-
|
22
|
+
it "create the deflated SAMLRequest URL parameter including the Destination" do
|
23
23
|
settings = OneLogin::RubySaml::Settings.new
|
24
24
|
settings.idp_sso_target_url = "http://example.com"
|
25
25
|
auth_url = OneLogin::RubySaml::Authrequest.new.create(settings)
|
@@ -34,7 +34,7 @@ class RequestTest < Test::Unit::TestCase
|
|
34
34
|
assert_match /<samlp:AuthnRequest[^<]* Destination='http:\/\/example.com'/, inflated
|
35
35
|
end
|
36
36
|
|
37
|
-
|
37
|
+
it "create the SAMLRequest URL parameter without deflating" do
|
38
38
|
settings = OneLogin::RubySaml::Settings.new
|
39
39
|
settings.compress_request = false
|
40
40
|
settings.idp_sso_target_url = "http://example.com"
|
@@ -46,7 +46,7 @@ class RequestTest < Test::Unit::TestCase
|
|
46
46
|
assert_match /^<samlp:AuthnRequest/, decoded
|
47
47
|
end
|
48
48
|
|
49
|
-
|
49
|
+
it "create the SAMLRequest URL parameter with IsPassive" do
|
50
50
|
settings = OneLogin::RubySaml::Settings.new
|
51
51
|
settings.idp_sso_target_url = "http://example.com"
|
52
52
|
settings.passive = true
|
@@ -63,7 +63,7 @@ class RequestTest < Test::Unit::TestCase
|
|
63
63
|
assert_match /<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated
|
64
64
|
end
|
65
65
|
|
66
|
-
|
66
|
+
it "create the SAMLRequest URL parameter with ProtocolBinding" do
|
67
67
|
settings = OneLogin::RubySaml::Settings.new
|
68
68
|
settings.idp_sso_target_url = "http://example.com"
|
69
69
|
settings.protocol_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
|
@@ -80,7 +80,7 @@ class RequestTest < Test::Unit::TestCase
|
|
80
80
|
assert_match /<samlp:AuthnRequest[^<]* ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'/, inflated
|
81
81
|
end
|
82
82
|
|
83
|
-
|
83
|
+
it "create the SAMLRequest URL parameter with AttributeConsumingServiceIndex" do
|
84
84
|
settings = OneLogin::RubySaml::Settings.new
|
85
85
|
settings.idp_sso_target_url = "http://example.com"
|
86
86
|
settings.attributes_index = 30
|
@@ -96,7 +96,7 @@ class RequestTest < Test::Unit::TestCase
|
|
96
96
|
assert_match /<samlp:AuthnRequest[^<]* AttributeConsumingServiceIndex='30'/, inflated
|
97
97
|
end
|
98
98
|
|
99
|
-
|
99
|
+
it "create the SAMLRequest URL parameter with ForceAuthn" do
|
100
100
|
settings = OneLogin::RubySaml::Settings.new
|
101
101
|
settings.idp_sso_target_url = "http://example.com"
|
102
102
|
settings.force_authn = true
|
@@ -112,7 +112,7 @@ class RequestTest < Test::Unit::TestCase
|
|
112
112
|
assert_match /<samlp:AuthnRequest[^<]* ForceAuthn='true'/, inflated
|
113
113
|
end
|
114
114
|
|
115
|
-
|
115
|
+
it "accept extra parameters" do
|
116
116
|
settings = OneLogin::RubySaml::Settings.new
|
117
117
|
settings.idp_sso_target_url = "http://example.com"
|
118
118
|
|
@@ -123,8 +123,8 @@ class RequestTest < Test::Unit::TestCase
|
|
123
123
|
assert auth_url =~ /&hello=$/
|
124
124
|
end
|
125
125
|
|
126
|
-
|
127
|
-
|
126
|
+
describe "when the target url doesn't contain a query string" do
|
127
|
+
it "create the SAMLRequest parameter correctly" do
|
128
128
|
settings = OneLogin::RubySaml::Settings.new
|
129
129
|
settings.idp_sso_target_url = "http://example.com"
|
130
130
|
|
@@ -133,8 +133,8 @@ class RequestTest < Test::Unit::TestCase
|
|
133
133
|
end
|
134
134
|
end
|
135
135
|
|
136
|
-
|
137
|
-
|
136
|
+
describe "when the target url contains a query string" do
|
137
|
+
it "create the SAMLRequest parameter correctly" do
|
138
138
|
settings = OneLogin::RubySaml::Settings.new
|
139
139
|
settings.idp_sso_target_url = "http://example.com?field=value"
|
140
140
|
|
@@ -143,8 +143,8 @@ class RequestTest < Test::Unit::TestCase
|
|
143
143
|
end
|
144
144
|
end
|
145
145
|
|
146
|
-
|
147
|
-
|
146
|
+
describe "when the settings indicate to sign (embebed) the request" do
|
147
|
+
it "create a signed request" do
|
148
148
|
settings = OneLogin::RubySaml::Settings.new
|
149
149
|
settings.compress_request = false
|
150
150
|
settings.idp_sso_target_url = "http://example.com?field=value"
|
@@ -160,7 +160,7 @@ class RequestTest < Test::Unit::TestCase
|
|
160
160
|
request_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
|
161
161
|
end
|
162
162
|
|
163
|
-
|
163
|
+
it "create a signed request with 256 digest and signature methods" do
|
164
164
|
settings = OneLogin::RubySaml::Settings.new
|
165
165
|
settings.compress_request = false
|
166
166
|
settings.idp_sso_target_url = "http://example.com?field=value"
|
@@ -180,8 +180,8 @@ class RequestTest < Test::Unit::TestCase
|
|
180
180
|
end
|
181
181
|
|
182
182
|
|
183
|
-
|
184
|
-
|
183
|
+
describe "when the settings indicate to sign the request" do
|
184
|
+
it "create a signature parameter" do
|
185
185
|
settings = OneLogin::RubySaml::Settings.new
|
186
186
|
settings.compress_request = false
|
187
187
|
settings.idp_sso_target_url = "http://example.com?field=value"
|
@@ -204,7 +204,7 @@ class RequestTest < Test::Unit::TestCase
|
|
204
204
|
end
|
205
205
|
end
|
206
206
|
|
207
|
-
|
207
|
+
it "create the saml:AuthnContextClassRef element correctly" do
|
208
208
|
settings = OneLogin::RubySaml::Settings.new
|
209
209
|
settings.idp_sso_target_url = "http://example.com"
|
210
210
|
settings.authn_context = 'secure/name/password/uri'
|
@@ -212,7 +212,7 @@ class RequestTest < Test::Unit::TestCase
|
|
212
212
|
assert auth_doc.to_s =~ /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/
|
213
213
|
end
|
214
214
|
|
215
|
-
|
215
|
+
it "create the saml:AuthnContextClassRef with comparison exact" do
|
216
216
|
settings = OneLogin::RubySaml::Settings.new
|
217
217
|
settings.idp_sso_target_url = "http://example.com"
|
218
218
|
settings.authn_context = 'secure/name/password/uri'
|
@@ -221,7 +221,7 @@ class RequestTest < Test::Unit::TestCase
|
|
221
221
|
assert auth_doc.to_s =~ /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/
|
222
222
|
end
|
223
223
|
|
224
|
-
|
224
|
+
it "create the saml:AuthnContextClassRef with comparison minimun" do
|
225
225
|
settings = OneLogin::RubySaml::Settings.new
|
226
226
|
settings.idp_sso_target_url = "http://example.com"
|
227
227
|
settings.authn_context = 'secure/name/password/uri'
|
@@ -231,7 +231,7 @@ class RequestTest < Test::Unit::TestCase
|
|
231
231
|
assert auth_doc.to_s =~ /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/
|
232
232
|
end
|
233
233
|
|
234
|
-
|
234
|
+
it "create the saml:AuthnContextDeclRef element correctly" do
|
235
235
|
settings = OneLogin::RubySaml::Settings.new
|
236
236
|
settings.idp_sso_target_url = "http://example.com"
|
237
237
|
settings.authn_context_decl_ref = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
|
data/test/response_test.rb
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
|
2
2
|
|
3
|
-
class RubySamlTest < Test
|
3
|
+
class RubySamlTest < Minitest::Test
|
4
4
|
|
5
|
-
|
6
|
-
|
5
|
+
describe "Response" do
|
6
|
+
it "raise an exception when response is initialized with nil" do
|
7
7
|
assert_raises(ArgumentError) { OneLogin::RubySaml::Response.new(nil) }
|
8
8
|
end
|
9
9
|
|
10
|
-
|
10
|
+
it "be able to parse a document which contains ampersands" do
|
11
11
|
XMLSecurity::SignedDocument.any_instance.stubs(:digests_match?).returns(true)
|
12
12
|
OneLogin::RubySaml::Response.any_instance.stubs(:validate_conditions).returns(true)
|
13
13
|
|
@@ -18,23 +18,23 @@ class RubySamlTest < Test::Unit::TestCase
|
|
18
18
|
response.validate!
|
19
19
|
end
|
20
20
|
|
21
|
-
|
21
|
+
it "adapt namespace" do
|
22
22
|
response = OneLogin::RubySaml::Response.new(response_document)
|
23
|
-
|
23
|
+
refute_nil response.name_id
|
24
24
|
response = OneLogin::RubySaml::Response.new(response_document_2)
|
25
|
-
|
25
|
+
refute_nil response.name_id
|
26
26
|
response = OneLogin::RubySaml::Response.new(response_document_3)
|
27
|
-
|
27
|
+
refute_nil response.name_id
|
28
28
|
end
|
29
29
|
|
30
|
-
|
30
|
+
it "default to raw input when a response is not Base64 encoded" do
|
31
31
|
decoded = Base64.decode64(response_document_2)
|
32
32
|
response = OneLogin::RubySaml::Response.new(decoded)
|
33
33
|
assert response.document
|
34
34
|
end
|
35
35
|
|
36
|
-
|
37
|
-
|
36
|
+
describe "Assertion" do
|
37
|
+
it "only retreive an assertion with an ID that matches the signature's reference URI" do
|
38
38
|
response = OneLogin::RubySaml::Response.new(wrapped_response_2)
|
39
39
|
response.stubs(:conditions).returns(nil)
|
40
40
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -44,35 +44,35 @@ class RubySamlTest < Test::Unit::TestCase
|
|
44
44
|
end
|
45
45
|
end
|
46
46
|
|
47
|
-
|
48
|
-
|
47
|
+
describe "#validate!" do
|
48
|
+
it "raise when encountering a condition that prevents the document from being valid" do
|
49
49
|
response = OneLogin::RubySaml::Response.new(response_document)
|
50
|
-
|
50
|
+
assert_raises(OneLogin::RubySaml::ValidationError) do
|
51
51
|
response.validate!
|
52
52
|
end
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
|
57
|
-
|
56
|
+
describe "#validate_structure" do
|
57
|
+
it "raise when encountering a condition that prevents the document from being valid" do
|
58
58
|
response = OneLogin::RubySaml::Response.new(response_document_2)
|
59
59
|
response.send(:validate_structure)
|
60
60
|
assert response.errors.include? "Schema validation failed"
|
61
61
|
end
|
62
62
|
end
|
63
63
|
|
64
|
-
|
65
|
-
|
64
|
+
describe "#is_valid?" do
|
65
|
+
it "return false when response is initialized with blank data" do
|
66
66
|
response = OneLogin::RubySaml::Response.new('')
|
67
67
|
assert !response.is_valid?
|
68
68
|
end
|
69
69
|
|
70
|
-
|
70
|
+
it "return false if settings have not been set" do
|
71
71
|
response = OneLogin::RubySaml::Response.new(response_document)
|
72
72
|
assert !response.is_valid?
|
73
73
|
end
|
74
74
|
|
75
|
-
|
75
|
+
it "return true when the response is initialized with valid data" do
|
76
76
|
response = OneLogin::RubySaml::Response.new(response_document_4)
|
77
77
|
response.stubs(:conditions).returns(nil)
|
78
78
|
assert !response.is_valid?
|
@@ -84,7 +84,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
84
84
|
assert response.is_valid?
|
85
85
|
end
|
86
86
|
|
87
|
-
|
87
|
+
it "should be idempotent when the response is initialized with invalid data" do
|
88
88
|
response = OneLogin::RubySaml::Response.new(response_document_4)
|
89
89
|
response.stubs(:conditions).returns(nil)
|
90
90
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -93,7 +93,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
93
93
|
assert !response.is_valid?
|
94
94
|
end
|
95
95
|
|
96
|
-
|
96
|
+
it "should be idempotent when the response is initialized with valid data" do
|
97
97
|
response = OneLogin::RubySaml::Response.new(response_document_4)
|
98
98
|
response.stubs(:conditions).returns(nil)
|
99
99
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -103,7 +103,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
103
103
|
assert response.is_valid?
|
104
104
|
end
|
105
105
|
|
106
|
-
|
106
|
+
it "return true when using certificate instead of fingerprint" do
|
107
107
|
response = OneLogin::RubySaml::Response.new(response_document_4)
|
108
108
|
response.stubs(:conditions).returns(nil)
|
109
109
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -112,7 +112,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
112
112
|
assert response.is_valid?
|
113
113
|
end
|
114
114
|
|
115
|
-
|
115
|
+
it "not allow signature wrapping attack" do
|
116
116
|
response = OneLogin::RubySaml::Response.new(response_document_4)
|
117
117
|
response.stubs(:conditions).returns(nil)
|
118
118
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -122,7 +122,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
122
122
|
assert response.name_id == "test@onelogin.com"
|
123
123
|
end
|
124
124
|
|
125
|
-
|
125
|
+
it "support dynamic namespace resolution on signature elements" do
|
126
126
|
response = OneLogin::RubySaml::Response.new(fixture("no_signature_ns.xml"))
|
127
127
|
response.stubs(:conditions).returns(nil)
|
128
128
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -132,7 +132,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
132
132
|
assert response.validate!
|
133
133
|
end
|
134
134
|
|
135
|
-
|
135
|
+
it "validate ADFS assertions" do
|
136
136
|
response = OneLogin::RubySaml::Response.new(fixture(:adfs_response_sha256))
|
137
137
|
response.stubs(:conditions).returns(nil)
|
138
138
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -141,7 +141,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
141
141
|
assert response.validate!
|
142
142
|
end
|
143
143
|
|
144
|
-
|
144
|
+
it "validate the digest" do
|
145
145
|
response = OneLogin::RubySaml::Response.new(r1_response_document_6)
|
146
146
|
response.stubs(:conditions).returns(nil)
|
147
147
|
settings = OneLogin::RubySaml::Settings.new
|
@@ -150,7 +150,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
150
150
|
assert response.validate!
|
151
151
|
end
|
152
152
|
|
153
|
-
|
153
|
+
it "validate SAML 2.0 XML structure" do
|
154
154
|
resp_xml = Base64.decode64(response_document_4).gsub(/emailAddress/,'test')
|
155
155
|
response = OneLogin::RubySaml::Response.new(Base64.encode64(resp_xml))
|
156
156
|
response.stubs(:conditions).returns(nil)
|
@@ -161,8 +161,8 @@ class RubySamlTest < Test::Unit::TestCase
|
|
161
161
|
end
|
162
162
|
end
|
163
163
|
|
164
|
-
|
165
|
-
|
164
|
+
describe "#name_id" do
|
165
|
+
it "extract the value of the name id element" do
|
166
166
|
response = OneLogin::RubySaml::Response.new(response_document)
|
167
167
|
assert_equal "support@onelogin.com", response.name_id
|
168
168
|
|
@@ -170,19 +170,19 @@ class RubySamlTest < Test::Unit::TestCase
|
|
170
170
|
assert_equal "someone@example.com", response.name_id
|
171
171
|
end
|
172
172
|
|
173
|
-
|
173
|
+
it "be extractable from an OpenSAML response" do
|
174
174
|
response = OneLogin::RubySaml::Response.new(fixture(:open_saml))
|
175
175
|
assert_equal "someone@example.org", response.name_id
|
176
176
|
end
|
177
177
|
|
178
|
-
|
178
|
+
it "be extractable from a Simple SAML PHP response" do
|
179
179
|
response = OneLogin::RubySaml::Response.new(fixture(:simple_saml_php))
|
180
180
|
assert_equal "someone@example.com", response.name_id
|
181
181
|
end
|
182
182
|
end
|
183
183
|
|
184
|
-
|
185
|
-
|
184
|
+
describe "#check_conditions" do
|
185
|
+
it "check time conditions" do
|
186
186
|
response = OneLogin::RubySaml::Response.new(response_document)
|
187
187
|
assert !response.send(:validate_conditions, true)
|
188
188
|
response = OneLogin::RubySaml::Response.new(response_document_6)
|
@@ -193,7 +193,7 @@ class RubySamlTest < Test::Unit::TestCase
|
|
193
193
|
assert response.send(:validate_conditions, true)
|
194
194
|
end
|
195
195
|
|
196
|
-
|
196
|
+
it "optionally allow for clock drift" do
|
197
197
|
# The NotBefore condition in the document is 2011-06-14T18:21:01.516Z
|
198
198
|
Time.stubs(:now).returns(Time.parse("2011-06-14T18:21:01Z"))
|
199
199
|
response = OneLogin::RubySaml::Response.new(response_document_5, :allowed_clock_drift => 0.515)
|
@@ -205,45 +205,45 @@ class RubySamlTest < Test::Unit::TestCase
|
|
205
205
|
end
|
206
206
|
end
|
207
207
|
|
208
|
-
|
209
|
-
|
208
|
+
describe "#attributes" do
|
209
|
+
it "extract the first attribute in a hash accessed via its symbol" do
|
210
210
|
response = OneLogin::RubySaml::Response.new(response_document)
|
211
211
|
assert_equal "demo", response.attributes[:uid]
|
212
212
|
end
|
213
213
|
|
214
|
-
|
214
|
+
it "extract the first attribute in a hash accessed via its name" do
|
215
215
|
response = OneLogin::RubySaml::Response.new(response_document)
|
216
216
|
assert_equal "demo", response.attributes["uid"]
|
217
217
|
end
|
218
218
|
|
219
|
-
|
219
|
+
it "extract all attributes" do
|
220
220
|
response = OneLogin::RubySaml::Response.new(response_document)
|
221
221
|
assert_equal "demo", response.attributes[:uid]
|
222
222
|
assert_equal "value", response.attributes[:another_value]
|
223
223
|
end
|
224
224
|
|
225
|
-
|
225
|
+
it "work for implicit namespaces" do
|
226
226
|
response = OneLogin::RubySaml::Response.new(response_document_3)
|
227
227
|
assert_equal "someone@example.com", response.attributes["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
|
228
228
|
end
|
229
229
|
|
230
|
-
|
230
|
+
it "not raise errors about nil/empty attributes for EncryptedAttributes" do
|
231
231
|
response = OneLogin::RubySaml::Response.new(response_document_7)
|
232
232
|
assert_equal 'Demo', response.attributes["first_name"]
|
233
233
|
end
|
234
234
|
|
235
|
-
|
235
|
+
it "not raise on responses without attributes" do
|
236
236
|
response = OneLogin::RubySaml::Response.new(response_document_4)
|
237
237
|
assert_equal OneLogin::RubySaml::Attributes.new, response.attributes
|
238
238
|
end
|
239
239
|
|
240
|
-
|
241
|
-
|
240
|
+
describe "#multiple values" do
|
241
|
+
it "extract single value as string" do
|
242
242
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
243
243
|
assert_equal "demo", response.attributes[:uid]
|
244
244
|
end
|
245
245
|
|
246
|
-
|
246
|
+
it "extract single value as string in compatibility mode off" do
|
247
247
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
248
248
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
249
249
|
assert_equal ["demo"], response.attributes[:uid]
|
@@ -251,79 +251,79 @@ class RubySamlTest < Test::Unit::TestCase
|
|
251
251
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
252
252
|
end
|
253
253
|
|
254
|
-
|
254
|
+
it "extract first of multiple values as string for b/w compatibility" do
|
255
255
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
256
256
|
assert_equal 'value1', response.attributes[:another_value]
|
257
257
|
end
|
258
258
|
|
259
|
-
|
259
|
+
it "extract first of multiple values as string for b/w compatibility in compatibility mode off" do
|
260
260
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
261
261
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
262
262
|
assert_equal ['value1', 'value2'], response.attributes[:another_value]
|
263
263
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
264
264
|
end
|
265
265
|
|
266
|
-
|
266
|
+
it "return array with all attributes when asked in XML order" do
|
267
267
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
268
268
|
assert_equal ['value1', 'value2'], response.attributes.multi(:another_value)
|
269
269
|
end
|
270
270
|
|
271
|
-
|
271
|
+
it "return array with all attributes when asked in XML order in compatibility mode off" do
|
272
272
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
273
273
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
274
274
|
assert_equal ['value1', 'value2'], response.attributes.multi(:another_value)
|
275
275
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
276
276
|
end
|
277
277
|
|
278
|
-
|
278
|
+
it "return first of multiple values when multiple Attribute tags in XML" do
|
279
279
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
280
280
|
assert_equal 'role1', response.attributes[:role]
|
281
281
|
end
|
282
282
|
|
283
|
-
|
283
|
+
it "return first of multiple values when multiple Attribute tags in XML in compatibility mode off" do
|
284
284
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
285
285
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
286
286
|
assert_equal ['role1', 'role2', 'role3'], response.attributes[:role]
|
287
287
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
288
288
|
end
|
289
289
|
|
290
|
-
|
290
|
+
it "return all of multiple values in reverse order when multiple Attribute tags in XML" do
|
291
291
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
292
292
|
assert_equal ['role1', 'role2', 'role3'], response.attributes.multi(:role)
|
293
293
|
end
|
294
294
|
|
295
|
-
|
295
|
+
it "return all of multiple values in reverse order when multiple Attribute tags in XML in compatibility mode off" do
|
296
296
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
297
297
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
298
298
|
assert_equal ['role1', 'role2', 'role3'], response.attributes.multi(:role)
|
299
299
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
300
300
|
end
|
301
301
|
|
302
|
-
|
302
|
+
it "return nil value correctly" do
|
303
303
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
304
304
|
assert_nil response.attributes[:attribute_with_nil_value]
|
305
305
|
end
|
306
306
|
|
307
|
-
|
307
|
+
it "return nil value correctly when not in compatibility mode off" do
|
308
308
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
309
309
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
310
310
|
assert_equal [nil], response.attributes[:attribute_with_nil_value]
|
311
311
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
312
312
|
end
|
313
313
|
|
314
|
-
|
314
|
+
it "return multiple values including nil and empty string" do
|
315
315
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
316
316
|
assert_equal ["", "valuePresent", nil, nil], response.attributes.multi(:attribute_with_nils_and_empty_strings)
|
317
317
|
end
|
318
318
|
|
319
|
-
|
319
|
+
it "return multiple values from [] when not in compatibility mode off" do
|
320
320
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
321
321
|
OneLogin::RubySaml::Attributes.single_value_compatibility = false
|
322
322
|
assert_equal ["", "valuePresent", nil, nil], response.attributes[:attribute_with_nils_and_empty_strings]
|
323
323
|
OneLogin::RubySaml::Attributes.single_value_compatibility = true
|
324
324
|
end
|
325
325
|
|
326
|
-
|
326
|
+
it "check what happens when trying retrieve attribute that does not exists" do
|
327
327
|
response = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
|
328
328
|
assert_equal nil, response.attributes[:attribute_not_exists]
|
329
329
|
assert_equal nil, response.attributes.single(:attribute_not_exists)
|
@@ -339,8 +339,8 @@ class RubySamlTest < Test::Unit::TestCase
|
|
339
339
|
end
|
340
340
|
end
|
341
341
|
|
342
|
-
|
343
|
-
|
342
|
+
describe "#session_expires_at" do
|
343
|
+
it "extract the value of the SessionNotOnOrAfter attribute" do
|
344
344
|
response = OneLogin::RubySaml::Response.new(response_document)
|
345
345
|
assert response.session_expires_at.is_a?(Time)
|
346
346
|
|
@@ -349,27 +349,27 @@ class RubySamlTest < Test::Unit::TestCase
|
|
349
349
|
end
|
350
350
|
end
|
351
351
|
|
352
|
-
|
353
|
-
|
352
|
+
describe "#issuer" do
|
353
|
+
it "return the issuer inside the response assertion" do
|
354
354
|
response = OneLogin::RubySaml::Response.new(response_document)
|
355
355
|
assert_equal "https://app.onelogin.com/saml/metadata/13590", response.issuer
|
356
356
|
end
|
357
357
|
|
358
|
-
|
358
|
+
it "return the issuer inside the response" do
|
359
359
|
response = OneLogin::RubySaml::Response.new(response_document_2)
|
360
360
|
assert_equal "wibble", response.issuer
|
361
361
|
end
|
362
362
|
end
|
363
363
|
|
364
|
-
|
365
|
-
|
364
|
+
describe "#success" do
|
365
|
+
it "find a status code that says success" do
|
366
366
|
response = OneLogin::RubySaml::Response.new(response_document)
|
367
367
|
response.success?
|
368
368
|
end
|
369
369
|
end
|
370
370
|
|
371
|
-
|
372
|
-
|
371
|
+
describe '#xpath_first_from_signed_assertion' do
|
372
|
+
it 'not allow arbitrary code execution' do
|
373
373
|
malicious_response_document = fixture('response_eval', false)
|
374
374
|
response = OneLogin::RubySaml::Response.new(malicious_response_document)
|
375
375
|
response.send(:xpath_first_from_signed_assertion)
|