RubyGems - ruby-saml - Versions diffs - 1.11.0 → 1.12.1 - Mend

ruby-saml 1.11.0 → 1.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (158) hide show

data/test/settings_test.rb DELETED Viewed

@@ -1,338 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
-require 'onelogin/ruby-saml/settings'
-require 'onelogin/ruby-saml/validation_error'
-class SettingsTest < Minitest::Test
-  describe "Settings" do
-    before do
-      @settings = OneLogin::RubySaml::Settings.new
-    end
-    it "should provide getters and settings" do
-      accessors = [
-        :idp_entity_id, :idp_sso_target_url, :idp_slo_target_url, :valid_until,
-        :idp_cert, :idp_cert_fingerprint, :idp_cert_fingerprint_algorithm, :idp_cert_multi,
-        :idp_attribute_names, :issuer, :assertion_consumer_service_url, :assertion_consumer_service_binding,
-        :single_logout_service_url, :single_logout_service_binding,
-        :sp_name_qualifier, :name_identifier_format, :name_identifier_value, :name_identifier_value_requested,
-        :sessionindex, :attributes_index, :passive, :force_authn,
-        :compress_request, :double_quote_xml_attribute_values, :protocol_binding,
-        :security, :certificate, :private_key,
-        :authn_context, :authn_context_comparison, :authn_context_decl_ref,
-        :assertion_consumer_logout_service_url,
-        :assertion_consumer_logout_service_binding
-      ]
-      accessors.each do |accessor|
-        value = Kernel.rand
-        @settings.send("#{accessor}=".to_sym, value)
-        assert_equal value, @settings.send(accessor)
-      end
-    end
-    it "create settings from hash" do
-      config = {
-          :assertion_consumer_service_url => "http://app.muda.no/sso",
-          :issuer => "http://muda.no",
-          :sp_name_qualifier => "http://sso.muda.no",
-          :idp_sso_target_url => "http://sso.muda.no/sso",
-          :idp_slo_target_url => "http://sso.muda.no/slo",
-          :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
-          :valid_until => '2029-04-16T03:35:08.277Z',
-          :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
-          :attributes_index => 30,
-          :passive => true,
-          :protocol_binding => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
-      }
-      @settings = OneLogin::RubySaml::Settings.new(config)
-      config.each do |k,v|
-        assert_equal v, @settings.send(k)
-      end
-    end
-    it "configure attribute service attributes correctly" do
-      @settings.attribute_consuming_service.configure do
-        service_name "Test Service"
-        add_attribute :name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name"
-      end
-      assert_equal @settings.attribute_consuming_service.configured?, true
-      assert_equal @settings.attribute_consuming_service.name, "Test Service"
-      assert_equal @settings.attribute_consuming_service.attributes, [{:name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name" }]
-    end
-    it "does not modify default security settings" do
-      settings = OneLogin::RubySaml::Settings.new
-      settings.security[:authn_requests_signed] = true
-      settings.security[:embed_sign] = true
-      settings.security[:digest_method] = XMLSecurity::Document::SHA256
-      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
-      new_settings = OneLogin::RubySaml::Settings.new
-      assert_equal new_settings.security[:authn_requests_signed], false
-      assert_equal new_settings.security[:embed_sign], false
-      assert_equal new_settings.security[:digest_method], XMLSecurity::Document::SHA1
-      assert_equal new_settings.security[:signature_method], XMLSecurity::Document::RSA_SHA1
-    end
-    it "overrides only provided security attributes passing a second parameter" do
-      config = {
-        :security => {
-          :metadata_signed => true
-        }
-      }
-      @default_attributes = OneLogin::RubySaml::Settings::DEFAULTS
-      @settings = OneLogin::RubySaml::Settings.new(config, true)
-      assert_equal @settings.security[:metadata_signed], true
-      assert_equal @settings.security[:digest_method], @default_attributes[:security][:digest_method]
-    end
-    it "doesn't override only provided security attributes without passing a second parameter" do
-      config = {
-        :security => {
-          :metadata_signed => true
-        }
-      }
-      @default_attributes = OneLogin::RubySaml::Settings::DEFAULTS
-      @settings = OneLogin::RubySaml::Settings.new(config)
-      assert_equal @settings.security[:metadata_signed], true
-      assert_nil @settings.security[:digest_method]
-    end
-    describe "#single_logout_service_url" do
-      it "when single_logout_service_url is nil but assertion_consumer_logout_service_url returns its value" do
-        @settings.single_logout_service_url = nil
-        @settings.assertion_consumer_logout_service_url = "http://app.muda.no/sls"
-        assert_equal "http://app.muda.no/sls", @settings.single_logout_service_url
-      end
-    end
-    describe "#single_logout_service_binding" do
-      it "when single_logout_service_binding is nil but assertion_consumer_logout_service_binding returns its value" do
-        @settings.single_logout_service_binding = nil
-        @settings.assertion_consumer_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-        assert_equal "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", @settings.single_logout_service_binding
-      end
-    end
-    describe "#get_idp_cert" do
-      it "returns nil when the cert is an empty string" do
-        @settings.idp_cert = ""
-        assert_nil @settings.get_idp_cert
-      end
-      it "returns nil when the cert is nil" do
-        @settings.idp_cert = nil
-        assert_nil @settings.get_idp_cert
-      end
-      it "returns the certificate when it is valid" do
-        @settings.idp_cert = ruby_saml_cert_text
-        assert @settings.get_idp_cert.kind_of? OpenSSL::X509::Certificate
-      end
-      it "raises when the certificate is not valid" do
-        # formatted but invalid cert
-        @settings.idp_cert = read_certificate("formatted_certificate")
-        assert_raises(OpenSSL::X509::CertificateError) {
-          @settings.get_idp_cert
-        }
-      end
-    end
-    describe "#get_idp_cert_multi" do
-      it "returns nil when the value is empty" do
-        @settings.idp_cert = {}
-        assert_nil @settings.get_idp_cert_multi
-      end
-      it "returns nil when the idp_cert_multi is nil or empty" do
-        @settings.idp_cert_multi = nil
-        assert_nil @settings.get_idp_cert_multi
-      end
-      it "returns partial hash when contains some values" do
-        empty_multi = {
-          :signing => [],
-          :encryption => []
-        }
-        @settings.idp_cert_multi = {
-          :signing => []
-        }
-        assert_equal empty_multi, @settings.get_idp_cert_multi
-        @settings.idp_cert_multi = {
-          :encryption => []
-        }
-        assert_equal empty_multi, @settings.get_idp_cert_multi
-        @settings.idp_cert_multi = {
-          :signing => [],
-          :encryption => []
-        }
-        assert_equal empty_multi, @settings.get_idp_cert_multi
-        @settings.idp_cert_multi = {
-          :yyy => [],
-          :zzz => []
-        }
-        assert_equal empty_multi, @settings.get_idp_cert_multi
-      end
-      it "returns the hash with certificates when values were valid" do
-        certificates = ruby_saml_cert_text
-        @settings.idp_cert_multi = {
-          :signing => [ruby_saml_cert_text],
-          :encryption => [ruby_saml_cert_text],
-        }
-        assert @settings.get_idp_cert_multi.kind_of? Hash
-        assert @settings.get_idp_cert_multi[:signing].kind_of? Array
-        assert @settings.get_idp_cert_multi[:encryption].kind_of? Array
-        assert @settings.get_idp_cert_multi[:signing][0].kind_of? OpenSSL::X509::Certificate
-        assert @settings.get_idp_cert_multi[:encryption][0].kind_of? OpenSSL::X509::Certificate
-      end
-      it "raises when there is a cert in idp_cert_multi not valid" do
-        certificate = read_certificate("formatted_certificate")
-        @settings.idp_cert_multi = {
-          :signing => [],
-          :encryption => []
-        }
-        @settings.idp_cert_multi[:signing].push(certificate)
-        @settings.idp_cert_multi[:encryption].push(certificate)
-        assert_raises(OpenSSL::X509::CertificateError) {
-          @settings.get_idp_cert_multi
-        }
-      end
-    end
-    describe "#get_sp_cert" do
-      it "returns nil when the cert is an empty string" do
-        @settings.certificate = ""
-        assert_nil @settings.get_sp_cert
-      end
-      it "returns nil when the cert is nil" do
-        @settings.certificate = nil
-        assert_nil @settings.get_sp_cert
-      end
-      it "returns the certificate when it is valid" do
-        @settings.certificate = ruby_saml_cert_text
-        assert @settings.get_sp_cert.kind_of? OpenSSL::X509::Certificate
-      end
-      it "raises when the certificate is not valid" do
-        # formatted but invalid cert
-        @settings.certificate = read_certificate("formatted_certificate")
-        assert_raises(OpenSSL::X509::CertificateError) {
-          @settings.get_sp_cert
-        }
-      end
-      it "raises an error if SP certificate expired and check_sp_cert_expiration enabled" do
-        @settings.certificate = ruby_saml_cert_text
-        @settings.security[:check_sp_cert_expiration] = true
-        assert_raises(OneLogin::RubySaml::ValidationError) {
-          settings.get_sp_cert
-        }
-      end
-    end
-    describe "#get_sp_cert_new" do
-      it "returns nil when the cert is an empty string" do
-        @settings.certificate_new = ""
-        assert_nil @settings.get_sp_cert_new
-      end
-      it "returns nil when the cert is nil" do
-        @settings.certificate_new = nil
-        assert_nil @settings.get_sp_cert_new
-      end
-      it "returns the certificate when it is valid" do
-        @settings.certificate_new = ruby_saml_cert_text
-        assert @settings.get_sp_cert_new.kind_of? OpenSSL::X509::Certificate
-      end
-      it "raises when the certificate is not valid" do
-        # formatted but invalid cert
-        @settings.certificate_new = read_certificate("formatted_certificate")
-        assert_raises(OpenSSL::X509::CertificateError) {
-          @settings.get_sp_cert_new
-        }
-      end
-    end
-    describe "#get_sp_key" do
-      it "returns nil when the private key is an empty string" do
-        @settings.private_key = ""
-        assert_nil @settings.get_sp_key
-      end
-      it "returns nil when the private key is nil" do
-        @settings.private_key = nil
-        assert_nil @settings.get_sp_key
-      end
-      it "returns the private key when it is valid" do
-        @settings.private_key = ruby_saml_key_text
-        assert @settings.get_sp_key.kind_of? OpenSSL::PKey::RSA
-      end
-      it "raises when the private key is not valid" do
-        # formatted but invalid rsa private key
-        @settings.private_key = read_certificate("formatted_rsa_private_key")
-        assert_raises(OpenSSL::PKey::RSAError) {
-          @settings.get_sp_key
-        }
-      end
-    end
-    describe "#get_fingerprint" do
-      it "get the fingerprint value when cert and fingerprint in settings are nil" do
-        @settings.idp_cert_fingerprint = nil
-        @settings.idp_cert = nil
-        fingerprint = @settings.get_fingerprint
-        assert_nil fingerprint
-      end
-      it "get the fingerprint value when there is a cert at the settings" do
-        @settings.idp_cert_fingerprint = nil
-        @settings.idp_cert = ruby_saml_cert_text
-        fingerprint = @settings.get_fingerprint
-        assert fingerprint.downcase == ruby_saml_cert_fingerprint.downcase
-      end
-      it "get the fingerprint value when there is a fingerprint at the settings" do
-        @settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
-        @settings.idp_cert = nil
-        fingerprint = @settings.get_fingerprint
-        assert fingerprint.downcase == ruby_saml_cert_fingerprint.downcase
-      end
-      it "get the fingerprint value when there are cert and fingerprint at the settings" do
-        @settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
-        @settings.idp_cert = ruby_saml_cert_text
-        fingerprint = @settings.get_fingerprint
-        assert fingerprint.downcase == ruby_saml_cert_fingerprint.downcase
-      end
-    end
-  end
-end