ruby-saml 1.3.0 → 1.3.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0b01f4f740dfe49133d17e2bfbb42a470a6a0ecd
4
- data.tar.gz: 00f47e3eaadebe97288df5daa096a9b0f26f92a7
3
+ metadata.gz: ebddaf61706d9ea22f5dfe8f8857d38633bd8b34
4
+ data.tar.gz: 17e92a96f7ad6fde5764d5238f6c7abe165b2f9d
5
5
  SHA512:
6
- metadata.gz: d7dd26e1057a4d9e535debae7c91bfef6a34b9d46eb04557684bd53daed1dd00ab5cc52dbe1e4dc73114b2b28d49be8cb18c15b9cab04017aba97c5d1140df2f
7
- data.tar.gz: 6aa8e7af6e43749954e8288002d2d7daef999109520888a7f5569dae32c9e0f3c09cece48687ac4e035e61ce14fa8d63a1f22e376a0a321b1775dc7718b94a94
6
+ metadata.gz: 340ffba316ae676dc6b12049f3e4936c74e6b296ab0fbbdc86906dcb322c5eb6430eabbe930bb3dc114bb0e8cfe7b0220e0c1ddbb31b98178a9f71318cfdf812
7
+ data.tar.gz: e690b29654a0d1389278f7feee2d65d6ebba3118a634e727486845607c46a9460a546935f4fc78f89c4ce6cc339af555f35aa447f3f74ebab62714de0f917693
data/LICENSE CHANGED
@@ -1,19 +1,23 @@
1
- Copyright (c) 2010-2015 OneLogin, LLC
1
+ Copyright (c) 2010-2016 OneLogin, Inc.
2
2
 
3
- Permission is hereby granted, free of charge, to any person obtaining a copy
4
- of this software and associated documentation files (the "Software"), to deal
5
- in the Software without restriction, including without limitation the rights
6
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
- copies of the Software, and to permit persons to whom the Software is
8
- furnished to do so, subject to the following conditions:
3
+ Permission is hereby granted, free of charge, to any person
4
+ obtaining a copy of this software and associated documentation
5
+ files (the "Software"), to deal in the Software without
6
+ restriction, including without limitation the rights to use,
7
+ copy, modify, merge, publish, distribute, sublicense, and/or sell
8
+ copies of the Software, and to permit persons to whom the
9
+ Software is furnished to do so, subject to the following
10
+ conditions:
9
11
 
10
- The above copyright notice and this permission notice shall be included in
11
- all copies or substantial portions of the Software.
12
+ The above copyright notice and this permission notice shall be
13
+ included in all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
17
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
19
+ HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20
+ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22
+ OTHER DEALINGS IN THE SOFTWARE.
12
23
 
13
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
- THE SOFTWARE.
data/README.md CHANGED
@@ -56,6 +56,10 @@ We created a demo project for Rails4 that uses the latest version of this librar
56
56
  * Do not change rakefile, version, or history.
57
57
  * Open a pull request, following [this template](https://gist.github.com/Lordnibbler/11002759).
58
58
 
59
+ ## Security Guidelines
60
+
61
+ If you believe you have discovered a security vulnerability in this gem, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution.
62
+
59
63
  ## Getting Started
60
64
  In order to use the toolkit you will need to install the gem (either manually or using Bundler), and require the library in your Ruby application:
61
65
 
@@ -50,7 +50,6 @@ module OneLogin
50
50
  settings.idp_cert = certificate_base64
51
51
  settings.idp_cert_fingerprint = fingerprint(settings.idp_cert_fingerprint_algorithm)
52
52
  settings.idp_attribute_names = attribute_names
53
- settings.idp_cert_fingerprint = fingerprint(settings.idp_cert_fingerprint_algorithm)
54
53
  end
55
54
  end
56
55
 
@@ -209,7 +208,7 @@ module OneLogin
209
208
 
210
209
  # @return [String|nil] the SHA-1 fingerpint of the X509Certificate if it exists
211
210
  #
212
- def fingerprint(fingerprint_algorithm)
211
+ def fingerprint(fingerprint_algorithm = XMLSecurity::Document::SHA1)
213
212
  @fingerprint ||= begin
214
213
  if certificate
215
214
  cert = OpenSSL::X509::Certificate.new(certificate)
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '1.3.0'
3
+ VERSION = '1.3.1'
4
4
  end
5
5
  end
@@ -1288,17 +1288,4 @@ class RubySamlTest < Minitest::Test
1288
1288
  assert_equal "ZdrjpwEdw22vKoxWAbZB78/gQ7s=", response.attributes.single('urn:oid:1.3.6.1.4.1.5923.1.1.1.10')
1289
1289
  end
1290
1290
  end
1291
-
1292
- describe "attack" do
1293
- it "should not be valid" do
1294
- settings.private_key = ruby_saml_key_text
1295
- signature_wrapping_attack = read_invalid_response("encrypted_new_attack.xml.base64")
1296
- response_wrapped = OneLogin::RubySaml::Response.new(signature_wrapping_attack, :settings => settings)
1297
- response_wrapped.stubs(:conditions).returns(nil)
1298
- response_wrapped.stubs(:validate_subject_confirmation).returns(true)
1299
- settings.idp_cert_fingerprint = "385b1eec71143f00db6af936e2ea12a28771d72c"
1300
- assert !response_wrapped.is_valid?
1301
- end
1302
- end
1303
-
1304
1291
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-06-24 00:00:00.000000000 Z
11
+ date: 2016-07-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri