ruby-saml 1.7.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/changelog.md +3 -0
  3. data/lib/onelogin/ruby-saml/response.rb +1 -1
  4. data/lib/onelogin/ruby-saml/version.rb +1 -1
  5. data/test/response_test.rb +8 -0
  6. data/test/responses/response_audience_self_closed_tag.xml.base64 +1 -0
  7. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cb5007dd289f308983339a7ae35cd40018f58143
4
- data.tar.gz: 16f12f151a3ab5d9cb32739b4d55f7437748d17e
3
+ metadata.gz: bbac6942120c5332a95a90dd3d88cde723269092
4
+ data.tar.gz: 4b08b52dc6263e036983b519cd01028af7725566
5
5
  SHA512:
6
- metadata.gz: 6395d86c33cd7d49bc329f486a5be5a8c4cc5e24076d75234f96bb51fcefe1d8c782f6bf18fd07201751d300c23c521cf4441c7514d61651c89d363ffb9cf700
7
- data.tar.gz: d5eb6efeb77b267ad51487dfb3baa06f28103c582e61efbf996c279f0e7f0915d1abe18ed34be1c5b60eef69240b31d0d40c44e6cf6157b9c968bf96208ad7c8
6
+ metadata.gz: b7394a6d2d7e02d069e1b721d036a5af5f8a324ccbc308026d38f6876b5fcd9b88a73ad963ba6be7ad4a7125634a65f8c5d9dae6e96567141500dcfa9e5eca4a
7
+ data.tar.gz: 7efb59314189ccf38abc734378cbbd91a38c6235557d4e25f70b45494c9b235e6ba899f43e4b51693503880b97cc67a3f3111c4c1944af4bab4481c64a94f363
data/changelog.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # RubySaml Changelog
2
2
 
3
+ ### 1.7.1 (Feb 28, 2018)
4
+ * [#444](https://github.com/onelogin/ruby-saml/pull/444) Fix audience validation for empty audience restriction
5
+
3
6
  ### 1.7.0 (Feb 27, 2018)
4
7
  * Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments
5
8
 
data/lib/onelogin/ruby-saml/response.rb CHANGED
@@ -322,7 +322,7 @@ module OneLogin
322
322
  def audiences
323
323
  @audiences ||= begin
324
324
  nodes = xpath_from_signed_assertion('/a:Conditions/a:AudienceRestriction/a:Audience')
325
- nodes.map { |node| Utils.element_text(node) }.compact
325
+ nodes.map { |node| Utils.element_text(node) }.reject(&:empty?)
326
326
  end
327
327
  end
328
328
 
data/lib/onelogin/ruby-saml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '1.7.0'
3
+ VERSION = '1.7.1'
4
4
  end
5
5
  end
data/test/response_test.rb CHANGED
@@ -34,6 +34,7 @@ class RubySamlTest < Minitest::Test
34
34
  let(:response_encrypted_attrs) { OneLogin::RubySaml::Response.new(response_document_encrypted_attrs) }
35
35
  let(:response_no_signed_elements) { OneLogin::RubySaml::Response.new(read_invalid_response("no_signature.xml.base64")) }
36
36
  let(:response_multiple_signed) { OneLogin::RubySaml::Response.new(read_invalid_response("multiple_signed.xml.base64")) }
37
+ let(:response_audience_self_closed) { OneLogin::RubySaml::Response.new(read_response("response_audience_self_closed_tag.xml.base64")) }
37
38
  let(:response_invalid_audience) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_audience.xml.base64")) }
38
39
  let(:response_invalid_signed_element) { OneLogin::RubySaml::Response.new(read_invalid_response("response_invalid_signed_element.xml.base64")) }
39
40
  let(:response_invalid_issuer_assertion) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_issuer_assertion.xml.base64")) }
@@ -428,6 +429,13 @@ class RubySamlTest < Minitest::Test
428
429
  assert_empty response.errors
429
430
  end
430
431
 
432
+ it "return true when the audience is self closing" do
433
+ response_audience_self_closed.settings = settings
434
+ response_audience_self_closed.settings.issuer = '{audience}'
435
+ assert response_audience_self_closed.send(:validate_audience)
436
+ assert_empty response_audience_self_closed.errors
437
+ end
438
+
431
439
  it "return false when the audience is valid" do
432
440
  response.settings = settings
433
441
  response.settings.issuer = 'invalid_audience'
data/test/responses/response_audience_self_closed_tag.xml.base64 ADDED
@@ -0,0 +1 @@
1
+ tVdbc7JIE77fqv0Plu9lynBUhEpSi6DGAwqCp9xscRgQ5SQDgvz6b8BDTEyy+27Vd6U03T3P8/T09PAEdd+LuBmAURhAUMt9L4BcZXyup3HAhTp0IRfoPoBcYnIqL4058hHnojhMQjP06jchP0foEII4ccOgXhuIz/XIzi3atHSGajVaeoto4CzVbjC4CRpUG2+DtsnaTQvUawsQQxT1XEdJUCiEKRgEMNGDBJlwAgW2GgSjETTXpDmCfqvXRAATN9CTKmqTJBGHYTBJbfvRDH0MBFYUukECb/7pJnyMNhFKH1yk0MLn+t9NxjANm8EbjEHYDZwgQcNsk0SDaZPoBUEZBtWuv/z5R632VArAVejil/OarhU9glz3Iw9UKz9ht05PFuRU10E40/givAWvgLMse8yoxzB2MBLHcQxnMeRjQdf5dV7xHA+sQWCHVTpBD8LANXXPLSr2Ekg2oVXjPSeM3WTjf5OcwAi8TN4AudkwCTr4VceqJd4XqUD+y3QfsMZQb8CNTpwzlvlmwAYxCExQm88Gz/Vf/3YnVBS1WA+gHcY+/Pj4e6hAcABeGAGrAS/kEMDfS/ilak/YPUbRddCG/C/inYV7T7LQvRS8QCZfazNsO57s11lOE4HdabnxA0ilwXMF4Na5MlwlPz1+2jbXAp8iNLu1c/qddqyZCbbM4dzx5mE4XmbEdtjVZcPrFSvzQY7CjjOcGTE207diRyX94pgdX2eOHUz3vmU/OMkILBXYksJk7so7fGPsRvJq6NjOzmHhwc4cbCVPx1NsnB6T42D+Ng2yV2X3uqaWbkSHKq7mUbpz1ON8uysYeZhNV7sMBjGlHtR0XiSENMefr3Ru8P/5R0lqBI5Xgqsmzop6ol8fhPIkslGnJOBFGgyEfiEI/FoRBEWYTExlFfoUuRD5ScfZ7Tc7t89meIdX5j0eEZUUmAnKWlwoSr+bDRfzojuW+F2fJ+ZdoSMJ6pzOexqvdZzJosObmtj10re+tzH8XmaQeWQW3ZnEt0/+G2mgkU1P67OBvqRzUeRHpzio8fgifSt40MvwfCLyuLSV8qmo5JLY0yub9tEm9Qa5UPDDU/xa472FdoN1gLAOtW13IXWkau1OLknqsrnTl710veocjL5XSLNuJmaV/6ibbWTDX0gGaUXGtitJfHjCjFabLZuBNOjbEo/3BXXfVwcGJSrdUiOep/sTXhQ6roKoKGLY8h+Ut8NawfIx3vXGThqNCEU012PabsomKunEUdloflgwdqHthdddW9uMc21Hk5JCSuYQTsF8uJAZsj3aHP1tT9jnjkwv0my2Y+OI9/AHf3NsSbJ13B75Vp+gt7G4VFvNIxybmxGdYIcs6ooFripeN+wTO6nwPNVnijeVWsXA4RlxO9Hna2WfDURe4TufOXVOnDr8WCIPfcFVsIP/oLcONP6wWJGFtX/lSQUjDj3CNZRi2KSloTBdLA/w4aCs7LfexvLxqSyRg1icM+H+MJL3ciuf8mA4ar3iR5mR6PWYsvVEPQzWvm8fVwK7S9AuL7DJMX4t5M08GOJHgMG5usqDQskz08dYOeP3saLzlBKhpmkyR6OHTcP4KIMHclO1xeeNfjWeWgG7bZIPbfQ+0CJOTZAJXqbBrU0ILVCrOu7nuQ8rb05NTRNAeJkD2F360wTlL7eE80TMofvt+buSxqq5Ab7ecKsLgQnq16h/DrpeQ5g2TbAsgQ5xhrIbNE41G4AEaNITaAbhgLAoQP+Ha8itZr91MbiNU1NjC8zkbLtYJ0jkgVhT5fKPkqJ5b7sgRpSB54Vlxnqth8aPnnxfGeKRqCyu1bArVw5J4nq8ZcVllV5g6IMwAH/dwDyjPC3+CdEZpxAGtltmKwt4mng/bw7T5wygxyCuXxP+kLLcuLVJmEyDaczbSUmZxEn8Rnr2dAOcAdONXFDW5v9//8PetcC+Q34pKvZFVU90kbfllq6wZNgBqCqg2lm39CiOLundSUDcSfCpPnxqueX8R+yS2DVvIN373PH5Pvjs8I79AyU+TTZB2eHAR6WoVY/f9wzOIGYq2nwoz7cESfJ6yz+7DgIL5GWpCANQDNtq2sBoNhnWauMUQRM402KplmWSgLUIi20Dw77XBuFCFBKQJ1+I8v5S8NA3DLpKvfz4mWNyZumHzDL6ycLYusr4Rao7qe+w3L65ivlR5wSVxUgT8Pn1nUOtbN7netnp9er/Px0TFSMUXVovB4WB/Mz7fr0uUs2EGjq4ueQYodVy9HWIXgXOT6fKx+g7WS5vP2nyNfHL28soKW+E2McP3Zf/AQ==
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-27 00:00:00.000000000 Z
11
+ date: 2018-02-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -271,6 +271,7 @@ files:
271
271
  - test/responses/no_signature_ns.xml
272
272
  - test/responses/open_saml_response.xml
273
273
  - test/responses/response_assertion_wrapped.xml.base64
274
+ - test/responses/response_audience_self_closed_tag.xml.base64
274
275
  - test/responses/response_double_status_code.xml.base64
275
276
  - test/responses/response_encrypted_attrs.xml.base64
276
277
  - test/responses/response_encrypted_nameid.xml.base64
@@ -427,6 +428,7 @@ test_files:
427
428
  - test/responses/no_signature_ns.xml
428
429
  - test/responses/open_saml_response.xml
429
430
  - test/responses/response_assertion_wrapped.xml.base64
431
+ - test/responses/response_audience_self_closed_tag.xml.base64
430
432
  - test/responses/response_double_status_code.xml.base64
431
433
  - test/responses/response_encrypted_attrs.xml.base64
432
434
  - test/responses/response_encrypted_nameid.xml.base64