ruby-saml 1.7.0 → 1.7.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/changelog.md +3 -0
  3. data/lib/onelogin/ruby-saml/response.rb +1 -1
  4. data/lib/onelogin/ruby-saml/version.rb +1 -1
  5. data/test/response_test.rb +8 -0
  6. data/test/responses/response_audience_self_closed_tag.xml.base64 +1 -0
  7. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cb5007dd289f308983339a7ae35cd40018f58143
4
- data.tar.gz: 16f12f151a3ab5d9cb32739b4d55f7437748d17e
3
+ metadata.gz: bbac6942120c5332a95a90dd3d88cde723269092
4
+ data.tar.gz: 4b08b52dc6263e036983b519cd01028af7725566
5
5
  SHA512:
6
- metadata.gz: 6395d86c33cd7d49bc329f486a5be5a8c4cc5e24076d75234f96bb51fcefe1d8c782f6bf18fd07201751d300c23c521cf4441c7514d61651c89d363ffb9cf700
7
- data.tar.gz: d5eb6efeb77b267ad51487dfb3baa06f28103c582e61efbf996c279f0e7f0915d1abe18ed34be1c5b60eef69240b31d0d40c44e6cf6157b9c968bf96208ad7c8
6
+ metadata.gz: b7394a6d2d7e02d069e1b721d036a5af5f8a324ccbc308026d38f6876b5fcd9b88a73ad963ba6be7ad4a7125634a65f8c5d9dae6e96567141500dcfa9e5eca4a
7
+ data.tar.gz: 7efb59314189ccf38abc734378cbbd91a38c6235557d4e25f70b45494c9b235e6ba899f43e4b51693503880b97cc67a3f3111c4c1944af4bab4481c64a94f363
data/changelog.md CHANGED
@@ -1,5 +1,8 @@
1
1
  # RubySaml Changelog
2
2
 
3
+ ### 1.7.1 (Feb 28, 2018)
4
+ * [#444](https://github.com/onelogin/ruby-saml/pull/444) Fix audience validation for empty audience restriction
5
+
3
6
  ### 1.7.0 (Feb 27, 2018)
4
7
  * Fix vulnerability CVE-2017-11428. Process text of nodes properly, ignoring comments
5
8
 
data/lib/onelogin/ruby-saml/response.rb CHANGED
@@ -322,7 +322,7 @@ module OneLogin
322
322
  def audiences
323
323
  @audiences ||= begin
324
324
  nodes = xpath_from_signed_assertion('/a:Conditions/a:AudienceRestriction/a:Audience')
325
- nodes.map { |node| Utils.element_text(node) }.compact
325
+ nodes.map { |node| Utils.element_text(node) }.reject(&:empty?)
326
326
  end
327
327
  end
328
328
 
data/lib/onelogin/ruby-saml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '1.7.0'
3
+ VERSION = '1.7.1'
4
4
  end
5
5
  end
data/test/response_test.rb CHANGED
@@ -34,6 +34,7 @@ class RubySamlTest < Minitest::Test
34
34
  let(:response_encrypted_attrs) { OneLogin::RubySaml::Response.new(response_document_encrypted_attrs) }
35
35
  let(:response_no_signed_elements) { OneLogin::RubySaml::Response.new(read_invalid_response("no_signature.xml.base64")) }
36
36
  let(:response_multiple_signed) { OneLogin::RubySaml::Response.new(read_invalid_response("multiple_signed.xml.base64")) }
37
+ let(:response_audience_self_closed) { OneLogin::RubySaml::Response.new(read_response("response_audience_self_closed_tag.xml.base64")) }
37
38
  let(:response_invalid_audience) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_audience.xml.base64")) }
38
39
  let(:response_invalid_signed_element) { OneLogin::RubySaml::Response.new(read_invalid_response("response_invalid_signed_element.xml.base64")) }
39
40
  let(:response_invalid_issuer_assertion) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_issuer_assertion.xml.base64")) }
@@ -428,6 +429,13 @@ class RubySamlTest < Minitest::Test
428
429
  assert_empty response.errors
429
430
  end
430
431
 
432
+ it "return true when the audience is self closing" do
433
+ response_audience_self_closed.settings = settings
434
+ response_audience_self_closed.settings.issuer = '{audience}'
435
+ assert response_audience_self_closed.send(:validate_audience)
436
+ assert_empty response_audience_self_closed.errors
437
+ end
438
+
431
439
  it "return false when the audience is valid" do
432
440
  response.settings = settings
433
441
  response.settings.issuer = 'invalid_audience'
data/test/responses/response_audience_self_closed_tag.xml.base64 ADDED
@@ -0,0 +1 @@
1
+ tVdbc7JIE77fqv0Plu9lynBUhEpSi6DGAwqCp9xscRgQ5SQDgvz6b8BDTEyy+27Vd6U03T3P8/T09PAEdd+LuBmAURhAUMt9L4BcZXyup3HAhTp0IRfoPoBcYnIqL4058hHnojhMQjP06jchP0foEII4ccOgXhuIz/XIzi3atHSGajVaeoto4CzVbjC4CRpUG2+DtsnaTQvUawsQQxT1XEdJUCiEKRgEMNGDBJlwAgW2GgSjETTXpDmCfqvXRAATN9CTKmqTJBGHYTBJbfvRDH0MBFYUukECb/7pJnyMNhFKH1yk0MLn+t9NxjANm8EbjEHYDZwgQcNsk0SDaZPoBUEZBtWuv/z5R632VArAVejil/OarhU9glz3Iw9UKz9ht05PFuRU10E40/givAWvgLMse8yoxzB2MBLHcQxnMeRjQdf5dV7xHA+sQWCHVTpBD8LANXXPLSr2Ekg2oVXjPSeM3WTjf5OcwAi8TN4AudkwCTr4VceqJd4XqUD+y3QfsMZQb8CNTpwzlvlmwAYxCExQm88Gz/Vf/3YnVBS1WA+gHcY+/Pj4e6hAcABeGAGrAS/kEMDfS/ilak/YPUbRddCG/C/inYV7T7LQvRS8QCZfazNsO57s11lOE4HdabnxA0ilwXMF4Na5MlwlPz1+2jbXAp8iNLu1c/qddqyZCbbM4dzx5mE4XmbEdtjVZcPrFSvzQY7CjjOcGTE207diRyX94pgdX2eOHUz3vmU/OMkILBXYksJk7so7fGPsRvJq6NjOzmHhwc4cbCVPx1NsnB6T42D+Ng2yV2X3uqaWbkSHKq7mUbpz1ON8uysYeZhNV7sMBjGlHtR0XiSENMefr3Ru8P/5R0lqBI5Xgqsmzop6ol8fhPIkslGnJOBFGgyEfiEI/FoRBEWYTExlFfoUuRD5ScfZ7Tc7t89meIdX5j0eEZUUmAnKWlwoSr+bDRfzojuW+F2fJ+ZdoSMJ6pzOexqvdZzJosObmtj10re+tzH8XmaQeWQW3ZnEt0/+G2mgkU1P67OBvqRzUeRHpzio8fgifSt40MvwfCLyuLSV8qmo5JLY0yub9tEm9Qa5UPDDU/xa472FdoN1gLAOtW13IXWkau1OLknqsrnTl710veocjL5XSLNuJmaV/6ibbWTDX0gGaUXGtitJfHjCjFabLZuBNOjbEo/3BXXfVwcGJSrdUiOep/sTXhQ6roKoKGLY8h+Ut8NawfIx3vXGThqNCEU012PabsomKunEUdloflgwdqHthdddW9uMc21Hk5JCSuYQTsF8uJAZsj3aHP1tT9jnjkwv0my2Y+OI9/AHf3NsSbJ13B75Vp+gt7G4VFvNIxybmxGdYIcs6ooFripeN+wTO6nwPNVnijeVWsXA4RlxO9Hna2WfDURe4TufOXVOnDr8WCIPfcFVsIP/oLcONP6wWJGFtX/lSQUjDj3CNZRi2KSloTBdLA/w4aCs7LfexvLxqSyRg1icM+H+MJL3ciuf8mA4ar3iR5mR6PWYsvVEPQzWvm8fVwK7S9AuL7DJMX4t5M08GOJHgMG5usqDQskz08dYOeP3saLzlBKhpmkyR6OHTcP4KIMHclO1xeeNfjWeWgG7bZIPbfQ+0CJOTZAJXqbBrU0ILVCrOu7nuQ8rb05NTRNAeJkD2F360wTlL7eE80TMofvt+buSxqq5Ab7ecKsLgQnq16h/DrpeQ5g2TbAsgQ5xhrIbNE41G4AEaNITaAbhgLAoQP+Ha8itZr91MbiNU1NjC8zkbLtYJ0jkgVhT5fKPkqJ5b7sgRpSB54Vlxnqth8aPnnxfGeKRqCyu1bArVw5J4nq8ZcVllV5g6IMwAH/dwDyjPC3+CdEZpxAGtltmKwt4mng/bw7T5wygxyCuXxP+kLLcuLVJmEyDaczbSUmZxEn8Rnr2dAOcAdONXFDW5v9//8PetcC+Q34pKvZFVU90kbfllq6wZNgBqCqg2lm39CiOLundSUDcSfCpPnxqueX8R+yS2DVvIN373PH5Pvjs8I79AyU+TTZB2eHAR6WoVY/f9wzOIGYq2nwoz7cESfJ6yz+7DgIL5GWpCANQDNtq2sBoNhnWauMUQRM402KplmWSgLUIi20Dw77XBuFCFBKQJ1+I8v5S8NA3DLpKvfz4mWNyZumHzDL6ycLYusr4Rao7qe+w3L65ivlR5wSVxUgT8Pn1nUOtbN7netnp9er/Px0TFSMUXVovB4WB/Mz7fr0uUs2EGjq4ueQYodVy9HWIXgXOT6fKx+g7WS5vP2nyNfHL28soKW+E2McP3Zf/AQ==
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 1.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-27 00:00:00.000000000 Z
11
+ date: 2018-02-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -271,6 +271,7 @@ files:
271
271
  - test/responses/no_signature_ns.xml
272
272
  - test/responses/open_saml_response.xml
273
273
  - test/responses/response_assertion_wrapped.xml.base64
274
+ - test/responses/response_audience_self_closed_tag.xml.base64
274
275
  - test/responses/response_double_status_code.xml.base64
275
276
  - test/responses/response_encrypted_attrs.xml.base64
276
277
  - test/responses/response_encrypted_nameid.xml.base64
@@ -427,6 +428,7 @@ test_files:
427
428
  - test/responses/no_signature_ns.xml
428
429
  - test/responses/open_saml_response.xml
429
430
  - test/responses/response_assertion_wrapped.xml.base64
431
+ - test/responses/response_audience_self_closed_tag.xml.base64
430
432
  - test/responses/response_double_status_code.xml.base64
431
433
  - test/responses/response_encrypted_attrs.xml.base64
432
434
  - test/responses/response_encrypted_nameid.xml.base64