ruby-saml 0.0.8 → 0.2.1

data/README.rdoc

@@ -1,7 +1,84 @@
-= ruby-saml
+= Ruby SAML
 
-* To build the gem run rake build
-* To install the gem run sudo gem install pkg/ruby-saml-x.x.x.gem
+The Ruby SAML library is for implementing the client side of a SAML authorization, i.e. it provides a means for managing authorization initialization and confirmation requests from identity providers.
+
+SAML authorization is a two step process and you are expected to implement support for both. 
+
+== The initialization phase
+
+This is the first request you will get from the identity provider. It will hit your application at a specific URL (that you've announced as being your SAML initialization point). The response to this initialization, is a redirect back to the identity provider, which can look something like this (ignore the saml_settings method call for now):
+
+    def initialize
+      request = Onelogin::Saml::Authrequest.new
+      redirect_to(request.create(saml_settings))
+    end
+
+Once you've redirected back to the identity provider, it will ensure that the user has been authorized and redirect back to your application for final consumption, this is can look something like this (the authorize_success and authorize_failure methods are specific to your application):
+
+    def consume
+      response          = Onelogin::Saml::Response.new(params[:SAMLResponse])
+      response.settings = saml_settings
+
+      if response.is_valid? && user = current_account.users.find_by_email(response.name_id)
+        authorize_success(user)
+      else
+        authorize_failure(user)
+      end
+    end
+
+In the above there are a few assumptions in place, one being that the response.name_id is an email address. This is all handled with how you specify the settings that are in play via the saml_settings method. That could be implemented along the lines of this:
+    
+    def saml_settings
+      settings = Onelogin::Saml::Settings.new
+
+      settings.assertion_consumer_service_url = "http://#{request.host}/saml/finalize"
+      settings.issuer                         = request.host
+      settings.idp_sso_target_url             = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
+      settings.idp_cert_fingerprint           = OneLoginAppCertFingerPrint
+      settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+
+      settings
+    end
+
+What's left at this point, is to wrap it all up in a controller and point the initialization and consumption URLs in OneLogin at that. A full controller example could look like this:
+
+  # This controller expects you to use the URLs /saml/initialize and /saml/consume in your OneLogin application.
+  class SamlController < ApplicationController
+    def initialize
+      request = Onelogin::Saml::Authrequest.new
+      redirect_to(request.create(saml_settings))
+    end
+    
+    def consume
+      response          = Onelogin::Saml::Response.new(params[:SAMLResponse])
+      response.settings = saml_settings
+      
+      if response.is_valid? && user = current_account.users.find_by_email(response.name_id)
+        authorize_success(user)
+      else
+        authorize_failure(user)
+      end
+    end
+    
+    private
+    
+    def saml_settings
+      settings = Onelogin::Saml::Settings.new
+      
+      settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
+      settings.issuer                         = request.host
+      settings.idp_sso_target_url             = "https://app.onelogin.com/saml/signon/#{OneLoginAppId}"
+      settings.idp_cert_fingerprint           = OneLoginAppCertFingerPrint
+      settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+      
+      settings
+    end
+  end
+
+
+= Full Example
+
+Please check https://github.com/onelogin/ruby-saml-example for a very basic sample Rails application using this gem.
 
 == Note on Patches/Pull Requests
  

data/Rakefile

@@ -10,10 +10,13 @@ begin
     gem.email = "support@onelogin.com"
     gem.homepage = "http://github.com/onelogin/ruby-saml"
     gem.authors = ["OneLogin LLC"]
-    gem.add_dependency("XMLCanonicalizer",">= 1.0.1")
-    #gem.add_development_dependency "thoughtbot-shoulda"
+    gem.add_dependency("xmlcanonicalizer","= 0.1.0")
+    gem.add_dependency("uuid","= 2.3.1")
+    gem.add_development_dependency "shoulda"
+    gem.add_development_dependency "mocha"
     #gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
   end
+  Jeweler::GemcutterTasks.new
 rescue LoadError
   puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
 end

data/VERSION

@@ -1 +1 @@
-0.0.4
+0.2.1

data/lib/onelogin/saml.rb

@@ -1,4 +1,4 @@
-require 'onelogin/saml'
-module Onelogin::Saml
-	
-end
+require 'onelogin/saml/authrequest'
+require 'onelogin/saml/response'
+require 'onelogin/saml/settings'
+

data/lib/onelogin/saml/authrequest.rb

@@ -1,56 +1,28 @@
 require "base64"
 require "uuid"
+require "zlib"
+require "cgi"
 
 module Onelogin::Saml
-
-	class Authrequest
-		def create(settings, options = {})
-			@id                = Onelogin::Saml::Authrequest.generateUniqueID(42)
-			@issue_instant     = Onelogin::Saml::Authrequest.getTimestamp
-			debugger
-			request = generate_saml_request(settings, options)
-			
-
-			deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]     
-			base64_request    = Base64.encode64(deflated_request)  
-			encoded_request   = CGI.escape(base64_request)  
-
-			settings.idp_sso_target_url + "?SAMLRequest=" + encoded_request
-		end
-
-		private 
-
-		def self.generateUniqueID(length)
-			UUID.new.generate
-		end
-		
-		def generate_saml_request(settings, options = {})
-			options[:style] ||= :default
-			case options[:style]
-			when :default
-				standard_saml_request(settings)
-			when :google
-				google_saml_request(settings)
-			end
-		end
-		
-		def standard_saml_request(settings)
-			"<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-			<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{@id}\" Version=\"2.0\" IssueInstant=\"#{@issue_instant}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
-			"<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
-			"<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
-			"<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
-			"<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
-			"</samlp:AuthnRequest>"
-		end
-		
-		def google_saml_request(settings)
-			%Q(<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="#{@id}" Version="2.0" IssueInstant="#{@issue_instant}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="#{settings.issuer}" AssertionConsumerServiceURL="#{settings.assertion_consumer_service_url}"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#{settings.issuer}</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="#{settings.name_identifier_format}" /></samlp:AuthnRequest>)
-		end
-
-		def self.getTimestamp
-			Time.new().strftime("%Y-%m-%dT%H:%M:%SZ")
-		end
-	end
-
+  class Authrequest
+    def create(settings)
+      uuid = UUID.new.generate
+      time = Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")
+
+      request =
+        "<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\"#{uuid}\" Version=\"2.0\" IssueInstant=\"#{time}\" ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" AssertionConsumerServiceURL=\"#{settings.assertion_consumer_service_url}\">" +
+        "<saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{settings.issuer}</saml:Issuer>\n" +
+        "<samlp:NameIDPolicy xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Format=\"#{settings.name_identifier_format}\" AllowCreate=\"true\"></samlp:NameIDPolicy>\n" +
+        "<samlp:RequestedAuthnContext xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" Comparison=\"exact\">" +
+        "<saml:AuthnContextClassRef xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\n" +
+        "</samlp:AuthnRequest>"
+
+      deflated_request  = Zlib::Deflate.deflate(request, 9)[2..-5]
+      base64_request    = Base64.encode64(deflated_request)
+      encoded_request   = CGI.escape(base64_request)
+
+      settings.idp_sso_target_url + "?SAMLRequest=" + encoded_request
+    end
+
+  end
 end

data/lib/onelogin/saml/response.rb

@@ -1,33 +1,33 @@
 require "rexml/document"
 require "xml_sec" 
+require "time"
 
 module Onelogin::Saml
   class Response
+    attr_accessor :response, :document, :logger, :settings
+
     def initialize(response)
-			
-      @response = response
-      @document = XMLSecurity::SignedDocument.new(Base64.decode64(@response))
-			@document = XMLSecurity::SignedDocument.new(@response) if @document.root.blank?
-			@document = REXML::Document.new(@response) if @document.root.blank?
-    end
-    
-    def logger=(val)
-      @logger = val
+      raise ArgumentError.new("Response cannot be nil") if response.nil?
+      self.response = response
+      self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
     end
-    
-    def settings=(_settings)
-      @settings = _settings
-    end
-    
+
     def is_valid?
-      unless @response.blank?
-        @document.validate(@settings.idp_cert_fingerprint, @logger) unless !@settings.idp_cert_fingerprint
-      end
+      return false if response.empty?
+      return false if settings.nil?
+      return false if settings.idp_cert_fingerprint.nil?
+
+      document.validate(settings.idp_cert_fingerprint, logger)
     end
 
+    # The value of the user identifier as designated by the initialization request response
     def name_id
-      node = @document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"] || @document.elements["/samlp:Response/Assertion/Subject/NameID"]
-			node.text.strip
+      @name_id ||= document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].text
+    end
+
+    # When this user session should expire at latest
+    def session_expires_at
+      @expires_at ||= Time.parse(document.elements["/samlp:Response/saml:Assertion/saml:AuthnStatement"].attributes["SessionNotOnOrAfter"])
     end
   end
 end

data/lib/onelogin/saml/settings.rb

@@ -1,45 +1,6 @@
 module Onelogin::Saml
   class Settings
-    def assertion_consumer_service_url
-      @assertion_consumer_service_url
-    end
-    def assertion_consumer_service_url=(val)
-      @assertion_consumer_service_url = val
-    end
-    
-    def issuer
-      @issuer
-    end
-    def issuer=(val)
-      @issuer = val
-    end
-    
-    def sp_name_qualifier
-      @sp_name_qualifier
-    end
-    def sp_name_qualifier=(val)
-      @sp_name_qualifier = val
-    end
-    
-    def idp_sso_target_url
-      @idp_sso_target_url
-    end
-    def idp_sso_target_url=(val)
-      @idp_sso_target_url = val
-    end
-    
-    def idp_cert_fingerprint
-      @idp_cert_fingerprint
-    end
-    def idp_cert_fingerprint=(val)
-      @idp_cert_fingerprint = val
-    end
-    
-    def name_identifier_format
-      @name_identifier_format
-    end
-    def name_identifier_format=(val)
-      @name_identifier_format = val
-    end
+    attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
+    attr_accessor :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
   end
 end

data/lib/xml_sec.rb

@@ -35,7 +35,6 @@ module XMLSecurity
 
     def validate (idp_cert_fingerprint, logger = nil)
       # get cert from response
-			return true if self.elements["//ds:X509Certificate"].blank?
       base64_cert             = self.elements["//ds:X509Certificate"].text
       cert_text               = Base64.decode64(base64_cert)
       cert                    = OpenSSL::X509::Certificate.new(cert_text)

data/ruby-saml.gemspec

@@ -1,60 +1,67 @@
 # Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{ruby-saml}
-  s.version = "0.0.8"
+  s.version = "0.2.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["OneLogin LLC"]
-  s.date = %q{2010-08-10}
+  s.date = %q{2010-12-01}
   s.description = %q{SAML toolkit for Ruby on Rails}
   s.email = %q{support@onelogin.com}
   s.extra_rdoc_files = [
     "LICENSE",
-     "README.rdoc"
+    "README.rdoc"
   ]
   s.files = [
     ".document",
-     ".gitignore",
-     "LICENSE",
-     "README.rdoc",
-     "Rakefile",
-     "VERSION",
-     "lib/onelogin/saml.rb",
-     "lib/onelogin/saml/authrequest.rb",
-     "lib/onelogin/saml/response.rb",
-     "lib/onelogin/saml/settings.rb",
-     "lib/ruby-saml.rb",
-     "lib/xml_sec.rb",
-     "ruby-saml.gemspec",
-     "test/ruby-saml_test.rb",
-     "test/test_helper.rb"
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/onelogin/saml.rb",
+    "lib/onelogin/saml/authrequest.rb",
+    "lib/onelogin/saml/response.rb",
+    "lib/onelogin/saml/settings.rb",
+    "lib/ruby-saml.rb",
+    "lib/xml_sec.rb",
+    "ruby-saml.gemspec",
+    "test/response.txt",
+    "test/ruby-saml_test.rb",
+    "test/test_helper.rb"
   ]
   s.homepage = %q{http://github.com/onelogin/ruby-saml}
-  s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.6}
+  s.rubygems_version = %q{1.3.7}
   s.summary = %q{SAML Ruby Tookit}
   s.test_files = [
     "test/ruby-saml_test.rb",
-     "test/test_helper.rb"
+    "test/test_helper.rb"
   ]
 
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
-			s.add_runtime_dependency(%q<uuid>, [">= 2.0.0"])
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<xmlcanonicalizer>, ["= 0.1.0"])
+      s.add_runtime_dependency(%q<uuid>, ["= 2.3.1"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<mocha>, [">= 0"])
     else
-      s.add_dependency(%q<XMLCanonicalizer>, [">= 1.0.1"])
-			s.add_dependency(%q<uuid>, [">= 2.0.0"])
+      s.add_dependency(%q<xmlcanonicalizer>, ["= 0.1.0"])
+      s.add_dependency(%q<uuid>, ["= 2.3.1"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<mocha>, [">= 0"])
     end
   else
-    s.add_dependency(%q<uuid>, [">= 2.0.0"])
+    s.add_dependency(%q<xmlcanonicalizer>, ["= 0.1.0"])
+    s.add_dependency(%q<uuid>, ["= 2.3.1"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<mocha>, [">= 0"])
   end
 end
+

data/test/response.txt

@@ -0,0 +1,68 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0
+YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6
+bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDEx
+NzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTEx
+LTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij48c2Ft
+bHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6
+bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0
+YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHM9Imh0dHA6Ly93d3cudzMu
+b3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMu
+b3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBWZXJzaW9uPSIyLjAiIElE
+PSJwZnhhNDY1NzRkZi1iM2IwLWEwNmEtMjNjOC02MzY0MTMxOTg3NzIiIElz
+c3VlSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiPjxzYW1sOklzc3Vl
+cj5odHRwczovL2FwcC5vbmVsb2dpbi5jb20vc2FtbC9tZXRhZGF0YS8xMzU5
+MDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDov
+L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZElu
+Zm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRw
+Oi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxk
+czpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9y
+Zy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNl
+IFVSST0iI3BmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3
+MiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0
+dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2ln
+bmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cu
+dzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jt
+cz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5v
+cmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+cEpR
+N01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+PC9k
+czpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1
+ZT55aXZlS2NQZERwdUROajZzaHJRM0FCd3IvY0EzQ3J5RDJwaEcveExac3pL
+V3hVNS9tbGFLdDhld2JaT2RLS3Z0T3MycEhCeTVEdWEzazk0QUYrenhHeWVs
+NWdPb3dtb3lYSnIrQU9yK2tQTzB2bGkxVjhvM2hQUFVad1JnU1g2UTlwUzFD
+cVFnaEtpRWFzUnl5bHFxSlVhUFl6bU96T0U4L1hsTWt3aVdtTzA9PC9kczpT
+aWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpY
+NTA5Q2VydGlmaWNhdGU+TUlJQnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1H
+Y3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1s
+aE1SVXdFd1lEVlFRSERBeFRZVzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9N
+Q0U5dVpVeHZaMmx1TVJrd0Z3WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZ
+Mjl0TUI0WERURXdNRE13T1RBNU5UZzBOVm9YRFRFMU1ETXdPVEE1TlRnME5W
+b3daekVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNK
+dWFXRXhGVEFUQmdOVkJBY01ERk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVF
+Q2d3SVQyNWxURzluYVc0eEdUQVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBi
+aTVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFP
+alN1MWZqUHk4ZDV3NFF5TDEremQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlU
+U1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRS
+ZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25R
+NjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3
+WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+
+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNh
+bWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4x
+Om5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zdXBwb3J0QG9uZWxvZ2lu
+LmNvbTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBN
+ZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIi
+PjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0i
+MjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0i
+Lz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48
+c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1Mjoz
+N1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPjxzYW1s
+OkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNl
+fTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48
+L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobklu
+c3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIiBTZXNzaW9uTm90T25PckFm
+dGVyPSIyMDEwLTExLTE5VDIxOjU3OjM3WiIgU2Vzc2lvbkluZGV4PSJfNTMx
+YzMyZDI4M2JkZmY3ZTA0ZTQ4N2JjZGJjNGRkOGQiPjxzYW1sOkF1dGhuQ29u
+dGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFt
+ZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRo
+bkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpB
+dXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9u
+c2U+Cg==

data/test/ruby-saml_test.rb

@@ -1,7 +1,82 @@
 require 'test_helper'
 
 class RubySamlTest < Test::Unit::TestCase
-  should "probably rename this file and start testing for real" do
-    flunk "hey buddy, you should probably rename this file and start testing for real"
+
+  context "Settings" do
+    setup do
+      @settings = Onelogin::Saml::Settings.new
+    end
+    should "should provide getters and settings" do
+      accessors = [
+        :assertion_consumer_service_url, :issuer, :sp_name_qualifier, :sp_name_qualifier,
+        :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
+      ]
+
+      accessors.each do |accessor|
+        value = Kernel.rand
+        @settings.send("#{accessor}=".to_sym, value)
+        assert_equal value, @settings.send(accessor)
+      end
+    end
   end
+
+  context "Response" do
+    should "provide setter for a logger" do
+      response = Onelogin::Saml::Response.new('')
+      assert response.logger = 'hello'
+    end
+
+    should "raise an exception when response is initialized with nil" do
+      assert_raises(ArgumentError) { Onelogin::Saml::Response.new(nil) }
+    end
+
+    context "#is_valid?" do
+      should "return false when response is initialized with blank data" do
+        response = Onelogin::Saml::Response.new('')
+        assert !response.is_valid?
+      end
+
+      should "return false if settings have not been set" do
+        response = Onelogin::Saml::Response.new(response_document)
+        assert !response.is_valid?
+      end
+
+      should "return true when the response is initialized with valid data" do
+        response = Onelogin::Saml::Response.new(response_document)
+        settings = Onelogin::Saml::Settings.new
+        settings.idp_cert_fingerprint = 'hello'
+        response.settings = settings
+        assert !response.is_valid?
+        document = stub()
+        document.stubs(:validate).returns(true)
+        response.document = document
+        assert response.is_valid?
+      end
+    end
+
+    context "#name_id" do
+      should "extract the value of the name id element" do
+        response = Onelogin::Saml::Response.new(response_document)
+        assert_equal "support@onelogin.com", response.name_id
+      end
+    end
+
+    context "#session_expires_at" do
+      should "extract the value of the SessionNotOnOrAfter attribute" do
+        response = Onelogin::Saml::Response.new(response_document)
+        assert response.session_expires_at.is_a?(Time)
+      end
+    end
+  end
+
+  context "Authrequest" do
+    should "create the SAMLRequest URL parameter" do
+      settings = Onelogin::Saml::Settings.new
+      settings.idp_sso_target_url = "http://stuff.com"
+      auth_url = Onelogin::Saml::Authrequest.new.create(settings)
+      assert auth_url =~ /^http:\/\/stuff\.com\?SAMLRequest=/
+      payload = CGI.unescape(auth_url.split("=").last)
+    end
+  end
+
 end

data/test/test_helper.rb

@@ -1,10 +1,14 @@
 require 'rubygems'
 require 'test/unit'
 require 'shoulda'
+require 'mocha'
 
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 require 'ruby-saml'
 
 class Test::Unit::TestCase
+  def response_document
+    @response_document ||= File.read(File.join(File.dirname(__FILE__), 'response.txt'))
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: ruby-saml
 version: !ruby/object:Gem::Version 
-  hash: 15
+  hash: 21
   prerelease: false
   segments: 
   - 0
-  - 0
-  - 8
-  version: 0.0.8
+  - 2
+  - 1
+  version: 0.2.1
 platform: ruby
 authors: 
 - OneLogin LLC
@@ -15,23 +15,23 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-10 00:00:00 -05:00
+date: 2010-12-01 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: XMLCanonicalizer
+  name: xmlcanonicalizer
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
-        hash: 21
+        hash: 27
         segments: 
-        - 1
         - 0
         - 1
-        version: 1.0.1
+        - 0
+        version: 0.1.0
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -40,16 +40,44 @@ dependencies:
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
-        hash: 15
+        hash: 1
         segments: 
         - 2
-        - 0
-        - 0
-        version: 2.0.0
+        - 3
+        - 1
+        version: 2.3.1
   type: :runtime
   version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: shoulda
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: mocha
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id004
 description: SAML toolkit for Ruby on Rails
 email: support@onelogin.com
 executables: []
@@ -61,7 +89,6 @@ extra_rdoc_files:
 - README.rdoc
 files: 
 - .document
-- .gitignore
 - LICENSE
 - README.rdoc
 - Rakefile
@@ -73,6 +100,7 @@ files:
 - lib/ruby-saml.rb
 - lib/xml_sec.rb
 - ruby-saml.gemspec
+- test/response.txt
 - test/ruby-saml_test.rb
 - test/test_helper.rb
 has_rdoc: true
@@ -80,8 +108,8 @@ homepage: http://github.com/onelogin/ruby-saml
 licenses: []
 
 post_install_message: 
-rdoc_options: 
-- --charset=UTF-8
+rdoc_options: []
+
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 

data/.gitignore

@@ -1,5 +0,0 @@
-*.sw?
-.DS_Store
-coverage
-rdoc
-pkg