ruby-saml 0.7.0 → 0.7.1

data/Gemfile

@@ -9,4 +9,5 @@ group :test do
   gem "rake"
   gem "mocha"
   gem "nokogiri"
+  gem "timecop"
 end

data/lib/onelogin/ruby-saml/response.rb

@@ -36,16 +36,14 @@ module Onelogin
       # The value of the user identifier as designated by the initialization request response
       def name_id
         @name_id ||= begin
-          node = REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id}']/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
-          node ||=  REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id}']/a:Assertion/a:Subject/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
+          node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
           node.nil? ? nil : node.text
         end
       end
 
       def sessionindex
         @sessionindex ||= begin
-          node = REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id}']/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
-          node ||=  REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id}']/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+          node = xpath_first_from_signed_assertion('/a:AuthnStatement')
           node.nil? ? nil : node.attributes['SessionIndex']
         end
       end
@@ -55,7 +53,7 @@ module Onelogin
         @attr_statements ||= begin
           result = {}
 
-          stmt_element = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AttributeStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+          stmt_element = xpath_first_from_signed_assertion('/a:AttributeStatement')
           return {} if stmt_element.nil?
 
           stmt_element.elements.each do |attr_element|
@@ -76,7 +74,7 @@ module Onelogin
       # When this user session should expire at latest
       def session_expires_at
         @expires_at ||= begin
-          node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+          node = xpath_first_from_signed_assertion('/a:AuthnStatement')
           parse_time(node, "SessionNotOnOrAfter")
         end
       end
@@ -91,15 +89,13 @@ module Onelogin
 
       # Conditions (if any) for the assertion to run
       def conditions
-        @conditions ||= begin
-          REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
-        end
+        @conditions ||= xpath_first_from_signed_assertion('/a:Conditions')
       end
 
       def issuer
         @issuer ||= begin
           node = REXML::XPath.first(document, "/p:Response/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
-          node ||= REXML::XPath.first(document, "/p:Response/a:Assertion/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
+          node ||= xpath_first_from_signed_assertion('/a:Issuer')
           node.nil? ? nil : node.text
         end
       end
@@ -126,7 +122,7 @@ module Onelogin
         if soft
           @schema.validate(@xml).map{ return false }
         else
-          @schema.validate(@xml).map{ |error| raise(Exception.new("#{error.message}\n\n#{@xml.to_s}")) }
+          @schema.validate(@xml).map{ |error| validation_error("#{error.message}\n\n#{@xml.to_s}") }
         end
       end
 
@@ -146,6 +142,12 @@ module Onelogin
         true
       end
 
+      def xpath_first_from_signed_assertion(subelt=nil)
+        node = REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id}']#{subelt}", { "p" => PROTOCOL, "a" => ASSERTION })
+        node ||= REXML::XPath.first(document, "/p:Response[@ID='#{document.signed_element_id}']/a:Assertion#{subelt}", { "p" => PROTOCOL, "a" => ASSERTION })
+        node
+      end
+
       def get_fingerprint
         if settings.idp_cert
           cert = OpenSSL::X509::Certificate.new(settings.idp_cert)

data/lib/onelogin/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module Onelogin
   module Saml
-    VERSION = '0.7.0'
+    VERSION = '0.7.1'
   end
 end

data/test/test_helper.rb

@@ -3,6 +3,7 @@ require 'test/unit'
 require 'shoulda'
 require 'mocha'
 require 'ruby-debug'
+require 'timecop'
 
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))

data/test/xml_security_test.rb

@@ -119,12 +119,29 @@ class XmlSecurityTest < Test::Unit::TestCase
     end
 
     context "StarfieldTMS" do
-      should "be able to validate a response" do
-        response = Onelogin::Saml::Response.new(fixture(:starfield_response))
-        response.settings = Onelogin::Saml::Settings.new(
-          :idp_cert_fingerprint => "8D:BA:53:8E:A3:B6:F9:F1:69:6C:BB:D9:D8:BD:41:B3:AC:4F:9D:4D"
-        )
-        assert response.validate!
+      setup do
+        @response = Onelogin::Saml::Response.new(fixture(:starfield_response))
+        @response.settings = Onelogin::Saml::Settings.new(
+                                                          :idp_cert_fingerprint => "8D:BA:53:8E:A3:B6:F9:F1:69:6C:BB:D9:D8:BD:41:B3:AC:4F:9D:4D"
+                                                          )
+      end
+
+      should "be able to validate a good response" do
+        Timecop.freeze Time.parse('2012-11-28 17:55:00 UTC') do
+          assert @response.validate!
+        end
+      end
+
+      should "fail before response is valid" do
+        Timecop.freeze Time.parse('2012-11-20 17:55:00 UTC') do
+          assert ! @response.is_valid?
+        end
+      end
+
+      should "fail after response expires" do
+        Timecop.freeze Time.parse('2012-11-30 17:55:00 UTC') do
+          assert ! @response.is_valid?
+        end
       end
     end
 

metadata

@@ -1,72 +1,78 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: ruby-saml
-version: !ruby/object:Gem::Version
-  version: 0.7.0
+version: !ruby/object:Gem::Version 
+  hash: 1
   prerelease: 
+  segments: 
+  - 0
+  - 7
+  - 1
+  version: 0.7.1
 platform: ruby
-authors:
+authors: 
 - OneLogin LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-01-23 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2013-01-23 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: canonix
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.1.1
-  type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 0
+        - 1
+        - 1
         version: 0.1.1
-- !ruby/object:Gem::Dependency
-  name: uuid
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '2.3'
   type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: uuid
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
+    requirements: 
     - - ~>
-      - !ruby/object:Gem::Version
-        version: '2.3'
-- !ruby/object:Gem::Dependency
-  name: nokogiri
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 2
+        - 3
+        version: "2.3"
   type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: nokogiri
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
 description: SAML toolkit for Ruby on Rails
 email: support@onelogin.com
 executables: []
+
 extensions: []
-extra_rdoc_files:
+
+extra_rdoc_files: 
 - LICENSE
 - README.md
-files:
+files: 
 - .document
 - .gitignore
 - .travis.yml
@@ -115,32 +121,41 @@ files:
 - test/settings_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb
+has_rdoc: true
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
+
 post_install_message: 
-rdoc_options:
+rdoc_options: 
 - --charset=UTF-8
-require_paths:
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
+
 rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 1.8.23
+rubygems_version: 1.6.2
 signing_key: 
 specification_version: 3
 summary: SAML Ruby Tookit
-test_files:
+test_files: 
 - test/certificates/certificate1
 - test/logoutrequest_test.rb
 - test/logoutresponse_test.rb
@@ -166,4 +181,3 @@ test_files:
 - test/settings_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb
-has_rdoc: