RubyGems - ruby-saml - Versions diffs - 0.8.16 → 0.8.17 - Mend

ruby-saml 0.8.16 → 0.8.17

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (9) hide show

checksums.yaml +5 -5
data/lib/onelogin/ruby-saml/logoutrequest.rb +2 -1
data/lib/onelogin/ruby-saml/response.rb +36 -4
data/lib/onelogin/ruby-saml/settings.rb +1 -0
data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +12 -9
data/lib/onelogin/ruby-saml/version.rb +1 -1
data/test/response_test.rb +17 -0
data/test/slo_logoutresponse_test.rb +8 -0
metadata +7 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 68cb87ca6e3a580cea96b7784b71f60afe0f0982fc9b3c7b2de4fdda0ea1af31
-  data.tar.gz: 216f43c0d0a179f3a9c506f198c31e2a01a08a8661bfaafbe3cb50811b1acf88
+SHA1:
+  metadata.gz: 1ec15a6a64795cd0b10b796d6aef230a7d7d439c
+  data.tar.gz: a07ddee9fb7bfe9ca2f20cde2c9cadfd5bbac121
 SHA512:
-  metadata.gz: 35ba610649dbff55acae0612782ab7e81947907212b9c454494f9baa5c3926a126430eed919356049261a9cb40767d7079874f56f1b4cb1bd7efb637f4f6ba4f
-  data.tar.gz: a3e9ce681547c0e648f477198a134749c9febb1f86e042d2bb3266e01a740767672a667d0c85a162d0f11489e87ee4c1a53cbd15d45e6aeefeb31fc30a2fe99f
+  metadata.gz: 013b1a3b9b2eb015253dcc4992a1d8be73a3dce996271d701375914e3e7f3e64f6eff3094af1ade43fc807ce452093d05c071cf79b5b2cc8b63d3041688f9344
+  data.tar.gz: ed258b192c0cbd0b5c589183ecacd9591dad637783430130a9dfd97b6c68c1062520cf91255ed997adf693f1c7f344d84cf0184a821202c8c8ea85509c069864

data/lib/onelogin/ruby-saml/logoutrequest.rb CHANGED Viewed

@@ -114,7 +114,8 @@ module OneLogin
         if settings.name_identifier_value
           name_id = root.add_element "saml:NameID", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
-          name_id.attributes['NameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
+          nameid.attributes['NameQualifier'] = settings.idp_name_qualifier if settings.idp_name_qualifier
+          nameid.attributes['SPNameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
           name_id.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
           name_id.text = settings.name_identifier_value
         end

data/lib/onelogin/ruby-saml/response.rb CHANGED Viewed

@@ -35,16 +35,48 @@ module OneLogin
         validate(false)
       end
-      # The value of the user identifier as designated by the initialization request response
-      def name_id
+      def name_id_node
         @name_id ||= begin
-          node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
-          Utils.element_text(node)
+          xpath_first_from_signed_assertion('/a:Subject/a:NameID')
         end
       end
+      # The value of the user identifier as designated by the initialization request response
+      def name_id
+        @name_id ||= Utils.element_text(name_id_node)
+      end
       alias nameid name_id
+      # @return [String] the NameID Format provided by the SAML response from the IdP.
+      #
+      def name_id_format
+        @name_id_format ||=
+          if name_id_node && name_id_node.attribute("Format")
+            name_id_node.attribute("Format").value
+          end
+      end
+      alias_method :nameid_format, :name_id_format
+      # @return [String] the NameID SPNameQualifier provided by the SAML response from the IdP.
+      #
+      def name_id_spnamequalifier
+        @name_id_spnamequalifier ||=
+          if name_id_node && name_id_node.attribute("SPNameQualifier")
+            name_id_node.attribute("SPNameQualifier").value
+          end
+      end
+      # @return [String] the NameID NameQualifier provided by the SAML response from the IdP.
+      #
+      def name_id_namequalifier
+        @name_id_namequalifier ||=
+          if name_id_node && name_id_node.attribute("NameQualifier")
+            name_id_node.attribute("NameQualifier").value
+          end
+      end
       def sessionindex
         @sessionindex ||= begin
           node = xpath_first_from_signed_assertion('/a:AuthnStatement')

data/lib/onelogin/ruby-saml/settings.rb CHANGED Viewed

@@ -33,6 +33,7 @@ module OneLogin
       attr_accessor :assertion_consumer_service_url
       attr_accessor :authn_context
       attr_accessor :sp_name_qualifier
+      attr_accessor :idp_name_qualifier
       attr_accessor :name_identifier_format
       attr_accessor :name_identifier_value
       attr_accessor :name_identifier_value_requested

data/lib/onelogin/ruby-saml/slo_logoutresponse.rb CHANGED Viewed

@@ -26,10 +26,11 @@ module OneLogin
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [String] Logout Request string that includes the SAMLRequest
       #
-      def create(settings, request_id = nil, logout_message = nil, params = {})
-        params = create_params(settings, request_id, logout_message, params)
+      def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
+        params = create_params(settings, request_id, logout_message, params, logout_status_code)
         params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
         saml_response = CGI.escape(params.delete("SAMLResponse"))
         response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
@@ -45,9 +46,10 @@ module OneLogin
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [Hash] Parameters
       #
-      def create_params(settings, request_id = nil, logout_message = nil, params = {})
+      def create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
         # The method expects :RelayState but sometimes we get 'RelayState' instead.
         # Based on the HashWithIndifferentAccess value in Rails we could experience
         # conflicts so this line will solve them.
@@ -58,7 +60,7 @@ module OneLogin
           params.delete('RelayState')
         end
-        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message)
+        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message, logout_status_code)
         response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
         response = ""
@@ -104,12 +106,12 @@ module OneLogin
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @return [String] The SAMLResponse String.
       #
-      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
-        document = create_xml_document(settings, request_id, logout_message)
+      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil)
+        document = create_xml_document(settings, request_id, logout_message, logout_status_code)
         sign_document(document, settings)
       end
-      def create_xml_document(settings, request_id = nil, logout_message = nil)
+      def create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil)
         time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
         response_doc = XMLSecurity::Document.new
@@ -131,8 +133,9 @@ module OneLogin
         status = root.add_element 'samlp:Status'
         # success status code
-        status_code = status.add_element 'samlp:StatusCode'
-        status_code.attributes['Value'] = 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        status_code ||= 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        status_code_elem = status.add_element 'samlp:StatusCode'
+        status_code_elem.attributes['Value'] = status_code
         # success status message
         logout_message ||= 'Successfully Signed Out'

data/lib/onelogin/ruby-saml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '0.8.16'
+    VERSION = '0.8.17'
   end
 end

data/test/response_test.rb CHANGED Viewed

@@ -368,6 +368,23 @@ class ResponseTest <  Minitest::Test
       end
     end
+    describe "#name_id_format" do
+      it "extract the value of the name id element" do
+        response = OneLogin::RubySaml::Response.new(response_document)
+        response_signed = OneLogin::RubySaml::Response.new(response_document_valid_signed)
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response.name_id_format
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response_signed.name_id_format
+      end
+    end
+    describe "#sessionindex" do
+      it "extract the value of the sessionindex element" do
+        response = OneLogin::RubySaml::Response.new(fixture(:simple_saml_php))
+        assert_equal "_51be37965feb5579d803141076936dc2e9d1d98ebf", response.sessionindex
+      end
+    end
     describe "#check_conditions" do
       it "check time conditions" do
         response = OneLogin::RubySaml::Response.new(response_document)

data/test/slo_logoutresponse_test.rb CHANGED Viewed

@@ -61,6 +61,14 @@ class SloLogoutresponseTest < Minitest::Test
       assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
     end
+    it "set a custom logout message and an status on the response" do
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, "Custom Logout Message", {}, "urn:oasis:names:tc:SAML:2.0:status:PartialLogout")
+      inflated = decode_saml_response_payload(unauth_url)
+      assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
+      assert_match /<samlp:StatusCode Value='urn:oasis:names:tc:SAML:2.0:status:PartialLogout/, inflated
+    end
     describe "when the settings indicate to sign (embedded) logout response" do
       before do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 0.8.16
+  version: 0.8.17
 platform: ruby
 authors:
 - OneLogin LLC
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-19 00:00:00.000000000 Z
+date: 2021-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuid
@@ -148,7 +148,7 @@ files:
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -164,8 +164,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
-signing_key:
+rubyforge_project: http://www.rubygems.org/gems/ruby-saml
+rubygems_version: 2.6.8
+signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
 test_files: