RubyGems - ruby-samlnechotech - Versions diffs - 0.7.34 → 0.7.35 - Mend

ruby-samlnechotech 0.7.34 → 0.7.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +13 -5
data/lib/onelogin/ruby-samlnechotech/saml_message.rb +75 -0
data/lib/onelogin/ruby-samlnechotech/slo_logoutrequest.rb +66 -0
data/lib/onelogin/ruby-samlnechotech/slo_logoutresponse.rb +62 -0
data/lib/onelogin/ruby-samlnechotech/version.rb +1 -1
data/lib/ruby-samlnechotech.rb +3 -0
data/test/requests/logoutrequest_fixtures.rb +82 -0
data/test/slologoutrequest_test.rb +42 -0
data/test/slologoutresponse_test.rb +44 -0
metadata +16 -7

checksums.yaml CHANGED

@@ -1,7 +1,15 @@
 ---
-SHA1:
-  metadata.gz: 83acf516a41f0c28c18108b8f5b5ffbcc4698e1a
-  data.tar.gz: f83184add5a75fcf488b2ff879a5816e0298a2e6
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    M2Y3NTY1OWQyMmI4ZmY4YWRjNmI1ZTllNTQ0MzQ0MGYwNDZiZTEzZQ==
+  data.tar.gz: !binary |-
+    ODExYjkyMTg0YWM4NDcyOTRkYjQzZjZiNmNhNTg4YTdhZWExM2MzZQ==
 SHA512:
-  metadata.gz: 6348a6a9abeb1d41a1851351c473aaa0c9643ace578a811ddd3c3090f960da79b37eba635f5a30bf0ea2b8924e65d6f79d2415a96e164569886922522d73e60f
-  data.tar.gz: 45eb2a6a53c8c03977e26038e995a64c544cff803e9a6c47664057889ce383211515ee334af85db7d0ab3bf5bbbb07abfcdeb850daba145af68bb3159dfeb289
+  metadata.gz: !binary |-
+    OWEwMTY0OGY5YmI4ZGM5N2ZlZjRkZDRhZmNkZGY5MWIzZjY2ZTZmNzE2YjJj
+    MTE2OTJiOWU2OGFkZmNlYjg5MzJiZmJmNTg4NDgyM2Q1MjhlZWJmMTY3MjJj
+    N2NiZjQ1NWM2NjY3MWQ0MDJhNTJlNzZjZDBmMzA2NzVkYTFhNmU=
+  data.tar.gz: !binary |-
+    ZGI0OWZmMTU3NWUwNWRlMzI1NmExNTMzOTlhYmI4OWFkNGY0NzdlOGNhNmI4
+    ZTRlYjQ3ZTA3MzY2ZjU2N2VmNGZkOTc5NThjMmI3NThhYmY5NjRlY2NjYzE5
+    M2EyNTVjMmIzMjNjMzI3MzgzMWY5M2U1ZTEzOWRmMmI0MWYxNGI=

data/lib/onelogin/ruby-samlnechotech/saml_message.rb ADDED

@@ -0,0 +1,75 @@
+require 'cgi'
+require 'zlib'
+require 'base64'
+module Onelogin
+  module Saml
+    class SamlMessage
+      ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
+      PROTOCOL  = "urn:oasis:names:tc:SAML:2.0:protocol"
+      def valid_saml?(document, soft = true)
+        Dir.chdir(File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'schemas'))) do
+          @schema = Nokogiri::XML::Schema(IO.read('saml20protocol_schema.xsd'))
+          @xml = Nokogiri::XML(document.to_s)
+        end
+        if soft
+          @schema.validate(@xml).map{ return false }
+        else
+          @schema.validate(@xml).map{ |error| validation_error("#{error.message}\n\n#{@xml.to_s}") }
+        end
+      end
+      def validation_error(message)
+        raise ValidationError.new(message)
+      end
+      private
+      def decode_raw_saml(saml)
+        if saml =~ /^</
+          return saml
+        elsif (decoded  = decode(saml)) =~ /^</
+          return decoded
+        elsif (inflated = inflate(decoded)) =~ /^</
+          return inflated
+        end
+        return nil
+      end
+      def encode_raw_saml(saml, settings)
+        saml           = Zlib::Deflate.deflate(saml, 9)[2..-5] if settings.compress_request
+        base64_saml    = Base64.encode64(saml)
+        return CGI.escape(base64_saml)
+      end
+      def decode(encoded)
+        Base64.decode64(encoded)
+      end
+      def encode(encoded)
+        Base64.encode64(encoded).gsub(/\n/, "")
+      end
+      def escape(unescaped)
+        CGI.escape(unescaped)
+      end
+      def unescape(escaped)
+        CGI.unescape(escaped)
+      end
+      def inflate(deflated)
+        zlib = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+        zlib.inflate(deflated)
+      end
+      def deflate(inflated)
+        Zlib::Deflate.deflate(inflated, 9)[2..-5]
+      end
+    end
+  end
+end

data/lib/onelogin/ruby-samlnechotech/slo_logoutrequest.rb ADDED

@@ -0,0 +1,66 @@
+require 'zlib'
+require 'time'
+require 'nokogiri'
+# Only supports SAML 2.0
+module Onelogin
+  module Saml
+    class SloLogoutrequest < SamlMessage
+      attr_reader :options
+      attr_reader :request
+      attr_reader :document
+      def initialize(request, options = {})
+        raise ArgumentError.new("Request cannot be nil") if request.nil?
+        @options  = options
+        @request = decode_raw_saml(request)
+        @document = REXML::Document.new(@request)
+      end
+      def is_valid?
+        validate
+      end
+      def validate!
+        validate(false)
+      end
+      # The value of the user identifier as designated by the initialization request response
+      def name_id
+        @name_id ||= begin
+          node = REXML::XPath.first(document, "/p:LogoutRequest/a:NameID", { "p" => PROTOCOL, "a" => ASSERTION })
+          node.nil? ? nil : node.text
+        end
+      end
+      def id
+        return @id if @id
+        element = REXML::XPath.first(document, "/p:LogoutRequest", {
+            "p" => PROTOCOL} )
+        return nil if element.nil?
+        return element.attributes["ID"]
+      end
+      def issuer
+        @issuer ||= begin
+          node = REXML::XPath.first(document, "/p:LogoutRequest/a:Issuer", { "p" => PROTOCOL, "a" => ASSERTION })
+          node.nil? ? nil : node.text
+        end
+      end
+      private
+      def validate(soft = true)
+        valid_saml?(document, soft)  && validate_request_state(soft)
+      end
+      def validate_request_state(soft = true)
+        if request.empty?
+          return soft ? false : validation_error("Blank request")
+        end
+        true
+      end
+    end
+  end
+end

data/lib/onelogin/ruby-samlnechotech/slo_logoutresponse.rb ADDED

@@ -0,0 +1,62 @@
+module Onelogin
+  module Saml
+    class SloLogoutresponse < SamlMessage
+      def create(settings, request, logout_message = nil, params = {})
+        params = {} if params.nil?
+        response_doc = create_logout_response_xml_doc(settings, request, logout_message)
+        response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
+        response = ''
+        response_doc.write(response)
+        Logging.debug "Created SLO Logout Response: #{response}"
+        encoded_response   = encode_raw_saml(response, settings)
+        params_prefix     = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
+        response_params    = "#{params_prefix}SAMLResponse=#{encoded_response}"
+        params.each_pair do |key, value|
+          response_params << "&#{key.to_s}=#{escape(value.to_s)}"
+        end
+        settings.idp_slo_target_url + response_params
+      end
+      def create_logout_response_xml_doc(settings, request, logout_message = nil)
+        uuid = '_' + UUID.new.generate
+        time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
+        response_doc = REXML::Document.new
+        root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol' }
+        root.attributes['ID'] = uuid
+        root.attributes['IssueInstant'] = time
+        root.attributes['Version'] = '2.0'
+        root.attributes['InResponseTo'] = request.id unless request.id.nil?
+        root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil?
+        # add success message
+        status = root.add_element 'samlp:Status'
+        # success status code
+        status_code = status.add_element 'samlp:StatusCode'
+        status_code.attributes['Value'] = 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        # success status message
+        logout_message ||= 'Successfully Signed Out'
+        status_message = status.add_element 'samlp:StatusMessage'
+        status_message.text = logout_message
+        if settings.issuer != nil
+          issuer = root.add_element "saml:Issuer", { "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+          issuer.text = settings.issuer
+        end
+        response_doc
+      end
+    end
+  end
+end

data/lib/onelogin/ruby-samlnechotech/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Onelogin
   module Saml
-    VERSION = '0.7.34'
+    VERSION = '0.7.35'
   end
 end

data/lib/ruby-samlnechotech.rb CHANGED

@@ -7,3 +7,6 @@ require 'onelogin/ruby-samlnechotech/settings'
 require 'onelogin/ruby-samlnechotech/validation_error'
 require 'onelogin/ruby-samlnechotech/metadata'
 require 'onelogin/ruby-samlnechotech/version'
+require 'onelogin/ruby-samlnechotech/saml_message'
+require 'onelogin/ruby-samlnechotech/slo_logoutrequest'
+require 'onelogin/ruby-samlnechotech/slo_logoutresponse'

data/test/requests/logoutrequest_fixtures.rb ADDED

@@ -0,0 +1,82 @@
+#encoding: utf-8
+def default_request_opts
+  {
+      :uuid => "_28024690-000e-0130-b6d2-38f6b112be8b",
+      :issue_instant => Time.now.strftime('%Y-%m-%dT%H:%M:%SZ'),
+      :settings => settings
+  }
+end
+def valid_request(opts = {})
+  opts = default_request_opts.merge!(opts)
+  "<samlp:LogoutRequest
+        xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+        ID=\"#{random_id}\" Version=\"2.0\"
+        IssueInstant=\"#{opts[:issue_instant]}\"
+        Destination=\"#{opts[:settings].assertion_consumer_logout_service_url}\">
+      <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">#{opts[:settings].issuer}</saml:Issuer>
+      </samlp:LogoutRequest>"
+  "<samlp:LogoutRequest ID=\"f8a62847-92f2-4f0c-936a-df9efe0cc42f\"
+                 Version=\"2.0\"
+                 IssueInstant=\"2013-08-29T20:53:50Z\"
+                 Destination=\"https://server/adfs/ls/\"
+                 Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\"
+                 xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+                 >
+      <saml:Issuer xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">https://sp.com/</saml:Issuer>
+      <Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">
+          <SignedInfo>
+              <CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />
+              <SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />
+              <Reference URI=\"#f8a62847-92f2-4f0c-936a-df9efe0cc42f\">
+                  <Transforms>
+                      <Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\" />
+                      <Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\" />
+                  </Transforms>
+                  <DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />
+                  <DigestValue>W7F1E2U1OAHRXn/ItbnsYZyXw/8=</DigestValue>
+              </Reference>
+          </SignedInfo>
+          <SignatureValue></SignatureValue>
+          <KeyInfo>
+              <X509Data>
+                  <X509Certificate></X509Certificate>
+              </X509Data>
+          </KeyInfo>
+      </Signature>
+      <saml:NameID xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"
+                   Format=\"http://schemas.xmlsoap.org/claims/UPN\"
+                   >user</saml:NameID>
+      <samlp:SessionIndex>_2537f94b-a150-415e-9a45-3c6fa2b6dd60</samlp:SessionIndex>
+  </samlp:LogoutRequest>"
+end
+def invalid_xml_request
+  "<samlp:SomethingAwful
+        xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"
+        ID=\"#{random_id}\" Version=\"2.0\">
+      </samlp:SomethingAwful>"
+end
+def settings
+  @settings ||= Onelogin::Saml::Settings.new(
+      {
+          :assertion_consumer_service_url => "http://app.muda.no/sso/consume",
+          :assertion_consumer_logout_service_url => "http://app.muda.no/sso/consume_logout",
+          :issuer => "http://app.muda.no",
+          :sp_name_qualifier => "http://sso.muda.no",
+          :idp_sso_target_url => "http://sso.muda.no/sso",
+          :idp_slo_target_url => "http://sso.muda.no/slo",
+          :idp_cert_fingerprint => "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00",
+          :name_identifier_format => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
+      }
+  )
+end
+# logoutresponse fixtures
+def random_id
+  "_#{UUID.new.generate}"
+end

data/test/slologoutrequest_test.rb ADDED

@@ -0,0 +1,42 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
+require 'rexml/document'
+require 'requests/logoutrequest_fixtures'
+class RubySamlTest < Test::Unit::TestCase
+  context "SloLogoutrequest" do
+    context "#new" do
+      should "raise an exception when request is initialized with nil" do
+        assert_raises(ArgumentError) { Onelogin::Saml::SloLogoutrequest.new(nil) }
+      end
+      should "accept constructor-injected options" do
+        logoutrequest= Onelogin::Saml::SloLogoutrequest.new(valid_request, { :foo => :bar} )
+        assert !logoutrequest.options.empty?
+      end
+      should "support base64 encoded responses" do
+        expected_request = valid_request
+        logoutrequest= Onelogin::Saml::SloLogoutrequest.new(Base64.encode64(expected_request))
+        assert_equal expected_request, logoutrequest.request
+      end
+    end
+    context "#validate!" do
+      should "validates good requests" do
+        logoutrequest = Onelogin::Saml::SloLogoutrequest.new(valid_request)
+        logoutrequest.validate!
+      end
+      should "raise error for invalid xml" do
+        logoutrequest = Onelogin::Saml::SloLogoutrequest.new(invalid_xml_request)
+        assert_raises(Onelogin::Saml::ValidationError) { logoutrequest.validate! }
+      end
+    end
+  end
+  # logoutresponse fixtures
+  def random_id
+    "_#{UUID.new.generate}"
+  end
+end

data/test/slologoutresponse_test.rb ADDED

@@ -0,0 +1,44 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
+require 'requests/logoutrequest_fixtures'
+class SloResponseTest < Test::Unit::TestCase
+  context "SloLogoutresponse" do
+    settings = Onelogin::Saml::Settings.new
+    settings.idp_slo_target_url = "http://unauth.com/logout"
+    settings.name_identifier_value = "f00f00"
+    logoutrequest = Onelogin::Saml::SloLogoutrequest.new(valid_request)
+    should "create the deflated SAMLRequest URL parameter" do
+      unauth_url = Onelogin::Saml::SloLogoutresponse.new.create(settings, logoutrequest)
+      assert unauth_url =~ /^http:\/\/unauth\.com\/logout\?SAMLResponse=/
+      inflated = decode_saml_response_payload(unauth_url)
+      assert_match /^<samlp:LogoutResponse/, inflated
+    end
+    should "set InResponseTo" do
+      unauth_url = Onelogin::Saml::SloLogoutresponse.new.create(settings, logoutrequest)
+      inflated = decode_saml_response_payload(unauth_url)
+      assert_match %r(InResponseTo='#{logoutrequest.id}'), inflated
+    end
+  end
+  def decode_saml_response_payload(unauth_url)
+    payload = CGI.unescape(unauth_url.split("SAMLResponse=").last)
+    decoded = Base64.decode64(payload)
+    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+    inflated = zstream.inflate(decoded)
+    zstream.finish
+    zstream.close
+    inflated
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-samlnechotech
 version: !ruby/object:Gem::Version
-  version: 0.7.34
+  version: 0.7.35
 platform: ruby
 authors:
 - OneLogin LLC, beekermememe
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-06-24 00:00:00.000000000 Z
+date: 2014-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix
@@ -42,14 +42,14 @@ dependencies:
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: 1.5.0
 description: SAML toolkit for Ruby on Rails forked and modified by beekermememe
@@ -73,7 +73,10 @@ files:
 - lib/onelogin/ruby-samlnechotech/logoutresponse.rb
 - lib/onelogin/ruby-samlnechotech/metadata.rb
 - lib/onelogin/ruby-samlnechotech/response.rb
+- lib/onelogin/ruby-samlnechotech/saml_message.rb
 - lib/onelogin/ruby-samlnechotech/settings.rb
+- lib/onelogin/ruby-samlnechotech/slo_logoutrequest.rb
+- lib/onelogin/ruby-samlnechotech/slo_logoutresponse.rb
 - lib/onelogin/ruby-samlnechotech/validation_error.rb
 - lib/onelogin/ruby-samlnechotech/version.rb
 - lib/ruby-samlnechotech.rb
@@ -88,6 +91,7 @@ files:
 - test/logoutrequest_test.rb
 - test/logoutresponse_test.rb
 - test/request_test.rb
+- test/requests/logoutrequest_fixtures.rb
 - test/response_test.rb
 - test/responses/adfs_response_sha1.xml
 - test/responses/adfs_response_sha256.xml
@@ -108,6 +112,8 @@ files:
 - test/responses/starfield_response.xml.base64
 - test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
+- test/slologoutrequest_test.rb
+- test/slologoutresponse_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb
 homepage: https://github.com/beekermememe/ruby-saml
@@ -120,17 +126,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: http://www.rubygems.org/gems/ruby-samlnechotech
-rubygems_version: 2.0.3
+rubygems_version: 2.1.11
 signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
@@ -140,6 +146,7 @@ test_files:
 - test/logoutrequest_test.rb
 - test/logoutresponse_test.rb
 - test/request_test.rb
+- test/requests/logoutrequest_fixtures.rb
 - test/response_test.rb
 - test/responses/adfs_response_sha1.xml
 - test/responses/adfs_response_sha256.xml
@@ -160,5 +167,7 @@ test_files:
 - test/responses/starfield_response.xml.base64
 - test/responses/wrapped_response_2.xml.base64
 - test/settings_test.rb
+- test/slologoutrequest_test.rb
+- test/slologoutresponse_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb