saml-kit 1.0.11 → 1.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7cdef4d4affc0a46b4d12269cea2293339145ce6e4207b1bb61cefed17a7cace
-  data.tar.gz: e6ed597e3e98e725b30d9904c50b1a91999ff948e5dec320b1585f731554e9d9
+  metadata.gz: 6e9ec0e7c8f6d74adb1573553909a40481127c6b7267125fea0dfa355952aefd
+  data.tar.gz: d03824b9ee2b40906ffcfba24dcd4fa312a0624163aaae238417c08d4b231cb2
 SHA512:
-  metadata.gz: ff1620e3d48598653095303f3f33f5234192eea6fcbc7ffc7662a701799ae26c3e01050b741c71be2a824f005e9e3019175b1347ff2e9863ca02cf9184145457
-  data.tar.gz: 34665a677b65c2e205e9c57a8a86ab67e5b8156dfe798bb0bdbce3f7a1eab4912b08038984d81c1c1885d1c22a0a3528bfb8cf87d173c2ae4c15c86550e8a484
+  metadata.gz: 3eb96b0900cbc4fe95a41e558ed437f320430d833184ebd720758628a6f4e04209cf26a4d625208bb13dfdd52df34bf6d75776f7d1706891a2042d50af293e95
+  data.tar.gz: 2c151db5c475909292e7b31e96a904a7dacf23802715ab95dd3e11cc211aab328ee62389149cd20434574d197a16ce9fe8db64ddbac8dd44285eae49058cbe87

data/Rakefile

@@ -8,3 +8,8 @@ task default: :spec
 
 require 'rubocop/rake_task'
 RuboCop::RakeTask.new(:rubocop)
+
+require 'bundler/audit/task'
+Bundler::Audit::Task.new
+
+task lint: [:rubocop, 'bundle:audit']

data/lib/saml/kit/assertion.rb

@@ -109,6 +109,7 @@ module Saml
       end
 
       def must_match_issuer
+        return if audiences.empty?
         return if audiences.include?(configuration.entity_id)
         errors[:audience] << error_message(:must_match_issuer)
       end

data/lib/saml/kit/bindings/binding.rb

@@ -3,7 +3,7 @@
 module Saml
   module Kit
     module Bindings
-      # {include:file:spec/saml/bindings/binding_spec.rb}
+      # {include:file:spec/saml/kit/bindings/binding_spec.rb}
       class Binding
         attr_reader :binding, :location
 

data/lib/saml/kit/bindings/http_post.rb

@@ -3,7 +3,7 @@
 module Saml
   module Kit
     module Bindings
-      # {include:file:spec/saml/bindings/http_post_spec.rb}
+      # {include:file:spec/saml/kit/bindings/http_post_spec.rb}
       class HttpPost < Binding
         include Serializable
 

data/lib/saml/kit/bindings/http_redirect.rb

@@ -3,7 +3,7 @@
 module Saml
   module Kit
     module Bindings
-      # {include:file:spec/saml/bindings/http_redirect_spec.rb}
+      # {include:file:spec/saml/kit/bindings/http_redirect_spec.rb}
       class HttpRedirect < Binding
         include Serializable
 

data/lib/saml/kit/bindings/url_builder.rb

@@ -3,7 +3,7 @@
 module Saml
   module Kit
     module Bindings
-      # {include:file:spec/saml/bindings/url_builder_spec.rb}
+      # {include:file:spec/saml/kit/bindings/url_builder_spec.rb}
       class UrlBuilder
         include Serializable
         attr_reader :configuration

data/lib/saml/kit/builders/assertion.rb

@@ -16,7 +16,7 @@ module Saml
         end
 
         def name_id_format
-          request.name_id_format
+          request.try(:name_id_format) || Saml::Kit::Namespaces::PERSISTENT
         end
 
         def name_id
@@ -24,6 +24,7 @@ module Saml
         end
 
         def assertion_attributes
+          return {} unless user.respond_to?(:assertion_attributes_for)
           user.assertion_attributes_for(request)
         end
 
@@ -43,11 +44,10 @@ module Saml
         end
 
         def subject_confirmation_data_options
-          {
-            InResponseTo: request.id,
-            NotOnOrAfter: 3.hours.since(now).utc.iso8601,
-            Recipient: destination,
-          }
+          options = { NotOnOrAfter: 3.hours.since(now).utc.iso8601 }
+          options[:Recipient] = destination if destination.present?
+          options[:InResponseTo] = request.id if request.present?
+          options
         end
 
         def conditions_options

data/lib/saml/kit/builders/authentication_request.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/authentication_request.builder}
-      # {include:file:spec/saml/builders/authentication_request_spec.rb}
+      # {include:file:spec/saml/kit/builders/authentication_request_spec.rb}
       class AuthenticationRequest
         include XmlTemplatable
         attr_accessor :id, :now, :issuer, :assertion_consumer_service_url, :name_id_format, :destination

data/lib/saml/kit/builders/identity_provider_metadata.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/identity_provider_metadata.builder}
-      # {include:file:spec/saml/builders/identity_provider_metadata_spec.rb}
+      # {include:file:spec/saml/kit/builders/identity_provider_metadata_spec.rb}
       class IdentityProviderMetadata
         include XmlTemplatable
         extend Forwardable

data/lib/saml/kit/builders/logout_request.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/logout_request.builder}
-      # {include:file:spec/saml/builders/logout_request_spec.rb}
+      # {include:file:spec/saml/kit/builders/logout_request_spec.rb}
       class LogoutRequest
         include XmlTemplatable
         attr_accessor :id, :destination, :issuer, :name_id_format, :now

data/lib/saml/kit/builders/logout_response.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/logout_response.builder}
-      # {include:file:spec/saml/builders/logout_response_spec.rb}
+      # {include:file:spec/saml/kit/builders/logout_response_spec.rb}
       class LogoutResponse
         include XmlTemplatable
         attr_accessor :id, :issuer, :version, :status_code, :now, :destination

data/lib/saml/kit/builders/metadata.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/metadata.builder}
-      # {include:file:spec/saml/builders/metadata_spec.rb}
+      # {include:file:spec/saml/kit/builders/metadata_spec.rb}
       class Metadata
         include XmlTemplatable
 

data/lib/saml/kit/builders/response.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/response.builder}
-      # {include:file:spec/saml/builders/response_spec.rb}
+      # {include:file:spec/saml/kit/builders/response_spec.rb}
       class Response
         include XmlTemplatable
         attr_reader :user, :request
@@ -13,7 +13,7 @@ module Saml
         attr_accessor :issuer, :destination
         attr_reader :configuration
 
-        def initialize(user, request, configuration: Saml::Kit.configuration)
+        def initialize(user, request = nil, configuration: Saml::Kit.configuration)
           @user = user
           @request = request
           @id = ::Xml::Kit::Id.generate
@@ -28,7 +28,7 @@ module Saml
         end
 
         def build
-          Saml::Kit::Response.new(to_xml, request_id: request.id, configuration: configuration)
+          Saml::Kit::Response.new(to_xml, request_id: request.try(:id), configuration: configuration)
         end
 
         def assertion
@@ -46,15 +46,16 @@ module Saml
         private
 
         def response_options
-          {
+          options = {
             ID: id,
             Version: version,
             IssueInstant: now.iso8601,
-            Destination: destination,
             Consent: Namespaces::UNSPECIFIED,
-            InResponseTo: request.id,
             xmlns: Namespaces::PROTOCOL,
           }
+          options[:Destination] = destination if destination.present?
+          options[:InResponseTo] = request.id if request.present?
+          options
         end
       end
     end

data/lib/saml/kit/builders/service_provider_metadata.rb

@@ -4,7 +4,7 @@ module Saml
   module Kit
     module Builders
       # {include:file:lib/saml/kit/builders/templates/service_provider_metadata.builder}
-      # {include:file:spec/saml/builders/service_provider_metadata_spec.rb}
+      # {include:file:spec/saml/kit/builders/service_provider_metadata_spec.rb}
       class ServiceProviderMetadata
         include XmlTemplatable
         extend Forwardable

data/lib/saml/kit/builders/templates/assertion.builder

@@ -10,8 +10,10 @@ xml.Assertion(assertion_options) do
     end
   end
   xml.Conditions conditions_options do
-    xml.AudienceRestriction do
-      xml.Audience request.issuer
+    if request.present?
+      xml.AudienceRestriction do
+        xml.Audience request.issuer
+      end
     end
   end
   xml.AuthnStatement authn_statement_options do

data/lib/saml/kit/builders/templates/authentication_request.builder

@@ -4,5 +4,5 @@ xml.instruct!
 xml.tag!('samlp:AuthnRequest', request_options) do
   xml.tag!('saml:Issuer', issuer)
   signature_for(reference_id: id, xml: xml)
-  xml.tag!('samlp:NameIDPolicy', Format: name_id_format)
+  xml.tag!('samlp:NameIDPolicy', Format: name_id_format) if name_id_format.present?
 end

data/lib/saml/kit/builders/templates/identity_provider_metadata.builder

@@ -1,10 +1,7 @@
 # frozen_string_literal: true
 
 xml.IDPSSODescriptor descriptor_options do
-  configuration.certificates(use: :signing).each do |certificate|
-    render certificate, xml: xml
-  end
-  configuration.certificates(use: :encryption).each do |certificate|
+  configuration.certificates.each do |certificate|
     render certificate, xml: xml
   end
   logout_urls.each do |item|

data/lib/saml/kit/builders/templates/service_provider_metadata.builder

@@ -1,10 +1,7 @@
 # frozen_string_literal: true
 
 xml.SPSSODescriptor descriptor_options do
-  configuration.certificates(use: :signing).each do |certificate|
-    render certificate, xml: xml
-  end
-  configuration.certificates(use: :encryption).each do |certificate|
+  configuration.certificates.each do |certificate|
     render certificate, xml: xml
   end
   logout_urls.each do |item|

data/lib/saml/kit/default_registry.rb

@@ -29,7 +29,7 @@ module Saml
     #     configuration.logger = Rails.logger
     #   end
     #
-    # {include:file:spec/saml/default_registry_spec.rb}
+    # {include:file:spec/saml/kit/default_registry_spec.rb}
     class DefaultRegistry
       include Enumerable
 

data/lib/saml/kit/document.rb

@@ -17,6 +17,7 @@ module Saml
         "samlp": ::Saml::Kit::Namespaces::PROTOCOL,
         'xmlenc' => ::Xml::Kit::Namespaces::XMLENC,
       }.freeze
+      attr_accessor :registry
       validates_presence_of :content
       validates_presence_of :id
       validate :must_match_xsd
@@ -25,6 +26,7 @@ module Saml
 
       def initialize(xml, name:, configuration: Saml::Kit.configuration)
         @configuration = configuration
+        @registry = configuration.registry
         @content = xml
         @name = name
       end

data/lib/saml/kit/invalid_document.rb

@@ -2,7 +2,7 @@
 
 module Saml
   module Kit
-    # {include:file:spec/saml/invalid_document_spec.rb}
+    # {include:file:spec/saml/kit/invalid_document_spec.rb}
     class InvalidDocument < Document
       validate do |model|
         model.errors[:base] << model.error_message(:invalid)

data/lib/saml/kit/signature.rb

@@ -69,8 +69,8 @@ module Saml
         node
       end
 
-      def to_xml
-        node.to_s
+      def to_xml(pretty: false)
+        pretty ? node.to_xml(indent: 2) : node.to_s
       end
 
       private
@@ -84,6 +84,8 @@ module Saml
         dsignature.errors.each do |attribute|
           errors.add(attribute, error_message(attribute))
         end
+      rescue Xmldsig::SchemaError => error
+        errors.add(:base, error.message)
       end
 
       def validate_certificate(now = Time.now.utc)

data/lib/saml/kit/trustable.rb

@@ -30,7 +30,7 @@ module Saml
 
       # @!visibility private
       def provider
-        configuration.registry.metadata_for(issuer)
+        registry.metadata_for(issuer)
       end
 
       # @!visibility private

data/lib/saml/kit/version.rb

@@ -2,6 +2,6 @@
 
 module Saml
   module Kit
-    VERSION = '1.0.11'.freeze
+    VERSION = '1.0.12'.freeze
   end
 end

data/lib/saml/kit/xml_templatable.rb

@@ -21,11 +21,6 @@ module Saml
           (embed_signature && signing_key_pair.present?)
       end
 
-      def encrypt_with(key_pair)
-        self.encrypt = true
-        self.encryption_certificate = key_pair.certificate
-      end
-
       def digest_method
         configuration.digest_method
       end

data/saml-kit.gemspec

@@ -30,8 +30,9 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'activemodel', '>= 4.2.0'
-  spec.add_dependency 'xml-kit', '>= 0.1.10', '<= 1.0.0'
+  spec.add_dependency 'xml-kit', '>= 0.1.12', '<= 1.0.0'
   spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'bundler-audit', '~> 0.6'
   spec.add_development_dependency 'ffaker', '~> 2.7'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml-kit
 version: !ruby/object:Gem::Version
-  version: 1.0.11
+  version: 1.0.12
 platform: ruby
 authors:
 - mo khan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-02-27 00:00:00.000000000 Z
+date: 2018-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -30,7 +30,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.10
+        version: 0.1.12
     - - "<="
       - !ruby/object:Gem::Version
         version: 1.0.0
@@ -40,7 +40,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.10
+        version: 0.1.12
     - - "<="
       - !ruby/object:Gem::Version
         version: 1.0.0
@@ -58,6 +58,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
 - !ruby/object:Gem::Dependency
   name: ffaker
   requirement: !ruby/object:Gem::Requirement