saml-kit 1.0.11 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +5 -0
  3. data/lib/saml/kit/assertion.rb +1 -0
  4. data/lib/saml/kit/bindings/binding.rb +1 -1
  5. data/lib/saml/kit/bindings/http_post.rb +1 -1
  6. data/lib/saml/kit/bindings/http_redirect.rb +1 -1
  7. data/lib/saml/kit/bindings/url_builder.rb +1 -1
  8. data/lib/saml/kit/builders/assertion.rb +6 -6
  9. data/lib/saml/kit/builders/authentication_request.rb +1 -1
  10. data/lib/saml/kit/builders/identity_provider_metadata.rb +1 -1
  11. data/lib/saml/kit/builders/logout_request.rb +1 -1
  12. data/lib/saml/kit/builders/logout_response.rb +1 -1
  13. data/lib/saml/kit/builders/metadata.rb +1 -1
  14. data/lib/saml/kit/builders/response.rb +7 -6
  15. data/lib/saml/kit/builders/service_provider_metadata.rb +1 -1
  16. data/lib/saml/kit/builders/templates/assertion.builder +4 -2
  17. data/lib/saml/kit/builders/templates/authentication_request.builder +1 -1
  18. data/lib/saml/kit/builders/templates/identity_provider_metadata.builder +1 -4
  19. data/lib/saml/kit/builders/templates/service_provider_metadata.builder +1 -4
  20. data/lib/saml/kit/default_registry.rb +1 -1
  21. data/lib/saml/kit/document.rb +2 -0
  22. data/lib/saml/kit/invalid_document.rb +1 -1
  23. data/lib/saml/kit/signature.rb +4 -2
  24. data/lib/saml/kit/trustable.rb +1 -1
  25. data/lib/saml/kit/version.rb +1 -1
  26. data/lib/saml/kit/xml_templatable.rb +0 -5
  27. data/saml-kit.gemspec +2 -1
  28. metadata +18 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7cdef4d4affc0a46b4d12269cea2293339145ce6e4207b1bb61cefed17a7cace
4
- data.tar.gz: e6ed597e3e98e725b30d9904c50b1a91999ff948e5dec320b1585f731554e9d9
3
+ metadata.gz: 6e9ec0e7c8f6d74adb1573553909a40481127c6b7267125fea0dfa355952aefd
4
+ data.tar.gz: d03824b9ee2b40906ffcfba24dcd4fa312a0624163aaae238417c08d4b231cb2
5
5
  SHA512:
6
- metadata.gz: ff1620e3d48598653095303f3f33f5234192eea6fcbc7ffc7662a701799ae26c3e01050b741c71be2a824f005e9e3019175b1347ff2e9863ca02cf9184145457
7
- data.tar.gz: 34665a677b65c2e205e9c57a8a86ab67e5b8156dfe798bb0bdbce3f7a1eab4912b08038984d81c1c1885d1c22a0a3528bfb8cf87d173c2ae4c15c86550e8a484
6
+ metadata.gz: 3eb96b0900cbc4fe95a41e558ed437f320430d833184ebd720758628a6f4e04209cf26a4d625208bb13dfdd52df34bf6d75776f7d1706891a2042d50af293e95
7
+ data.tar.gz: 2c151db5c475909292e7b31e96a904a7dacf23802715ab95dd3e11cc211aab328ee62389149cd20434574d197a16ce9fe8db64ddbac8dd44285eae49058cbe87
data/Rakefile CHANGED
@@ -8,3 +8,8 @@ task default: :spec
8
8
 
9
9
  require 'rubocop/rake_task'
10
10
  RuboCop::RakeTask.new(:rubocop)
11
+
12
+ require 'bundler/audit/task'
13
+ Bundler::Audit::Task.new
14
+
15
+ task lint: [:rubocop, 'bundle:audit']
data/lib/saml/kit/assertion.rb CHANGED
@@ -109,6 +109,7 @@ module Saml
109
109
  end
110
110
 
111
111
  def must_match_issuer
112
+ return if audiences.empty?
112
113
  return if audiences.include?(configuration.entity_id)
113
114
  errors[:audience] << error_message(:must_match_issuer)
114
115
  end
data/lib/saml/kit/bindings/binding.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Saml
4
4
  module Kit
5
5
  module Bindings
6
- # {include:file:spec/saml/bindings/binding_spec.rb}
6
+ # {include:file:spec/saml/kit/bindings/binding_spec.rb}
7
7
  class Binding
8
8
  attr_reader :binding, :location
9
9
 
data/lib/saml/kit/bindings/http_post.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Saml
4
4
  module Kit
5
5
  module Bindings
6
- # {include:file:spec/saml/bindings/http_post_spec.rb}
6
+ # {include:file:spec/saml/kit/bindings/http_post_spec.rb}
7
7
  class HttpPost < Binding
8
8
  include Serializable
9
9
 
data/lib/saml/kit/bindings/http_redirect.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Saml
4
4
  module Kit
5
5
  module Bindings
6
- # {include:file:spec/saml/bindings/http_redirect_spec.rb}
6
+ # {include:file:spec/saml/kit/bindings/http_redirect_spec.rb}
7
7
  class HttpRedirect < Binding
8
8
  include Serializable
9
9
 
data/lib/saml/kit/bindings/url_builder.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  module Saml
4
4
  module Kit
5
5
  module Bindings
6
- # {include:file:spec/saml/bindings/url_builder_spec.rb}
6
+ # {include:file:spec/saml/kit/bindings/url_builder_spec.rb}
7
7
  class UrlBuilder
8
8
  include Serializable
9
9
  attr_reader :configuration
data/lib/saml/kit/builders/assertion.rb CHANGED
@@ -16,7 +16,7 @@ module Saml
16
16
  end
17
17
 
18
18
  def name_id_format
19
- request.name_id_format
19
+ request.try(:name_id_format) || Saml::Kit::Namespaces::PERSISTENT
20
20
  end
21
21
 
22
22
  def name_id
@@ -24,6 +24,7 @@ module Saml
24
24
  end
25
25
 
26
26
  def assertion_attributes
27
+ return {} unless user.respond_to?(:assertion_attributes_for)
27
28
  user.assertion_attributes_for(request)
28
29
  end
29
30
 
@@ -43,11 +44,10 @@ module Saml
43
44
  end
44
45
 
45
46
  def subject_confirmation_data_options
46
- {
47
- InResponseTo: request.id,
48
- NotOnOrAfter: 3.hours.since(now).utc.iso8601,
49
- Recipient: destination,
50
- }
47
+ options = { NotOnOrAfter: 3.hours.since(now).utc.iso8601 }
48
+ options[:Recipient] = destination if destination.present?
49
+ options[:InResponseTo] = request.id if request.present?
50
+ options
51
51
  end
52
52
 
53
53
  def conditions_options
data/lib/saml/kit/builders/authentication_request.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/authentication_request.builder}
7
- # {include:file:spec/saml/builders/authentication_request_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/authentication_request_spec.rb}
8
8
  class AuthenticationRequest
9
9
  include XmlTemplatable
10
10
  attr_accessor :id, :now, :issuer, :assertion_consumer_service_url, :name_id_format, :destination
data/lib/saml/kit/builders/identity_provider_metadata.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/identity_provider_metadata.builder}
7
- # {include:file:spec/saml/builders/identity_provider_metadata_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/identity_provider_metadata_spec.rb}
8
8
  class IdentityProviderMetadata
9
9
  include XmlTemplatable
10
10
  extend Forwardable
data/lib/saml/kit/builders/logout_request.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/logout_request.builder}
7
- # {include:file:spec/saml/builders/logout_request_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/logout_request_spec.rb}
8
8
  class LogoutRequest
9
9
  include XmlTemplatable
10
10
  attr_accessor :id, :destination, :issuer, :name_id_format, :now
data/lib/saml/kit/builders/logout_response.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/logout_response.builder}
7
- # {include:file:spec/saml/builders/logout_response_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/logout_response_spec.rb}
8
8
  class LogoutResponse
9
9
  include XmlTemplatable
10
10
  attr_accessor :id, :issuer, :version, :status_code, :now, :destination
data/lib/saml/kit/builders/metadata.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/metadata.builder}
7
- # {include:file:spec/saml/builders/metadata_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/metadata_spec.rb}
8
8
  class Metadata
9
9
  include XmlTemplatable
10
10
 
data/lib/saml/kit/builders/response.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/response.builder}
7
- # {include:file:spec/saml/builders/response_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/response_spec.rb}
8
8
  class Response
9
9
  include XmlTemplatable
10
10
  attr_reader :user, :request
@@ -13,7 +13,7 @@ module Saml
13
13
  attr_accessor :issuer, :destination
14
14
  attr_reader :configuration
15
15
 
16
- def initialize(user, request, configuration: Saml::Kit.configuration)
16
+ def initialize(user, request = nil, configuration: Saml::Kit.configuration)
17
17
  @user = user
18
18
  @request = request
19
19
  @id = ::Xml::Kit::Id.generate
@@ -28,7 +28,7 @@ module Saml
28
28
  end
29
29
 
30
30
  def build
31
- Saml::Kit::Response.new(to_xml, request_id: request.id, configuration: configuration)
31
+ Saml::Kit::Response.new(to_xml, request_id: request.try(:id), configuration: configuration)
32
32
  end
33
33
 
34
34
  def assertion
@@ -46,15 +46,16 @@ module Saml
46
46
  private
47
47
 
48
48
  def response_options
49
- {
49
+ options = {
50
50
  ID: id,
51
51
  Version: version,
52
52
  IssueInstant: now.iso8601,
53
- Destination: destination,
54
53
  Consent: Namespaces::UNSPECIFIED,
55
- InResponseTo: request.id,
56
54
  xmlns: Namespaces::PROTOCOL,
57
55
  }
56
+ options[:Destination] = destination if destination.present?
57
+ options[:InResponseTo] = request.id if request.present?
58
+ options
58
59
  end
59
60
  end
60
61
  end
data/lib/saml/kit/builders/service_provider_metadata.rb CHANGED
@@ -4,7 +4,7 @@ module Saml
4
4
  module Kit
5
5
  module Builders
6
6
  # {include:file:lib/saml/kit/builders/templates/service_provider_metadata.builder}
7
- # {include:file:spec/saml/builders/service_provider_metadata_spec.rb}
7
+ # {include:file:spec/saml/kit/builders/service_provider_metadata_spec.rb}
8
8
  class ServiceProviderMetadata
9
9
  include XmlTemplatable
10
10
  extend Forwardable
data/lib/saml/kit/builders/templates/assertion.builder CHANGED
@@ -10,8 +10,10 @@ xml.Assertion(assertion_options) do
10
10
  end
11
11
  end
12
12
  xml.Conditions conditions_options do
13
- xml.AudienceRestriction do
14
- xml.Audience request.issuer
13
+ if request.present?
14
+ xml.AudienceRestriction do
15
+ xml.Audience request.issuer
16
+ end
15
17
  end
16
18
  end
17
19
  xml.AuthnStatement authn_statement_options do
data/lib/saml/kit/builders/templates/authentication_request.builder CHANGED
@@ -4,5 +4,5 @@ xml.instruct!
4
4
  xml.tag!('samlp:AuthnRequest', request_options) do
5
5
  xml.tag!('saml:Issuer', issuer)
6
6
  signature_for(reference_id: id, xml: xml)
7
- xml.tag!('samlp:NameIDPolicy', Format: name_id_format)
7
+ xml.tag!('samlp:NameIDPolicy', Format: name_id_format) if name_id_format.present?
8
8
  end
data/lib/saml/kit/builders/templates/identity_provider_metadata.builder CHANGED
@@ -1,10 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  xml.IDPSSODescriptor descriptor_options do
4
- configuration.certificates(use: :signing).each do |certificate|
5
- render certificate, xml: xml
6
- end
7
- configuration.certificates(use: :encryption).each do |certificate|
4
+ configuration.certificates.each do |certificate|
8
5
  render certificate, xml: xml
9
6
  end
10
7
  logout_urls.each do |item|
data/lib/saml/kit/builders/templates/service_provider_metadata.builder CHANGED
@@ -1,10 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  xml.SPSSODescriptor descriptor_options do
4
- configuration.certificates(use: :signing).each do |certificate|
5
- render certificate, xml: xml
6
- end
7
- configuration.certificates(use: :encryption).each do |certificate|
4
+ configuration.certificates.each do |certificate|
8
5
  render certificate, xml: xml
9
6
  end
10
7
  logout_urls.each do |item|
data/lib/saml/kit/default_registry.rb CHANGED
@@ -29,7 +29,7 @@ module Saml
29
29
  # configuration.logger = Rails.logger
30
30
  # end
31
31
  #
32
- # {include:file:spec/saml/default_registry_spec.rb}
32
+ # {include:file:spec/saml/kit/default_registry_spec.rb}
33
33
  class DefaultRegistry
34
34
  include Enumerable
35
35
 
data/lib/saml/kit/document.rb CHANGED
@@ -17,6 +17,7 @@ module Saml
17
17
  "samlp": ::Saml::Kit::Namespaces::PROTOCOL,
18
18
  'xmlenc' => ::Xml::Kit::Namespaces::XMLENC,
19
19
  }.freeze
20
+ attr_accessor :registry
20
21
  validates_presence_of :content
21
22
  validates_presence_of :id
22
23
  validate :must_match_xsd
@@ -25,6 +26,7 @@ module Saml
25
26
 
26
27
  def initialize(xml, name:, configuration: Saml::Kit.configuration)
27
28
  @configuration = configuration
29
+ @registry = configuration.registry
28
30
  @content = xml
29
31
  @name = name
30
32
  end
data/lib/saml/kit/invalid_document.rb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Saml
4
4
  module Kit
5
- # {include:file:spec/saml/invalid_document_spec.rb}
5
+ # {include:file:spec/saml/kit/invalid_document_spec.rb}
6
6
  class InvalidDocument < Document
7
7
  validate do |model|
8
8
  model.errors[:base] << model.error_message(:invalid)
data/lib/saml/kit/signature.rb CHANGED
@@ -69,8 +69,8 @@ module Saml
69
69
  node
70
70
  end
71
71
 
72
- def to_xml
73
- node.to_s
72
+ def to_xml(pretty: false)
73
+ pretty ? node.to_xml(indent: 2) : node.to_s
74
74
  end
75
75
 
76
76
  private
@@ -84,6 +84,8 @@ module Saml
84
84
  dsignature.errors.each do |attribute|
85
85
  errors.add(attribute, error_message(attribute))
86
86
  end
87
+ rescue Xmldsig::SchemaError => error
88
+ errors.add(:base, error.message)
87
89
  end
88
90
 
89
91
  def validate_certificate(now = Time.now.utc)
data/lib/saml/kit/trustable.rb CHANGED
@@ -30,7 +30,7 @@ module Saml
30
30
 
31
31
  # @!visibility private
32
32
  def provider
33
- configuration.registry.metadata_for(issuer)
33
+ registry.metadata_for(issuer)
34
34
  end
35
35
 
36
36
  # @!visibility private
data/lib/saml/kit/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Saml
4
4
  module Kit
5
- VERSION = '1.0.11'.freeze
5
+ VERSION = '1.0.12'.freeze
6
6
  end
7
7
  end
data/lib/saml/kit/xml_templatable.rb CHANGED
@@ -21,11 +21,6 @@ module Saml
21
21
  (embed_signature && signing_key_pair.present?)
22
22
  end
23
23
 
24
- def encrypt_with(key_pair)
25
- self.encrypt = true
26
- self.encryption_certificate = key_pair.certificate
27
- end
28
-
29
24
  def digest_method
30
25
  configuration.digest_method
31
26
  end
data/saml-kit.gemspec CHANGED
@@ -30,8 +30,9 @@ Gem::Specification.new do |spec|
30
30
  spec.require_paths = ['lib']
31
31
 
32
32
  spec.add_dependency 'activemodel', '>= 4.2.0'
33
- spec.add_dependency 'xml-kit', '>= 0.1.10', '<= 1.0.0'
33
+ spec.add_dependency 'xml-kit', '>= 0.1.12', '<= 1.0.0'
34
34
  spec.add_development_dependency 'bundler', '~> 1.15'
35
+ spec.add_development_dependency 'bundler-audit', '~> 0.6'
35
36
  spec.add_development_dependency 'ffaker', '~> 2.7'
36
37
  spec.add_development_dependency 'rake', '~> 10.0'
37
38
  spec.add_development_dependency 'rspec', '~> 3.0'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml-kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.11
4
+ version: 1.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-02-27 00:00:00.000000000 Z
11
+ date: 2018-03-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel
@@ -30,7 +30,7 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 0.1.10
33
+ version: 0.1.12
34
34
  - - "<="
35
35
  - !ruby/object:Gem::Version
36
36
  version: 1.0.0
@@ -40,7 +40,7 @@ dependencies:
40
40
  requirements:
41
41
  - - ">="
42
42
  - !ruby/object:Gem::Version
43
- version: 0.1.10
43
+ version: 0.1.12
44
44
  - - "<="
45
45
  - !ruby/object:Gem::Version
46
46
  version: 1.0.0
@@ -58,6 +58,20 @@ dependencies:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
60
  version: '1.15'
61
+ - !ruby/object:Gem::Dependency
62
+ name: bundler-audit
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '0.6'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: '0.6'
61
75
  - !ruby/object:Gem::Dependency
62
76
  name: ffaker
63
77
  requirement: !ruby/object:Gem::Requirement