saml-kit 1.0.24 → 1.0.25

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ff0dd35ecb05542b7f21d3ead4c22f232a337eaa41c9ddfa56b6d82b8f8873b
4
- data.tar.gz: 4d189291119912edfc23847cffa213fb5c53eca8f95a27810d40f8c111ff533e
3
+ metadata.gz: 0132eba52685773a829377a13a8a7dae40319e8cbd70b1359107c0f5790c6c26
4
+ data.tar.gz: 390adce2967ee14b748259cb46d9f0d41d5de5fdaeb5f04fecd1d4feb7099cc7
5
5
  SHA512:
6
- metadata.gz: 8354776fdbb5c0ae66ed2e4a18baa38c3073e2e99f49117638419e01d111c012b0cdbe862654798bf285d9e0d5bbe78fab3f0d66e7ce79ee5c6a8ca95c58e676
7
- data.tar.gz: da11bf9e0f5d4f9fec869b7908f0249d63454ba2edefe40e3b0080037d02615d1129ad6b9cd9c72ed1794d64da25eb789e1412ad4db35070d1a28f5e00829f76
6
+ metadata.gz: 7d12c7fd8d1d2ae2d851bb3d1f016ca56e9b1ad6f951c08ba5875bb51fa15f13fcf1dcd779283898d1ad46eff748ec3a15013272beb69fb2f11231786ca11cd1
7
+ data.tar.gz: c97f7e3f0acfbbbc4f21608b411b4785fe19cfae3c8f37c0b1ab41ba74c2aaa6bb46f67d39b989bd3d55558f92e3bb46084b7511fb04018d81317a86df8c5e56
@@ -90,6 +90,7 @@ module Saml
90
90
 
91
91
  def decryptable?
92
92
  return true unless encrypted?
93
+
93
94
  !@cannot_decrypt
94
95
  end
95
96
 
@@ -103,6 +104,7 @@ module Saml
103
104
  encrypted_assertion = at_xpath('./xmlenc:EncryptedData')
104
105
  @encrypted = encrypted_assertion.present?
105
106
  return unless @encrypted
107
+
106
108
  @to_nokogiri = decryptor.decrypt_node(encrypted_assertion)
107
109
  rescue Xml::Kit::DecryptionError => error
108
110
  @cannot_decrypt = true
@@ -111,16 +113,19 @@ module Saml
111
113
 
112
114
  def must_match_issuer
113
115
  return if audiences.empty? || audiences.include?(configuration.entity_id)
116
+
114
117
  errors[:audience] << error_message(:must_match_issuer)
115
118
  end
116
119
 
117
120
  def must_be_active_session
118
121
  return if active?
122
+
119
123
  errors[:base] << error_message(:expired)
120
124
  end
121
125
 
122
126
  def must_have_valid_signature
123
127
  return if !signed? || signature.valid?
128
+
124
129
  signature.errors.each do |attribute, message|
125
130
  errors.add(attribute, message)
126
131
  end
@@ -58,6 +58,7 @@ module Saml
58
58
  }
59
59
  return parameters[:SAMLRequest] if parameters[:SAMLRequest].present?
60
60
  return parameters[:SAMLResponse] if parameters[:SAMLResponse].present?
61
+
61
62
  message = 'SAMLRequest or SAMLResponse parameter is required.'
62
63
  raise ArgumentError, message
63
64
  end
@@ -52,6 +52,7 @@ module Saml
52
52
  decode(signature),
53
53
  canonicalize(params)
54
54
  )
55
+
55
56
  raise ArgumentError, 'Invalid Signature'
56
57
  end
57
58
 
@@ -87,6 +88,7 @@ module Saml
87
88
 
88
89
  def params_to_hash(value)
89
90
  return value unless value.is_a?(String)
91
+
90
92
  Hash[URI.parse(value).query.split('&').map { |xx| xx.split('=', 2) }]
91
93
  end
92
94
  end
@@ -35,6 +35,7 @@ module Saml
35
35
 
36
36
  def assertion_attributes
37
37
  return {} unless user.respond_to?(:assertion_attributes_for)
38
+
38
39
  user.assertion_attributes_for(request)
39
40
  end
40
41
 
@@ -25,7 +25,13 @@ xml.Assertion(assertion_options) do
25
25
  xml.AttributeStatement do
26
26
  assertion_attributes.each do |key, value|
27
27
  xml.Attribute Name: key do
28
- xml.AttributeValue value.to_s
28
+ if value.respond_to?(:each)
29
+ value.each do |x|
30
+ xml.AttributeValue x.to_s
31
+ end
32
+ else
33
+ xml.AttributeValue value.to_s
34
+ end
29
35
  end
30
36
  end
31
37
  end
@@ -30,6 +30,7 @@ module Saml
30
30
  def trusted?
31
31
  return true if signature_verified
32
32
  return false unless signed?
33
+
33
34
  signature.trusted?(provider)
34
35
  end
35
36
 
@@ -60,12 +61,14 @@ module Saml
60
61
  def must_be_registered
61
62
  return unless expected_type?
62
63
  return if provider.present?
64
+
63
65
  errors[:provider] << error_message(:unregistered)
64
66
  end
65
67
 
66
68
  def must_be_trusted
67
69
  return if trusted?
68
70
  return if provider.present? && !signed?
71
+
69
72
  errors[:fingerprint] << error_message(:invalid_fingerprint)
70
73
  end
71
74
  end
@@ -45,6 +45,7 @@ module Saml
45
45
  # @!visibility private
46
46
  def at_xpath(xpath)
47
47
  return unless present?
48
+
48
49
  to_nokogiri.at_xpath(xpath, NAMESPACES)
49
50
  end
50
51
 
@@ -20,6 +20,7 @@ module Saml
20
20
  # signing certificate is available via the configuration.
21
21
  def sign?
22
22
  return configuration.sign? if embed_signature.nil?
23
+
23
24
  (embed_signature && configuration.sign?) ||
24
25
  (embed_signature && signing_key_pair.present?)
25
26
  end
@@ -111,6 +111,7 @@ module Saml
111
111
  def must_be_valid_version
112
112
  return unless expected_type?
113
113
  return if version == '2.0'
114
+
114
115
  errors[:version] << error_message(:invalid_version)
115
116
  end
116
117
  end
@@ -57,6 +57,7 @@ module Saml
57
57
  xpath = "/md:EntityDescriptor/md:#{name}"
58
58
  attribute = at_xpath(xpath).attribute('WantAuthnRequestsSigned')
59
59
  return true if attribute.nil?
60
+
60
61
  attribute.text.casecmp('true').zero?
61
62
  end
62
63
 
@@ -67,6 +67,7 @@ module Saml
67
67
 
68
68
  def single_logout_service
69
69
  return if provider.nil?
70
+
70
71
  urls = provider.single_logout_services
71
72
  urls.first
72
73
  end
@@ -191,6 +191,7 @@ module Saml
191
191
 
192
192
  def must_have_valid_signature
193
193
  return if !signature.present? || signature.valid?
194
+
194
195
  signature.errors.each do |attribute, error|
195
196
  errors[attribute] << error
196
197
  end
@@ -51,6 +51,7 @@ module Saml
51
51
 
52
52
  def must_contain_single_assertion
53
53
  return if assertion_nodes.count <= 1
54
+
54
55
  errors[:base] << error_message(:must_contain_single_assertion)
55
56
  end
56
57
 
@@ -28,6 +28,7 @@ module Saml
28
28
  element = at_xpath("/md:EntityDescriptor/md:#{name}")
29
29
  attribute = element.attribute('WantAssertionsSigned')
30
30
  return true if attribute.nil?
31
+
31
32
  attribute.text.casecmp('true').zero?
32
33
  end
33
34
 
@@ -24,6 +24,7 @@ module Saml
24
24
  xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
25
25
  value = at_xpath(xpath).try(:text)
26
26
  return if value.nil?
27
+
27
28
  ::Xml::Kit::Certificate.new(value, use: :signing)
28
29
  end
29
30
 
@@ -31,6 +32,7 @@ module Saml
31
32
  # the certificates registered in the metadata.
32
33
  def trusted?(metadata)
33
34
  return false if metadata.nil?
35
+
34
36
  metadata.matches?(certificate.fingerprint, use: :signing).present?
35
37
  end
36
38
 
@@ -121,6 +123,7 @@ module Saml
121
123
 
122
124
  def at_xpath(xpath)
123
125
  return nil unless node
126
+
124
127
  node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
125
128
  end
126
129
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Saml
4
4
  module Kit
5
- VERSION = '1.0.24'.freeze
5
+ VERSION = '1.0.25'.freeze
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml-kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.24
4
+ version: 1.0.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-09-18 00:00:00.000000000 Z
11
+ date: 2018-10-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel
@@ -342,7 +342,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
342
342
  version: '0'
343
343
  requirements: []
344
344
  rubyforge_project:
345
- rubygems_version: 2.7.7
345
+ rubygems_version: 2.7.6
346
346
  signing_key:
347
347
  specification_version: 4
348
348
  summary: A simple toolkit for working with SAML.