saml-kit 1.0.24 → 1.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ff0dd35ecb05542b7f21d3ead4c22f232a337eaa41c9ddfa56b6d82b8f8873b
4
- data.tar.gz: 4d189291119912edfc23847cffa213fb5c53eca8f95a27810d40f8c111ff533e
3
+ metadata.gz: 0132eba52685773a829377a13a8a7dae40319e8cbd70b1359107c0f5790c6c26
4
+ data.tar.gz: 390adce2967ee14b748259cb46d9f0d41d5de5fdaeb5f04fecd1d4feb7099cc7
5
5
  SHA512:
6
- metadata.gz: 8354776fdbb5c0ae66ed2e4a18baa38c3073e2e99f49117638419e01d111c012b0cdbe862654798bf285d9e0d5bbe78fab3f0d66e7ce79ee5c6a8ca95c58e676
7
- data.tar.gz: da11bf9e0f5d4f9fec869b7908f0249d63454ba2edefe40e3b0080037d02615d1129ad6b9cd9c72ed1794d64da25eb789e1412ad4db35070d1a28f5e00829f76
6
+ metadata.gz: 7d12c7fd8d1d2ae2d851bb3d1f016ca56e9b1ad6f951c08ba5875bb51fa15f13fcf1dcd779283898d1ad46eff748ec3a15013272beb69fb2f11231786ca11cd1
7
+ data.tar.gz: c97f7e3f0acfbbbc4f21608b411b4785fe19cfae3c8f37c0b1ab41ba74c2aaa6bb46f67d39b989bd3d55558f92e3bb46084b7511fb04018d81317a86df8c5e56
@@ -90,6 +90,7 @@ module Saml
90
90
 
91
91
  def decryptable?
92
92
  return true unless encrypted?
93
+
93
94
  !@cannot_decrypt
94
95
  end
95
96
 
@@ -103,6 +104,7 @@ module Saml
103
104
  encrypted_assertion = at_xpath('./xmlenc:EncryptedData')
104
105
  @encrypted = encrypted_assertion.present?
105
106
  return unless @encrypted
107
+
106
108
  @to_nokogiri = decryptor.decrypt_node(encrypted_assertion)
107
109
  rescue Xml::Kit::DecryptionError => error
108
110
  @cannot_decrypt = true
@@ -111,16 +113,19 @@ module Saml
111
113
 
112
114
  def must_match_issuer
113
115
  return if audiences.empty? || audiences.include?(configuration.entity_id)
116
+
114
117
  errors[:audience] << error_message(:must_match_issuer)
115
118
  end
116
119
 
117
120
  def must_be_active_session
118
121
  return if active?
122
+
119
123
  errors[:base] << error_message(:expired)
120
124
  end
121
125
 
122
126
  def must_have_valid_signature
123
127
  return if !signed? || signature.valid?
128
+
124
129
  signature.errors.each do |attribute, message|
125
130
  errors.add(attribute, message)
126
131
  end
@@ -58,6 +58,7 @@ module Saml
58
58
  }
59
59
  return parameters[:SAMLRequest] if parameters[:SAMLRequest].present?
60
60
  return parameters[:SAMLResponse] if parameters[:SAMLResponse].present?
61
+
61
62
  message = 'SAMLRequest or SAMLResponse parameter is required.'
62
63
  raise ArgumentError, message
63
64
  end
@@ -52,6 +52,7 @@ module Saml
52
52
  decode(signature),
53
53
  canonicalize(params)
54
54
  )
55
+
55
56
  raise ArgumentError, 'Invalid Signature'
56
57
  end
57
58
 
@@ -87,6 +88,7 @@ module Saml
87
88
 
88
89
  def params_to_hash(value)
89
90
  return value unless value.is_a?(String)
91
+
90
92
  Hash[URI.parse(value).query.split('&').map { |xx| xx.split('=', 2) }]
91
93
  end
92
94
  end
@@ -35,6 +35,7 @@ module Saml
35
35
 
36
36
  def assertion_attributes
37
37
  return {} unless user.respond_to?(:assertion_attributes_for)
38
+
38
39
  user.assertion_attributes_for(request)
39
40
  end
40
41
 
@@ -25,7 +25,13 @@ xml.Assertion(assertion_options) do
25
25
  xml.AttributeStatement do
26
26
  assertion_attributes.each do |key, value|
27
27
  xml.Attribute Name: key do
28
- xml.AttributeValue value.to_s
28
+ if value.respond_to?(:each)
29
+ value.each do |x|
30
+ xml.AttributeValue x.to_s
31
+ end
32
+ else
33
+ xml.AttributeValue value.to_s
34
+ end
29
35
  end
30
36
  end
31
37
  end
@@ -30,6 +30,7 @@ module Saml
30
30
  def trusted?
31
31
  return true if signature_verified
32
32
  return false unless signed?
33
+
33
34
  signature.trusted?(provider)
34
35
  end
35
36
 
@@ -60,12 +61,14 @@ module Saml
60
61
  def must_be_registered
61
62
  return unless expected_type?
62
63
  return if provider.present?
64
+
63
65
  errors[:provider] << error_message(:unregistered)
64
66
  end
65
67
 
66
68
  def must_be_trusted
67
69
  return if trusted?
68
70
  return if provider.present? && !signed?
71
+
69
72
  errors[:fingerprint] << error_message(:invalid_fingerprint)
70
73
  end
71
74
  end
@@ -45,6 +45,7 @@ module Saml
45
45
  # @!visibility private
46
46
  def at_xpath(xpath)
47
47
  return unless present?
48
+
48
49
  to_nokogiri.at_xpath(xpath, NAMESPACES)
49
50
  end
50
51
 
@@ -20,6 +20,7 @@ module Saml
20
20
  # signing certificate is available via the configuration.
21
21
  def sign?
22
22
  return configuration.sign? if embed_signature.nil?
23
+
23
24
  (embed_signature && configuration.sign?) ||
24
25
  (embed_signature && signing_key_pair.present?)
25
26
  end
@@ -111,6 +111,7 @@ module Saml
111
111
  def must_be_valid_version
112
112
  return unless expected_type?
113
113
  return if version == '2.0'
114
+
114
115
  errors[:version] << error_message(:invalid_version)
115
116
  end
116
117
  end
@@ -57,6 +57,7 @@ module Saml
57
57
  xpath = "/md:EntityDescriptor/md:#{name}"
58
58
  attribute = at_xpath(xpath).attribute('WantAuthnRequestsSigned')
59
59
  return true if attribute.nil?
60
+
60
61
  attribute.text.casecmp('true').zero?
61
62
  end
62
63
 
@@ -67,6 +67,7 @@ module Saml
67
67
 
68
68
  def single_logout_service
69
69
  return if provider.nil?
70
+
70
71
  urls = provider.single_logout_services
71
72
  urls.first
72
73
  end
@@ -191,6 +191,7 @@ module Saml
191
191
 
192
192
  def must_have_valid_signature
193
193
  return if !signature.present? || signature.valid?
194
+
194
195
  signature.errors.each do |attribute, error|
195
196
  errors[attribute] << error
196
197
  end
@@ -51,6 +51,7 @@ module Saml
51
51
 
52
52
  def must_contain_single_assertion
53
53
  return if assertion_nodes.count <= 1
54
+
54
55
  errors[:base] << error_message(:must_contain_single_assertion)
55
56
  end
56
57
 
@@ -28,6 +28,7 @@ module Saml
28
28
  element = at_xpath("/md:EntityDescriptor/md:#{name}")
29
29
  attribute = element.attribute('WantAssertionsSigned')
30
30
  return true if attribute.nil?
31
+
31
32
  attribute.text.casecmp('true').zero?
32
33
  end
33
34
 
@@ -24,6 +24,7 @@ module Saml
24
24
  xpath = './ds:KeyInfo/ds:X509Data/ds:X509Certificate'
25
25
  value = at_xpath(xpath).try(:text)
26
26
  return if value.nil?
27
+
27
28
  ::Xml::Kit::Certificate.new(value, use: :signing)
28
29
  end
29
30
 
@@ -31,6 +32,7 @@ module Saml
31
32
  # the certificates registered in the metadata.
32
33
  def trusted?(metadata)
33
34
  return false if metadata.nil?
35
+
34
36
  metadata.matches?(certificate.fingerprint, use: :signing).present?
35
37
  end
36
38
 
@@ -121,6 +123,7 @@ module Saml
121
123
 
122
124
  def at_xpath(xpath)
123
125
  return nil unless node
126
+
124
127
  node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
125
128
  end
126
129
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Saml
4
4
  module Kit
5
- VERSION = '1.0.24'.freeze
5
+ VERSION = '1.0.25'.freeze
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml-kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.24
4
+ version: 1.0.25
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-09-18 00:00:00.000000000 Z
11
+ date: 2018-10-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel
@@ -342,7 +342,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
342
342
  version: '0'
343
343
  requirements: []
344
344
  rubyforge_project:
345
- rubygems_version: 2.7.7
345
+ rubygems_version: 2.7.6
346
346
  signing_key:
347
347
  specification_version: 4
348
348
  summary: A simple toolkit for working with SAML.