saml-kit 1.0.23 → 1.0.24

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 273e2fe5e94073ea27a76acf05009fc75e1173633d25104ab9f0f6aad48a7d07
4
- data.tar.gz: 3e06454c07bc08feb7cbfad2213817ee7a5c68855b61ce8a3252832b16f53ce8
3
+ metadata.gz: 3ff0dd35ecb05542b7f21d3ead4c22f232a337eaa41c9ddfa56b6d82b8f8873b
4
+ data.tar.gz: 4d189291119912edfc23847cffa213fb5c53eca8f95a27810d40f8c111ff533e
5
5
  SHA512:
6
- metadata.gz: e911dad21549d77b51d1101c559af5b9862ee5b1c8b0b6a645eeae64a52cd065e43d30ea7326f74e57bd14af1b6edddbe670fef51dc4278beb7b7522230d29ed
7
- data.tar.gz: 0de8d41c9d8755a86db9b074fae06a54ab75c77410cad63a42ef0c9bcfa2a3c87e510e7fb7c8602e32ff9aaf8fcee323314e51113a4cb9fbcfaca55f485ee230
6
+ metadata.gz: 8354776fdbb5c0ae66ed2e4a18baa38c3073e2e99f49117638419e01d111c012b0cdbe862654798bf285d9e0d5bbe78fab3f0d66e7ce79ee5c6a8ca95c58e676
7
+ data.tar.gz: da11bf9e0f5d4f9fec869b7908f0249d63454ba2edefe40e3b0080037d02615d1129ad6b9cd9c72ed1794d64da25eb789e1412ad4db35070d1a28f5e00829f76
@@ -5,10 +5,7 @@ module Saml
5
5
  # This class validates the Assertion
6
6
  # element nested in a Response element
7
7
  # of a SAML document.
8
- class Assertion
9
- include ActiveModel::Validations
10
- include Translatable
11
- include XmlParseable
8
+ class Assertion < Document
12
9
  extend Forwardable
13
10
  XPATH = [
14
11
  '/samlp:Response/saml:Assertion',
@@ -21,26 +18,35 @@ module Saml
21
18
  validate :must_match_issuer, if: :decryptable?
22
19
  validate :must_be_active_session, if: :decryptable?
23
20
  validate :must_have_valid_signature, if: :decryptable?
24
- attr_reader :name
21
+ attr_reader :name, :configuration
25
22
  attr_accessor :occurred_at
26
23
 
27
24
  def initialize(
28
25
  node, configuration: Saml::Kit.configuration, private_keys: []
29
26
  )
30
27
  @name = 'Assertion'
31
- @to_nokogiri = node
28
+ @to_nokogiri = node.is_a?(String) ? Nokogiri::XML(node).root : node
32
29
  @configuration = configuration
33
30
  @occurred_at = Time.current
34
31
  @cannot_decrypt = false
35
32
  @encrypted = false
36
33
  keys = configuration.private_keys(use: :encryption) + private_keys
37
34
  decrypt(::Xml::Kit::Decryption.new(private_keys: keys.uniq))
35
+ super(to_s, name: 'Assertion', configuration: configuration)
36
+ end
37
+
38
+ def id
39
+ at_xpath('./@ID').try(:value)
38
40
  end
39
41
 
40
42
  def issuer
41
43
  at_xpath('./saml:Issuer').try(:text)
42
44
  end
43
45
 
46
+ def version
47
+ at_xpath('./@Version').try(:value)
48
+ end
49
+
44
50
  def name_id
45
51
  at_xpath('./saml:Subject/saml:NameID').try(:text)
46
52
  end
@@ -66,9 +72,12 @@ module Saml
66
72
  now > drifted_started_at && !expired?(now)
67
73
  end
68
74
 
69
- def attribute_statement
70
- @attribute_statement ||=
71
- AttributeStatement.new(search('./saml:AttributeStatement'))
75
+ def expected_type?
76
+ at_xpath('../saml:Assertion|../saml:EncryptedAssertion').present?
77
+ end
78
+
79
+ def attribute_statement(xpath = './saml:AttributeStatement')
80
+ @attribute_statement ||= AttributeStatement.new(search(xpath))
72
81
  end
73
82
 
74
83
  def conditions
@@ -90,8 +99,6 @@ module Saml
90
99
 
91
100
  private
92
101
 
93
- attr_reader :configuration
94
-
95
102
  def decrypt(decryptor)
96
103
  encrypted_assertion = at_xpath('./xmlenc:EncryptedData')
97
104
  @encrypted = encrypted_assertion.present?
@@ -7,17 +7,21 @@ module Saml
7
7
  # {include:file:lib/saml/kit/builders/templates/assertion.builder}
8
8
  class Assertion
9
9
  include XmlTemplatable
10
- extend Forwardable
11
-
12
- def_delegators :@response_builder,
13
- :request, :issuer, :reference_id, :now, :configuration, :user,
14
- :version, :destination
15
10
 
11
+ attr_reader :user, :request, :configuration
12
+ attr_accessor :reference_id
13
+ attr_accessor :now, :destination
14
+ attr_accessor :issuer, :version
16
15
  attr_accessor :default_name_id_format
17
16
 
18
- def initialize(response_builder, embed_signature)
19
- @response_builder = response_builder
20
- self.embed_signature = embed_signature
17
+ def initialize(user, request, configuration: Saml::Kit.configuration)
18
+ @user = user
19
+ @request = request
20
+ @configuration = configuration
21
+ @issuer = configuration.entity_id
22
+ @reference_id = ::Xml::Kit::Id.generate
23
+ @version = '2.0'
24
+ @now = Time.now.utc
21
25
  self.default_name_id_format = Saml::Kit::Namespaces::UNSPECIFIED_NAMEID
22
26
  end
23
27
 
@@ -34,8 +38,8 @@ module Saml
34
38
  user.assertion_attributes_for(request)
35
39
  end
36
40
 
37
- def signing_key_pair
38
- super || @response_builder.signing_key_pair
41
+ def build
42
+ Saml::Kit::Assertion.new(to_xml, configuration: configuration)
39
43
  end
40
44
 
41
45
  private
@@ -8,7 +8,7 @@ module Saml
8
8
  class Response
9
9
  include XmlTemplatable
10
10
  attr_reader :user, :request
11
- attr_accessor :id, :reference_id, :now
11
+ attr_accessor :id, :now
12
12
  attr_accessor :version, :status_code, :status_message
13
13
  attr_accessor :issuer, :destination
14
14
  attr_reader :configuration
@@ -19,7 +19,6 @@ module Saml
19
19
  @user = user
20
20
  @request = request
21
21
  @id = ::Xml::Kit::Id.generate
22
- @reference_id = ::Xml::Kit::Id.generate
23
22
  @now = Time.now.utc
24
23
  @version = '2.0'
25
24
  @status_code = Namespaces::SUCCESS
@@ -46,14 +45,13 @@ module Saml
46
45
  def assertion
47
46
  @assertion ||=
48
47
  begin
49
- assertion = Saml::Kit::Builders::Assertion.new(
50
- self, embed_signature
51
- )
52
- if encrypt
53
- Saml::Kit::Builders::EncryptedAssertion.new(self, assertion)
54
- else
55
- assertion
56
- end
48
+ assertion = Assertion.new(user, request, configuration: configuration)
49
+ assertion.sign_with(@signing_key_pair) if @signing_key_pair
50
+ assertion.embed_signature = embed_signature unless embed_signature.nil?
51
+ assertion.now = now
52
+ assertion.destination = destination
53
+ assertion.issuer = issuer
54
+ encrypt ? EncryptedAssertion.new(self, assertion) : assertion
57
55
  end
58
56
  end
59
57
 
@@ -19,7 +19,7 @@ module Saml
19
19
 
20
20
  Dir.chdir(File.dirname(xsd)) do
21
21
  xsd = Nokogiri::XML::Schema(IO.read(xsd))
22
- xsd.validate(to_nokogiri).each do |error|
22
+ xsd.validate(to_nokogiri.document).each do |error|
23
23
  errors[:base] << error.message
24
24
  end
25
25
  end
@@ -83,10 +83,11 @@ module Saml
83
83
  # @!visibility private
84
84
  def builder_class # :nodoc:
85
85
  {
86
- Response.to_s => Saml::Kit::Builders::Response,
87
- LogoutResponse.to_s => Saml::Kit::Builders::LogoutResponse,
86
+ Assertion.to_s => Saml::Kit::Builders::Assertion,
88
87
  AuthenticationRequest.to_s => Saml::Kit::Builders::AuthenticationRequest,
89
88
  LogoutRequest.to_s => Saml::Kit::Builders::LogoutRequest,
89
+ LogoutResponse.to_s => Saml::Kit::Builders::LogoutResponse,
90
+ Response.to_s => Saml::Kit::Builders::Response,
90
91
  }[name] || (raise ArgumentError, "Unknown SAML Document #{name}")
91
92
  end
92
93
  end
@@ -5,8 +5,12 @@ en:
5
5
  Assertion:
6
6
  cannot_decrypt: "cannot be decrypted."
7
7
  expired: "must not be expired."
8
- must_match_issuer: "must match entityId."
8
+ invalid: "must contain Assertion."
9
+ invalid_fingerprint: "is not registered."
10
+ invalid_version: "must be 2.0."
9
11
  must_contain_single_assertion: "must contain single Assertion."
12
+ must_match_issuer: "must match entityId."
13
+ unregistered: "is unregistered."
10
14
  AuthnRequest:
11
15
  invalid: "must contain AuthnRequest."
12
16
  invalid_fingerprint: "is not registered."
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Saml
4
4
  module Kit
5
- VERSION = '1.0.23'.freeze
5
+ VERSION = '1.0.24'.freeze
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml-kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.23
4
+ version: 1.0.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-08-23 00:00:00.000000000 Z
11
+ date: 2018-09-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel