saml2 1.0.10 → 1.1.0

data/spec/lib/conditions_spec.rb

@@ -3,13 +3,13 @@ require_relative '../spec_helper'
 module SAML2
   describe Conditions do
     it "empty should be valid" do
-      Conditions.new.valid?.must_equal :valid
+      expect(Conditions.new.valid?).to eq :valid
     end
 
     it "should be valid with unknown condition" do
       conditions = Conditions.new
       conditions << Conditions::Condition.new
-      conditions.valid?.must_equal :indeterminate
+      expect(conditions.valid?).to eq :indeterminate
     end
 
     it "should be valid with timestamps" do
@@ -17,7 +17,7 @@ module SAML2
       now = Time.now.utc
       conditions.not_before = now - 5
       conditions.not_on_or_after = now + 30
-      conditions.valid?.must_equal :valid
+      expect(conditions.valid?).to eq :valid
     end
 
     it "should be invalid with out of range timestamps" do
@@ -25,7 +25,7 @@ module SAML2
       now = Time.now.utc
       conditions.not_before = now - 35
       conditions.not_on_or_after = now - 5
-      conditions.valid?.must_equal :invalid
+      expect(conditions.valid?).to eq :invalid
     end
 
     it "should allow passing now" do
@@ -33,7 +33,7 @@ module SAML2
       now = Time.now.utc
       conditions.not_before = now - 35
       conditions.not_on_or_after = now - 5
-      conditions.valid?(now: now - 10).must_equal :valid
+      expect(conditions.valid?(now: now - 10)).to eq :valid
     end
 
     it "should be invalid before indeterminate" do
@@ -41,29 +41,29 @@ module SAML2
       now = Time.now.utc
       conditions.not_before = now + 5
       conditions << Conditions::Condition.new
-      conditions.valid?.must_equal :invalid
+      expect(conditions.valid?).to eq :invalid
     end
 
     it "should be invalid before indeterminate (actual conditions)" do
       conditions = Conditions.new
       conditions << Conditions::Condition.new
       conditions << Conditions::AudienceRestriction.new('audience')
-      conditions.valid?.must_equal :invalid
+      expect(conditions.valid?).to eq :invalid
     end
 
   end
 
   describe Conditions::AudienceRestriction do
     it "should be invalid" do
-      Conditions::AudienceRestriction.new('expected').valid?(audience: 'actual').must_equal :invalid
+      expect(Conditions::AudienceRestriction.new('expected').valid?(audience: 'actual')).to eq :invalid
     end
 
     it "should be valid" do
-      Conditions::AudienceRestriction.new('expected').valid?(audience: 'expected').must_equal :valid
+      expect(Conditions::AudienceRestriction.new('expected').valid?(audience: 'expected')).to eq :valid
     end
 
     it "should be valid with an array" do
-      Conditions::AudienceRestriction.new(['expected', 'actual']).valid?(audience: 'actual').must_equal :valid
+      expect(Conditions::AudienceRestriction.new(['expected', 'actual']).valid?(audience: 'actual')).to eq :valid
     end
   end
 end

data/spec/lib/entity_spec.rb

@@ -4,45 +4,45 @@ module SAML2
   describe Entity do
     it "should parse and validate" do
       entity = Entity.parse(fixture('service_provider.xml'))
-      entity.valid_schema?.must_equal true
+      expect(entity.valid_schema?).to eq true
     end
 
     it "should return nil when not valid schema" do
       entity = Entity.parse("<xml></xml>")
-      assert_nil(entity)
+      expect(entity).to be_nil
     end
 
     it "should return nil on non-XML" do
       entity = Entity.parse("garbage")
-      assert_nil(entity)
+      expect(entity).to be_nil
     end
 
     describe "valid schema" do
       let(:entity) { Entity.parse(fixture('service_provider.xml')) }
 
       it "should find the id" do
-        entity.entity_id.must_equal "http://siteadmin.instructure.com/saml2"
+        expect(entity.entity_id).to eq "http://siteadmin.instructure.com/saml2"
       end
 
       it "should parse the organization" do
-        entity.organization.display_name.must_equal 'Canvas'
-        entity.organization.display_name('en').must_equal 'Canvas'
-        assert_nil(entity.organization.display_name('es'))
-        entity.organization.display_name(:all).must_equal en: 'Canvas'
+        expect(entity.organization.display_name).to eq 'Canvas'
+        expect(entity.organization.display_name('en')).to eq 'Canvas'
+        expect(entity.organization.display_name('es')).to be_nil
+        expect(entity.organization.display_name(:all)).to eq en: 'Canvas'
       end
 
       it "validates metadata from ADFS containing lots of non-SAML schemas" do
-        Entity.parse(fixture('FederationMetadata.xml')).valid_schema?.must_equal true
+        expect(Entity.parse(fixture('FederationMetadata.xml')).valid_schema?).to eq true
       end
     end
 
     describe Entity::Group do
       it "should parse and validate" do
         group = Entity.parse(fixture('entities.xml'))
-        group.must_be_instance_of Entity::Group
-        group.valid_schema?.must_equal true
+        expect(group).to be_instance_of(Entity::Group)
+        expect(group.valid_schema?).to eq true
 
-        group.map(&:entity_id).must_equal ['urn:entity1', 'urn:entity2']
+        expect(group.map(&:entity_id)).to eq ['urn:entity1', 'urn:entity2']
       end
     end
   end

data/spec/lib/identity_provider_spec.rb

@@ -17,7 +17,7 @@ module SAML2
       idp.keys << Key.new('somedata', Key::Type::SIGNING)
 
       entity.roles << idp
-      Schemas.metadata.validate(Nokogiri::XML(entity.to_s)).must_equal []
+      expect(Schemas.metadata.validate(Nokogiri::XML(entity.to_s))).to eq []
     end
 
     describe "valid metadata" do
@@ -25,12 +25,12 @@ module SAML2
       let(:idp) { entity.roles.first }
 
       it "should create the single_sign_on_services array" do
-        idp.single_sign_on_services.length.must_equal 3
-        idp.single_sign_on_services.first.location.must_equal 'https://sso.school.edu/idp/profile/Shibboleth/SSO'
+        expect(idp.single_sign_on_services.length).to eq 3
+        expect(idp.single_sign_on_services.first.location).to eq 'https://sso.school.edu/idp/profile/Shibboleth/SSO'
       end
 
       it "should find the signing certificate" do
-        idp.keys.first.x509.must_match(/MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD/)
+        expect(idp.keys.first.x509).to match(/MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD/)
       end
     end
   end

data/spec/lib/indexed_object_spec.rb

@@ -1,22 +1,53 @@
 require_relative '../spec_helper'
 
 module SAML2
+  describe IndexedObject do
+    describe "#default?" do
+      it "always returns a boolean" do
+        acs = Endpoint::Indexed.new('a', 0)
+        expect(acs.default?).to eq false
+        expect(acs.default_defined?).to eq false
+      end
+
+      it "#default_defined? works" do
+        acs = Endpoint::Indexed.new('a', 0, false)
+        expect(acs.default?).to eq false
+        expect(acs.default_defined?).to eq true
+      end
+    end
+
+    context "serialization" do
+      it "doesn't include isDefault when it's nil" do
+        acs = Endpoint::Indexed.new('a', 0)
+        builder = double()
+        expect(builder).to receive(:[]).and_return(builder).ordered
+        expect(builder).to receive(:"AssertionConsumerService").ordered
+        expect(builder).to receive(:parent).and_return(builder).ordered
+        expect(builder).to receive(:children).and_return(builder).ordered
+        expect(builder).to receive(:last).and_return(builder).ordered
+        expect(builder).to receive(:[]=).with("index", 0).ordered
+
+        acs.build(builder,"AssertionConsumerService")
+      end
+    end
+  end
+
   describe IndexedObject::Array do
     it "should sort by index" do
       acses = Endpoint::Indexed::Array.new(
           [Endpoint::Indexed.new('b', 1),
            Endpoint::Indexed.new('a', 0)])
-      acses.map(&:location).must_equal ['a', 'b']
+      expect(acses.map(&:location)).to eq ['a', 'b']
     end
 
     it "should be accessible by index" do
       acses = Endpoint::Indexed::Array.new(
           [Endpoint::Indexed.new('b', 3),
            Endpoint::Indexed.new('a', 1)])
-      acses.map(&:location).must_equal ['a', 'b']
-      acses[1].location.must_equal 'a'
-      acses[3].location.must_equal 'b'
-      assert_nil(acses[0])
+      expect(acses.map(&:location)).to eq ['a', 'b']
+      expect(acses[1].location).to eq 'a'
+      expect(acses[3].location).to eq 'b'
+      expect(acses[0]).to be_nil
     end
 
     describe "#default" do
@@ -24,14 +55,14 @@ module SAML2
         acses = Endpoint::Indexed::Array.new(
             [Endpoint::Indexed.new('a', 0),
              Endpoint::Indexed.new('b', 1)])
-        acses.default.location.must_equal 'a'
+        expect(acses.default.location).to eq 'a'
       end
 
       it "should default to a tagged default" do
         acses = Endpoint::Indexed::Array.new(
             [Endpoint::Indexed.new('a', 0),
              Endpoint::Indexed.new('b', 1, true)])
-        acses.default.location.must_equal 'b'
+        expect(acses.default.location).to eq 'b'
       end
     end
   end

data/spec/lib/logout_request_spec.rb

@@ -0,0 +1,31 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe LogoutRequest do
+    let(:idp) { Entity.parse(fixture('identity_provider.xml')).roles.first }
+
+    let(:logout_request) {
+      LogoutRequest.initiate(idp,
+                             NameID.new('issuer'),
+                             NameID.new('jacob',
+                                        name_qualifier: "a",
+                                        sp_name_qualifier: "b"),
+                             "abc")
+    }
+
+    it "should generate valid XML" do
+      xml = logout_request.to_s
+      expect(Schemas.protocol.validate(Nokogiri::XML(xml))).to eq []
+    end
+
+    it "parses" do
+      # yup, I'm lazy
+      new_request = LogoutRequest.parse(logout_request.to_s)
+      expect(new_request.issuer.id).to eq 'issuer'
+      expect(new_request.name_id.id).to eq 'jacob'
+      expect(new_request.name_id.name_qualifier).to eq 'a'
+      expect(new_request.name_id.sp_name_qualifier).to eq 'b'
+      expect(new_request.session_index).to eq ['abc']
+    end
+  end
+end

data/spec/lib/logout_response_spec.rb

@@ -0,0 +1,31 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe LogoutResponse do
+    let(:idp) { Entity.parse(fixture('identity_provider.xml')).roles.first }
+
+    let(:logout_request) {
+      LogoutRequest.initiate(idp,
+                             NameID.new('issuer'),
+                             NameID.new('jacob',
+                                        name_qualifier: "a",
+                                        sp_name_qualifier: "b"),
+                             "abc")
+    }
+    let(:logout_response) {
+      LogoutResponse.respond_to(logout_request, idp, NameID.new('issuer2'))
+    }
+
+    it "should generate valid XML" do
+      xml = logout_response.to_s
+      expect(Schemas.protocol.validate(Nokogiri::XML(xml))).to eq []
+    end
+
+    it "parses" do
+      # yup, I'm lazy
+      new_response = LogoutResponse.parse(logout_response.to_s)
+      expect(new_response.issuer.id).to eq 'issuer2'
+      expect(new_response.status.code).to eq Status::SUCCESS
+    end
+  end
+end

data/spec/lib/message_spec.rb

@@ -0,0 +1,21 @@
+require_relative '../spec_helper'
+
+module SAML2
+  describe Message do
+    describe '.parse' do
+      it 'complains about invalid XML' do
+        expect { Message.parse("garbage") }.to raise_error(CorruptMessage)
+      end
+
+      it 'complains about getting the wrong type if calling on a subclass, and you get a different type' do
+        expect { Response.parse(fixture('authnrequest.xml')) }.to raise_error(UnexpectedMessage)
+      end
+    end
+
+    describe '.from_xml' do
+      it "complains about unknown messages" do
+        expect { Message.parse("<Garbage></Garbage>") }.to raise_error(UnknownMessage)
+      end
+    end
+  end
+end

data/spec/lib/response_spec.rb

@@ -11,15 +11,14 @@ module SAML2
     end
 
     let(:response) do
-      response = Response.respond_to(request,
-                                     NameID.new('issuer'),
-                                     NameID.new('jacob', NameID::Format::PERSISTENT))
-      response
+      Response.respond_to(request,
+                          NameID.new('issuer'),
+                          NameID.new('jacob', NameID::Format::PERSISTENT))
     end
 
     it "should generate valid XML" do
       xml = response.to_s
-      Schemas.protocol.validate(Nokogiri::XML(xml)).must_equal []
+      expect(Schemas.protocol.validate(Nokogiri::XML(xml))).to eq []
     end
 
     def freeze_response
@@ -40,23 +39,23 @@ module SAML2
     it "should generate a valid signature" do
       freeze_response
       response.sign(fixture('certificate.pem'), fixture('privatekey.key'))
-      Schemas.protocol.validate(response.to_xml).must_equal []
+      expect(Schemas.protocol.validate(response.to_xml)).to eq []
       # verifiable on the command line with:
       # xmlsec1 --verify --pubkey-cert-pem certificate.pem --privkey-pem privatekey.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion response_signed.xml
-      response.to_s.must_equal fixture('response_signed.xml')
+      expect(response.to_s).to eq fixture('response_signed.xml')
     end
 
     it "should generate a valid signature when attributes are present" do
       freeze_response
       response.assertions.first.statements << sp.attribute_consuming_services.default.create_statement('givenName' => 'cody')
       response.sign(fixture('certificate.pem'), fixture('privatekey.key'))
-      response.to_s.must_equal fixture('response_with_attribute_signed.xml')
+      expect(response.to_s).to eq fixture('response_with_attribute_signed.xml')
     end
 
     it "should generate valid XML for IdP initiated response" do
       response = Response.initiate(sp, NameID.new('issuer'),
                               NameID.new('jacob', NameID::Format::PERSISTENT))
-      Schemas.protocol.validate(Nokogiri::XML(response.to_s)).must_equal []
+      expect(Schemas.protocol.validate(Nokogiri::XML(response.to_s))).to eq []
     end
   end
 end

data/spec/lib/service_provider_spec.rb

@@ -2,28 +2,49 @@ require_relative '../spec_helper'
 
 module SAML2
   describe ServiceProvider do
+    it "should serialize valid xml" do
+      entity = Entity.new
+      entity.entity_id = 'http://sso.canvaslms.com/SAML2'
+      entity.organization = Organization.new('Canvas', 'Canvas by Instructure', 'https://www.canvaslms.com/')
+      contact = Contact.new(Contact::Type::TECHNICAL)
+      contact.company = 'Instructure'
+      contact.email_addresses << 'mailto:ops@instructure.com'
+      entity.contacts << contact
+
+      sp = ServiceProvider.new
+      sp.single_logout_services << Endpoint.new('https://sso.canvaslms.com/SAML2/Logout',
+                                                 Endpoint::Bindings::HTTP_REDIRECT)
+      sp.assertion_consumer_services << Endpoint::Indexed.new('https://sso.canvaslms.com/SAML2/Login1', 0)
+      sp.assertion_consumer_services << Endpoint::Indexed.new('https://sso.canvaslms.com/SAML2/Login2', 1)
+      sp.keys << Key.new('somedata', Key::Type::ENCRYPTION, [Key::EncryptionMethod.new])
+      sp.keys << Key.new('somedata', Key::Type::SIGNING)
+
+      entity.roles << sp
+      expect(Schemas.metadata.validate(Nokogiri::XML(entity.to_s))).to eq []
+    end
+
     describe "valid metadata" do
       let(:entity) { Entity.parse(fixture('service_provider.xml')) }
       let(:sp) { entity.roles.first }
 
       it "should create the assertion_consumer_services array" do
-        sp.assertion_consumer_services.length.must_equal 4
-        sp.assertion_consumer_services.map(&:index).must_equal [0, 1, 2, 3]
-        sp.assertion_consumer_services.first.location.must_equal 'https://siteadmin.instructure.com/saml_consume'
+        expect(sp.assertion_consumer_services.length).to eq 4
+        expect(sp.assertion_consumer_services.map(&:index)).to eq [0, 1, 2, 3]
+        expect(sp.assertion_consumer_services.first.location).to eq 'https://siteadmin.instructure.com/saml_consume'
       end
 
       it "should find the signing certificate" do
-        sp.signing_keys.first.x509.must_match(/MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD/)
+        expect(sp.signing_keys.first.x509).to match(/MIIE8TCCA9mgAwIBAgIJAITusxON60cKMA0GCSqGSIb3DQEBBQUAMIGrMQswCQYD/)
       end
 
       it "should load the organization" do
-        entity.organization.display_name.must_equal 'Canvas'
+        expect(entity.organization.display_name).to eq 'Canvas'
       end
 
       it "should load contacts" do
-        entity.contacts.length.must_equal 1
-        entity.contacts.first.type.must_equal Contact::Type::TECHNICAL
-        entity.contacts.first.surname.must_equal 'Administrator'
+        expect(entity.contacts.length).to eq 1
+        expect(entity.contacts.first.type).to eq Contact::Type::TECHNICAL
+        expect(entity.contacts.first.surname).to eq 'Administrator'
       end
     end
   end

data/spec/spec_helper.rb

@@ -1,4 +1,3 @@
-require 'minitest/autorun'
 require 'saml2'
 
 def fixture(name)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml2
 version: !ruby/object:Gem::Version
-  version: 1.0.10
+  version: 1.1.0
 platform: ruby
 authors:
 - Cody Cutrer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-27 00:00:00.000000000 Z
+date: 2017-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -70,34 +70,48 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '9.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '12.0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.5'
 description: |2
     The saml2 library is yet another SAML library for Ruby, with
     an emphasis on _not_ re-implementing XML, especially XML Security,
@@ -122,6 +136,8 @@ files:
 - lib/saml2/authn_request.rb
 - lib/saml2/authn_statement.rb
 - lib/saml2/base.rb
+- lib/saml2/bindings.rb
+- lib/saml2/bindings/http_redirect.rb
 - lib/saml2/conditions.rb
 - lib/saml2/contact.rb
 - lib/saml2/endpoint.rb
@@ -130,15 +146,21 @@ files:
 - lib/saml2/identity_provider.rb
 - lib/saml2/indexed_object.rb
 - lib/saml2/key.rb
+- lib/saml2/logout_request.rb
+- lib/saml2/logout_response.rb
+- lib/saml2/message.rb
 - lib/saml2/name_id.rb
 - lib/saml2/namespaces.rb
 - lib/saml2/organization.rb
 - lib/saml2/organization_and_contacts.rb
+- lib/saml2/request.rb
 - lib/saml2/response.rb
 - lib/saml2/role.rb
 - lib/saml2/schemas.rb
 - lib/saml2/service_provider.rb
 - lib/saml2/sso.rb
+- lib/saml2/status.rb
+- lib/saml2/status_response.rb
 - lib/saml2/subject.rb
 - lib/saml2/version.rb
 - schemas/MetadataExchange.xsd
@@ -166,10 +188,14 @@ files:
 - spec/lib/attribute_consuming_service_spec.rb
 - spec/lib/attribute_spec.rb
 - spec/lib/authn_request_spec.rb
+- spec/lib/bindings/http_redirect_spec.rb
 - spec/lib/conditions_spec.rb
 - spec/lib/entity_spec.rb
 - spec/lib/identity_provider_spec.rb
 - spec/lib/indexed_object_spec.rb
+- spec/lib/logout_request_spec.rb
+- spec/lib/logout_response_spec.rb
+- spec/lib/message_spec.rb
 - spec/lib/response_spec.rb
 - spec/lib/service_provider_spec.rb
 - spec/spec_helper.rb
@@ -210,10 +236,14 @@ test_files:
 - spec/lib/attribute_consuming_service_spec.rb
 - spec/lib/attribute_spec.rb
 - spec/lib/authn_request_spec.rb
+- spec/lib/bindings/http_redirect_spec.rb
 - spec/lib/conditions_spec.rb
 - spec/lib/entity_spec.rb
 - spec/lib/identity_provider_spec.rb
 - spec/lib/indexed_object_spec.rb
+- spec/lib/logout_request_spec.rb
+- spec/lib/logout_response_spec.rb
+- spec/lib/message_spec.rb
 - spec/lib/response_spec.rb
 - spec/lib/service_provider_spec.rb
 - spec/spec_helper.rb