saml2 2.2.3 → 2.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/saml2/assertion.rb +6 -3
  3. data/lib/saml2/conditions.rb +1 -0
  4. data/lib/saml2/response.rb +4 -3
  5. data/lib/saml2/version.rb +1 -1
  6. data/spec/fixtures/noconditions_response.xml +1 -0
  7. data/spec/lib/response_spec.rb +5 -0
  8. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4738dcfc5520adfcf8de16d6bc1d5416fba979d3d98245846da68f08732db743
4
- data.tar.gz: 93437ef60321d3f7ceef5927e6849df7853d9b905c73e0fe3c253ac5eccf6f80
3
+ metadata.gz: 9ddfa80997c8cd9e463d41bd14dfd213653d1b20b4b65ef9d65e4e01023d7d51
4
+ data.tar.gz: 0afbd8222cf2f7450983780c013892a46525f0bf1db118e7e6cc11f15675b4c0
5
5
  SHA512:
6
- metadata.gz: 771cd1a6c06c4246440b31efdeca1d65fce49e5d43809a65e74917b97e1543727deaa280d9bc3ba7f286fdbe9fe88fbdf566d9949988f1067e8be98c3adba0a5
7
- data.tar.gz: 3a21a953e2f9d4141124e58b2680877acbcd93e1100cb7444f058a71b2a07ef9a54fed2ed84265b92d50e064ae5c9354c53a22b57aff5f0cfdaab826c63d8bfa
6
+ metadata.gz: 0b69c37f7f9df28d7776a388dd6e3382868941d4d2130e0e0842feae7194dfad7e8bdf21c87130d23ac14baffdcb8662a56147eb82e8cf979fb3f4f1c255ce39
7
+ data.tar.gz: 31dd8a893d188aaed40b997f80a2298c22cceee3280907f158e92485a43c6aa487ec43643afb3e9c2c61835aeb849f2199924d37ad90b615b36eee62ec1b88d3
data/lib/saml2/assertion.rb CHANGED
@@ -14,8 +14,8 @@ module SAML2
14
14
 
15
15
  def from_xml(node)
16
16
  super
17
- @conditions = nil
18
17
  @statements = nil
18
+ remove_instance_variable(:@conditions)
19
19
  end
20
20
 
21
21
  # @return [Subject, nil]
@@ -28,7 +28,10 @@ module SAML2
28
28
 
29
29
  # @return [Conditions]
30
30
  def conditions
31
- @conditions ||= Conditions.from_xml(xml.at_xpath('saml:Conditions', Namespaces::ALL))
31
+ if !instance_variable_defined?(:@conditions) && xml
32
+ @conditions = Conditions.from_xml(xml.at_xpath('saml:Conditions', Namespaces::ALL))
33
+ end
34
+ @conditions
32
35
  end
33
36
 
34
37
  # @return [Array<AuthnStatement]
@@ -55,7 +58,7 @@ module SAML2
55
58
 
56
59
  subject.build(assertion)
57
60
 
58
- conditions.build(assertion)
61
+ conditions.build(assertion) if conditions
59
62
 
60
63
  statements.each { |stmt| stmt.build(assertion) }
61
64
  end
data/lib/saml2/conditions.rb CHANGED
@@ -11,6 +11,7 @@ module SAML2
11
11
 
12
12
  # (see Base.from_xml)
13
13
  def self.from_xml(node)
14
+ return nil unless node
14
15
  result = new
15
16
  result.from_xml(node)
16
17
  result
data/lib/saml2/response.rb CHANGED
@@ -185,7 +185,7 @@ module SAML2
185
185
 
186
186
  # only do our own issue instant validation if the assertion
187
187
  # doesn't mandate any
188
- unless assertion.conditions.not_on_or_after
188
+ unless assertion.conditions&.not_on_or_after
189
189
  if assertion.issue_instant + 5 * 60 < verification_time ||
190
190
  assertion.issue_instant - 5 * 60 > verification_time
191
191
  errors << "assertion not recently issued"
@@ -193,8 +193,9 @@ module SAML2
193
193
  end
194
194
  end
195
195
 
196
- unless (condition_errors = assertion.conditions.validate(verification_time: verification_time,
197
- audience: service_provider.entity_id)).empty?
196
+ if assertion.conditions &&
197
+ !(condition_errors = assertion.conditions.validate(verification_time: verification_time,
198
+ audience: service_provider.entity_id)).empty?
198
199
  return errors.concat(condition_errors)
199
200
  end
200
201
 
data/lib/saml2/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SAML2
4
- VERSION = '2.2.3'
4
+ VERSION = '2.2.4'
5
5
  end
data/spec/fixtures/noconditions_response.xml ADDED
@@ -0,0 +1 @@
1
+ <samlp:Response ID="_8BE49FED716A72AC7F522E48FB0AAD60" Version="2.0" IssueInstant="2018-06-02T17:10:55.181Z" Destination="https://school.instructure.com/login/saml" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://login.school.org:9000/SSO/CanvasIndex</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_8BE49FED716A72AC7F522E48FB0AAD60"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>JLUChoHqec/YsCvAbA5IyZec+SI=</DigestValue></Reference></SignedInfo><SignatureValue>Zyz2cx4zwPXZrIJS0Tviio41F13yqRAlCGZQN6attC9w/vUf+l0dDinWP0cIpmKTSTxm0ZvwQsxb1hOhHNMVmgl1enKxAS51vSn1UDLLAwumlv3+hb0PBNkOrdfgxXXNUPJvJokBMGvEQl5Iy2YRQUlmpY49NfLIWfbgI55YqGg=</SignatureValue><KeyInfo><X509Data><X509Certificate></X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7B628E4F6D162193D406C05E2BF19920" IssueInstant="2018-06-02T17:10:55.181Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>https://login.school.org:9000/SSO/CanvasIndex</saml:Issuer><saml:Subject><saml:NameID>user@school.edu</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2028-06-02T10:10:55.181Z" Recipient="https://school.instructure.com/login/saml" /></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2018-06-02T17:10:55.181Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
data/spec/lib/response_spec.rb CHANGED
@@ -109,6 +109,11 @@ module SAML2
109
109
  expect(response.assertions.first.subject.name_id.id).to eq 'testuser@example.com'
110
110
  end
111
111
 
112
+ it "doesn't choke on missing Conditions" do
113
+ response = Response.parse(fixture("noconditions_response.xml"))
114
+ expect(response.assertions.first.conditions).to eq nil
115
+ end
116
+
112
117
  describe "#validate" do
113
118
  let (:idp_entity) do
114
119
  idp_entity = Entity.new("issuer")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.3
4
+ version: 2.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cody Cutrer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-25 00:00:00.000000000 Z
11
+ date: 2018-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -186,6 +186,7 @@ files:
186
186
  - spec/fixtures/entities.xml
187
187
  - spec/fixtures/external-uri-reference-response.xml
188
188
  - spec/fixtures/identity_provider.xml
189
+ - spec/fixtures/noconditions_response.xml
189
190
  - spec/fixtures/othercertificate.pem
190
191
  - spec/fixtures/privatekey.key
191
192
  - spec/fixtures/response_signed.xml
@@ -263,6 +264,7 @@ test_files:
263
264
  - spec/fixtures/response_tampered_signature.xml
264
265
  - spec/fixtures/xml_missigned_assertion.xml
265
266
  - spec/fixtures/certificate.pem
267
+ - spec/fixtures/noconditions_response.xml
266
268
  - spec/fixtures/entities.xml
267
269
  - spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml
268
270
  - spec/fixtures/othercertificate.pem