saml2 2.2.3 → 2.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4738dcfc5520adfcf8de16d6bc1d5416fba979d3d98245846da68f08732db743
4
- data.tar.gz: 93437ef60321d3f7ceef5927e6849df7853d9b905c73e0fe3c253ac5eccf6f80
3
+ metadata.gz: 9ddfa80997c8cd9e463d41bd14dfd213653d1b20b4b65ef9d65e4e01023d7d51
4
+ data.tar.gz: 0afbd8222cf2f7450983780c013892a46525f0bf1db118e7e6cc11f15675b4c0
5
5
  SHA512:
6
- metadata.gz: 771cd1a6c06c4246440b31efdeca1d65fce49e5d43809a65e74917b97e1543727deaa280d9bc3ba7f286fdbe9fe88fbdf566d9949988f1067e8be98c3adba0a5
7
- data.tar.gz: 3a21a953e2f9d4141124e58b2680877acbcd93e1100cb7444f058a71b2a07ef9a54fed2ed84265b92d50e064ae5c9354c53a22b57aff5f0cfdaab826c63d8bfa
6
+ metadata.gz: 0b69c37f7f9df28d7776a388dd6e3382868941d4d2130e0e0842feae7194dfad7e8bdf21c87130d23ac14baffdcb8662a56147eb82e8cf979fb3f4f1c255ce39
7
+ data.tar.gz: 31dd8a893d188aaed40b997f80a2298c22cceee3280907f158e92485a43c6aa487ec43643afb3e9c2c61835aeb849f2199924d37ad90b615b36eee62ec1b88d3
@@ -14,8 +14,8 @@ module SAML2
14
14
 
15
15
  def from_xml(node)
16
16
  super
17
- @conditions = nil
18
17
  @statements = nil
18
+ remove_instance_variable(:@conditions)
19
19
  end
20
20
 
21
21
  # @return [Subject, nil]
@@ -28,7 +28,10 @@ module SAML2
28
28
 
29
29
  # @return [Conditions]
30
30
  def conditions
31
- @conditions ||= Conditions.from_xml(xml.at_xpath('saml:Conditions', Namespaces::ALL))
31
+ if !instance_variable_defined?(:@conditions) && xml
32
+ @conditions = Conditions.from_xml(xml.at_xpath('saml:Conditions', Namespaces::ALL))
33
+ end
34
+ @conditions
32
35
  end
33
36
 
34
37
  # @return [Array<AuthnStatement]
@@ -55,7 +58,7 @@ module SAML2
55
58
 
56
59
  subject.build(assertion)
57
60
 
58
- conditions.build(assertion)
61
+ conditions.build(assertion) if conditions
59
62
 
60
63
  statements.each { |stmt| stmt.build(assertion) }
61
64
  end
@@ -11,6 +11,7 @@ module SAML2
11
11
 
12
12
  # (see Base.from_xml)
13
13
  def self.from_xml(node)
14
+ return nil unless node
14
15
  result = new
15
16
  result.from_xml(node)
16
17
  result
@@ -185,7 +185,7 @@ module SAML2
185
185
 
186
186
  # only do our own issue instant validation if the assertion
187
187
  # doesn't mandate any
188
- unless assertion.conditions.not_on_or_after
188
+ unless assertion.conditions&.not_on_or_after
189
189
  if assertion.issue_instant + 5 * 60 < verification_time ||
190
190
  assertion.issue_instant - 5 * 60 > verification_time
191
191
  errors << "assertion not recently issued"
@@ -193,8 +193,9 @@ module SAML2
193
193
  end
194
194
  end
195
195
 
196
- unless (condition_errors = assertion.conditions.validate(verification_time: verification_time,
197
- audience: service_provider.entity_id)).empty?
196
+ if assertion.conditions &&
197
+ !(condition_errors = assertion.conditions.validate(verification_time: verification_time,
198
+ audience: service_provider.entity_id)).empty?
198
199
  return errors.concat(condition_errors)
199
200
  end
200
201
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SAML2
4
- VERSION = '2.2.3'
4
+ VERSION = '2.2.4'
5
5
  end
@@ -0,0 +1 @@
1
+ <samlp:Response ID="_8BE49FED716A72AC7F522E48FB0AAD60" Version="2.0" IssueInstant="2018-06-02T17:10:55.181Z" Destination="https://school.instructure.com/login/saml" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://login.school.org:9000/SSO/CanvasIndex</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_8BE49FED716A72AC7F522E48FB0AAD60"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>JLUChoHqec/YsCvAbA5IyZec+SI=</DigestValue></Reference></SignedInfo><SignatureValue>Zyz2cx4zwPXZrIJS0Tviio41F13yqRAlCGZQN6attC9w/vUf+l0dDinWP0cIpmKTSTxm0ZvwQsxb1hOhHNMVmgl1enKxAS51vSn1UDLLAwumlv3+hb0PBNkOrdfgxXXNUPJvJokBMGvEQl5Iy2YRQUlmpY49NfLIWfbgI55YqGg=</SignatureValue><KeyInfo><X509Data><X509Certificate></X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7B628E4F6D162193D406C05E2BF19920" IssueInstant="2018-06-02T17:10:55.181Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>https://login.school.org:9000/SSO/CanvasIndex</saml:Issuer><saml:Subject><saml:NameID>user@school.edu</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2028-06-02T10:10:55.181Z" Recipient="https://school.instructure.com/login/saml" /></saml:SubjectConfirmation></saml:Subject><saml:AuthnStatement AuthnInstant="2018-06-02T17:10:55.181Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>
@@ -109,6 +109,11 @@ module SAML2
109
109
  expect(response.assertions.first.subject.name_id.id).to eq 'testuser@example.com'
110
110
  end
111
111
 
112
+ it "doesn't choke on missing Conditions" do
113
+ response = Response.parse(fixture("noconditions_response.xml"))
114
+ expect(response.assertions.first.conditions).to eq nil
115
+ end
116
+
112
117
  describe "#validate" do
113
118
  let (:idp_entity) do
114
119
  idp_entity = Entity.new("issuer")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.3
4
+ version: 2.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cody Cutrer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-25 00:00:00.000000000 Z
11
+ date: 2018-06-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -186,6 +186,7 @@ files:
186
186
  - spec/fixtures/entities.xml
187
187
  - spec/fixtures/external-uri-reference-response.xml
188
188
  - spec/fixtures/identity_provider.xml
189
+ - spec/fixtures/noconditions_response.xml
189
190
  - spec/fixtures/othercertificate.pem
190
191
  - spec/fixtures/privatekey.key
191
192
  - spec/fixtures/response_signed.xml
@@ -263,6 +264,7 @@ test_files:
263
264
  - spec/fixtures/response_tampered_signature.xml
264
265
  - spec/fixtures/xml_missigned_assertion.xml
265
266
  - spec/fixtures/certificate.pem
267
+ - spec/fixtures/noconditions_response.xml
266
268
  - spec/fixtures/entities.xml
267
269
  - spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml
268
270
  - spec/fixtures/othercertificate.pem