saml_idp 0.7.2 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (37) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile +1 -1
  3. data/README.md +11 -5
  4. data/lib/saml_idp/configurator.rb +1 -0
  5. data/lib/saml_idp/controller.rb +6 -6
  6. data/lib/saml_idp/incoming_metadata.rb +4 -1
  7. data/lib/saml_idp/request.rb +13 -0
  8. data/lib/saml_idp/service_provider.rb +14 -0
  9. data/lib/saml_idp/version.rb +1 -1
  10. data/saml_idp.gemspec +25 -22
  11. data/spec/acceptance/idp_controller_spec.rb +5 -4
  12. data/spec/lib/saml_idp/algorithmable_spec.rb +6 -6
  13. data/spec/lib/saml_idp/assertion_builder_spec.rb +8 -8
  14. data/spec/lib/saml_idp/attribute_decorator_spec.rb +8 -8
  15. data/spec/lib/saml_idp/configurator_spec.rb +7 -7
  16. data/spec/lib/saml_idp/controller_spec.rb +23 -20
  17. data/spec/lib/saml_idp/encryptor_spec.rb +4 -4
  18. data/spec/lib/saml_idp/incoming_metadata_spec.rb +41 -0
  19. data/spec/lib/saml_idp/metadata_builder_spec.rb +7 -17
  20. data/spec/lib/saml_idp/name_id_formatter_spec.rb +3 -3
  21. data/spec/lib/saml_idp/request_spec.rb +22 -22
  22. data/spec/lib/saml_idp/response_builder_spec.rb +2 -2
  23. data/spec/lib/saml_idp/saml_response_spec.rb +6 -6
  24. data/spec/lib/saml_idp/service_provider_spec.rb +2 -2
  25. data/spec/lib/saml_idp/signable_spec.rb +1 -1
  26. data/spec/lib/saml_idp/signature_builder_spec.rb +2 -2
  27. data/spec/lib/saml_idp/signed_info_builder_spec.rb +3 -3
  28. data/spec/rails_app/app/controllers/saml_controller.rb +5 -1
  29. data/spec/rails_app/config/application.rb +0 -6
  30. data/spec/rails_app/config/environments/development.rb +1 -6
  31. data/spec/rails_app/config/environments/production.rb +1 -0
  32. data/spec/rails_app/config/environments/test.rb +1 -0
  33. data/spec/spec_helper.rb +3 -0
  34. data/spec/support/saml_request_macros.rb +2 -1
  35. data/spec/xml_security_spec.rb +12 -12
  36. metadata +71 -39
  37. data/spec/lib/saml_idp/.assertion_builder_spec.rb.swp +0 -0
data/spec/lib/saml_idp/controller_spec.rb CHANGED
@@ -7,6 +7,9 @@ describe SamlIdp::Controller do
7
7
  def render(*)
8
8
  end
9
9
 
10
+ def head(*)
11
+ end
12
+
10
13
  def params
11
14
  @params ||= {}
12
15
  end
@@ -14,8 +17,8 @@ describe SamlIdp::Controller do
14
17
  it "should find the SAML ACS URL" do
15
18
  requested_saml_acs_url = "https://example.com/saml/consume"
16
19
  params[:SAMLRequest] = make_saml_request(requested_saml_acs_url)
17
- validate_saml_request
18
- saml_acs_url.should == requested_saml_acs_url
20
+ expect(validate_saml_request).to eq(true)
21
+ expect(saml_acs_url).to eq(requested_saml_acs_url)
19
22
  end
20
23
 
21
24
  context "SAML Responses" do
@@ -32,36 +35,36 @@ describe SamlIdp::Controller do
32
35
  it "should create a SAML Response" do
33
36
  saml_response = encode_response(principal, { audience_uri: 'http://example.com/issuer', issuer_uri: 'http://example.com', acs_url: 'https://foo.example.com/saml/consume' })
34
37
  response = OneLogin::RubySaml::Response.new(saml_response)
35
- response.name_id.should == "foo@example.com"
36
- response.issuers.first.should == "http://example.com"
38
+ expect(response.name_id).to eq("foo@example.com")
39
+ expect(response.issuers.first).to eq("http://example.com")
37
40
  response.settings = saml_settings
38
- response.is_valid?.should be_truthy
41
+ expect(response.is_valid?).to be_truthy
39
42
  end
40
43
  end
41
44
 
42
45
  context "solicited Response" do
43
46
  before(:each) do
44
47
  params[:SAMLRequest] = make_saml_request
45
- validate_saml_request
48
+ expect(validate_saml_request).to eq(true)
46
49
  end
47
50
 
48
51
  it "should create a SAML Response" do
49
52
  saml_response = encode_response(principal)
50
53
  response = OneLogin::RubySaml::Response.new(saml_response)
51
- response.name_id.should == "foo@example.com"
52
- response.issuers.first.should == "http://example.com"
54
+ expect(response.name_id).to eq("foo@example.com")
55
+ expect(response.issuers.first).to eq("http://example.com")
53
56
  response.settings = saml_settings
54
- response.is_valid?.should be_truthy
57
+ expect(response.is_valid?).to be_truthy
55
58
  end
56
59
 
57
60
  it "should create a SAML Logout Response" do
58
61
  params[:SAMLRequest] = make_saml_logout_request
59
- validate_saml_request
62
+ expect(validate_saml_request).to eq(true)
60
63
  expect(saml_request.logout_request?).to eq true
61
64
  saml_response = encode_response(principal)
62
65
  response = OneLogin::RubySaml::Logoutresponse.new(saml_response, saml_settings)
63
- response.validate.should == true
64
- response.issuer.should == "http://example.com"
66
+ expect(response.validate).to eq(true)
67
+ expect(response.issuer).to eq("http://example.com")
65
68
  end
66
69
 
67
70
 
@@ -70,10 +73,10 @@ describe SamlIdp::Controller do
70
73
  self.algorithm = algorithm_name
71
74
  saml_response = encode_response(principal)
72
75
  response = OneLogin::RubySaml::Response.new(saml_response)
73
- response.name_id.should == "foo@example.com"
74
- response.issuers.first.should == "http://example.com"
76
+ expect(response.name_id).to eq("foo@example.com")
77
+ expect(response.issuers.first).to eq("http://example.com")
75
78
  response.settings = saml_settings
76
- response.is_valid?.should be_truthy
79
+ expect(response.is_valid?).to be_truthy
77
80
  end
78
81
 
79
82
  it "should encrypt SAML Response assertion" do
@@ -82,11 +85,11 @@ describe SamlIdp::Controller do
82
85
  resp_settings = saml_settings
83
86
  resp_settings.private_key = SamlIdp::Default::SECRET_KEY
84
87
  response = OneLogin::RubySaml::Response.new(saml_response, settings: resp_settings)
85
- response.document.to_s.should_not match("foo@example.com")
86
- response.decrypted_document.to_s.should match("foo@example.com")
87
- response.name_id.should == "foo@example.com"
88
- response.issuers.first.should == "http://example.com"
89
- response.is_valid?.should be_truthy
88
+ expect(response.document.to_s).to_not match("foo@example.com")
89
+ expect(response.decrypted_document.to_s).to match("foo@example.com")
90
+ expect(response.name_id).to eq("foo@example.com")
91
+ expect(response.issuers.first).to eq("http://example.com")
92
+ expect(response.is_valid?).to be_truthy
90
93
  end
91
94
  end
92
95
  end
data/spec/lib/saml_idp/encryptor_spec.rb CHANGED
@@ -5,11 +5,11 @@ require 'saml_idp/encryptor'
5
5
  module SamlIdp
6
6
  describe Encryptor do
7
7
  let (:encryption_opts) do
8
- {
8
+ {
9
9
  cert: Default::X509_CERTIFICATE,
10
10
  block_encryption: 'aes256-cbc',
11
11
  key_transport: 'rsa-oaep-mgf1p',
12
- }
12
+ }
13
13
  end
14
14
 
15
15
  subject { described_class.new encryption_opts }
@@ -17,11 +17,11 @@ module SamlIdp
17
17
  it "encrypts XML" do
18
18
  raw_xml = '<foo>bar</foo>'
19
19
  encrypted_xml = subject.encrypt(raw_xml)
20
- encrypted_xml.should_not match 'bar'
20
+ expect(encrypted_xml).to_not match raw_xml
21
21
  encrypted_doc = Nokogiri::XML::Document.parse(encrypted_xml)
22
22
  encrypted_data = Xmlenc::EncryptedData.new(encrypted_doc.at_xpath('//xenc:EncryptedData', Xmlenc::NAMESPACES))
23
23
  decrypted_xml = encrypted_data.decrypt(subject.encryption_key)
24
- decrypted_xml.should == raw_xml
24
+ expect(decrypted_xml).to eq(raw_xml)
25
25
  end
26
26
  end
27
27
  end
data/spec/lib/saml_idp/incoming_metadata_spec.rb ADDED
@@ -0,0 +1,41 @@
1
+ require 'spec_helper'
2
+ module SamlIdp
3
+
4
+ metadata_1 = <<-eos
5
+ <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="test" entityID="https://test-saml.com/saml">
6
+ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="false">
7
+ </md:SPSSODescriptor>
8
+ </md:EntityDescriptor>
9
+ eos
10
+
11
+ metadata_2 = <<-eos
12
+ <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="test" entityID="https://test-saml.com/saml">
13
+ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true">
14
+ </md:SPSSODescriptor>
15
+ </md:EntityDescriptor>
16
+ eos
17
+
18
+ metadata_3 = <<-eos
19
+ <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="test" entityID="https://test-saml.com/saml">
20
+ <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true">
21
+ </md:SPSSODescriptor>
22
+ </md:EntityDescriptor>
23
+ eos
24
+
25
+ describe IncomingMetadata do
26
+ it 'should properly set sign_assertions to false' do
27
+ metadata = SamlIdp::IncomingMetadata.new(metadata_1)
28
+ expect(metadata.sign_assertions).to eq(false)
29
+ end
30
+
31
+ it 'should properly set sign_assertions to true' do
32
+ metadata = SamlIdp::IncomingMetadata.new(metadata_2)
33
+ expect(metadata.sign_assertions).to eq(true)
34
+ end
35
+
36
+ it 'should properly set sign_assertions to false when WantAssertionsSigned is not included' do
37
+ metadata = SamlIdp::IncomingMetadata.new(metadata_3)
38
+ expect(metadata.sign_assertions).to eq(false)
39
+ end
40
+ end
41
+ end
data/spec/lib/saml_idp/metadata_builder_spec.rb CHANGED
@@ -2,18 +2,16 @@ require 'spec_helper'
2
2
  module SamlIdp
3
3
  describe MetadataBuilder do
4
4
  it "has a valid fresh" do
5
- subject.fresh.should_not be_empty
5
+ expect(subject.fresh).to_not be_empty
6
6
  end
7
7
 
8
8
  it "signs valid xml" do
9
- Saml::XML::Document.parse(subject.signed).valid_signature?(Default::FINGERPRINT).should be_truthy
9
+ expect(Saml::XML::Document.parse(subject.signed).valid_signature?(Default::FINGERPRINT)).to be_truthy
10
10
  end
11
11
 
12
12
  it "includes logout element" do
13
13
  subject.configurator.single_logout_service_post_location = 'https://example.com/saml/logout'
14
- subject.fresh.should match(
15
- '<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/saml/logout"/>'
16
- )
14
+ expect(subject.fresh).to match('<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.com/saml/logout"/>')
17
15
  end
18
16
 
19
17
  context "technical contact" do
@@ -32,31 +30,23 @@ module SamlIdp
32
30
  subject.configurator.technical_contact.telephone = "1-800-555-5555"
33
31
  subject.configurator.technical_contact.email_address = "acme@example.com"
34
32
 
35
- subject.fresh.should match(
36
- '<ContactPerson contactType="technical"><Company>ACME Corporation</Company><GivenName>Road</GivenName><SurName>Runner</SurName><EmailAddress>mailto:acme@example.com</EmailAddress><TelephoneNumber>1-800-555-5555</TelephoneNumber></ContactPerson>'
37
- )
33
+ expect(subject.fresh).to match('<ContactPerson contactType="technical"><Company>ACME Corporation</Company><GivenName>Road</GivenName><SurName>Runner</SurName><EmailAddress>mailto:acme@example.com</EmailAddress><TelephoneNumber>1-800-555-5555</TelephoneNumber></ContactPerson>')
38
34
  end
39
35
 
40
36
  it "no fields" do
41
- subject.fresh.should match(
42
- '<ContactPerson contactType="technical"></ContactPerson>'
43
- )
37
+ expect(subject.fresh).to match('<ContactPerson contactType="technical"></ContactPerson>')
44
38
  end
45
39
 
46
40
  it "just email" do
47
41
  subject.configurator.technical_contact.email_address = "acme@example.com"
48
- subject.fresh.should match(
49
- '<ContactPerson contactType="technical"><EmailAddress>mailto:acme@example.com</EmailAddress></ContactPerson>'
50
- )
42
+ expect(subject.fresh).to match('<ContactPerson contactType="technical"><EmailAddress>mailto:acme@example.com</EmailAddress></ContactPerson>')
51
43
  end
52
44
 
53
45
  end
54
46
 
55
47
  it "includes logout element as HTTP Redirect" do
56
48
  subject.configurator.single_logout_service_redirect_location = 'https://example.com/saml/logout'
57
- subject.fresh.should match(
58
- '<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/saml/logout"/>'
59
- )
49
+ expect(subject.fresh).to match('<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.com/saml/logout"/>')
60
50
  end
61
51
  end
62
52
  end
data/spec/lib/saml_idp/name_id_formatter_spec.rb CHANGED
@@ -7,7 +7,7 @@ module SamlIdp
7
7
  let(:list) { { email_address: ->() { "foo@example.com" } } }
8
8
 
9
9
  it "has a valid all" do
10
- subject.all.should == ["urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"]
10
+ expect(subject.all).to eq ["urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"]
11
11
  end
12
12
 
13
13
  end
@@ -21,7 +21,7 @@ module SamlIdp
21
21
  }
22
22
 
23
23
  it "has a valid all" do
24
- subject.all.should == [
24
+ expect(subject.all).to eq [
25
25
  "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
26
26
  "urn:oasis:names:tc:SAML:2.0:nameid-format:undefined",
27
27
  ]
@@ -32,7 +32,7 @@ module SamlIdp
32
32
  let(:list) { [:email_address, :undefined] }
33
33
 
34
34
  it "has a valid all" do
35
- subject.all.should == [
35
+ expect(subject.all).to eq [
36
36
  "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress",
37
37
  "urn:oasis:names:tc:SAML:2.0:nameid-format:undefined",
38
38
  ]
data/spec/lib/saml_idp/request_spec.rb CHANGED
@@ -9,12 +9,12 @@ module SamlIdp
9
9
  subject { described_class.from_deflated_request deflated_request }
10
10
 
11
11
  it "inflates" do
12
- subject.request_id.should == "_af43d1a0-e111-0130-661a-3c0754403fdb"
12
+ expect(subject.request_id).to eq("_af43d1a0-e111-0130-661a-3c0754403fdb")
13
13
  end
14
14
 
15
15
  it "handles invalid SAML" do
16
16
  req = described_class.from_deflated_request "bang!"
17
- req.valid?.should == false
17
+ expect(req.valid?).to eq(false)
18
18
  end
19
19
  end
20
20
 
@@ -22,51 +22,51 @@ module SamlIdp
22
22
  subject { described_class.new raw_authn_request }
23
23
 
24
24
  it "has a valid request_id" do
25
- subject.request_id.should == "_af43d1a0-e111-0130-661a-3c0754403fdb"
25
+ expect(subject.request_id).to eq("_af43d1a0-e111-0130-661a-3c0754403fdb")
26
26
  end
27
27
 
28
28
  it "has a valid acs_url" do
29
- subject.acs_url.should == "http://localhost:3000/saml/consume"
29
+ expect(subject.acs_url).to eq("http://localhost:3000/saml/consume")
30
30
  end
31
31
 
32
32
  it "has a valid service_provider" do
33
- subject.service_provider.should be_a ServiceProvider
33
+ expect(subject.service_provider).to be_a ServiceProvider
34
34
  end
35
35
 
36
36
  it "has a valid service_provider" do
37
- subject.service_provider.should be_truthy
37
+ expect(subject.service_provider).to be_truthy
38
38
  end
39
39
 
40
40
  it "has a valid issuer" do
41
- subject.issuer.should == "localhost:3000"
41
+ expect(subject.issuer).to eq("localhost:3000")
42
42
  end
43
43
 
44
44
  it "has a valid valid_signature" do
45
- subject.valid_signature?.should be_truthy
45
+ expect(subject.valid_signature?).to be_truthy
46
46
  end
47
47
 
48
48
  it "should return acs_url for response_url" do
49
- subject.response_url.should == subject.acs_url
49
+ expect(subject.response_url).to eq(subject.acs_url)
50
50
  end
51
51
 
52
52
  it "is a authn request" do
53
- subject.authn_request?.should == true
53
+ expect(subject.authn_request?).to eq(true)
54
54
  end
55
55
 
56
56
  it "fetches internal request" do
57
- subject.request['ID'].should == subject.request_id
57
+ expect(subject.request['ID']).to eq(subject.request_id)
58
58
  end
59
59
 
60
60
  it "has a valid authn context" do
61
- subject.requested_authn_context.should == "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
61
+ expect(subject.requested_authn_context).to eq("urn:oasis:names:tc:SAML:2.0:ac:classes:Password")
62
62
  end
63
63
 
64
64
  it "does not permit empty issuer" do
65
65
  raw_req = raw_authn_request.gsub('localhost:3000', '')
66
66
  authn_request = described_class.new raw_req
67
- authn_request.issuer.should_not == ''
68
- authn_request.issuer.should == nil
69
- authn_request.valid?.should == false
67
+ expect(authn_request.issuer).to_not eq('')
68
+ expect(authn_request.issuer).to be_nil
69
+ expect(authn_request.valid?).to eq(false)
70
70
  end
71
71
  end
72
72
 
@@ -76,31 +76,31 @@ module SamlIdp
76
76
  subject { described_class.new raw_logout_request }
77
77
 
78
78
  it "has a valid request_id" do
79
- subject.request_id.should == '_some_response_id'
79
+ expect(subject.request_id).to eq('_some_response_id')
80
80
  end
81
81
 
82
82
  it "should be flagged as a logout_request" do
83
- subject.logout_request?.should == true
83
+ expect(subject.logout_request?).to eq(true)
84
84
  end
85
85
 
86
86
  it "should have a valid name_id" do
87
- subject.name_id.should == 'some_name_id'
87
+ expect(subject.name_id).to eq('some_name_id')
88
88
  end
89
89
 
90
90
  it "should have a session index" do
91
- subject.session_index.should == 'abc123index'
91
+ expect(subject.session_index).to eq('abc123index')
92
92
  end
93
93
 
94
94
  it "should have a valid issuer" do
95
- subject.issuer.should == 'http://example.com'
95
+ expect(subject.issuer).to eq('http://example.com')
96
96
  end
97
97
 
98
98
  it "fetches internal request" do
99
- subject.request['ID'].should == subject.request_id
99
+ expect(subject.request['ID']).to eq(subject.request_id)
100
100
  end
101
101
 
102
102
  it "should return logout_url for response_url" do
103
- subject.response_url.should == subject.logout_url
103
+ expect(subject.response_url).to eq(subject.logout_url)
104
104
  end
105
105
  end
106
106
  end
data/spec/lib/saml_idp/response_builder_spec.rb CHANGED
@@ -25,7 +25,7 @@ module SamlIdp
25
25
 
26
26
  it "builds a legit raw XML file" do
27
27
  Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
28
- subject.raw.should == "<samlp:Response ID=\"_abc\" Version=\"2.0\" IssueInstant=\"2010-06-01T13:00:00Z\" Destination=\"http://sportngin.com\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" InResponseTo=\"134\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://example.com</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2013-07-31T05:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><signature>stuff</signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">jon.phenow@sportngin.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2013-07-31T05:03:00Z\" Recipient=\"http://saml.acs.url\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2013-07-31T04:59:55Z\" NotOnOrAfter=\"2013-07-31T06:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>jon.phenow@sportngin.com</AttributeValue></Attribute></AttributeStatement><AuthnStatment AuthnInstant=\"2013-07-31T05:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatment></Assertion></samlp:Response>"
28
+ expect(subject.raw).to eq("<samlp:Response ID=\"_abc\" Version=\"2.0\" IssueInstant=\"2010-06-01T13:00:00Z\" Destination=\"http://sportngin.com\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" InResponseTo=\"134\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://example.com</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2013-07-31T05:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><signature>stuff</signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">jon.phenow@sportngin.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2013-07-31T05:03:00Z\" Recipient=\"http://saml.acs.url\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2013-07-31T04:59:55Z\" NotOnOrAfter=\"2013-07-31T06:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>jon.phenow@sportngin.com</AttributeValue></Attribute></AttributeStatement><AuthnStatment AuthnInstant=\"2013-07-31T05:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatment></Assertion></samlp:Response>")
29
29
  end
30
30
  end
31
31
 
@@ -34,7 +34,7 @@ module SamlIdp
34
34
 
35
35
  it "builds a legit raw XML file without a request ID" do
36
36
  Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
37
- subject.raw.should == "<samlp:Response ID=\"_abc\" Version=\"2.0\" IssueInstant=\"2010-06-01T13:00:00Z\" Destination=\"http://sportngin.com\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://example.com</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2013-07-31T05:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><signature>stuff</signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">jon.phenow@sportngin.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2013-07-31T05:03:00Z\" Recipient=\"http://saml.acs.url\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2013-07-31T04:59:55Z\" NotOnOrAfter=\"2013-07-31T06:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>jon.phenow@sportngin.com</AttributeValue></Attribute></AttributeStatement><AuthnStatment AuthnInstant=\"2013-07-31T05:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatment></Assertion></samlp:Response>"
37
+ expect(subject.raw).to eq("<samlp:Response ID=\"_abc\" Version=\"2.0\" IssueInstant=\"2010-06-01T13:00:00Z\" Destination=\"http://sportngin.com\" Consent=\"urn:oasis:names:tc:SAML:2.0:consent:unspecified\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://example.com</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2013-07-31T05:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><signature>stuff</signature><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">jon.phenow@sportngin.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2013-07-31T05:03:00Z\" Recipient=\"http://saml.acs.url\"/></SubjectConfirmation></Subject><Conditions NotBefore=\"2013-07-31T04:59:55Z\" NotOnOrAfter=\"2013-07-31T06:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\"><AttributeValue>jon.phenow@sportngin.com</AttributeValue></Attribute></AttributeStatement><AuthnStatment AuthnInstant=\"2013-07-31T05:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatment></Assertion></samlp:Response>")
38
38
  end
39
39
  end
40
40
  end
data/spec/lib/saml_idp/saml_response_spec.rb CHANGED
@@ -63,23 +63,23 @@ module SamlIdp
63
63
  end
64
64
 
65
65
  it "has a valid build" do
66
- subject.build.should be_present
66
+ expect(subject.build).to be_present
67
67
  end
68
68
 
69
69
  it "builds encrypted" do
70
- subject_encrypted.build.should_not match(audience_uri)
70
+ expect(subject_encrypted.build).to_not match(audience_uri)
71
71
  encoded_xml = subject_encrypted.build
72
72
  resp_settings = saml_settings(saml_acs_url)
73
73
  resp_settings.private_key = Default::SECRET_KEY
74
74
  resp_settings.issuer = audience_uri
75
75
  saml_resp = OneLogin::RubySaml::Response.new(encoded_xml, settings: resp_settings)
76
76
  saml_resp.soft = false
77
- saml_resp.is_valid?.should == true
77
+ expect(saml_resp.is_valid?).to eq(true)
78
78
  end
79
79
 
80
80
  it "sets session expiration" do
81
81
  saml_resp = OneLogin::RubySaml::Response.new(subject.build)
82
- saml_resp.session_expires_at.should == Time.local(1990, "jan", 2).iso8601
82
+ expect(saml_resp.session_expires_at).to eq Time.local(1990, "jan", 2).iso8601
83
83
  end
84
84
 
85
85
  context "session expiration is set to 0" do
@@ -89,14 +89,14 @@ module SamlIdp
89
89
  resp_settings = saml_settings(saml_acs_url)
90
90
  resp_settings.issuer = audience_uri
91
91
  saml_resp = OneLogin::RubySaml::Response.new(subject.build, settings: resp_settings)
92
- saml_resp.is_valid?.should == true
92
+ expect(saml_resp.is_valid?).to eq(true)
93
93
  end
94
94
 
95
95
  it "doesn't set a session expiration" do
96
96
  resp_settings = saml_settings(saml_acs_url)
97
97
  resp_settings.issuer = audience_uri
98
98
  saml_resp = OneLogin::RubySaml::Response.new(subject.build, settings: resp_settings)
99
- saml_resp.session_expires_at.should be_nil
99
+ expect(saml_resp.session_expires_at).to be_nil
100
100
  end
101
101
  end
102
102
  end
data/spec/lib/saml_idp/service_provider_spec.rb CHANGED
@@ -14,11 +14,11 @@ module SamlIdp
14
14
  let(:metadata_url) { "http://localhost:3000/metadata" }
15
15
 
16
16
  it "has a valid fingerprint" do
17
- subject.fingerprint.should == fingerprint
17
+ expect(subject.fingerprint).to eq(fingerprint)
18
18
  end
19
19
 
20
20
  it "has a valid metadata_url" do
21
- subject.metadata_url.should == metadata_url
21
+ expect(subject.metadata_url).to eq(metadata_url)
22
22
  end
23
23
 
24
24
  it { should be_valid }
data/spec/lib/saml_idp/signable_spec.rb CHANGED
@@ -70,7 +70,7 @@ module SamlIdp
70
70
  end
71
71
 
72
72
  it "has a valid signed" do
73
- subject.signed.should match all_regex
73
+ expect(subject.signed).to match all_regex
74
74
  end
75
75
 
76
76
  end