RubyGems - saml_idp - Versions diffs - 0.2.0.pre → 0.2.0 - Mend

saml_idp 0.2.0.pre → 0.2.0

Files changed (7) hide show

data/lib/saml_idp/assertion_builder.rb +8 -4
data/lib/saml_idp/controller.rb +6 -1
data/lib/saml_idp/saml_response.rb +10 -2
data/lib/saml_idp/version.rb +1 -1
data/spec/lib/saml_idp/assertion_builder_spec.rb +8 -2
data/spec/lib/saml_idp/saml_response_spec.rb +8 -1
metadata +9 -6

data/lib/saml_idp/assertion_builder.rb CHANGED

@@ -12,10 +12,12 @@ module SamlIdp
     attr_accessor :saml_request_id
     attr_accessor :saml_acs_url
     attr_accessor :raw_algorithm
+    attr_accessor :authn_context_classref
+    attr_accessor :expiry
     delegate :config, to: :SamlIdp
-    def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm)
+    def initialize(reference_id, issuer_uri, principal, audience_uri, saml_request_id, saml_acs_url, raw_algorithm, authn_context_classref, expiry=60*60)
       self.reference_id = reference_id
       self.issuer_uri = issuer_uri
       self.principal = principal
@@ -23,6 +25,8 @@ module SamlIdp
       self.saml_request_id = saml_request_id
       self.saml_acs_url = saml_acs_url
       self.raw_algorithm = raw_algorithm
+      self.authn_context_classref = authn_context_classref
+      self.expiry = expiry
     end
     def fresh
@@ -58,10 +62,10 @@ module SamlIdp
                   end
               end
             end
-          end unless config.attributes.nil? || config.attributes.empty?
+          end
           assertion.AuthnStatement AuthnInstant: now_iso, SessionIndex: reference_string do |statement|
             statement.AuthnContext do |context|
-              context.AuthnContextClassRef Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
+              context.AuthnContextClassRef authn_context_classref
             end
           end
         end
@@ -127,7 +131,7 @@ module SamlIdp
     private :not_before
     def not_on_or_after_condition
-      iso { now + 60 * 60 }
+      iso { now + expiry }
     end
     private :not_on_or_after_condition

data/lib/saml_idp/controller.rb CHANGED

@@ -26,6 +26,10 @@ module SamlIdp
       self.saml_request = Request.from_deflated_request(raw_saml_request)
     end
+    def authn_context_classref
+      Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
+    end
     def encode_response(principal, opts = {})
       response_id, reference_id = get_saml_response_id, get_saml_reference_id
       audience_uri = opts[:audience_uri] || saml_request.issuer || saml_acs_url[/^(.*?\/\/.*?\/)/, 1]
@@ -39,7 +43,8 @@ module SamlIdp
         audience_uri,
         saml_request_id,
         saml_acs_url,
-        algorithm
+        algorithm,
+        authn_context_classref
       ).build
     end

data/lib/saml_idp/saml_response.rb CHANGED

@@ -13,6 +13,8 @@ module SamlIdp
     attr_accessor :algorithm
     attr_accessor :secret_key
     attr_accessor :x509_certificate
+    attr_accessor :authn_context_classref
+    attr_accessor :expiry
     def initialize(reference_id,
           response_id,
@@ -21,7 +23,9 @@ module SamlIdp
           audience_uri,
           saml_request_id,
           saml_acs_url,
-          algorithm
+          algorithm,
+          authn_context_classref,
+          expiry=60*60
           )
       self.reference_id = reference_id
       self.response_id = response_id
@@ -33,6 +37,8 @@ module SamlIdp
       self.algorithm = algorithm
       self.secret_key = secret_key
       self.x509_certificate = x509_certificate
+      self.authn_context_classref = authn_context_classref
+      self.expiry = expiry
     end
     def build
@@ -56,7 +62,9 @@ module SamlIdp
         audience_uri,
         saml_request_id,
         saml_acs_url,
-        algorithm
+        algorithm,
+        authn_context_classref,
+        expiry
     end
     private :assertion_builder
   end

data/lib/saml_idp/version.rb CHANGED

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module SamlIdp
-  VERSION = '0.2.0.pre'
+  VERSION = '0.2.0'
 end

data/spec/lib/saml_idp/assertion_builder_spec.rb CHANGED

@@ -8,6 +8,10 @@ module SamlIdp
     let(:saml_request_id) { "123" }
     let(:saml_acs_url) { "http://saml.acs.url" }
     let(:algorithm) { :sha256 }
+    let(:authn_context_classref) {
+      Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
+    }
+    let(:expiry) { 3*60*60 }
     subject { described_class.new(
       reference_id,
       issuer_uri,
@@ -15,12 +19,14 @@ module SamlIdp
       audience_uri,
       saml_request_id,
       saml_acs_url,
-      algorithm
+      algorithm,
+      authn_context_classref,
+      expiry
     ) }
     it "builds a legit raw XML file" do
       Timecop.travel(Time.zone.local(2010, 6, 1, 13, 0, 0)) do
-        subject.raw.should == "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">foo@example.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T14:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"email-address\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"emailAddress\"><AttributeValue>foo@example.com</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>"
+        subject.raw.should == "<Assertion xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_abc\" IssueInstant=\"2010-06-01T13:00:00Z\" Version=\"2.0\"><Issuer>http://sportngin.com</Issuer><Subject><NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\">foo@example.com</NameID><SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><SubjectConfirmationData InResponseTo=\"123\" NotOnOrAfter=\"2010-06-01T13:03:00Z\" Recipient=\"http://saml.acs.url\"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore=\"2010-06-01T12:59:55Z\" NotOnOrAfter=\"2010-06-01T16:00:00Z\"><AudienceRestriction><Audience>http://example.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name=\"email-address\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" FriendlyName=\"emailAddress\"><AttributeValue>foo@example.com</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant=\"2010-06-01T13:00:00Z\" SessionIndex=\"_abc\"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>"
       end
     end
   end

data/spec/lib/saml_idp/saml_response_spec.rb CHANGED

@@ -11,6 +11,11 @@ module SamlIdp
     let(:algorithm) { :sha1 }
     let(:secret_key) { Default::SECRET_KEY }
     let(:x509_certificate) { Default::X509_CERTIFICATE }
+    let(:xauthn) { Default::X509_CERTIFICATE }
+    let(:authn_context_classref) {
+      Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD
+    }
+    let(:expiry) { 3 * 60 * 60 }
     subject { described_class.new(reference_id,
                                   response_id,
                                   issuer_uri,
@@ -18,7 +23,9 @@ module SamlIdp
                                   audience_uri,
                                   saml_request_id,
                                   saml_acs_url,
-                                  algorithm
+                                  algorithm,
+                                  authn_context_classref,
+                                  expiry
                                  )
     }

metadata CHANGED

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp
 version: !ruby/object:Gem::Version
-  version: 0.2.0.pre
-  prerelease: 6
+  version: 0.2.0
+  prerelease:
 platform: ruby
 authors:
 - Jon Phenow
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-08-08 00:00:00.000000000 Z
+date: 2015-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -345,13 +345,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 557942331411013025
+      hash: 2099759459074345722
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>'
+  - - ! '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
+      segments:
+      - 0
+      hash: 2099759459074345722
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23