saml_idp 0.1.1 → 0.2.0.pre

data/app/controllers/saml_idp/idp_controller.rb

@@ -3,7 +3,7 @@ module SamlIdp
   class IdpController < ActionController::Base
     include SamlIdp::Controller
 
-    unloadable
+    unloadable unless Rails::VERSION::MAJOR >= 4
     protect_from_forgery
     before_filter :validate_saml_request, only: [:new, :create]
 

data/lib/saml_idp.rb

@@ -71,7 +71,7 @@ module Saml
 
       def valid_signature?(fingerprint)
         signed? &&
-          signed_document.validate(fingerprint, :soft)
+          signed_document.validate_document(fingerprint, :soft)
       end
 
       def signed_document

data/lib/saml_idp/assertion_builder.rb

@@ -58,7 +58,7 @@ module SamlIdp
                   end
               end
             end
-          end
+          end unless config.attributes.nil? || config.attributes.empty?
           assertion.AuthnStatement AuthnInstant: now_iso, SessionIndex: reference_string do |statement|
             statement.AuthnContext do |context|
               context.AuthnContextClassRef Saml::XML::Namespaces::AuthnContext::ClassRef::PASSWORD

data/lib/saml_idp/configurator.rb

@@ -9,6 +9,7 @@ module SamlIdp
     attr_accessor :organization_name
     attr_accessor :organization_url
     attr_accessor :base_saml_location
+    attr_accessor :entity_id
     attr_accessor :reference_id_generator
     attr_accessor :attribute_service_location
     attr_accessor :single_service_post_location

data/lib/saml_idp/metadata_builder.rb

@@ -90,11 +90,10 @@ module SamlIdp
 
     def build_contact(el)
       el.ContactPerson contactType: "technical" do |contact|
-        contact.Company technical_contact.company if technical_contact.company.present?
-        contact.GivenName technical_contact.given_name if technical_contact.given_name.present?
-        contact.SurName technical_contact.sur_name if technical_contact.sur_name.present?
-        contact.TelephoneNumber technical_contact.telephone if technical_contact.telephone.present?
-        contact.EmailAddress technical_contact.mail_to_string if technical_contact.mail_to_string.present?
+        %w[company given_name sur_name telephone mail_to_string].each do |section|
+          section_value = technical_contact.public_send(section)
+          contact.Company section_value if section_value.present?
+        end
       end
     end
     private :build_contact
@@ -105,7 +104,7 @@ module SamlIdp
     private :reference_string
 
     def entity_id
-      configurator.base_saml_location
+      configurator.entity_id.presence || configurator.base_saml_location
     end
     private :entity_id
 

data/lib/saml_idp/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module SamlIdp
-  VERSION = '0.1.1'
+  VERSION = '0.2.0.pre'
 end

data/saml_idp.gemspec

@@ -31,8 +31,8 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency "rake"
   s.add_development_dependency "simplecov"
-  s.add_development_dependency "rspec"
-  s.add_development_dependency "ruby-saml"
+  s.add_development_dependency "rspec", "~> 2.5"
+  s.add_development_dependency "ruby-saml", "~> 0.8"
   s.add_development_dependency("rails", "~> 3.2")
   s.add_development_dependency("capybara")
   s.add_development_dependency("timecop")

data/spec/lib/saml_idp/attribute_decorator_spec.rb

@@ -11,10 +11,21 @@ module SamlIdp
     let(:name_format) { nil }
     let(:values) { nil }
 
-    its(:name) { should be_nil }
-    its(:friendly_name) { should be_nil }
-    its(:name_format) { should == Saml::XML::Namespaces::Formats::Attr::URI }
-    its(:values) { should == [] }
+    it "has a valid name" do
+      subject.name.should be_nil
+    end
+
+    it "has a valid friendly_name" do
+      subject.friendly_name.should be_nil
+    end
+
+    it "has a valid name_format" do
+      subject.name_format.should == Saml::XML::Namespaces::Formats::Attr::URI
+    end
+
+    it "has a valid values" do
+      subject.values.should == []
+    end
 
     describe "with values set" do
       let(:name) { "test" }
@@ -22,10 +33,21 @@ module SamlIdp
       let(:name_format) { "some format" }
       let(:values) { :val }
 
-      its(:name) { should == name }
-      its(:friendly_name) { should == friendly_name }
-      its(:name_format) { should == name_format }
-      its(:values) { should == [values] }
+      it "has a valid name" do
+        subject.name.should == name
+      end
+
+      it "has a valid friendly_name" do
+        subject.friendly_name.should == friendly_name
+      end
+
+      it "has a valid name_format" do
+        subject.name_format.should == name_format
+      end
+
+      it "has a valid values" do
+        subject.values.should == [values]
+      end
     end
   end
 end

data/spec/lib/saml_idp/configurator_spec.rb

@@ -14,10 +14,22 @@ module SamlIdp
     it { should respond_to :attributes }
     it { should respond_to :service_provider }
 
-    its(:x509_certificate) { should == Default::X509_CERTIFICATE }
-    its(:secret_key) { should == Default::SECRET_KEY }
-    its(:algorithm) { should == :sha1 }
-    its(:reference_id_generator) { should respond_to :call }
+    it "has a valid x509_certificate" do
+      subject.x509_certificate.should == Default::X509_CERTIFICATE
+    end
+
+    it "has a valid secret_key" do
+      subject.secret_key.should == Default::SECRET_KEY
+    end
+
+    it "has a valid algorithm" do
+      subject.algorithm.should == :sha1
+    end
+
+    it "has a valid reference_id_generator" do
+      subject.reference_id_generator.should respond_to :call
+    end
+
 
     it "can call service provider finder" do
       subject.service_provider.finder.should respond_to :call

data/spec/lib/saml_idp/controller_spec.rb

@@ -28,22 +28,22 @@ describe SamlIdp::Controller do
 
     it "should create a SAML Response" do
       saml_response = encode_response(principal)
-      response = Onelogin::Saml::Response.new(saml_response)
+      response = OneLogin::RubySaml::Response.new(saml_response)
       response.name_id.should == "foo@example.com"
       response.issuer.should == "http://example.com"
       response.settings = saml_settings
-      response.is_valid?.should be_true
+      response.is_valid?.should be_truthy
     end
 
     [:sha1, :sha256, :sha384, :sha512].each do |algorithm_name|
       it "should create a SAML Response using the #{algorithm_name} algorithm" do
         self.algorithm = algorithm_name
         saml_response = encode_response(principal)
-        response = Onelogin::Saml::Response.new(saml_response)
+        response = OneLogin::RubySaml::Response.new(saml_response)
         response.name_id.should == "foo@example.com"
         response.issuer.should == "http://example.com"
         response.settings = saml_settings
-        response.is_valid?.should be_true
+        response.is_valid?.should be_truthy
       end
     end
   end

data/spec/lib/saml_idp/metadata_builder_spec.rb

@@ -1,9 +1,12 @@
 require 'spec_helper'
 module SamlIdp
   describe MetadataBuilder do
-    its(:fresh) { should_not be_empty }
+    it "has a valid fresh" do
+      subject.fresh.should_not be_empty
+    end
+
     it "signs valid xml" do
-      Saml::XML::Document.parse(subject.signed).valid_signature?(Default::FINGERPRINT).should be_true
+      Saml::XML::Document.parse(subject.signed).valid_signature?(Default::FINGERPRINT).should be_truthy
     end
   end
 end

data/spec/lib/saml_idp/name_id_formatter_spec.rb

@@ -6,7 +6,10 @@ module SamlIdp
     describe "with one item" do
       let(:list) { { email_address: ->() { "foo@example.com" } } }
 
-      its(:all) { should == ["urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"] }
+      it "has a valid all" do
+        subject.all.should == ["urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"]
+      end
+
     end
 
     describe "with hash describing versions" do
@@ -17,23 +20,23 @@ module SamlIdp
         }
       }
 
-      its(:all) {
-        should == [
+      it "has a valid all" do
+        subject.all.should == [
           "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
           "urn:oasis:names:tc:SAML:2.0:nameid-format:undefined",
         ]
-      }
+      end
     end
 
     describe "with actual list" do
       let(:list) { [:email_address, :undefined] }
 
-      its(:all) {
-        should == [
+      it "has a valid all" do
+        subject.all.should == [
           "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress",
           "urn:oasis:names:tc:SAML:2.0:nameid-format:undefined",
         ]
-      }
+      end
     end
   end
 end

data/spec/lib/saml_idp/request_spec.rb

@@ -4,11 +4,29 @@ module SamlIdp
     let(:raw_request) { "<samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/saml/consume' Destination='http://localhost:1337/saml/auth' ID='_af43d1a0-e111-0130-661a-3c0754403fdb' IssueInstant='2013-08-06T22:01:35Z' Version='2.0' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'><saml:Issuer xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion'>localhost:3000</saml:Issuer><samlp:NameIDPolicy AllowCreate='true' Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/></samlp:AuthnRequest>" }
     subject { described_class.new raw_request }
 
-    its(:request_id) { should == "_af43d1a0-e111-0130-661a-3c0754403fdb" }
-    its(:acs_url) { should == "http://localhost:3000/saml/consume" }
-    its(:service_provider) { should be_a ServiceProvider }
-    its(:service_provider?) { should be_true }
-    its(:issuer) { should == "localhost:3000" }
-    its(:valid_signature?) { should be_true }
+    it "has a valid request_id" do
+      subject.request_id.should == "_af43d1a0-e111-0130-661a-3c0754403fdb"
+    end
+
+    it "has a valid acs_url" do
+      subject.acs_url.should == "http://localhost:3000/saml/consume"
+    end
+
+    it "has a valid service_provider" do
+      subject.service_provider.should be_a ServiceProvider
+    end
+
+    it "has a valid service_provider" do
+      subject.service_provider.should be_truthy
+    end
+
+    it "has a valid issuer" do
+      subject.issuer.should == "localhost:3000"
+    end
+
+    it "has a valid valid_signature" do
+      subject.valid_signature?.should be_truthy
+    end
+
   end
 end

data/spec/lib/saml_idp/saml_response_spec.rb

@@ -22,6 +22,8 @@ module SamlIdp
                                  )
     }
 
-    its(:build) { should be_present }
+    it "has a valid build" do
+      subject.build.should be_present
+    end
   end
 end

data/spec/lib/saml_idp/service_provider_spec.rb

@@ -13,8 +13,14 @@ module SamlIdp
       let(:fingerprint) { Default::FINGERPRINT }
       let(:metadata_url) { "http://localhost:3000/metadata" }
 
-      its(:fingerprint) { should == fingerprint }
-      its(:metadata_url) { should == metadata_url }
+      it "has a valid fingerprint" do
+        subject.fingerprint.should == fingerprint
+      end
+
+      it "has a valid metadata_url" do
+        subject.metadata_url.should == metadata_url
+      end
+
       it { should be_valid }
     end
   end

data/spec/lib/saml_idp/signable_spec.rb

@@ -69,6 +69,9 @@ module SamlIdp
       ].map(&:to_s).join(".*")
     end
 
-    its(:signed) { should match all_regex }
+    it "has a valid signed" do
+      subject.signed.should match all_regex
+    end
+
   end
 end

data/spec/rails_app/app/controllers/saml_controller.rb

@@ -1,8 +1,8 @@
 class SamlController < ApplicationController
 
   def consume
-    response = Onelogin::Saml::Response.new(params[:SAMLResponse])
+    response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
     render :text => response.name_id
   end
 
-end
+end

data/spec/support/saml_request_macros.rb

@@ -1,13 +1,13 @@
 module SamlRequestMacros
 
   def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/consume")
-    auth_request = Onelogin::Saml::Authrequest.new
+    auth_request = OneLogin::RubySaml::Authrequest.new
     auth_url = auth_request.create(saml_settings(requested_saml_acs_url))
     CGI.unescape(auth_url.split("=").last)
   end
 
   def saml_settings(saml_acs_url = "https://foo.example.com/saml/consume")
-    settings = Onelogin::Saml::Settings.new
+    settings = OneLogin::RubySaml::Settings.new
     settings.assertion_consumer_service_url = saml_acs_url
     settings.issuer = "http://example.com/issuer"
     settings.idp_sso_target_url = "http://idp.com/saml/idp"
@@ -16,4 +16,4 @@ module SamlRequestMacros
     settings
   end
 
-end
+end

data/spec/xml_security_spec.rb

@@ -7,7 +7,7 @@ module SamlIdp
     let(:base64cert) { document.elements["//ds:X509Certificate"].text }
 
     it "it run validate without throwing NS related exceptions" do
-      document.validate_doc(base64cert, true).should be_false
+      document.validate_doc(base64cert, true).should be_falsey
     end
 
     it "it run validate with throwing NS related exceptions" do
@@ -57,22 +57,22 @@ module SamlIdp
   describe "Algorithms" do
     it "validate using SHA1" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
-      document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72").should be_true
+      document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72").should be_truthy
     end
 
     it "validate using SHA256" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
-      document.validate("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA").should be_true
+      document.validate("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA").should be_truthy
     end
 
     it "validate using SHA384" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
-      document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72").should be_true
+      document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72").should be_truthy
     end
 
     it "validate using SHA512" do
       document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
-      document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72").should be_true
+      document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72").should be_truthy
     end
   end
 
@@ -106,17 +106,17 @@ module SamlIdp
     end
 
     describe "StarfieldTMS" do
-      let(:response) { Onelogin::Saml::Response.new(fixture(:starfield_response)) }
+      let(:response) { ::OneLogin::RubySaml::Response.new(fixture(:starfield_response)) }
 
       before do
-        response.settings = Onelogin::Saml::Settings.new(
+        response.settings = ::OneLogin::RubySaml::Settings.new(
           :idp_cert_fingerprint => "8D:BA:53:8E:A3:B6:F9:F1:69:6C:BB:D9:D8:BD:41:B3:AC:4F:9D:4D"
         )
       end
 
       it "be able to validate a good response" do
         Timecop.freeze Time.parse('2012-11-28 17:55:00 UTC') do
-          response.validate!.should be_true
+          response.validate!.should be_truthy
         end
       end
 

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: saml_idp
 version: !ruby/object:Gem::Version
-  version: 0.1.1
-  prerelease: 
+  version: 0.2.0.pre
+  prerelease: 6
 platform: ruby
 authors:
 - Jon Phenow
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-14 00:00:00.000000000 Z
+date: 2014-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -128,33 +128,33 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: ruby-saml
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -345,19 +345,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3584084846075043775
+      hash: 557942331411013025
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
-      segments:
-      - 0
-      hash: -3584084846075043775
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: SAML Indentity Provider in ruby