spid-es 0.0.23 → 0.0.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94627fabd1026d5ef9e46d3753d3c350fd84dc84d9e976b52582c9188c959580
-  data.tar.gz: de6042d8cc7089415ab31f12c6ebe7f4d4e45a509f71c01aeca53cb0df30c889
+  metadata.gz: 26b9ca5bca45877a5b6bebc563ac36e2477449c823cf223c648abe49ab16def0
+  data.tar.gz: 60976ddb66cee847aa3f7bf95438590957fb137f22964b6223461d16f450138a
 SHA512:
-  metadata.gz: 22186ddb76b20451e0ac1171fab10ddfba0dfc2c033c42e540876e8a75f0975e109e2d3a894e41ca3353794fecd6714708c825b807c93762659e44914bfedd3a
-  data.tar.gz: 7c731740767fb10fd71833522ac9603ea3dbb983a2854c5ea711f80b835328f997ad76fa9771f2b91043db784ce56d375ebb48bb72a17f267fa0c88012b7bb99
+  metadata.gz: 20e31accd525285e23c2c6ca25f6a6259605bf44ae28c0273c222d000b8abca51419471174af8800ec58169a8feea10ece60eabeca6506043147e8bce0050488
+  data.tar.gz: 8d7aa546d80c0cb87070b0e7cdfb1cb8fe4aea939749fccb40293cb1b28480314c1be832d8b4fb5bcb21d4912dd052a03723cbb07b0c91d3c35b472c3453b816

data/lib/spid/ruby-saml/metadata.rb

@@ -47,9 +47,10 @@ module Spid
         if settings.issuer != nil
           root.attributes["entityID"] = settings.issuer
         end
-        uuid = "_" + UUID.new.generate
-        self.uuid = uuid
-        root.attributes["ID"] = uuid
+        #Tolto per non far cambiare sempre il metadata
+        # uuid = "_" + UUID.new.generate
+        # self.uuid = uuid
+        # root.attributes["ID"] = uuid
 
         sp_sso = root.add_element "md:SPSSODescriptor", { 
             "protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol",

data/lib/spid/ruby-saml/response.rb

@@ -268,6 +268,8 @@ module Spid
             return false if validate_destination(soft) == false
             #validazione status
             return false if validate_status(soft) == false
+            #validazione inresponseto
+            return false if validate_presence_inresponseto(soft) == false
             #validazione issuer
             return false if validate_issuer(soft) == false
             #validazioni varie su asserzioni
@@ -312,6 +314,11 @@ module Spid
           end
         end
 
+        def validate_presence_inresponseto(soft=true)
+          response_to_id_value = response_to_id
+          return (soft ? false : validation_error("InResponseTo non specificato o mancante")) if response_to_id_value.blank?
+        end
+
 
 
         #validate status e status code
@@ -344,16 +351,16 @@ module Spid
         end
 
         def version_assertion(document)
-          assertion_nodes = xpath_from_signed_assertion()
-          @version_assertion = "2.0"
-          #ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
-          unless assertion_nodes.blank?
-            assertion_nodes.each{ |ass_node|
-              return nil if ass_node.attributes['Version'] != "2.0"
-            }
-          end
-          @version_assertion 
-      end
+            assertion_nodes = xpath_from_signed_assertion()
+            @version_assertion = "2.0"
+            #ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
+            unless assertion_nodes.blank?
+              assertion_nodes.each{ |ass_node|
+                return nil if ass_node.attributes['Version'] != "2.0"
+              }
+            end
+            @version_assertion 
+        end
 
         def validate_version(soft = true)
             unless version(self.document) == "2.0"
@@ -364,12 +371,12 @@ module Spid
         end
 
         def validate_version_assertion(soft = true)
-          unless version_assertion(self.document) == "2.0"
-            #return append_error("Unsupported SAML version")
-            return soft ? false : validation_error("Unsupported SAML Assertion version")
-          end
-          true
-      end
+            unless version_assertion(self.document) == "2.0"
+              #return append_error("Unsupported SAML version")
+              return soft ? false : validation_error("Unsupported SAML Assertion version")
+            end
+            true
+        end
 
         def validate_signed_elements(soft = true)
             signature_nodes = REXML::XPath.match(decrypted_document.nil? ? document : decrypted_document,"//ds:Signature",{"ds"=>DSIG})

data/spid-es.gemspec

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'spid-es'
-  s.version = '0.0.23'
+  s.version = '0.0.24'
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid-es
 version: !ruby/object:Gem::Version
-  version: 0.0.23
+  version: 0.0.24
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-08 00:00:00.000000000 Z
+date: 2020-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix
@@ -140,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: SAML Ruby Tookit Spid