spid 0.10.0 → 0.11.0

data/lib/spid/slo/response.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "onelogin/ruby-saml/logoutresponse"
-
 module Spid
   module Slo
     class Response # :nodoc:
@@ -16,23 +14,11 @@ module Spid
       end
 
       def valid?
-        validated_saml_response.validate
+        saml_response.in_response_to == matches_request_id
       end
 
       def errors
-        validated_saml_response.errors
-      end
-
-      def saml_settings
-        slo_settings.saml_settings
-      end
-
-      def slo_settings
-        Settings.new(
-          service_provider: service_provider,
-          identity_provider: identity_provider,
-          session_index: session_index
-        )
+        []
       end
 
       def identity_provider
@@ -46,27 +32,14 @@ module Spid
       end
 
       def issuer
-        saml_response.issuer.strip
+        saml_response.issuer
       end
 
-      private
-
       def saml_response
-        ::OneLogin::RubySaml::Logoutresponse.new(
-          body,
-          nil,
-          matches_request_id: matches_request_id
+        @saml_response ||= Spid::Saml2::LogoutResponse.new(
+          body: body
         )
       end
-
-      def validated_saml_response
-        @validated_saml_response ||=
-          begin
-            response = saml_response
-            response.settings = saml_settings
-            response
-          end
-      end
     end
   end
 end

data/lib/spid/sso.rb

@@ -2,7 +2,6 @@
 
 require "spid/sso/request"
 require "spid/sso/response"
-require "spid/sso/settings"
 
 module Spid
   module Sso # :nodoc:

data/lib/spid/sso/request.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-require "spid/authn_request"
-require "onelogin/ruby-saml/settings"
-
 module Spid
   module Sso
     class Request # :nodoc:
@@ -25,21 +22,37 @@ module Spid
           end
       end
 
-      def to_saml
-        authn_request.create(
-          saml_settings,
-          "RelayState" => relay_state
-        )
+      def url
+        [
+          settings.idp_sso_target_url,
+          query_params_signer.escaped_signed_query_string
+        ].join("?")
+      end
+
+      def query_params_signer
+        @query_params_signer ||=
+          begin
+            Spid::Saml2::Utils::QueryParamsSigner.new(
+              saml_message: saml_message,
+              relay_state: relay_state,
+              private_key: settings.private_key,
+              signature_method: settings.signature_method
+            )
+          end
       end
 
-      def saml_settings
-        sso_settings.saml_settings
+      def saml_message
+        @saml_message ||= authn_request.to_saml
       end
 
-      def sso_settings
-        Settings.new(
-          service_provider: service_provider,
+      def authn_request
+        @authn_request ||= Spid::Saml2::AuthnRequest.new(settings: settings)
+      end
+
+      def settings
+        @settings ||= Spid::Saml2::Settings.new(
           identity_provider: identity_provider,
+          service_provider: service_provider,
           authn_context: authn_context
         )
       end
@@ -53,12 +66,6 @@ module Spid
         @service_provider ||=
           Spid.configuration.service_provider
       end
-
-      private
-
-      def authn_request
-        AuthnRequest.new
-      end
     end
   end
 end

data/lib/spid/sso/response.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "onelogin/ruby-saml/response"
 require "active_support/inflector/methods"
 
 module Spid
@@ -13,18 +12,11 @@ module Spid
       end
 
       def valid?
-        validated_saml_response.is_valid?
+        saml_response.destination == service_provider.acs_url
       end
 
-      def saml_settings
-        sso_settings.saml_settings
-      end
-
-      def sso_settings
-        Settings.new(
-          service_provider: service_provider,
-          identity_provider: identity_provider
-        )
+      def issuer
+        saml_response.issuer
       end
 
       def attributes
@@ -33,16 +25,12 @@ module Spid
         end
       end
 
-      def issuer
-        saml_response.issuers.first
-      end
-
       def session_index
-        saml_response.sessionindex
+        saml_response.session_index
       end
 
       def raw_attributes
-        saml_response.attributes.attributes
+        saml_response.attributes
       end
 
       def identity_provider
@@ -55,6 +43,10 @@ module Spid
           Spid.configuration.service_provider
       end
 
+      def saml_response
+        @saml_response ||= Spid::Saml2::Response.new(body: body)
+      end
+
       private
 
       def normalize_key(key)
@@ -62,19 +54,6 @@ module Spid
           key.to_s
         ).to_s
       end
-
-      def saml_response
-        ::OneLogin::RubySaml::Response.new(body)
-      end
-
-      def validated_saml_response
-        @validated_saml_response ||=
-          begin
-            response = saml_response
-            response.settings = saml_settings
-            response
-          end
-      end
     end
   end
 end

data/lib/spid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spid
-  VERSION = "0.10.0"
+  VERSION = "0.11.0"
 end

data/spid.gemspec

@@ -26,7 +26,6 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency "activesupport", ">= 3.0.0", "< 5.3"
   spec.add_runtime_dependency "rack", ">= 1", "< 3"
-  spec.add_runtime_dependency "ruby-saml", "~> 1.8", ">= 1.8.0"
 
   spec.add_development_dependency "bundler", "~> 1.16"
   spec.add_development_dependency "bundler-audit", "~> 0"
@@ -35,6 +34,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "faraday_middleware", "~> 0"
   spec.add_development_dependency "nokogiri", "~> 1.8", ">= 1.8.3"
   spec.add_development_dependency "pry", "~> 0"
+  spec.add_development_dependency "pry-doc", "~> 0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "rubocop", "0.57.2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - David Librera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-02 00:00:00.000000000 Z
+date: 2018-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -50,26 +50,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
-- !ruby/object:Gem::Dependency
-  name: ruby-saml
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.8'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.8.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.8'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -174,6 +154,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-doc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -303,11 +297,8 @@ files:
 - Rakefile
 - idp_metadata/.gitkeep
 - lib/spid.rb
-- lib/spid/authn_request.rb
 - lib/spid/configuration.rb
-- lib/spid/identity_provider.rb
 - lib/spid/identity_provider_manager.rb
-- lib/spid/logout_request.rb
 - lib/spid/metadata.rb
 - lib/spid/rack.rb
 - lib/spid/rack/login.rb
@@ -316,15 +307,24 @@ files:
 - lib/spid/rack/session.rb
 - lib/spid/rack/slo.rb
 - lib/spid/rack/sso.rb
-- lib/spid/service_provider.rb
+- lib/spid/saml2.rb
+- lib/spid/saml2/authn_request.rb
+- lib/spid/saml2/identity_provider.rb
+- lib/spid/saml2/idp_metadata_parser.rb
+- lib/spid/saml2/logout_request.rb
+- lib/spid/saml2/logout_response.rb
+- lib/spid/saml2/response.rb
+- lib/spid/saml2/service_provider.rb
+- lib/spid/saml2/settings.rb
+- lib/spid/saml2/sp_metadata.rb
+- lib/spid/saml2/utils.rb
+- lib/spid/saml2/utils/query_params_signer.rb
 - lib/spid/slo.rb
 - lib/spid/slo/request.rb
 - lib/spid/slo/response.rb
-- lib/spid/slo/settings.rb
 - lib/spid/sso.rb
 - lib/spid/sso/request.rb
 - lib/spid/sso/response.rb
-- lib/spid/sso/settings.rb
 - lib/spid/version.rb
 - spid.gemspec
 homepage: https://github.com/italia/spid-ruby

data/lib/spid/authn_request.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-require "onelogin/ruby-saml/authrequest"
-
-module Spid
-  class AuthnRequest < ::OneLogin::RubySaml::Authrequest # :nodoc:
-    def create_xml_document(settings)
-      original_document = super(settings)
-      root = original_document.elements["//samlp:AuthnRequest"]
-      name_id_policy_element = root.add_element("samlp:NameIDPolicy")
-      name_id_policy_element.attributes["Format"] = format_transient
-      issuer_element = original_document.elements["//saml:Issuer"]
-      issuer_element.attributes["Format"] = format_entity
-      issuer_element.attributes["NameQualifier"] = settings.issuer
-      original_document
-    end
-
-    private
-
-    def format_transient
-      "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
-    end
-
-    def format_entity
-      "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
-    end
-  end
-end

data/lib/spid/identity_provider.rb

@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-require "onelogin/ruby-saml/idp_metadata_parser"
-
-module Spid
-  class IdentityProvider # :nodoc:
-    attr_reader :name
-    attr_reader :entity_id
-    attr_reader :sso_target_url
-    attr_reader :slo_target_url
-    attr_reader :cert_fingerprint
-
-    def initialize(
-          name:,
-          entity_id:,
-          sso_target_url:,
-          slo_target_url:,
-          cert_fingerprint:
-        )
-      @name = name
-      @entity_id = entity_id
-      @sso_target_url = sso_target_url
-      @slo_target_url = slo_target_url
-      @cert_fingerprint = cert_fingerprint
-    end
-
-    def sso_attributes
-      @sso_attributes ||=
-        begin
-          {
-            idp_sso_target_url: sso_target_url,
-            idp_cert_fingerprint: cert_fingerprint
-          }
-        end
-    end
-
-    def slo_attributes
-      @slo_attributes ||=
-        begin
-          {
-            idp_slo_target_url: slo_target_url,
-            idp_name_qualifier: entity_id,
-            idp_cert_fingerprint: cert_fingerprint
-          }
-        end
-    end
-
-    def self.parse_from_xml(name:, metadata:)
-      idp_metadata_parser = ::OneLogin::RubySaml::IdpMetadataParser.new
-      idp_settings = idp_metadata_parser.parse_to_hash(metadata)
-      new(
-        name: name,
-        entity_id: idp_settings[:idp_entity_id],
-        sso_target_url: idp_settings[:idp_sso_target_url],
-        slo_target_url: idp_settings[:idp_slo_target_url],
-        cert_fingerprint: idp_settings[:idp_cert_fingerprint]
-      )
-    end
-  end
-end

data/lib/spid/logout_request.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-require "onelogin/ruby-saml/logoutrequest"
-
-module Spid
-  class LogoutRequest < ::OneLogin::RubySaml::Logoutrequest # :nodoc:
-    def create_xml_document(settings)
-      original_document = super(settings)
-      issuer_element = original_document.elements["//saml:Issuer"]
-      issuer_element.attributes["Format"] = format_entity
-      issuer_element.attributes["NameQualifier"] = settings.issuer
-      original_document
-    end
-
-    private
-
-    def format_entity
-      "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
-    end
-  end
-end