RubyGems - spid - Versions diffs - 0.14.0 → 0.15.0 - Mend

spid 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +5 -5
data/lib/spid/rack/login.rb +4 -4
data/lib/spid/rack/logout.rb +4 -4
data/lib/spid/rack/slo.rb +52 -11
data/lib/spid/rack/sso.rb +6 -6
data/lib/spid/saml2.rb +1 -0
data/lib/spid/saml2/idp_logout_request.rb +4 -0
data/lib/spid/saml2/idp_logout_request_validator.rb +17 -0
data/lib/spid/slo.rb +1 -0
data/lib/spid/slo/idp_request.rb +78 -0
data/lib/spid/slo/response.rb +4 -0
data/lib/spid/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1abf8d3050f0829891601311959388cab3234dc5d75edd59e6dd19bc7de26c7f
-  data.tar.gz: c4668cb869d0ffc65438aa4a30ee70fcf2611c7c4b07274791d0683acf215471
+  metadata.gz: a69cfce2f0a7c237e36061186e9dfda86bdecc85c91163105518b4daebc6cc5c
+  data.tar.gz: 31aba1da1bab837c92fe3245754f1b6cb158dfb860ead66384dcf915a1fb5e4f
 SHA512:
-  metadata.gz: f3b6676b2941c3eba7cb55f80e0a04310467a244a8c52bae620dd3c2fbcad63ab4933fb1948f80f6b6ade12502125fbddf6ff0105c2f31fec04521c0dfd1cf70
-  data.tar.gz: 52981e148719b87079cb6e6aba5cf583552b92306a8e9c4b10673fd699214cbaaa1967adf6c1241efa2cba6e75ec58ad8d94018b7ef434da2f151218ee37c79e
+  metadata.gz: bac0ea1030e71bef7980e019b54bce8ee9dee96aa324cc2001be28b9cbf01676b699311fb412527633dedf3c3b28ef20b7c13da6aee32b43faae53d0c3f9415c
+  data.tar.gz: 8b4ddc12d9566e40f9622dba9d276ea413e0fb1e7bd2c715e2b0aed0d7f593327c83e27413748400c42d9d2b273049d6e341cb67d752e9ea9bc7a9428808aa92

data/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,10 @@
 ## [Unreleased]
+## [0.15.0] - 2018-08-31
+### Fixed
+- [IDP-Initiated SLO was not full implemented](https://github.com/italia/spid-ruby/issues/54)
 ## [0.14.0] - 2018-08-30
 ### Added
 - IDP-Initiated SLO management

data/README.md CHANGED Viewed

@@ -72,14 +72,14 @@ gem "spid"
 |verification of `Destination`|✓|
 |PartialLogout detection||
 |**LogoutRequest parsing (for third-party-initiated logout):**||
-|parsing of LogoutRequest XML||
+|parsing of LogoutRequest XML|✓|
 |verification of `Response/Signature` value (if any)||
 |verification of `Response/Signature` certificate (if any) against IdP metadata||
-|verification of `Issuer`||
-|verification of `Destination`||
-|parsing of `NameID`||
+|verification of `Issuer`|✓|
+|verification of `Destination`|✓|
+|parsing of `NameID`|✓|
 |**LogoutResponse generation (for third-party-initiated logout):**||
-|generation of LogoutResponse XML||
+|generation of LogoutResponse XML|✓|
 |HTTP-Redirect binding||
 |HTTP-POST binding||
 |PartialLogout customization||

data/lib/spid/rack/login.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Spid
         end
         def response
-          session["sso_request_uuid"] = sso_request.uuid
+          session["sso_request_uuid"] = responser.uuid
           [
             302,
             { "Location" => sso_url },
@@ -39,11 +39,11 @@ module Spid
         end
         def sso_url
-          sso_request.url
+          responser.url
         end
-        def sso_request
-          @sso_request ||=
+        def responser
+          @responser ||=
             begin
               Spid::Sso::Request.new(
                 idp_name: idp_name,

data/lib/spid/rack/logout.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Spid
         end
         def response
-          session["slo_request_uuid"] = slo_request.uuid
+          session["slo_request_uuid"] = responser.uuid
           [
             302,
             { "Location" => slo_url },
@@ -39,11 +39,11 @@ module Spid
         end
         def slo_url
-          slo_request.url
+          responser.url
         end
-        def slo_request
-          @slo_request ||=
+        def responser
+          @responser ||=
             begin
               Spid::Slo::Request.new(
                 idp_name: idp_name,

data/lib/spid/rack/slo.rb CHANGED Viewed

@@ -35,22 +35,35 @@ module Spid
         end
         def store_session_failure
-          session["errors"] = slo_response.errors
+          session["errors"] = responser.errors
         end
-        def response
-          if valid_response?
-            clear_session
-          else
-            store_session_failure
-          end
+        def response_sp_initiated
           [
             302,
             { "Location" => relay_state },
-            []
+            responser.response
+          ]
+        end
+        def response_idp_initiated
+          [
+            200,
+            {},
+            responser.response
           ]
         end
+        def validate_session
+          valid_response? ? clear_session : store_session_failure
+        end
+        def response
+          validate_session
+          return response_idp_initiated if idp_initiated?
+          response_sp_initiated
+        end
         def relay_state
           if !request.params["RelayState"].nil? &&
              request.params["RelayState"] != ""
@@ -79,7 +92,7 @@ module Spid
         end
         def valid_response?
-          slo_response.valid?
+          responser.valid?
         end
         def valid_request?
@@ -90,8 +103,36 @@ module Spid
           request.params["SAMLResponse"]
         end
-        def slo_response
-          @slo_response ||= ::Spid::Slo::Response.new(
+        def saml_request
+          request.params["SAMLRequest"]
+        end
+        def idp_initiated?
+          !saml_request.nil?
+        end
+        def responser
+          @responser ||=
+            begin
+              if idp_initiated?
+                idp_initiated_slo_request
+              else
+                sp_initiated_slo_response
+              end
+            end
+        end
+        private
+        def idp_initiated_slo_request
+          ::Spid::Slo::IdpRequest.new(
+            body: saml_request,
+            session_index: session["session_index"]
+          )
+        end
+        def sp_initiated_slo_response
+          ::Spid::Slo::Response.new(
             body: saml_response,
             request_uuid: session["slo_request_uuid"],
             session_index: session["session_index"]

data/lib/spid/rack/sso.rb CHANGED Viewed

@@ -31,13 +31,13 @@ module Spid
         end
         def store_session_success
-          session["attributes"] = sso_response.attributes
-          session["session_index"] = sso_response.session_index
+          session["attributes"] = responser.attributes
+          session["session_index"] = responser.session_index
           session.delete("sso_request_uuid")
         end
         def store_session_failure
-          session["errors"] = sso_response.errors
+          session["errors"] = responser.errors
         end
         def response
@@ -85,15 +85,15 @@ module Spid
         end
         def valid_response?
-          sso_response.valid?
+          responser.valid?
         end
         def valid_request?
           valid_path? && valid_http_verb?
         end
-        def sso_response
-          @sso_response ||= ::Spid::Sso::Response.new(
+        def responser
+          @responser ||= ::Spid::Sso::Response.new(
             body: saml_response,
             request_uuid: session["sso_request_uuid"]
           )

data/lib/spid/saml2.rb CHANGED Viewed

@@ -14,6 +14,7 @@ require "spid/saml2/utils"
 require "spid/saml2/idp_metadata_parser"
 require "spid/saml2/response_validator"
 require "spid/saml2/logout_response_validator"
+require "spid/saml2/idp_logout_request_validator"
 module Spid
   module Saml2 # :nodoc:

data/lib/spid/saml2/idp_logout_request.rb CHANGED Viewed

@@ -29,6 +29,10 @@ module Spid
         ]&.value
       end
+      def name_id
+        document.elements["/samlp:LogoutRequest/saml:NameID/text()"]&.value
+      end
       def name_id_name_qualifier
         document.elements[
           "/samlp:LogoutRequest/saml:NameID/@NameQualifier"

data/lib/spid/saml2/idp_logout_request_validator.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module Spid
+  module Saml2
+    class IdpLogoutRequestValidator # :nodoc:
+      attr_reader :request
+      def initialize(request:)
+        @request = request
+      end
+      def call
+        true
+      end
+    end
+  end
+end

data/lib/spid/slo.rb CHANGED Viewed

@@ -2,6 +2,7 @@
 require "spid/slo/request"
 require "spid/slo/response"
+require "spid/slo/idp_request"
 module Spid
   module Slo # :nodoc:

data/lib/spid/slo/idp_request.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+module Spid
+  module Slo
+    class IdpRequest # :nodoc:
+      include Spid::Saml2::Utils
+      attr_reader :body
+      attr_reader :saml_message
+      attr_reader :session_index
+      def initialize(body:, session_index:)
+        @body = body
+        @saml_message = decode_and_inflate(body)
+        @session_index = session_index
+      end
+      def response
+        [
+          idp_logout_response.to_saml
+        ]
+      end
+      def valid?
+        validator.call
+      end
+      def identity_provider
+        @identity_provider ||=
+          IdentityProviderManager.find_by_entity(issuer)
+      end
+      def service_provider
+        @service_provider ||=
+          Spid.configuration.service_provider
+      end
+      def issuer
+        idp_logout_request.issuer
+      end
+      def settings
+        @settings ||= Spid::Saml2::Settings.new(
+          service_provider: service_provider,
+          identity_provider: identity_provider
+        )
+      end
+      def validator
+        @validator ||=
+          begin
+            Spid::Saml2::IdpLogoutRequestValidator.new(
+              request: idp_logout_request
+            )
+          end
+      end
+      def idp_logout_request
+        @idp_logout_request ||=
+          begin
+            Spid::Saml2::IdpLogoutRequest.new(
+              saml_message: saml_message
+            )
+          end
+      end
+      def idp_logout_response
+        @idp_logout_response ||=
+          begin
+            Spid::Saml2::IdpLogoutResponse.new(
+              settings: settings,
+              request_uuid: idp_logout_request.id
+            )
+          end
+      end
+    end
+  end
+end

data/lib/spid/slo/response.rb CHANGED Viewed

@@ -17,6 +17,10 @@ module Spid
         validator.call
       end
+      def response
+        []
+      end
       def errors
         validator.errors
       end

data/lib/spid/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Spid
-  VERSION = "0.14.0"
+  VERSION = "0.15.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.15.0
 platform: ruby
 authors:
 - David Librera
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-08-30 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -325,6 +325,7 @@ files:
 - lib/spid/saml2/authn_request.rb
 - lib/spid/saml2/identity_provider.rb
 - lib/spid/saml2/idp_logout_request.rb
+- lib/spid/saml2/idp_logout_request_validator.rb
 - lib/spid/saml2/idp_logout_response.rb
 - lib/spid/saml2/idp_metadata_parser.rb
 - lib/spid/saml2/logout_request.rb
@@ -338,6 +339,7 @@ files:
 - lib/spid/saml2/utils.rb
 - lib/spid/saml2/utils/query_params_signer.rb
 - lib/spid/slo.rb
+- lib/spid/slo/idp_request.rb
 - lib/spid/slo/request.rb
 - lib/spid/slo/response.rb
 - lib/spid/sso.rb