spid 0.14.0 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1abf8d3050f0829891601311959388cab3234dc5d75edd59e6dd19bc7de26c7f
-  data.tar.gz: c4668cb869d0ffc65438aa4a30ee70fcf2611c7c4b07274791d0683acf215471
+  metadata.gz: a69cfce2f0a7c237e36061186e9dfda86bdecc85c91163105518b4daebc6cc5c
+  data.tar.gz: 31aba1da1bab837c92fe3245754f1b6cb158dfb860ead66384dcf915a1fb5e4f
 SHA512:
-  metadata.gz: f3b6676b2941c3eba7cb55f80e0a04310467a244a8c52bae620dd3c2fbcad63ab4933fb1948f80f6b6ade12502125fbddf6ff0105c2f31fec04521c0dfd1cf70
-  data.tar.gz: 52981e148719b87079cb6e6aba5cf583552b92306a8e9c4b10673fd699214cbaaa1967adf6c1241efa2cba6e75ec58ad8d94018b7ef434da2f151218ee37c79e
+  metadata.gz: bac0ea1030e71bef7980e019b54bce8ee9dee96aa324cc2001be28b9cbf01676b699311fb412527633dedf3c3b28ef20b7c13da6aee32b43faae53d0c3f9415c
+  data.tar.gz: 8b4ddc12d9566e40f9622dba9d276ea413e0fb1e7bd2c715e2b0aed0d7f593327c83e27413748400c42d9d2b273049d6e341cb67d752e9ea9bc7a9428808aa92

data/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+## [0.15.0] - 2018-08-31
+### Fixed
+- [IDP-Initiated SLO was not full implemented](https://github.com/italia/spid-ruby/issues/54)
+
 ## [0.14.0] - 2018-08-30
 ### Added
 - IDP-Initiated SLO management

data/README.md

@@ -72,14 +72,14 @@ gem "spid"
 |verification of `Destination`|✓|
 |PartialLogout detection||
 |**LogoutRequest parsing (for third-party-initiated logout):**||
-|parsing of LogoutRequest XML||
+|parsing of LogoutRequest XML|✓|
 |verification of `Response/Signature` value (if any)||
 |verification of `Response/Signature` certificate (if any) against IdP metadata||
-|verification of `Issuer`||
-|verification of `Destination`||
-|parsing of `NameID`||
+|verification of `Issuer`|✓|
+|verification of `Destination`|✓|
+|parsing of `NameID`|✓|
 |**LogoutResponse generation (for third-party-initiated logout):**||
-|generation of LogoutResponse XML||
+|generation of LogoutResponse XML|✓|
 |HTTP-Redirect binding||
 |HTTP-POST binding||
 |PartialLogout customization||

data/lib/spid/rack/login.rb

@@ -30,7 +30,7 @@ module Spid
         end
 
         def response
-          session["sso_request_uuid"] = sso_request.uuid
+          session["sso_request_uuid"] = responser.uuid
           [
             302,
             { "Location" => sso_url },
@@ -39,11 +39,11 @@ module Spid
         end
 
         def sso_url
-          sso_request.url
+          responser.url
         end
 
-        def sso_request
-          @sso_request ||=
+        def responser
+          @responser ||=
             begin
               Spid::Sso::Request.new(
                 idp_name: idp_name,

data/lib/spid/rack/logout.rb

@@ -26,7 +26,7 @@ module Spid
         end
 
         def response
-          session["slo_request_uuid"] = slo_request.uuid
+          session["slo_request_uuid"] = responser.uuid
           [
             302,
             { "Location" => slo_url },
@@ -39,11 +39,11 @@ module Spid
         end
 
         def slo_url
-          slo_request.url
+          responser.url
         end
 
-        def slo_request
-          @slo_request ||=
+        def responser
+          @responser ||=
             begin
               Spid::Slo::Request.new(
                 idp_name: idp_name,

data/lib/spid/rack/slo.rb

@@ -35,22 +35,35 @@ module Spid
         end
 
         def store_session_failure
-          session["errors"] = slo_response.errors
+          session["errors"] = responser.errors
         end
 
-        def response
-          if valid_response?
-            clear_session
-          else
-            store_session_failure
-          end
+        def response_sp_initiated
           [
             302,
             { "Location" => relay_state },
-            []
+            responser.response
+          ]
+        end
+
+        def response_idp_initiated
+          [
+            200,
+            {},
+            responser.response
           ]
         end
 
+        def validate_session
+          valid_response? ? clear_session : store_session_failure
+        end
+
+        def response
+          validate_session
+          return response_idp_initiated if idp_initiated?
+          response_sp_initiated
+        end
+
         def relay_state
           if !request.params["RelayState"].nil? &&
              request.params["RelayState"] != ""
@@ -79,7 +92,7 @@ module Spid
         end
 
         def valid_response?
-          slo_response.valid?
+          responser.valid?
         end
 
         def valid_request?
@@ -90,8 +103,36 @@ module Spid
           request.params["SAMLResponse"]
         end
 
-        def slo_response
-          @slo_response ||= ::Spid::Slo::Response.new(
+        def saml_request
+          request.params["SAMLRequest"]
+        end
+
+        def idp_initiated?
+          !saml_request.nil?
+        end
+
+        def responser
+          @responser ||=
+            begin
+              if idp_initiated?
+                idp_initiated_slo_request
+              else
+                sp_initiated_slo_response
+              end
+            end
+        end
+
+        private
+
+        def idp_initiated_slo_request
+          ::Spid::Slo::IdpRequest.new(
+            body: saml_request,
+            session_index: session["session_index"]
+          )
+        end
+
+        def sp_initiated_slo_response
+          ::Spid::Slo::Response.new(
             body: saml_response,
             request_uuid: session["slo_request_uuid"],
             session_index: session["session_index"]

data/lib/spid/rack/sso.rb

@@ -31,13 +31,13 @@ module Spid
         end
 
         def store_session_success
-          session["attributes"] = sso_response.attributes
-          session["session_index"] = sso_response.session_index
+          session["attributes"] = responser.attributes
+          session["session_index"] = responser.session_index
           session.delete("sso_request_uuid")
         end
 
         def store_session_failure
-          session["errors"] = sso_response.errors
+          session["errors"] = responser.errors
         end
 
         def response
@@ -85,15 +85,15 @@ module Spid
         end
 
         def valid_response?
-          sso_response.valid?
+          responser.valid?
         end
 
         def valid_request?
           valid_path? && valid_http_verb?
         end
 
-        def sso_response
-          @sso_response ||= ::Spid::Sso::Response.new(
+        def responser
+          @responser ||= ::Spid::Sso::Response.new(
             body: saml_response,
             request_uuid: session["sso_request_uuid"]
           )

data/lib/spid/saml2.rb

@@ -14,6 +14,7 @@ require "spid/saml2/utils"
 require "spid/saml2/idp_metadata_parser"
 require "spid/saml2/response_validator"
 require "spid/saml2/logout_response_validator"
+require "spid/saml2/idp_logout_request_validator"
 
 module Spid
   module Saml2 # :nodoc:

data/lib/spid/saml2/idp_logout_request.rb

@@ -29,6 +29,10 @@ module Spid
         ]&.value
       end
 
+      def name_id
+        document.elements["/samlp:LogoutRequest/saml:NameID/text()"]&.value
+      end
+
       def name_id_name_qualifier
         document.elements[
           "/samlp:LogoutRequest/saml:NameID/@NameQualifier"

data/lib/spid/saml2/idp_logout_request_validator.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Spid
+  module Saml2
+    class IdpLogoutRequestValidator # :nodoc:
+      attr_reader :request
+
+      def initialize(request:)
+        @request = request
+      end
+
+      def call
+        true
+      end
+    end
+  end
+end

data/lib/spid/slo.rb

@@ -2,6 +2,7 @@
 
 require "spid/slo/request"
 require "spid/slo/response"
+require "spid/slo/idp_request"
 
 module Spid
   module Slo # :nodoc:

data/lib/spid/slo/idp_request.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+module Spid
+  module Slo
+    class IdpRequest # :nodoc:
+      include Spid::Saml2::Utils
+
+      attr_reader :body
+      attr_reader :saml_message
+      attr_reader :session_index
+
+      def initialize(body:, session_index:)
+        @body = body
+        @saml_message = decode_and_inflate(body)
+        @session_index = session_index
+      end
+
+      def response
+        [
+          idp_logout_response.to_saml
+        ]
+      end
+
+      def valid?
+        validator.call
+      end
+
+      def identity_provider
+        @identity_provider ||=
+          IdentityProviderManager.find_by_entity(issuer)
+      end
+
+      def service_provider
+        @service_provider ||=
+          Spid.configuration.service_provider
+      end
+
+      def issuer
+        idp_logout_request.issuer
+      end
+
+      def settings
+        @settings ||= Spid::Saml2::Settings.new(
+          service_provider: service_provider,
+          identity_provider: identity_provider
+        )
+      end
+
+      def validator
+        @validator ||=
+          begin
+            Spid::Saml2::IdpLogoutRequestValidator.new(
+              request: idp_logout_request
+            )
+          end
+      end
+
+      def idp_logout_request
+        @idp_logout_request ||=
+          begin
+            Spid::Saml2::IdpLogoutRequest.new(
+              saml_message: saml_message
+            )
+          end
+      end
+
+      def idp_logout_response
+        @idp_logout_response ||=
+          begin
+            Spid::Saml2::IdpLogoutResponse.new(
+              settings: settings,
+              request_uuid: idp_logout_request.id
+            )
+          end
+      end
+    end
+  end
+end

data/lib/spid/slo/response.rb

@@ -17,6 +17,10 @@ module Spid
         validator.call
       end
 
+      def response
+        []
+      end
+
       def errors
         validator.errors
       end

data/lib/spid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spid
-  VERSION = "0.14.0"
+  VERSION = "0.15.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.15.0
 platform: ruby
 authors:
 - David Librera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-30 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -325,6 +325,7 @@ files:
 - lib/spid/saml2/authn_request.rb
 - lib/spid/saml2/identity_provider.rb
 - lib/spid/saml2/idp_logout_request.rb
+- lib/spid/saml2/idp_logout_request_validator.rb
 - lib/spid/saml2/idp_logout_response.rb
 - lib/spid/saml2/idp_metadata_parser.rb
 - lib/spid/saml2/logout_request.rb
@@ -338,6 +339,7 @@ files:
 - lib/spid/saml2/utils.rb
 - lib/spid/saml2/utils/query_params_signer.rb
 - lib/spid/slo.rb
+- lib/spid/slo/idp_request.rb
 - lib/spid/slo/request.rb
 - lib/spid/slo/response.rb
 - lib/spid/sso.rb