Merge branch 'master' into add-session-expiration

lawrencepit · web-flow · commit 16de4a0fced4 · 2018-03-04T10:21:52.000+11:00
diff --git a/.travis.yml b/.travis.yml
@@ -1,8 +1,6 @@
 before_install:
   - gem install bundler
 rvm:
-  - 1.9.3
-  - 2.0.0
   - 2.1.0
   - 2.2.0
   - 2.3.0
diff --git a/MIT-LICENSE b/MIT-LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2012 Lawrence Pit (http://lawrencepit.com)
+Copyright (c) 2012 Lawrence Pit (https://github.com/lawrencepit/ruby-saml-idp)
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/README.md b/README.md
@@ -1,7 +1,6 @@
 # Ruby SAML Identity Provider (IdP)
 
 [![Build Status](https://secure.travis-ci.org/lawrencepit/ruby-saml-idp.png)](http://travis-ci.org/lawrencepit/ruby-saml-idp?branch=master)
-[![Code Climate](https://codeclimate.com/github/lawrencepit/ruby-saml-idp/badges/gpa.svg)](https://codeclimate.com/github/lawrencepit/ruby-saml-idp)
 [![Gem Version](https://fury-badge.herokuapp.com/rb/ruby-saml-idp.png)](http://badge.fury.io/rb/ruby-saml-idp)
 
 The ruby SAML Identity Provider library is for implementing the server side of SAML authentication. It allows your application to act as an IdP (Identity Provider) using the [SAML v2.0](http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language) protocol. It provides a means for managing authentication requests and confirmation responses for SPs (Service Providers).
@@ -94,12 +93,6 @@ Service Providers
 To act as a Service Provider which generates SAML Requests and can react to SAML Responses use the excellent [ruby-saml](https://github.com/onelogin/ruby-saml) gem.
 
 
-Author
-----------
-
-Lawrence Pit, lawrence.pit@gmail.com, [lawrencepit.com](http://lawrencepit.com), [@lawrencepit](http://twitter.com/lawrencepit)
-
-
 Copyright
 -----------
 
diff --git a/app/controllers/saml_idp/idp_controller.rb b/app/controllers/saml_idp/idp_controller.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SamlIdp
   class IdpController < ActionController::Base
     include SamlIdp::Controller
diff --git a/lib/ruby-saml-idp.rb b/lib/ruby-saml-idp.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SamlIdp
   require 'saml_idp/configurator'
   require 'saml_idp/controller'
diff --git a/lib/saml_idp/configurator.rb b/lib/saml_idp/configurator.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SamlIdp
   class Configurator
     attr_accessor :x509_certificate, :secret_key, :algorithm, :expires_in
diff --git a/lib/saml_idp/controller.rb b/lib/saml_idp/controller.rb
@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 module SamlIdp
   module Controller
     require 'openssl'
@@ -51,7 +49,7 @@ def expires_in
     protected
 
       def validate_saml_request(saml_request = params[:SAMLRequest])
-        decode_SAMLRequest(saml_request)
+        decode_SAMLRequest(saml_request) rescue false
       end
 
       def decode_SAMLRequest(saml_request)
@@ -75,7 +73,7 @@ def encode_SAMLResponse(nameID, opts = {})
           session_expiration = %{ SessionNotOnOrAfter="#{(now + expires_in).iso8601}"}
         end
 
-        assertion = %[<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_#{reference_id}" IssueInstant="#{now.iso8601}" Version="2.0"><saml:Issuer Format="urn:oasis:names:SAML:2.0:nameid-format:entity">#{issuer_uri}</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">#{nameID}</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="#{@saml_request_id}" NotOnOrAfter="#{(now+3*60).iso8601}" Recipient="#{@saml_acs_url}"></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="#{(now-5).iso8601}" NotOnOrAfter="#{(now+60*60).iso8601}"><saml:AudienceRestriction><saml:Audience>#{audience_uri}</saml:Audience></saml:AudienceRestriction></saml:Conditions>#{attributes_statement}<saml:AuthnStatement AuthnInstant="#{now.iso8601}" SessionIndex="_#{reference_id}"#{session_expiration}><saml:AuthnContext><saml:AuthnContextClassRef>urn:federation:authentication:windows</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>]
+        assertion = %[<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_#{reference_id}" IssueInstant="#{now.iso8601}" Version="2.0"><saml:Issuer Format="urn:oasis:names:SAML:2.0:nameid-format:entity">#{issuer_uri}</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">#{nameID}</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData#{@saml_request_id.present? ? %[ InResponseTo="#{@saml_request_id}"] : ""} NotOnOrAfter="#{(now+3*60).iso8601}" Recipient="#{@saml_acs_url}"></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="#{(now-5).iso8601}" NotOnOrAfter="#{(now+60*60).iso8601}"><saml:AudienceRestriction><saml:Audience>#{audience_uri}</saml:Audience></saml:AudienceRestriction></saml:Conditions>#{attributes_statement}<saml:AuthnStatement AuthnInstant="#{now.iso8601}" SessionIndex="_#{reference_id}"#{session_expiration}><saml:AuthnContext><saml:AuthnContextClassRef>urn:federation:authentication:windows</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>]
 
         digest_value = Base64.encode64(algorithm.digest(assertion)).gsub(/\n/, '')
 
@@ -87,7 +85,7 @@ def encode_SAMLResponse(nameID, opts = {})
 
         assertion_and_signature = assertion.sub(/Issuer\>\<saml:Subject/, "Issuer>#{signature}<saml:Subject")
 
-        xml = %[<samlp:Response ID="_#{response_id}" Version="2.0" IssueInstant="#{now.iso8601}" Destination="#{@saml_acs_url}" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="#{@saml_request_id}" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#{issuer_uri}</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>#{assertion_and_signature}</samlp:Response>]
+        xml = %[<samlp:Response ID="_#{response_id}" Version="2.0" IssueInstant="#{now.iso8601}" Destination="#{@saml_acs_url}" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"#{@saml_request_id.present? ? %[ InResponseTo="#{@saml_request_id}"] : ""} xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#{issuer_uri}</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status>#{assertion_and_signature}</samlp:Response>]
 
         Base64.encode64(xml)
       end
diff --git a/lib/saml_idp/default.rb b/lib/saml_idp/default.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SamlIdp
   module Default
 
diff --git a/lib/saml_idp/engine.rb b/lib/saml_idp/engine.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SamlIdp
   class Engine < Rails::Engine
   end
diff --git a/lib/saml_idp/version.rb b/lib/saml_idp/version.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 module SamlIdp
-  VERSION = '0.3.2'
+  VERSION = '0.3.5'
 end
diff --git a/ruby-saml-idp.gemspec b/ruby-saml-idp.gemspec
@@ -1,4 +1,3 @@
-# -*- encoding: utf-8 -*-
 $:.push File.expand_path("../lib", __FILE__)
 require "saml_idp/version"
 
@@ -11,6 +10,8 @@ Gem::Specification.new do |s|
   s.homepage = %q{http://github.com/lawrencepit/ruby-saml-idp}
   s.summary = %q{SAML Indentity Provider in ruby}
   s.description = %q{SAML IdP (Identity Provider) library in ruby}
+  s.license = "MIT"
+
   s.date = Time.now.utc.strftime("%Y-%m-%d")
   s.files = Dir.glob("app/**/*") + Dir.glob("lib/**/*") + [
      "MIT-LICENSE",
@@ -22,10 +23,10 @@ Gem::Specification.new do |s|
   s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
   s.rdoc_options = ["--charset=UTF-8"]
-  s.add_development_dependency "rake"
-  s.add_development_dependency("nokogiri", "~> 1.6.8")
+  s.add_development_dependency("rake")
+  s.add_development_dependency("ruby-saml")
+  s.add_development_dependency("nokogiri")
   s.add_development_dependency("rspec", "~> 3.0")
-  s.add_development_dependency("ruby-saml", "~> 0.8")
   s.add_development_dependency("rails", "~> 3.2")
   s.add_development_dependency("capybara", "~> 2.4.1")
   s.add_development_dependency("timecop", "~> 0.9.0")
diff --git a/spec/saml_idp/controller_spec.rb b/spec/saml_idp/controller_spec.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 require 'spec_helper'
 require 'timecop'
 
@@ -26,17 +25,16 @@ def params
       saml_response = encode_SAMLResponse("foo@example.com")
       response = OneLogin::RubySaml::Response.new(saml_response)
       expect(response.name_id).to eq("foo@example.com")
-      expect(response.issuer).to eq("http://example.com")
+      expect(response.issuers).to eq(["http://example.com"])
       response.settings = saml_settings
-      expect(response.is_valid?).to be true
+      expect(response.is_valid?).to be_truthy
     end
 
     it "should handle custom attribute objects" do
       provider = double(to_s: %[<saml:AttributeStatement><saml:Attribute Name="organization"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Organization name</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>])
 
       default_attributes = %[<saml:AttributeStatement><saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><saml:AttributeValue>foo@example.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>]
 
-
       saml_response = encode_SAMLResponse("foo@example.com", { attributes_provider: provider })
       response = OneLogin::RubySaml::Response.new(saml_response)
       expect(response.response).to include provider.to_s
@@ -49,7 +47,7 @@ def params
         saml_response = encode_SAMLResponse("foo@example.com")
         response = OneLogin::RubySaml::Response.new(saml_response)
         expect(response.name_id).to eq("foo@example.com")
-        expect(response.issuer).to eq("http://example.com")
+        expect(response.issuers).to eq(["http://example.com"])
         response.settings = saml_settings
         expect(response.is_valid?).to be true
       end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -1,4 +1,3 @@
-# encoding: utf-8
 $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
 $LOAD_PATH.unshift File.dirname(__FILE__)
 
diff --git a/spec/support/saml_request_macros.rb b/spec/support/saml_request_macros.rb
@@ -9,7 +9,7 @@ def make_saml_request(requested_saml_acs_url = "https://foo.example.com/saml/con
   def saml_settings(options = {})
     settings = OneLogin::RubySaml::Settings.new
     settings.assertion_consumer_service_url = options[:saml_acs_url] || "https://foo.example.com/saml/consume"
-    settings.issuer = options[:issuer] || "http://example.com/issuer"
+    settings.issuer = options[:issuer] || "https://foo.example.com/"
     settings.idp_sso_target_url = options[:idp_sso_target_url] || "http://idp.com/saml/idp"
     settings.idp_cert_fingerprint = SamlIdp::Default::FINGERPRINT
     settings.name_identifier_format = SamlIdp::Default::NAME_ID_FORMAT

-Original file line number
+Diff line change
@@ @@ -1,8 +1,6 @@ @@
 before_install:
   - gem install bundler
 rvm:
 -  - 1.9.3
 -  - 2.0.0
   - 2.1.0
   - 2.2.0
   - 2.3.0
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-Copyright (c) 2012 Lawrence Pit (http://lawrencepit.com)`
	`1`	`+Copyright (c) 2012 Lawrence Pit (https://github.com/lawrencepit/ruby-saml-idp)`
`2`	`2`
`3`	`3`	`Permission is hereby granted, free of charge, to any person obtaining`
`4`	`4`	`a copy of this software and associated documentation files (the`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-# encoding: utf-8`
`2`	`1`	`module SamlIdp`
`3`	`2`	`class IdpController < ActionController::Base`
`4`	`3`	`include SamlIdp::Controller`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-# encoding: utf-8`
`2`	`1`	`$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'`
`3`	`2`	`$LOAD_PATH.unshift File.dirname(__FILE__)`
`4`	`3`