Permalink
Browse files

Update to use Rack::Request

  • Loading branch information...
alexcrichton committed Aug 3, 2011
1 parent 41005e4 commit f160e42cb4f90280144baa905039c23343947045
Showing with 9 additions and 8 deletions.
  1. +4 −3 lib/rack/shibboleth.rb
  2. +4 −4 lib/rack/shibboleth/resolver.rb
  3. +1 −1 spec/fixtures/sample-response
View
@@ -43,7 +43,8 @@ def initialize app, opts
end
def call env
- if env['PATH_INFO'] == '/auth/shibboleth'
+ request = Rack::Request.new env
+ if request.path_info == '/auth/shibboleth'
query = {
:SAMLRequest => Shibboleth::Request.new(@opts).encode,
:RelayState => @opts[:issuer]
@@ -54,9 +55,9 @@ def call env
return Rack::Response.new.tap{ |r|
r.redirect @opts[:idp_url] + '?' + arr.join('&')
}.finish
- elsif env['PATH_INFO'] == '/Shibboleth.sso/SAML2/POST'
+ elsif request.path_info == '/Shibboleth.sso/SAML2/POST'
env['shibboleth.resolver'] = Shibboleth::Resolver.from_response(
- env['rack.input'].read, @private_key, @opts)
+ request.params['SAMLResponse'], @private_key, @opts)
end
@app.call env
@@ -7,16 +7,16 @@ class Resolver
# Creates a new Resolver from the IdP's response, using the given private
# key to decrypt the response.
#
- # @param [String] resp the raw response from the IdP
+ # @param [String] resp the 'SAMLResponse' value from the IdP
# @param [OpenSSL::PKey::RSA] private_key the private key which will be
# used to decrypt the response
#
# @return [Rack::Shibboleth::Resolver, false] either the resolver object
# for the specified response or false if the response could not
# be decode and/or verified
def self.from_response resp, private_key, opts
- xml = Rack::Utils.parse_query(resp)
- xml = Base64.decode64 xml['SAMLResponse']
+ return nil if resp.nil?
+ xml = Base64.decode64 resp
shib_response = Shibboleth::Response.new xml
assertion = shib_response.decode private_key
@@ -43,7 +43,7 @@ def initialize assertion, opts
# @return [Boolean] true if the resolver has valid attributes.
def valid?
conds = conditions
- conds[:after] < Time.now && Time.now < conds[:before] &&
+ conds[:after] <= Time.now && Time.now <= conds[:before] &&
conds[:audience] == @opts[:issuer]
end
Oops, something went wrong.

0 comments on commit f160e42

Please sign in to comment.