Skip to content

Commit

Permalink
Adding support for valid SAML documents in a different NS.
Browse files Browse the repository at this point in the history
  • Loading branch information
@morten
morten committed Apr 18, 2011
1 parent 74287b8 commit 6a46a51
Show file tree
Hide file tree
Showing 5 changed files with 102 additions and 7 deletions.
17 changes: 11 additions & 6 deletions lib/onelogin/saml/response.rb
View file
Expand Up @@ -3,12 +3,17 @@

module Onelogin::Saml
class Response
attr_accessor :response, :document, :logger, :settings
attr_accessor :response, :document, :logger, :settings, :namespace

def initialize(response)
raise ArgumentError.new("Response cannot be nil") if response.nil?
self.response = response
self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
self.response = response
self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
self.namespace = "saml"

if document.elements["/#{namespace}p:Response/"].nil?
self.namespace = "saml2"
end
end

def is_valid?
Expand All @@ -21,12 +26,12 @@ def is_valid?

# The value of the user identifier as designated by the initialization request response
def name_id
@name_id ||= document.elements["/samlp:Response/saml:Assertion/saml:Subject/saml:NameID"].text
@name_id ||= document.elements["/#{namespace}p:Response/#{namespace}:Assertion/#{namespace}:Subject/#{namespace}:NameID"].text
end

# A hash of alle the attributes with the response. Assuming there is onlye one value for each key
def attributes
saml_attribute_statements = document.elements["/samlp:Response/saml:Assertion/saml:AttributeStatement"].elements
saml_attribute_statements = document.elements["/#{namespace}p:Response/#{namespace}:Assertion/#{namespace}:AttributeStatement"].elements
statements = saml_attribute_statements.map do |child|
child.attributes.map do |key, attribute|
[attribute, child.elements.first.text]
Expand All @@ -39,7 +44,7 @@ def attributes

# When this user session should expire at latest
def session_expires_at
@expires_at ||= Time.parse(document.elements["/samlp:Response/saml:Assertion/saml:AuthnStatement"].attributes["SessionNotOnOrAfter"])
@expires_at ||= Time.parse(document.elements["/#{namespace}p:Response/#{namespace}:Assertion/#{namespace}:AuthnStatement"].attributes["SessionNotOnOrAfter"])
end

private
Expand Down
0 test/response.txt → test/responses/response1.xml.base64
View file
File renamed without changes.
79 changes: 79 additions & 0 deletions test/responses/response2.xml.base64
View file
@@ -0,0 +1,79 @@
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwy
cDpSZXNwb25zZSB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpT
QU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHBzOi8vd2liYmxl
MTI5OTY5MzIwOC5leGFtcGxlLmNvbS9hY2Nlc3Mvc2FtbCIgSUQ9ImlkMTMw
MzEzOTUyNjA0ODY2MjAwMDE1OTIzNzMwNDciIElzc3VlSW5zdGFudD0iMjAx
MS0wNC0xOFQxNToxMjowNS45OTRaIiBWZXJzaW9uPSIyLjAiPgogIDxzYW1s
MjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1M
OjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNB
TUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij53aWJibGU8L3NhbWwyOklz
c3Vlcj4KICA8c2FtbDJwOlN0YXR1cyB4bWxuczpzYW1sMnA9InVybjpvYXNp
czpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+CiAgICA8c2FtbDJwOlN0
YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpz
dGF0dXM6U3VjY2VzcyIvPgogIDwvc2FtbDJwOlN0YXR1cz4KICA8c2FtbDI6
QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN
TDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQxMzAzMTM5NTI2MDU2NjkzMDAwOTI4
Mzg2OTY2IiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDQtMThUMTU6MTI6MDUuOTk0
WiIgVmVyc2lvbj0iMi4wIj4KICAgIDxzYW1sMjpJc3N1ZXIgeG1sbnM6c2Ft
bDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZv
cm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3Jt
YXQ6ZW50aXR5Ij53aWJibGU8L3NhbWwyOklzc3Vlcj4KICAgIDxkczpTaWdu
YXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s
ZHNpZyMiPgogICAgICA8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDov
L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAgPGRzOkNh
bm9uaWNhbGl6YXRpb25NZXRob2QgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMu
b3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgICAgPGRzOlNp
Z25hdHVyZU1ldGhvZCB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw
MC8wOS94bWxkc2lnIyIgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y
MDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgICAgICA8ZHM6UmVmZXJl
bmNlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz
aWcjIiBVUkk9IiNpZDEzMDMxMzk1MjYwNTY2OTMwMDA5MjgzODY5NjYiPgog
ICAgICAgICAgPGRzOlRyYW5zZm9ybXMgeG1sbnM6ZHM9Imh0dHA6Ly93d3cu
dzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAgICAgICA8ZHM6VHJh
bnNmb3JtIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht
bGRzaWcjIiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv
eG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CiAgICAgICAgICAgIDxk
czpUcmFuc2Zvcm0geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
MDkveG1sZHNpZyMiIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw
MS8xMC94bWwtZXhjLWMxNG4jIj4KICAgICAgICAgICAgICA8ZWM6SW5jbHVz
aXZlTmFtZXNwYWNlcyB4bWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAw
MS8xMC94bWwtZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJkcyBzYW1sMiIvPgog
ICAgICAgICAgICA8L2RzOlRyYW5zZm9ybT4KICAgICAgICAgIDwvZHM6VHJh
bnNmb3Jtcz4KICAgICAgICAgIDxkczpEaWdlc3RNZXRob2QgeG1sbnM6ZHM9
Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRo
bT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4K
ICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZSB4bWxuczpkcz0iaHR0cDovL3d3
dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+RGlnZXN0IFN0dWZmPC9kczpE
aWdlc3RWYWx1ZT4KICAgICAgICA8L2RzOlJlZmVyZW5jZT4KICAgICAgPC9k
czpTaWduZWRJbmZvPgogICAgICA8ZHM6U2lnbmF0dXJlVmFsdWUgeG1sbnM6
ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPlNpZ25h
dHVyZSBTdHVmZjwvZHM6U2lnbmF0dXJlVmFsdWU+CiAgICAgIDxkczpLZXlJ
bmZvPgogICAgICAgIDxkczpYNTA5RGF0YT4KICAgICAgICAgIDxkczpYNTA5
Q2VydGlmaWNhdGU+Q2VydGlmaWNhdGUgU3R1ZmY8L2RzOlg1MDlDZXJ0aWZp
Y2F0ZT4KICAgICAgICA8L2RzOlg1MDlEYXRhPgogICAgICA8L2RzOktleUlu
Zm8+CiAgICA8L2RzOlNpZ25hdHVyZT4KICAgIDxzYW1sMjpTdWJqZWN0IHht
bG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0
aW9uIj4KICAgICAgPHNhbWwyOk5hbWVJRD53aWJibGVAd2liYmxlLmNvbTwv
c2FtbDI6TmFtZUlEPgogICAgICA8c2FtbDI6U3ViamVjdENvbmZpcm1hdGlv
biBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFy
ZXIiPgogICAgICAgIDxzYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBO
b3RPbk9yQWZ0ZXI9IjIwMTEtMDQtMThUMTU6MTc6MDYuMDY0WiIgUmVjaXBp
ZW50PSJodHRwczovL3dpYmJsZTEyOTk2OTMyMDguZXhhbXBsZS5jb20vYWNj
ZXNzL3NhbWwvIi8+CiAgICAgIDwvc2FtbDI6U3ViamVjdENvbmZpcm1hdGlv
bj4KICAgIDwvc2FtbDI6U3ViamVjdD4KICAgIDxzYW1sMjpDb25kaXRpb25z
IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNz
ZXJ0aW9uIiBOb3RCZWZvcmU9IjIwMTEtMDQtMThUMTU6MDc6MDYuMDY3WiIg
Tm90T25PckFmdGVyPSIyMDExLTA0LTE4VDE1OjE3OjA2LjA2NFoiPgogICAg
ICA8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4KICAgICAgICA8c2FtbDI6
QXVkaWVuY2U+ZXhhbXBsZS5jb208L3NhbWwyOkF1ZGllbmNlPgogICAgICA8
L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICA8L3NhbWwyOkNvbmRp
dGlvbnM+CiAgICA8c2FtbDI6QXV0aG5TdGF0ZW1lbnQgeG1sbnM6c2FtbDI9
InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEF1dGhu
SW5zdGFudD0iMjAxMS0wNC0xOFQxNToxMjowNS45OTRaIj4KICAgICAgPHNh
bWwyOkF1dGhuQ29udGV4dD4KICAgICAgICA8c2FtbDI6QXV0aG5Db250ZXh0
Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNz
ZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29u
dGV4dENsYXNzUmVmPgogICAgICA8L3NhbWwyOkF1dGhuQ29udGV4dD4KICAg
IDwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+CiAgPC9zYW1sMjpBc3NlcnRpb24+
Cjwvc2FtbDJwOlJlc3BvbnNlPgo=
7 changes: 7 additions & 0 deletions test/ruby-saml_test.rb
View file
Expand Up @@ -30,6 +30,13 @@ class RubySamlTest < Test::Unit::TestCase
assert_raises(ArgumentError) { Onelogin::Saml::Response.new(nil) }
end

should "adapt namespace" do
response = Onelogin::Saml::Response.new(response_document)
assert !response.name_id.nil?
response = Onelogin::Saml::Response.new(response_document_2)
assert !response.name_id.nil?
end

context "#is_valid?" do
should "return false when response is initialized with blank data" do
response = Onelogin::Saml::Response.new('')
Expand Down
6 changes: 5 additions & 1 deletion test/test_helper.rb
View file
Expand Up @@ -9,6 +9,10 @@

class Test::Unit::TestCase
def response_document
@response_document ||= File.read(File.join(File.dirname(__FILE__), 'response.txt'))
@response_document ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response1.xml.base64'))
end

def response_document_2
@response_document2 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response2.xml.base64'))
end
end

0 comments on commit 6a46a51

Please sign in to comment.