From 86ab4d8013fa96fa69577ca04bc93ddc4ab0b421 Mon Sep 17 00:00:00 2001
From: TruongNM <truongnmt.dev@gmail.com>
Date: Mon, 11 Jan 2021 12:03:35 +0900
Subject: [PATCH] Add SessionNotOnOrAfter attribute to
 Saml::Elements::AuthnStatement

---
 lib/saml/assertion.rb                | 3 ++-
 lib/saml/elements/authn_statement.rb | 1 +
 spec/fixtures/artifact_response.xml  | 4 ++--
 spec/lib/saml/assertion_spec.rb      | 1 +
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/saml/assertion.rb b/lib/saml/assertion.rb
index dfdd55c..9cb4cdd 100644
--- a/lib/saml/assertion.rb
+++ b/lib/saml/assertion.rb
@@ -46,7 +46,8 @@ def initialize(*args)
       @authn_statement = Saml::Elements::AuthnStatement.new(authn_instant: authn_instant,
                                                             address: options.delete(:address),
                                                             authn_context_class_ref: options.delete(:authn_context_class_ref),
-                                                            session_index: options.delete(:session_index))
+                                                            session_index: options.delete(:session_index),
+                                                            session_not_on_or_after: options.delete(:session_not_on_or_after))
       super(*(args << options))
       @_id           ||= Saml.generate_id
       @issue_instant ||= Time.now
diff --git a/lib/saml/elements/authn_statement.rb b/lib/saml/elements/authn_statement.rb
index 8bff08f..d04c34e 100644
--- a/lib/saml/elements/authn_statement.rb
+++ b/lib/saml/elements/authn_statement.rb
@@ -8,6 +8,7 @@ class AuthnStatement
 
       attribute :authn_instant, Time, tag: "AuthnInstant", on_save: lambda { |val| val.utc.xmlschema }
       attribute :session_index, String, tag: "SessionIndex"
+      attribute :session_not_on_or_after, Time, tag: "SessionNotOnOrAfter", on_save: lambda { |val| val.utc.xmlschema if val.present?}
 
       has_one :subject_locality, Saml::Elements::SubjectLocality, tag: "SubjectLocality"
       has_one :authn_context, Saml::Elements::AuthnContext, tag: "AuthnContext"
diff --git a/spec/fixtures/artifact_response.xml b/spec/fixtures/artifact_response.xml
index fc31a8a..e7336c7 100644
--- a/spec/fixtures/artifact_response.xml
+++ b/spec/fixtures/artifact_response.xml
@@ -43,7 +43,7 @@
           </saml:Conditions>
           <saml:Statement>
           </saml:Statement>
-          <saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502">
+          <saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502" SessionNotOnOrAfter="2011-09-01T08:51:05Z">
             <saml:AuthnContext>
               <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
             </saml:AuthnContext>
@@ -83,7 +83,7 @@
       </saml:Advice>
       <saml:Statement>
       </saml:Statement>
-      <saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502">
+      <saml:AuthnStatement AuthnInstant="2011-08-31T08:51:05Z" SessionIndex="_93af655219464fb403b34436cfb0c5cb1d9a5502" SessionNotOnOrAfter="2011-09-01T08:51:05Z">
         <saml:AuthnContext>
           <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
         </saml:AuthnContext>
diff --git a/spec/lib/saml/assertion_spec.rb b/spec/lib/saml/assertion_spec.rb
index 251f0b4..080463f 100644
--- a/spec/lib/saml/assertion_spec.rb
+++ b/spec/lib/saml/assertion_spec.rb
@@ -114,6 +114,7 @@
     it 'parses AuthnStatement elements' do
       aggregate_failures do
         expect(assertion.authn_statement.size).to eq 1
+        expect(assertion.authn_statement.first.session_not_on_or_after).to eq(Time.parse("2011-09-01T08:51:05Z"))
         expect(assertion.authn_statement.first).to be_a(Saml::Elements::AuthnStatement)
       end
     end