Skip to content

Commit

Permalink
Response to a LogoutRequest initiated by IDP
Browse files Browse the repository at this point in the history
  • Loading branch information
davidlibrera committed Aug 31, 2018
1 parent 49b0537 commit 0763734
Show file tree
Hide file tree
Showing 4 changed files with 121 additions and 15 deletions.
46 changes: 39 additions & 7 deletions lib/spid/rack/slo.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,19 +38,32 @@ def store_session_failure
session["errors"] = responser.errors
end

def response
if valid_response?
clear_session
else
store_session_failure
end
def response_sp_initiated
[
302,
{ "Location" => relay_state },
responser.response
]
end

def response_idp_initiated
[
200,
{},
responser.response
]
end

def validate_session
valid_response? ? clear_session : store_session_failure
end

def response
validate_session
return response_idp_initiated if idp_initiated?
response_sp_initiated
end

def relay_state
if !request.params["RelayState"].nil? &&
request.params["RelayState"] != ""
Expand Down Expand Up @@ -90,15 +103,34 @@ def saml_response
request.params["SAMLResponse"]
end

def saml_request
request.params["SAMLRequest"]
end

def idp_initiated?
!saml_request.nil?
end

def responser
@responser ||=
begin
sp_initiated_slo_response unless saml_response.nil?
if idp_initiated?
idp_initiated_slo_request
else
sp_initiated_slo_response
end
end
end

private

def idp_initiated_slo_request
::Spid::Slo::IdpRequest.new(
body: saml_request,
session_index: session["session_index"]
)
end

def sp_initiated_slo_response
::Spid::Slo::Response.new(
body: saml_response,
Expand Down
49 changes: 49 additions & 0 deletions lib/spid/slo/idp_request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,16 @@ def initialize(body:, session_index:)
@session_index = session_index
end

def response
[
idp_logout_response.to_saml
]
end

def valid?
validator.call
end

def identity_provider
@identity_provider ||=
IdentityProviderManager.find_by_entity(issuer)
Expand All @@ -24,6 +34,45 @@ def service_provider
@service_provider ||=
Spid.configuration.service_provider
end

def issuer
idp_logout_request.issuer
end

def settings
@settings ||= Spid::Saml2::Settings.new(
service_provider: service_provider,
identity_provider: identity_provider
)
end

def validator
@validator ||=
begin
Spid::Saml2::IdpLogoutRequestValidator.new(
request: idp_logout_request
)
end
end

def idp_logout_request
@idp_logout_request ||=
begin
Spid::Saml2::IdpLogoutRequest.new(
saml_message: saml_message
)
end
end

def idp_logout_response
@idp_logout_response ||=
begin
Spid::Saml2::IdpLogoutResponse.new(
settings: settings,
request_uuid: idp_logout_request.id
)
end
end
end
end
end
1 change: 1 addition & 0 deletions spec/fixtures/slo-request.base64
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
lVdZk9tGDn7fqv0PU5NH1pj3NWU7xVPiKfGUxJctimwe4ine4q9fzthxbG+STR4bDXz4gEY3Gh9/XaryaQJdnzf1p2f0A/L86+d//+tjH1Zl+6o3aTMONriPoB+eNs26f33f+fQ8dvVrE/Z5/1qHFehfh+jV4Qz9FfuAvLZdMzRRUz5/Z/LXFmHfg27YKDw/KeKn5zZZMAASKrpGLwxgmRccocKXa0TTLyG4AiRCWECT+POT/xvxDWQz7fsRKHU/hPWwiRCUeEHoF5RxEfQVxV8RKnh+ErdI8joc3q2yYWj7VxjenE95BD5sxKc8Bh3ct3kM92XzvOXi6ek9G6/v6N2T3HRVOPx1OG+SPE7eNV9BPeTD4/nJ3ITWGJZ5koPud9+bv3eFb86fP//p1kf4OyafP8b9q5OnWzBjB76mOu6/IG/W8zx/mPEPTZfCGIIgMMLCm07c5+kvX8P6ag9ipU6adzghrJs6jzaS63uKDDBkTfzElWnT5UNW/Qk4CqPIG/gLWKKXCCXqX57hdxe/O3kn+bfhEOI3ri9V04Ffuj586bOQRLGvwG+wNkhAB+oIPHm28un5l79bNe+Rul1Y928n1P+4/L/kfkgkqCdQNi2IX/rfYtwI/jPAP0zeR/h/OYp5uhXv38zhDzS31KFfeX0B8cNyBJ87QTj7dmJ2p4vm33yRfZz1wmtNJvY+vRP4Xvld8C3lX5Y/Vc+3c/5isZd8m11QZO2BxK7ZkKrowBkSGylyFGdy3uwk+Oo5wc0+3haxIzBogVJC91IxZXaXhZL0QJQIrKuFqtXJKqbzlc3GVbL59qpK3QUoMIE8WDnVslgwOKbLKGw689kMwfgowsp+OLPnLjhBY0oH1RG/T0mTmfsEuV85xbFuZjZHbVWWSelpZ2hWhuUgW+60zrbUQXaPe8cjccPYxREuhYVbimlYCJVYRa3tDlUdMddSF/VUqhUZUAh8b4h7VIqOJjhXdKVLupeGizlbKdJKSEAtbBWwYKJZgq+qTD4hlOtzoZUou6Xfcw9nKLaDQGs+902KetQWHOQwOMVIUu1PSZVQUl8MrnyedJoLpLwlEY4pOZbrmYPKuNccCf2rphMPkszd8ST5FWU7ZWVgdpRrNxaRg1HoGtWkUqa3V146B9F91ac0X9rZrWE7POZLhfdOdJ32fagbqHUXaoSnXVonGkJz6HkY+hs53lBmYsYW4rD6asLLtZDUBdEtTIqbPamliYJ0/sM37zdlMlmkzSQwPBSsm0tFzB9hybAzvI5njSmzW9377FkofNxU9US5xRchvaEJ73U9PkIVyvRVpOwIAwpuSe0Yg9XU2uBVRFspU0hau5lU8hIC1ZFtpSVHJiXUsuCGLBOLN26TXfrBO5/0UmfVO2tYl1BUEPN4NyoV64NEdnXs4G3BG4QvlKnYf/pWzt/V79YGN6EGHt8K/EwirBgO4beF8Na1ku3BHMBnQ1EkRhQEbshTblZ4LlVU7hBN0s1RDviaGhyyE5z7zlGuuGhJvDB73CZbhJVT+dT0ee7ickXpGTxxFl2JMMRoMW7SaogeaqLNm4z8STZvMt3gih2HehKfGYLjW3OaKvnPvjjL4zhCEcSZe9vXuEYROEuADtp4hf2SP/nYXSF5llVXx8AxHh6puruwlT8TMET3gnw37Y4di3zIeYFX5NaKwntwBtRNUEv07EQd11lUDWenrA/t4cEmFqbsGRT1C8zELwoKx8mFDzjqeAPmTC03/bATtX0GQZ0Wz0lP81rNVneOc8Ixp9CkBazj20CH4rJMYUlgc4R0IdIkb7uiLPlyHc7T3Azj0l8vR6uR8AUmL1ZwQG6czXJuclybIoYkxj7OYyrudgdfgwn1Qq6GkYhFOUH3nLYpv5zsNZrbDOcfFsGL+FDZOr6VLh3tz0Lulxzin8X64HWAiqoY9ofB7io0a1xYv8jKJbu2siVTuH6EWoNT8Qoa8dZ2QJCQkJG2E92csLnfSfFAV6WRiR1a+LXRc0elm6G9jJFWYMJqpE48RQ5rvjzUaXwcEqKGA645WoyIjQGXIdP5JJUXRO0Ey3OvtjsnR0UVpUHmtzesb4hH94C0G9xFbnhNVXAv9rv5RKclQGMmjW3TpPvHVZk9q3Ods/yIL5JaRYN6vc+YdNU0hlu1Qh1TKN+JR9SyzvmhgoNAxfKQAKhckWO6P1GM+RAnGal1UODhLgnqUDE9241J/YK7s76Tw8PeDjjT5kK9ze2+dw4ywxat3Fg0PZsgt07ozYTkC1EDnGv1kx+trpOMBeUtd/xuV/szup5hBTYqajZTgoHc1LGvy03wjgrizIrIWRzfoMbsuVz8dl/2FiHJqeUJYBAc0zh6tFZmfs2oQ0ZovczhkjXv54vo28iN59NZbri/1BW/6LqctYd5zttuisTDK2fyaXHPinzHzsh2jzZl7iBwqcTJ8ARl0YF0zxNZlnTaX3NsPM88bREaphJje2lJTJqj6nw3U39qwuNiH+jywIJdKa+Q9ZAuXezrlRVvz7u191zjrkELVpI3yhWCOEj1GfJOj0NKMX5A444nIMM+UFf+gaCg5pnDhJTkuGdMKcA9dVUKv/fOZa7oli6YWuJhEM6P2cQWkU8RbdkjBcsO9hL5xbEdnAkKlYW2JG4tJR6Pd60mN7xLVzYEIqjsEsPIpMlP0/nu1MHNswygU9rey/JdxnFY5bMptLXutjj0Vu7JO81Nwa72DRpyuzGGdwd2WvvkNp8fra6tgLAIAk5zod9By9F7qBwfX5iDMd/tds9ltq/WXu+wVWyG4cks0z2OqhHBZbpa7OcTcXT4piL6Eyr3cn7cFcd97ZWMa6rFbu/Sj1MHoBiP+IA5DEX1qHFuv/QM0VTXnNRYJL15O0qEHbNREZlgLajlEo/dt+g6im0ncC5USM4Qd9IQmdGj6BklJv0rSZCrW8l40GnuuXfoLjkyJ5HG/BDfnvZwvx0ISzrQNchXQcETMOSBxdzZywY9uTsTNAeOPjbLRT2MnqX5YFjlQzxzB0c5OgMjXSJK7Dykbk55gHTLYWXdWHHRM18xjnhjDWGMASSGQHKlw3V0u847rUngXBDhdvLJlTkFZIEtg4gyuctNkYBpqnOfEcKRUDyq93kza8gOmrX5fD6G0Zf29nPD+ib80tLg75vdD+3wuyHobYhRxL8/y/yDcenl67w0vP168w3o+fN/EhaLIpTBCZBESELjgN0+8QnBYEkEGATB6ZDCSBTQXwejL+y+o+uA/m0+VOoYLJ//EwIqpkgUeaFjgL4QaBy/XDFimw4YDBDMlYqTiPiK9IPh9hGA/2Ag/vxf
40 changes: 32 additions & 8 deletions spec/requests/rack/slo_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,6 @@
File.read(generate_fixture_path("slo-response.base64"))
end

let(:spid_session) do
{
"slo_request_uuid" => request_uuid
}
end

let(:request_uuid) { "_21df91a89767879fc0f7df6a1490c6000c81644d" }

let(:response) do
request.get(
path,
Expand All @@ -69,6 +61,14 @@
{ SAMLResponse: saml_response, RelayState: "/path/to/return" }
end

let(:spid_session) do
{
"slo_request_uuid" => request_uuid
}
end

let(:request_uuid) { "_21df91a89767879fc0f7df6a1490c6000c81644d" }

it "responds with 302" do
expect(response.status).to eq 302
end
Expand Down Expand Up @@ -115,5 +115,29 @@
end
end
end

context "when request is a idp-initiated response from identity provider" do
let(:params) do
{ SAMLRequest: saml_request }
end

let(:spid_session) { {} }

let(:expected_body) do
%r{<samlp:LogoutResponse.*?</samlp:LogoutResponse>}
end

let(:saml_request) do
File.read(generate_fixture_path("slo-request.base64"))
end

it "responds with 200" do
expect(response.status).to eq 200
end

it "returns the saml logout response" do
expect(response.body).to match expected_body
end
end
end
end

0 comments on commit 0763734

Please sign in to comment.