Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

changed validation to raise errors

  • Loading branch information...
commit 8ce13f6ea672da99ed6cee5af0cb77714b37bac5 1 parent c76a726
@aeden aeden authored
View
7 .autotest
@@ -1,7 +1,10 @@
module Autotest::CustomTestMatch
Autotest.add_hook :initialize do |at|
- at.add_mapping(/test\.rb$/) do |f, _|
- at.files_matching(/test\.rb$/)
+ at.add_mapping(/test/) do |f, _|
+ at.files_matching(/_test\.rb$/)
+ end
+ at.add_mapping(/lib\/.*/) do |f, _|
+ at.files_matching(/_test\.rb$/)
end
end
end
View
3  lib/rsaml.rb
@@ -18,6 +18,7 @@
require 'rsaml/condition'
require 'rsaml/conditions'
require 'rsaml/encrypted'
+require 'rsaml/errors'
require 'rsaml/identifier'
require 'rsaml/proxy_restriction'
require 'rsaml/signature'
@@ -25,4 +26,4 @@
require 'rsaml/subject'
require 'rsaml/subject_confirmation'
require 'rsaml/subject_confirmation_data'
-require 'rsaml/subject_locality'
+require 'rsaml/subject_locality'
View
43 lib/rsaml/assertion.rb
@@ -48,26 +48,59 @@ def advice
@advice ||= []
end
- # Validate the assertion
+ def subject=(value)
+ case value
+ when String:
+ @subject = Subject.new(Name.new(value))
+ else
+ @subject = value
+ end
+ end
+
+ # Validate the assertion. If the assertion is valid then this method will return true.
def valid?
+ begin
+ validate
+ rescue RSAML::ValidationError => e
+ return false
+ end
+ return true
+ end
+
+ # Validate the assertion. If the assertion is invalid then this method will raise a
+ # ValidationError.
+ def validate
# rule: if there are no statements there must be a subject
- return false if statements.length == 0 && subject.nil?
+ if statements.length == 0 && subject.nil?
+ raise ValidationError, "An assertion with no statements must have a subject"
+ end
# rule: if there is a signature it must be valid
- return false if signature && !signature.valid?
+ if signature && !signature.valid?
+ raise ValidationError, "An assertion signature must be valid"
+ end
# rule: if there are conditions then they must be valid
if conditions
# rule: an assertion cache should be kept if conditions allow it
assertion_cache << self unless conditions.cache?
- return false if !conditions.valid?
+ if !conditions.valid?
+ raise ValidationError, "Conditions are not valid"
+ end
end
# rule: if there is an authentication then there must be a subject
statements.each do |statement|
if statement.is_a?(Authentication)
if subject.nil?
- return false
+ raise ValidationError, "An assertion with an Authentication statement must have a subject"
+ else
+ break
+ end
+ end
+ if statement.is_a?(Attribute)
+ if subject.nil?
+ raise ValidationError, "An assertion with an Attribute statement must have a subject"
else
break
end
View
12 lib/rsaml/condition.rb
@@ -2,7 +2,17 @@ module RSAML
class Condition
# Return true if the condition is valid
def valid?
- true
+ begin
+ validate
+ rescue ValidationError => e
+ return false
+ end
+ return true
+ end
+
+ # Raise an error unless the condition is valid
+ def validate
+
end
end
end
View
29 lib/rsaml/conditions.rb
@@ -44,7 +44,18 @@ def audience_restrictions
# Test for validity of the conditions
def valid?
- valid_time_limits? && valid_elements?
+ begin
+ validate
+ rescue ValidationError => e
+ return false
+ end
+ return true
+ end
+
+ # Raise a ValidationError
+ def validate
+ validate_time_limits
+ validate_elements
end
# Return true if the condition allows caching of the assertion
@@ -54,28 +65,24 @@ def cache?
protected
# Check time limit validity.
- def valid_time_limits?
- return false if not_before && Time.now < not_before
- return false if not_on_or_after && Time.now >= not_on_or_after
- return true
+ def validate_time_limits
+ raise ValidationError, "Condition failed: not before" if not_before && Time.now < not_before
+ raise ValidationError, "Condition failed: not on or after" if not_on_or_after && Time.now >= not_on_or_after
end
# Check condition validity.
- def valid_elements?
+ def validate_elements
# Rule 1
if conditions.empty? && audience_restrictions.empty? && proxy_restriction.nil? && one_time_use.nil?
- return true
+ return
end
# Rule 2
- if conditions.find { |c| !c.valid? }
- return false
- end
+ conditions.all { |c| c.validate }
# Rule 3
# Rule 4
- return true
end
end
end
View
4 lib/rsaml/errors.rb
@@ -0,0 +1,4 @@
+module RSAML
+ class ValidationError < StandardError
+ end
+end
View
2  lib/rsaml/statement/attribute.rb
@@ -2,7 +2,7 @@ module RSAML
module Statement
# The assertion subject is associated with the supplied attributes.
class Attribute < Base
-
+
end
end
end
View
5 lib/rsaml/subject.rb
@@ -6,6 +6,11 @@ class Subject
# The subject identifier
attr_accessor :identifier
+ # Initialize the subject with the given identifier
+ def initialize(identifier=nil)
+ @identifier = identifier
+ end
+
# Information that allows the subject to be confirmed. If more than one subject confirmation is provided,
# then satisfying any one of them is sufficient to confirm the subject for the purpose of applying the
# assertion.
View
22 test/assertion_test.rb
@@ -24,15 +24,29 @@ class AssertionTest < Test::Unit::TestCase
@assertion.subject = 'test'
end
should "be valid" do
- assert @assertion.valid?
+ assert_nothing_raised do
+ @assertion.validate
+ end
end
end
- context "with a statement" do
+ context "with an authentication statement" do
setup do
@assertion.statements << Authentication.new
end
- should "not require a subject" do
- @assertion.valid?
+ should "require a subject" do
+ assert_raise ValidationError do
+ @assertion.validate
+ end
+ end
+ end
+ context "with an attribute statement" do
+ setup do
+ @assertion.statements << Attribute.new
+ end
+ should "require a subject" do
+ assert_raise ValidationError do
+ @assertion.validate
+ end
end
end
end
View
3  test/statement_test.rb
@@ -12,7 +12,8 @@ class StatementTest < Test::Unit::TestCase
end
context "an attribute statement" do
setup do
- @statement = Attribute.new
+ subject = Subject.new(Name.new('example'))
+ @statement = Attribute.new(subject)
end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.