Merge pull request #105 from onelogin/namespace-collision

Lock Gem versions, fix to resolve possible namespace collision

Author: Lordnibbler

.gitignore

@@ -9,3 +9,4 @@ lib/Lib.iml
 test/Test.iml
 .rvmrc
 *.gem
+.bundle

Gemfile

@@ -4,10 +4,12 @@ gemspec
 
 group :test do
   gem "ruby-debug", "~> 0.10.4", :require => nil, :platforms => :ruby_18
-  gem "debugger",   "~> 1.1.1",  :require => nil, :platforms => :ruby_19
-  gem "shoulda"
-  gem "rake"
-  gem "mocha"
-  gem "nokogiri", ">= 1.5.0"
-  gem "timecop"
+  gem "debugger",   "~> 1.1",    :require => nil, :platforms => :ruby_19
+  gem "shoulda",    "~> 2.11"
+  gem "rake",       "~> 10"
+  gem "mocha",      "~> 0.14"
+  gem "nokogiri",   "~> 1.5"
+  gem "timecop",    "<= 0.6.0"
+  gem "systemu",    "~> 2"
+  gem "rspec",      "~> 2"
 end

lib/onelogin/ruby-saml/response.rb

@@ -78,7 +78,7 @@ def session_expires_at
           parse_time(node, "SessionNotOnOrAfter")
         end
       end
-      
+
       # Checks the status of the response for a "Success" code
       def success?
         @status_code ||= begin
@@ -118,7 +118,7 @@ def validate(soft = true)
         validate_structure(soft)      &&
         validate_response_state(soft) &&
         validate_conditions(soft)     &&
-        document.validate(get_fingerprint, soft) && 
+        document.validate_document(get_fingerprint, soft) &&
         success?
       end
 

lib/onelogin/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module Onelogin
   module Saml
-    VERSION = '0.7.2'
+    VERSION = '0.7.3'
   end
 end

lib/xml_security.rb

@@ -44,7 +44,7 @@ def initialize(response)
       extract_signed_element_id
     end
 
-    def validate(idp_cert_fingerprint, soft = true)
+    def validate_document(idp_cert_fingerprint, soft = true)
       # get cert from response
       cert_element = REXML::XPath.first(self, "//ds:X509Certificate", { "ds"=>DSIG })
       raise Onelogin::Saml::ValidationError.new("Certificate element missing in response (ds:X509Certificate)") unless cert_element
@@ -59,10 +59,10 @@ def validate(idp_cert_fingerprint, soft = true)
         return soft ? false : (raise Onelogin::Saml::ValidationError.new("Fingerprint mismatch"))
       end
 
-      validate_doc(base64_cert, soft)
+      validate_signature(base64_cert, soft)
     end
 
-    def validate_doc(base64_cert, soft = true)
+    def validate_signature(base64_cert, soft = true)
       # validate references
 
       # check for inclusive namespaces

ruby-saml.gemspec

@@ -25,5 +25,5 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency("canonix", ["0.1.1"])
   s.add_runtime_dependency("uuid", ["~> 2.3"])
-  s.add_runtime_dependency("nokogiri", [">= 1.5.0"])
+  s.add_runtime_dependency("nokogiri", ["~> 1.5.0"])
 end

test/response_test.rb

@@ -120,7 +120,7 @@ class RubySamlTest < Test::Unit::TestCase
         settings = Onelogin::Saml::Settings.new
         response.settings = settings
         settings.idp_cert_fingerprint = "28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA"
-        XMLSecurity::SignedDocument.any_instance.expects(:validate_doc).returns(true)
+        XMLSecurity::SignedDocument.any_instance.expects(:validate_signature).returns(true)
         assert response.validate!
       end
 
@@ -240,13 +240,13 @@ class RubySamlTest < Test::Unit::TestCase
         response = Onelogin::Saml::Response.new(response_document)
         assert_equal "https://app.onelogin.com/saml/metadata/13590", response.issuer
       end
-      
+
       should "return the issuer inside the response" do
         response = Onelogin::Saml::Response.new(response_document_2)
         assert_equal "wibble", response.issuer
       end
     end
-    
+
     context "#success" do
       should "find a status code that says success" do
         response = Onelogin::Saml::Response.new(response_document)

test/xml_security_test.rb

@@ -11,31 +11,31 @@ class XmlSecurityTest < Test::Unit::TestCase
     end
 
     should "should run validate without throwing NS related exceptions" do
-      assert !@document.validate_doc(@base64cert, true)
+      assert !@document.validate_signature(@base64cert, true)
     end
 
     should "should run validate with throwing NS related exceptions" do
       assert_raise(Onelogin::Saml::ValidationError) do
-        @document.validate_doc(@base64cert, false)
+        @document.validate_signature(@base64cert, false)
       end
     end
-    
+
     should "not raise an error when softly validating the document multiple times" do
       assert_nothing_raised do
-        2.times { @document.validate_doc(@base64cert, true) }
+        2.times { @document.validate_signature(@base64cert, true) }
       end
     end
 
     should "should raise Fingerprint mismatch" do
       exception = assert_raise(Onelogin::Saml::ValidationError) do
-        @document.validate("no:fi:ng:er:pr:in:t", false)
+        @document.validate_document("no:fi:ng:er:pr:in:t", false)
       end
       assert_equal("Fingerprint mismatch", exception.message)
     end
 
     should "should raise Digest mismatch" do
       exception = assert_raise(Onelogin::Saml::ValidationError) do
-        @document.validate_doc(@base64cert, false)
+        @document.validate_signature(@base64cert, false)
       end
       assert_equal("Digest mismatch", exception.message)
     end
@@ -47,7 +47,7 @@ class XmlSecurityTest < Test::Unit::TestCase
       document = XMLSecurity::SignedDocument.new(response)
       base64cert = document.elements["//ds:X509Certificate"].text
       exception = assert_raise(Onelogin::Saml::ValidationError) do
-        document.validate_doc(base64cert, false)
+        document.validate_signature(base64cert, false)
       end
       assert_equal("Key validation error", exception.message)
     end
@@ -57,7 +57,7 @@ class XmlSecurityTest < Test::Unit::TestCase
       response.sub!(/<ds:X509Certificate>.*<\/ds:X509Certificate>/, "")
       document = XMLSecurity::SignedDocument.new(response)
       exception = assert_raise(Onelogin::Saml::ValidationError) do
-        document.validate("a fingerprint", false) # The fingerprint isn't relevant to this test
+        document.validate_document("a fingerprint", false) # The fingerprint isn't relevant to this test
       end
       assert_equal("Certificate element missing in response (ds:X509Certificate)", exception.message)
     end
@@ -66,41 +66,41 @@ class XmlSecurityTest < Test::Unit::TestCase
   context "Algorithms" do
     should "validate using SHA1" do
       @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
-      assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
+      assert @document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
     end
 
     should "validate using SHA256" do
       @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
-      assert @document.validate("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")
+      assert @document.validate_document("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")
     end
 
     should "validate using SHA384" do
       @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
-      assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
+      assert @document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
     end
 
     should "validate using SHA512" do
       @document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
-      assert @document.validate("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
+      assert @document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
     end
   end
-  
+
   context "XmlSecurity::SignedDocument" do
-    
+
     context "#extract_inclusive_namespaces" do
       should "support explicit namespace resolution for exclusive canonicalization" do
         response = fixture(:open_saml_response, false)
         document = XMLSecurity::SignedDocument.new(response)
         inclusive_namespaces = document.send(:extract_inclusive_namespaces)
-        
+
         assert_equal %w[ xs ], inclusive_namespaces
       end
-      
+
       should "support implicit namespace resolution for exclusive canonicalization" do
         response = fixture(:no_signature_ns, false)
         document = XMLSecurity::SignedDocument.new(response)
         inclusive_namespaces = document.send(:extract_inclusive_namespaces)
-        
+
         assert_equal %w[ #default saml ds xs xsi ], inclusive_namespaces
       end
 
@@ -120,10 +120,10 @@ class XmlSecurityTest < Test::Unit::TestCase
       should "return an empty list when inclusive namespace element is missing" do
         response = fixture(:no_signature_ns, false)
         response.slice! %r{<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default saml ds xs xsi"/>}
-        
+
         document = XMLSecurity::SignedDocument.new(response)
         inclusive_namespaces = document.send(:extract_inclusive_namespaces)
-        
+
         assert inclusive_namespaces.empty?
       end
     end
@@ -156,5 +156,5 @@ class XmlSecurityTest < Test::Unit::TestCase
     end
 
   end
-  
+
 end