Skip to content

Commit d9e7635

Browse files
alagosalagos
committed
Allowing a new option to force downcasing of CGI escaped characters
1 parent 292aacc commit d9e7635

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

lib/onelogin/ruby-saml/slo_logoutrequest.rb

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ class SloLogoutrequest < SamlMessage
2727
# @param options [Hash] :settings to provide the OneLogin::RubySaml::Settings object
2828
# Or :allowed_clock_drift for the logout request validation process to allow a clock drift when checking dates with
2929
# Or :relax_signature_validation to accept signatures if no idp certificate registered on settings
30+
# Or :force_escape_downcasing to accept signatures if no idp certificate registered on settings
3031
#
3132
# @raise [ArgumentError] If Request is nil
3233
#
@@ -263,13 +264,13 @@ def validate_signature
263264
# the exact same URI-encoding as the IDP. (This is not the case if the IDP is ADFS!)
264265
options[:raw_get_params] ||= {}
265266
if options[:raw_get_params]['SAMLRequest'].nil? && !options[:get_params]['SAMLRequest'].nil?
266-
options[:raw_get_params]['SAMLRequest'] = CGI.escape(options[:get_params]['SAMLRequest'])
267+
options[:raw_get_params]['SAMLRequest'] = escape_request_param(options[:get_params]['SAMLRequest'])
267268
end
268269
if options[:raw_get_params]['RelayState'].nil? && !options[:get_params]['RelayState'].nil?
269-
options[:raw_get_params]['RelayState'] = CGI.escape(options[:get_params]['RelayState'])
270+
options[:raw_get_params]['RelayState'] = escape_request_param(options[:get_params]['RelayState'])
270271
end
271272
if options[:raw_get_params]['SigAlg'].nil? && !options[:get_params]['SigAlg'].nil?
272-
options[:raw_get_params]['SigAlg'] = CGI.escape(options[:get_params]['SigAlg'])
273+
options[:raw_get_params]['SigAlg'] = escape_request_param(options[:get_params]['SigAlg'])
273274
end
274275

275276
# If we only received the raw version of SigAlg,
@@ -336,6 +337,13 @@ def validate_signature
336337
true
337338
end
338339

340+
def escape_request_param(param)
341+
CGI.escape(param).tap do |escaped|
342+
next unless options[:force_escape_downcasing]
343+
344+
escaped.gsub!(/%[A-Fa-f0-9]{2}/) { |match| match.downcase }
345+
end
346+
end
339347
end
340348
end
341349
end

0 commit comments

Comments
 (0)