Merge pull request #164 from digidentity/housekeeping

Housekeeping

.travis.yml

@@ -2,5 +2,6 @@ language: ruby
 rvm:
   - 2.2.2
   - 2.3.1
-  - jruby-9.1.5.0
+  - 2.5.3
+  - 2.6.3
 sudo: false

CHANGELOG.md

@@ -1,3 +1,17 @@
+### 3.4.0
+* Stop using old ruby Hash Rocket syntax
+* Use FactoryBot gem instead of FactoryGirl
+* Remove Nokogiri gem version limitations
+* Only allow 'expect' RSpec syntax
+* Travis CI: remove JRuby 9.1.5.0 and add Ruby 2.5.3 and 2.6.3
+
+### 3.3.0
+* Added support to verify all signatures in a SAML message by using the corresponding KeyName
+* instead of the KeyName of the first signature it finds in a SAML message.
+
+### 3.2.3
+* Allow non-signed AuthnRequest for O365 ECP use-case, thanks @nov
+
 ### 3.2.2
 * Add support for `NameIDPolicy` in `AuthnRequest`, thanks @pzgz
 

Gemfile

@@ -11,7 +11,7 @@ gem 'jquery-rails', '>= 3.0.0'
 group :test, :development do
   gem 'rspec-rails', '~> 3.1'
   gem 'simplecov'
-  gem 'factory_girl_rails'
+  gem 'factory_bot_rails'
   gem 'rspec-collection_matchers', '~> 1.0'
 end
 

Guardfile

@@ -1,7 +1,7 @@
 # A sample Guardfile
 # More info at https://github.com/guard/guard#readme
 
-guard 'rspec', :cmd => 'bundle exec rspec' do
+guard 'rspec', cmd: 'bundle exec rspec' do
   watch('spec/factories.rb') { "spec" }
   watch(%r{^spec/fixtures/(.+)\.xml})     { |m| "spec/lib/saml/#{m[1]}_spec.rb" }
   watch(%r{^spec/.+_spec\.rb$})

README.md

@@ -100,7 +100,7 @@ class SamlController < ApplicationController
     provider = Saml.provider("my:very:original:entityid")
     destination = provider.single_sign_on_service_url(Saml::ProtocolBinding::HTTP_POST)
 
-    authn_request = Saml::AuthnRequest.new(:destination => destination)
+    authn_request = Saml::AuthnRequest.new(destination: destination)
 
     session[:authn_request_id] = authn_request._id
 

Rakefile

@@ -29,4 +29,4 @@ RSpec::Core::RakeTask.new(:core) do |spec|
   spec.rspec_opts = ['--backtrace']
 end
 
-task :default => [:core]
+task default: [:core]

lib/saml/artifact_resolve.rb

@@ -5,7 +5,7 @@ class ArtifactResolve
     tag "ArtifactResolve"
     has_one :artifact, Saml::Artifact
 
-    validates :artifact, :presence => true
+    validates :artifact, presence: true
 
     def initialize(*args)
       options   = args.extract_options!

lib/saml/assertion.rb

@@ -11,11 +11,11 @@ class Assertion
     tag 'Assertion'
     namespace 'saml'
 
-    attribute :_id, String, :tag => 'ID'
-    attribute :version, String, :tag => 'Version'
-    attribute :issue_instant, Time, :tag => 'IssueInstant', :on_save => lambda { |val| val.utc.xmlschema }
+    attribute :_id, String, tag: 'ID'
+    attribute :version, String, tag: 'Version'
+    attribute :issue_instant, Time, tag: 'IssueInstant', on_save: lambda { |val| val.utc.xmlschema }
 
-    element :issuer, String, :namespace => 'saml', :tag => 'Issuer'
+    element :issuer, String, namespace: 'saml', tag: 'Issuer'
 
     has_one   :signature, Saml::Elements::Signature, xpath: './'
     has_one   :subject, Saml::Elements::Subject, xpath: './'
@@ -25,28 +25,28 @@ class Assertion
     has_many  :authn_statement, Saml::Elements::AuthnStatement, xpath: './'
     has_many  :attribute_statements, Saml::Elements::AttributeStatement, xpath: './'
 
-    validates :_id, :version, :issue_instant, :issuer, :presence => true
+    validates :_id, :version, :issue_instant, :issuer, presence: true
 
     validates :version, inclusion: %w(2.0)
-    validate :check_issue_instant, :if => lambda { |val| val.issue_instant.present? }
+    validate :check_issue_instant, if: lambda { |val| val.issue_instant.present? }
 
     def initialize(*args)
       options          = args.extract_options!
       if options[:subject].present?
         @subject = options.delete(:subject)
       else
-        @subject         = Saml::Elements::Subject.new(:name_id        => options.delete(:name_id),
-                                                       :name_id_format => options.delete(:name_id_format),
-                                                       :recipient      => options.delete(:recipient),
-                                                       :in_response_to => options.delete(:in_response_to))
+        @subject         = Saml::Elements::Subject.new(name_id: options.delete(:name_id),
+                                                       name_id_format: options.delete(:name_id_format),
+                                                       recipient: options.delete(:recipient),
+                                                       in_response_to: options.delete(:in_response_to))
       end
 
-      @conditions      = Saml::Elements::Conditions.new(:audience => options.delete(:audience))
+      @conditions      = Saml::Elements::Conditions.new(audience: options.delete(:audience))
       authn_instant    = options.delete(:authn_instant) || Time.now
-      @authn_statement = Saml::Elements::AuthnStatement.new(:authn_instant           => authn_instant,
-                                                            :address                 => options.delete(:address),
-                                                            :authn_context_class_ref => options.delete(:authn_context_class_ref),
-                                                            :session_index           => options.delete(:session_index))
+      @authn_statement = Saml::Elements::AuthnStatement.new(authn_instant: authn_instant,
+                                                            address: options.delete(:address),
+                                                            authn_context_class_ref: options.delete(:authn_context_class_ref),
+                                                            session_index: options.delete(:session_index))
       super(*(args << options))
       @_id           ||= Saml.generate_id
       @issue_instant ||= Time.now

lib/saml/authn_request.rb

@@ -5,20 +5,20 @@ class AuthnRequest
     attr_accessor :xml_value
 
     tag 'AuthnRequest'
-    attribute :force_authn, Boolean, :tag => "ForceAuthn"
-    attribute :is_passive, Boolean, :tag => "IsPassive"
-    attribute :assertion_consumer_service_index, Integer, :tag => "AssertionConsumerServiceIndex"
-    attribute :assertion_consumer_service_url, String, :tag => "AssertionConsumerServiceURL"
-    attribute :attribute_consuming_service_index, Integer, :tag => "AttributeConsumingServiceIndex"
-    attribute :protocol_binding, String, :tag => "ProtocolBinding"
-    attribute :provider_name, String, :tag => "ProviderName"
+    attribute :force_authn, Boolean, tag: "ForceAuthn"
+    attribute :is_passive, Boolean, tag: "IsPassive"
+    attribute :assertion_consumer_service_index, Integer, tag: "AssertionConsumerServiceIndex"
+    attribute :assertion_consumer_service_url, String, tag: "AssertionConsumerServiceURL"
+    attribute :attribute_consuming_service_index, Integer, tag: "AttributeConsumingServiceIndex"
+    attribute :protocol_binding, String, tag: "ProtocolBinding"
+    attribute :provider_name, String, tag: "ProviderName"
 
     has_one :requested_authn_context, Saml::Elements::RequestedAuthnContext
     has_one :scoping, Saml::Elements::Scoping
     has_one :name_id_policy, Saml::Elements::NameIdPolicy
 
-    validates :force_authn, :inclusion => [true, false, nil]
-    validates :assertion_consumer_service_index, :numericality => true, :if => lambda { |val|
+    validates :force_authn, inclusion: [true, false, nil]
+    validates :assertion_consumer_service_index, numericality: true, if: lambda { |val|
       val.assertion_consumer_service_index.present?
     }
 

lib/saml/complex_types/attribute_type.rb

@@ -8,7 +8,7 @@ module AttributeType
         register_namespace "saml", Saml::SAML_NAMESPACE
         register_namespace 'ext',  Saml::ATTR_EXT_NAMESPACE
 
-        attribute :name, String, :tag => 'Name'
+        attribute :name, String, tag: 'Name'
         attribute :format, String, tag: 'NameFormat'
         attribute :friendly_name, String, tag: 'FriendlyName'
 
@@ -17,7 +17,7 @@ module AttributeType
 
         has_many :attribute_values, Saml::Elements::AttributeValue
 
-        validates :name, :presence => true
+        validates :name, presence: true
       end
 
       def initialize(*args)

lib/saml/complex_types/endpoint_type.rb

@@ -7,11 +7,11 @@ module EndpointType
       included do
         namespace 'md'
 
-        attribute :binding, String, :tag => "Binding"
-        attribute :location, String, :tag => "Location"
-        attribute :response_location, String, :tag => "ResponseLocation"
+        attribute :binding, String, tag: "Binding"
+        attribute :location, String, tag: "Location"
+        attribute :response_location, String, tag: "ResponseLocation"
 
-        validates :binding, :location, :presence => true
+        validates :binding, :location, presence: true
       end
     end
   end

lib/saml/complex_types/indexed_endpoint_type.rb

@@ -5,10 +5,10 @@ module IndexedEndpointType
       include EndpointType
 
       included do
-        attribute :index, Integer, :tag => "index"
-        attribute :is_default, XmlMapper::Boolean, :tag => "isDefault"
+        attribute :index, Integer, tag: "index"
+        attribute :is_default, XmlMapper::Boolean, tag: "isDefault"
 
-        validates :index, :presence => true
+        validates :index, presence: true
       end
     end
   end

lib/saml/complex_types/localized_name_type.rb

@@ -5,9 +5,9 @@ module LocalizedNameType
       include Saml::Base
 
       included do
-        attribute :language, String, :tag => 'xml:lang'
+        attribute :language, String, tag: 'xml:lang'
 
-        validates :language, :presence => true
+        validates :language, presence: true
       end
     end
   end

lib/saml/complex_types/role_descriptor_type.rb

@@ -9,15 +9,15 @@ module RoleDescriptorType
 
         PROTOCOL_SUPPORT_ENUMERATION = 'urn:oasis:names:tc:SAML:2.0:protocol' unless defined?(PROTOCOL_SUPPORT_ENUMERATION)
 
-        attribute :_id, String, :tag => 'ID'
-        attribute :valid_until, Time, :tag => 'validUntil'
-        attribute :cache_duration, String, :tag => 'cacheDuration'
-        attribute :protocol_support_enumeration, String, :tag => 'protocolSupportEnumeration'
-        attribute :error_url, String, :tag => 'errorURL'
+        attribute :_id, String, tag: 'ID'
+        attribute :valid_until, Time, tag: 'validUntil'
+        attribute :cache_duration, String, tag: 'cacheDuration'
+        attribute :protocol_support_enumeration, String, tag: 'protocolSupportEnumeration'
+        attribute :error_url, String, tag: 'errorURL'
 
         has_many :key_descriptors, Saml::Elements::KeyDescriptor
 
-        validates :protocol_support_enumeration, :presence => true, :inclusion => [PROTOCOL_SUPPORT_ENUMERATION]
+        validates :protocol_support_enumeration, presence: true, inclusion: [PROTOCOL_SUPPORT_ENUMERATION]
       end
 
       def initialize(*args)

lib/saml/complex_types/status_response_type.rb

@@ -8,10 +8,10 @@ module StatusResponseType
       include RequestAbstractType
 
       included do
-        attribute :in_response_to, String, :tag => 'InResponseTo'
+        attribute :in_response_to, String, tag: 'InResponseTo'
         has_one :status, Saml::Elements::Status
 
-        validates :in_response_to, :status, :presence => true
+        validates :in_response_to, :status, presence: true
       end
 
       def initialize(*args)

lib/saml/elements/attribute_authority_descriptor.rb

@@ -13,7 +13,7 @@ class AttributeService
       has_many :attribute_service, AttributeService
       has_many :name_id_format, Saml::Elements::NameIdFormat
 
-      validates :attribute_service, :presence => true
+      validates :attribute_service, presence: true
 
     end
   end

lib/saml/elements/attribute_consuming_service.rb

@@ -7,14 +7,14 @@ class AttributeConsumingService
       register_namespace "md", Saml::MD_NAMESPACE
       namespace "md"
 
-      attribute :index, Integer, :tag => "index"
-      attribute :is_default, XmlMapper::Boolean, :tag => "isDefault"
+      attribute :index, Integer, tag: "index"
+      attribute :is_default, XmlMapper::Boolean, tag: "isDefault"
 
       has_many :service_names, ServiceName
       has_many :service_descriptions, ServiceDescription
       has_many :requested_attributes, RequestedAttribute
 
-      validates :index, :service_names, :requested_attributes, :presence => true
+      validates :index, :service_names, :requested_attributes, presence: true
     end
   end
 end

lib/saml/elements/authn_context.rb

@@ -5,11 +5,11 @@ class AuthnContext
 
       tag "AuthnContext"
       namespace 'saml'
-      element :authn_context_class_ref, String, :tag => "AuthnContextClassRef"
+      element :authn_context_class_ref, String, tag: "AuthnContextClassRef"
 
       has_many :authenticating_authorities, ::Saml::Elements::AuthenticatingAuthority
 
-      validates :authn_context_class_ref, :inclusion => ClassRefs::ALL_CLASS_REFS + [nil]
+      validates :authn_context_class_ref, inclusion: ClassRefs::ALL_CLASS_REFS + [nil]
     end
   end
 end

lib/saml/elements/authn_statement.rb

@@ -6,18 +6,18 @@ class AuthnStatement
       tag "AuthnStatement"
       namespace 'saml'
 
-      attribute :authn_instant, Time, :tag => "AuthnInstant", :on_save => lambda { |val| val.utc.xmlschema }
-      attribute :session_index, String, :tag => "SessionIndex"
+      attribute :authn_instant, Time, tag: "AuthnInstant", on_save: lambda { |val| val.utc.xmlschema }
+      attribute :session_index, String, tag: "SessionIndex"
 
-      has_one :subject_locality, Saml::Elements::SubjectLocality, :tag => "SubjectLocality"
-      has_one :authn_context, Saml::Elements::AuthnContext, :tag => "AuthnContext"
+      has_one :subject_locality, Saml::Elements::SubjectLocality, tag: "SubjectLocality"
+      has_one :authn_context, Saml::Elements::AuthnContext, tag: "AuthnContext"
 
-      validates :authn_instant, :authn_context, :presence => true
+      validates :authn_instant, :authn_context, presence: true
 
       def initialize(*args)
         options = args.extract_options!
-        @subject_locality = Saml::Elements::SubjectLocality.new(:address => options.delete(:address)) if options[:address]
-        @authn_context = Saml::Elements::AuthnContext.new(:authn_context_class_ref => options.delete(:authn_context_class_ref)) if options[:authn_context_class_ref]
+        @subject_locality = Saml::Elements::SubjectLocality.new(address: options.delete(:address)) if options[:address]
+        @authn_context = Saml::Elements::AuthnContext.new(authn_context_class_ref: options.delete(:authn_context_class_ref)) if options[:authn_context_class_ref]
         super(*(args << options))
       end
     end

lib/saml/elements/conditions.rb

@@ -13,7 +13,7 @@ class Conditions
 
       def initialize(*args)
         options = args.extract_options!
-        @audience_restriction = Saml::Elements::AudienceRestriction.new(:audience => options.delete(:audience)) if options[:audience]
+        @audience_restriction = Saml::Elements::AudienceRestriction.new(audience: options.delete(:audience)) if options[:audience]
         self.not_before       = Time.now - Saml::Config.max_issue_instant_offset.minutes
         self.not_on_or_after  = Time.now + Saml::Config.max_issue_instant_offset.minutes
         super(*(args << options))

lib/saml/elements/contact_person.rb

@@ -16,18 +16,18 @@ module ContactTypes
         ALL = [TECHNICAL, SUPPORT, ADMINISTRATIVE, BILLING, OTHER]
       end
 
-      attribute :contact_type, String, :tag => "contactType"
+      attribute :contact_type, String, tag: "contactType"
 
-      element :company, String, :tag => "Company"
-      element :given_name, String, :tag => "GivenName"
-      element :sur_name, String, :tag => "SurName"
+      element :company, String, tag: "Company"
+      element :given_name, String, tag: "GivenName"
+      element :sur_name, String, tag: "SurName"
 
-      has_many :email_addresses, String, :tag => "EmailAddress"
-      has_many :telephone_numbers, String, :tag => "TelephoneNumber"
+      has_many :email_addresses, String, tag: "EmailAddress"
+      has_many :telephone_numbers, String, tag: "TelephoneNumber"
 
-      validates :contact_type, :inclusion => ContactTypes::ALL
+      validates :contact_type, inclusion: ContactTypes::ALL
 
-      validates :email_addresses, :telephone_numbers, :presence => true
+      validates :email_addresses, :telephone_numbers, presence: true
     end
   end
 end

lib/saml/elements/entities_descriptor.rb

@@ -9,18 +9,18 @@ class EntitiesDescriptor
       tag "EntitiesDescriptor"
       namespace "md"
 
-      attribute :_id, String, :tag => "ID"
-      attribute :name, String, :tag => "Name"
-      attribute :valid_until, Time, :tag => "validUntil"
-      attribute :cache_duration, String, :tag => "cacheDuration"
+      attribute :_id, String, tag: "ID"
+      attribute :name, String, tag: "Name"
+      attribute :valid_until, Time, tag: "validUntil"
+      attribute :cache_duration, String, tag: "cacheDuration"
 
       has_one :signature, Saml::Elements::Signature
 
       has_many :entities_descriptors, Saml::Elements::EntitiesDescriptor
       has_many :entity_descriptors, Saml::Elements::EntityDescriptor
 
-      validates :entities_descriptors, :length => { :minimum => 1 }, :if => lambda { |ed| ed.entity_descriptors.blank? }
-      validates :entity_descriptors, :length => { :minimum => 1 }, :if => lambda { |ed| ed.entities_descriptors.blank? }
+      validates :entities_descriptors, length: { minimum: 1 }, if: lambda { |ed| ed.entity_descriptors.blank? }
+      validates :entity_descriptors, length: { minimum: 1 }, if: lambda { |ed| ed.entities_descriptors.blank? }
 
     end
   end