forked from SAML-Toolkits/ruby-saml
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogoutrequest_test.rb
111 lines (84 loc) · 3.99 KB
/
logoutrequest_test.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
class RequestTest < Test::Unit::TestCase
context "Logoutrequest" do
settings = OneLogin::RubySaml::Settings.new
should "create the deflated SAMLRequest URL parameter" do
settings.idp_slo_target_url = "http://unauth.com/logout"
settings.name_identifier_value = "f00f00"
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings)
assert unauth_url =~ /^http:\/\/unauth\.com\/logout\?SAMLRequest=/
inflated = decode_saml_request_payload(unauth_url)
assert_match /^<samlp:LogoutRequest/, inflated
end
should "support additional params" do
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :hello => nil })
assert unauth_url =~ /&hello=$/
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :foo => "bar" })
assert unauth_url =~ /&foo=bar$/
end
should "set sessionindex" do
settings.idp_slo_target_url = "http://example.com"
sessionidx = UUID.new.generate
settings.sessionindex = sessionidx
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :name_id => "there" })
inflated = decode_saml_request_payload(unauth_url)
assert_match /<samlp:SessionIndex/, inflated
assert_match %r(#{sessionidx}</samlp:SessionIndex>), inflated
end
should "set name_identifier_value" do
settings = OneLogin::RubySaml::Settings.new
settings.idp_slo_target_url = "http://example.com"
settings.name_identifier_format = "transient"
name_identifier_value = "abc123"
settings.name_identifier_value = name_identifier_value
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :name_id => "there" })
inflated = decode_saml_request_payload(unauth_url)
assert_match /<saml:NameID/, inflated
assert_match %r(#{name_identifier_value}</saml:NameID>), inflated
end
should "require name_identifier_value" do
settings = OneLogin::RubySaml::Settings.new
settings.idp_slo_target_url = "http://example.com"
settings.name_identifier_format = nil
assert_raises(OneLogin::RubySaml::ValidationError) { OneLogin::RubySaml::Logoutrequest.new.create(settings) }
end
context "when the target url doesn't contain a query string" do
should "create the SAMLRequest parameter correctly" do
settings = OneLogin::RubySaml::Settings.new
settings.idp_slo_target_url = "http://example.com"
settings.name_identifier_value = "f00f00"
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings)
assert unauth_url =~ /^http:\/\/example.com\?SAMLRequest/
end
end
context "when the target url contains a query string" do
should "create the SAMLRequest parameter correctly" do
settings = OneLogin::RubySaml::Settings.new
settings.idp_slo_target_url = "http://example.com?field=value"
settings.name_identifier_value = "f00f00"
unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings)
assert unauth_url =~ /^http:\/\/example.com\?field=value&SAMLRequest/
end
end
context "consumation of logout may need to track the transaction" do
should "have access to the request uuid" do
settings = OneLogin::RubySaml::Settings.new
settings.idp_slo_target_url = "http://example.com?field=value"
settings.name_identifier_value = "f00f00"
unauth_req = OneLogin::RubySaml::Logoutrequest.new
unauth_url = unauth_req.create(settings)
inflated = decode_saml_request_payload(unauth_url)
assert_match %r[ID='#{unauth_req.uuid}'], inflated
end
end
end
def decode_saml_request_payload(unauth_url)
payload = CGI.unescape(unauth_url.split("SAMLRequest=").last)
decoded = Base64.decode64(payload)
zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
inflated = zstream.inflate(decoded)
zstream.finish
zstream.close
inflated
end
end