test/response_test.rb in ruby-saml-1.4.1 vs test/response_test.rb in ruby-saml-1.4.2
- old
+ new
@@ -22,10 +22,11 @@
let(:response_no_version) { OneLogin::RubySaml::Response.new(read_invalid_response("no_saml2.xml.base64")) }
let(:response_multi_assertion) { OneLogin::RubySaml::Response.new(read_invalid_response("multiple_assertions.xml.base64")) }
let(:response_no_conditions) { OneLogin::RubySaml::Response.new(read_invalid_response("no_conditions.xml.base64")) }
let(:response_no_authnstatement) { OneLogin::RubySaml::Response.new(read_invalid_response("no_authnstatement.xml.base64")) }
let(:response_empty_destination) { OneLogin::RubySaml::Response.new(read_invalid_response("empty_destination.xml.base64")) }
+ let(:response_empty_destination_with_skip) { OneLogin::RubySaml::Response.new(read_invalid_response("empty_destination.xml.base64"), {:skip_destination => true}) }
let(:response_no_status) { OneLogin::RubySaml::Response.new(read_invalid_response("no_status.xml.base64")) }
let(:response_no_statuscode) { OneLogin::RubySaml::Response.new(read_invalid_response("no_status_code.xml.base64")) }
let(:response_statuscode_responder) { OneLogin::RubySaml::Response.new(read_invalid_response("status_code_responder.xml.base64")) }
let(:response_statuscode_responder_and_msg) { OneLogin::RubySaml::Response.new(read_invalid_response("status_code_responer_and_msg.xml.base64")) }
let(:response_encrypted_attrs) { OneLogin::RubySaml::Response.new(response_document_encrypted_attrs) }
@@ -433,10 +434,44 @@
it "return false when the destination of the SAML Response is empty" do
response_empty_destination.settings = settings
assert !response_empty_destination.send(:validate_destination)
assert_includes response_empty_destination.errors, "The response has an empty Destination value"
end
+
+ it "return true when the destination of the SAML Response is empty but skip_destination option is used" do
+ response_empty_destination_with_skip.settings = settings
+ assert response_empty_destination_with_skip.send(:validate_destination)
+ assert_empty response_empty_destination.errors
+ end
+
+ it "returns true on a case insensitive match on the domain" do
+ response_valid_signed_without_x509certificate.settings = settings
+ response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'http://APP.muDa.no/sso/consume'
+ assert response_valid_signed_without_x509certificate.send(:validate_destination)
+ assert_empty response_valid_signed_without_x509certificate.errors
+ end
+
+ it "returns true on a case insensitive match on the scheme" do
+ response_valid_signed_without_x509certificate.settings = settings
+ response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'HTTP://app.muda.no/sso/consume'
+ assert response_valid_signed_without_x509certificate.send(:validate_destination)
+ assert_empty response_valid_signed_without_x509certificate.errors
+ end
+
+ it "returns false on a case insenstive match on the path" do
+ response_valid_signed_without_x509certificate.settings = settings
+ response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'http://app.muda.no/SSO/consume'
+ assert !response_valid_signed_without_x509certificate.send(:validate_destination)
+ assert_includes response_valid_signed_without_x509certificate.errors, "The response was received at #{response_valid_signed_without_x509certificate.destination} instead of #{response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url}"
+ end
+
+ it "returns true if it can't parse out a full URI." do
+ response_valid_signed_without_x509certificate.settings = settings
+ response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'presenter'
+ assert !response_valid_signed_without_x509certificate.send(:validate_destination)
+ assert_includes response_valid_signed_without_x509certificate.errors, "The response was received at #{response_valid_signed_without_x509certificate.destination} instead of #{response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url}"
+ end
end
describe "#validate_issuer" do
it "return true when the issuer of the Message/Assertion matches the IdP entityId" do
response_valid_signed.settings = settings
@@ -1033,17 +1068,17 @@
assert_equal ["", "valuePresent", nil, nil], response_multiple_attr_values.attributes[:attribute_with_nils_and_empty_strings]
OneLogin::RubySaml::Attributes.single_value_compatibility = true
end
it "check what happens when trying retrieve attribute that does not exists" do
- assert_equal nil, response_multiple_attr_values.attributes[:attribute_not_exists]
- assert_equal nil, response_multiple_attr_values.attributes.single(:attribute_not_exists)
- assert_equal nil, response_multiple_attr_values.attributes.multi(:attribute_not_exists)
+ assert_nil response_multiple_attr_values.attributes[:attribute_not_exists]
+ assert_nil response_multiple_attr_values.attributes.single(:attribute_not_exists)
+ assert_nil response_multiple_attr_values.attributes.multi(:attribute_not_exists)
OneLogin::RubySaml::Attributes.single_value_compatibility = false
- assert_equal nil, response_multiple_attr_values.attributes[:attribute_not_exists]
- assert_equal nil, response_multiple_attr_values.attributes.single(:attribute_not_exists)
- assert_equal nil, response_multiple_attr_values.attributes.multi(:attribute_not_exists)
+ assert_nil response_multiple_attr_values.attributes[:attribute_not_exists]
+ assert_nil response_multiple_attr_values.attributes.single(:attribute_not_exists)
+ assert_nil response_multiple_attr_values.attributes.multi(:attribute_not_exists)
OneLogin::RubySaml::Attributes.single_value_compatibility = true
end
end
end