test/response_test.rb in ruby-saml-1.4.1 vs test/response_test.rb in ruby-saml-1.4.2

- old
+ new

@@ -22,10 +22,11 @@ let(:response_no_version) { OneLogin::RubySaml::Response.new(read_invalid_response("no_saml2.xml.base64")) } let(:response_multi_assertion) { OneLogin::RubySaml::Response.new(read_invalid_response("multiple_assertions.xml.base64")) } let(:response_no_conditions) { OneLogin::RubySaml::Response.new(read_invalid_response("no_conditions.xml.base64")) } let(:response_no_authnstatement) { OneLogin::RubySaml::Response.new(read_invalid_response("no_authnstatement.xml.base64")) } let(:response_empty_destination) { OneLogin::RubySaml::Response.new(read_invalid_response("empty_destination.xml.base64")) } + let(:response_empty_destination_with_skip) { OneLogin::RubySaml::Response.new(read_invalid_response("empty_destination.xml.base64"), {:skip_destination => true}) } let(:response_no_status) { OneLogin::RubySaml::Response.new(read_invalid_response("no_status.xml.base64")) } let(:response_no_statuscode) { OneLogin::RubySaml::Response.new(read_invalid_response("no_status_code.xml.base64")) } let(:response_statuscode_responder) { OneLogin::RubySaml::Response.new(read_invalid_response("status_code_responder.xml.base64")) } let(:response_statuscode_responder_and_msg) { OneLogin::RubySaml::Response.new(read_invalid_response("status_code_responer_and_msg.xml.base64")) } let(:response_encrypted_attrs) { OneLogin::RubySaml::Response.new(response_document_encrypted_attrs) } @@ -433,10 +434,44 @@ it "return false when the destination of the SAML Response is empty" do response_empty_destination.settings = settings assert !response_empty_destination.send(:validate_destination) assert_includes response_empty_destination.errors, "The response has an empty Destination value" end + + it "return true when the destination of the SAML Response is empty but skip_destination option is used" do + response_empty_destination_with_skip.settings = settings + assert response_empty_destination_with_skip.send(:validate_destination) + assert_empty response_empty_destination.errors + end + + it "returns true on a case insensitive match on the domain" do + response_valid_signed_without_x509certificate.settings = settings + response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'http://APP.muDa.no/sso/consume' + assert response_valid_signed_without_x509certificate.send(:validate_destination) + assert_empty response_valid_signed_without_x509certificate.errors + end + + it "returns true on a case insensitive match on the scheme" do + response_valid_signed_without_x509certificate.settings = settings + response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'HTTP://app.muda.no/sso/consume' + assert response_valid_signed_without_x509certificate.send(:validate_destination) + assert_empty response_valid_signed_without_x509certificate.errors + end + + it "returns false on a case insenstive match on the path" do + response_valid_signed_without_x509certificate.settings = settings + response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'http://app.muda.no/SSO/consume' + assert !response_valid_signed_without_x509certificate.send(:validate_destination) + assert_includes response_valid_signed_without_x509certificate.errors, "The response was received at #{response_valid_signed_without_x509certificate.destination} instead of #{response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url}" + end + + it "returns true if it can't parse out a full URI." do + response_valid_signed_without_x509certificate.settings = settings + response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'presenter' + assert !response_valid_signed_without_x509certificate.send(:validate_destination) + assert_includes response_valid_signed_without_x509certificate.errors, "The response was received at #{response_valid_signed_without_x509certificate.destination} instead of #{response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url}" + end end describe "#validate_issuer" do it "return true when the issuer of the Message/Assertion matches the IdP entityId" do response_valid_signed.settings = settings @@ -1033,17 +1068,17 @@ assert_equal ["", "valuePresent", nil, nil], response_multiple_attr_values.attributes[:attribute_with_nils_and_empty_strings] OneLogin::RubySaml::Attributes.single_value_compatibility = true end it "check what happens when trying retrieve attribute that does not exists" do - assert_equal nil, response_multiple_attr_values.attributes[:attribute_not_exists] - assert_equal nil, response_multiple_attr_values.attributes.single(:attribute_not_exists) - assert_equal nil, response_multiple_attr_values.attributes.multi(:attribute_not_exists) + assert_nil response_multiple_attr_values.attributes[:attribute_not_exists] + assert_nil response_multiple_attr_values.attributes.single(:attribute_not_exists) + assert_nil response_multiple_attr_values.attributes.multi(:attribute_not_exists) OneLogin::RubySaml::Attributes.single_value_compatibility = false - assert_equal nil, response_multiple_attr_values.attributes[:attribute_not_exists] - assert_equal nil, response_multiple_attr_values.attributes.single(:attribute_not_exists) - assert_equal nil, response_multiple_attr_values.attributes.multi(:attribute_not_exists) + assert_nil response_multiple_attr_values.attributes[:attribute_not_exists] + assert_nil response_multiple_attr_values.attributes.single(:attribute_not_exists) + assert_nil response_multiple_attr_values.attributes.multi(:attribute_not_exists) OneLogin::RubySaml::Attributes.single_value_compatibility = true end end end