Class: Saml::Bindings::HTTPRedirect

Inherits:
Object
  • Object
show all
Includes:
Notification
Defined in:
lib/saml/bindings/http_redirect.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Notification

#notify

Constructor Details

#initialize(request_or_response, options = {}) ⇒ HTTPRedirect

Returns a new instance of HTTPRedirect.



52
53
54
55
56
57
58
 
# File 'lib/saml/bindings/http_redirect.rb', line 52

def initialize(request_or_response, options = {})
  @request_or_response = request_or_response
  @signature_algorithm = options[:signature_algorithm]
  @relay_state         = options[:relay_state]
  @signature           = options[:signature]
  @exclude_signature   = options[:exclude_signature]
end

Instance Attribute Details

#exclude_signatureObject

Returns the value of attribute exclude_signature.



50
51
52
 
# File 'lib/saml/bindings/http_redirect.rb', line 50

def exclude_signature
  @exclude_signature
end

#relay_stateObject

Returns the value of attribute relay_state.



50
51
52
 
# File 'lib/saml/bindings/http_redirect.rb', line 50

def relay_state
  @relay_state
end

#request_or_responseObject

Returns the value of attribute request_or_response.



50
51
52
 
# File 'lib/saml/bindings/http_redirect.rb', line 50

def request_or_response
  @request_or_response
end

#signatureObject

Returns the value of attribute signature.



50
51
52
 
# File 'lib/saml/bindings/http_redirect.rb', line 50

def signature
  @signature
end

#signature_algorithmObject

Returns the value of attribute signature_algorithm.



50
51
52
 
# File 'lib/saml/bindings/http_redirect.rb', line 50

def signature_algorithm
  @signature_algorithm
end

Class Method Details

.create_url(request_or_response, options = {}) ⇒ Object 



7
8
9
10
 
# File 'lib/saml/bindings/http_redirect.rb', line 7

def create_url(request_or_response, options = {})
  options[:signature_algorithm] ||= 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' unless options[:exclude_signature]
  new(request_or_response, options).create_url
end

.receive_message(http_request, options = {}) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/saml/bindings/http_redirect.rb', line 12

def receive_message(http_request, options = {})
  options[:signature]           = Saml::Encoding.decode_64(http_request.params["Signature"] || "")
  options[:signature_algorithm] = http_request.params["SigAlg"]
  options[:relay_state]         = http_request.params["RelayState"]

  receive_xml = http_request.params["SAMLRequest"] || http_request.params["SAMLResponse"]
  if receive_xml.nil?
    raise Saml::Errors::InvalidParams, 'require params `SAMLRequest` or `SAMLResponse`'
  end
  
  request_or_response = parse_request_or_response(options.delete(:type), http_request.params)

  redirect_binding = new(request_or_response, options)
  query_string     = URI.parse(http_request.url).query

  if http_request.params["Signature"].present?
    redirect_binding.verify_signature(query_string)
  else
    raise Saml::Errors::SignatureMissing.new('Signature missing, but provider requires a signature') if request_or_response.provider.authn_requests_signed?
  end

  request_or_response.actual_destination = http_request.url
  request_or_response
end

Instance Method Details

#create_urlObject 



66
67
68
69
70
71
 
# File 'lib/saml/bindings/http_redirect.rb', line 66

def create_url
  url = request_or_response.destination
  delimiter = url.include?('?') ? '&' : '?'

  [url, exclude_signature ? unsigned_params : signed_params].join(delimiter)
end

#verify_signature(query) ⇒ Object 



60
61
62
63
64
 
# File 'lib/saml/bindings/http_redirect.rb', line 60

def verify_signature(query)
  unless request_or_response.provider.verify(signature_algorithm, signature, parse_signature_params(query))
    raise Saml::Errors::SignatureInvalid.new
  end
end