Merge pull request #137 from biola/logout_request_xml_fix

Add missing namespaces in LogoutRequest XML
2012-12-06 06:35:07 -08:00 · 2012-12-06 06:35:07 -08:00 · d35b17fcb8
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -40,6 +40,7 @@ GEM
      xpath (~> 0.1.4)
    childprocess (0.3.6)
      ffi (~> 1.0, >= 1.0.6)
+    crack (0.3.1)
    crypt-isaac (0.9.1)
    diff-lcs (1.1.3)
    ffi (1.1.5)
@ -64,7 +65,8 @@ GEM
    rack-test (0.6.2)
      rack (>= 1.0)
    rake (0.8.7)
-    rb-fsevent (0.9.2)
+    rb-inotify (0.8.8)
+      ffi (>= 0.5.0)
    rspec (2.11.0)
      rspec-core (~> 2.11.0)
      rspec-expectations (~> 2.11.0)
@ -90,6 +92,9 @@ GEM
    thor (0.16.0)
    tilt (1.3.3)
    tzinfo (0.3.33)
+    webmock (1.9.0)
+      addressable (>= 2.2.7)
+      crack (>= 0.1.7)
    xpath (0.1.4)
      nokogiri (~> 1.3)

@ -103,10 +108,12 @@ DEPENDENCIES
  guard (~> 1.4.0)
  guard-rspec (= 2.0.0)
  net-ldap (~> 0.1.1)
+  nokogiri (~> 1.3)
  rack-test
  rake (= 0.8.7)
-  rb-fsevent (~> 0.9.2)
+  rb-inotify (~> 0.8.8)
  rspec
  rspec-core
  rubycas-server!
  sqlite3 (~> 1.3.1)
+  webmock (~> 1.8)
--- a/lib/casserver/cas.rb
+++ b/lib/casserver/cas.rb
@ -247,7 +247,7 @@ module CASServer::CAS
    rand = String.random
    path = uri.path
    req = Net::HTTP::Post.new(path)
-    req.set_form_data('logoutRequest' => %{<samlp:LogoutRequest ID="#{rand}" Version="2.0" IssueInstant="#{time.rfc2822}">
+    req.set_form_data('logoutRequest' => %{<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="#{rand}" Version="2.0" IssueInstant="#{time.rfc2822}">
 <saml:NameID></saml:NameID>
 <samlp:SessionIndex>#{st.ticket}</samlp:SessionIndex>
 </samlp:LogoutRequest>})
--- a/rubycas-server.gemspec
+++ b/rubycas-server.gemspec
@ -44,6 +44,8 @@ For more information on RubyCAS-Server, see http://code.google.com/p/rubycas-ser
  s.add_development_dependency("appraisal", "~> 0.4.1")
  s.add_development_dependency("guard", "~> 1.4.0")
  s.add_development_dependency("guard-rspec", "2.0.0")
+  s.add_development_dependency("webmock", "~> 1.8")
+  s.add_development_dependency("nokogiri", "~> 1.3")

  # pull in os specific FS monitoring lib for guard
  case RUBY_PLATFORM
--- a/spec/casserver/cas_spec.rb
+++ b/spec/casserver/cas_spec.rb
@ -2,6 +2,8 @@ require 'spec_helper'

 module CASServer; end
 require 'casserver/cas'
+require 'nokogiri'
+require 'cgi'

 describe CASServer::CAS do
  before do
@ -127,4 +129,20 @@ describe CASServer::CAS do
      @pt.ticket.should match /^PT-/
    end
  end
+
+  describe "#send_logout_notification_for_service_ticket(st)" do
+    it "should send valid single sign out XML to the service URL" do
+      service_stub = stub_request(:post, 'http://example.com')
+      st = CASServer::Model::ServiceTicket.new(
+        :ticket => 'ST-0123456789ABCDEFGHIJKLMNOPQRS',
+        :service => 'http://example.com'
+      )
+      @host.send_logout_notification_for_service_ticket(st)
+
+      a_request(:post, 'example.com').with{ |req|
+        xml = CGI.parse(req.body)['logoutRequest'].first
+        Nokogiri::XML(xml).at_xpath('//samlp:SessionIndex').text.strip == st.ticket
+      }.should have_been_made
+    end
+  end
 end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -5,6 +5,7 @@ require 'rspec'
 #require 'spec/interop/test'
 require 'logger'
 require 'ostruct'
+require 'webmock/rspec'

 require 'capybara'
 require 'capybara/dsl'