Skip to content

Commit 0651e65

Browse files
pitbulkpitbulk
committed
Be able to skip destination validation
1 parent 25a44ea commit 0651e65

2 files changed

Lines changed: 10 additions & 1 deletion

File tree

lib/onelogin/ruby-saml/response.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -586,12 +586,14 @@ def validate_audience
586586
true
587587
end
588588

589-
# Validates the Destination, (If the SAML Response is received where expected)
589+
# Validates the Destination, (If the SAML Response is received where expected).
590+
# If the response was initialized with the :skip_destination option, this validation is skipped,
590591
# If fails, the error is added to the errors array
591592
# @return [Boolean] True if there is a Destination element that matches the Consumer Service URL, otherwise False
592593
#
593594
def validate_destination
594595
return true if destination.nil?
596+
return true if options[:skip_destination]
595597

596598
if destination.empty?
597599
error_msg = "The response has an empty Destination value"

test/response_test.rb

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ class RubySamlTest < Minitest::Test
2424
let(:response_no_conditions) { OneLogin::RubySaml::Response.new(read_invalid_response("no_conditions.xml.base64")) }
2525
let(:response_no_authnstatement) { OneLogin::RubySaml::Response.new(read_invalid_response("no_authnstatement.xml.base64")) }
2626
let(:response_empty_destination) { OneLogin::RubySaml::Response.new(read_invalid_response("empty_destination.xml.base64")) }
27+
let(:response_empty_destination_with_skip) { OneLogin::RubySaml::Response.new(read_invalid_response("empty_destination.xml.base64"), {:skip_destination => true}) }
2728
let(:response_no_status) { OneLogin::RubySaml::Response.new(read_invalid_response("no_status.xml.base64")) }
2829
let(:response_no_statuscode) { OneLogin::RubySaml::Response.new(read_invalid_response("no_status_code.xml.base64")) }
2930
let(:response_statuscode_responder) { OneLogin::RubySaml::Response.new(read_invalid_response("status_code_responder.xml.base64")) }
@@ -436,6 +437,12 @@ class RubySamlTest < Minitest::Test
436437
assert_includes response_empty_destination.errors, "The response has an empty Destination value"
437438
end
438439

440+
it "return true when the destination of the SAML Response is empty but skip_destination option is used" do
441+
response_empty_destination_with_skip.settings = settings
442+
assert response_empty_destination_with_skip.send(:validate_destination)
443+
assert_empty response_empty_destination.errors
444+
end
445+
439446
it "returns true on a case insensitive match on the domain" do
440447
response_valid_signed_without_x509certificate.settings = settings
441448
response_valid_signed_without_x509certificate.settings.assertion_consumer_service_url = 'http://APP.muDa.no/sso/consume'

0 commit comments

Comments
 (0)