Skip to content

Commit 10bdc2b

Browse files
committed
This PR replaces fixes the way SP request UUID generation is handled.
- Replace the mutable RubySaml::Utils::UUID_PREFIX constant with `Settings.sp_uuid_prefix` - Make Authnrequest, etc. `uuid` attribute to be immutable. - Initialize Authnrequest, etc. `uuid` attribute when `create` is called, based on `Settings.sp_uuid_prefix`, not when instantiating the Ruby object.
1 parent 6f73a4f commit 10bdc2b

6 files changed

Lines changed: 26 additions & 45 deletions

File tree

lib/ruby_saml/authrequest.rb

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -15,26 +15,16 @@ module RubySaml
1515
class Authrequest < SamlMessage
1616

1717
# AuthNRequest ID
18-
attr_accessor :uuid
19-
20-
# Initializes the AuthNRequest. An Authrequest Object that is an extension of the SamlMessage class.
21-
# Asigns an ID, a random uuid.
22-
#
23-
def initialize
24-
@uuid = RubySaml::Utils.uuid
25-
super()
26-
end
27-
28-
def request_id
29-
@uuid
30-
end
18+
attr_reader :uuid
19+
alias_method :request_id, :uuid
3120

3221
# Creates the AuthNRequest string.
3322
# @param settings [RubySaml::Settings|nil] Toolkit settings
3423
# @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
3524
# @return [String] AuthNRequest string that includes the SAMLRequest
3625
#
3726
def create(settings, params = {})
27+
@uuid = RubySaml::Utils.generate_uuid(settings.sp_uuid_prefix)
3828
params = create_params(settings, params)
3929
params_prefix = /\?/.match?(settings.idp_sso_service_url) ? '&' : '?'
4030
saml_request = CGI.escape(params.delete("SAMLRequest"))

lib/ruby_saml/logoutrequest.rb

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -13,26 +13,16 @@ module RubySaml
1313
class Logoutrequest < SamlMessage
1414

1515
# Logout Request ID
16-
attr_accessor :uuid
17-
18-
# Initializes the Logout Request. A Logoutrequest Object that is an extension of the SamlMessage class.
19-
# Asigns an ID, a random uuid.
20-
#
21-
def initialize
22-
@uuid = RubySaml::Utils.uuid
23-
super()
24-
end
25-
26-
def request_id
27-
@uuid
28-
end
16+
attr_reader :uuid
17+
alias_method :request_id, :uuid
2918

3019
# Creates the Logout Request string.
3120
# @param settings [RubySaml::Settings|nil] Toolkit settings
3221
# @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
3322
# @return [String] Logout Request string that includes the SAMLRequest
3423
#
3524
def create(settings, params={})
25+
@uuid = RubySaml::Utils.generate_uuid(settings.sp_uuid_prefix)
3626
params = create_params(settings, params)
3727
params_prefix = /\?/.match?(settings.idp_slo_service_url) ? '&' : '?'
3828
saml_request = CGI.escape(params.delete("SAMLRequest"))

lib/ruby_saml/settings.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ def initialize(overrides = {}, keep_security_attributes = false)
4848
attr_reader :assertion_consumer_service_binding
4949
attr_accessor :single_logout_service_url
5050
attr_reader :single_logout_service_binding
51+
attr_accessor :sp_uuid_prefix
5152
attr_accessor :sp_name_qualifier
5253
attr_accessor :name_identifier_format
5354
attr_accessor :name_identifier_value

lib/ruby_saml/slo_logoutresponse.rb

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -14,19 +14,8 @@ module RubySaml
1414
class SloLogoutresponse < SamlMessage
1515

1616
# Logout Response ID
17-
attr_accessor :uuid
18-
19-
# Initializes the Logout Response. A SloLogoutresponse Object that is an extension of the SamlMessage class.
20-
# Asigns an ID, a random uuid.
21-
#
22-
def initialize
23-
@uuid = RubySaml::Utils.uuid
24-
super()
25-
end
26-
27-
def response_id
28-
@uuid
29-
end
17+
attr_reader :uuid
18+
alias_method :request_id, :uuid
3019

3120
# Creates the Logout Response string.
3221
# @param settings [RubySaml::Settings|nil] Toolkit settings
@@ -37,6 +26,7 @@ def response_id
3726
# @return [String] Logout Request string that includes the SAMLRequest
3827
#
3928
def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
29+
@uuid = RubySaml::Utils.generate_uuid(settings.sp_uuid_prefix)
4030
params = create_params(settings, request_id, logout_message, params, logout_status_code)
4131
params_prefix = /\?/.match?(settings.idp_slo_service_url) ? '&' : '?'
4232
url = settings.idp_slo_response_service_url || settings.idp_slo_service_url

lib/ruby_saml/utils.rb

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,10 @@ module Utils
3030
(\d+)W # 8: Weeks
3131
)
3232
$/x
33-
UUID_PREFIX = +'_'
33+
UUID_DEFAULT_PREFIX = '_'
34+
35+
# @deprecated Use UUID_DEFAULT_PREFIX instead.
36+
UUID_PREFIX = UUID_DEFAULT_PREFIX.dup
3437

3538
# Checks if the x509 cert provided is expired.
3639
#
@@ -380,13 +383,20 @@ def retrieve_plaintext(cipher_text, symmetric_key, algorithm)
380383
end
381384
end
382385

383-
def set_prefix(value)
384-
UUID_PREFIX.replace value
386+
def set_prefix(_value)
387+
raise NoMethodError.new('RubySaml::Util.set_prefix has been removed. Please use RubySaml::Settings#uuid_prefix instead.')
385388
end
386389

387-
def uuid
388-
"#{UUID_PREFIX}#{SecureRandom.uuid}"
390+
# Generates a UUID with a prefix.
391+
#
392+
# @param prefix [String|false|nil] An explicit prefix override.
393+
# Using nil will use the default prefix, and false will use no prefix.
394+
# @return [String] The generated UUID.
395+
def generate_uuid(prefix = nil)
396+
prefix = prefix.is_a?(FalseClass) ? nil : prefix || UUID_DEFAULT_PREFIX
397+
"#{prefix}#{SecureRandom.uuid}"
389398
end
399+
alias_method :uuid, :generate_uuid
390400

391401
# Given two strings, attempt to match them as URIs using Rails' parse method. If they can be parsed,
392402
# then the fully-qualified domain name and the host should performa a case-insensitive match, per the

test/test_helper.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -374,7 +374,7 @@ def ruby_saml_key_text
374374
# logoutresponse fixtures
375375
#
376376
def random_id
377-
"_#{RubySaml::Utils.uuid}"
377+
"_#{RubySaml::Utils.generate_uuid}"
378378
end
379379

380380
#

0 commit comments

Comments
 (0)