Commit 1aa4690f authored by Thibaut Lambert's avatar Thibaut Lambert
Browse files

adds a test case for PR #111 - attributes without attributeValue should be ignored

parent 68da1526
<?xml version="1.0" encoding="UTF-8"?>
<ns3:Response xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" Destination="https://evil-corp.madness.com/sso/callback" ID="pfx2dcf0103-2026-b5cf-0772-f776bd9f54cf" InResponseTo="_e8df3fe5f04237d25670" IssueInstant="2015-08-31T08:54:06+00:00" Version="2.0">
<Issuer>https://evil-corp.com</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfx2dcf0103-2026-b5cf-0772-f776bd9f54cf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>U1QoTD0C6ikXZ1QIkJqlJ5BHQws=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>wuA92x0HttYKetEqmdm+zzUG7SwRTt3B60hacbT0i4UEA6UBU472toKBgzDWIiVAfKGXyRr8wd7d4mxnc4XeFhREX8H2RRNGy6csMx8YObQnHs9N+WswYyB4Y6XpM1oMLC3Bj+oQyl0bTlXc1J6cscQ37GcrKBXp7uWeentzp3AxhnxY+jyERfY34ShNg8sFHppXT36wqGrj/9r2QHMY66+ydfhFD8Q1QysVF4+lsThkVoqHbnCUocmikAsQyelX5SO4QBvZG9RF3S55MTVP8v0aCa9X2NKNytDvW28NpnrKfkEVyRMEbSH/qZ4bb/mdgY80i3UFYfTvkjIz9jwqBA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIEBzCCAu+gAwIBAgIJAMFLV+m1vy2CMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYDVQQGEwJGUjEVMBMGA1UECAwMc29tZS1jb21wYW55MQ4wDAYDVQQHDAVQYXJpczEVMBMGA1UECgwMc29tZS1jb21wYW55MRIwEAYDVQQLDAlldmlsLWNvcnAxFjAUBgNVBAMMDWV2aWwtY29ycC5jb20xIDAeBgkqhkiG9w0BCQEWEWJpZ0BldmlsLWNvcnAuY29tMB4XDTE1MDkwODE0NTMyN1oXDTI1MDkwNzE0NTMyN1owgZkxCzAJBgNVBAYTAkZSMRUwEwYDVQQIDAxzb21lLWNvbXBhbnkxDjAMBgNVBAcMBVBhcmlzMRUwEwYDVQQKDAxzb21lLWNvbXBhbnkxEjAQBgNVBAsMCWV2aWwtY29ycDEWMBQGA1UEAwwNZXZpbC1jb3JwLmNvbTEgMB4GCSqGSIb3DQEJARYRYmlnQGV2aWwtY29ycC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXepJd/fXaODEXNqfvHWtQfumyS0VUnPb7oQzNuC/5IYPwtM/hGhyfdIaNsAEszjsxvmcJP7eVJH4JO4N5CoCTnsQ8SkA6x9xldQQZbnlkty0oPDRDspl/XNqlfODWXz6SlavUrMWg7knUo4RXyvgvIbMC0u4W9lDK0ujMWrjmGaf1/c0r7+dyUZ3yKBv+ZAxZuFYwRAruG1wwLWcsqp3g8n9USMqyEVz7KnP8sJd3rmCKLXFfXZRCQvQMaBNHGLsHR4LH3s6729roQc6zz1qO/pb9cBGrHW3QMWbDtcU3tsKQKJ1WBKWy96SH+X8RgmF3e/HzB6s+HSJXrPbMarKtAgMBAAGjUDBOMB0GA1UdDgQWBBScdrSwdMQDoEVeHn7XhbUiAOiEpjAfBgNVHSMEGDAWgBScdrSwdMQDoEVeHn7XhbUiAOiEpjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB5MAIw2tRI+MWi7gFf6xSL7DjuRcUaSPL5/c0SFHpDvczhkel6/Sl4L0ERZd8WxNKffROWGWTfhz07gY6EcuNByz2XkWKEjzJmoy8rwPNum2pLXI9Qdp1RK9/sU2mvJfKAXN/kWMUPazmm4LjIxCEmS1Yk72YBS9lfqGk4rrWIJyU5Z5/Bqq2gjmdKH10eLpzxjLQ3kHWbkDUPmmR+iHCLqSDH4NB/JY0GnYKgr8Z3+CozB7907quhcOBLQbXTV1Ct95klfPUWfS/1vUJ62JXXVXLzl0g8f9ZuoZgP4SlPx7Ya6vXpGkF8b11ABOv2ln/PZ7S7rKHRNIZkiU69ezIW</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<ns3:Status>
<ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</ns3:Status>
<Assertion ID="_9e315bdf7b1b6732be33c377cf6f5c4f" IssueInstant="2015-08-31T08:54:06+00:00" Version="2.0">
<Issuer>https://evil-corp.com</Issuer>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">vincent.vega@evil-corp.com</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_e8df3fe5f04237d25670" NotOnOrAfter="2015-08-31T08:56:06+00:00" Recipient="https://evil-corp.madness.com/sso/callback"/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2015-08-31T08:53:06+00:00" NotOnOrAfter="2015-08-31T08:56:06+00:00"/>
<AuthnStatement AuthnInstant="2015-08-31T08:54:05+00:00" SessionIndex="_9e315bdf7b1b6732be33c377cf6f5c4f">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
<AttributeStatement>
<Attribute Name="evil-corp.egroupid">
<AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">vincent.vega@evil-corp.com</AttributeValue>
</Attribute>
<Attribute Name="evilcorp.roles"/>
<Attribute Name="evilcorp.givenname">
<AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Vincent</AttributeValue>
</Attribute>
<Attribute Name="evilcorp.sn">
<AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">VEGA</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
</ns3:Response>
......@@ -626,6 +626,35 @@ describe( 'passport-saml /', function() {
});
});
describe( 'my test',function() {
var fakeClock;
before(function(){
fakeClock = sinon.useFakeTimers(Date.parse('2015-08-31T08:55:00+00:00'));
});
after(function(){
fakeClock.restore();
});
it('accept response with an attributeStatement element without attributeValue', function(done) {
var container = {
SAMLResponse : fs.readFileSync(
__dirname + '/static/response-with-uncomplete-attribute.xml'
).toString('base64')
};
var samlObj = new SAML();
samlObj.validatePostResponse(container, function(err, profile) {
should.not.exist(err);
profile.issuer.should.eql("https://evil-corp.com");
profile.nameID.should.eql("vincent.vega@evil-corp.com");
should(profile).have.property("evil-corp.egroupid").eql("vincent.vega@evil-corp.com");
// attributes without attributeValue child should be ignored
should(profile).not.have.property("evilcorp.roles");
done();
});
});
});
describe( 'request signature checks /', function() {
var fakeClock;
beforeEach(function(){
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment