spec/saml/kit/cli/commands/decode_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

RSpec.describe Saml::Kit::Cli::Commands::Decode do
  describe '#redirect' do
    let(:command) { "decode redirect #{redirect_binding.serialize(builder)[0]}" }
    let(:document) { builder.build }
    let(:builder) do
      Saml::Kit::AuthenticationRequest.builder do |x|
        x.sign_with(Xml::Kit::KeyPair.generate(use: :signing))
      end
    end
    let(:redirect_binding) do
      Saml::Kit::Bindings::HttpRedirect.new(location: 'https://www.example.com/')
    end

    specify { expect(status).to be_success }
    specify { expect(output).to include(document.to_xml(pretty: true)) }
    specify { expect(output).to include("Decoded #{document.send(:name)}") }
    specify { expect(output).not_to include('Signature Value') }
  end

  describe '#post' do
    let(:post_binding) do
      Saml::Kit::Bindings::HttpPost.new(location: 'https://www.example.com/')
    end

    context "when the document is a Response" do
      let(:command) { "decode post #{post_binding.serialize(builder)[1]['SAMLResponse']}" }
      let(:builder) do
        Saml::Kit::Response.builder(user) do |x|
          x.sign_with(Xml::Kit::KeyPair.generate(use: :signing))
        end
      end
      let(:user) { double(name_id_for: SecureRandom.uuid) }
      let(:document) { builder.build }

      specify { expect(status).to be_success }
      specify { expect(output).to include(document.to_xml(pretty: true)) }
      specify { expect(output).to include("Decoded #{document.send(:name)}") }
      specify { expect(output).to include(document.signature.certificate.x509.to_text) }
    end

    context "when the document is a LogoutRequest" do
      let(:command) { "decode post #{post_binding.serialize(builder)[1]['SAMLRequest']}" }
      let(:builder) { Saml::Kit::LogoutRequest.builder(user) }
      let(:user) { double(name_id_for: SecureRandom.uuid) }
      let(:document) { builder.build }

      specify { expect(status).to be_success }
      specify { expect(output).to include(document.to_xml(pretty: true)) }
      specify { expect(output).to include("Decoded #{document.send(:name)}") }
      specify { expect(output).to include(user.name_id_for) }
    end

    context "when the document is a LogoutResponse" do
      let(:command) { "decode post #{post_binding.serialize(builder)[1]['SAMLResponse']}" }
      let(:builder) { Saml::Kit::LogoutResponse.builder(request) }
      let(:request) { double(id: Xml::Kit::Id.generate) }
      let(:document) { builder.build }

      specify { expect(status).to be_success }
      specify { expect(output).to include(document.to_xml(pretty: true)) }
      specify { expect(output).to include("Decoded #{document.send(:name)}") }
    end

    context "when the document is  Invalid" do
      let(:command) { "decode post #{Base64.encode64('INVALID')}" }

      specify { expect(status).to be_success }
      specify { expect(output).to include("error  Decoded InvalidDocument") }
    end
  end

  describe '#raw' do
    let(:command) { "decode raw #{tempfile}" }
    let(:tempfile) { Tempfile.new('saml-kit').path }
    let(:document) { Saml::Kit::AuthenticationRequest.build }

    before { IO.write(tempfile, document.to_xml) }
    after { File.unlink(tempfile) }

    specify { expect(status).to be_success }
    specify { expect(output).to include(document.to_xml(pretty: true)) }
    specify { expect(output).to include("Decoded #{document.send(:name)}") }
  end
end