Skip to content

Commit

Permalink
make sure limit_self_registration is included in saml provider hash
Browse files Browse the repository at this point in the history
  • Loading branch information
machisuji committed Nov 15, 2024
1 parent 7203231 commit f42fbc7
Show file tree
Hide file tree
Showing 5 changed files with 8 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ def self.model
attribute :authn_requests_signed
validate :valid_certificate_key_pair

attribute :limit_self_registration

%i[mapping_mail mapping_login mapping_firstname mapping_lastname].each do |attr|
attribute attr
validates_presence_of attr, if: -> { model.public_send(:"#{attr}_changed?") }
Expand Down
1 change: 1 addition & 0 deletions modules/auth_saml/app/models/saml/provider/hash_builder.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ def to_h # rubocop:disable Metrics/AbcSize
name_identifier_format:,
certificate:,
private_key:,
limit_self_registration:,
attribute_statements: formatted_attribute_statements,
request_attributes: formatted_request_attributes,
uid_attribute: mapping_uid.presence
Expand Down
2 changes: 2 additions & 0 deletions modules/auth_saml/spec/factories/saml_provider_factory.rb
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@
idp_sso_service_url { "https://example.com/sso" }
idp_slo_service_url { "https://example.com/slo" }

limit_self_registration { true }

mapping_login { Saml::Defaults::MAIL_MAPPING }
mapping_mail { Saml::Defaults::MAIL_MAPPING }
mapping_firstname { Saml::Defaults::FIRSTNAME_MAPPING }
Expand Down
1 change: 1 addition & 0 deletions modules/auth_saml/spec/lib/open_project/auth_saml_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
expect(subject[:assertion_consumer_service_url]).to eq "http://#{Setting.host_name}/auth/my-saml/callback"
expect(subject[:idp_sso_service_url]).to eq "https://example.com/sso"
expect(subject[:idp_slo_service_url]).to eq "https://example.com/slo"
expect(subject[:limit_self_registration]).to be true

attributes = subject[:attribute_statements]
expect(attributes[:email]).to eq Saml::Defaults::MAIL_MAPPING.split("\n")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@
digest_method: "http://www.w3.org/2001/04/xmlenc#sha256",
sp_entity_id: "https://foobar.org",
idp_cert:,
idp_cert_fingerprint:)
idp_cert_fingerprint:,
limit_self_registration: false)
end

let(:idp_cert) { nil }
Expand Down

0 comments on commit f42fbc7

Please sign in to comment.