update gems

a5941506 · o@immerda.ch · 96050e9f · a5941506 · a5941506 · a5941506
Commit a5941506 authored Jul 20, 2021 by o@immerda.ch
--- a/.ruby-version
+++ b/.ruby-version
-2.5.3
+2.5.9
--- a/Gemfile
+++ b/Gemfile
@@ -33,7 +33,7 @@ gem 'rotp'
 gem 'base32'
 gem 'gpgme'

-gem 'ruby-saml', '~> 1.9.0'
+gem 'ruby-saml'

 gem 'unidecoder'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -42,7 +42,7 @@ GEM
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
      tzinfo (~> 1.1)
-    addressable (2.7.0)
+    addressable (2.8.0)
      public_suffix (>= 2.0.2, < 5.0)
    arel (9.0.0)
    base32 (0.3.4)
@@ -65,7 +65,7 @@ GEM
      unf (>= 0.0.5, < 1.0.0)
    erubi (1.10.0)
    execjs (2.8.1)
-    ffi (1.15.1)
+    ffi (1.15.3)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
    gpgme (2.0.20)
@@ -93,7 +93,7 @@ GEM
    method_source (1.0.0)
    mime-types (3.3.1)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2021.0225)
+    mime-types-data (3.2021.0704)
    mini_mime (1.1.0)
    mini_portile2 (2.5.3)
    minitest (5.14.4)
@@ -133,7 +133,7 @@ GEM
      method_source
      rake (>= 0.8.7)
      thor (>= 0.19.0, < 2.0)
-    rake (13.0.3)
+    rake (13.0.6)
    rb-fsevent (0.11.0)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
@@ -147,7 +147,7 @@ GEM
    rqrcode (2.0.0)
      chunky_png (~> 1.0)
      rqrcode_core (~> 1.0)
-    rqrcode_core (1.0.0)
+    rqrcode_core (1.1.0)
    rspec (3.10.0)
      rspec-core (~> 3.10.0)
      rspec-expectations (~> 3.10.0)
@@ -161,8 +161,9 @@ GEM
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-support (3.10.2)
-    ruby-saml (1.9.0)
-      nokogiri (>= 1.5.10)
+    ruby-saml (1.12.2)
+      nokogiri (>= 1.10.5)
+      rexml
    ruby_dep (1.5.0)
    sass-rails (6.0.0)
      sassc-rails (~> 2.1, >= 2.1.1)
@@ -208,7 +209,7 @@ GEM
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
-    websocket-driver (0.7.4)
+    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    zxcvbn-ruby (1.2.0)
@@ -228,7 +229,7 @@ DEPENDENCIES
  rotp
  rqrcode
  rspec
-  ruby-saml (~> 1.9.0)
+  ruby-saml
  sass-rails
  spring
  spring-watcher-listen (~> 2.0.0)

--- a/app/controllers/saml_controller.rb
+++ b/app/controllers/saml_controller.rb
@@ -38,15 +38,17 @@ class SamlController < SessionsController
  def saml_settings
    settings = OneLogin::RubySaml::Settings.new

-    settings.issuer                         = "#{request.base_url}"
+    settings.sp_entity_id                   = "#{request.base_url}"
    settings.assertion_consumer_service_url = "#{request.base_url}/saml/consume"
-    settings.idp_sso_target_url             = fix_idp_url(SamlConfig.idp_sso)
+    settings.idp_sso_service_url            = fix_idp_url(SamlConfig.idp_sso)
    settings.certificate                    = SamlConfig.cert
    settings.private_key                    = SamlConfig.private_key
    settings.name_identifier_format         = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
    settings.idp_cert_multi = {signing: SamlConfig.idp_certs,
                               encryption: SamlConfig.idp_certs}
    settings.security = {
+          :check_idp_cert_expiration  => true,
+          :check_sp_cert_expiration   => true,
          :authn_requests_signed      => true,
          :logout_requests_signed     => true,
          :logout_responses_signed    => true,