Conversation
**Why**: So that SAML SPs can request all of a user's email addresses
| attrs[:all_emails] = { | ||
| getter: ->(principal) { principal.confirmed_email_addresses.map(&:email) }, |
There was a problem hiding this comment.
codeclimate is saying this is not covered by tests 😬 can we add some?
There was a problem hiding this comment.
Also does retuning an array here just correctly turn into an array of some kind of tag?
There was a problem hiding this comment.
Yep, work in progress because I need to add some tests to this one. Gonna try to mirror the pattern I used for the OIDC implementation as much as I can.
And yep, this renders a list of values:
<AttributeStatement>
<Attribute Name="uuid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="uuid">
<AttributeValue>b9fa616d-0806-450d-a5bd-71a00019ae08</AttributeValue>
</Attribute>
<Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="email">
<AttributeValue>tanja@example.net</AttributeValue>
</Attribute>
<Attribute Name="all_emails" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="all_emails">
<AttributeValue>tanja@example.net</AttributeValue>
<AttributeValue>logan@example.com</AttributeValue>
</Attribute>
<Attribute Name="aal" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="aal">
<AttributeValue>http://idmanagement.gov/ns/assurance/aal/2</AttributeValue>
</Attribute>
<Attribute Name="ial" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="ial">
<AttributeValue>http://idmanagement.gov/ns/assurance/ial/1</AttributeValue>
</Attribute>
</AttributeStatement>There was a problem hiding this comment.
@zachmargolis: I just pushed a test for the attribute asserter!
There was a problem hiding this comment.
Thanks! Test is good but can we get one that checks the full XML payload somewhere?
There was a problem hiding this comment.
Let me take a swing at that. I know that hidden in the SAML specs somewhere there's gotta be a test that takes apart the SAML response.
There was a problem hiding this comment.
@zachmargolis: Just added a test along with a bonus test for OIDC
| attrs[:all_emails] = { | ||
| getter: ->(principal) { principal.confirmed_email_addresses.map(&:email) }, |
There was a problem hiding this comment.
Thanks! Test is good but can we get one that checks the full XML payload somewhere?
| it 'includes all the user email addresses' do | ||
| all_emails_getter = ial1_user.asserted_attributes[:all_emails][:getter] | ||
| emails = all_emails_getter.call(user) | ||
| expect(emails.length).to eq(2) | ||
| expect(emails).to match_array(user.confirmed_email_addresses.map(&:email)) |
2 participants
Why: So that SAML SPs can request all of a user's email addresses