diff --git a/Gemfile b/Gemfile index a537bd3da3f..f3d30946a77 100644 --- a/Gemfile +++ b/Gemfile @@ -57,7 +57,7 @@ gem 'rqrcode' gem 'ruby-progressbar' gem 'ruby-saml' gem 'safe_target_blank', '>= 1.0.2' -gem 'saml_idp', github: '18F/saml_idp', tag: '0.18.0-18f' +gem 'saml_idp', github: '18F/saml_idp', tag: '0.18.1-18f' gem 'scrypt' gem 'simple_form', '>= 5.0.2' gem 'sprockets-rails' diff --git a/Gemfile.lock b/Gemfile.lock index f451b897bfe..b64ab9b8a32 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -25,8 +25,8 @@ GIT GIT remote: https://github.com/18F/saml_idp.git - revision: 7f516c9e2c608ac92ee0c41daecfdb9208c7ec5a - tag: 0.18.0-18f + revision: d8e7deb7da3aa43bae0e5b0891c8de123d492484 + tag: 0.18.1-18f specs: saml_idp (0.18.0.pre.18f) activesupport @@ -34,7 +34,6 @@ GIT faraday nokogiri (>= 1.10.2) pkcs11 - uuid GIT remote: https://github.com/hashrocket/capybara-webmock.git @@ -380,8 +379,6 @@ GEM zeitwerk (~> 2.5) lru_redux (1.1.0) lumberjack (1.2.8) - macaddr (1.7.2) - systemu (~> 2.6.5) mail (2.7.1) mini_mime (>= 0.1.1) marcel (1.0.2) @@ -645,7 +642,6 @@ GEM activerecord (>= 5.2) strscan (3.0.5) subprocess (1.5.5) - systemu (2.6.5) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) thor (1.2.1) @@ -663,8 +659,6 @@ GEM unf_ext (0.0.8) unicode-display_width (2.4.0) uniform_notifier (1.16.0) - uuid (2.3.9) - macaddr (~> 1.0) valid_email (0.1.4) activemodel mail (>= 2.6.1) diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb index c7650735abb..665d8e40934 100644 --- a/app/controllers/saml_idp_controller.rb +++ b/app/controllers/saml_idp_controller.rb @@ -1,6 +1,5 @@ require 'saml_idp_constants' require 'saml_idp' -require 'uuid' class SamlIdpController < ApplicationController include SamlIdp::Controller diff --git a/config/initializers/ahoy.rb b/config/initializers/ahoy.rb index ebbcfb5ffb9..e24e13fdee3 100644 --- a/config/initializers/ahoy.rb +++ b/config/initializers/ahoy.rb @@ -60,14 +60,8 @@ def event_logger end def invalid_uuid?(token) - # The match? method does not exist for the Regexp class in Ruby < 2.4 - # Here, it comes from Active Support. Once we upgrade to Ruby 2.5, - # we probably want to ignore the Rails definition and use Ruby's. - # To do that, we'll need to set `config.active_support.bare = true`, - # and then only require the extensions we use. token = Utf8Cleaner.new(token).remove_invalid_utf8_bytes - uuid_regex = /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/ - !uuid_regex.match?(token) + !Idp::Constants::UUID_REGEX.match?(token) end end end diff --git a/lib/idp/constants.rb b/lib/idp/constants.rb index f3b8f77c5dd..760795e4831 100644 --- a/lib/idp/constants.rb +++ b/lib/idp/constants.rb @@ -1,5 +1,6 @@ module Idp module Constants + UUID_REGEX = /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/ module Vendors ACUANT = 'acuant' LEXIS_NEXIS = 'lexis_nexis' diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb index 57dd0fbcf3c..526e49ff524 100644 --- a/spec/controllers/saml_idp_controller_spec.rb +++ b/spec/controllers/saml_idp_controller_spec.rb @@ -1582,7 +1582,7 @@ def name_id_version(format_urn) end it 'includes an ID attribute with a valid UUID' do - expect(UUID.validate(assertion['ID'][1..-1])).to eq(true) + expect(Idp::Constants::UUID_REGEX.match?(assertion['ID'][1..-1])).to eq(true) expect(assertion['ID']).to eq "_#{user.last_identity.session_uuid}" end @@ -1705,7 +1705,7 @@ def name_id_version(format_urn) end it 'includes a URI attribute' do - expect(UUID.validate(reference['URI'][2..-1])).to eq(true) + expect(Idp::Constants::UUID_REGEX.match?(reference['URI'][2..-1])).to eq(true) end end end