Move file directories

Gemfile

@@ -4,8 +4,8 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'minitest', '~> 5.18', require: false
-gem 'mocha', '~> 2.0', require: false
+gem 'minitest', '~> 5.24', require: false
+gem 'mocha', '~> 2.4', require: false
 gem 'rake', '~> 13.0'
 gem 'rubocop', '~> 1.64.1', require: false
 gem 'rubocop-minitest', '~> 0.35.0', require: false

README.md

@@ -87,13 +87,13 @@ gem install ruby-saml
 You may require the entire Ruby SAML gem:
 
 ```ruby
-require 'onelogin/ruby-saml'
+require 'ruby_saml'
 ```
 
 or just the required components individually:
 
 ```ruby
-require 'onelogin/ruby-saml/authrequest'
+require 'ruby_saml/authrequest'
 ```
 
 ### Installation on Ruby 1.8.7
@@ -336,7 +336,7 @@ Using `IdpMetadataParser#parse_remote`, the IdP metadata will be added to the se
 def saml_settings
 
   idp_metadata_parser = RubySaml::IdpMetadataParser.new
-  # Returns OneLogin::RubySaml::Settings pre-populated with IdP metadata
+  # Returns RubySaml::Settings pre-populated with IdP metadata
   settings = idp_metadata_parser.parse_remote("https://example.com/auth/saml2/idp/metadata")
 
   settings.assertion_consumer_service_url = "http://#{request.host}/saml/consume"
@@ -397,7 +397,7 @@ by the values of binding and nameid:
 
 ### Parsing Metadata into an Hash
 
-The `OneLogin::RubySaml::IdpMetadataParser` also provides the methods `#parse_to_hash` and `#parse_remote_to_hash`.
+The `RubySaml::IdpMetadataParser` also provides the methods `#parse_to_hash` and `#parse_remote_to_hash`.
 Those return an Hash instead of a `Settings` object, which may be useful for configuring
 [omniauth-saml](https://github.com/omniauth/omniauth-saml), for instance.
 
@@ -412,11 +412,11 @@ but it can be done as follows:
 
 ```ruby
 require "xml_security"
-require "onelogin/ruby-saml/utils"
-require "onelogin/ruby-saml/idp_metadata_parser"
+require "ruby_saml/utils"
+require "ruby_saml/idp_metadata_parser"
 
 url = "<url_to_the_metadata>"
-idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
+idp_metadata_parser = RubySaml::IdpMetadataParser.new
 
 uri = URI.parse(url)
 raise ArgumentError.new("url must begin with http or https") unless /^https?/ =~ uri.scheme
@@ -433,7 +433,7 @@ xml = response.body
 errors = []
 doc = XMLSecurity::SignedDocument.new(xml, errors)
 cert_str = "<include_cert_here>"
-cert = OneLogin::RubySaml::Utils.format_cert("cert_str")
+cert = RubySaml::Utils.format_cert("cert_str")
 metadata_sign_cert = OpenSSL::X509::Certificate.new(cert)
 valid = doc.validate_document_with_cert(metadata_sign_cert, true)
 if valid
@@ -452,7 +452,7 @@ If you are using `saml:AttributeStatement` to transfer data like the username, y
 `single_value_compatibility` (when activated, only the first value is returned)
 
 ```ruby
-response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
+response = RubySaml::Response.new(params[:SAMLResponse])
 response.settings = saml_settings
 
 response.attributes[:username]
@@ -492,7 +492,7 @@ Imagine this `saml:AttributeStatement`
 ```
 
 ```ruby
-pp(response.attributes)   # is an OneLogin::RubySaml::Attributes object
+pp(response.attributes)   # is an RubySaml::Attributes object
 # => @attributes=
   {"uid"=>["demo"],
    "another_value"=>["value1", "value2"],
@@ -502,7 +502,7 @@ pp(response.attributes)   # is an OneLogin::RubySaml::Attributes object
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"=>["usersName"]}>
 
 # Active single_value_compatibility
-OneLogin::RubySaml::Attributes.single_value_compatibility = true
+RubySaml::Attributes.single_value_compatibility = true
 
 pp(response.attributes[:uid])
 # => "demo"
@@ -538,7 +538,7 @@ pp(response.attributes.fetch(/givenname/))
 # => "usersName"
 
 # Deprecated single_value_compatibility
-OneLogin::RubySaml::Attributes.single_value_compatibility = false
+RubySaml::Attributes.single_value_compatibility = false
 
 pp(response.attributes[:uid])
 # => ["demo"]
@@ -585,7 +585,7 @@ building the authrequest object.
 To form a trusted pair relationship with the IdP, the SP (you) need to provide metadata XML
 to the IdP for various good reasons. (Caching, certificate lookups, relaying party permissions, etc)
 
-The class `OneLogin::RubySaml::Metadata` takes care of this by reading the Settings and returning XML.  All you have to do is add a controller to return the data, then give this URL to the IdP administrator.
+The class `RubySaml::Metadata` takes care of this by reading the Settings and returning XML.  All you have to do is add a controller to return the data, then give this URL to the IdP administrator.
 
 The metadata will be polled by the IdP every few minutes, so updating your settings should propagate
 to the IdP settings.
@@ -595,7 +595,7 @@ class SamlController < ApplicationController
   # ... the rest of your controller definitions ...
   def metadata
     settings = Account.get_saml_settings
-    meta = OneLogin::RubySaml::Metadata.new
+    meta = RubySaml::Metadata.new
     render :xml => meta.generate(settings), :content_type => "application/samlmetadata+xml"
   end
 end
@@ -711,7 +711,7 @@ You may require SP and IdP certificates to be non-expired using the following se
   settings.security[:check_sp_cert_expiration] = true   # Raise error SP X.509 cert is expired
 ```
 
-By default, Ruby SAML will raise a `OneLogin::RubySaml::ValidationError` if a signature or certificate
+By default, Ruby SAML will raise a `RubySaml::ValidationError` if a signature or certificate
 validation fails. You may disable such exceptions using the `settings.security[:soft]` parameter.
 
 ```ruby
@@ -800,7 +800,7 @@ def sp_logout_request
     delete_session
   else
 
-    logout_request = OneLogin::RubySaml::Logoutrequest.new
+    logout_request = RubySaml::Logoutrequest.new
     logger.info "New SP SLO for userid '#{session[:userid]}' transactionid '#{logout_request.uuid}'"
 
     if settings.name_identifier_value.nil?
@@ -831,9 +831,9 @@ def process_logout_response
   settings = Account.get_saml_settings
 
   if session.has_key? :transaction_id
-    logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => session[:transaction_id])
+    logout_response = RubySaml::Logoutresponse.new(params[:SAMLResponse], settings, :matches_request_id => session[:transaction_id])
   else
-    logout_response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], settings)
+    logout_response = RubySaml::Logoutresponse.new(params[:SAMLResponse], settings)
   end
 
   logger.info "LogoutResponse is: #{logout_response.to_s}"
@@ -867,7 +867,7 @@ def idp_logout_request
   # uppercase. Turn it True for ADFS compatibility on signature verification
   settings.security[:lowercase_url_encoding] = true
 
-  logout_request = OneLogin::RubySaml::SloLogoutrequest.new(
+  logout_request = RubySaml::SloLogoutrequest.new(
     params[:SAMLRequest], settings: settings
   )
   if !logout_request.is_valid?
@@ -881,7 +881,7 @@ def idp_logout_request
 
   # Generate a response to the IdP.
   logout_request_id = logout_request.id
-  logout_response = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, :RelayState => params[:RelayState])
+  logout_response = RubySaml::SloLogoutresponse.new.create(settings, logout_request_id, nil, :RelayState => params[:RelayState])
   redirect_to logout_response
 end
 ```
@@ -913,7 +913,7 @@ First, ensure that both systems synchronize their clocks, using for example the
 Even then you may experience intermittent issues, as the clock of the Identity Provider may drift slightly ahead of your system clocks. To allow for a small amount of clock drift, you can initialize the response by passing in an option named `:allowed_clock_drift`. Its value must be given in a number (and/or fraction) of seconds. The value given is added to the current time at which the response is validated before it's tested against the `NotBefore` assertion. For example:
 
 ```ruby
-response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :allowed_clock_drift => 1.second)
+response = RubySaml::Response.new(params[:SAMLResponse], :allowed_clock_drift => 1.second)
 ```
 
 Make sure to keep the value as comfortably small as possible to keep security risks to a minimum.
@@ -928,14 +928,14 @@ Example:
 
 ```ruby
 def consume
-  response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], { settings: saml_settings })
+  response = RubySaml::Response.new(params[:SAMLResponse], { settings: saml_settings })
   ...
 end
 
 private
 
 def saml_settings
-  OneLogin::RubySaml::Settings.new(message_max_bytesize: 500_000)
+  RubySaml::Settings.new(message_max_bytesize: 500_000)
 end
 ```
 
@@ -944,7 +944,7 @@ end
 To request attributes from the IdP the SP needs to provide an attribute service within it's metadata and reference the index in the assertion.
 
 ```ruby
-settings = OneLogin::RubySaml::Settings.new
+settings = RubySaml::Settings.new
 settings.attributes_index = 5
 settings.attribute_consuming_service.configure do
   service_name "Service"
@@ -959,11 +959,11 @@ The `attribute_value` option additionally accepts an array of possible values.
 ## Custom Metadata Fields
 
 Some IdPs may require to add SPs to add additional fields (Organization, ContactPerson, etc.)
-into the SP metadata. This can be achieved by extending the `OneLogin::RubySaml::Metadata`
+into the SP metadata. This can be achieved by extending the `RubySaml::Metadata`
 class and overriding the `#add_extras` method as per the following example:
 
 ```ruby
-class MyMetadata < OneLogin::RubySaml::Metadata
+class MyMetadata < RubySaml::Metadata
   def add_extras(root, _settings)
     org = root.add_element("md:Organization")
     org.add_element("md:OrganizationName", 'xml:lang' => "en-US").text = 'ACME Inc.'

UPGRADING.md

@@ -1,5 +1,15 @@
 # Ruby SAML Migration Guide
 
+## Updating from 1.17.x to 2.0.0
+
+Before attempting to upgrade to `2.0.0`:
+- Upgrade your project to minimum Ruby 3.0, JRuby 9.4, or TruffleRuby 22.
+- Upgrade RubySaml to `1.17.x`. Note that RubySaml `1.17.x` is compatible with up to Ruby 3.3.
+
+RubySaml version `2.0.0` changes the root namespace from `OneLogin::RubySaml::` to just `RubySaml::`. This will require you
+to search your codebase for the string `OneLogin::` and remove it as appropriate. Aside from this namespace change,
+the class names themselves have intentionally been kept the same.
+
 ## Updating from 1.12.x to 1.13.0
 
 Version `1.13.0` adds `settings.idp_sso_service_binding` and `settings.idp_slo_service_binding`, and

lib/ruby-saml.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require 'onelogin/ruby-saml'
+require 'ruby_saml'

lib/ruby_saml.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'ruby_saml/logging'
+require 'ruby_saml/saml_message'
+require 'ruby_saml/authrequest'
+require 'ruby_saml/logoutrequest'
+require 'ruby_saml/logoutresponse'
+require 'ruby_saml/attributes'
+require 'ruby_saml/slo_logoutrequest'
+require 'ruby_saml/slo_logoutresponse'
+require 'ruby_saml/response'
+require 'ruby_saml/settings'
+require 'ruby_saml/attribute_service'
+require 'ruby_saml/http_error'
+require 'ruby_saml/validation_error'
+require 'ruby_saml/metadata'
+require 'ruby_saml/idp_metadata_parser'
+require 'ruby_saml/utils'
+require 'ruby_saml/version'

lib/onelogin/ruby-saml/authrequest.rb → lib/ruby_saml/authrequest.rb

@@ -2,10 +2,10 @@
 
 require "rexml/document"
 
-require "onelogin/ruby-saml/logging"
-require "onelogin/ruby-saml/saml_message"
-require "onelogin/ruby-saml/utils"
-require "onelogin/ruby-saml/setting_error"
+require "ruby_saml/logging"
+require "ruby_saml/saml_message"
+require "ruby_saml/utils"
+require "ruby_saml/setting_error"
 
 # Only supports SAML 2.0
 module RubySaml

lib/onelogin/ruby-saml/error_handling.rb → lib/ruby_saml/error_handling.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "onelogin/ruby-saml/validation_error"
+require "ruby_saml/validation_error"
 
 module RubySaml
   module ErrorHandling

lib/onelogin/ruby-saml/idp_metadata_parser.rb → lib/ruby_saml/idp_metadata_parser.rb

@@ -118,12 +118,12 @@ def parse_remote_to_array(url, validate_cert = true, options = {})
     # @option options [String, Array<String>, nil] :slo_binding an ordered list of bindings to detect the single logout URL. The first binding in the list that is included in the metadata will be used.
     # @option options [String, Array<String>, nil] :name_id_format an ordered list of NameIDFormats to detect a desired value. The first NameIDFormat in the list that is included in the metadata will be used.
     #
-    # @return [OneLogin::RubySaml::Settings]
+    # @return [RubySaml::Settings]
     def parse(idp_metadata, options = {})
       parsed_metadata = parse_to_hash(idp_metadata, options)
 
       unless parsed_metadata[:cache_duration].nil?
-        cache_valid_until_timestamp = OneLogin::RubySaml::Utils.parse_duration(parsed_metadata[:cache_duration])
+        cache_valid_until_timestamp = RubySaml::Utils.parse_duration(parsed_metadata[:cache_duration])
         if !cache_valid_until_timestamp.nil? && (parsed_metadata[:valid_until].nil? || cache_valid_until_timestamp < Time.parse(parsed_metadata[:valid_until], Time.now.utc).to_i)
           parsed_metadata[:valid_until] = Time.at(cache_valid_until_timestamp).utc.strftime("%Y-%m-%dT%H:%M:%SZ")
         end
@@ -135,9 +135,9 @@ def parse(idp_metadata, options = {})
       settings = options[:settings]
 
       if settings.nil?
-        OneLogin::RubySaml::Settings.new(parsed_metadata)
+        RubySaml::Settings.new(parsed_metadata)
       elsif settings.is_a?(Hash)
-        OneLogin::RubySaml::Settings.new(settings.merge(parsed_metadata))
+        RubySaml::Settings.new(settings.merge(parsed_metadata))
       else
         merge_parsed_metadata_into(settings, parsed_metadata)
       end
@@ -208,7 +208,7 @@ def get_idp_metadata(url, validate_cert)
       @response = http.request(get)
       return response.body if response.is_a? Net::HTTPSuccess
 
-      raise OneLogin::RubySaml::HttpError.new(
+      raise RubySaml::HttpError.new(
         "Failed to fetch idp metadata: #{response.code}: #{response.message}"
       )
     end

lib/onelogin/ruby-saml/logging.rb → lib/ruby_saml/logging.rb

@@ -19,13 +19,13 @@ class << self
     end
 
     def self.debug(message)
-      return if ENV["ruby-saml/testing"]
+      return if ENV['ruby-saml/testing']
 
       logger.debug(message)
     end
 
     def self.info(message)
-      return if ENV["ruby-saml/testing"]
+      return if ENV['ruby-saml/testing']
 
       logger.info(message)
     end

lib/onelogin/ruby-saml/logoutrequest.rb → lib/ruby_saml/logoutrequest.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-require "onelogin/ruby-saml/logging"
-require "onelogin/ruby-saml/saml_message"
-require "onelogin/ruby-saml/utils"
-require "onelogin/ruby-saml/setting_error"
+require "ruby_saml/logging"
+require "ruby_saml/saml_message"
+require "ruby_saml/utils"
+require "ruby_saml/setting_error"
 
 # Only supports SAML 2.0
 module RubySaml

lib/onelogin/ruby-saml/logoutresponse.rb → lib/ruby_saml/logoutresponse.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "xml_security"
-require "onelogin/ruby-saml/saml_message"
+require "ruby_saml/saml_message"
 
 require "time"
 

lib/onelogin/ruby-saml/metadata.rb → lib/ruby_saml/metadata.rb

@@ -2,8 +2,8 @@
 
 require "uri"
 
-require "onelogin/ruby-saml/logging"
-require "onelogin/ruby-saml/utils"
+require "ruby_saml/logging"
+require "ruby_saml/utils"
 
 # Only supports SAML 2.0
 module RubySaml

lib/onelogin/ruby-saml/response.rb → lib/ruby_saml/response.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "xml_security"
-require "onelogin/ruby-saml/attributes"
+require "ruby_saml/attributes"
 
 require "time"
 require "nokogiri"