debian-mirror-gitlab/lib/gitlab/auth/saml/origin_validator.rb

# frozen_string_literal: true

module Gitlab
  module Auth
    module Saml
      class OriginValidator
        AUTH_REQUEST_SESSION_KEY = "last_authn_request_id".freeze

        def initialize(session)
          @session = session || {}
        end

        def store_origin(authn_request)
          session[AUTH_REQUEST_SESSION_KEY] = authn_request.uuid
        end

        def gitlab_initiated?(saml_response)
          return false if identity_provider_initiated?(saml_response)

          matches?(saml_response)
        end

        private

        attr_reader :session

        def matches?(saml_response)
          saml_response.in_response_to == expected_request_id
        end

        def identity_provider_initiated?(saml_response)
          saml_response.in_response_to.blank?
        end

        def expected_request_id
          session[AUTH_REQUEST_SESSION_KEY]
        end
      end
    end
  end
end
New upstream version 12.1.12 2019-09-30 23:59:55 +05:30			`# frozen_string_literal: true`

			`module Gitlab`
			`module Auth`
			`module Saml`
			`class OriginValidator`
			`AUTH_REQUEST_SESSION_KEY = "last_authn_request_id".freeze`

			`def initialize(session)`
			`@session = session \|\| {}`
			`end`

			`def store_origin(authn_request)`
			`session[AUTH_REQUEST_SESSION_KEY] = authn_request.uuid`
			`end`

			`def gitlab_initiated?(saml_response)`
			`return false if identity_provider_initiated?(saml_response)`

			`matches?(saml_response)`
			`end`

			`private`

			`attr_reader :session`

			`def matches?(saml_response)`
			`saml_response.in_response_to == expected_request_id`
			`end`

			`def identity_provider_initiated?(saml_response)`
			`saml_response.in_response_to.blank?`
			`end`

			`def expected_request_id`
			`session[AUTH_REQUEST_SESSION_KEY]`
			`end`
			`end`
			`end`
			`end`
			`end`