debian-mirror-gitlab/lib/gitlab/auth/saml/origin_validator.rb

42 lines
913 B
Ruby
Raw Normal View History

2019-09-30 23:59:55 +05:30
# frozen_string_literal: true
module Gitlab
module Auth
module Saml
class OriginValidator
2021-04-29 21:17:54 +05:30
AUTH_REQUEST_SESSION_KEY = "last_authn_request_id"
2019-09-30 23:59:55 +05:30
def initialize(session)
@session = session || {}
end
def store_origin(authn_request)
session[AUTH_REQUEST_SESSION_KEY] = authn_request.uuid
end
def gitlab_initiated?(saml_response)
return false if identity_provider_initiated?(saml_response)
matches?(saml_response)
end
private
attr_reader :session
def matches?(saml_response)
saml_response.in_response_to == expected_request_id
end
def identity_provider_initiated?(saml_response)
saml_response.in_response_to.blank?
end
def expected_request_id
session[AUTH_REQUEST_SESSION_KEY]
end
end
end
end
end