Skip to content

Commit

Permalink
fix: ambiguous path match in other phase
Browse files Browse the repository at this point in the history
This closes #153
  • Loading branch information
tommymccallig committed Feb 19, 2018
1 parent 2234db9 commit 1b465b9
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
6 changes: 5 additions & 1 deletion lib/omniauth/strategies/saml.rb
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ def response_fingerprint
end

def other_phase
if current_path.start_with?(request_path)
if request_path_pattern.match(current_path)
@env['omniauth.strategy'] ||= self
setup_phase

Expand Down Expand Up @@ -120,6 +120,10 @@ def find_attribute_by(keys)

private

def request_path_pattern
@request_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/|\z)}
end

def on_subpath?(subpath)
on_path?("#{request_path}/#{subpath}")
end
Expand Down
9 changes: 9 additions & 0 deletions spec/omniauth/strategies/saml_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -435,6 +435,15 @@ def test_default_relay_state(static_default_relay_state = nil, &block_default_re
specify { expect(last_response.status).to eql 404 }
end

context 'when hitting a route that contains a substring match for the strategy name' do
before { get '/auth/saml2/metadata' }

it 'should not set the strategy' do
expect(last_request.env['omniauth.strategy']).to be_nil
expect(last_response.status).to eql 404
end
end

describe 'subclass behavior' do
it 'registers subclasses in OmniAuth.strategies' do
subclass = Class.new(described_class)
Expand Down

0 comments on commit 1b465b9

Please sign in to comment.