[READY] V2.x - Nokogiri Upgrade Part 3 - Shim XMLSecurity so it raises deprecation warnings and errors (#748)

Author: johnnyshields

.rubocop.yml

@@ -16,6 +16,27 @@ AllCops:
     - 'tmp/**/*'
     - 'vendor/**/*'
 
+Metrics/AbcSize:
+  Max: 200
+
+Metrics/BlockLength:
+  Max: 100
+
+Metrics/ClassLength:
+  Max: 1000
+
+Metrics/CyclomaticComplexity:
+  Max: 30
+
+Metrics/MethodLength:
+  Max: 100
+
+Metrics/ModuleLength:
+  Max: 1000
+
+Metrics/PerceivedComplexity:
+  Max: 30
+
 Style/Alias:
   EnforcedStyle: prefer_alias_method
 

.rubocop_todo.yml

@@ -178,47 +178,11 @@ Lint/UselessAssignment:
   Exclude:
     - 'lib/ruby_saml/slo_logoutrequest.rb'
 
-# Offense count: 42
-# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
-Metrics/AbcSize:
-  Max: 200
-
-# Offense count: 1
-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
-# AllowedMethods: refine
-Metrics/BlockLength:
-  Max: 27
-
-# Offense count: 8
-# Configuration parameters: CountComments, CountAsOne.
-Metrics/ClassLength:
-  Max: 1000
-
-# Offense count: 29
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-Metrics/CyclomaticComplexity:
-  Max: 21
-
-# Offense count: 60
-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
-Metrics/MethodLength:
-  Max: 77
-
-# Offense count: 1
-# Configuration parameters: CountComments, CountAsOne.
-Metrics/ModuleLength:
-  Max: 261
-
 # Offense count: 2
 # Configuration parameters: Max, CountKeywordArgs.
 Metrics/ParameterLists:
   MaxOptionalParameters: 4
 
-# Offense count: 25
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-Metrics/PerceivedComplexity:
-  Max: 22
-
 # Offense count: 15
 Naming/AccessorMethodName:
   Exclude:
@@ -359,7 +323,6 @@ Style/Documentation:
     - 'lib/ruby_saml/error_handling.rb'
     - 'lib/ruby_saml/idp_metadata_parser.rb'
     - 'lib/ruby_saml/logging.rb'
-    - 'lib/ruby_saml/xml/base_document.rb'
     - 'lib/ruby_saml/xml/document.rb'
     - 'lib/ruby_saml/xml/signed_document.rb'
 

UPGRADING.md

@@ -30,15 +30,21 @@ Note that the project folder structure has also been updated accordingly. Notabl
 For backward compatibility, the alias `OneLogin = Object` has been set, so `OneLogin::RubySaml::` will still work
 as before. This alias will be removed in RubySaml version `2.1.0`.
 
-### Root "XMLSecurity" namespace changed to "RubySaml::XML"
+### Deprecation and removal of "XMLSecurity" namespace
 
-RubySaml version `2.0.0` changes the namespace `::XMLSecurity` to `::RubySaml::XML`. Please search your
-codebase for `XMLSecurity` and replace it as appropriate. In addition, you must replace direct usage of
-`require 'xml_security'` with `require 'ruby_saml/xml'`.
+RubySaml version `2.0.0` deprecates the `::XMLSecurity` namespace and the following classes:
 
-For backward compatibility, if the constant `XMLSecurity` is not already defined by another gem, it will
-be aliased to `RubySaml::XML`. In addition, a shim file has been added so that `require 'xml_security'`
-continues to work. These aliases will be removed in RubySaml version `2.1.0`.
+| Removed Class                 | Replacement Module & Method                                                      |
+|-------------------------------|----------------------------------------------------------------------------------|
+| `XMLSecurity::BaseDocument`   | (none)                                                                           |
+| `XMLSecurity::Document`       | Will be replaced with `RubySaml::XML::DocumentSigner.sign_document`              |
+| `XMLSecurity::SignedDocument` | Will be replaced with `RubySaml::XML::SignedDocumentValidator.validate_document` |
+
+If your application does not already define the `XMLSecurity` namespace (e.g. from another gem),
+these old classes will be shimmed to raise a deprecation warning or `NoMethodError` when used.
+
+The new modules in the `RubySaml::XML` namespace provide similar functionality as the
+deprecated classes, but are based on Nokogiri instead of REXML.
 
 ### Security: Change default hashing algorithm to SHA-256 (was SHA-1)
 

lib/ruby_saml/utils.rb

@@ -5,10 +5,8 @@
 require 'ruby_saml/pem_formatter'
 
 module RubySaml
-
   # SAML2 Auxiliary class
-  #
-  module Utils # rubocop:disable Metrics/ModuleLength
+  module Utils
     extend self
 
     BINDINGS = { post: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",

lib/ruby_saml/xml.rb

@@ -132,6 +132,4 @@ def get_algorithm_attr(element)
 require 'ruby_saml/xml/base_document'
 require 'ruby_saml/xml/document'
 require 'ruby_saml/xml/signed_document'
-
-# @deprecated This alias adds compatibility with v1.x and will be removed in v2.1.0
-XMLSecurity = RubySaml::XML unless defined?(XMLSecurity)
+require 'ruby_saml/xml/deprecated'

lib/ruby_saml/xml/base_document.rb

@@ -10,15 +10,11 @@
 
 module RubySaml
   module XML
+    # @deprecated Will be removed soon.
     class BaseDocument < REXML::Document
       # TODO: This affects the global state
       REXML::Security.entity_expansion_limit = 0
 
-      # @deprecated Constants moved to RubySaml::XML module
-      C14N = RubySaml::XML::C14N
-      DSIG = RubySaml::XML::DSIG
-      NOKOGIRI_OPTIONS = RubySaml::XML::NOKOGIRI_OPTIONS
-
       # @deprecated Remove in v2.1.0
       def canon_algorithm(algorithm)
         RubySaml::XML.canon_algorithm(algorithm)

lib/ruby_saml/xml/deprecated.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+unless defined?(XMLSecurity)
+  require 'ruby_saml/logging'
+
+  module XMLSecurity
+    # @deprecated Will be removed in v2.1.0.
+    # @api private
+    class BaseDocument < REXML::Document
+      # @deprecated Constants
+      C14N = RubySaml::XML::C14N
+      DSIG = RubySaml::XML::DSIG
+      NOKOGIRI_OPTIONS = RubySaml::XML::NOKOGIRI_OPTIONS
+
+      # @deprecated Will be removed in v2.1.0.
+      def canon_algorithm(algorithm)
+        RubySaml::Logging.deprecate 'XMLSecurity::BaseDocument#canon_algorithm is deprecated and will be removed in v2.1.0. ' \
+                                    'Use RubySaml::XML.canon_algorithm instead.'
+        RubySaml::XML.canon_algorithm(algorithm)
+      end
+
+      # @deprecated Will be removed in v2.1.0.
+      def algorithm(algorithm)
+        RubySaml::Logging.deprecate 'XMLSecurity::BaseDocument#algorithm is deprecated and will be removed in v2.1.0. ' \
+                                    'Use RubySaml::XML.hash_algorithm instead.'
+        RubySaml::XML.hash_algorithm(algorithm)
+      end
+    end
+
+    # @deprecated Will be removed in v2.1.0.
+    # @api private
+    class Document < BaseDocument
+      # @deprecated Constants
+      INC_PREFIX_LIST = RubySaml::XML::Document::INC_PREFIX_LIST
+      RSA_SHA1      = RubySaml::XML::RSA_SHA1
+      RSA_SHA224    = RubySaml::XML::RSA_SHA224
+      RSA_SHA256    = RubySaml::XML::RSA_SHA256
+      RSA_SHA384    = RubySaml::XML::RSA_SHA384
+      RSA_SHA512    = RubySaml::XML::RSA_SHA512
+      DSA_SHA1      = RubySaml::XML::DSA_SHA1
+      DSA_SHA256    = RubySaml::XML::DSA_SHA256
+      ECDSA_SHA1    = RubySaml::XML::ECDSA_SHA1
+      ECDSA_SHA224  = RubySaml::XML::ECDSA_SHA224
+      ECDSA_SHA256  = RubySaml::XML::ECDSA_SHA256
+      ECDSA_SHA384  = RubySaml::XML::ECDSA_SHA384
+      ECDSA_SHA512  = RubySaml::XML::ECDSA_SHA512
+      SHA1          = RubySaml::XML::SHA1
+      SHA224        = RubySaml::XML::SHA224
+      SHA256        = RubySaml::XML::SHA256
+      SHA384        = RubySaml::XML::SHA384
+      SHA512        = RubySaml::XML::SHA512
+      ENVELOPED_SIG = RubySaml::XML::ENVELOPED_SIG
+
+      # @deprecated Will be removed in v2.1.0.
+      def initialize(*args, **_kwargs)
+        RubySaml::Logging.deprecate 'XMLSecurity::Document is deprecated and will be removed in v2.1.0. ' \
+                                    'Use RubySaml::XML::DocumentSigner.sign_document instead.'
+        super(args[0])
+      end
+
+      # @deprecated Will be removed in v2.1.0.
+      def sign_document(*_args, **_kwargs)
+        msg = 'XMLSecurity::Document#sign_document has been removed. ' \
+              'Use RubySaml::XML::DocumentSigner.sign_document instead.'
+        raise ::NoMethodError.new(msg)
+      end
+    end
+
+    # @deprecated Will be removed in v2.1.0.
+    # @api private
+    class SignedDocument < BaseDocument
+      # @deprecated Will be removed in v2.1.0.
+      def initialize(*args, **_kwargs)
+        RubySaml::Logging.deprecate 'XMLSecurity::SignedDocument is deprecated and will be removed in v2.1.0.' \
+                                    'Use RubySaml::XML::SignedDocumentValidator.validate_document instead.'
+        super(args[0])
+      end
+
+      # @deprecated Will be removed in v2.1.0.
+      def validate_document(*_args, **_kwargs)
+        msg = 'XMLSecurity::SignedDocument#validate_document has been removed. ' \
+              'Use RubySaml::XML::SignedDocumentValidator.validate_document instead.'
+        raise ::NoMethodError.new(msg)
+      end
+
+      # @deprecated Will be removed in v2.1.0.
+      def extract_inclusive_namespaces
+        msg = 'XMLSecurity::SignedDocument#extract_inclusive_namespaces has been removed.'
+        raise ::NoMethodError.new(msg)
+      end
+    end
+  end
+end

lib/ruby_saml/xml/document.rb

@@ -7,26 +7,6 @@ module XML
     class Document < BaseDocument
       INC_PREFIX_LIST = '#default samlp saml ds xs xsi md'
 
-      # @deprecated Constants moved to RubySaml::XML module
-      RSA_SHA1      = RubySaml::XML::RSA_SHA1
-      RSA_SHA224    = RubySaml::XML::RSA_SHA224
-      RSA_SHA256    = RubySaml::XML::RSA_SHA256
-      RSA_SHA384    = RubySaml::XML::RSA_SHA384
-      RSA_SHA512    = RubySaml::XML::RSA_SHA512
-      DSA_SHA1      = RubySaml::XML::DSA_SHA1
-      DSA_SHA256    = RubySaml::XML::DSA_SHA256
-      ECDSA_SHA1    = RubySaml::XML::ECDSA_SHA1
-      ECDSA_SHA224  = RubySaml::XML::ECDSA_SHA224
-      ECDSA_SHA256  = RubySaml::XML::ECDSA_SHA256
-      ECDSA_SHA384  = RubySaml::XML::ECDSA_SHA384
-      ECDSA_SHA512  = RubySaml::XML::ECDSA_SHA512
-      SHA1          = RubySaml::XML::SHA1
-      SHA224        = RubySaml::XML::SHA224
-      SHA256        = RubySaml::XML::SHA256
-      SHA384        = RubySaml::XML::SHA384
-      SHA512        = RubySaml::XML::SHA512
-      ENVELOPED_SIG = RubySaml::XML::ENVELOPED_SIG
-
       # <Signature>
       #   <SignedInfo>
       #     <CanonicalizationMethod />

lib/xml_security.rb

@@ -2,7 +2,8 @@
 
 require 'ruby_saml/logging'
 RubySaml::Logging.deprecate 'Using `require "xml_security"` is deprecated and will be removed ' \
-                            'in RubySaml 2.1.0. Please use `require "ruby_saml/xml"` instead.'
+                            'in RubySaml 2.1.0. Instead, please `require "ruby-saml"` and use ' \
+                            'the modules in RubySaml::XML instead.'
 
 # @deprecated This file adds compatibility with v1.x and will be removed in v2.1.0
 require 'ruby_saml/xml'

test/attributes_test.rb

@@ -1,5 +1,6 @@
-require_relative 'test_helper'
+# frozen_string_literal: true
 
+require_relative 'test_helper'
 require 'ruby_saml/attributes'
 
 class AttributesTest < Minitest::Test