Merge pull request #263 from ewilloughby/ruby-saml-1.18

Dependency-vulnerability: ruby-saml to 1.18, updates for tests to pass

Author: adamstegman

.github/workflows/ci.yml

@@ -14,22 +14,22 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
+          - "3.4"
           - "3.3"
           - "3.2"
-          - "3.1"
-          - "3.0"
         gemfile:
           - Gemfile
-          - spec/support/Gemfile.rails6.1
-          - spec/support/Gemfile.rails7
+          - spec/support/Gemfile.rails7.1
+          - spec/support/Gemfile.rails7.2
         bundler:
           - "2"
     runs-on: ubuntu-latest
     env:
       BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}
     steps:
       - uses: actions/checkout@v4
-      - uses: ruby/setup-ruby@v1
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
         with:
           bundler: ${{ matrix.bundler }}
           ruby-version: ${{ matrix.ruby }}

.ruby-version

@@ -1 +1 @@
-3.2.2
+3.3.7

Gemfile

@@ -6,19 +6,13 @@ gemspec
 group :test do
   gem 'rake'
   gem 'rspec', '~> 3.0'
-  gem 'rails', '~> 7.1.0'
+  gem 'rails', '~> 8.0.0'
   gem 'rspec-rails'
-  gem 'sqlite3', '~> 1.4'
+  gem 'sqlite3', '~> 2.6.0'
   gem 'capybara'
   gem 'selenium-webdriver'
-
-  if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.0")
-    gem 'webrick'
-  end
-
-  if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new("3.1")
-    gem 'net-smtp', require: false
-    gem 'net-imap', require: false
-    gem 'net-pop', require: false
-  end
+  gem 'webrick'
+  gem 'net-smtp', require: false
+  gem 'net-imap', require: false
+  gem 'net-pop', require: false
 end

devise_saml_authenticatable.gemspec

@@ -19,5 +19,5 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = ">= 2.6.0"
 
   gem.add_dependency("devise","> 2.0.0")
-  gem.add_dependency("ruby-saml","~> 1.17")
+  gem.add_dependency("ruby-saml","~> 1.18")
 end

spec/features/saml_authentication_spec.rb

@@ -10,6 +10,13 @@
   options.add_argument('--headless')
   options.add_argument('--allow-insecure-localhost')
   options.add_argument('--ignore-certificate-errors')
+  # Headless Chrome 134 is failing randomly - optimizing here to try and avoid it
+  options.add_argument('--disable-background-timer-throttling')
+  options.add_argument('--disable-backgrounding-occluded-windows')
+  options.add_argument('--disable-renderer-backgrounding')
+  options.add_argument('--no-sandbox')
+  options.add_argument('--password-store=basic');
+  options.add_argument('--suppress-message-center-popups');
 
   Capybara::Selenium::Driver.new(
     app,

spec/rails_helper.rb

@@ -6,12 +6,25 @@
 require "#{working_directory}/sp/config/environment"
 require 'rspec/rails'
 
+# Starting from Rails 8.0, routes are lazy-loaded by default in test and development environments.
+# However, Devise's mappings are built during the routes loading phase.
+# To ensure it works correctly, we need to load the routes first before accessing @@mappings.
+if defined?(Rails) && Gem::Version.new(Rails.version) > Gem::Version.new('7.2')
+  require 'devise'
+  module Devise
+    def self.mappings
+      Rails.application.try(:reload_routes_unless_loaded)
+      @@mappings
+    end
+  end
+end
+
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
 if ActiveRecord::Base.connection.respond_to?(:migration_context)
   ActiveRecord::Base.connection.migration_context.migrate
 else
-  ActiveRecord::Migrator.migrate("#{working_directory}/sp/db/migrate/")
+  ActiveRecord::MigrationContext.new("#{working_directory}/sp/db/migrate/").migrate
 end
 
 RSpec.configure do |config|

spec/spec_helper.rb

@@ -1,9 +1,12 @@
 require "fileutils"
+require 'capybara/rspec'
 
 RSpec.configure do |config|
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
   config.order = 'random'
+  # Specify a longer timeout for Capybara to allow for slower CI environments causing failing tests
+  Capybara.default_max_wait_time = 10 #
 
   config.expect_with :rspec do |expectations|
     expectations.include_chain_clauses_in_custom_matcher_descriptions = true
@@ -37,6 +40,6 @@
 end
 
 require 'support/rails_app'
-
+require 'logger'
 require "action_controller" # https://github.com/heartcombo/responders/pull/95
 require 'devise_saml_authenticatable'

spec/support/Gemfile.rails6.1

@@ -6,9 +6,13 @@ gemspec path: '../..'
 group :test do
   gem 'rake'
   gem 'rspec', '~> 3.0'
-  gem 'rails', '~> 5.2.0'
-  gem 'rspec-rails', '~> 3.9'
-  gem 'sqlite3', '~> 1.3.6'
+  gem 'rails', '~> 7.1.0'
+  gem 'rspec-rails', '~> 7.1'
+  gem 'sqlite3', '~> 2.6.0'
   gem 'capybara'
   gem 'selenium-webdriver'
+  gem 'webrick'
+  gem 'net-smtp', require: false
+  gem 'net-imap', require: false
+  gem 'net-pop', require: false
 end