Polish AuthnRequest constructor and Auth.login overloadings

mauromol · mauromol · commit 636f17b200ff · 2021-07-24T16:49:23.000+02:00
Input parameters, which drive how the AuthnRequest should be generated,
are now encapsulated into an AuthnRequestParams object which is far more
extensible and help to polish the API of AuthnRequest constructors and
Auth.login, which are crowded with overloadings and cannot be easily
extended.
Also, these input params are passed to postProcessXml: in this way, if
an extension plans to use a specialization of AuthnRequestParams, it can
access such a specialized instance also within a proper postProcessXml
overriding.
diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java
@@ -42,26 +42,6 @@ public class AuthnRequest {
      */
 	private final Saml2Settings settings;
 
-	/**
-	 * When true the AuthNRequest will set the ForceAuthn='true'
-	 */
-	private final boolean forceAuthn;
-
-	/**
-	 * When true the AuthNRequest will set the IsPassive='true'
-	 */
-	private final boolean isPassive;
-
-	/**
-	 * When true the AuthNReuqest will set a nameIdPolicy
-	 */
-	private final boolean setNameIdPolicy;
-
-	/**
-	 * Indicates to the IdP the subject that should be authenticated
-	 */
-	private final String nameIdValueReq;
-	
 	/**
 	 * Time stamp that indicates when the AuthNRequest was created
 	 */
@@ -72,56 +52,74 @@ public class AuthnRequest {
 	 *
 	 * @param settings
 	 *            OneLogin_Saml2_Settings
+	 * @see #AuthnRequest(Saml2Settings, AuthnRequestParams)
 	 */
 	public AuthnRequest(Saml2Settings settings) {
-		this(settings, false, false, true);
+		this(settings, new AuthnRequestParams(false, false, true));
 	}
 
 	/**
 	 * Constructs the AuthnRequest object.
 	 *
 	 * @param settings
-	 *            OneLogin_Saml2_Settings
+	 *              OneLogin_Saml2_Settings
 	 * @param forceAuthn
-	 *            When true the AuthNReuqest will set the ForceAuthn='true'
+	 *              When true the AuthNReuqest will set the ForceAuthn='true'
 	 * @param isPassive
-	 *            When true the AuthNReuqest will set the IsPassive='true'
+	 *              When true the AuthNReuqest will set the IsPassive='true'
 	 * @param setNameIdPolicy
-	 *            When true the AuthNReuqest will set a nameIdPolicy
+	 *              When true the AuthNReuqest will set a nameIdPolicy
 	 * @param nameIdValueReq
-	 *            Indicates to the IdP the subject that should be authenticated
+	 *              Indicates to the IdP the subject that should be authenticated
+	 * @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with
+	 *             {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean, String)}
+	 *             instead
 	 */
+	@Deprecated
 	public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) {
-		this.id = Util.generateUniqueID(settings.getUniqueIDPrefix());
-		issueInstant = Calendar.getInstance();
-		this.isPassive = isPassive;
-		this.settings = settings;
-		this.forceAuthn = forceAuthn;
-		this.setNameIdPolicy = setNameIdPolicy;
-		this.nameIdValueReq = nameIdValueReq;
-
-		StrSubstitutor substitutor = generateSubstitutor(settings);
-		authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), settings);
-		LOGGER.debug("AuthNRequest --> " + authnRequestString);
+		this(settings, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq));
 	}
-
+	
 	/**
 	 * Constructs the AuthnRequest object.
 	 *
 	 * @param settings
-	 *            OneLogin_Saml2_Settings
+	 *              OneLogin_Saml2_Settings
 	 * @param forceAuthn
-	 *            When true the AuthNReuqest will set the ForceAuthn='true'
+	 *              When true the AuthNReuqest will set the ForceAuthn='true'
 	 * @param isPassive
-	 *            When true the AuthNReuqest will set the IsPassive='true'
+	 *              When true the AuthNReuqest will set the IsPassive='true'
 	 * @param setNameIdPolicy
-	 *            When true the AuthNReuqest will set a nameIdPolicy
+	 *              When true the AuthNReuqest will set a nameIdPolicy
+	 * @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with
+	 *             {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean)}
+	 *             instead
 	 */
+	@Deprecated
 	public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) {
 		this(settings, forceAuthn, isPassive, setNameIdPolicy, null);
 	}
 
 	/**
+	 * Constructs the AuthnRequest object.
+	 *
+	 * @param settings
+	 *              OneLogin_Saml2_Settings
+	 * @param params
+	 *              a set of authentication request input parameters that shape the
+	 *              request to create
+	 */
+	public AuthnRequest(Saml2Settings settings, AuthnRequestParams params) {
+		this.id = Util.generateUniqueID(settings.getUniqueIDPrefix());
+		issueInstant = Calendar.getInstance();
+		this.settings = settings;
+
+		StrSubstitutor substitutor = generateSubstitutor(params, settings);
+		authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), params, settings);
+		LOGGER.debug("AuthNRequest --> " + authnRequestString);
+	}
+
+	/*
 	 * Allows for an extension class to post-process the AuthnRequest XML generated
 	 * for this request, in order to customize the result.
 	 * <p>
@@ -132,15 +130,17 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv
 	 * @param authnRequestXml
 	 *              the XML produced for this AuthnRequest by the standard
 	 *              implementation provided by {@link AuthnRequest}
+	 * @param params
+	 *              the authentication request input parameters
 	 * @param settings
 	 *              the settings
 	 * @return the post-processed XML for this AuthnRequest, which will then be
 	 *         returned by any call to {@link #getAuthnRequestXml()}
 	 */
-	protected String postProcessXml(final String authnRequestXml, final Saml2Settings settings) {
+	protected String postProcessXml(final String authnRequestXml, final AuthnRequestParams params, final Saml2Settings settings) {
 		return authnRequestXml;
 	}
-	
+
 	/**
 	 * @return the base64 encoded unsigned AuthnRequest (deflated or not)
 	 *
@@ -181,22 +181,24 @@ public String getAuthnRequestXml() {
 	/**
 	 * Substitutes AuthnRequest variables within a string by values.
 	 *
+	 * @param params
+	 *              the authentication request input parameters
 	 * @param settings
 	 * 				Saml2Settings object. Setting data
 	 * 
 	 * @return the StrSubstitutor object of the AuthnRequest 
 	 */ 
-	private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
+	private StrSubstitutor generateSubstitutor(AuthnRequestParams params, Saml2Settings settings) {
 
 		Map<String, String> valueMap = new HashMap<String, String>();
 
 		String forceAuthnStr = "";
-		if (forceAuthn) {
+		if (params.isForceAuthn()) {
 			forceAuthnStr = " ForceAuthn=\"true\"";
 		}
 
 		String isPassiveStr = "";
-		if (isPassive) {
+		if (params.isPassive()) {
 			isPassiveStr = " IsPassive=\"true\"";
 		}
 
@@ -211,6 +213,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
 		valueMap.put("destinationStr", destinationStr);
 
 		String subjectStr = "";
+		String nameIdValueReq = params.getNameIdValueReq();
 		if (nameIdValueReq != null && !nameIdValueReq.isEmpty()) {
 			String nameIDFormat = settings.getSpNameIDFormat();
 			subjectStr = "<saml:Subject>";
@@ -221,7 +224,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
         valueMap.put("subjectStr", subjectStr);
 
 		String nameIDPolicyStr = "";
-		if (setNameIdPolicy) {
+		if (params.isSetNameIdPolicy()) {
 			String nameIDPolicyFormat = settings.getSpNameIDFormat();
 			if (settings.getWantNameIdEncrypted()) {
 				nameIDPolicyFormat = Constants.NAMEID_ENCRYPTED;
diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java
@@ -0,0 +1,105 @@
+package com.onelogin.saml2.authn;
+
+/**
+ * Input parameters for a SAML 2 authentication request.
+ */
+public class AuthnRequestParams {
+
+	/**
+	 * When true the AuthNRequest will set the ForceAuthn='true'
+	 */
+	private final boolean forceAuthn;
+	/**
+	 * When true the AuthNRequest will set the IsPassive='true'
+	 */
+	private final boolean isPassive;
+	/**
+	 * When true the AuthNReuqest will set a nameIdPolicy
+	 */
+	private final boolean setNameIdPolicy;
+	/**
+	 * Indicates to the IdP the subject that should be authenticated
+	 */
+	private final String nameIdValueReq;
+
+	/**
+	 * Create a set of authentication request input parameters.
+	 *
+	 * @param forceAuthn
+	 *              whether the <code>ForceAuthn</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param isPassive
+	 *              whether the <code>isPassive</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param setNameIdPolicy
+	 *              whether a <code>NameIDPolicy</code> should be set
+	 */
+	public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) {
+		this(forceAuthn, isPassive, setNameIdPolicy, null);
+	}
+
+	/**
+	 * Create a set of authentication request input parameters.
+	 *
+	 * @param forceAuthn
+	 *              whether the <code>ForceAuthn</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param isPassive
+	 *              whether the <code>isPassive</code> attribute should be set to
+	 *              <code>true</code>
+	 * @param setNameIdPolicy
+	 *              whether a <code>NameIDPolicy</code> should be set
+	 * @param nameIdValueReq
+	 *              the subject that should be authenticated
+	 */
+	public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) {
+		this.forceAuthn = forceAuthn;
+		this.isPassive = isPassive;
+		this.setNameIdPolicy = setNameIdPolicy;
+		this.nameIdValueReq = nameIdValueReq;
+	}
+
+	/**
+	 * Create a set of authentication request input parameters, by copying them from
+	 * another set.
+	 *
+	 * @param source
+	 *              the source set of authentication request input parameters
+	 */
+	protected AuthnRequestParams(AuthnRequestParams source) {
+		this.forceAuthn = source.isForceAuthn();
+		this.isPassive = source.isPassive();
+		this.setNameIdPolicy = source.isSetNameIdPolicy();
+		this.nameIdValueReq = source.getNameIdValueReq();
+	}
+
+	/**
+	 * @return whether the <code>ForceAuthn</code> attribute should be set to
+	 *         <code>true</code>
+	 */
+	protected boolean isForceAuthn() {
+		return forceAuthn;
+	}
+
+	/**
+	 * @return whether the <code>isPassive</code> attribute should be set to
+	 *         <code>true</code>
+	 */
+	protected boolean isPassive() {
+		return isPassive;
+	}
+
+	/**
+	 * @return whether a <code>NameIDPolicy</code> should be set
+	 */
+	protected boolean isSetNameIdPolicy() {
+		return setNameIdPolicy;
+	}
+
+	/**
+	 * @return the subject that should be authenticated
+	 */
+	protected String getNameIdValueReq() {
+		return nameIdValueReq;
+	}
+}
diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java
@@ -1,7 +1,5 @@
 package com.onelogin.saml2.settings;
 
-import static com.onelogin.saml2.util.Util.toXml;
-
 import java.net.URL;
 import java.util.Arrays;
 import java.util.Calendar;
diff --git a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java
@@ -17,6 +17,7 @@
 import org.junit.Test;
 
 import com.onelogin.saml2.authn.AuthnRequest;
+import com.onelogin.saml2.authn.AuthnRequestParams;
 import com.onelogin.saml2.settings.Saml2Settings;
 import com.onelogin.saml2.settings.SettingsBuilder;
 import com.onelogin.saml2.util.Util;
@@ -164,13 +165,13 @@ public void testForceAuthN() throws Exception {
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
 		assertThat(authnRequestStr, not(containsString("ForceAuthn=\"true\"")));
 
-		authnRequest = new AuthnRequest(settings, false, false, false);
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, false));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);		
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
 		assertThat(authnRequestStr, not(containsString("ForceAuthn=\"true\"")));		
 
-		authnRequest = new AuthnRequest(settings, true, false, false);
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(true, false, false));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);		
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
@@ -195,13 +196,13 @@ public void testIsPassive() throws Exception {
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
 		assertThat(authnRequestStr, not(containsString("IsPassive=\"true\"")));
 
-		authnRequest = new AuthnRequest(settings, false, false, false);
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, false));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);		
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
 		assertThat(authnRequestStr, not(containsString("IsPassive=\"true\"")));		
 
-		authnRequest = new AuthnRequest(settings, false, true, false);
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, true, false));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);		
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
@@ -227,13 +228,13 @@ public void testNameIDPolicy() throws Exception {
 		assertThat(authnRequestStr, containsString("<samlp:NameIDPolicy"));
 		assertThat(authnRequestStr, containsString("Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\""));
 
-		authnRequest = new AuthnRequest(settings, false, false, false);
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, false));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);		
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
 		assertThat(authnRequestStr, not(containsString("<samlp:NameIDPolicy")));		
 
-		authnRequest = new AuthnRequest(settings, false, false, true);
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, true));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);		
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
@@ -365,7 +366,7 @@ public void testSubject() throws Exception {
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
 		assertThat(authnRequestStr, not(containsString("<saml:Subject")));
 
-		authnRequest = new AuthnRequest(settings, false, false, false, "testuser@example.com");
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, false, "testuser@example.com"));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
@@ -374,7 +375,7 @@ public void testSubject() throws Exception {
 		assertThat(authnRequestStr, containsString("<saml:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\">"));
 
 		settings = new SettingsBuilder().fromFile("config/config.emailaddressformat.properties").build();
-		authnRequest = new AuthnRequest(settings, false, false, false, "testuser@example.com");
+		authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, false, "testuser@example.com"));
 		authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest();
 		authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64);
 		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
@@ -523,8 +524,8 @@ public void testPostProcessXml() throws Exception {
 		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
 		AuthnRequest authnRequest = new AuthnRequest(settings) {
 			@Override
-			protected String postProcessXml(String authRequestXml, Saml2Settings sett) {
-				assertEquals(authRequestXml, super.postProcessXml(authRequestXml, sett));
+			protected String postProcessXml(String authRequestXml, AuthnRequestParams params, Saml2Settings sett) {
+				assertEquals(authRequestXml, super.postProcessXml(authRequestXml, params, sett));
 				assertSame(settings, sett);
 				return "changed";
 			}
diff --git a/toolkit/src/main/java/com/onelogin/saml2/Auth.java b/toolkit/src/main/java/com/onelogin/saml2/Auth.java
diff --git a/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java b/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java
