Be able to retrieve not only the message of the last error but the whole exception

Author: pitbulk

lib/Saml2/Auth.php

@@ -109,11 +109,18 @@ class OneLogin_Saml2_Auth
     private $_errors = array();
 
     /**
-     * Reason of the last error.
+     * Last error exception object.
      *
-     * @var string|null
+     * @var Exception|null
      */
-    private $_errorReason;
+    private $_lastErrorException;
+
+    /**
+     * Last error.
+     *
+     * @var String|null
+     */
+    private $_lastError;
 
     /**
      * Last AuthNRequest ID or LogoutRequest ID generated by this Service Provider
@@ -188,7 +195,7 @@ public function setStrict($value)
     public function processResponse($requestId = null)
     {
         $this->_errors = array();
-        $this->_errorReason = null;
+        $this->_lastError = $this->_lastErrorException = null;
         if (isset($_POST) && isset($_POST['SAMLResponse'])) {
             // AuthnResponse -- HTTP_POST Binding
             $response = new OneLogin_Saml2_Response($this->_settings, $_POST['SAMLResponse']);
@@ -207,7 +214,8 @@ public function processResponse($requestId = null)
                 $this->_lastAssertionNotOnOrAfter = $response->getAssertionNotOnOrAfter();
             } else {
                 $this->_errors[] = 'invalid_response';
-                $this->_errorReason = $response->getError();
+                $this->_lastErrorException = $response->getErrorException();
+                $this->_lastError = $response->getError();
             }
         } else {
             $this->_errors[] = 'invalid_binding';
@@ -234,13 +242,15 @@ public function processResponse($requestId = null)
     public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false)
     {
         $this->_errors = array();
-        $this->_errorReason = null;
+        $this->_lastError = $this->_lastErrorException = null;
         if (isset($_GET) && isset($_GET['SAMLResponse'])) {
             $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $_GET['SAMLResponse']);
             $this->_lastResponse = $logoutResponse->getXML();
             if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) {
                 $this->_errors[] = 'invalid_logout_response';
-                $this->_errorReason = $logoutResponse->getError();
+                $this->_lastErrorException = $logoutResponse->getErrorException();
+                $this->_lastError = $logoutResponse->getError();
+
             } else if ($logoutResponse->getStatus() !== OneLogin_Saml2_Constants::STATUS_SUCCESS) {
                 $this->_errors[] = 'logout_not_success';
             } else {
@@ -258,7 +268,8 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
             $this->_lastRequest = $logoutRequest->getXML();
             if (!$logoutRequest->isValid($retrieveParametersFromServer)) {
                 $this->_errors[] = 'invalid_logout_request';
-                $this->_errorReason = $logoutRequest->getError();
+                $this->_lastErrorException = $logoutRequest->getErrorException();
+                $this->_lastError = $logoutRequest->getError();
             } else {
                 if (!$keepLocalSession) {
                     if ($cbDeleteSession === null) {
@@ -407,7 +418,18 @@ public function getErrors()
      */
     public function getLastErrorReason()
     {
-        return $this->_errorReason;
+        return $this->_lastError;
+    }
+
+
+    /**
+     * Returns the last error
+     *
+     * @return Exception Error
+     */
+    public function getLastErrorException()
+    {
+        return $this->_lastErrorException;
     }
 
     /**

lib/Saml2/LogoutRequest.php

@@ -44,7 +44,7 @@ class OneLogin_Saml2_LogoutRequest
     /**
      * After execute a validation process, this var contains the cause
      *
-     * @var string
+     * @var Exception
      */
     private $_error;
 
@@ -397,23 +397,37 @@ public function isValid($retrieveParametersFromServer = false)
 
             return true;
         } catch (Exception $e) {
-            $this->_error = $e->getMessage();
+            $this->_error = $e;
             $debug = $this->_settings->isDebugActive();
             if ($debug) {
-                echo htmlentities($this->_error);
+                echo htmlentities($this->_error->getMessage());
             }
             return false;
         }
     }
 
+    /**
+     * After execute a validation process, if fails this method returns the Exception of the cause
+     *
+     * @return Exception Cause
+     */
+    public function getErrorException()
+    {
+        return $this->_error;
+    }
+
     /**
      * After execute a validation process, if fails this method returns the cause
      *
-     * @return string Cause
+     * @return null|string Error reason
      */
     public function getError()
     {
-        return $this->_error;
+        $errorMsg = null;
+        if (isset($this->_error)) {
+            $errorMsg = htmlentities($this->_error->getMessage());
+        }
+        return $errorMsg;
     }
 
     /**

lib/Saml2/LogoutResponse.php

@@ -202,10 +202,10 @@ public function isValid($requestId = null, $retrieveParametersFromServer = false
             }
             return true;
         } catch (Exception $e) {
-            $this->_error = $e->getMessage();
+            $this->_error = $e;
             $debug = $this->_settings->isDebugActive();
             if ($debug) {
-                echo htmlentities($this->_error);
+                echo htmlentities($this->_error->getMessage());
             }
             return false;
         }
@@ -281,13 +281,27 @@ public function getResponse($deflate = null)
     /**
      * After execute a validation process, if fails this method returns the cause.
      *
-     * @return string Cause
+     * @return Exception Cause
      */
-    public function getError()
+    public function getErrorException()
     {
         return $this->_error;
     }
 
+    /**
+     * After execute a validation process, if fails this method returns the cause
+     *
+     * @return null|string Error reason
+     */
+    public function getError()
+    {
+        $errorMsg = null;
+        if (isset($this->_error)) {
+            $errorMsg = htmlentities($this->_error->getMessage());
+        }
+        return $errorMsg;
+    }
+
     /**
      * @return string the ID of the Response
      */

lib/Saml2/Response.php

@@ -60,7 +60,7 @@ class OneLogin_Saml2_Response
     /**
      * After validation, if it fail this var has the cause of the problem
      *
-     * @var string
+     * @var Exception
      */
     private $_error;
 
@@ -419,10 +419,10 @@ public function isValid($requestId = null)
             }
             return true;
         } catch (Exception $e) {
-            $this->_error = $e->getMessage();
+            $this->_error = $e;
             $debug = $this->_settings->isDebugActive();
             if ($debug) {
-                echo htmlentities($this->_error);
+                echo htmlentities($e->getMessage());
             }
             return false;
         }
@@ -1119,13 +1119,27 @@ protected function decryptAssertion($dom)
     /**
      * After execute a validation process, if fails this method returns the cause
      *
-     * @return string Cause
+     * @return Exception Cause
      */
-    public function getError()
+    public function getErrorException()
     {
         return $this->_error;
     }
 
+    /**
+     * After execute a validation process, if fails this method returns the cause
+     *
+     * @return null|string Error reason
+     */
+    public function getError()
+    {
+        $errorMsg = null;
+        if (isset($this->_error)) {
+            $errorMsg = htmlentities($this->_error->getMessage());
+        }
+        return $errorMsg;
+    }
+
     /**
      * Returns the SAML Response document (If contains an encrypted assertion, decrypts it)
      *

tests/src/OneLogin/Saml2/AuthTest.php

@@ -115,6 +115,7 @@ public function testProcessNoResponse()
      * @covers OneLogin_Saml2_Auth::getSessionIndex
      * @covers OneLogin_Saml2_Auth::getSessionExpiration
      * @covers OneLogin_Saml2_Auth::getLastErrorReason
+     * * @covers OneLogin_Saml2_Auth::getLastErrorException
      */
     public function testProcessResponseInvalid()
     {
@@ -132,6 +133,8 @@ public function testProcessResponseInvalid()
         $this->assertNull($this->_auth->getAttribute('uid'));
         $this->assertEquals($this->_auth->getErrors(), array('invalid_response'));
         $this->assertEquals($this->_auth->getLastErrorReason(), "Reference validation failed");
+        $errorException = $this->_auth->getLastErrorException();
+        $this->assertEquals("Reference validation failed", $errorException->getMessage());
     }
 
     /**
@@ -154,6 +157,8 @@ public function testProcessResponseInvalidRequestId()
         $this->_auth->processResponse($requestId);
 
         $this->assertEquals("No Signature found. SAML Response rejected", $this->_auth->getLastErrorReason());
+        $errorException = $this->_auth->getLastErrorException();
+        $this->assertEquals("No Signature found. SAML Response rejected", $errorException->getMessage());
 
         $this->_auth->setStrict(true);
         $this->_auth->processResponse($requestId);

tests/src/OneLogin/Saml2/LogoutRequestTest.php

@@ -248,7 +248,7 @@ public function testCreateDeflatedSAMLLogoutRequestURLParameter()
     /**
      * Tests the OneLogin_Saml2_LogoutRequest Constructor.
      * Case: Able to generate encryptedID with MultiCert
-     * 
+     *
      * @covers OneLogin_Saml2_LogoutRequest
      */
     public function testConstructorEncryptIdUsingX509certMulti()
@@ -449,6 +449,34 @@ public function testGetError()
         $this->assertContains('The LogoutRequest was received at', $logoutRequest2->getError());
     }
 
+    /**
+     * Tests the getErrorException method of the OneLogin_Saml2_LogoutRequest
+     *
+     * @covers OneLogin_Saml2_LogoutRequest::getErrorException
+     */
+    public function testGetErrorException()
+    {
+        $request = file_get_contents(TEST_ROOT . '/data/logout_requests/logout_request.xml');
+
+        $deflatedRequest = gzdeflate($request);
+        $encodedRequest = base64_encode($deflatedRequest);
+
+        $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, $encodedRequest);
+
+        $this->assertNull($logoutRequest->getError());
+
+        $this->assertTrue($logoutRequest->isValid());
+        $this->assertNull($logoutRequest->getError());
+
+        $this->_settings->setStrict(true);
+        $logoutRequest2 = new OneLogin_Saml2_LogoutRequest($this->_settings, $encodedRequest);
+
+        $this->assertFalse($logoutRequest2->isValid());
+        $errorException = $logoutRequest2->getErrorException();
+        $this->assertContains('The LogoutRequest was received at', $errorException->getMessage());
+        $this->assertEquals($errorException->getMessage(), $logoutRequest2->getError());
+    }
+
     /**
      * Tests the isValid method of the OneLogin_Saml2_LogoutRequest
      * Case Invalid Issuer

tests/src/OneLogin/Saml2/LogoutResponseTest.php

@@ -113,7 +113,24 @@ public function testGetError()
         $this->_settings->setStrict(true);
         $this->assertFalse($response->isValid($requestId));
         $this->assertEquals($response->getError(), 'The InResponseTo of the Logout Response: ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e, does not match the ID of the Logout request sent by the SP: invalid_request_id');
+    }
+
 
+    /**
+     * Tests the getError method of the OneLogin_Saml2_LogoutRequest
+     *
+     * @covers OneLogin_Saml2_LogoutRequest::getErrorException
+     */
+    public function testGetErrorException()
+    {
+        $message = file_get_contents(TEST_ROOT . '/data/logout_responses/logout_response_deflated.xml.base64');
+        $requestId = 'invalid_request_id';
+        $response = new OneLogin_Saml2_LogoutResponse($this->_settings, $message);
+        $this->_settings->setStrict(true);
+        $this->assertFalse($response->isValid($requestId));
+        $errorException = $response->getErrorException();
+        $this->assertEquals('The InResponseTo of the Logout Response: ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e, does not match the ID of the Logout request sent by the SP: invalid_request_id', $errorException->getMessage());
+        $this->assertEquals($errorException->getMessage(), $response->getError());
     }
 
     /**

tests/src/OneLogin/Saml2/ResponseTest.php

@@ -622,6 +622,29 @@ public function testGetError()
         $xml = file_get_contents(TEST_ROOT . '/data/responses/response4.xml.base64');
         $response = new OneLogin_Saml2_Response($this->_settings, $xml);
 
+        $this->assertNull($response->getErrorException());
+
+        $this->assertFalse($response->isValid());
+        $errorException = $response->getErrorException();
+        $this->assertEquals('SAML Response must contain 1 assertion', $errorException->getMessage());
+
+        $xml2 = file_get_contents(TEST_ROOT . '/data/responses/valid_response.xml.base64');
+        $response2 = new OneLogin_Saml2_Response($this->_settings, $xml2);
+
+        $this->assertTrue($response2->isValid());
+        $this->assertNull($response2->getErrorException());
+    }
+
+    /**
+     * Tests the getErrorException method of the OneLogin_Saml2_Response
+     *
+     * @covers OneLogin_Saml2_Response::getErrorException
+     */
+    public function testGetErrorException()
+    {
+        $xml = file_get_contents(TEST_ROOT . '/data/responses/response4.xml.base64');
+        $response = new OneLogin_Saml2_Response($this->_settings, $xml);
+
         $this->assertNull($response->getError());
 
         $this->assertFalse($response->isValid());