allowRepeatAttributeName settings added in order to support AttributeStatements with Attribute elements with the same name

pitbulk · pitbulk · commit d23aad0153ff · 2020-11-25T20:06:30.000+01:00
diff --git a/README.md b/README.md
@@ -488,6 +488,10 @@ $advancedSettings = array(
         // will be accepted.
         'destinationStrictlyMatches' => false,
 
+        // If true, the toolkit will not raised an error when the Statement Element
+        // contain atribute elements with name duplicated
+        'allowRepeatAttributeName' => false,
+
         // If true, SAMLResponses with an InResponseTo value will be rejectd if not
         // AuthNRequest ID provided to the validation method.
         'rejectUnsolicitedResponsesWithInResponseTo' => false,
diff --git a/advanced_settings_example.php b/advanced_settings_example.php
@@ -91,6 +91,10 @@
         // will be accepted.
         'destinationStrictlyMatches' => false,
 
+        // If true, the toolkit will not raised an error when the Statement Element
+        // contain atribute elements with name duplicated
+        'allowRepeatAttributeName' => false,
+
         // If true, SAMLResponses with an InResponseTo value will be rejectd if not
         // AuthNRequest ID provided to the validation method.
         'rejectUnsolicitedResponsesWithInResponseTo' => false,
diff --git a/src/Saml2/Response.php b/src/Saml2/Response.php
@@ -804,6 +804,9 @@ private function _getAttributesByKeyName($keyName = "Name")
     {
         $attributes = array();
         $entries = $this->_queryAssertion('/saml:AttributeStatement/saml:Attribute');
+
+        $security = $this->_settings->getSecurityData();
+        $allowRepeatAttributeName = $security['allowRepeatAttributeName'];
         /** @var $entry DOMNode */
         foreach ($entries as $entry) {
             $attributeKeyNode = $entry->attributes->getNamedItem($keyName);
@@ -812,10 +815,12 @@ private function _getAttributesByKeyName($keyName = "Name")
             }
             $attributeKeyName = $attributeKeyNode->nodeValue;
             if (in_array($attributeKeyName, array_keys($attributes))) {
-                throw new ValidationError(
-                    "Found an Attribute element with duplicated ".$keyName,
-                    ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND
-                );
+                if (!$allowRepeatAttributeName) {
+                    throw new ValidationError(
+                        "Found an Attribute element with duplicated ".$keyName,
+                        ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND
+                    );
+                }
             }
             $attributeValues = array();
             foreach ($entry->childNodes as $childNode) {
@@ -824,7 +829,12 @@ private function _getAttributesByKeyName($keyName = "Name")
                     $attributeValues[] = $childNode->nodeValue;
                 }
             }
-            $attributes[$attributeKeyName] = $attributeValues;
+
+            if (in_array($attributeKeyName, array_keys($attributes))) {
+                $attributes[$attributeKeyName] = array_merge($attributes[$attributeKeyName], $attributeValues);
+            } else {
+                $attributes[$attributeKeyName] = $attributeValues;
+            }
         }
         return $attributes;
     }
diff --git a/src/Saml2/Settings.php b/src/Saml2/Settings.php
@@ -397,6 +397,11 @@ private function _addDefaultValues()
             $this->_security['destinationStrictlyMatches'] = false;
         }
 
+        // Allow duplicated Attribute Names
+        if (!isset($this->_security['allowRepeatAttributeName'])) {
+            $this->_security['allowRepeatAttributeName'] = false;
+        }
+
         // InResponseTo
         if (!isset($this->_security['rejectUnsolicitedResponsesWithInResponseTo'])) {
             $this->_security['rejectUnsolicitedResponsesWithInResponseTo'] = false;
diff --git a/tests/src/OneLogin/Saml2/ResponseTest.php b/tests/src/OneLogin/Saml2/ResponseTest.php
@@ -631,6 +631,14 @@ public function testGetAttributes()
         } catch (ValidationError $e) {
             $this->assertContains('Found an Attribute element with duplicated Name', $e->getMessage());
         }
+
+        $settingsDir = TEST_ROOT .'/settings/';
+        include $settingsDir.'settings1.php';
+        $settingsInfo['security']['allowRepeatAttributeName'] = true;
+        $settings2 = new Settings($settingsInfo);
+        $response5 = new Response($settings2, $xml4);
+        $attrs = $response5->getAttributes();
+        $this->assertEquals([0 => "test", 1 => "test2"], $attrs['uid']);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -804,6 +804,9 @@ private function _getAttributesByKeyName($keyName = "Name")`
`804`	`804`	`{`
`805`	`805`	`$attributes = array();`
`806`	`806`	`$entries = $this->_queryAssertion('/saml:AttributeStatement/saml:Attribute');`
	`807`	`+`
	`808`	`+ $security = $this->_settings->getSecurityData();`
	`809`	`+ $allowRepeatAttributeName = $security['allowRepeatAttributeName'];`
`807`	`810`	`/** @var $entry DOMNode */`
`808`	`811`	`foreach ($entries as $entry) {`
`809`	`812`	`$attributeKeyNode = $entry->attributes->getNamedItem($keyName);`
`@@ -812,10 +815,12 @@ private function _getAttributesByKeyName($keyName = "Name")`
`812`	`815`	`}`
`813`	`816`	`$attributeKeyName = $attributeKeyNode->nodeValue;`
`814`	`817`	`if (in_array($attributeKeyName, array_keys($attributes))) {`
`815`		`- throw new ValidationError(`
`816`		`- "Found an Attribute element with duplicated ".$keyName,`
`817`		`- ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND`
`818`		`- );`
	`818`	`+ if (!$allowRepeatAttributeName) {`
	`819`	`+ throw new ValidationError(`
	`820`	`+ "Found an Attribute element with duplicated ".$keyName,`
	`821`	`+ ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND`
	`822`	`+ );`
	`823`	`+ }`
`819`	`824`	`}`
`820`	`825`	`$attributeValues = array();`
`821`	`826`	`foreach ($entry->childNodes as $childNode) {`
`@@ -824,7 +829,12 @@ private function _getAttributesByKeyName($keyName = "Name")`
`824`	`829`	`$attributeValues[] = $childNode->nodeValue;`
`825`	`830`	`}`
`826`	`831`	`}`
`827`		`- $attributes[$attributeKeyName] = $attributeValues;`
	`832`	`+`
	`833`	`+ if (in_array($attributeKeyName, array_keys($attributes))) {`
	`834`	`+ $attributes[$attributeKeyName] = array_merge($attributes[$attributeKeyName], $attributeValues);`
	`835`	`+ } else {`
	`836`	`+ $attributes[$attributeKeyName] = $attributeValues;`
	`837`	`+ }`
`828`	`838`	`}`
`829`	`839`	`return $attributes;`
`830`	`840`	`}`
Original file line number	Diff line number	Diff line change
`@@ -631,6 +631,14 @@ public function testGetAttributes()`
`631`	`631`	`} catch (ValidationError $e) {`
`632`	`632`	`$this->assertContains('Found an Attribute element with duplicated Name', $e->getMessage());`
`633`	`633`	`}`
	`634`	`+`
	`635`	`+ $settingsDir = TEST_ROOT .'/settings/';`
	`636`	`+ include $settingsDir.'settings1.php';`
	`637`	`+ $settingsInfo['security']['allowRepeatAttributeName'] = true;`
	`638`	`+ $settings2 = new Settings($settingsInfo);`
	`639`	`+ $response5 = new Response($settings2, $xml4);`
	`640`	`+ $attrs = $response5->getAttributes();`
	`641`	`+ $this->assertEquals([0 => "test", 1 => "test2"], $attrs['uid']);`
`634`	`642`	`}`
`635`	`643`
`636`	`644`	`/**`