Skip to content

Commit fc74ec9

Browse files
pitbulkpitbulk
committed
Fix tests
1 parent 89af87a commit fc74ec9

6 files changed

Lines changed: 100 additions & 83 deletions

File tree

src/Saml2/Response.php

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -296,12 +296,9 @@ public function isValid($requestId = null)
296296
// Check audience
297297
$validAudiences = $this->getAudiences();
298298
if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) {
299+
$validAudiencesStr = implode(',', $validAudiences);
299300
throw new ValidationError(
300-
sprintf(
301-
"Invalid audience for this Response (expected '%s', got '%s')",
302-
$spEntityId,
303-
implode(',', $validAudiences)
304-
),
301+
"Invalid audience for this Response (expected '".$spEntityId."', got '".$validAudiencesStr."')",
305302
ValidationError::WRONG_AUDIENCE
306303
);
307304
}
@@ -313,7 +310,7 @@ public function isValid($requestId = null)
313310
$trimmedIssuer = trim($issuer);
314311
if (empty($trimmedIssuer) || $trimmedIssuer !== $idPEntityId) {
315312
throw new ValidationError(
316-
"Invalid issuer in the Assertion/Response (expected '$idPEntityId', got '$trimmedIssuer')",
313+
"Invalid issuer in the Assertion/Response (expected '".$idPEntityId."', got '".$trimmedIssuer."')",
317314
ValidationError::WRONG_ISSUER
318315
);
319316
}
@@ -1216,13 +1213,19 @@ public function getErrorException()
12161213
/**
12171214
* After execute a validation process, if fails this method returns the cause
12181215
*
1216+
* @param bool $escape Apply or not htmlentities to the message.
1217+
*
12191218
* @return null|string Error reason
12201219
*/
1221-
public function getError()
1220+
public function getError($escape = true)
12221221
{
12231222
$errorMsg = null;
12241223
if (isset($this->_error)) {
1225-
$errorMsg = htmlentities($this->_error->getMessage());
1224+
if ($escape) {
1225+
$errorMsg = htmlentities($this->_error->getMessage());
1226+
} else {
1227+
$errorMsg = $this->_error->getMessage();
1228+
}
12261229
}
12271230
return $errorMsg;
12281231
}

src/Saml2/ValidationError.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,8 +90,12 @@ public function __construct($msg, $code = 0, $args = array())
9090
if (!isset($args)) {
9191
$args = array();
9292
}
93-
$params = array_merge(array($msg), $args);
94-
$message = call_user_func_array('sprintf', $params);
93+
if (!empty($args)) {
94+
$params = array_merge(array($msg), $args);
95+
$message = call_user_func_array('sprintf', $params);
96+
} else {
97+
$message = $msg;
98+
}
9599

96100
parent::__construct($message, $code);
97101
}

tests/src/OneLogin/Saml2/AuthTest.php

Lines changed: 61 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -672,6 +672,7 @@ public function testProcessSLORequestDeletingSession()
672672
$plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
673673
$message = base64_encode(gzdeflate($plainMessage));
674674

675+
unset($_GET['SAMLResponse']);
675676
$_GET['SAMLRequest'] = $message;
676677

677678
if (!isset($_SESSION)) {
@@ -680,9 +681,9 @@ public function testProcessSLORequestDeletingSession()
680681
$_SESSION['samltest'] = true;
681682

682683
$this->_auth->setStrict(true);
684+
683685
$targetUrl = $this->_auth->processSLO(false, null, false, null, true);
684686
$parsedQuery = getParamsFromUrl($targetUrl);
685-
686687
$sloResponseUrl = $this->_settingsInfo['idp']['singleLogoutService']['responseUrl'];
687688
$this->assertStringContainsString($sloResponseUrl, $targetUrl);
688689
$this->assertArrayHasKey('SAMLResponse', $parsedQuery);
@@ -725,6 +726,7 @@ public function testProcessSLORequestDeletingSessionCallback()
725726
$plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
726727
$message = base64_encode(gzdeflate($plainMessage));
727728

729+
unset($_GET['SAMLResponse']);
728730
$_GET['SAMLRequest'] = $message;
729731

730732
if (!isset($_SESSION)) {
@@ -773,11 +775,12 @@ public function testProcessSLORequestRelayState()
773775
$plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
774776
$message = base64_encode(gzdeflate($plainMessage));
775777

778+
unset($_GET['SAMLResponse']);
776779
$_GET['SAMLRequest'] = $message;
777780
$_GET['RelayState'] = 'http://relaystate.com';
778781

779782
$this->_auth->setStrict(true);
780-
$targetUrl = $this->_auth->processSLO(false, null, fase, null, null, true);
783+
$targetUrl = $this->_auth->processSLO(false, null, null, null, true);
781784
$parsedQuery = getParamsFromUrl($targetUrl);
782785

783786
$sloResponseUrl = $this->_settingsInfo['idp']['singleLogoutService']['responseUrl'];
@@ -815,7 +818,7 @@ public function testProcessSLORequestSignedResponse()
815818
$_GET['RelayState'] = 'http://relaystate.com';
816819

817820
$auth->setStrict(true);
818-
$targetUrl = $this->_auth->processSLO(false, null, fase, null, null, true);
821+
$targetUrl = $auth->processSLO(false, null, null, null, true);
819822

820823
$parsedQuery = getParamsFromUrl($targetUrl);
821824

@@ -826,7 +829,7 @@ public function testProcessSLORequestSignedResponse()
826829
$this->assertArrayHasKey('SigAlg', $parsedQuery);
827830
$this->assertArrayHasKey('Signature', $parsedQuery);
828831
$this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']);
829-
$this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
832+
$this->assertEquals(XMLSecurityKey::RSA_SHA256, $parsedQuery['SigAlg']);
830833
}
831834

832835
/**
@@ -918,7 +921,7 @@ public function testLoginSigned()
918921
$this->assertArrayHasKey('SigAlg', $parsedQuery);
919922
$this->assertArrayHasKey('Signature', $parsedQuery);
920923
$this->assertEquals($parsedQuery['RelayState'], $returnTo);
921-
$this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
924+
$this->assertEquals(XMLSecurityKey::RSA_SHA256, $parsedQuery['SigAlg']);
922925
}
923926

924927
/**
@@ -946,7 +949,7 @@ public function testLoginForceAuthN()
946949
$encodedRequest = $parsedQuery['SAMLRequest'];
947950
$decoded = base64_decode($encodedRequest);
948951
$request = gzinflate($decoded);
949-
$this->assertNotContains('ForceAuthn="true"', $request);
952+
$this->assertStringNotContainsString('ForceAuthn="true"', $request);
950953

951954
$returnTo = 'http://example.com/returnto';
952955

@@ -959,7 +962,7 @@ public function testLoginForceAuthN()
959962
$encodedRequest2 = $parsedQuery2['SAMLRequest'];
960963
$decoded2 = base64_decode($encodedRequest2);
961964
$request2 = gzinflate($decoded2);
962-
$this->assertNotContains('ForceAuthn="true"', $request2);
965+
$this->assertStringNotContainsString('ForceAuthn="true"', $request2);
963966

964967
$returnTo = 'http://example.com/returnto';
965968
$targetUrl3 = $auth->login($returnTo, [], true, false, true);
@@ -1000,7 +1003,7 @@ public function testLoginIsPassive()
10001003
$encodedRequest = $parsedQuery['SAMLRequest'];
10011004
$decoded = base64_decode($encodedRequest);
10021005
$request = gzinflate($decoded);
1003-
$this->assertNotContains('IsPassive="true"', $request);
1006+
$this->assertStringNotContainsString('IsPassive="true"', $request);
10041007

10051008
$returnTo = 'http://example.com/returnto';
10061009
$targetUrl2 = $auth->login($returnTo, [], false, false, true);
@@ -1012,7 +1015,7 @@ public function testLoginIsPassive()
10121015
$encodedRequest2 = $parsedQuery2['SAMLRequest'];
10131016
$decoded2 = base64_decode($encodedRequest2);
10141017
$request2 = gzinflate($decoded2);
1015-
$this->assertNotContains('IsPassive="true"', $request2);
1018+
$this->assertStringNotContainsString('IsPassive="true"', $request2);
10161019

10171020
$returnTo = 'http://example.com/returnto';
10181021
$targetUrl3 = $auth->login($returnTo, [], false, true, true);
@@ -1048,7 +1051,7 @@ public function testLoginNameIDPolicy()
10481051
$encodedRequest = $parsedQuery['SAMLRequest'];
10491052
$decoded = base64_decode($encodedRequest);
10501053
$request = gzinflate($decoded);
1051-
$this->assertNotContains('<samlp:NameIDPolicy', $request);
1054+
$this->assertStringNotContainsString('<samlp:NameIDPolicy', $request);
10521055

10531056
$returnTo = 'http://example.com/returnto';
10541057
$targetUrl2 = $auth->login($returnTo, [], false, false, true, true);
@@ -1095,7 +1098,7 @@ public function testLoginSubject()
10951098
$encodedRequest = $parsedQuery['SAMLRequest'];
10961099
$decoded = base64_decode($encodedRequest);
10971100
$request = gzinflate($decoded);
1098-
$this->assertNotContains('<saml:Subject', $request);
1101+
$this->assertStringNotContainsString('<saml:Subject', $request);
10991102

11001103
$returnTo = 'http://example.com/returnto';
11011104
$targetUrl2 = $auth->login($returnTo, [], false, false, true, true, "testuser@example.com");
@@ -1123,9 +1126,10 @@ public function testLoginSubject()
11231126
$encodedRequest3 = $parsedQuery3['SAMLRequest'];
11241127
$decoded3 = base64_decode($encodedRequest3);
11251128
$request3 = gzinflate($decoded3);
1126-
$this->assertStringContainsString('<saml:Subject', $request3);
1127-
$this->assertStringContainsString('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">testuser@example.com</saml:NameID>', $request3);
1128-
$this->assertStringContainsString('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">', $request3);
1129+
$this->assertStringNotContainsString('<saml:Subject', $request3);
1130+
$this->assertStringContainsString('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"', $request3);
1131+
$this->assertStringNotContainsString('testuser@example.com', $request3);
1132+
$this->assertStringNotContainsString('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">', $request3);
11291133
}
11301134

11311135
/**
@@ -1176,7 +1180,7 @@ public function testLogoutWithRelayStateAndParameters()
11761180
{
11771181
$relayState = 'http://sp.example.com';
11781182
$parameters = array('test1' => 'value1', 'test2' => 'value2');
1179-
$targetUrl = $this->_auth->logout($relayState, $parameters);
1183+
$targetUrl = $this->_auth->logout($relayState, $parameters, null, null, true);
11801184
$parsedQuery = getParamsFromUrl($targetUrl);
11811185

11821186
$sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url'];
@@ -1222,27 +1226,33 @@ public function testLogoutNameID()
12221226
$message = file_get_contents(TEST_ROOT . '/data/responses/valid_response.xml.base64');
12231227
$_POST['SAMLResponse'] = $message;
12241228
$this->_auth->processResponse();
1229+
$sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url'];
1230+
1231+
$expectedNameId = '492882615acf31c8096b627245d76ae53036c090';
12251232
$nameIdFromResponse = $this->_auth->getNameId();
1233+
$this->assertEquals($nameIdFromResponse, $expectedNameId);
12261234

1227-
try {
1228-
$nameId = 'my_name_id';
1229-
$this->_auth->logout();
1230-
// Do not ever get here
1231-
$this->assertFalse(true);
1232-
} catch (Exception $e) {
1233-
$this->assertStringContainsString('Cannot modify header information', $e->getMessage());
1234-
$trace = $e->getTrace();
1235-
$targetUrl = getUrlFromRedirect($trace);
1236-
$parsedQuery = getParamsFromUrl($targetUrl);
1237-
1238-
$sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url'];
1239-
$this->assertStringContainsString($sloUrl, $targetUrl);
1240-
$this->assertArrayHasKey('SAMLRequest', $parsedQuery);
1241-
1242-
$logoutRequest = gzinflate(base64_decode($parsedQuery['SAMLRequest']));
1243-
$nameIdFromRequest = LogoutRequest::getNameId($logoutRequest);
1244-
$this->assertEquals($nameIdFromResponse, $nameIdFromRequest);
1245-
}
1235+
$nameId = 'my_name_id';
1236+
$targetUrl = $this->_auth->logout(null, [], null, null, true);
1237+
$parsedQuery = getParamsFromUrl($targetUrl);
1238+
1239+
$this->assertStringContainsString($sloUrl, $targetUrl);
1240+
$this->assertArrayHasKey('SAMLRequest', $parsedQuery);
1241+
1242+
$logoutRequest = gzinflate(base64_decode($parsedQuery['SAMLRequest']));
1243+
$nameIdFromRequest = LogoutRequest::getNameId($logoutRequest);
1244+
$this->assertEquals($nameIdFromResponse, $nameIdFromRequest);
1245+
1246+
$nameId = 'my_name_id';
1247+
$targetUrl = $this->_auth->logout(null, [], $nameId, null, true);
1248+
$parsedQuery = getParamsFromUrl($targetUrl);
1249+
1250+
$this->assertStringContainsString($sloUrl, $targetUrl);
1251+
$this->assertArrayHasKey('SAMLRequest', $parsedQuery);
1252+
1253+
$logoutRequest = gzinflate(base64_decode($parsedQuery['SAMLRequest']));
1254+
$nameIdFromRequest = LogoutRequest::getNameId($logoutRequest);
1255+
$this->assertEquals($nameId, $nameIdFromRequest);
12461256
}
12471257

12481258
/**
@@ -1264,27 +1274,18 @@ public function testLogoutSigned()
12641274

12651275
$auth = new Auth($settingsInfo);
12661276

1267-
try {
1268-
// The Header of the redirect produces an Exception
1269-
$returnTo = 'http://example.com/returnto';
1270-
$auth->logout($returnTo);
1271-
// Do not ever get here
1272-
$this->assertFalse(true);
1273-
} catch (Exception $e) {
1274-
$this->assertStringContainsString('Cannot modify header information', $e->getMessage());
1275-
$trace = $e->getTrace();
1276-
$targetUrl = getUrlFromRedirect($trace);
1277-
$parsedQuery = getParamsFromUrl($targetUrl);
1278-
1279-
$sloUrl = $settingsInfo['idp']['singleLogoutService']['url'];
1280-
$this->assertStringContainsString($sloUrl, $targetUrl);
1281-
$this->assertArrayHasKey('SAMLRequest', $parsedQuery);
1282-
$this->assertArrayHasKey('RelayState', $parsedQuery);
1283-
$this->assertArrayHasKey('SigAlg', $parsedQuery);
1284-
$this->assertArrayHasKey('Signature', $parsedQuery);
1285-
$this->assertEquals($parsedQuery['RelayState'], $returnTo);
1286-
$this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
1287-
}
1277+
$returnTo = 'http://example.com/returnto';
1278+
$targetUrl = $auth->logout($returnTo, [], null, null, true);
1279+
$parsedQuery = getParamsFromUrl($targetUrl);
1280+
1281+
$sloUrl = $settingsInfo['idp']['singleLogoutService']['url'];
1282+
$this->assertStringContainsString($sloUrl, $targetUrl);
1283+
$this->assertArrayHasKey('SAMLRequest', $parsedQuery);
1284+
$this->assertArrayHasKey('RelayState', $parsedQuery);
1285+
$this->assertArrayHasKey('SigAlg', $parsedQuery);
1286+
$this->assertArrayHasKey('Signature', $parsedQuery);
1287+
$this->assertEquals($parsedQuery['RelayState'], $returnTo);
1288+
$this->assertEquals(XMLSecurityKey::RSA_SHA256, $parsedQuery['SigAlg']);
12881289
}
12891290

12901291
/**
@@ -1580,9 +1581,9 @@ public function testGetIdFromLastLogoutResponse()
15801581
}
15811582

15821583
/**
1583-
* Tests the checkSettings method of the OneLogin_Saml2_Settings when SpValidateOnly is false and IdP is not defined
1584+
* Tests the checkSettings method of the Settings when SpValidateOnly is false and IdP is not defined
15841585
*
1585-
* @covers OneLogin_Saml2_Settings::checkSettings
1586+
* @covers OneLogin\Saml2\Settings::checkSettings
15861587
*/
15871588
public function testSpValidateOnlyIsTrue()
15881589
{
@@ -1594,9 +1595,9 @@ public function testSpValidateOnlyIsTrue()
15941595
}
15951596

15961597
/**
1597-
* Tests the checkSettings method of the OneLogin_Saml2_Settings when SpValidateOnly is false and IdP is not defined
1598+
* Tests the checkSettings method of the Settings when SpValidateOnly is false and IdP is not defined
15981599
*
1599-
* @covers OneLogin_Saml2_Settings::checkSettings
1600+
* @covers OneLogin\Saml2\Settings::checkSettings
16001601
*/
16011602
public function testSpValidateOnlyIsFalse()
16021603
{
@@ -1606,7 +1607,7 @@ public function testSpValidateOnlyIsFalse()
16061607
try {
16071608
$settings = new Settings($settingsInfo);
16081609
} catch (Error $e) {
1609-
$this->assertContains('idp_not_found', $e->getMessage());
1610+
$this->assertStringContainsString('idp_not_found', $e->getMessage());
16101611
}
16111612
}
16121613
}

tests/src/OneLogin/Saml2/LogoutResponseTest.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -482,7 +482,7 @@ public function testWeCanChooseToDeflateAResponseBody()
482482

483483
$settingsDir = TEST_ROOT .'/settings/';
484484
include $settingsDir.'settings1.php';
485-
485+
486486
$settings = new Settings($settingsInfo);
487487
$logoutResponse = new LogoutResponse($settings, $message);
488488
$payload = $logoutResponse->getResponse(false);
@@ -491,7 +491,7 @@ public function testWeCanChooseToDeflateAResponseBody()
491491

492492
$settingsDir = TEST_ROOT .'/settings/';
493493
include $settingsDir.'settings2.php';
494-
494+
495495
$settings = new Settings($settingsInfo);
496496
$logoutResponse = new LogoutResponse($settings, $message);
497497
$payload = $logoutResponse->getResponse(true);
@@ -539,7 +539,7 @@ public function testGetID()
539539
$xml = $logoutResponse->getXML();
540540
$id1 = $logoutResponse->getID();
541541
$this->assertNotNull($id1);
542-
542+
543543
$processedLogoutResponse = new LogoutResponse($settings, base64_encode($xml));
544544
$id2 = $processedLogoutResponse->getID();
545545
$this->assertEquals($id1, $id2);
@@ -548,12 +548,12 @@ public function testGetID()
548548
/**
549549
* Tests that the LogoutRequest throws an exception
550550
*
551-
* @covers OneLogin\Saml2\LogoutRequest::getID()
551+
* @covers OneLogin\Saml2\LogoutResponse::getID()
552552
*/
553553
public function testGetIDException()
554554
{
555555
$this->expectException(Error::class);
556-
$this->expectExceptionMessage('LogoutRequest could not be processed');
556+
$this->expectExceptionMessage('LogoutResponse could not be processed');
557557

558558
$settingsDir = TEST_ROOT .'/settings/';
559559
include $settingsDir.'settings1.php';

0 commit comments

Comments
 (0)