Adds Response#name_id_format

grzuy · grzuy · commit cb78e6c7384a · 2016-03-10T16:59:01.000-03:00
diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb
@@ -82,19 +82,25 @@ def is_valid?
       # @return [String] the NameID provided by the SAML response from the IdP.
       #
       def name_id
-        @name_id ||= begin
-          encrypted_node = xpath_first_from_signed_assertion('/a:Subject/a:EncryptedID')
-          if encrypted_node
-            node = decrypt_nameid(encrypted_node)
-          else
-            node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
+        @name_id ||=
+          if name_id_node
+            name_id_node.text
           end
-          node.nil? ? nil : node.text
-        end
       end
 
       alias_method :nameid, :name_id
 
+      # @return [String] the NameID Format provided by the SAML response from the IdP.
+      #
+      def name_id_format
+        @name_id_format ||=
+          if name_id_node && name_id_node.attribute("Format")
+            name_id_node.attribute("Format").value
+          end
+      end
+
+      alias_method :nameid_format, :name_id_format
+
 
       # Gets the SessionIndex from the AuthnStatement.
       # Could be used to be stored in the local session in order
@@ -638,6 +644,18 @@ def validate_signature
         true
       end
 
+      def name_id_node
+        @name_id_node ||=
+          begin
+            encrypted_node = xpath_first_from_signed_assertion('/a:Subject/a:EncryptedID')
+            if encrypted_node
+              node = decrypt_nameid(encrypted_node)
+            else
+              node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
+            end
+          end
+      end
+
       # Extracts the first appearance that matchs the subelt (pattern)
       # Search on any Assertion that is signed, or has a Response parent signed
       # @param subelt [String] The XPath pattern
diff --git a/test/response_test.rb b/test/response_test.rb
@@ -774,6 +774,13 @@ class RubySamlTest < Minitest::Test
       end
     end
 
+    describe "#name_id_format" do
+      it "extract the value of the name id element" do
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response.name_id_format
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response_with_signed_assertion.name_id_format
+      end
+    end
+
     describe "#sessionindex" do
       it "extract the value of the sessionindex element" do
         response = OneLogin::RubySaml::Response.new(fixture(:simple_saml_php))
@@ -1001,12 +1008,17 @@ class RubySamlTest < Minitest::Test
           assert_raises(OneLogin::RubySaml::ValidationError, "An EncryptedID found and no SP private key found on the settings to decrypt it") do
             assert_equal "test@onelogin.com", response_encrypted_nameid.nameid
           end
+
+          assert_raises(OneLogin::RubySaml::ValidationError, "An EncryptedID found and no SP private key found on the settings to decrypt it") do
+            assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response_encrypted_nameid.name_id_format
+          end
       end
 
       it 'is possible when encryptID inside the assertion and settings has the private key' do
         settings.private_key = ruby_saml_key_text
         response_encrypted_nameid.settings = settings
         assert_equal "test@onelogin.com", response_encrypted_nameid.nameid
+        assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", response_encrypted_nameid.name_id_format
       end
 
     end
