Fix tests

SAML-Toolkits · Jun 9, 2023 · fc74ec9 · fc74ec9
1 parent 89af87a
commit fc74ec9
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 83 deletions.
diff --git a/src/Saml2/Response.php b/src/Saml2/Response.php
@@ -296,12 +296,9 @@ public function isValid($requestId = null)
                 // Check audience
                 $validAudiences = $this->getAudiences();
                 if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) {
+                    $validAudiencesStr = implode(',', $validAudiences);
                     throw new ValidationError(
-                        sprintf(
-                            "Invalid audience for this Response (expected '%s', got '%s')",
-                            $spEntityId,
-                            implode(',', $validAudiences)
-                        ),
+                        "Invalid audience for this Response (expected '".$spEntityId."', got '".$validAudiencesStr."')",
                         ValidationError::WRONG_AUDIENCE
                     );
                 }
@@ -313,7 +310,7 @@ public function isValid($requestId = null)
                         $trimmedIssuer = trim($issuer);
                         if (empty($trimmedIssuer) || $trimmedIssuer !== $idPEntityId) {
                             throw new ValidationError(
-                                "Invalid issuer in the Assertion/Response (expected '$idPEntityId', got '$trimmedIssuer')",
+                                "Invalid issuer in the Assertion/Response (expected '".$idPEntityId."', got '".$trimmedIssuer."')",
                                 ValidationError::WRONG_ISSUER
                             );
                         }
@@ -1216,13 +1213,19 @@ public function getErrorException()
     /**
      * After execute a validation process, if fails this method returns the cause
      *
+     * @param bool $escape Apply or not htmlentities to the message.
+     *
      * @return null|string Error reason
      */
-    public function getError()
+    public function getError($escape = true)
     {
         $errorMsg = null;
         if (isset($this->_error)) {
-            $errorMsg = htmlentities($this->_error->getMessage());
+            if ($escape) {
+                $errorMsg = htmlentities($this->_error->getMessage());
+            } else {
+                $errorMsg = $this->_error->getMessage();
+            }
         }
         return $errorMsg;
     }

diff --git a/src/Saml2/ValidationError.php b/src/Saml2/ValidationError.php
@@ -90,8 +90,12 @@ public function __construct($msg, $code = 0, $args = array())
         if (!isset($args)) {
             $args = array();
         }
-        $params = array_merge(array($msg), $args);
-        $message = call_user_func_array('sprintf', $params);
+        if (!empty($args)) {
+            $params = array_merge(array($msg), $args);
+            $message = call_user_func_array('sprintf', $params);
+        } else {
+            $message = $msg;
+        }
 
         parent::__construct($message, $code);
     }

diff --git a/tests/src/OneLogin/Saml2/AuthTest.php b/tests/src/OneLogin/Saml2/AuthTest.php
@@ -672,6 +672,7 @@ public function testProcessSLORequestDeletingSession()
         $plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
         $message = base64_encode(gzdeflate($plainMessage));
 
+        unset($_GET['SAMLResponse']);
         $_GET['SAMLRequest'] = $message;
 
         if (!isset($_SESSION)) {
@@ -680,9 +681,9 @@ public function testProcessSLORequestDeletingSession()
         $_SESSION['samltest'] = true;
 
         $this->_auth->setStrict(true);
+
         $targetUrl = $this->_auth->processSLO(false, null, false, null, true);
         $parsedQuery = getParamsFromUrl($targetUrl);
-
         $sloResponseUrl = $this->_settingsInfo['idp']['singleLogoutService']['responseUrl'];
         $this->assertStringContainsString($sloResponseUrl, $targetUrl);
         $this->assertArrayHasKey('SAMLResponse', $parsedQuery);
@@ -725,6 +726,7 @@ public function testProcessSLORequestDeletingSessionCallback()
         $plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
         $message = base64_encode(gzdeflate($plainMessage));
 
+        unset($_GET['SAMLResponse']);
         $_GET['SAMLRequest'] = $message;
 
         if (!isset($_SESSION)) {
@@ -773,11 +775,12 @@ public function testProcessSLORequestRelayState()
         $plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
         $message = base64_encode(gzdeflate($plainMessage));
 
+        unset($_GET['SAMLResponse']);
         $_GET['SAMLRequest'] = $message;
         $_GET['RelayState'] = 'http://relaystate.com';
 
         $this->_auth->setStrict(true);
-        $targetUrl = $this->_auth->processSLO(false, null, fase, null, null, true);
+        $targetUrl = $this->_auth->processSLO(false, null, null, null, true);
         $parsedQuery = getParamsFromUrl($targetUrl);
 
         $sloResponseUrl = $this->_settingsInfo['idp']['singleLogoutService']['responseUrl'];
@@ -815,7 +818,7 @@ public function testProcessSLORequestSignedResponse()
         $_GET['RelayState'] = 'http://relaystate.com';
 
         $auth->setStrict(true);
-        $targetUrl = $this->_auth->processSLO(false, null, fase, null, null, true);
+        $targetUrl = $auth->processSLO(false, null, null, null, true);
 
         $parsedQuery = getParamsFromUrl($targetUrl);
 
@@ -826,7 +829,7 @@ public function testProcessSLORequestSignedResponse()
         $this->assertArrayHasKey('SigAlg', $parsedQuery);
         $this->assertArrayHasKey('Signature', $parsedQuery);
         $this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']);
-        $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
+        $this->assertEquals(XMLSecurityKey::RSA_SHA256, $parsedQuery['SigAlg']);
     }
 
     /**
@@ -918,7 +921,7 @@ public function testLoginSigned()
         $this->assertArrayHasKey('SigAlg', $parsedQuery);
         $this->assertArrayHasKey('Signature', $parsedQuery);
         $this->assertEquals($parsedQuery['RelayState'], $returnTo);
-        $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
+        $this->assertEquals(XMLSecurityKey::RSA_SHA256, $parsedQuery['SigAlg']);
     }
 
     /**
@@ -946,7 +949,7 @@ public function testLoginForceAuthN()
         $encodedRequest = $parsedQuery['SAMLRequest'];
         $decoded = base64_decode($encodedRequest);
         $request = gzinflate($decoded);
-        $this->assertNotContains('ForceAuthn="true"', $request);
+        $this->assertStringNotContainsString('ForceAuthn="true"', $request);
 
         $returnTo = 'http://example.com/returnto';
 
@@ -959,7 +962,7 @@ public function testLoginForceAuthN()
         $encodedRequest2 = $parsedQuery2['SAMLRequest'];
         $decoded2 = base64_decode($encodedRequest2);
         $request2 = gzinflate($decoded2);
-        $this->assertNotContains('ForceAuthn="true"', $request2);
+        $this->assertStringNotContainsString('ForceAuthn="true"', $request2);
 
         $returnTo = 'http://example.com/returnto';
         $targetUrl3 = $auth->login($returnTo, [], true, false, true);
@@ -1000,7 +1003,7 @@ public function testLoginIsPassive()
         $encodedRequest = $parsedQuery['SAMLRequest'];
         $decoded = base64_decode($encodedRequest);
         $request = gzinflate($decoded);
-        $this->assertNotContains('IsPassive="true"', $request);
+        $this->assertStringNotContainsString('IsPassive="true"', $request);
 
         $returnTo = 'http://example.com/returnto';
         $targetUrl2 = $auth->login($returnTo, [], false, false, true);
@@ -1012,7 +1015,7 @@ public function testLoginIsPassive()
         $encodedRequest2 = $parsedQuery2['SAMLRequest'];
         $decoded2 = base64_decode($encodedRequest2);
         $request2 = gzinflate($decoded2);
-        $this->assertNotContains('IsPassive="true"', $request2);
+        $this->assertStringNotContainsString('IsPassive="true"', $request2);
 
         $returnTo = 'http://example.com/returnto';
         $targetUrl3 = $auth->login($returnTo, [], false, true, true);
@@ -1048,7 +1051,7 @@ public function testLoginNameIDPolicy()
         $encodedRequest = $parsedQuery['SAMLRequest'];
         $decoded = base64_decode($encodedRequest);
         $request = gzinflate($decoded);
-        $this->assertNotContains('<samlp:NameIDPolicy', $request);
+        $this->assertStringNotContainsString('<samlp:NameIDPolicy', $request);
 
         $returnTo = 'http://example.com/returnto';
         $targetUrl2 = $auth->login($returnTo, [], false, false, true, true);
@@ -1095,7 +1098,7 @@ public function testLoginSubject()
         $encodedRequest = $parsedQuery['SAMLRequest'];
         $decoded = base64_decode($encodedRequest);
         $request = gzinflate($decoded);
-        $this->assertNotContains('<saml:Subject', $request);
+        $this->assertStringNotContainsString('<saml:Subject', $request);
 
         $returnTo = 'http://example.com/returnto';
         $targetUrl2 = $auth->login($returnTo, [], false, false, true, true, "[email protected]");
@@ -1123,9 +1126,10 @@ public function testLoginSubject()
         $encodedRequest3 = $parsedQuery3['SAMLRequest'];
         $decoded3 = base64_decode($encodedRequest3);
         $request3 = gzinflate($decoded3);
-        $this->assertStringContainsString('<saml:Subject', $request3);
-        $this->assertStringContainsString('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml:NameID>', $request3);
-        $this->assertStringContainsString('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">', $request3);
+        $this->assertStringNotContainsString('<saml:Subject', $request3);
+        $this->assertStringContainsString('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"', $request3);
+        $this->assertStringNotContainsString('[email protected]', $request3);
+        $this->assertStringNotContainsString('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">', $request3);
     }
 
     /**
@@ -1176,7 +1180,7 @@ public function testLogoutWithRelayStateAndParameters()
     {
         $relayState = 'http://sp.example.com';
         $parameters = array('test1' => 'value1', 'test2' => 'value2');
-        $targetUrl = $this->_auth->logout($relayState, $parameters);
+        $targetUrl = $this->_auth->logout($relayState, $parameters, null, null, true);
         $parsedQuery = getParamsFromUrl($targetUrl);
 
         $sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url'];
@@ -1222,27 +1226,33 @@ public function testLogoutNameID()
         $message = file_get_contents(TEST_ROOT . '/data/responses/valid_response.xml.base64');
         $_POST['SAMLResponse'] = $message;
         $this->_auth->processResponse();
+        $sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url'];
+
+        $expectedNameId = '492882615acf31c8096b627245d76ae53036c090';
         $nameIdFromResponse = $this->_auth->getNameId();
+        $this->assertEquals($nameIdFromResponse, $expectedNameId);
 
-        try {
-            $nameId = 'my_name_id';
-            $this->_auth->logout();
-            // Do not ever get here
-            $this->assertFalse(true);
-        } catch (Exception $e) {
-            $this->assertStringContainsString('Cannot modify header information', $e->getMessage());
-            $trace = $e->getTrace();
-            $targetUrl = getUrlFromRedirect($trace);
-            $parsedQuery = getParamsFromUrl($targetUrl);
-
-            $sloUrl = $this->_settingsInfo['idp']['singleLogoutService']['url'];
-            $this->assertStringContainsString($sloUrl, $targetUrl);
-            $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
-
-            $logoutRequest = gzinflate(base64_decode($parsedQuery['SAMLRequest']));
-            $nameIdFromRequest = LogoutRequest::getNameId($logoutRequest);
-            $this->assertEquals($nameIdFromResponse, $nameIdFromRequest);
-        }
+        $nameId = 'my_name_id';
+        $targetUrl = $this->_auth->logout(null, [], null, null, true);
+        $parsedQuery = getParamsFromUrl($targetUrl);
+
+        $this->assertStringContainsString($sloUrl, $targetUrl);
+        $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
+
+        $logoutRequest = gzinflate(base64_decode($parsedQuery['SAMLRequest']));
+        $nameIdFromRequest = LogoutRequest::getNameId($logoutRequest);
+        $this->assertEquals($nameIdFromResponse, $nameIdFromRequest);
+
+        $nameId = 'my_name_id';
+        $targetUrl = $this->_auth->logout(null, [], $nameId, null, true);
+        $parsedQuery = getParamsFromUrl($targetUrl);
+
+        $this->assertStringContainsString($sloUrl, $targetUrl);
+        $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
+
+        $logoutRequest = gzinflate(base64_decode($parsedQuery['SAMLRequest']));
+        $nameIdFromRequest = LogoutRequest::getNameId($logoutRequest);
+        $this->assertEquals($nameId, $nameIdFromRequest);
     }
 
     /**
@@ -1264,27 +1274,18 @@ public function testLogoutSigned()
 
         $auth = new Auth($settingsInfo);
 
-        try {
-            // The Header of the redirect produces an Exception
-            $returnTo = 'http://example.com/returnto';
-            $auth->logout($returnTo);
-            // Do not ever get here
-            $this->assertFalse(true);
-        } catch (Exception $e) {
-            $this->assertStringContainsString('Cannot modify header information', $e->getMessage());
-            $trace = $e->getTrace();
-            $targetUrl = getUrlFromRedirect($trace);
-            $parsedQuery = getParamsFromUrl($targetUrl);
-
-            $sloUrl = $settingsInfo['idp']['singleLogoutService']['url'];
-            $this->assertStringContainsString($sloUrl, $targetUrl);
-            $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
-            $this->assertArrayHasKey('RelayState', $parsedQuery);
-            $this->assertArrayHasKey('SigAlg', $parsedQuery);
-            $this->assertArrayHasKey('Signature', $parsedQuery);
-            $this->assertEquals($parsedQuery['RelayState'], $returnTo);
-            $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
-        }
+        $returnTo = 'http://example.com/returnto';
+        $targetUrl = $auth->logout($returnTo, [], null, null, true);
+        $parsedQuery = getParamsFromUrl($targetUrl);
+
+        $sloUrl = $settingsInfo['idp']['singleLogoutService']['url'];
+        $this->assertStringContainsString($sloUrl, $targetUrl);
+        $this->assertArrayHasKey('SAMLRequest', $parsedQuery);
+        $this->assertArrayHasKey('RelayState', $parsedQuery);
+        $this->assertArrayHasKey('SigAlg', $parsedQuery);
+        $this->assertArrayHasKey('Signature', $parsedQuery);
+        $this->assertEquals($parsedQuery['RelayState'], $returnTo);
+        $this->assertEquals(XMLSecurityKey::RSA_SHA256, $parsedQuery['SigAlg']);
     }
 
     /**
@@ -1580,9 +1581,9 @@ public function testGetIdFromLastLogoutResponse()
     }
 
     /**
-     * Tests the checkSettings method of the OneLogin_Saml2_Settings when SpValidateOnly is false and IdP is not defined
+     * Tests the checkSettings method of the Settings when SpValidateOnly is false and IdP is not defined
      *
-     * @covers OneLogin_Saml2_Settings::checkSettings
+     * @covers OneLogin\Saml2\Settings::checkSettings
      */
     public function testSpValidateOnlyIsTrue()
     {
@@ -1594,9 +1595,9 @@ public function testSpValidateOnlyIsTrue()
     }
 
     /**
-     * Tests the checkSettings method of the OneLogin_Saml2_Settings when SpValidateOnly is false and IdP is not defined
+     * Tests the checkSettings method of the Settings when SpValidateOnly is false and IdP is not defined
      *
-     * @covers OneLogin_Saml2_Settings::checkSettings
+     * @covers OneLogin\Saml2\Settings::checkSettings
      */
     public function testSpValidateOnlyIsFalse()
     {
@@ -1606,7 +1607,7 @@ public function testSpValidateOnlyIsFalse()
         try {
             $settings = new Settings($settingsInfo);
         } catch (Error $e) {
-            $this->assertContains('idp_not_found', $e->getMessage());
+            $this->assertStringContainsString('idp_not_found', $e->getMessage());
         }
     }
 }
diff --git a/tests/src/OneLogin/Saml2/LogoutResponseTest.php b/tests/src/OneLogin/Saml2/LogoutResponseTest.php
@@ -482,7 +482,7 @@ public function testWeCanChooseToDeflateAResponseBody()
 
         $settingsDir = TEST_ROOT .'/settings/';
         include $settingsDir.'settings1.php';
-        
+
         $settings = new Settings($settingsInfo);
         $logoutResponse = new LogoutResponse($settings, $message);
         $payload = $logoutResponse->getResponse(false);
@@ -491,7 +491,7 @@ public function testWeCanChooseToDeflateAResponseBody()
 
         $settingsDir = TEST_ROOT .'/settings/';
         include $settingsDir.'settings2.php';
-        
+
         $settings = new Settings($settingsInfo);
         $logoutResponse = new LogoutResponse($settings, $message);
         $payload = $logoutResponse->getResponse(true);
@@ -539,7 +539,7 @@ public function testGetID()
         $xml = $logoutResponse->getXML();
         $id1 = $logoutResponse->getID();
         $this->assertNotNull($id1);
-    
+
         $processedLogoutResponse = new LogoutResponse($settings, base64_encode($xml));
         $id2 = $processedLogoutResponse->getID();
         $this->assertEquals($id1, $id2);
@@ -548,12 +548,12 @@ public function testGetID()
     /**
      * Tests that the LogoutRequest throws an exception
      *
-     * @covers OneLogin\Saml2\LogoutRequest::getID()
+     * @covers OneLogin\Saml2\LogoutResponse::getID()
      */
     public function testGetIDException()
     {
         $this->expectException(Error::class);
-        $this->expectExceptionMessage('LogoutRequest could not be processed');
+        $this->expectExceptionMessage('LogoutResponse could not be processed');
 
         $settingsDir = TEST_ROOT .'/settings/';
         include $settingsDir.'settings1.php';