Skip to content

Commit 1045c6b

Browse files
pitbulkpitbulk
committed
Refactor, Add more tests
1 parent fc7a2ae commit 1045c6b

File tree

5 files changed

+128
-62
lines changed

5 files changed

+128
-62
lines changed

lib/Saml2/Auth.php

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,13 @@ class OneLogin_Saml2_Auth
2020
*/
2121
private $_attributes = array();
2222

23+
/**
24+
* User attributes data with FriendlyName index.
25+
*
26+
* @var array
27+
*/
28+
private $_attributesWithFriendlyName = array();
29+
2330
/**
2431
* NameID
2532
*
@@ -182,6 +189,7 @@ public function processResponse($requestId = null)
182189

183190
if ($response->isValid($requestId)) {
184191
$this->_attributes = $response->getAttributes();
192+
$this->_attributesWithFriendlyName = $response->getAttributesWithFriendlyName();
185193
$this->_nameid = $response->getNameId();
186194
$this->_nameidFormat = $response->getNameIdFormat();
187195
$this->_nameidNameQualifier = $response->getNameIdNameQualifier();
@@ -325,6 +333,16 @@ public function getAttributes()
325333
return $this->_attributes;
326334
}
327335

336+
/**
337+
* Returns the set of SAML attributes indexed by FriendlyName
338+
*
339+
* @return array Attributes of the user.
340+
*/
341+
public function getAttributesWithFriendlyName()
342+
{
343+
return $this->_attributesWithFriendlyName;
344+
}
345+
328346
/**
329347
* Returns the nameID
330348
*
@@ -413,6 +431,24 @@ public function getAttribute($name)
413431
return $value;
414432
}
415433

434+
/**
435+
* Returns the requested SAML attribute indexed by FriendlyName
436+
*
437+
* @param string $friendlyName The requested attribute of the user.
438+
*
439+
* @return array|null Requested SAML attribute ($friendlyName).
440+
*/
441+
public function getAttributeWithFriendlyName($friendlyName)
442+
{
443+
assert('is_string($friendlyName)');
444+
445+
$value = null;
446+
if (isset($this->_attributesWithFriendlyName[$friendlyName])) {
447+
return $this->_attributesWithFriendlyName[$friendlyName];
448+
}
449+
return $value;
450+
}
451+
416452
/**
417453
* Initiates the SSO process.
418454
*

lib/Saml2/Response.php

Lines changed: 12 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -707,46 +707,7 @@ public function getSessionIndex()
707707
*/
708708
public function getAttributes()
709709
{
710-
$attributes = array();
711-
712-
/* EncryptedAttributes not supported
713-
714-
$encriptedAttributes = $this->_queryAssertion('/saml:AttributeStatement/saml:EncryptedAttribute');
715-
716-
if ($encriptedAttributes->length > 0) {
717-
foreach ($encriptedAttributes as $encriptedAttribute) {
718-
$key = $this->_settings->getSPkey();
719-
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
720-
$seckey->loadKey($key);
721-
$attribute = OneLogin_Saml2_Utils::decryptElement($encriptedAttribute->firstChild(), $seckey);
722-
}
723-
}
724-
*/
725-
726-
$entries = $this->_queryAssertion('/saml:AttributeStatement/saml:Attribute');
727-
728-
/** @var $entry DOMNode */
729-
foreach ($entries as $entry) {
730-
$attributeName = $entry->attributes->getNamedItem('Name')->nodeValue;
731-
732-
if (in_array($attributeName, array_keys($attributes))) {
733-
throw new OneLogin_Saml2_ValidationError(
734-
"Found an Attribute element with duplicated Name",
735-
OneLogin_Saml2_ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND
736-
);
737-
}
738-
739-
$attributeValues = array();
740-
foreach ($entry->childNodes as $childNode) {
741-
$tagName = ($childNode->prefix ? $childNode->prefix.':' : '') . 'AttributeValue';
742-
if ($childNode->nodeType == XML_ELEMENT_NODE && $childNode->tagName === $tagName) {
743-
$attributeValues[] = $childNode->nodeValue;
744-
}
745-
}
746-
747-
$attributes[$attributeName] = $attributeValues;
748-
}
749-
return $attributes;
710+
return $this->_getAttributesByKeyName('Name');
750711
}
751712

752713
/**
@@ -756,37 +717,28 @@ public function getAttributes()
756717
*/
757718
public function getAttributesWithFriendlyName()
758719
{
759-
$attributes = array();
760-
761-
/* EncryptedAttributes not supported
762-
763-
$encriptedAttributes = $this->_queryAssertion('/saml:AttributeStatement/saml:EncryptedAttribute');
720+
return $this->_getAttributesByKeyName('FriendlyName');
721+
}
764722

765-
if ($encriptedAttributes->length > 0) {
766-
foreach ($encriptedAttributes as $encriptedAttribute) {
767-
$key = $this->_settings->getSPkey();
768-
$seckey = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, array('type'=>'private'));
769-
$seckey->loadKey($key);
770-
$attribute = OneLogin_Saml2_Utils::decryptElement($encriptedAttribute->firstChild(), $seckey);
771-
}
772-
}
773-
*/
723+
private function _getAttributesByKeyName($keyName="Name")
724+
{
725+
$attributes = array();
774726

775727
$entries = $this->_queryAssertion('/saml:AttributeStatement/saml:Attribute');
776728

777729
/** @var $entry DOMNode */
778730
foreach ($entries as $entry) {
779-
$attributeFriendlyNameNode = $entry->attributes->getNamedItem('FriendlyName');
731+
$attributeKeyNode = $entry->attributes->getNamedItem($keyName);
780732

781-
if ($attributeFriendlyNameNode === null) {
733+
if ($attributeKeyNode === null) {
782734
continue;
783735
}
784736

785-
$attributeFriendlyName = $attributeFriendlyNameNode->nodeValue;
737+
$attributeKeyName = $attributeKeyNode->nodeValue;
786738

787-
if (in_array($attributeFriendlyName, array_keys($attributes))) {
739+
if (in_array($attributeKeyName, array_keys($attributes))) {
788740
throw new OneLogin_Saml2_ValidationError(
789-
"Found an Attribute element with duplicated FriendlyName",
741+
"Found an Attribute element with duplicated ".$keyName,
790742
OneLogin_Saml2_ValidationError::DUPLICATED_ATTRIBUTE_NAME_FOUND
791743
);
792744
}
@@ -799,7 +751,7 @@ public function getAttributesWithFriendlyName()
799751
}
800752
}
801753

802-
$attributes[$attributeFriendlyName] = $attributeValues;
754+
$attributes[$attributeKeyName] = $attributeValues;
803755
}
804756
return $attributes;
805757
}

0 commit comments

Comments
 (0)