ALOWED Misspell

pitbulk · pitbulk · commit cf2ccb7b0b44 · 2016-02-03T22:42:23.000+01:00
diff --git a/README.md b/README.md
@@ -1053,6 +1053,7 @@ Main class of OneLogin PHP Toolkit
  * `getErrors` - Returns if there were any error 
  * `getSSOurl` - Gets the SSO url.
  * `getSLOurl` - Gets the SLO url.
+ * `getLastRequestID` - The ID of the last Request SAML message generated.
  * `buildRequestSignature` - Generates the Signature for a SAML Request
  * `buildResponseSignature` - Generates the Signature for a SAML Response
  * `getSettings` - Returns the settings info
diff --git a/lib/Saml2/Constants.php b/lib/Saml2/Constants.php
@@ -8,7 +8,7 @@
 class OneLogin_Saml2_Constants
 {
     // Value added to the current time in time condition validations
-    const ALOWED_CLOCK_DRIFT = 180;  // 3 min in seconds
+    const ALLOWED_CLOCK_DRIFT = 180;  // 3 min in seconds
 
     // NameID Formats
     const NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';
diff --git a/lib/Saml2/Response.php b/lib/Saml2/Response.php
@@ -258,6 +258,9 @@ public function isValid($requestId = null)
             }
 
             if (!empty($signedElements)) {
+                if (count($signedElements) > 2) {
+                    throw new Exception("Too many Signatures found. SAML Response rejected");
+                }
                 $cert = $idpData['x509cert'];
                 $fingerprint = $idpData['certFingerprint'];
                 $fingerprintalg = $idpData['certFingerprintAlgorithm'];
@@ -513,10 +516,10 @@ public function validateTimestamps()
         for ($i = 0; $i < $timestampNodes->length; $i++) {
             $nbAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotBefore");
             $naAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotOnOrAfter");
-            if ($nbAttribute && OneLogin_SAML2_Utils::parseSAML2Time($nbAttribute->textContent) > time() + OneLogin_Saml2_Constants::ALOWED_CLOCK_DRIFT) {
+            if ($nbAttribute && OneLogin_SAML2_Utils::parseSAML2Time($nbAttribute->textContent) > time() + OneLogin_Saml2_Constants::ALLOWED_CLOCK_DRIFT) {
                 return false;
             }
-            if ($naAttribute && OneLogin_SAML2_Utils::parseSAML2Time($naAttribute->textContent) + OneLogin_Saml2_Constants::ALOWED_CLOCK_DRIFT <= time()) {
+            if ($naAttribute && OneLogin_SAML2_Utils::parseSAML2Time($naAttribute->textContent) + OneLogin_Saml2_Constants::ALLOWED_CLOCK_DRIFT <= time()) {
                 return false;
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`class OneLogin_Saml2_Constants`
`9`	`9`	`{`
`10`	`10`	`// Value added to the current time in time condition validations`
`11`		`- const ALOWED_CLOCK_DRIFT = 180; // 3 min in seconds`
	`11`	`+ const ALLOWED_CLOCK_DRIFT = 180; // 3 min in seconds`
`12`	`12`
`13`	`13`	`// NameID Formats`
`14`	`14`	`const NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress';`
Original file line number	Diff line number	Diff line change
`@@ -258,6 +258,9 @@ public function isValid($requestId = null)`
`258`	`258`	`}`
`259`	`259`
`260`	`260`	`if (!empty($signedElements)) {`
	`261`	`+ if (count($signedElements) > 2) {`
	`262`	`+ throw new Exception("Too many Signatures found. SAML Response rejected");`
	`263`	`+ }`
`261`	`264`	`$cert = $idpData['x509cert'];`
`262`	`265`	`$fingerprint = $idpData['certFingerprint'];`
`263`	`266`	`$fingerprintalg = $idpData['certFingerprintAlgorithm'];`
`@@ -513,10 +516,10 @@ public function validateTimestamps()`
`513`	`516`	`for ($i = 0; $i < $timestampNodes->length; $i++) {`
`514`	`517`	`$nbAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotBefore");`
`515`	`518`	`$naAttribute = $timestampNodes->item($i)->attributes->getNamedItem("NotOnOrAfter");`
`516`		`- if ($nbAttribute && OneLogin_SAML2_Utils::parseSAML2Time($nbAttribute->textContent) > time() + OneLogin_Saml2_Constants::ALOWED_CLOCK_DRIFT) {`
	`519`	`+ if ($nbAttribute && OneLogin_SAML2_Utils::parseSAML2Time($nbAttribute->textContent) > time() + OneLogin_Saml2_Constants::ALLOWED_CLOCK_DRIFT) {`
`517`	`520`	`return false;`
`518`	`521`	`}`
`519`		`- if ($naAttribute && OneLogin_SAML2_Utils::parseSAML2Time($naAttribute->textContent) + OneLogin_Saml2_Constants::ALOWED_CLOCK_DRIFT <= time()) {`
	`522`	`+ if ($naAttribute && OneLogin_SAML2_Utils::parseSAML2Time($naAttribute->textContent) + OneLogin_Saml2_Constants::ALLOWED_CLOCK_DRIFT <= time()) {`
`520`	`523`	`return false;`
`521`	`524`	`}`
`522`	`525`	`}`