Migrate samlp:NameIDPolicy to new interface

tvdijen · tvdijen · commit 75e28c57709a · 2023-06-15T22:35:52.000+02:00
diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php
@@ -434,16 +434,8 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
             $authnContext = $request->getRequestedAuthnContext();
 
             $nameIdPolicy = $request->getNameIdPolicy();
-            if (isset($nameIdPolicy['Format'])) {
-                $nameIDFormat = $nameIdPolicy['Format'];
-            } else {
-                $nameIDFormat = null;
-            }
-            if (isset($nameIdPolicy['AllowCreate'])) {
-                $allowCreate = $nameIdPolicy['AllowCreate'];
-            } else {
-                $allowCreate = false;
-            }
+            $nameIDFormat = $nameIdPolicy->getFormat();
+            $allowCreate = $nameIdPolicy->getAllowCreate() ?? false;
 
             $idpInit = false;
 
diff --git a/modules/saml/src/Message.php b/modules/saml/src/Message.php
@@ -485,10 +485,7 @@ public static function buildAuthnRequest(
         }
 
         $policy = Utils\Config\Metadata::parseNameIdPolicy($nameIdPolicy);
-        // empty array signals not to set any NameIdPolicy element
-        if ($policy !== []) {
-            $ar->setNameIdPolicy($policy);
-        }
+        $ar->setNameIdPolicy($policy);
 
         $ar->setForceAuthn($spMetadata->getOptionalBoolean('ForceAuthn', false));
         $ar->setIsPassive($spMetadata->getOptionalBoolean('IsPassive', false));
diff --git a/src/SimpleSAML/Utils/Config/Metadata.php b/src/SimpleSAML/Utils/Config/Metadata.php
@@ -7,6 +7,7 @@
 use SimpleSAML\{Configuration, Logger};
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\XML\md\ContactPerson;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
 
 use function in_array;
 
@@ -129,16 +130,16 @@ public static function isHiddenFromDiscovery(array $metadata): bool
     /**
      * This method parses the different possible values of the NameIDPolicy metadata configuration.
      */
-    public static function parseNameIdPolicy(array $nameIdPolicy = null): array
+    public static function parseNameIdPolicy(array $nameIdPolicy = null): ?NameIDPolicy
     {
         if ($nameIdPolicy === null) {
             // when NameIDPolicy is unset or set to null, default to transient
-            return ['Format' => C::NAMEID_TRANSIENT, 'AllowCreate' => true];
+            return NameIDPolicy::fromArray(['Format' => C::NAMEID_TRANSIENT, 'AllowCreate' => true]);
         }
 
         if ($nameIdPolicy === []) {
             // empty array means not to send any NameIDPolicy element
-            return [];
+            return null;
         }
 
         // handle configurations specifying an array in the NameIDPolicy config option
@@ -152,6 +153,6 @@ public static function parseNameIdPolicy(array $nameIdPolicy = null): array
             $policy['SPNameQualifier'] = $spNameQualifier;
         }
 
-        return $policy;
+        return NameIDPolicy::fromArray($policy);
     }
 }
diff --git a/tests/src/SimpleSAML/Utils/Config/MetadataTest.php b/tests/src/SimpleSAML/Utils/Config/MetadataTest.php
@@ -9,6 +9,7 @@
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\SAML2\Constants as C;
 use SimpleSAML\SAML2\XML\md\ContactPerson;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
 use SimpleSAML\Utils\Config\Metadata;
 use TypeError;
 
@@ -60,72 +61,18 @@ public function testIsHiddenFromDiscovery(): void
 
 
     /**
-     * Test \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy().
-     * Set to specific arrays.
+     * @covers \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy
      */
     public function testParseNameIdPolicy(): void
     {
-        $nameIdPolicy = [
-            'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
-            'AllowCreate' => false
-        ];
-        $this->assertEquals([
-            'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
-            'AllowCreate' => false
-        ], Metadata::parseNameIdPolicy($nameIdPolicy));
+        $this->assertNull(Metadata::parseNameIdPolicy([]));
+        $this->assertInstanceOf(NameIDPolicy::class, Metadata::parseNameIdPolicy());
 
         $nameIdPolicy = [
             'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
             'AllowCreate' => false,
             'SPNameQualifier' => 'TEST'
         ];
-        $this->assertEquals([
-            'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
-            'AllowCreate' => false,
-            'SPNameQualifier' => 'TEST'
-        ], Metadata::parseNameIdPolicy($nameIdPolicy));
-    }
-
-    /**
-     * Test \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy().
-     * Test with settings that produce the fallback defaults.
-     */
-    public function testParseNameIdPolicyDefaults(): void
-    {
-        // Test null or unset
-        $nameIdPolicy = null;
-        $this->assertEquals([
-            'Format' => C::NAMEID_TRANSIENT,
-            'AllowCreate' => true
-        ], Metadata::parseNameIdPolicy($nameIdPolicy));
-
-        $nameIdPolicy = [
-            'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
-        ];
-        $this->assertEquals([
-            'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
-            'AllowCreate' => true
-        ], Metadata::parseNameIdPolicy($nameIdPolicy));
-
-        $nameIdPolicy = [
-            'AllowCreate' => false,
-        ];
-        $this->assertEquals([
-            'Format' => C::NAMEID_TRANSIENT,
-            'AllowCreate' => false
-        ], Metadata::parseNameIdPolicy($nameIdPolicy));
-    }
-
-    /**
-     * Test \SimpleSAML\Utils\Config\Metadata::parseNameIdPolicy().
-     * Test with setting to empty array (meaning to not send any NameIdPolicy).
-     */
-    public function testParseNameIdPolicyEmpty(): void
-    {
-        $nameIdPolicy = [];
-        $this->assertEquals(
-            [],
-            Metadata::parseNameIdPolicy($nameIdPolicy)
-        );
+        $this->assertInstanceOf(NameIDPolicy::class, Metadata::parseNameIdPolicy($nameIdPolicy));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`use SimpleSAML\{Configuration, Logger};`
`8`	`8`	`use SimpleSAML\SAML2\Constants as C;`
`9`	`9`	`use SimpleSAML\SAML2\XML\md\ContactPerson;`
	`10`	`+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;`
`10`	`11`
`11`	`12`	`use function in_array;`
`12`	`13`
`@@ -129,16 +130,16 @@ public static function isHiddenFromDiscovery(array $metadata): bool`
`129`	`130`	`/**`
`130`	`131`	`* This method parses the different possible values of the NameIDPolicy metadata configuration.`
`131`	`132`	`*/`
`132`		`- public static function parseNameIdPolicy(array $nameIdPolicy = null): array`
	`133`	`+ public static function parseNameIdPolicy(array $nameIdPolicy = null): ?NameIDPolicy`
`133`	`134`	`{`
`134`	`135`	`if ($nameIdPolicy === null) {`
`135`	`136`	`// when NameIDPolicy is unset or set to null, default to transient`
`136`		`- return ['Format' => C::NAMEID_TRANSIENT, 'AllowCreate' => true];`
	`137`	`+ return NameIDPolicy::fromArray(['Format' => C::NAMEID_TRANSIENT, 'AllowCreate' => true]);`
`137`	`138`	`}`
`138`	`139`
`139`	`140`	`if ($nameIdPolicy === []) {`
`140`	`141`	`// empty array means not to send any NameIDPolicy element`
`141`		`- return [];`
	`142`	`+ return null;`
`142`	`143`	`}`
`143`	`144`
`144`	`145`	`// handle configurations specifying an array in the NameIDPolicy config option`
`@@ -152,6 +153,6 @@ public static function parseNameIdPolicy(array $nameIdPolicy = null): array`
`152`	`153`	`$policy['SPNameQualifier'] = $spNameQualifier;`
`153`	`154`	`}`
`154`	`155`
`155`		`- return $policy;`
	`156`	`+ return NameIDPolicy::fromArray($policy);`
`156`	`157`	`}`
`157`	`158`	`}`