@@ -672,6 +672,7 @@ public function testProcessSLORequestDeletingSession()
672
672
$ plainMessage = str_replace ('http://stuff.com/endpoints/endpoints/sls.php ' , $ currentURL , $ plainMessage );
673
673
$ message = base64_encode (gzdeflate ($ plainMessage ));
674
674
675
+ unset($ _GET ['SAMLResponse ' ]);
675
676
$ _GET ['SAMLRequest ' ] = $ message ;
676
677
677
678
if (!isset ($ _SESSION )) {
@@ -680,9 +681,9 @@ public function testProcessSLORequestDeletingSession()
680
681
$ _SESSION ['samltest ' ] = true ;
681
682
682
683
$ this ->_auth ->setStrict (true );
684
+
683
685
$ targetUrl = $ this ->_auth ->processSLO (false , null , false , null , true );
684
686
$ parsedQuery = getParamsFromUrl ($ targetUrl );
685
-
686
687
$ sloResponseUrl = $ this ->_settingsInfo ['idp ' ]['singleLogoutService ' ]['responseUrl ' ];
687
688
$ this ->assertStringContainsString ($ sloResponseUrl , $ targetUrl );
688
689
$ this ->assertArrayHasKey ('SAMLResponse ' , $ parsedQuery );
@@ -725,6 +726,7 @@ public function testProcessSLORequestDeletingSessionCallback()
725
726
$ plainMessage = str_replace ('http://stuff.com/endpoints/endpoints/sls.php ' , $ currentURL , $ plainMessage );
726
727
$ message = base64_encode (gzdeflate ($ plainMessage ));
727
728
729
+ unset($ _GET ['SAMLResponse ' ]);
728
730
$ _GET ['SAMLRequest ' ] = $ message ;
729
731
730
732
if (!isset ($ _SESSION )) {
@@ -773,11 +775,12 @@ public function testProcessSLORequestRelayState()
773
775
$ plainMessage = str_replace ('http://stuff.com/endpoints/endpoints/sls.php ' , $ currentURL , $ plainMessage );
774
776
$ message = base64_encode (gzdeflate ($ plainMessage ));
775
777
778
+ unset($ _GET ['SAMLResponse ' ]);
776
779
$ _GET ['SAMLRequest ' ] = $ message ;
777
780
$ _GET ['RelayState ' ] = 'http://relaystate.com ' ;
778
781
779
782
$ this ->_auth ->setStrict (true );
780
- $ targetUrl = $ this ->_auth ->processSLO (false , null , fase, null , null , true );
783
+ $ targetUrl = $ this ->_auth ->processSLO (false , null , null , null , true );
781
784
$ parsedQuery = getParamsFromUrl ($ targetUrl );
782
785
783
786
$ sloResponseUrl = $ this ->_settingsInfo ['idp ' ]['singleLogoutService ' ]['responseUrl ' ];
@@ -815,7 +818,7 @@ public function testProcessSLORequestSignedResponse()
815
818
$ _GET ['RelayState ' ] = 'http://relaystate.com ' ;
816
819
817
820
$ auth ->setStrict (true );
818
- $ targetUrl = $ this -> _auth -> processSLO (false , null , fase , null , null , true );
821
+ $ targetUrl = $ auth -> processSLO (false , null , null , null , true );
819
822
820
823
$ parsedQuery = getParamsFromUrl ($ targetUrl );
821
824
@@ -826,7 +829,7 @@ public function testProcessSLORequestSignedResponse()
826
829
$ this ->assertArrayHasKey ('SigAlg ' , $ parsedQuery );
827
830
$ this ->assertArrayHasKey ('Signature ' , $ parsedQuery );
828
831
$ this ->assertEquals ('http://relaystate.com ' , $ parsedQuery ['RelayState ' ]);
829
- $ this ->assertEquals (XMLSecurityKey::RSA_SHA1 , $ parsedQuery ['SigAlg ' ]);
832
+ $ this ->assertEquals (XMLSecurityKey::RSA_SHA256 , $ parsedQuery ['SigAlg ' ]);
830
833
}
831
834
832
835
/**
@@ -918,7 +921,7 @@ public function testLoginSigned()
918
921
$ this ->assertArrayHasKey ('SigAlg ' , $ parsedQuery );
919
922
$ this ->assertArrayHasKey ('Signature ' , $ parsedQuery );
920
923
$ this ->assertEquals ($ parsedQuery ['RelayState ' ], $ returnTo );
921
- $ this ->assertEquals (XMLSecurityKey::RSA_SHA1 , $ parsedQuery ['SigAlg ' ]);
924
+ $ this ->assertEquals (XMLSecurityKey::RSA_SHA256 , $ parsedQuery ['SigAlg ' ]);
922
925
}
923
926
924
927
/**
@@ -946,7 +949,7 @@ public function testLoginForceAuthN()
946
949
$ encodedRequest = $ parsedQuery ['SAMLRequest ' ];
947
950
$ decoded = base64_decode ($ encodedRequest );
948
951
$ request = gzinflate ($ decoded );
949
- $ this ->assertNotContains ('ForceAuthn="true" ' , $ request );
952
+ $ this ->assertStringNotContainsString ('ForceAuthn="true" ' , $ request );
950
953
951
954
$ returnTo = 'http://example.com/returnto ' ;
952
955
@@ -959,7 +962,7 @@ public function testLoginForceAuthN()
959
962
$ encodedRequest2 = $ parsedQuery2 ['SAMLRequest ' ];
960
963
$ decoded2 = base64_decode ($ encodedRequest2 );
961
964
$ request2 = gzinflate ($ decoded2 );
962
- $ this ->assertNotContains ('ForceAuthn="true" ' , $ request2 );
965
+ $ this ->assertStringNotContainsString ('ForceAuthn="true" ' , $ request2 );
963
966
964
967
$ returnTo = 'http://example.com/returnto ' ;
965
968
$ targetUrl3 = $ auth ->login ($ returnTo , [], true , false , true );
@@ -1000,7 +1003,7 @@ public function testLoginIsPassive()
1000
1003
$ encodedRequest = $ parsedQuery ['SAMLRequest ' ];
1001
1004
$ decoded = base64_decode ($ encodedRequest );
1002
1005
$ request = gzinflate ($ decoded );
1003
- $ this ->assertNotContains ('IsPassive="true" ' , $ request );
1006
+ $ this ->assertStringNotContainsString ('IsPassive="true" ' , $ request );
1004
1007
1005
1008
$ returnTo = 'http://example.com/returnto ' ;
1006
1009
$ targetUrl2 = $ auth ->login ($ returnTo , [], false , false , true );
@@ -1012,7 +1015,7 @@ public function testLoginIsPassive()
1012
1015
$ encodedRequest2 = $ parsedQuery2 ['SAMLRequest ' ];
1013
1016
$ decoded2 = base64_decode ($ encodedRequest2 );
1014
1017
$ request2 = gzinflate ($ decoded2 );
1015
- $ this ->assertNotContains ('IsPassive="true" ' , $ request2 );
1018
+ $ this ->assertStringNotContainsString ('IsPassive="true" ' , $ request2 );
1016
1019
1017
1020
$ returnTo = 'http://example.com/returnto ' ;
1018
1021
$ targetUrl3 = $ auth ->login ($ returnTo , [], false , true , true );
@@ -1048,7 +1051,7 @@ public function testLoginNameIDPolicy()
1048
1051
$ encodedRequest = $ parsedQuery ['SAMLRequest ' ];
1049
1052
$ decoded = base64_decode ($ encodedRequest );
1050
1053
$ request = gzinflate ($ decoded );
1051
- $ this ->assertNotContains ('<samlp:NameIDPolicy ' , $ request );
1054
+ $ this ->assertStringNotContainsString ('<samlp:NameIDPolicy ' , $ request );
1052
1055
1053
1056
$ returnTo = 'http://example.com/returnto ' ;
1054
1057
$ targetUrl2 = $ auth ->login ($ returnTo , [], false , false , true , true );
@@ -1095,7 +1098,7 @@ public function testLoginSubject()
1095
1098
$ encodedRequest = $ parsedQuery ['SAMLRequest ' ];
1096
1099
$ decoded = base64_decode ($ encodedRequest );
1097
1100
$ request = gzinflate ($ decoded );
1098
- $ this ->assertNotContains ('<saml:Subject ' , $ request );
1101
+ $ this ->assertStringNotContainsString ('<saml:Subject ' , $ request );
1099
1102
1100
1103
$ returnTo = 'http://example.com/returnto ' ;
1101
1104
$ targetUrl2 =
$ auth->
login (
$ returnTo, [],
false ,
false ,
true ,
true ,
"[email protected] " );
@@ -1123,9 +1126,10 @@ public function testLoginSubject()
1123
1126
$ encodedRequest3 = $ parsedQuery3 ['SAMLRequest ' ];
1124
1127
$ decoded3 = base64_decode ($ encodedRequest3 );
1125
1128
$ request3 = gzinflate ($ decoded3 );
1126
- $ this ->assertStringContainsString ('<saml:Subject ' , $ request3 );
1127
- $ this ->
assertStringContainsString (
'Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected] </saml:NameID> ' ,
$ request3);
1128
- $ this ->assertStringContainsString ('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> ' , $ request3 );
1129
+ $ this ->assertStringNotContainsString ('<saml:Subject ' , $ request3 );
1130
+ $ this ->assertStringContainsString ('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" ' , $ request3 );
1131
+ $ this ->
assertStringNotContainsString (
'[email protected] ' ,
$ request3);
1132
+ $ this ->assertStringNotContainsString ('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> ' , $ request3 );
1129
1133
}
1130
1134
1131
1135
/**
@@ -1176,7 +1180,7 @@ public function testLogoutWithRelayStateAndParameters()
1176
1180
{
1177
1181
$ relayState = 'http://sp.example.com ' ;
1178
1182
$ parameters = array ('test1 ' => 'value1 ' , 'test2 ' => 'value2 ' );
1179
- $ targetUrl = $ this ->_auth ->logout ($ relayState , $ parameters );
1183
+ $ targetUrl = $ this ->_auth ->logout ($ relayState , $ parameters, null , null , true );
1180
1184
$ parsedQuery = getParamsFromUrl ($ targetUrl );
1181
1185
1182
1186
$ sloUrl = $ this ->_settingsInfo ['idp ' ]['singleLogoutService ' ]['url ' ];
@@ -1222,27 +1226,33 @@ public function testLogoutNameID()
1222
1226
$ message = file_get_contents (TEST_ROOT . '/data/responses/valid_response.xml.base64 ' );
1223
1227
$ _POST ['SAMLResponse ' ] = $ message ;
1224
1228
$ this ->_auth ->processResponse ();
1229
+ $ sloUrl = $ this ->_settingsInfo ['idp ' ]['singleLogoutService ' ]['url ' ];
1230
+
1231
+ $ expectedNameId = '492882615acf31c8096b627245d76ae53036c090 ' ;
1225
1232
$ nameIdFromResponse = $ this ->_auth ->getNameId ();
1233
+ $ this ->assertEquals ($ nameIdFromResponse , $ expectedNameId );
1226
1234
1227
- try {
1228
- $ nameId = 'my_name_id ' ;
1229
- $ this ->_auth ->logout ();
1230
- // Do not ever get here
1231
- $ this ->assertFalse (true );
1232
- } catch (Exception $ e ) {
1233
- $ this ->assertStringContainsString ('Cannot modify header information ' , $ e ->getMessage ());
1234
- $ trace = $ e ->getTrace ();
1235
- $ targetUrl = getUrlFromRedirect ($ trace );
1236
- $ parsedQuery = getParamsFromUrl ($ targetUrl );
1237
-
1238
- $ sloUrl = $ this ->_settingsInfo ['idp ' ]['singleLogoutService ' ]['url ' ];
1239
- $ this ->assertStringContainsString ($ sloUrl , $ targetUrl );
1240
- $ this ->assertArrayHasKey ('SAMLRequest ' , $ parsedQuery );
1241
-
1242
- $ logoutRequest = gzinflate (base64_decode ($ parsedQuery ['SAMLRequest ' ]));
1243
- $ nameIdFromRequest = LogoutRequest::getNameId ($ logoutRequest );
1244
- $ this ->assertEquals ($ nameIdFromResponse , $ nameIdFromRequest );
1245
- }
1235
+ $ nameId = 'my_name_id ' ;
1236
+ $ targetUrl = $ this ->_auth ->logout (null , [], null , null , true );
1237
+ $ parsedQuery = getParamsFromUrl ($ targetUrl );
1238
+
1239
+ $ this ->assertStringContainsString ($ sloUrl , $ targetUrl );
1240
+ $ this ->assertArrayHasKey ('SAMLRequest ' , $ parsedQuery );
1241
+
1242
+ $ logoutRequest = gzinflate (base64_decode ($ parsedQuery ['SAMLRequest ' ]));
1243
+ $ nameIdFromRequest = LogoutRequest::getNameId ($ logoutRequest );
1244
+ $ this ->assertEquals ($ nameIdFromResponse , $ nameIdFromRequest );
1245
+
1246
+ $ nameId = 'my_name_id ' ;
1247
+ $ targetUrl = $ this ->_auth ->logout (null , [], $ nameId , null , true );
1248
+ $ parsedQuery = getParamsFromUrl ($ targetUrl );
1249
+
1250
+ $ this ->assertStringContainsString ($ sloUrl , $ targetUrl );
1251
+ $ this ->assertArrayHasKey ('SAMLRequest ' , $ parsedQuery );
1252
+
1253
+ $ logoutRequest = gzinflate (base64_decode ($ parsedQuery ['SAMLRequest ' ]));
1254
+ $ nameIdFromRequest = LogoutRequest::getNameId ($ logoutRequest );
1255
+ $ this ->assertEquals ($ nameId , $ nameIdFromRequest );
1246
1256
}
1247
1257
1248
1258
/**
@@ -1264,27 +1274,18 @@ public function testLogoutSigned()
1264
1274
1265
1275
$ auth = new Auth ($ settingsInfo );
1266
1276
1267
- try {
1268
- // The Header of the redirect produces an Exception
1269
- $ returnTo = 'http://example.com/returnto ' ;
1270
- $ auth ->logout ($ returnTo );
1271
- // Do not ever get here
1272
- $ this ->assertFalse (true );
1273
- } catch (Exception $ e ) {
1274
- $ this ->assertStringContainsString ('Cannot modify header information ' , $ e ->getMessage ());
1275
- $ trace = $ e ->getTrace ();
1276
- $ targetUrl = getUrlFromRedirect ($ trace );
1277
- $ parsedQuery = getParamsFromUrl ($ targetUrl );
1278
-
1279
- $ sloUrl = $ settingsInfo ['idp ' ]['singleLogoutService ' ]['url ' ];
1280
- $ this ->assertStringContainsString ($ sloUrl , $ targetUrl );
1281
- $ this ->assertArrayHasKey ('SAMLRequest ' , $ parsedQuery );
1282
- $ this ->assertArrayHasKey ('RelayState ' , $ parsedQuery );
1283
- $ this ->assertArrayHasKey ('SigAlg ' , $ parsedQuery );
1284
- $ this ->assertArrayHasKey ('Signature ' , $ parsedQuery );
1285
- $ this ->assertEquals ($ parsedQuery ['RelayState ' ], $ returnTo );
1286
- $ this ->assertEquals (XMLSecurityKey::RSA_SHA1 , $ parsedQuery ['SigAlg ' ]);
1287
- }
1277
+ $ returnTo = 'http://example.com/returnto ' ;
1278
+ $ targetUrl = $ auth ->logout ($ returnTo , [], null , null , true );
1279
+ $ parsedQuery = getParamsFromUrl ($ targetUrl );
1280
+
1281
+ $ sloUrl = $ settingsInfo ['idp ' ]['singleLogoutService ' ]['url ' ];
1282
+ $ this ->assertStringContainsString ($ sloUrl , $ targetUrl );
1283
+ $ this ->assertArrayHasKey ('SAMLRequest ' , $ parsedQuery );
1284
+ $ this ->assertArrayHasKey ('RelayState ' , $ parsedQuery );
1285
+ $ this ->assertArrayHasKey ('SigAlg ' , $ parsedQuery );
1286
+ $ this ->assertArrayHasKey ('Signature ' , $ parsedQuery );
1287
+ $ this ->assertEquals ($ parsedQuery ['RelayState ' ], $ returnTo );
1288
+ $ this ->assertEquals (XMLSecurityKey::RSA_SHA256 , $ parsedQuery ['SigAlg ' ]);
1288
1289
}
1289
1290
1290
1291
/**
@@ -1580,9 +1581,9 @@ public function testGetIdFromLastLogoutResponse()
1580
1581
}
1581
1582
1582
1583
/**
1583
- * Tests the checkSettings method of the OneLogin_Saml2_Settings when SpValidateOnly is false and IdP is not defined
1584
+ * Tests the checkSettings method of the Settings when SpValidateOnly is false and IdP is not defined
1584
1585
*
1585
- * @covers OneLogin_Saml2_Settings ::checkSettings
1586
+ * @covers OneLogin\Saml2\Settings ::checkSettings
1586
1587
*/
1587
1588
public function testSpValidateOnlyIsTrue ()
1588
1589
{
@@ -1594,9 +1595,9 @@ public function testSpValidateOnlyIsTrue()
1594
1595
}
1595
1596
1596
1597
/**
1597
- * Tests the checkSettings method of the OneLogin_Saml2_Settings when SpValidateOnly is false and IdP is not defined
1598
+ * Tests the checkSettings method of the Settings when SpValidateOnly is false and IdP is not defined
1598
1599
*
1599
- * @covers OneLogin_Saml2_Settings ::checkSettings
1600
+ * @covers OneLogin\Saml2\Settings ::checkSettings
1600
1601
*/
1601
1602
public function testSpValidateOnlyIsFalse ()
1602
1603
{
@@ -1606,7 +1607,7 @@ public function testSpValidateOnlyIsFalse()
1606
1607
try {
1607
1608
$ settings = new Settings ($ settingsInfo );
1608
1609
} catch (Error $ e ) {
1609
- $ this ->assertContains ('idp_not_found ' , $ e ->getMessage ());
1610
+ $ this ->assertStringContainsString ('idp_not_found ' , $ e ->getMessage ());
1610
1611
}
1611
1612
}
1612
1613
}
0 commit comments