|
| 1 | +<?php |
| 2 | + |
| 3 | +namespace Hslavich\OneloginSamlBundle\Tests\Authentication; |
| 4 | + |
| 5 | +use Hslavich\OneloginSamlBundle\Security\Authentication\SamlAuthenticationSuccessHandler; |
| 6 | +use Symfony\Component\HttpFoundation\Request; |
| 7 | +use Symfony\Component\Security\Http\HttpUtils; |
| 8 | + |
| 9 | +class SamlAuthenticationSuccessHandlerTest extends \PHPUnit_Framework_TestCase |
| 10 | +{ |
| 11 | + private $handler; |
| 12 | + |
| 13 | + public function testWithAlwaysUseDefaultTargetPath() |
| 14 | + { |
| 15 | + $httpUtils = new HttpUtils($this->getUrlGenerator()); |
| 16 | + $handler = new SamlAuthenticationSuccessHandler($httpUtils, array('always_use_default_target_path' => true)); |
| 17 | + $defaultTargetPath = $httpUtils->generateUri($this->getRequest('/sso/login'), $this->getOption($handler, 'default_target_path', '/')); |
| 18 | + $response = $handler->onAuthenticationSuccess($this->getRequest('/login', 'http://localhost/relayed'), $this->getSamlToken()); |
| 19 | + $this->assertTrue($response->isRedirect($defaultTargetPath), 'SamlAuthenticationSuccessHandler does not honor the always_use_default_target_path option.'); |
| 20 | + } |
| 21 | + |
| 22 | + public function testRelayState() |
| 23 | + { |
| 24 | + $handler = new SamlAuthenticationSuccessHandler(new HttpUtils($this->getUrlGenerator()), array('always_use_default_target_path' => false)); |
| 25 | + $response = $handler->onAuthenticationSuccess($this->getRequest('/sso/login', 'http://localhost/relayed'), $this->getSamlToken()); |
| 26 | + $this->assertTrue($response->isRedirect('http://localhost/relayed'), 'SamlAuthenticationSuccessHandler is not processing the RelayState parameter properly.'); |
| 27 | + } |
| 28 | + |
| 29 | + public function testWithoutRelayState() |
| 30 | + { |
| 31 | + $httpUtils = new HttpUtils($this->getUrlGenerator()); |
| 32 | + $handler = new SamlAuthenticationSuccessHandler($httpUtils, array('always_use_default_target_path' => false)); |
| 33 | + $defaultTargetPath = $httpUtils->generateUri($this->getRequest('/sso/login'), $this->getOption($handler, 'default_target_path', '/')); |
| 34 | + $response = $handler->onAuthenticationSuccess($this->getRequest(), $this->getSamlToken()); |
| 35 | + $this->assertTrue($response->isRedirect($defaultTargetPath)); |
| 36 | + } |
| 37 | + |
| 38 | + public function testRelayStateLoop() |
| 39 | + { |
| 40 | + $httpUtils = new HttpUtils($this->getUrlGenerator()); |
| 41 | + $handler = new SamlAuthenticationSuccessHandler($httpUtils, array('always_use_default_target_path' => false)); |
| 42 | + $loginPath = $httpUtils->generateUri($this->getRequest('/sso/login'), $this->getOption($handler, 'login_path', '/login')); |
| 43 | + $response = $handler->onAuthenticationSuccess($this->getRequest($loginPath), $this->getSamlToken()); |
| 44 | + $this->assertTrue(!$response->isRedirect($loginPath), 'SamlAuthenticationSuccessHandler causes a redirect loop when RelayState points to login_path.'); |
| 45 | + } |
| 46 | + |
| 47 | + |
| 48 | + private function getUrlGenerator() |
| 49 | + { |
| 50 | + $urlGenerator = $this->getMockBuilder('Symfony\Component\Routing\Generator\UrlGeneratorInterface')->getMock(); |
| 51 | + $urlGenerator |
| 52 | + ->expects($this->any()) |
| 53 | + ->method('generate') |
| 54 | + ->will($this->returnCallback(function($name) |
| 55 | + { |
| 56 | + return (string) $name; |
| 57 | + })) |
| 58 | + ; |
| 59 | + |
| 60 | + return $urlGenerator; |
| 61 | + } |
| 62 | + |
| 63 | + private function getRequest($path = '/', $relayState = null) |
| 64 | + { |
| 65 | + $params = array(); |
| 66 | + if (null !== $relayState) { |
| 67 | + $params['RelayState'] = $relayState; |
| 68 | + } |
| 69 | + return Request::create($path, 'get', $params); |
| 70 | + } |
| 71 | + |
| 72 | + private function getSamlToken() |
| 73 | + { |
| 74 | + $token = $this->createMock('Hslavich\OneloginSamlBundle\Security\Authentication\Token\SamlToken'); |
| 75 | + $token->expects($this->any())->method('getUsername')->willReturn('admin'); |
| 76 | + $token->method('getAttributes')->willReturn(array('foo' => 'bar')); |
| 77 | + |
| 78 | + return $token; |
| 79 | + } |
| 80 | + |
| 81 | + private function getOption($handler, $name, $default = null) |
| 82 | + { |
| 83 | + $reflection = new \ReflectionObject($handler); |
| 84 | + $options = $reflection->getProperty('options'); |
| 85 | + $options->setAccessible(true); |
| 86 | + $arr = $options->getValue($handler); |
| 87 | + if (!is_array($arr) || !isset($arr[$name])) { |
| 88 | + return $default; |
| 89 | + } |
| 90 | + return $arr[$name]; |
| 91 | + } |
| 92 | +} |
0 commit comments