Merge pull request #351 from mauromol/improve-response-status-in-logout-response

pitbulk · web-flow · commit ca9d5f24970a · 2021-07-26T20:26:34.000+02:00
Support more complex response statuses in LogoutResponse generation
diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
@@ -353,37 +353,48 @@ protected NodeList query (String query) throws XPathExpressionException {
 		return Util.query(this.logoutResponseDocument, query, null);
 	}
 
-    /**
-     * Generates a Logout Response XML string.
-     *
-     * @param inResponseTo
-     *				InResponseTo attribute value to bet set at the Logout Response. 
-	 * @param statusCode
-	 * 				String StatusCode to be set on the LogoutResponse
-     */
-	public void build(String inResponseTo, String statusCode) {
+      /**
+       * Generates a Logout Response XML string.
+       *
+       * @param inResponseTo
+       *				InResponseTo attribute value to bet set at the Logout Response. 
+	 * @param responseStatus
+	 * 				SamlResponseStatus response status to be set on the LogoutResponse
+       */
+	public void build(String inResponseTo, SamlResponseStatus responseStatus) {
 		id = Util.generateUniqueID(settings.getUniqueIDPrefix());
 		issueInstant = Calendar.getInstance();
 		this.inResponseTo = inResponseTo;
 
-		StrSubstitutor substitutor = generateSubstitutor(settings, statusCode);
+		StrSubstitutor substitutor = generateSubstitutor(settings, responseStatus);
 		this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate()), settings);
 	}
 
-    /**
-     * Generates a Logout Response XML string.
-     *
-     * @param inResponseTo
-     *				InResponseTo attribute value to bet set at the Logout Response. 
-     */
+      /**
+       * Generates a Logout Response XML string.
+       *
+       * @param inResponseTo
+       *				InResponseTo attribute value to bet set at the Logout Response. 
+	 * @param statusCode
+	 * 				String StatusCode to be set on the LogoutResponse
+       */
+	public void build(String inResponseTo, String statusCode) {
+		build(inResponseTo, new SamlResponseStatus(statusCode));
+	}
+
+      /**
+       * Generates a Logout Response XML string.
+       *
+       * @param inResponseTo
+       *				InResponseTo attribute value to bet set at the Logout Response. 
+       */
 	public void build(String inResponseTo) {
 		build(inResponseTo, Constants.STATUS_SUCCESS);
 	}
 	
-    /**
-     * Generates a Logout Response XML string.
-     *
-     */
+      /**
+       * Generates a Logout Response XML string.
+       */
 	public void build() {
 		build(null);
 	}	
@@ -413,12 +424,12 @@ protected String postProcessXml(final String logoutResponseXml, final Saml2Setti
 	 *
 	 * @param settings
 	 * 				Saml2Settings object. Setting data
-	 * @param statusCode
-	 * 				String StatusCode to be set on the LogoutResponse
+	 * @param responseStatus
+	 * 				SamlResponseStatus response status to be set on the LogoutResponse
 	 *
 	 * @return the StrSubstitutor object of the LogoutResponse
 	 */
-	private StrSubstitutor generateSubstitutor(Saml2Settings settings, String statusCode) {
+	private StrSubstitutor generateSubstitutor(Saml2Settings settings, SamlResponseStatus responseStatus) {
 		Map<String, String> valueMap = new HashMap<String, String>();
 
 		valueMap.put("id", Util.toXml(id));
@@ -439,29 +450,34 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings, String status
 		}
 		valueMap.put("inResponseStr", inResponseStr);		
 
-		String statusStr = "";
-		if (statusCode != null) {
-			statusStr = "Value=\"" + Util.toXml(statusCode) + "\"";
+		StringBuilder statusStr = new StringBuilder("<samlp:StatusCode ");
+		if (responseStatus != null) {
+			String statusCode = responseStatus.getStatusCode();
+			if (statusCode != null) {
+				statusStr.append("Value=\"").append(Util.toXml(statusCode)).append("\"");
+				String subStatusCode = responseStatus.getSubStatusCode();
+				if (subStatusCode != null) {
+					statusStr.append("><samlp:StatusCode Value=\"")
+						.append(Util.toXml(subStatusCode))
+						.append("\" /></samlp:StatusCode>");
+				} else {
+					statusStr.append(" />");
+				}
+				String statusMessage = responseStatus.getStatusMessage();
+				if (statusMessage != null) {
+					statusStr.append("<samlp:StatusMessage>")
+						.append(Util.toXml(statusMessage))
+						.append("</samlp:StatusMessage>");
+				}
+			}
 		}
-		valueMap.put("statusStr", statusStr);
+		valueMap.put("statusStr", statusStr.toString());
 
 		valueMap.put("issuer", Util.toXml(settings.getSpEntityId()));
 
 		return new StrSubstitutor(valueMap);
 	}
 
-	/**
-	 * Substitutes LogoutResponse variables within a string by values.
-	 *
-	 * @param settings
-	 * 				Saml2Settings object. Setting data
-	 *
-	 * @return the StrSubstitutor object of the LogoutResponse
-	 */
-	private StrSubstitutor generateSubstitutor(Saml2Settings settings) {
-		return generateSubstitutor(settings, Constants.STATUS_SUCCESS);
-	}
-
 	/**
 	 * @return the LogoutResponse's template
 	 */
@@ -473,7 +489,7 @@ private static StringBuilder getLogoutResponseTemplate() {
 		template.append("IssueInstant=\"${issueInstant}\"${destinationStr}${inResponseStr} >");
 		template.append("<saml:Issuer>${issuer}</saml:Issuer>");
 		template.append("<samlp:Status>");
-		template.append("<samlp:StatusCode ${statusStr} />");
+		template.append("${statusStr}");
 		template.append("</samlp:Status>");
 		template.append("</samlp:LogoutResponse>");
 		return template;
diff --git a/core/src/test/java/com/onelogin/saml2/test/logout/LogoutResponseTest.java b/core/src/test/java/com/onelogin/saml2/test/logout/LogoutResponseTest.java
@@ -24,6 +24,7 @@
 import com.onelogin.saml2.exception.XMLEntityException;
 import com.onelogin.saml2.http.HttpRequest;
 import com.onelogin.saml2.logout.LogoutResponse;
+import com.onelogin.saml2.model.SamlResponseStatus;
 import com.onelogin.saml2.settings.Saml2Settings;
 import com.onelogin.saml2.settings.SettingsBuilder;
 import com.onelogin.saml2.test.NaiveUrlEncoder;
@@ -162,12 +163,34 @@ public void testBuild() throws IOException, XMLEntityException, URISyntaxExcepti
 		assertThat(logoutRequestStr, containsString("StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\""));
 
 		LogoutResponse logoutResponse3 = new LogoutResponse(settings, httpRequest);
-		logoutResponse3.build("inResponseValue", Constants.STATUS_REQUEST_DENIED);
+		logoutResponse3.build("inResponseValue", Constants.STATUS_VERSION_MISMATCH);
 		logoutRequestStringBase64 = logoutResponse3.getEncodedLogoutResponse();
 		logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
 		assertThat(logoutRequestStr, containsString("<samlp:LogoutResponse"));
 		assertThat(logoutRequestStr, containsString("InResponseTo=\"inResponseValue\""));
-		assertThat(logoutRequestStr, containsString("StatusCode Value=\"" + Constants.STATUS_REQUEST_DENIED + "\""));
+		assertThat(logoutRequestStr, containsString("<samlp:StatusCode Value=\"" + Constants.STATUS_VERSION_MISMATCH + "\" />"));
+		assertThat(logoutRequestStr, not(containsString("</samlp:StatusCode>")));
+		assertThat(logoutRequestStr, not(containsString("<samlp:StatusMessage>")));
+		
+		LogoutResponse logoutResponse4 = new LogoutResponse(settings, httpRequest);
+		SamlResponseStatus responseStatus = new SamlResponseStatus(Constants.STATUS_RESPONDER);
+		responseStatus.setSubStatusCode(Constants.STATUS_PARTIAL_LOGOUT);
+		logoutResponse4.build("inResponseValue", responseStatus);
+		logoutRequestStringBase64 = logoutResponse4.getEncodedLogoutResponse();
+		logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
+		assertThat(logoutRequestStr, containsString("<samlp:LogoutResponse"));
+		assertThat(logoutRequestStr, containsString("InResponseTo=\"inResponseValue\""));
+		assertThat(logoutRequestStr, containsString("<samlp:StatusCode Value=\"" + Constants.STATUS_RESPONDER + "\"><samlp:StatusCode Value=\"" + Constants.STATUS_PARTIAL_LOGOUT + "\" /></samlp:StatusCode>"));
+		assertThat(logoutRequestStr, not(containsString("<samlp:StatusMessage>")));
+
+		responseStatus.setStatusMessage("status message");
+		logoutResponse4.build("inResponseValue", responseStatus);
+		logoutRequestStringBase64 = logoutResponse4.getEncodedLogoutResponse();
+		logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64);
+		assertThat(logoutRequestStr, containsString("<samlp:LogoutResponse"));
+		assertThat(logoutRequestStr, containsString("InResponseTo=\"inResponseValue\""));
+		assertThat(logoutRequestStr, containsString("<samlp:StatusCode Value=\"" + Constants.STATUS_RESPONDER + "\"><samlp:StatusCode Value=\"" + Constants.STATUS_PARTIAL_LOGOUT + "\" /></samlp:StatusCode>"));
+		assertThat(logoutRequestStr, containsString("<samlp:StatusMessage>status message</samlp:StatusMessage>"));
 	}
 
 	/**
