Merge pull request #1337 from msalle/hidefromdiscoverybug

Check explicitly whether array element is defined

Merge pull request #1337 from msalle/hidefromdiscoverybug
Check explicitly whether array element is defined
213b6fe1 · Thijs Kinkhorst · GitHub · 3d0de8e2 · afcb8c87 · 213b6fe1
Unverified Commit 213b6fe1 authored 4 years ago by Thijs Kinkhorst Committed by GitHub 4 years ago
--- a/lib/SimpleSAML/Utils/Config/Metadata.php
+++ b/lib/SimpleSAML/Utils/Config/Metadata.php
@@ -298,10 +298,10 @@ class Metadata
     */
    public static function isHiddenFromDiscovery(array $metadata): bool
    {
-        Logger::maskErrors(E_ALL);
-        $hidden = in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY], true);
-        Logger::popErrorMask();
-        return $hidden === true;
+        if (!isset($metadata['EntityAttributes'][self::$ENTITY_CATEGORY])) {
+            return false;
+        }
+        return in_array(self::$HIDE_FROM_DISCOVERY, $metadata['EntityAttributes'][self::$ENTITY_CATEGORY], true);
    }



--- a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
+++ b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
@@ -271,4 +271,99 @@ XML
        );
        $this->assertEquals($expected['name'], $metadata['name']);
    }
+
+    /**
+     * Test entity category hidden from discovery is parsed
+     * @return void
+     */
+    public function testHiddenFromDiscovery(): void
+    {
+        $document = DOMDocumentFactory::fromString(
+            <<<XML
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+  <EntityDescriptor entityID="theEntityID">
+    <Extensions>
+      <mdattr:EntityAttributes>
+        <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml:AttributeValue>https://example.org/some-category</saml:AttributeValue>
+        </saml:Attribute>
+        <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
+        </saml:Attribute>
+      </mdattr:EntityAttributes>
+    </Extensions>
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
+  </EntityDescriptor>
+</EntitiesDescriptor>
+XML
+        );
+
+        $entities = SAMLParser::parseDescriptorsElement($document->documentElement);
+        $this->assertArrayHasKey('theEntityID', $entities);
+	$metadata = $entities['theEntityID']->getMetadata20IdP();
+	$this->assertArrayHasKey('hide.from.discovery', $metadata);
+        $this->assertTrue($metadata['hide.from.discovery']);
+    }
+
+    /**
+     * Test entity category hidden from discovery is not returned when not present
+     * @return void
+     */
+    public function testHiddenFromDiscoveryNotHidden(): void
+    {
+        $document = DOMDocumentFactory::fromString(
+            <<<XML
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
+  <EntityDescriptor entityID="theEntityID">
+    <Extensions>
+      <mdrpi:RegistrationInfo registrationAuthority="https://safire.ac.za">
+        <mdrpi:RegistrationPolicy xml:lang="en">https://safire.ac.za/safire/policy/mrps/v20190207.html</mdrpi:RegistrationPolicy>
+      </mdrpi:RegistrationInfo>
+      <mdattr:EntityAttributes>
+        <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml:AttributeValue>https://example.org/some-category</saml:AttributeValue>
+        </saml:Attribute>
+      </mdattr:EntityAttributes>
+    </Extensions>
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
+  </EntityDescriptor>
+</EntitiesDescriptor>
+XML
+        );
+
+        $entities = SAMLParser::parseDescriptorsElement($document->documentElement);
+        $this->assertArrayHasKey('theEntityID', $entities);
+	$metadata = $entities['theEntityID']->getMetadata20IdP();
+	$this->assertArrayNotHasKey('hide.from.discovery', $metadata);
+    }
+
+    /**
+     * Test entity category hidden from discovery is not returned when no mace dir entity categories present
+     * @return void
+     */
+    public function testHiddenFromDiscoveryNotHiddenNoMaceDirEC(): void
+    {
+        $document = DOMDocumentFactory::fromString(
+            <<<XML
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+  <EntityDescriptor entityID="theEntityID">
+    <Extensions>
+      <mdattr:EntityAttributes>
+        <saml:Attribute Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+          <saml:AttributeValue>https://example.org/some-supported-category</saml:AttributeValue>
+        </saml:Attribute>
+      </mdattr:EntityAttributes>
+    </Extensions>
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
+  </EntityDescriptor>
+</EntitiesDescriptor>
+XML
+        );
+
+        $entities = SAMLParser::parseDescriptorsElement($document->documentElement);
+        $this->assertArrayHasKey('theEntityID', $entities);
+	$metadata = $entities['theEntityID']->getMetadata20IdP();
+	$this->assertArrayNotHasKey('hide.from.discovery', $metadata);
+    }
+
 }