From 3c5c3b60cd612886e780c2e02f80ccd3b2575e3d Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Fri, 24 Jun 2022 11:14:19 +0000
Subject: [PATCH] Move NameId generation to separate method for
 understandability

No functional changes
---
 modules/saml/src/IdP/SAML2.php | 41 +++++++++++++++++++++-------------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php
index 25eb69909..df94202f0 100644
--- a/modules/saml/src/IdP/SAML2.php
+++ b/modules/saml/src/IdP/SAML2.php
@@ -1214,9 +1214,32 @@ class SAML2
             $a->setAttributes($attributes);
         }
 
+        $nameId = self::generateNameId($idpMetadata, $spMetadata, $state);
+        $state['saml:idp:NameID'] = $nameId;
+        $a->setNameId($nameId);
+
+        $encryptNameId = $spMetadata->getOptionalBoolean('nameid.encryption', null);
+        if ($encryptNameId === null) {
+            $encryptNameId = $idpMetadata->getOptionalBoolean('nameid.encryption', false);
+        }
+        if ($encryptNameId) {
+            $a->encryptNameId(\SimpleSAML\Module\saml\Message::getEncryptionKey($spMetadata));
+        }
+
+        return $a;
+    }
+
+    /**
+     * Helper for buildAssertion to decide on an NameID to set
+     */
+    private static function generateNameId(
+        Configuration $idpMetadata,
+        Configuration $spMetadata,
+        array $state
+    ): NameID
+    {
         $nameIdFormat = null;
 
-        // generate the NameID for the assertion
         if (isset($state['saml:NameIDFormat'])) {
             $nameIdFormat = $state['saml:NameIDFormat'];
         }
@@ -1236,6 +1259,7 @@ class SAML2
         } else {
             if ($nameIdFormat === Constants::NAMEID_TRANSIENT) {
                 // generate a random id
+                $randomUtils = new Utils\Random();
                 $nameIdValue = $randomUtils->generateID();
             }
 
@@ -1250,22 +1274,9 @@ class SAML2
             $nameId->setSPNameQualifier($spNameQualifier);
         }
 
-        $state['saml:idp:NameID'] = $nameId;
-
-        $a->setNameId($nameId);
-
-        $encryptNameId = $spMetadata->getOptionalBoolean('nameid.encryption', null);
-        if ($encryptNameId === null) {
-            $encryptNameId = $idpMetadata->getOptionalBoolean('nameid.encryption', false);
-        }
-        if ($encryptNameId) {
-            $a->encryptNameId(\SimpleSAML\Module\saml\Message::getEncryptionKey($spMetadata));
-        }
-
-        return $a;
+        return $nameId;
     }
 
-
     /**
      * Encrypt an assertion.
      *
-- 
GitLab