/** * @param AssertionAdapter $assertionAdapter * @param EntityId[] $authenticatingAuthorities * * @return AuthenticatedUser * @throws RuntimeException */ public static function createFrom(AssertionAdapter $assertionAdapter, array $authenticatingAuthorities) { $attributes = []; /** @var Attribute $attribute */ foreach ($assertionAdapter->getAttributeSet() as $attribute) { $definition = $attribute->getAttributeDefinition(); // We only want to replace the eduPersonTargetedID attribute value as that is a nested NameID attribute if ($definition->getName() !== 'eduPersonTargetedID') { $attributes[] = $attribute; continue; } $eptiValues = $attribute->getValue(); $attributes[] = new Attribute($definition, [$eptiValues[0]['Value']]); } return new self($assertionAdapter->getNameId(), AttributeSet::create($attributes), $authenticatingAuthorities); }
/** * @test * @group AttributeReleasePolicy */ public function consent_list_and_attributes_are_correctly_converted_to_a_request_and_the_response_is_mapped_correctly_to_a_result() { $someAttributeDefinition = new AttributeDefinition('someAttribute', 'urn:mace:some-attribute', 'urn:oid:0.0.0.0.0.1'); $anotherAttributeDefinition = new AttributeDefinition('anotherAttribute', null, 'urn:oid:0.0.0.0.0.2'); $attributeDictionary = new AttributeDictionary(); $attributeDictionary->addAttributeDefinition($someAttributeDefinition); $attributeDictionary->addAttributeDefinition($anotherAttributeDefinition); $client = Mockery::mock(JsonApiClient::class); $arpService = new AttributeReleasePolicyService($client, $attributeDictionary); $client->shouldReceive('post')->withArgs([['entityIds' => ['some-entity-id', 'another-entity-id'], 'attributes' => ['urn:mace:some-attribute' => ['some-value'], 'urn:oid:0.0.0.0.0.1' => ['some-value'], 'urn:oid:0.0.0.0.0.2' => ['another-value']]], '/arp'])->andReturn(['some-entity-id' => ['urn:mace:some-attribute' => ['some-value'], 'urn:oid:0.0.0.0.0.1' => ['some-value'], 'urn:oid:0.0.0.0.0.2' => ['another-value']], 'another-entity-id' => ['urn:oid:0.0.0.0.0.2' => ['another-value']]]); $someConsent = new Consent(new ServiceProvider(new Entity(new EntityId('some-entity-id'), EntityType::SP()), new DisplayName(['en' => 'Some display name']), new Url('http://some-eula-url.example'), new ContactEmailAddress('*****@*****.**')), new DateTimeImmutable(), new DateTimeImmutable(), ConsentType::explicit()); $anotherConsent = new Consent(new ServiceProvider(new Entity(new EntityId('another-entity-id'), EntityType::SP()), new DisplayName(['en' => 'Another display name']), new Url('http://another-eula-url.example'), new ContactEmailAddress('*****@*****.**')), new DateTimeImmutable(), new DateTimeImmutable(), ConsentType::explicit()); $consentList = new ConsentList([$someConsent, $anotherConsent]); $someAttribute = new Attribute($someAttributeDefinition, ['some-value']); $anotherAttribute = new Attribute($anotherAttributeDefinition, ['another-value']); $attributeSet = AttributeSet::create([$someAttribute, $anotherAttribute]); $expectedResult = SpecifiedConsentList::createWith([SpecifiedConsent::specifies($someConsent, AttributeSetWithFallbacks::create([$someAttribute, $anotherAttribute])), SpecifiedConsent::specifies($anotherConsent, AttributeSetWithFallbacks::create([$anotherAttribute]))]); $result = $arpService->applyAttributeReleasePolicies($consentList, $attributeSet); $this->assertEquals($expectedResult, $result); }
/** * @test * @group Authentication * @group Attributes */ public function epti_attribute_is_correctly_set_when_creating_an_authenticated_user() { $expectedAttributeSet = AttributeSet::create([new Attribute(new AttributeDefinition('eduPersonTargetedID', 'urn:mace:dir:attribute-def:eduPersonTargetedID'), ['abcd-some-value-xyz']), new Attribute(new AttributeDefinition('displayName', 'urn:mace:dir:attribute-def:displayName'), ['Tester'])]); $assertionWithEpti = $this->getAssertionWithEpti(); $attributeDictionary = $this->getAttributeDictionary(); $assertionAdapter = $this->mockAssertionAdapterWith(AttributeSet::createFrom($assertionWithEpti, $attributeDictionary), 'abcd-some-value-xyz'); $authenticatedUser = AuthenticatedUser::createFrom($assertionAdapter, []); $actualAttributeSet = $authenticatedUser->getAttributes(); $this->assertEquals($expectedAttributeSet, $actualAttributeSet); }