Update tests

- Test on LogoutResponse only as LogoutRequest should not be affected - Update other test now that message name is checked before signature
machunmei · Apr 14, 2020 · 2abcd52 · 2abcd52
1 parent cd2d62d
commit 2abcd52
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 26 deletions.
diff --git a/Sustainsys.Saml2.sln b/Sustainsys.Saml2.sln
@@ -101,6 +101,7 @@ Global
 	GlobalSection(SharedMSBuildProjectFiles) = preSolution
 		Tests\Tests.Shared\Tests.Shared.projitems*{82f84e61-1292-47cf-b0dc-59f26ec56c32}*SharedItemsImports = 13
 		Tests\Tests.Shared\Tests.Shared.projitems*{c5c43d57-3a9c-4edf-97af-ee55a950284c}*SharedItemsImports = 4
+		Tests\Tests.Shared\Tests.Shared.projitems*{ff774b2e-51d4-4c64-ba0e-c061683a9b93}*SharedItemsImports = 5
 	EndGlobalSection
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU

diff --git a/Tests/Tests.Shared/WebSSO/LogoutCommandTests.cs b/Tests/Tests.Shared/WebSSO/LogoutCommandTests.cs
@@ -367,6 +367,63 @@ public void LogoutCommand_Run_HandlesLogoutResponse()
             actual.Should().BeEquivalentTo(expected);
         }
 
+        [TestMethod]
+        public void LogoutCommand_Run_RejectsUnsignedLogoutResponse()
+        {
+            var relayState = "MyRelayState";
+            var response = new Saml2LogoutResponse(Saml2StatusCode.Success)
+            {
+                DestinationUrl = new Uri("http://sp.example.com/path/Saml2/logout"),
+                Issuer = new EntityId("https://idp.example.com"),
+                InResponseTo = new Saml2Id(),
+                RelayState = relayState
+            };
+
+            var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
+                .Bind(response);
+
+            var request = new HttpRequestData("GET",
+                bindResult.Location,
+                "http://sp-internal.example.com/path/Saml2",
+                null,
+                new StoredRequestState(null, new Uri("http://loggedout.example.com"), null, null));
+
+            var options = StubFactory.CreateOptions();
+
+            CommandFactory.GetCommand(CommandFactory.LogoutCommandName)
+                .Invoking(c => c.Run(request, options))
+                .Should().Throw<UnsuccessfulSamlOperationException>();
+        }
+
+        [TestMethod]
+        public void LogoutCommand_Run_AcceptsUnsignedLogoutResponseIfCompatFlagSet()
+        {
+            var relayState = "MyRelayState";
+            var response = new Saml2LogoutResponse(Saml2StatusCode.Success)
+            {
+                DestinationUrl = new Uri("http://sp.example.com/path/Saml2/logout"),
+                Issuer = new EntityId("https://idp.example.com"),
+                InResponseTo = new Saml2Id(),
+                RelayState = relayState
+            };
+
+            var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
+                .Bind(response);
+
+            var request = new HttpRequestData("GET",
+                bindResult.Location,
+                "http://sp-internal.example.com/path/Saml2",
+                null,
+                new StoredRequestState(null, new Uri("http://loggedout.example.com"), null, null));
+
+            var options = StubFactory.CreateOptions();
+            options.SPOptions.Compatibility.AcceptUnsignedLogoutResponses = true;
+
+            // Should not throw.
+            CommandFactory.GetCommand(CommandFactory.LogoutCommandName)
+                .Run(request, options);
+        }
+
         [TestMethod]
         public void LogoutCommand_Run_HandlesLogoutResponse_InPost()
         {
@@ -685,31 +742,6 @@ public void LogoutCommand_Run_IncomingRequest_ThroughRedirectBinding_ThrowsOnMis
                 .WithMessage("Received a LogoutRequest from https://idp.example.com that cannot be processed because it is not signed.");
         }
 
-        [TestMethod]
-        public void LogoutCommand_Run_IncomingRequest_ThroughRedirectBinding_DoesnotThrowOnMissingSignatureWithCompatibilityOption()
-        {
-            var request = new Saml2LogoutRequest()
-            {
-                DestinationUrl = new Uri("http://sp.example.com/path/Saml2/logout"),
-                Issuer = new EntityId("https://idp.example.com"),
-                NameId = new Saml2NameIdentifier("NameId"),
-                SessionIndex = "SessionID"
-            };
-
-            var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
-                .Bind(request);
-
-            var httpRequest = new HttpRequestData("GET", bindResult.Location);
-
-            var options = StubFactory.CreateOptions();
-            options.SPOptions.ServiceCertificates.Add(SignedXmlHelper.TestCert);
-            options.SPOptions.Compatibility.AcceptUnsignedLogoutResponses = true;
-
-            CommandFactory.GetCommand(CommandFactory.LogoutCommandName)
-                .Invoking(c => c.Run(httpRequest, options))
-                .Should().NotThrow();
-        }
-
         [TestMethod]
         public void LogoutCommand_Run_ThrowsOnLogoutResponseStatusNonSuccess()
         {
@@ -937,7 +969,7 @@ public void LogoutCommand_Run_ThrowsOnMissingIssuerInReceivedMessage()
                 MessageName = "SAMLRequest",
                 SigningCertificate = SignedXmlHelper.TestCert,
                 DestinationUrl = new Uri("http://localhost"),
-                XmlData = "<Xml />"
+                XmlData = "<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"/>"
             };
 
             var url = Saml2Binding.Get(Saml2BindingType.HttpRedirect)