#86. Let login and logout methods to not execute redirections

SAML-Toolkits · Nov 22, 2016 · a94cb28 · a94cb28
1 parent 8e95972
commit a94cb28
Show file tree

Hide file tree

Showing 4 changed files with 172 additions and 10 deletions.
diff --git a/toolkit/src/main/java/com/onelogin/saml2/Auth.java b/toolkit/src/main/java/com/onelogin/saml2/Auth.java
@@ -221,10 +221,13 @@ public void setStrict(Boolean value)
 	 *				When true the AuthNRequest will set the IsPassive='true'
 	 * @param setNameIdPolicy
 	 *            When true the AuthNRequest will set a nameIdPolicy
-	 * @returns the representation of the AuthNRequest generated
+	 * @param stay
+	 *            True if we want to stay (returns the url string) False to execute redirection
+	 *
+	 * @return the SSO URL with the AuthNRequest if stay = True
 	 * @throws IOException
 	 */
-	public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) throws IOException {
+	public String login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay) throws IOException {
 		Map<String, String> parameters = new HashMap<String, String>();
 
 		AuthnRequest authnRequest = new AuthnRequest(settings, forceAuthn, isPassive, setNameIdPolicy);
@@ -253,11 +256,32 @@ public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolea
 
 		String ssoUrl = getSSOurl();
 
-		LOGGER.debug("AuthNRequest sent to " + ssoUrl + " --> " + samlRequest);
-		ServletUtils.sendRedirect(response, ssoUrl, parameters);
 		lastRequestId = authnRequest.getId();
+
+		if (!stay) {
+			LOGGER.debug("AuthNRequest sent to " + ssoUrl + " --> " + samlRequest);
+		}
+		return ServletUtils.sendRedirect(response, ssoUrl, parameters, stay);
 	}
 
+	/**
+	 * Initiates the SSO process.
+	 *
+	 * @param returnTo
+	 *				The target URL the user should be returned to after login (relayState).
+	 *				Will be a self-routed URL when null, or not be appended at all when an empty string is provided
+	 * @param forceAuthn
+	 *				When true the AuthNRequest will set the ForceAuthn='true'
+	 * @param isPassive
+	 *				When true the AuthNRequest will set the IsPassive='true'
+	 * @param setNameIdPolicy
+	 *            When true the AuthNRequest will set a nameIdPolicy
+	 * @throws IOException
+	 */
+	public void login(String returnTo, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) throws IOException {
+		login(returnTo ,forceAuthn, isPassive, setNameIdPolicy, false);
+	}
+
 	/**
 	 * Initiates the SSO process.
 	 *
@@ -290,11 +314,15 @@ public void login(String returnTo) throws IOException {
      *				The NameID that will be set in the LogoutRequest.
 	 * @param sessionIndex 
      *				The SessionIndex (taken from the SAML Response in the SSO process).
+	 * @param stay
+	 *            True if we want to stay (returns the url string) False to execute redirection
+	 *
+	 * @return the SLO URL with the LogoutRequest if stay = True
 	 *
 	 * @throws IOException
 	 * @throws XMLEntityException
 	 */
-	public void logout(String returnTo, String nameId, String sessionIndex) throws IOException, XMLEntityException {
+	public String logout(String returnTo, String nameId, String sessionIndex, Boolean stay) throws IOException, XMLEntityException {
 		Map<String, String> parameters = new HashMap<String, String>();
 
 		LogoutRequest logoutRequest = new LogoutRequest(settings, null, nameId, sessionIndex);
@@ -321,9 +349,30 @@ public void logout(String returnTo, String nameId, String sessionIndex) throws I
 		}
 
 		String sloUrl = getSLOurl();
-		LOGGER.debug("Logout request sent to " + sloUrl + " --> " + samlLogoutRequest);
-		ServletUtils.sendRedirect(response, sloUrl, parameters);
 		lastRequestId = logoutRequest.getId();
+
+		if (!stay) {
+			LOGGER.debug("Logout request sent to " + sloUrl + " --> " + samlLogoutRequest);
+		}
+		return ServletUtils.sendRedirect(response, sloUrl, parameters, stay);
+	}
+
+	/**
+	 * Initiates the SLO process.
+	 *
+	 * @param returnTo 
+     *				The target URL the user should be returned to after logout (relayState).
+	 *				Will be a self-routed URL when null, or not be appended at all when an empty string is provided
+	 * @param nameId 
+     *				The NameID that will be set in the LogoutRequest.
+	 * @param sessionIndex 
+     *				The SessionIndex (taken from the SAML Response in the SSO process).
+	 *
+	 * @throws IOException
+	 * @throws XMLEntityException
+	 */
+	public void logout(String returnTo, String nameId, String sessionIndex) throws IOException, XMLEntityException {
+		logout(returnTo, nameId, sessionIndex, false);
 	}
 
 	/**

diff --git a/toolkit/src/main/java/com/onelogin/saml2/servlet/ServletUtils.java b/toolkit/src/main/java/com/onelogin/saml2/servlet/ServletUtils.java
@@ -136,12 +136,15 @@ public static String getSelfRoutedURLNoQuery(HttpServletRequest request) {
      * 				target location url
      * @param parameters
      * 				GET parameters to be added
-     *
+	 * @param stay
+	 *            True if we want to stay (returns the url string) False to execute redirection
+     * 
+     * @return string the target URL
      * @throws IOException
      *
      * @see javax.servlet.http.HttpServletResponse#sendRedirect(String)
      */
-    public static void sendRedirect(HttpServletResponse response, String location, Map<String, String> parameters) throws IOException {
+    public static String sendRedirect(HttpServletResponse response, String location, Map<String, String> parameters, Boolean stay) throws IOException {
         String target = location;
 
         if (!parameters.isEmpty()) {
@@ -160,9 +163,33 @@ public static void sendRedirect(HttpServletResponse response, String location, M
                 }
             }
         }
-        response.sendRedirect(target);
+        if (!stay) {
+        	response.sendRedirect(target);
+        }
+
+        return target;
     }
 
+    /**
+     * Redirect to location url
+     *
+     * @param response
+     * 				HttpServletResponse object to be used
+     * @param location
+     * 				target location url
+     * @param parameters
+     * 				GET parameters to be added
+	 * @param stay
+	 *            True if we want to stay (returns the url string) False to execute redirection
+	 *
+     * @throws IOException
+     *
+     * @see javax.servlet.http.HttpServletResponse#sendRedirect(String)
+     */
+    public static void sendRedirect(HttpServletResponse response, String location, Map<String, String> parameters) throws IOException {
+    	sendRedirect(response, location, parameters, false);
+    }
+
     /**
      * Redirect to location url
      *

diff --git a/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java b/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java
@@ -995,6 +995,39 @@ public void testLoginWithoutRelayState() throws IOException, SettingsException,
 		assertThat(urlCaptor.getValue(), not(containsString("&RelayState=")));
 	}
 
+	/**
+	 * Tests the login method of Auth
+	 * Case: Login with stay enabled
+	 *
+	 * @throws SettingsException
+	 * @throws IOException
+	 * @throws URISyntaxException
+	 *
+	 * @see com.onelogin.saml2.Auth#login
+	 */
+	@Test
+	public void testLoginStay() throws IOException, SettingsException, URISyntaxException {
+		HttpServletRequest request = mock(HttpServletRequest.class);
+		HttpServletResponse response = mock(HttpServletResponse.class);
+		when(request.getScheme()).thenReturn("http");
+		when(request.getServerPort()).thenReturn(8080);
+		when(request.getServerName()).thenReturn("localhost");
+		when(request.getRequestURI()).thenReturn("/initial.jsp");
+
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		settings.setAuthnRequestsSigned(false);
+
+		Auth auth = new Auth(settings, request, response);
+		String target = auth.login("", false, false, false, true);
+		assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest="));
+		assertThat(target, not(containsString("&RelayState=")));
+
+		String relayState = "http://localhost:8080/expected.jsp";
+		target = auth.login(relayState, false, false, false, true);
+		assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest="));
+		assertThat(target, containsString("&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fexpected.jsp"));		
+	}
+
 	/**
 	 * Tests the login method of Auth
 	 * Case: Signed Login but no sp key
@@ -1143,6 +1176,39 @@ public void testLogoutWithoutRelayState() throws IOException, SettingsException,
 		assertThat(urlCaptor.getValue(), not(containsString("&RelayState=")));
 	}
 
+	/**
+	 * Tests the logout method of Auth
+	 * Case: Logout Stay
+	 *
+	 * @throws IOException
+	 * @throws SettingsException
+	 * @throws XMLEntityException
+	 *
+	 * @see com.onelogin.saml2.Auth#logout
+	 */
+	@Test
+	public void testLogoutStay() throws IOException, SettingsException, XMLEntityException {
+		HttpServletRequest request = mock(HttpServletRequest.class);
+		HttpServletResponse response = mock(HttpServletResponse.class);
+		when(request.getScheme()).thenReturn("http");
+		when(request.getServerPort()).thenReturn(8080);
+		when(request.getServerName()).thenReturn("localhost");		
+		when(request.getRequestURI()).thenReturn("/initial.jsp");
+
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		settings.setLogoutRequestSigned(false);
+
+		Auth auth = new Auth(settings, request, response);
+		String target = auth.logout("", null, null, true);
+		assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php?SAMLRequest="));
+		assertThat(target, not(containsString("&RelayState=")));
+
+		String relayState = "http://localhost:8080/expected.jsp";
+		target = auth.logout(relayState, null, null, true);
+		assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php?SAMLRequest="));
+		assertThat(target, containsString("&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fexpected.jsp"));
+	}
+
 	/**
 	 * Tests the logout method of Auth
 	 * Case: Signed Logout but no sp key

diff --git a/toolkit/src/test/java/com/onelogin/saml2/test/servlet/ServletUtilsTest.java b/toolkit/src/test/java/com/onelogin/saml2/test/servlet/ServletUtilsTest.java
@@ -117,6 +117,26 @@ public void testSendRedirectParams() throws IOException {
         verify(response_5).sendRedirect("http://example.com/expectedurl.jsp?novalue");
     }
 
+    /**
+     * Tests the sendRedirect method
+     * Use Case: Stay and don't execute redirection
+     *
+     * @throws IOException
+     *
+     * @see ServletUtils#sendRedirect
+     */
+    @Test
+    public void testSendRedirectStay() throws IOException {
+        HttpServletResponse response = mock(HttpServletResponse.class);
+        Map<String, String> parameters = new HashMap<String, String>();
+
+        String url = ServletUtils.sendRedirect(response, "http://example.com/expectedurl.jsp", parameters, true);
+        assertEquals("http://example.com/expectedurl.jsp", url);
+
+        url = ServletUtils.sendRedirect(response, "http://example.com/expectedurl.jsp?idpid=ffee-aabbb", singletonMap("SAMLRequest", "data"), true);
+        assertEquals("http://example.com/expectedurl.jsp?idpid=ffee-aabbb&SAMLRequest=data", url);
+    }
+
     /**
      * Tests the getSelfURLhost method
      *