From d857fbab8bb1108868cdd6b03433293f72304809 Mon Sep 17 00:00:00 2001 From: Hafsa Imran Date: Fri, 6 Dec 2024 17:53:13 -0500 Subject: [PATCH] improving variable name --- saml/response.go | 11 ++++++----- saml/response_test.go | 14 +++++++------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/saml/response.go b/saml/response.go index 76353f2..b2208ec 100644 --- a/saml/response.go +++ b/saml/response.go @@ -79,7 +79,8 @@ func InsecureSkipSignatureValidation() Option { } } -// ValidateResponseAndAssertionSignatures enables signature validation for both the SAML response and its assertions. +// ValidateResponseAndAssertionSignatures enables signature validation to ensure both response and its assertions +// are signed func ValidateResponseAndAssertionSignatures() Option { return func(o interface{}) { if o, ok := o.(*parseResponseOptions); ok { @@ -88,7 +89,7 @@ func ValidateResponseAndAssertionSignatures() Option { } } -// ValidateResponseSignature enables signature validation for just the SAML response. +// ValidateResponseSignature enables signature validation to ensure the response is at least signed func ValidateResponseSignature() Option { return func(o interface{}) { if o, ok := o.(*parseResponseOptions); ok { @@ -97,7 +98,7 @@ func ValidateResponseSignature() Option { } } -// ValidateAssertionSignature enables signature validation for just the SAML assertion. +// ValidateAssertionSignature enables signature validation to ensure the assertion is at least signed func ValidateAssertionSignature() Option { return func(o interface{}) { if o, ok := o.(*parseResponseOptions); ok { @@ -191,8 +192,8 @@ func (sp *ServiceProvider) ParseResponse( samlResponse := core.Response{Response: *response} if callValidateSignature { // func ip.ValidateEncodedResponse(...) above only requires either `response or all its `assertions` are signed, - // but does not require both. The validateSignature function will validate either response or assertion is signed - // or both depending on the parse response options given. + // but does not require both. The validateSignature function will validate either response or assertion + // or both is surely signed depending on the parse response options given. if err := validateSignature(&samlResponse, op, opts); err != nil { return nil, err } diff --git a/saml/response_test.go b/saml/response_test.go index 0818690..1d09a3d 100644 --- a/saml/response_test.go +++ b/saml/response_test.go @@ -80,21 +80,21 @@ func TestServiceProvider_ParseResponse(t *testing.T) { requestID: testRequestId, }, { - name: "success - with option validate both signatures and with both response and assertion signed", + name: "success - with option of validate both signatures & with both response and assertion signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithResponseAndAssertionSigned()))), opts: []saml.Option{saml.ValidateResponseAndAssertionSignatures()}, requestID: testRequestId, }, { - name: "success - with option validate response signature and with only response signed", + name: "success - with option of validate response signature & with only response signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithJustResponseSigned()))), opts: []saml.Option{saml.ValidateResponseSignature()}, requestID: testRequestId, }, { - name: "success - with option validate assertion signature and with only assertion signed", + name: "success - with option of validate assertion signature & with only assertion signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithJustAssertionSigned()))), opts: []saml.Option{saml.ValidateAssertionSignature()}, @@ -109,7 +109,7 @@ func TestServiceProvider_ParseResponse(t *testing.T) { wantErrContains: "response and/or assertions must be signed", }, { - name: "error-invalid-signature - with option validate both signatures and with just response signed", + name: "error-invalid-signature - with option of validate both signatures & with only response signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithJustResponseSigned()))), opts: []saml.Option{saml.ValidateResponseAndAssertionSignatures()}, @@ -117,7 +117,7 @@ func TestServiceProvider_ParseResponse(t *testing.T) { wantErrContains: "invalid signature", }, { - name: "error-invalid-signature - with option validate both signatures and with just assertion signed", + name: "error-invalid-signature - with option of validate both signatures & with only assertion signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithJustAssertionSigned()))), opts: []saml.Option{saml.ValidateResponseAndAssertionSignatures()}, @@ -125,7 +125,7 @@ func TestServiceProvider_ParseResponse(t *testing.T) { wantErrContains: "invalid signature", }, { - name: "error-invalid-signature - with option validate response signature and with just assertion signed", + name: "error-invalid-signature - with option of validate response signature & with only assertion signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithJustAssertionSigned()))), opts: []saml.Option{saml.ValidateResponseSignature()}, @@ -133,7 +133,7 @@ func TestServiceProvider_ParseResponse(t *testing.T) { wantErrContains: "invalid signature", }, { - name: "error-invalid-signature -with option validate assertion signature and with just response signed", + name: "error-invalid-signature -with option of validate assertion signature & with just response signed", sp: testSp, samlResp: base64.StdEncoding.EncodeToString([]byte(tp.SamlResponse(t, testprovider.WithJustResponseSigned()))), opts: []saml.Option{saml.ValidateAssertionSignature()},