Merge pull request RobotsAndPencils#19 from avinashdhinwa/AuthReqResp…

…onseParams

Return parsed values of AuthnRequest to get attributes like ForceAuthn

examples/response.go

@@ -31,7 +31,7 @@ func LoginResponseExample() {
 
 	//This validate the AuthnRequest and set parse value in the idp instance,
 	//When NewSignedLoginResponse called, InResponseTo property added from the parsed AuthnRequest
-	validationError := idp.ValidateAuthnRequest("POST", url.Values{}, utitlity.GetSampleAuthnRequest())
+	_, validationError := idp.ValidateAuthnRequest("POST", url.Values{}, utitlity.GetSampleAuthnRequest())
 	if validationError != nil {
 		fmt.Println(validationError)
 	}

go.mod

@@ -5,5 +5,8 @@ go 1.13
 require (
 	github.com/beevik/etree v1.1.0 // indirect
 	github.com/ma314smith/signedxml v0.0.0-20200709203052-5961fe7b44fd
+	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/satori/go.uuid v1.2.0
+	github.com/smartystreets/goconvey v1.6.4 // indirect
+	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
 )

go.sum

@@ -1,6 +1,26 @@
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/ma314smith/signedxml v0.0.0-20200709203052-5961fe7b44fd h1:jV8Z3FC1X6RBa4yrAw0ry+hSq4JZnqku8CF6CW0OB0w=
 github.com/ma314smith/signedxml v0.0.0-20200709203052-5961fe7b44fd/go.mod h1:KEgVcb43+f5KFUH/x6Vd3NROG0AIL2CuKMrIqYsmx6E=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b h1:QRR6H1YWRnHb4Y/HeNFCTJLFVxaq6wH4YuVdsUOr75U=
+gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

idp.go

@@ -117,20 +117,23 @@ func (idp *IdentityProvider) MetaDataResponse() (string, *Reject) {
 	return string(newMetadata), nil
 }
 
-func (idp *IdentityProvider) ValidateAuthnRequest(method string, query url.Values, payload url.Values) *Reject {
+func (idp *IdentityProvider) ValidateAuthnRequest(method string, query url.Values, payload url.Values) (*AuthnReq, *Reject) {
 	samlRequestParam, err := prepareSamlRequestParam(method, query, payload, "AuthnRequest")
 	if err != nil {
-		return &Reject{err, "SAML_REQUEST_NOT_VALID"}
+		return nil, &Reject{err, "SAML_REQUEST_NOT_VALID"}
 	}
 	if err = samlRequestParam.CheckSignature(idp); err != nil {
-		return &Reject{err, "SAML_SINGING_CERTIFICATE_MISMATCH"}
+		return nil, &Reject{err, "SAML_SINGING_CERTIFICATE_MISMATCH"}
 	}
 	if err = samlRequestParam.AuthnRequest.Validate(); err != nil {
-		return &Reject{err, "SAML_REQUEST_NOT_VALID"}
+		return nil, &Reject{err, "SAML_REQUEST_NOT_VALID"}
 	}
 	idp.RelayState = samlRequestParam.RelayState
 	idp.samlRequestParam = samlRequestParam
-	return nil
+
+	authnRequest := idp.getAuthnRequest(samlRequestParam)
+
+	return authnRequest, nil
 }
 
 func (idp *IdentityProvider) ValidateLogoutRequest(method string, query url.Values, payload url.Values) *Reject {
@@ -461,3 +464,15 @@ func prepareSamlRequestParam(method string, query url.Values, payload url.Values
 	}
 	return samlRequestParam, nil
 }
+
+func (idp *IdentityProvider) getAuthnRequest(param *SamlRequestParam) *AuthnReq {
+
+	authReq := param.AuthnRequest
+
+	return &AuthnReq{
+		ID:           authReq.ID,
+		ForceAuthn:   authReq.ForceAuthn,
+		IsPassive:    authReq.IsPassive,
+		ProviderName: authReq.ProviderName,
+	}
+}

internal/schema.go

@@ -23,6 +23,9 @@ type AuthnRequest struct {
 	NameIDPolicy                   NameIDPolicy          `xml:"NameIDPolicy"`
 	RequestedAuthnContext          RequestedAuthnContext `xml:"RequestedAuthnContext"`
 	Signature                      *Signature            `xml:"Signature,omitempty"`
+	ForceAuthn                     string                `xml:"ForceAuthn"`
+	IsPassive                      string                `xml:"IsPassive"`
+	ProviderName                   string                `xml:"ProviderName"`
 	originalString                 string
 }
 

parse.go

@@ -5,7 +5,7 @@ import (
 	"encoding/base64"
 	"encoding/xml"
 	"fmt"
-	"github.com/LoginRadius/go-saml/internal"
+	lib "github.com/LoginRadius/go-saml/internal"
 	"github.com/LoginRadius/go-saml/util"
 	"github.com/ma314smith/signedxml"
 	"net/url"
@@ -34,8 +34,8 @@ type SamlRequestParam struct {
 	RelayState    string
 	SigAlg        string
 	Signature     string
-	AuthnRequest  *internal.AuthnRequest
-	LogoutRequest *internal.LogoutRequest
+	AuthnRequest  *lib.AuthnRequest
+	LogoutRequest *lib.LogoutRequest
 }
 
 func (s *SamlRequestParam) GetOctetString() string {
@@ -52,7 +52,7 @@ func (s *SamlRequestParam) GetOctetString() string {
 }
 
 func (s *SamlRequestParam) ParseAuthnRequest() error {
-	var authnRequest internal.AuthnRequest
+	var authnRequest lib.AuthnRequest
 	if err := xml.Unmarshal(s.RequestBuffer, &authnRequest); err != nil {
 		return err
 	}
@@ -61,7 +61,7 @@ func (s *SamlRequestParam) ParseAuthnRequest() error {
 }
 
 func (s *SamlRequestParam) ParseLogoutRequest() error {
-	var logoutRequest internal.LogoutRequest
+	var logoutRequest lib.LogoutRequest
 	if err := xml.Unmarshal(s.RequestBuffer, &logoutRequest); err != nil {
 		return err
 	}

saml.go

@@ -66,3 +66,10 @@ type Reject struct {
 	Error  error
 	Reason string
 }
+
+type AuthnReq struct {
+	ID           string
+	ForceAuthn   string
+	IsPassive    string
+	ProviderName string
+}