diff --git a/saml/authn_request.go b/saml/authn_request.go index 3668387..5453dbd 100644 --- a/saml/authn_request.go +++ b/saml/authn_request.go @@ -249,7 +249,7 @@ func (sp *ServiceProvider) AuthnRequestPost( b64Payload := base64.StdEncoding.EncodeToString(payload) tmpl := template.Must( - template.New("post-binding").Parse(PostBindingTempl), + template.New("post-binding").Parse(postBindingTempl), ) buf := bytes.Buffer{} diff --git a/saml/models/metadata/sp_sso_descriptor_test.go b/saml/models/metadata/sp_sso_descriptor_test.go index 3c372fd..b1dc0b6 100644 --- a/saml/models/metadata/sp_sso_descriptor_test.go +++ b/saml/models/metadata/sp_sso_descriptor_test.go @@ -56,6 +56,7 @@ var exampleSPSSODescriptor = `` func Test_SPSSODescriptor(t *testing.T) { + t.Parallel() r := require.New(t) ed := &metadata.EntityDescriptorSPSSO{} @@ -89,6 +90,7 @@ var exampleSLOService = `` func Test_SPSSODescriptor_SLOService(t *testing.T) { + t.Parallel() r := require.New(t) ed := &metadata.EntityDescriptorSPSSO{} @@ -129,6 +131,7 @@ var exampleNameIDService = `` func Test_SPSSODescriptor_ManageNameIDService(t *testing.T) { + t.Parallel() r := require.New(t) ed := &metadata.EntityDescriptorSPSSO{} @@ -160,6 +163,7 @@ var exampleNameIDFormats = `` func Test_SPSSODescriptor_NameIDFormats(t *testing.T) { + t.Parallel() r := require.New(t) ed := &metadata.EntityDescriptorSPSSO{} @@ -193,6 +197,7 @@ var exampleACS = `` func Test_SPSSODescriptor_ACS(t *testing.T) { + t.Parallel() r := require.New(t) ed := &metadata.EntityDescriptorSPSSO{} @@ -250,6 +255,7 @@ var exampleAttributeConsumingService = `By-Tor func Test_SPSSODescriptor_AttributeConsumingService(t *testing.T) { + t.Parallel() r := require.New(t) ed := &metadata.EntityDescriptorSPSSO{} @@ -332,22 +338,3 @@ x5Ql0ejivIJAYcMGUyA+/YwJg2FGoA== ` - -// func Test_SPSSODescriptor_KeyDescritpor(t *testing.T) { -// r := require.New(t) - -// ed := &metadata.EntityDescriptor{} - -// err := xml.Unmarshal([]byte(exampleKeyDescriptor), ed) -// r.NoError(err) - -// keyDescriptor := ed.SPSSODescriptor[0].KeyDescriptor - -// r.Len(keyDescriptor, 2) - -// r.Equal(keyDescriptor[0].Use, metadata.KeyTypeSigning) -// r.NotEmpty(keyDescriptor[0].KeyInfo.X509Data, "") - -// r.Equal(keyDescriptor[1].Use, metadata.KeyTypeEncryption) -// r.NotEmpty(keyDescriptor[1].KeyInfo.X509Data, "") -// } diff --git a/saml/response.go b/saml/response.go index 8eaf5a1..1af9a47 100644 --- a/saml/response.go +++ b/saml/response.go @@ -178,7 +178,7 @@ func (sp *ServiceProvider) internalParser( for _, xcert := range kd.KeyInfo.X509Data.X509Certificates { parsed, err := parseX509Certificate(xcert.Data) if err != nil { - return nil, err + return nil, fmt.Errorf("%s: unable to parse cert: %w", op, err) } certStore.Roots = append(certStore.Roots, parsed) // append works just fine with a nil slice } diff --git a/saml/response_test.go b/saml/response_test.go index 9997389..9685793 100644 --- a/saml/response_test.go +++ b/saml/response_test.go @@ -91,6 +91,7 @@ func TestServiceProvider_ParseResponse(t *testing.T) { } func TestServiceProvider_ParseResponseCustomACS(t *testing.T) { + t.Parallel() r := require.New(t) fakeTime, err := time.Parse("2006-01-02", "2015-07-15") @@ -151,9 +152,9 @@ func TestServiceProvider_ParseResponseCustomACS(t *testing.T) { ) if c.err == "" { require.NoError(t, err) - } else { - require.ErrorContains(t, err, c.err) + return } + require.ErrorContains(t, err, c.err) }) } diff --git a/saml/sp.go b/saml/sp.go index 43c0aa5..4b38b23 100644 --- a/saml/sp.go +++ b/saml/sp.go @@ -15,7 +15,7 @@ import ( ) //go:embed authn_request.gohtml -var PostBindingTempl string +var postBindingTempl string type metadataOptions struct { wantAssertionsSigned bool @@ -37,6 +37,8 @@ func getMetadataOptions(opt ...Option) metadataOptions { return opts } +// InsecureWantAssertionsUnsigned provides a way to optionally request that you +// want insecure/unsigned assertions. func InsecureWantAssertionsUnsigned() Option { return func(o interface{}) { if o, ok := o.(*metadataOptions); ok { @@ -55,6 +57,7 @@ func WithMetadataNameIDFormat(format ...core.NameIDFormat) Option { } } +// WithACSServiceBinding provides an optional service binding. func WithACSServiceBinding(b core.ServiceBinding) Option { return func(o interface{}) { if o, ok := o.(*metadataOptions); ok { @@ -75,6 +78,7 @@ func WithAdditionalACSEndpoint(b core.ServiceBinding, location url.URL) Option { } } +// ServiceProvider defines a type for service providers type ServiceProvider struct { cfg *Config } diff --git a/saml/sp_test.go b/saml/sp_test.go index 57e7452..f27939b 100644 --- a/saml/sp_test.go +++ b/saml/sp_test.go @@ -16,6 +16,7 @@ import ( ) func Test_NewServiceProvider(t *testing.T) { + t.Parallel() r := require.New(t) exampleURL := "http://test.me" @@ -56,16 +57,17 @@ func Test_NewServiceProvider(t *testing.T) { if c.err != "" { r.Error(err) r.ErrorContains(err, c.err) - } else { - r.NoError(err) - r.NotNil(got) - r.NotNil(got.Config()) + return } + r.NoError(err) + r.NotNil(got) + r.NotNil(got.Config()) }) } } func Test_ServiceProvider_FetchMetadata_ErrorCases(t *testing.T) { + t.Parallel() r := require.New(t) s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { @@ -117,6 +119,7 @@ func Test_ServiceProvider_FetchMetadata_ErrorCases(t *testing.T) { } func Test_ServiceProvider_CreateMetadata(t *testing.T) { + t.Parallel() r := require.New(t) entityID := "http://test.me/entity" @@ -185,6 +188,7 @@ func Test_ServiceProvider_CreateMetadata(t *testing.T) { } func Test_CreateMetadata_Options(t *testing.T) { + t.Parallel() r := require.New(t) fakeURL := "http://fake.test.url"