Include SAML2 status codes in exception message

- Fixes #693

Kentor.AuthServices.Tests/Exceptions/UnsuccessfulSamlOperationExceptionTest.cs

@@ -6,6 +6,7 @@
 using System.Threading.Tasks;
 using FluentAssertions;
 using Kentor.AuthServices.Exceptions;
+using Kentor.AuthServices.Saml2P;
 
 namespace Kentor.AuthServices.Tests.Exceptions
 {
@@ -32,6 +33,7 @@ public void InvalidSamlOperationException_StringCtor()
 
             subject.Message.Should().Be(msg);
         }
+
         [TestMethod]
         public void InvalidSamlOperationException_StringInnerExCtor()
         {
@@ -43,5 +45,24 @@ public void InvalidSamlOperationException_StringInnerExCtor()
             subject.InnerException.Should().Be(inner);
         }
 
+        [TestMethod]
+        public void InvalidSamlOperationException_SamlStatusCodeCtor()
+        {
+            var message = "Message!";
+            var status = Saml2StatusCode.RequestVersionDeprecated;
+            var statusMessage = "Request Version Deprecated";
+            var secondLevelStatus = "Second Level Status";
+
+            var subject = new UnsuccessfulSamlOperationException(
+                message,
+                status,
+                statusMessage,
+                secondLevelStatus);
+
+            subject.Message.Should().Be("Message!\n" +
+                "  Saml2 Status Code: RequestVersionDeprecated\n" +
+                "  Saml2 Status Message: Request Version Deprecated\n" +
+                "  Saml2 Second Level Status: Second Level Status");
+        }
     }
 }

Kentor.AuthServices.Tests/Saml2P/Saml2ResponseTests.cs

@@ -1597,7 +1597,7 @@ public void Saml2Response_GetClaims_ThrowsOnStatusFailure()
             Action a = () => subject.GetClaims(Options.FromConfiguration);
 
             a.ShouldThrow<UnsuccessfulSamlOperationException>()
-                .WithMessage("The Saml2Response must have status success to extract claims. Status: Requester.")
+                .WithMessage("The Saml2Response must have status success to extract claims.\n*Status Code: Requester*")
                 .Where(x => x.Status == Saml2StatusCode.Requester);
 
         }
@@ -1626,9 +1626,8 @@ public void Saml2Response_GetClaims_ThrowsOnStatusFailure_IncludingSecondLevelMe
             Action a = () => subject.GetClaims(Options.FromConfiguration);
 
             a.ShouldThrow<UnsuccessfulSamlOperationException>()
-                .WithMessage("The Saml2Response must have status success to extract claims. Status: Responder. Message: A status message.")
+                .WithMessage("The Saml2Response must have status success to extract claims.*Status Code: Responder*Message: A status message*RequestDenied")
                 .Where(x => x.Status == Saml2StatusCode.Responder && x.StatusMessage == "A status message" && x.SecondLevelStatus == "urn:oasis:names:tc:SAML:2.0:status:RequestDenied");
-
         }
 
         [TestMethod]
@@ -1663,7 +1662,7 @@ public void Saml2Response_DisplayStatusMessageInExceptionText()
             Action a = () => subject.GetClaims(Options.FromConfiguration);
 
             a.ShouldThrow<UnsuccessfulSamlOperationException>()
-                .WithMessage("The Saml2Response must have status success to extract claims. Status: Requester. Message: A status message.")
+                .WithMessage("The Saml2Response must have status success to extract claims.*Status Code: Requester*Message: A status message*")
                 .Where(x => x.Status == Saml2StatusCode.Requester);
 
         }

Kentor.AuthServices/Exceptions/UnsuccessfulSAMLOperationException.cs

@@ -27,14 +27,19 @@ public class UnsuccessfulSamlOperationException : AuthServicesException
         /// Second level status of SAML2Response
         /// </summary>
         public string SecondLevelStatus { get; set; }
+
         /// <summary>
-        /// 
+        /// Ctor, bundling the Saml2 status codes and message into the exception message.
         /// </summary>
         /// <param name="message">Exception message.</param>
         /// <param name="statusCode">Status of the SAML2Response</param>
         /// <param name="statusMessage">Status message of SAML2Response</param>
         /// <param name="secondLevelStatus">Second level status of SAML2Response</param>
-        public UnsuccessfulSamlOperationException(string message, Saml2StatusCode statusCode, string statusMessage, string secondLevelStatus) : base(message)
+        public UnsuccessfulSamlOperationException(string message, Saml2StatusCode statusCode, string statusMessage, string secondLevelStatus) : 
+            base(message + "\n" +
+                "  Saml2 Status Code: " + statusCode + "\n" +
+                "  Saml2 Status Message: " + statusMessage + "\n" +
+                "  Saml2 Second Level Status: " + secondLevelStatus)
         {
             this.Status = statusCode;
             this.StatusMessage = statusMessage;

Kentor.AuthServices/SAML2P/Saml2Response.cs

@@ -515,9 +515,9 @@ private IEnumerable<ClaimsIdentity> CreateClaims(IOptions options)
 
             if (status != Saml2StatusCode.Success)
             {
-                throw new UnsuccessfulSamlOperationException(string.Format("The Saml2Response must have status success to extract claims. Status: {0}.{1}"
-                , status.ToString(), statusMessage != null ? " Message: " + statusMessage + "." : string.Empty),
-                status, statusMessage, secondLevelStatus);
+                throw new UnsuccessfulSamlOperationException(
+                    "The Saml2Response must have status success to extract claims.",
+                    status, statusMessage, secondLevelStatus);
             }
 
             foreach (XmlElement assertionNode in GetAllAssertionElementNodes(options))