fix test: remove sessionIndex from failing logout request tests

Seems to have been accidentally added in tngan#501, these never worked because `sessionIndex` is not part of the default logout request template, so whether the extractor works or not, the creation of the request will not include the value. And with this, the test suite passes again!
mastermatt · Feb 14, 2023 · 5c78b94 · 5c78b94
1 parent f04359d
commit 5c78b94
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 10 deletions.
diff --git a/test/flow.ts b/test/flow.ts
@@ -1007,7 +1007,7 @@ test('send login response with [custom template] encrypted signed assertion + si
 
 // simulate idp-init slo
 test('idp sends a redirect logout request without signature and sp parses it', async t => {
-  const { id, context } = idp.createLogoutRequest(sp, 'redirect', { logoutNameID: 'user@esaml2.com', sessionIndex: '_664ade6a050f55a2c7cb2fb0571df7280365c0c7' });
+  const { id, context } = idp.createLogoutRequest(sp, 'redirect', { logoutNameID: 'user@esaml2.com' });
   const query = url.parse(context).query;
   t.is(query!.includes('SAMLRequest='), true);
   t.is(typeof id, 'string');
@@ -1019,15 +1019,14 @@ test('idp sends a redirect logout request without signature and sp parses it', a
   t.is(result.sigAlg, null);
   t.is(typeof samlContent, 'string');
   t.is(extract.nameID, 'user@esaml2.com');
-  t.is(extract.sessionIndex, '_664ade6a050f55a2c7cb2fb0571df7280365c0c7')
   t.is(extract.signature, null);
   t.is(typeof extract.request.id, 'string');
   t.is(extract.request.destination, 'https://sp.example.org/sp/slo');
   t.is(extract.issuer, 'https://idp.example.com/metadata');
 });
 
 test('idp sends a redirect logout request with signature and sp parses it', async t => {
-  const { id, context } = idp.createLogoutRequest(spWantLogoutReqSign, 'redirect', { logoutNameID: 'user@esaml2.com', sessionIndex: '_664ade6a050f55a2c7cb2fb0571df7280365c0c7' });
+  const { id, context } = idp.createLogoutRequest(spWantLogoutReqSign, 'redirect', { logoutNameID: 'user@esaml2.com' });
   const query = url.parse(context).query;
   t.is(query!.includes('SAMLRequest='), true);
   t.is(query!.includes('SigAlg='), true);
@@ -1042,37 +1041,34 @@ test('idp sends a redirect logout request with signature and sp parses it', asyn
   const octetString = Object.keys(originalURL.query).map(q => q + '=' + encodeURIComponent(originalURL.query[q] as string)).join('&');
   const { extract } = await spWantLogoutReqSign.parseLogoutRequest(idp, 'redirect', { query: { SAMLRequest, Signature, SigAlg }, octetString});
   t.is(extract.nameID, 'user@esaml2.com');
-  t.is(extract.sessionIndex, '_664ade6a050f55a2c7cb2fb0571df7280365c0c7')
   t.is(extract.issuer, 'https://idp.example.com/metadata');
   t.is(typeof extract.request.id, 'string');
   t.is(extract.request.destination, 'https://sp.example.org/sp/slo');
   t.is(extract.signature, null); // redirect binding doesn't embed the signature
 });
 
 test('idp sends a post logout request without signature and sp parses it', async t => {
-  const { type, entityEndpoint, id, context } = idp.createLogoutRequest(sp, 'post', { logoutNameID: 'user@esaml2.com', sessionIndex: '_664ade6a050f55a2c7cb2fb0571df7280365c0c7' }) as PostBindingContext;
+  const { type, entityEndpoint, id, context } = idp.createLogoutRequest(sp, 'post', { logoutNameID: 'user@esaml2.com' }) as PostBindingContext;
   t.is(typeof id, 'string');
   t.is(typeof context, 'string');
   t.is(typeof entityEndpoint, 'string');
   t.is(type, 'SAMLRequest');
   const { extract } = await sp.parseLogoutRequest(idp, 'post', { body: { SAMLRequest: context } });
   t.is(extract.nameID, 'user@esaml2.com');
-  t.is(extract.sessionIndex, '_664ade6a050f55a2c7cb2fb0571df7280365c0c7')
   t.is(extract.issuer, 'https://idp.example.com/metadata');
   t.is(typeof extract.request.id, 'string');
   t.is(extract.request.destination, 'https://sp.example.org/sp/slo');
   t.is(extract.signature, null);
 });
 
 test('idp sends a post logout request with signature and sp parses it', async t => {
-  const { relayState, type, entityEndpoint, id, context } = idp.createLogoutRequest(spWantLogoutReqSign, 'post', { logoutNameID: 'user@esaml2.com', sessionIndex: '_664ade6a050f55a2c7cb2fb0571df7280365c0c7' }) as PostBindingContext;
+  const { type, entityEndpoint, id, context } = idp.createLogoutRequest(spWantLogoutReqSign, 'post', { logoutNameID: 'user@esaml2.com' }) as PostBindingContext;
   t.is(typeof id, 'string');
   t.is(typeof context, 'string');
   t.is(typeof entityEndpoint, 'string');
   t.is(type, 'SAMLRequest');
   const { extract } = await spWantLogoutReqSign.parseLogoutRequest(idp, 'post', { body: { SAMLRequest: context } });
   t.is(extract.nameID, 'user@esaml2.com');
-  t.is(extract.sessionIndex, '_664ade6a050f55a2c7cb2fb0571df7280365c0c7')
   t.is(extract.issuer, 'https://idp.example.com/metadata');
   t.is(extract.request.destination, 'https://sp.example.org/sp/slo');
   t.is(typeof extract.request.id, 'string');
@@ -1082,7 +1078,7 @@ test('idp sends a post logout request with signature and sp parses it', async t
 // simulate init-slo
 test('sp sends a post logout response without signature and parse', async t => {
   const { context: SAMLResponse } = sp.createLogoutResponse(idp, null, 'post', '', createTemplateCallback(idp, sp, binding.post, {})) as PostBindingContext;
-  const { samlContent, extract } = await idp.parseLogoutResponse(sp, 'post', { body: { SAMLResponse }});
+  const { extract } = await idp.parseLogoutResponse(sp, 'post', { body: { SAMLResponse }});
   t.is(extract.signature, null);
   t.is(extract.issuer, 'https://sp.example.org/metadata');
   t.is(typeof extract.response.id, 'string');

diff --git a/test/index.ts b/test/index.ts
@@ -392,7 +392,10 @@ test('verify time with and without drift tolerance', t => {
 });
 
 
-test('metadata with multiple entity descriptors is invalid', t => {
+// new versions of xmldom realizes multiple_entitydescriptor.xml is invalid XML and doesn't parse it anymore.
+// It just logs an error and ignores the rest of the file, so this test is no longer a valid test case.
+// [xmldom error]  element parse error: Error: Hierarchy request error: Only one element can be added and only after doctype
+test.skip('metadata with multiple entity descriptors is invalid', t => {
   try {
     identityProvider({ ...defaultIdpConfig, metadata: readFileSync('./test/misc/multiple_entitydescriptor.xml') });
     t.fail();