From 57ca846ffeb74f0b17261590994614deead563f8 Mon Sep 17 00:00:00 2001
From: bryan <bryan.maass@gmail.com>
Date: Mon, 6 May 2024 11:33:30 -0600
Subject: [PATCH] New SLO shape improves compatibility + fix codecov uploads
 (#83)

* New slo shape improves compatibility

Tested with:
- Azure AD
- keycloak

* rearrange tests

* rerunning cloverage codecov upload

* non empty commit

* fix codecov upload

* bump codecov
---
 .github/workflows/tests.yml          |  8 ++++++--
 src/saml20_clj/sp/request.clj        |  8 ++++----
 test/saml20_clj/sp/request_test.clj  | 25 ++++++-------------------
 test/saml20_clj/sp/response_test.clj |  2 +-
 4 files changed, 17 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 227e778..97ee98d 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -39,5 +39,9 @@ jobs:
           cache-key: "cloverage"
       - run: clojure -X:dev:cloverage
       - name: Upload code coverage to codecov.io
-        run: >-
-          bash <(curl -s https://codecov.io/bash)
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          file: target/coverage/codecov.json
+          flags: cloverage
+          name: codecov-umbrella
diff --git a/src/saml20_clj/sp/request.clj b/src/saml20_clj/sp/request.clj
index 9ceb133..ae20bb8 100644
--- a/src/saml20_clj/sp/request.clj
+++ b/src/saml20_clj/sp/request.clj
@@ -102,15 +102,15 @@
   (assert (non-blank-string? idp-url) "idp-url is required")
   (assert (non-blank-string? issuer) "issuer is required")
   (assert (non-blank-string? user-email) "user-email is required")
-  [:samlp:LogoutRequest {:xmlns:samlp "urn:oasis:names:tc:SAML:2.0:protocol"
+  [:samlp:LogoutRequest {:xmlns "urn:oasis:names:tc:SAML:2.0:protocol"
+                         :xmlns:samlp "urn:oasis:names:tc:SAML:2.0:protocol"
                          :xmlns:saml "urn:oasis:names:tc:SAML:2.0:assertion"
                          :Version "2.0"
                          :ID (or request-id (str "id" (random-uuid)))
                          :IssueInstant instant
                          :Destination idp-url}
-   [:saml:Issuer issuer]
-   [:saml:NameID {:Format "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} user-email]
-   [:samlp:SessionIndex "SessionIndex_From_Authentication_Assertion"]])
+   [:Issuer issuer]
+   [:NameID {:Format "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} user-email]])
 
 (defn logout-redirect-location
   "This returns a url that you'd want to redirect a client to. Either using
diff --git a/test/saml20_clj/sp/request_test.clj b/test/saml20_clj/sp/request_test.clj
index f43df88..cfc86b0 100644
--- a/test/saml20_clj/sp/request_test.clj
+++ b/test/saml20_clj/sp/request_test.clj
@@ -189,8 +189,7 @@
         (doseq [v [nil "" "    " false true 100]]
           (testing (format "\n%s = %s" k (pr-str v))
             (let [request (assoc request k v)]
-              (is (thrown-with-msg?
-                   java.lang.AssertionError
+              (is (thrown-with-msg? java.lang.AssertionError
                    (re-pattern (format "%s is required" (name k)))
                    (request/request request))))))))))
 
@@ -202,28 +201,16 @@
                        :idp-url    "http://idp.example.com/SSOService.php"
                        :issuer     "http://sp.example.com/demo1/metadata.php"}))]
     (is (= [:samlp:LogoutRequest
-            {:xmlns:samlp "urn:oasis:names:tc:SAML:2.0:protocol"
+            {:xmlns "urn:oasis:names:tc:SAML:2.0:protocol"
+             :xmlns:samlp "urn:oasis:names:tc:SAML:2.0:protocol"
              :xmlns:saml "urn:oasis:names:tc:SAML:2.0:assertion"
              :Version "2.0"
              :ID "ONELOGIN_109707f0030a5d00620c9d9df97f627afe9dcc24"
              :IssueInstant "2020-09-24T22:51:00Z"
              :Destination "http://idp.example.com/SSOService.php"}
-            [:saml:Issuer "http://sp.example.com/demo1/metadata.php"]
-            [:saml:NameID {:Format "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} "user@example.com"]
-            [:samlp:SessionIndex "SessionIndex_From_Authentication_Assertion"]]
-           logout-xml))
-    (is (= (str "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" "\n"
-                "<samlp:LogoutRequest Destination=\"http://idp.example.com/SSOService.php\" "
-                "ID=\"ONELOGIN_109707f0030a5d00620c9d9df97f627afe9dcc24\" "
-                "IssueInstant=\"2020-09-24T22:51:00Z\" "
-                "Version=\"2.0\" "
-                "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" "
-                "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">"
-                "<saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>"
-                "<saml:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress\">user@example.com</saml:NameID>"
-                "<samlp:SessionIndex>SessionIndex_From_Authentication_Assertion</samlp:SessionIndex>"
-                "</samlp:LogoutRequest>")
-           (coerce/->xml-string logout-xml)))))
+            [:Issuer "http://sp.example.com/demo1/metadata.php"]
+            [:NameID {:Format "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} "user@example.com"]]
+           logout-xml))))
 
 (t/with-clock (t/mock-clock (t/instant "2020-09-24T22:51:00.000Z"))
   (request/logout-redirect-location
diff --git a/test/saml20_clj/sp/response_test.clj b/test/saml20_clj/sp/response_test.clj
index f4529fc..38c9366 100644
--- a/test/saml20_clj/sp/response_test.clj
+++ b/test/saml20_clj/sp/response_test.clj
@@ -47,7 +47,7 @@
           (testing (str "\noriginal =\n" (coerce/->xml-string original))
             (testing (str "decrypted =\n" (coerce/->xml-string decrypted))
               (prn :original (coerce/->xml-string original))
-              (prn :descrypted (coerce/->xml-string decrypted))
+              (prn :decrypted (coerce/->xml-string decrypted))
               (is (= 0
                      (count (.getEncryptedAssertions decrypted))))
               (is (= 1