From 5df2b703598922c5fc1e290e527a400b57639e50 Mon Sep 17 00:00:00 2001
From: tngan <tonynwk919@gmail.com>
Date: Mon, 12 Jun 2017 00:42:02 +0800
Subject: [PATCH] More tests and fix the mutation in defining binding method of
 logout response

---
 src/entity.ts | 18 +++++++++---------
 test/flow.ts  | 47 ++++++++++++++++++++++++++++++++++++++++-------
 test/index.ts | 11 +++++++++++
 3 files changed, 60 insertions(+), 16 deletions(-)

diff --git a/src/entity.ts b/src/entity.ts
index 7b7ed1d6..d2da4706 100644
--- a/src/entity.ts
+++ b/src/entity.ts
@@ -148,7 +148,7 @@ export default class Entity {
   * @param  {date} notOnOrAfter
   * @return {boolean}
   */
-  verifyTime(notBefore: Date, notOnOrAfter: Date): boolean {
+  verifyTime(notBefore?: Date, notOnOrAfter?: Date): boolean {
     const now = new Date();
     if (isUndefined(notBefore) && isUndefined(notOnOrAfter)) {
       return true; // throw exception todo
@@ -265,7 +265,7 @@ export default class Entity {
       return parseResult;
     }
     // Will support artifact in the next release
-    throw new Error('this binding is not support');
+    throw new Error('this binding is not supported');
   }
 
   /** @desc   Generates the logout request for developers to design their own method
@@ -275,12 +275,12 @@ export default class Entity {
   * @param  {string} relayState      the URL to which to redirect the user when logout is complete
   * @param  {function} customTagReplacement     used when developers have their own login response template
   */
-  createLogoutRequest(targetEntity, binding, user, relayState, customTagReplacement): BindingContext | PostRequestInfo {
+  createLogoutRequest(targetEntity, binding, user, relayState = '', customTagReplacement?): BindingContext | PostRequestInfo {
     if (binding === wording.binding.redirect) {
       return redirectBinding.logoutRequestRedirectURL(user, {
         init: this,
         target: targetEntity,
-      }, customTagReplacement, relayState);
+      }, relayState, customTagReplacement);
     }
     if (binding === wording.binding.post) {
       const entityEndpoint = targetEntity.entityMeta.getSingleLogoutService(binding);
@@ -304,15 +304,15 @@ export default class Entity {
   * @param  {string} binding                     protocol binding
   * @param  {function} customTagReplacement                 used when developers have their own login response template
   */
-  createLogoutResponse(target, requestInfo, binding, relayState, customTagReplacement): BindingContext {
-    binding = namespace.binding[binding] || namespace.binding.redirect;
-    if (binding === namespace.binding.redirect) {
+  createLogoutResponse(target, requestInfo, binding, relayState = '', customTagReplacement?): BindingContext {
+    const protocol = namespace.binding[binding];
+    if (protocol === namespace.binding.redirect) {
       return redirectBinding.logoutResponseRedirectURL(requestInfo, {
         init: this,
         target,
       }, relayState, customTagReplacement);
     }
-    if (binding === namespace.binding.post) {
+    if (protocol === namespace.binding.post) {
       const context = postBinding.base64LogoutResponse(requestInfo, {
           init: this,
           target,
@@ -324,7 +324,7 @@ export default class Entity {
         type: 'SAMLResponse',
       };
     }
-    throw new Error('This binding is not support');
+    throw new Error('this binding is not supported');
   }
 
   /**
diff --git a/test/flow.ts b/test/flow.ts
index d36a64d5..97544481 100644
--- a/test/flow.ts
+++ b/test/flow.ts
@@ -96,9 +96,11 @@ test('signed in sp is not matched with the signed notation in idp with redirect
 });
 
 test('create login request with redirect binding using custom template', t => {
-  const _sp = serviceProvider({ ...defaultSpConfig, loginRequestTemplate: {
-    context: '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:NameIDPolicy Format="{NameIDFormat}" AllowCreate="{AllowCreate}"/></samlp:AuthnRequest>',
-  }});
+  const _sp = serviceProvider({
+    ...defaultSpConfig, loginRequestTemplate: {
+      context: '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:NameIDPolicy Format="{NameIDFormat}" AllowCreate="{AllowCreate}"/></samlp:AuthnRequest>',
+    },
+  });
   const { id, context } = _sp.createLoginRequest(idp, 'redirect', template => {
     return {
       id: 'exposed_testing_id',
@@ -109,9 +111,11 @@ test('create login request with redirect binding using custom template', t => {
 });
 
 test('create login request with post binding using custom template', t => {
-  const _sp = serviceProvider({ ...defaultSpConfig, loginRequestTemplate: {
-    context: '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:NameIDPolicy Format="{NameIDFormat}" AllowCreate="{AllowCreate}"/></samlp:AuthnRequest>',
-  }});
+  const _sp = serviceProvider({
+    ...defaultSpConfig, loginRequestTemplate: {
+      context: '<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}"><saml:Issuer>{Issuer}</saml:Issuer><samlp:NameIDPolicy Format="{NameIDFormat}" AllowCreate="{AllowCreate}"/></samlp:AuthnRequest>',
+    },
+  });
   const { id, context, entityEndpoint, type, relayState } = _sp.createLoginRequest(idp, 'post', template => {
     return {
       id: 'exposed_testing_id',
@@ -133,5 +137,34 @@ test('create login response with undefined binding', async t => {
 
 test('create post login response', async t => {
   const { id, context } = await idp.createLoginResponse(sp, null, 'post', { email: 'user@esaml2.com' });
-  _.isString(id)  && _.isString(context) ? t.pass() : t.fail();
+  _.isString(id) && _.isString(context) ? t.pass() : t.fail();
+});
+
+test('create logout request with redirect binding', t => {
+  const { id, context } = sp.createLogoutRequest(idp, 'redirect', { email: 'user@esaml2' });
+  _.isString(id) && _.isString(context) ? t.pass() : t.fail();
+});
+
+test('create logout request with post binding', t => {
+  const { relayState, type, entityEndpoint, id, context } = sp.createLogoutRequest(idp, 'post', { email: 'user@esaml2' }) as PostRequestInfo;
+  _.isString(id) && _.isString(context) && _.isString(entityEndpoint) && _.isEqual(type, 'SAMLRequest') ? t.pass() : t.fail();
+});
+
+test('create logout response with undefined binding', t => {
+  try {
+    const { id, context } = idp.createLogoutResponse(sp, {}, 'undefined');
+    t.fail();
+  } catch (e) {
+    t.is(e.message, 'this binding is not supported');
+  }
+});
+
+test('create logout response with redirect binding', t => {
+  const { id, context } = idp.createLogoutResponse(sp, {}, 'redirect');
+  _.isString(id) && _.isString(context) ? t.pass() : t.fail();
+});
+
+test('create logout response with post binding', t => {
+  const { relayState, type, entityEndpoint, id, context } = idp.createLogoutResponse(sp, {}, 'post') as PostRequestInfo;
+  _.isString(id) && _.isString(context) && _.isString(entityEndpoint) && _.isEqual(type, 'SAMLResponse') ? t.pass() : t.fail();
 });
diff --git a/test/index.ts b/test/index.ts
index c61303bf..49f0bf7a 100644
--- a/test/index.ts
+++ b/test/index.ts
@@ -512,3 +512,14 @@ test('getAssertionConsumerService with two bindings', t => {
   });
 
 })();
+
+test('verify time', t => {
+  let timeAfter5Mins = new Date();
+  let timeBefore5Mins = new Date();
+  timeBefore5Mins = new Date(timeBefore5Mins.setMinutes(timeBefore5Mins.getMinutes() - 5));
+  timeAfter5Mins = new Date(timeAfter5Mins.setMinutes(timeAfter5Mins.getMinutes() + 5));
+  t.true(sp.verifyTime(timeBefore5Mins, timeAfter5Mins));
+  t.false(sp.verifyTime(undefined, timeBefore5Mins));
+  t.false(sp.verifyTime(timeAfter5Mins));
+  t.true(sp.verifyTime());
+});