Move RelayState; it's a characteristic of the binding rather than the message

Author: tvdijen

src/SAML2/Binding.php

@@ -24,6 +24,13 @@
  */
 abstract class Binding
 {
+    /**
+     * The RelayState associated with the message.
+     *
+     * @var string|null
+     */
+    protected ?string $relayState = null;
+
     /**
      * The destination of messages.
      *
@@ -148,6 +155,28 @@ public function getDestination(): ?string
     }
 
 
+    /**
+     * Set the RelayState associated with he message.
+     *
+     * @param string|null $relayState The RelayState.
+     */
+    public function setRelayState(string $relayState = null): void
+    {
+        $this->relayState = $relayState;
+    }
+
+
+    /**
+     * Get the RelayState associated with the message.
+     *
+     * @return string|null The RelayState.
+     */
+    public function getRelayState(): ?string
+    {
+        return $this->relayState;
+    }
+
+
     /**
      * Override the destination of a message.
      *

src/SAML2/HTTPArtifact.php

@@ -85,7 +85,7 @@ public function getRedirectURL(AbstractMessage $message): string
 
         $params = ['SAMLart' => $artifact];
 
-        $relayState = $message->getRelayState();
+        $relayState = $this->getRelayState();
         if ($relayState !== null) {
             $params['RelayState'] = $relayState;
         }
@@ -194,7 +194,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
         $samlResponse->addValidator([get_class($this), 'validateSignature'], $artifactResponse);
 
         if (isset($query['RelayState'])) {
-            $samlResponse->setRelayState($query['RelayState']);
+            $this->setRelayState($query['RelayState']);
         }
 
         return $samlResponse;

src/SAML2/HTTPPost.php

@@ -41,7 +41,7 @@ public function send(AbstractMessage $message): ResponseInterface
         } else {
             $destination = $this->destination;
         }
-        $relayState = $message->getRelayState();
+        $relayState = $this->getRelayState();
 
         $msgStr = $message->toXML();
 
@@ -108,7 +108,7 @@ public function receive(ServerRequestInterface $request): AbstractMessage
         }
 
         if (array_key_exists('RelayState', $query)) {
-            $msg->setRelayState($query['RelayState']);
+            $this->setRelayState($query['RelayState']);
         }
 
         return $msg;

src/SAML2/HTTPRedirect.php

@@ -53,7 +53,7 @@ public function getRedirectURL(AbstractMessage $message): string
             $destination = $this->destination;
         }
 
-        $relayState = $message->getRelayState();
+        $relayState = $this->getRelayState();
         $msgStr = $message->toXML();
 
         Utils::getContainer()->debugMessage($msgStr, 'out');
@@ -151,8 +151,8 @@ public function receive(ServerRequestInterface $request): AbstractMessage
         $message = MessageFactory::fromXML($document->documentElement);
 
         if (array_key_exists('RelayState', $query)) {
-            $message->setRelayState($query['RelayState']);
             $signedQuery .= '&RelayState=' . urlencode($query['RelayState']);
+            $this->setRelayState($query['RelayState']);
         }
 
         if (!array_key_exists('Signature', $query)) {

src/SAML2/XML/samlp/AbstractMessage.php

@@ -38,13 +38,6 @@ abstract class AbstractMessage extends AbstractSamlpElement implements SignableE
     use SignedElementTrait;
 
 
-    /**
-     * The RelayState associated with this message.
-     *
-     * @var string|null
-     */
-    protected ?string $relayState = null;
-
     /**
      * The \DOMDocument we are currently building.
      *
@@ -77,7 +70,6 @@ abstract class AbstractMessage extends AbstractSamlpElement implements SignableE
      * @param string|null $destination
      * @param string|null $consent
      * @param \SimpleSAML\SAML2\XML\samlp\Extensions $extensions
-     * @param string|null $relayState
      *
      * @throws \Exception
      */
@@ -89,15 +81,13 @@ protected function __construct(
         protected ?string $destination = null,
         protected ?string $consent = null,
         ?Extensions $extensions = null,
-        ?string $relayState = null,
     ) {
         Assert::nullOrSame($issueInstant?->getTimeZone()->getName(), 'Z', ProtocolViolationException::class);
         Assert::nullOrValidNCName($id); // Covers the empty string
         Assert::nullOrValidURI($destination); // Covers the empty string
         Assert::nullOrValidURI($consent); // Covers the empty string
 
         $this->setExtensions($extensions);
-        $this->setRelayState($relayState);
     }
 
 
@@ -188,30 +178,6 @@ public function isMessageConstructedWithSignature(): bool
     }
 
 
-    /**
-     * Retrieve the RelayState associated with this message.
-     *
-     * @return string|null The RelayState, or NULL if no RelayState is given
-     */
-    public function getRelayState(): ?string
-    {
-        return $this->relayState;
-    }
-
-
-    /**
-     * Set the RelayState associated with this message.
-     *
-     * @param string|null $relayState The new RelayState
-     */
-    public function setRelayState(string $relayState = null): void
-    {
-        Assert::nullOrNotWhitespaceOnly($relayState);
-
-        $this->relayState = $relayState;
-    }
-
-
     /**
      * Get the XML element.
      *

src/SAML2/XML/samlp/AbstractStatusResponse.php

@@ -34,7 +34,6 @@ abstract class AbstractStatusResponse extends AbstractMessage
      * @param string|null $destination
      * @param string|null $consent
      * @param \SimpleSAML\SAML2\XML\samlp\Extensions|null $extensions
-     * @param string|null $relayState
      *
      * @throws \Exception
      */
@@ -48,11 +47,10 @@ protected function __construct(
         ?string $destination = null,
         ?string $consent = null,
         ?Extensions $extensions = null,
-        ?string $relayState = null,
     ) {
         Assert::nullOrValidNCName($inResponseTo); // Covers the empty string
 
-        parent::__construct($issuer, $id, $version, $issueInstant, $destination, $consent, $extensions, $relayState);
+        parent::__construct($issuer, $id, $version, $issueInstant, $destination, $consent, $extensions);
     }
 
 

src/SAML2/XML/samlp/LogoutResponse.php

@@ -36,7 +36,6 @@ final class LogoutResponse extends AbstractStatusResponse
      * @param string|null $destination
      * @param string|null $consent
      * @param \SimpleSAML\SAML2\XML\samlp\Extensions|null $extensions
-     * @param string|null $relayState
      *
      * @throws \Exception
      */
@@ -50,7 +49,6 @@ public function __construct(
         ?string $destination = null,
         ?string $consent = null,
         ?Extensions $extensions = null,
-        ?string $relayState = null,
     ) {
         parent::__construct(
             $status,
@@ -62,7 +60,6 @@ public function __construct(
             $destination,
             $consent,
             $extensions,
-            $relayState,
         );
     }
 

tests/SAML2/HTTPPostTest.php

@@ -78,7 +78,7 @@ public function testResponseParsing(): void
         $this->assertInstanceOf(Response::class, $response);
         $issuer = $response->getIssuer();
         $this->assertEquals('https://engine.test.surfconext.nl/authentication/idp/metadata', $issuer->getContent());
-        $relay = $response->getRelayState();
+        $relay = $hp->getRelayState();
         $this->assertEquals('relaystate001', $relay);
     }
 
@@ -161,14 +161,14 @@ public function testSendAuthnResponse(): void
             issuer: $issuer,
             destination: 'http://example.org/login?success=yes',
         );
-        $response->setRelayState('http://example.org');
         $signer = (new SignatureAlgorithmFactory())->getAlgorithm(
             C::SIG_RSA_SHA256,
             PEMCertificatesMock::getPrivateKey(PEMCertificatesMock::SELFSIGNED_PRIVATE_KEY),
         );
         $response->sign($signer);
 
         $hr = new HTTPPost();
+        $hr->setRelayState('http://example.org');
         $hr->send($response);
     }
 }

tests/SAML2/HTTPRedirectTest.php

@@ -115,7 +115,7 @@ public function testRequestParsingMoreParams(): void
         $hr = new HTTPRedirect();
         $samlrequest = $hr->receive($request);
         $this->assertInstanceOf(AbstractRequest::class, $samlrequest);
-        $relaystate = $samlrequest->getRelayState();
+        $relaystate = $hr->getRelayState();
         $this->assertEquals('https://profile.surfconext.nl/', $relaystate);
     }
 
@@ -138,7 +138,7 @@ public function testSignedRequestParsing(): void
         $hr = new HTTPRedirect();
         $samlrequest = $hr->receive($request);
         $this->assertInstanceOf(AbstractRequest::class, $samlrequest);
-        $relaystate = $samlrequest->getRelayState();
+        $relaystate = $hr->getRelayState();
         $this->assertEquals(
             'https://demo.moo-archive.nl/module.php/admin/test/default-sp',
             $relaystate,
@@ -161,6 +161,7 @@ public function testSignedRequestValidation(): void
         $request = $request->withQueryParams($q);
 
         $hr = new HTTPRedirect();
+        $hr->setRelayState(urlencode($q['RelayState']));
         $samlrequest = $hr->receive($request);
 
         // validate with the correct certificate, should verify
@@ -325,8 +326,9 @@ public function testSendAuthnResponse(): void
             issuer: $issuer,
             destination: 'http://example.org/login?success=yes',
         );
-        $response->setRelayState('http://example.org');
+
         $hr = new HTTPRedirect();
+        $hr->setRelayState('http://example.org');
         $hr->send($response);
     }