Improve MDUI Logo usage

MKodde · MKodde · commit 436b701937ac · 2023-09-07T15:48:22.000+02:00
The logo is used unsafely in two placed (EnforcePolicy and Mdui) that was addressed here. And then, the test coverage of the Logo element was quite low. And that was also addressed here. See: https://www.pivotaltracker.com/story/show/185540656
diff --git a/library/EngineBlock/Corto/Filter/Command/EnforcePolicy.php b/library/EngineBlock/Corto/Filter/Command/EnforcePolicy.php
@@ -58,10 +58,11 @@ public function execute()
         $policyDecision = $pdp->requestDecisionFor($pdpRequest);
         // The IdP logo is set after getting the PolicyDecision as it would be inappropriate to inject this into the
         // decision request.
-        $policyDecision->setIdpLogo(
-            $this->_identityProvider->getMdui()->getLogo()
-        );
-
+        if ($this->_identityProvider->getMdui()->hasLogo()){
+            $policyDecision->setIdpLogo(
+                $this->_identityProvider->getMdui()->getLogo()
+            );
+        }
         $log->debug("Policy Enforcement Point: PDP decision received.");
 
         $pdpLoas = $policyDecision->getStepupObligations();
diff --git a/src/OpenConext/EngineBlock/Metadata/Logo.php b/src/OpenConext/EngineBlock/Metadata/Logo.php
@@ -19,6 +19,7 @@
 namespace OpenConext\EngineBlock\Metadata;
 
 use JsonSerializable;
+use OpenConext\EngineBlock\Exception\MduiRuntimeException;
 
 /**
  * A SAML2 metadata logo.
@@ -40,9 +41,18 @@ public function __construct($url)
 
     public static function fromJson(array $multiLingualElement): MultilingualElement
     {
+        if (!array_key_exists('url', $multiLingualElement)) {
+            throw new MduiRuntimeException(
+                'Incomplete MDUI Logo data. The URL is missing while serializing the data from JSON'
+            );
+        }
         $element = new self($multiLingualElement['url']);
-        $element->height = $multiLingualElement['height'];
-        $element->width = $multiLingualElement['width'];
+        if (array_key_exists('height', $multiLingualElement)) {
+            $element->height = $multiLingualElement['height'];
+        }
+        if (array_key_exists('width', $multiLingualElement)) {
+            $element->width = $multiLingualElement['width'];
+        }
         return $element;
     }
 
diff --git a/src/OpenConext/EngineBlock/Metadata/Mdui.php b/src/OpenConext/EngineBlock/Metadata/Mdui.php
@@ -126,7 +126,7 @@ public static function fromJson(string $parsedData): Mdui
         if ($parsedData) {
             foreach ($parsedData as $elementName => $multiLingualElement) {
                 // The logo element differs from the other MduiElements, it is constructed in its own fashion
-                if ($elementName === 'Logo') {
+                if ($elementName === 'Logo' && array_key_exists('url', $multiLingualElement)) {
                     $output[$elementName] = Logo::fromJson($multiLingualElement);
                     continue;
                 }
diff --git a/tests/unit/OpenConext/EngineBlock/Metadata/LogoTest.php b/tests/unit/OpenConext/EngineBlock/Metadata/LogoTest.php
@@ -0,0 +1,97 @@
+<?php
+
+/**
+ * Copyright 2023 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace OpenConext\EngineBlock\Metadata;
+
+use JsonSerializable;
+use OpenConext\EngineBlock\Exception\MduiRuntimeException;
+use PHPUnit\Framework\TestCase;
+
+class LogoTest extends TestCase
+{
+    /**
+     * @param string $json
+     * @dataProvider provideCorrectJson
+     */
+    public function test_create_logo_from_json_happy_flow(string $json): void
+    {
+        $jsonData = json_decode($json, true);
+        $logo = Logo::fromJson($jsonData);
+        self::assertInstanceOf(Logo::class, $logo);
+        self::assertInstanceOf(MultilingualElement::class, $logo);
+        self::assertInstanceOf(JsonSerializable::class, $logo);
+        self::assertEquals($jsonData['url'], $logo->url);
+
+        if (array_key_exists('width', $jsonData)) {
+            self::assertEquals($jsonData['width'], $logo->width);
+        }
+        if (array_key_exists('height', $jsonData)) {
+            self::assertEquals($jsonData['height'], $logo->height);
+        }
+        self::assertIsArray($logo->jsonSerialize());
+    }
+
+    /**
+     * @param string $json
+     * @dataProvider provideUrlMissingJson
+     */
+    public function test_create_logo_from_json_requires_url(string $json): void
+    {
+        self::expectException(MduiRuntimeException::class);
+        self::expectExceptionMessage(
+            'Incomplete MDUI Logo data. The URL is missing while serializing the data from JSON'
+        );
+        Logo::fromJson(json_decode($json, true));
+    }
+
+    public function test_logo_can_not_be_translated()
+    {
+        self::expectException(MduiRuntimeException::class);
+        self::expectExceptionMessage('We do not implement the Mdui Logo in a multilingual fashion');
+        $logo = Logo::fromJson(['url' => 'https://foobar.example.com']);
+        $logo->translate('en');
+    }
+
+    public function test_primary_language_is_en()
+    {
+        $logo = Logo::fromJson(['url' => 'https://foobar.example.com']);
+        $lang = $logo->getConfiguredLanguages();
+        self::assertEquals(['en'], $lang);
+
+    }
+
+    public function provideCorrectJson()
+    {
+        return [
+            'all data present' => ['{"url": "https://logo.example.com/logo.gif", "height": 12, "width": 50}'],
+            'only url set' => ['{"url": "https://logo.example.com/logo.gif"}'],
+            'only logo and width' => ['{"url": "https://logo.example.com/logo.gif", "width": 50}'],
+            'only logo and height' => ['{"url": "https://logo.example.com/logo.gif", "height": 50}'],
+            'additional data is ignored' => ['{"url": "https://logo.example.com/logo.gif", "height": 50, "widtf": 50}'],
+            'url is not validated' => ['{"url": "you are elle", "height": 50, "width": 50}'],
+        ];
+    }
+
+    public function provideUrlMissingJson()
+    {
+        return [
+            'url not present' => ['{"height": 12, "width": 50}'],
+            'url misspelled' => ['{"ulr": "you are elle", "height": 12, "width": 50}'],
+        ];
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ public static function fromJson(string $parsedData): Mdui`
`126`	`126`	`if ($parsedData) {`
`127`	`127`	`foreach ($parsedData as $elementName => $multiLingualElement) {`
`128`	`128`	`// The logo element differs from the other MduiElements, it is constructed in its own fashion`
`129`		`- if ($elementName === 'Logo') {`
	`129`	`+ if ($elementName === 'Logo' && array_key_exists('url', $multiLingualElement)) {`
`130`	`130`	`$output[$elementName] = Logo::fromJson($multiLingualElement);`
`131`	`131`	`continue;`
`132`	`132`	`}`