Add DecisionType-type

tvdijen · tvdijen · commit 17f069d06791 · 2025-06-17T18:31:17.000+02:00
diff --git a/composer.json b/composer.json
@@ -31,7 +31,7 @@
         "psr/http-message": "~2.0",
         "psr/log": "~2.3.1 || ~3.0.0",
         "simplesamlphp/assert": "~1.8.1",
-        "simplesamlphp/xml-common": "dev-feature/xsd-types",
+        "simplesamlphp/xml-common": "dev-master",
         "simplesamlphp/xml-security": "dev-feature/xsd-types",
         "simplesamlphp/xml-soap": "dev-feature/xsd-types"
     },
diff --git a/src/Type/DecisionTypeValue.php b/src/Type/DecisionTypeValue.php
@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\Type;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML2\XML\saml\DecisionTypeEnum;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\Type\StringValue;
+
+use function array_column;
+
+/**
+ * @package simplesamlphp/saml2
+ */
+class DecisionTypeValue extends StringValue
+{
+    /** @var string */
+    public const SCHEMA_TYPE = 'decisionType';
+
+
+    /**
+     * Validate the value.
+     *
+     * @param string $value  The value
+     * @throws \Exception on failure
+     * @return void
+     */
+    protected function validateValue(string $value): void
+    {
+        Assert::oneOf(
+            $this->sanitizeValue($value),
+            array_column(DecisionTypeEnum::cases(), 'value'),
+            SchemaViolationException::class,
+        );
+    }
+
+
+    /**
+     * @param \SimpleSAML\SAML2\XML\saml\DecisionTypeEnum $value
+     * @return static
+     */
+    public static function fromEnum(DecisionTypeEnum $value): static
+    {
+        return new static($value->value);
+    }
+
+
+    /**
+     * @return \SimpleSAML\SAML2\XML\saml\DecisionTypeEnum $value
+     */
+    public function toEnum(): DecisionTypeEnum
+    {
+        return DecisionTypeEnum::from($this->getValue());
+    }
+}
diff --git a/src/XML/Decision.php b/src/XML/Decision.php
diff --git a/src/XML/saml/AuthzDecisionStatement.php b/src/XML/saml/AuthzDecisionStatement.php
@@ -7,9 +7,7 @@
 use DOMElement;
 use SimpleSAML\SAML2\Assert\Assert;
 use SimpleSAML\SAML2\Constants as C;
-use SimpleSAML\SAML2\Exception\ProtocolViolationException;
-use SimpleSAML\SAML2\Type\SAMLStringValue;
-use SimpleSAML\SAML2\XML\Decision;
+use SimpleSAML\SAML2\Type\DecisionTypeValue;
 use SimpleSAML\XML\Exception\{
     InvalidDOMElementException,
     MissingElementException,
@@ -18,10 +16,9 @@
 };
 use SimpleSAML\XML\{SchemaValidatableElementInterface, SchemaValidatableElementTrait};
 use SimpleSAML\XML\Type\AnyURIValue;
-use ValueError;
 
 use function array_pop;
-use function sprintf;
+use function strval;
 
 /**
  * Class representing a SAML2 AuthzDecisionStatement
@@ -35,15 +32,15 @@ final class AuthzDecisionStatement extends AbstractStatementType implements Sche
     /**
      * Initialize an AuthzDecisionStatement.
      *
-     * @param \SimpleSAML\SAML2\Type\SAMLAnyURIValue $resource
-     * @param \SimpleSAML\SAML2\XML\Decision $decision
+     * @param \SimpleSAML\XML\Type\AnyURIValue $resource
+     * @param \SimpleSAML\SAML2\Type\DecisionTypeValue $decision
      * @param \SimpleSAML\SAML2\XML\saml\Action[] $action
      * @param \SimpleSAML\SAML2\XML\saml\Evidence|null $evidence
      */
     public function __construct(
         // Uses the base AnyURIValue because the SAML-specification allows this attribute to be an empty string
         protected AnyURIValue $resource,
-        protected Decision $decision,
+        protected DecisionTypeValue $decision,
         protected array $action,
         protected ?Evidence $evidence = null,
     ) {
@@ -66,9 +63,9 @@ public function getResource(): AnyURIValue
     /**
      * Collect the value of the decision-property
      *
-     * @return \SimpleSAML\SAML2\XML\Decision
+     * @return \SimpleSAML\SAML2\Type\DecisionTypeValue
      */
-    public function getDecision(): Decision
+    public function getDecision(): DecisionTypeValue
     {
         return $this->decision;
     }
@@ -129,16 +126,10 @@ public static function fromXML(DOMElement $xml): static
             TooManyElementsException::class,
         );
 
-        $decision = self::getAttribute($xml, 'Decision', SAMLStringValue::class);
-        try {
-            $decision = Decision::from($decision->getValue());
-        } catch (ValueError) {
-            throw new ProtocolViolationException(sprintf('Unknown value \'%s\' for Decision attribute.', $decision));
-        }
 
         return new static(
             self::getAttribute($xml, 'Resource', AnyURIValue::class),
-            $decision,
+            self::getAttribute($xml, 'Decision', DecisionTypeValue::class),
             $action,
             array_pop($evidence),
         );
@@ -155,8 +146,8 @@ public function toXML(?DOMElement $parent = null): DOMElement
     {
         $e = $this->instantiateParentElement($parent);
 
-        $e->setAttribute('Resource', $this->getResource()->getValue());
-        $e->setAttribute('Decision', $this->getDecision()->value);
+        $e->setAttribute('Resource', strval($this->getResource()));
+        $e->setAttribute('Decision', strval($this->getDecision()));
 
         foreach ($this->getAction() as $action) {
             $action->toXML($e);
diff --git a/src/XML/saml/DecisionTypeEnum.php b/src/XML/saml/DecisionTypeEnum.php
@@ -0,0 +1,12 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML2\XML\saml;
+
+enum DecisionTypeEnum: string
+{
+    case Deny = 'Deny';
+    case Indeterminate = 'Indeterminate';
+    case Permit = 'Permit';
+}
diff --git a/tests/SAML2/Type/DecisionTypeValueTest.php b/tests/SAML2/Type/DecisionTypeValueTest.php
@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML2\Type;
+
+use PHPUnit\Framework\Attributes\{CoversClass, DataProvider, DependsOnClass};
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML2\Type\DecisionTypeValue;
+use SimpleSAML\SAML2\XML\saml\DecisionTypeEnum;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+
+/**
+ * Class \SimpleSAML\Test\SAML2\Type\DecisionTypeValueTest
+ *
+ * @package simplesamlphp/saml2
+ */
+#[CoversClass(DecisionTypeValue::class)]
+final class DecisionTypeValueTest extends TestCase
+{
+    /**
+     * @param string $decisionType
+     * @param bool $expected
+     */
+    #[DataProvider('provideDecisionType')]
+    public function testDecisionTypeValue(string $decisionType, bool $shouldPass): void
+    {
+        try {
+            DecisionTypeValue::fromString($decisionType);
+            $this->assertTrue($shouldPass);
+        } catch (SchemaViolationException $e) {
+            $this->assertFalse($shouldPass);
+        }
+    }
+
+
+    /**
+     * Test helpers
+     */
+    public function testHelpers(): void
+    {
+        $x = DecisionTypeValue::fromEnum(DecisionTypeEnum::Deny);
+        $this->assertEquals(DecisionTypeEnum::Deny, $x->toEnum());
+
+        $y = DecisionTypeValue::fromString('Deny');
+        $this->assertEquals(DecisionTypeEnum::Deny, $y->toEnum());
+    }
+
+
+    /**
+     * @return array<string, array{0: string, 1: string}>
+     */
+    public static function provideDecisionType(): array
+    {
+        return [
+            'deny' => ['Deny', true],
+            'indeterminate' => ['Indeterminate', true],
+            'permit' => ['Permit', true],
+            'undefined' => ['undefined', false],
+            'empty' => ['', false],
+        ];
+    }
+}
diff --git a/tests/SAML2/XML/saml/AuthzDecisionStatementTest.php b/tests/SAML2/XML/saml/AuthzDecisionStatementTest.php
@@ -7,13 +7,13 @@
 use DOMDocument;
 use PHPUnit\Framework\Attributes\{CoversClass, Group};
 use PHPUnit\Framework\TestCase;
-use SimpleSAML\SAML2\Type\{SAMLAnyURIValue, SAMLStringValue};
-use SimpleSAML\SAML2\XML\Decision;
+use SimpleSAML\SAML2\Type\{DecisionTypeValue, SAMLAnyURIValue, SAMLStringValue};
 use SimpleSAML\SAML2\XML\saml\{
     AbstractSamlElement,
     AbstractStatement,
     Action,
     AuthzDecisionStatement,
+    DecisionTypeEnum,
     Evidence,
 };
 use SimpleSAML\XML\DOMDocumentFactory;
@@ -62,7 +62,7 @@ public function testMarshalling(): void
     {
         $authzDecisionStatement = new AuthzDecisionStatement(
             SAMLAnyURIValue::fromString('urn:x-simplesamlphp:resource'),
-            Decision::PERMIT,
+            DecisionTypeValue::fromEnum(DecisionTypeEnum::Permit),
             [
                 new Action(
                     SAMLAnyURIValue::fromString('urn:x-simplesamlphp:namespace'),
