Introduce ClaimSetEntityFactory (#258)

Co-authored-by: Marko Ivančić <[email protected]>

Author: cicnavi

src/Factories/ClaimTranslatorExtractorFactory.php

@@ -16,7 +16,7 @@
 
 namespace SimpleSAML\Module\oidc\Factories;
 
-use SimpleSAML\Module\oidc\Entities\ClaimSetEntity;
+use SimpleSAML\Module\oidc\Factories\Entities\ClaimSetEntityFactory;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor;
 
@@ -26,8 +26,10 @@ class ClaimTranslatorExtractorFactory
 
     protected const CONFIG_KEY_MULTIPLE_CLAIM_VALUES_ALLOWED = 'are_multiple_claim_values_allowed';
 
-    public function __construct(private readonly ModuleConfig $moduleConfig)
-    {
+    public function __construct(
+        private readonly ModuleConfig $moduleConfig,
+        private readonly ClaimSetEntityFactory $claimSetEntityFactory,
+    ) {
     }
 
     /**
@@ -57,7 +59,7 @@ public function build(): ClaimTranslatorExtractor
                 $claims = $this->applyPrefixToClaimNames($claims, $prefix);
             }
 
-            $claimSet[] = new ClaimSetEntity($scopeName, $claims);
+            $claimSet[] = $this->claimSetEntityFactory->build($scopeName, $claims);
 
             if ($this->doesScopeAllowMultipleClaimValues($scopeConfig)) {
                 $allowedMultipleValueClaims = array_merge($allowedMultipleValueClaims, $claims);
@@ -66,7 +68,13 @@ public function build(): ClaimTranslatorExtractor
 
         $userIdAttr = $this->moduleConfig->getUserIdentifierAttribute();
 
-        return new ClaimTranslatorExtractor($userIdAttr, $claimSet, $translatorTable, $allowedMultipleValueClaims);
+        return new ClaimTranslatorExtractor(
+            $userIdAttr,
+            $this->claimSetEntityFactory,
+            $claimSet,
+            $translatorTable,
+            $allowedMultipleValueClaims,
+        );
     }
 
     /**

src/Factories/Entities/ClaimSetEntityFactory.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Factories\Entities;
+
+use SimpleSAML\Module\oidc\Entities\ClaimSetEntity;
+
+class ClaimSetEntityFactory
+{
+    public function build(string $scope, array $claims): ClaimSetEntity
+    {
+        return new ClaimSetEntity($scope, $claims);
+    }
+}

src/Services/Container.php

@@ -40,6 +40,7 @@
 use SimpleSAML\Module\oidc\Factories\CryptKeyFactory;
 use SimpleSAML\Module\oidc\Factories\Entities\AccessTokenEntityFactory;
 use SimpleSAML\Module\oidc\Factories\Entities\AuthCodeEntityFactory;
+use SimpleSAML\Module\oidc\Factories\Entities\ClaimSetEntityFactory;
 use SimpleSAML\Module\oidc\Factories\Entities\ClientEntityFactory;
 use SimpleSAML\Module\oidc\Factories\FederationFactory;
 use SimpleSAML\Module\oidc\Factories\FormFactory;
@@ -153,8 +154,12 @@ public function __construct()
         $metadataStorageHandler = MetaDataStorageHandler::getMetadataHandler();
         $this->services[MetaDataStorageHandler::class] = $metadataStorageHandler;
 
+        $claimSetEntityFactory = new ClaimSetEntityFactory();
+        $this->services[ClaimSetEntityFactory::class] = $claimSetEntityFactory;
+
         $claimTranslatorExtractor = (new ClaimTranslatorExtractorFactory(
             $moduleConfig,
+            $claimSetEntityFactory,
         ))->build();
         $this->services[ClaimTranslatorExtractor::class] = $claimTranslatorExtractor;
 

src/Utils/ClaimTranslatorExtractor.php

@@ -25,8 +25,8 @@
 use Lcobucci\JWT\Token\RegisteredClaims;
 use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use RuntimeException;
-use SimpleSAML\Module\oidc\Entities\ClaimSetEntity;
 use SimpleSAML\Module\oidc\Entities\Interfaces\ClaimSetEntityInterface;
+use SimpleSAML\Module\oidc\Factories\Entities\ClaimSetEntityFactory;
 use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
 
 class ClaimTranslatorExtractor
@@ -128,11 +128,12 @@ class ClaimTranslatorExtractor
     /**
      * ClaimTranslatorExtractor constructor.
      *
-     * @param ClaimSetEntity[] $claimSets
+     * @param \SimpleSAML\Module\oidc\Entities\Interfaces\ClaimSetEntityInterface[] $claimSets
      * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
      */
     public function __construct(
         string $userIdAttr,
+        protected readonly ClaimSetEntityFactory $claimSetEntityFactory,
         array $claimSets = [],
         array $translationTable = [],
         protected array $allowedMultiValueClaims = [],
@@ -143,14 +144,14 @@ public function __construct(
 
         $this->translationTable = array_merge($this->translationTable, $translationTable);
 
-        $this->addClaimSet(new ClaimSetEntity('openid', [
+        $this->addClaimSet($this->claimSetEntityFactory->build('openid', [
             'sub',
         ]));
 
         // Add Default OpenID Connect Claims
         // @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
         $this->addClaimSet(
-            new ClaimSetEntity('profile', [
+            $this->claimSetEntityFactory->build('profile', [
                 'name',
                 'family_name',
                 'given_name',
@@ -168,18 +169,18 @@ public function __construct(
             ]),
         );
         $this->addClaimSet(
-            new ClaimSetEntity('email', [
+            $this->claimSetEntityFactory->build('email', [
                 'email',
                 'email_verified',
             ]),
         );
         $this->addClaimSet(
-            new ClaimSetEntity('address', [
+            $this->claimSetEntityFactory->build('address', [
                 'address',
             ]),
         );
         $this->addClaimSet(
-            new ClaimSetEntity('phone', [
+            $this->claimSetEntityFactory->build('phone', [
                 'phone_number',
                 'phone_number_verified',
             ]),

tests/unit/src/Factories/ClaimTranslatorExtractorFactoryTest.php

@@ -5,9 +5,12 @@
 namespace SimpleSAML\Test\Module\oidc\unit\Factories;
 
 use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\MockObject\Stub;
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\Configuration;
+use SimpleSAML\Module\oidc\Entities\ClaimSetEntity;
 use SimpleSAML\Module\oidc\Factories\ClaimTranslatorExtractorFactory;
+use SimpleSAML\Module\oidc\Factories\Entities\ClaimSetEntityFactory;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Utils\ClaimTranslatorExtractor;
 
@@ -17,6 +20,7 @@
 class ClaimTranslatorExtractorFactoryTest extends TestCase
 {
     protected MockObject $moduleConfigMock;
+    protected MockObject $claimSetEntityFactory;
 
     /**
      * @throws \Exception
@@ -62,18 +66,23 @@ protected function setUp(): void
                     ],
                 ],
             );
+
+        $this->claimSetEntityFactory = $this->createMock(ClaimSetEntityFactory::class);
     }
 
-    protected function prepareMockedInstance(): ClaimTranslatorExtractorFactory
+    protected function mock(): ClaimTranslatorExtractorFactory
     {
-        return new ClaimTranslatorExtractorFactory($this->moduleConfigMock);
+        return new ClaimTranslatorExtractorFactory(
+            $this->moduleConfigMock,
+            $this->claimSetEntityFactory,
+        );
     }
 
     public function testCanCreateInstance(): void
     {
         $this->assertInstanceOf(
             ClaimTranslatorExtractorFactory::class,
-            $this->prepareMockedInstance(),
+            $this->mock(),
         );
     }
 
@@ -84,7 +93,7 @@ public function testCanBuildClaimTranslatorExtractor(): void
     {
         $this->assertInstanceOf(
             ClaimTranslatorExtractor::class,
-            $this->prepareMockedInstance()->build(),
+            $this->mock()->build(),
         );
     }
 
@@ -93,7 +102,18 @@ public function testCanBuildClaimTranslatorExtractor(): void
      */
     public function testExtractor(): void
     {
-        $claimTranslatorExtractor = $this->prepareMockedInstance()->build();
+        $this->claimSetEntityFactory->expects($this->atLeastOnce())
+            ->method('build')
+            ->willReturnCallback(
+                function (string $scope, array $claims): Stub {
+                    $claimSetStub = $this->createStub(ClaimSetEntity::class);
+                    $claimSetStub->method('getScope')->willReturn($scope);
+                    $claimSetStub->method('getClaims')->willReturn($claims);
+                    return $claimSetStub;
+                },
+            );
+
+        $claimTranslatorExtractor = $this->mock()->build();
 
         $this->assertSame(
             $claimTranslatorExtractor->getClaimSet('customScope2')->getClaims(),

tests/unit/src/Server/RequestRules/Rules/RequestedClaimsRuleTest.php

@@ -7,7 +7,9 @@
 use PHPUnit\Framework\MockObject\Stub;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\ServerRequestInterface;
+use SimpleSAML\Module\oidc\Entities\ClaimSetEntity;
 use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface;
+use SimpleSAML\Module\oidc\Factories\Entities\ClaimSetEntityFactory;
 use SimpleSAML\Module\oidc\Server\RequestRules\Result;
 use SimpleSAML\Module\oidc\Server\RequestRules\ResultBag;
 use SimpleSAML\Module\oidc\Server\RequestRules\Rules\ClientIdRule;
@@ -28,6 +30,7 @@ class RequestedClaimsRuleTest extends TestCase
     protected Stub $loggerServiceStub;
     protected static string $userIdAttr = 'uid';
     protected Stub $requestParamsResolverStub;
+    protected Stub $claimSetEntityFactoryStub;
 
 
     /**
@@ -42,13 +45,21 @@ protected function setUp(): void
         $this->resultBag->add(new Result(ClientIdRule::class, $this->clientStub));
         $this->loggerServiceStub = $this->createStub(LoggerService::class);
         $this->requestParamsResolverStub = $this->createStub(RequestParamsResolver::class);
+        $this->claimSetEntityFactoryStub = $this->createStub(ClaimSetEntityFactory::class);
+        $this->claimSetEntityFactoryStub->method('build')
+            ->willReturnCallback(function (string $scope, array $claims) {
+                $claimSetEntityStub = $this->createStub(ClaimSetEntity::class);
+                $claimSetEntityStub->method('getScope')->willReturn($scope);
+                $claimSetEntityStub->method('getClaims')->willReturn($claims);
+                return $claimSetEntityStub;
+            });
     }
 
     protected function mock(): RequestedClaimsRule
     {
         return new RequestedClaimsRule(
             $this->requestParamsResolverStub,
-            new ClaimTranslatorExtractor(self::$userIdAttr),
+            new ClaimTranslatorExtractor(self::$userIdAttr, $this->claimSetEntityFactoryStub),
         );
     }
 

tests/unit/src/Server/ResponseTypes/IdTokenResponseTest.php

@@ -21,12 +21,14 @@
 use Lcobucci\JWT\Validation\Validator;
 use League\OAuth2\Server\CryptKey;
 use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\MockObject\Stub;
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\Configuration;
 use SimpleSAML\Module\oidc\Entities\AccessTokenEntity;
 use SimpleSAML\Module\oidc\Entities\ClientEntity;
 use SimpleSAML\Module\oidc\Entities\ScopeEntity;
 use SimpleSAML\Module\oidc\Entities\UserEntity;
+use SimpleSAML\Module\oidc\Factories\Entities\ClaimSetEntityFactory;
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\IdentityProviderInterface;
 use SimpleSAML\Module\oidc\Server\ResponseTypes\IdTokenResponse;
@@ -56,6 +58,7 @@ class IdTokenResponseTest extends TestCase
     protected MockObject $sspConfigurationMock;
     protected CryptKey $privateKey;
     protected IdTokenBuilder $idTokenBuilder;
+    protected Stub $claimSetEntityFactoryStub;
 
     /**
      * @throws \PHPUnit\Framework\MockObject\Exception
@@ -107,9 +110,11 @@ protected function setUp(): void
 
         $this->privateKey = new CryptKey($this->certFolder . '/oidc_module.key', null, false);
 
+        $this->claimSetEntityFactoryStub = $this->createStub(ClaimSetEntityFactory::class);
+
         $this->idTokenBuilder = new IdTokenBuilder(
             new JsonWebTokenBuilderService($this->moduleConfigMock),
-            new ClaimTranslatorExtractor(self::USER_ID_ATTR),
+            new ClaimTranslatorExtractor(self::USER_ID_ATTR, $this->claimSetEntityFactoryStub),
         );
     }