diff --git a/src/OpenConext/EngineBlock/Service/ReleaseAsEnforcer.php b/src/OpenConext/EngineBlock/Service/ReleaseAsEnforcer.php index e4d6b306c..5bf33ade9 100644 --- a/src/OpenConext/EngineBlock/Service/ReleaseAsEnforcer.php +++ b/src/OpenConext/EngineBlock/Service/ReleaseAsEnforcer.php @@ -19,6 +19,7 @@ namespace OpenConext\EngineBlock\Service; use Psr\Log\LoggerInterface; +use function is_null; class ReleaseAsEnforcer implements ReleaseAsEnforcerInterface { @@ -37,6 +38,29 @@ public function enforce(array $attributes, array $releaseAsOverrides) { foreach ($releaseAsOverrides as $oldAttributeName => $overrideValue) { $newAttributeName = $overrideValue[0]['release_as']; + if (!array_key_exists($oldAttributeName, $attributes)) { + $this->logger->warning( + sprintf( + 'Releasing "%s" as "%s" is not possible, "%s" is not in assertion', + $oldAttributeName, + $newAttributeName, + $oldAttributeName + ) + ); + continue; + } + if (is_null($attributes[$oldAttributeName])) { + $this->logger->warning( + sprintf( + 'Releasing "%s" as "%s" is not possible, value for "%s" is null', + $oldAttributeName, + $newAttributeName, + $oldAttributeName + ) + ); + unset($attributes[$oldAttributeName]); + continue; + } $attributeValue = $attributes[$oldAttributeName]; unset($attributes[$oldAttributeName]); $this->logger->notice( diff --git a/tests/unit/OpenConext/EngineBlock/Service/ReleaseAsEnforcerTest.php b/tests/unit/OpenConext/EngineBlock/Service/ReleaseAsEnforcerTest.php index 6d2829342..f00ed4981 100644 --- a/tests/unit/OpenConext/EngineBlock/Service/ReleaseAsEnforcerTest.php +++ b/tests/unit/OpenConext/EngineBlock/Service/ReleaseAsEnforcerTest.php @@ -57,6 +57,18 @@ public function testEnforce($attributes, $releaseAsOverrides, $expectedResult, $ } } + + /** + * @dataProvider enforceDataProviderWarnings + */ + public function testEnforceImpossible($attributes, $releaseAsOverrides, $expectedResult, $expectedLogMessage) + { + + $this->logger->shouldReceive('warning')->with($expectedLogMessage); + $result = $this->enforcer->enforce($attributes, $releaseAsOverrides); + $this->assertEquals($expectedResult, $result); + } + public function enforceDataProvider() { return [ @@ -88,6 +100,34 @@ public function enforceDataProvider() 'Releasing attribute "urn:mace:dir:attribute-def:cn" as "ComonNaam" as specified in the release_as ARP setting' ] ], + 'single attribute override, empty attribute value is allowed' => [ + 'attributes' => [ + "urn:mace:dir:attribute-def:displayName" => ["Ad Doe"], + "urn:mace:dir:attribute-def:cn" => [], + "urn:mace:dir:attribute-def:sn" => ["Doe"], + "urn:mace:dir:attribute-def:givenName" => ["Ad"], + "urn:mace:dir:attribute-def:mail" => ["ad@example.com"] + ], + 'releaseAsOverrides' => [ + "urn:mace:dir:attribute-def:cn" => [ + [ + "value" => "*", + "release_as" => "ComonNaam", + "use_as_nameid" => false + ] + ] + ], + 'expectedResult' => [ + "urn:mace:dir:attribute-def:displayName" => ["Ad Doe"], + "urn:mace:dir:attribute-def:sn" => ["Doe"], + "urn:mace:dir:attribute-def:givenName" => ["Ad"], + "urn:mace:dir:attribute-def:mail" => ["ad@example.com"], + "ComonNaam" => [] + ], + 'expectedLogMessages' => [ + 'Releasing attribute "urn:mace:dir:attribute-def:cn" as "ComonNaam" as specified in the release_as ARP setting' + ] + ], 'multiple attribute overrides' => [ 'attributes' => [ "urn:mace:dir:attribute-def:displayName" => ["John Smith"], @@ -141,4 +181,63 @@ public function enforceDataProvider() ], ]; } + + public function enforceDataProviderWarnings() + { + return [ + 'targeted attribute not in assertion' => [ + 'attributes' => [ + "urn:mace:dir:attribute-def:displayName" => ["Ad Doe"], + "urn:mace:dir:attribute-def:cn" => ["Ad Doe"], + "urn:mace:dir:attribute-def:sn" => ["Doe"], + "urn:mace:dir:attribute-def:givenName" => ["Ad"], + "urn:mace:dir:attribute-def:mail" => ["ad@example.com"], + ], + 'releaseAsOverrides' => [ + "urn:mace:dir:attribute-def:eduPersonTargetedId" => [ + [ + "value" => "*", + "release_as" => "UserName", + "use_as_nameid" => false + ] + ] + ], + 'expectedResult' => [ + "urn:mace:dir:attribute-def:displayName" => ["Ad Doe"], + "urn:mace:dir:attribute-def:cn" => ["Ad Doe"], + "urn:mace:dir:attribute-def:sn" => ["Doe"], + "urn:mace:dir:attribute-def:givenName" => ["Ad"], + "urn:mace:dir:attribute-def:mail" => ["ad@example.com"] + ], + 'expectedLogMessages' => 'Releasing "urn:mace:dir:attribute-def:eduPersonTargetedId" as "UserName" is not possible, "urn:mace:dir:attribute-def:eduPersonTargetedId" is not in assertion' + ], + 'targeted attribute value is set to null in assertion' => [ + 'attributes' => [ + "urn:mace:dir:attribute-def:displayName" => ["Ad Doe"], + "urn:mace:dir:attribute-def:cn" => ["Ad Doe"], + "urn:mace:dir:attribute-def:sn" => ["Doe"], + "urn:mace:dir:attribute-def:eduPersonTargetedId" => null, + "urn:mace:dir:attribute-def:givenName" => ["Ad"], + "urn:mace:dir:attribute-def:mail" => ["ad@example.com"], + ], + 'releaseAsOverrides' => [ + "urn:mace:dir:attribute-def:eduPersonTargetedId" => [ + [ + "value" => "*", + "release_as" => "UserName", + "use_as_nameid" => false + ] + ] + ], + 'expectedResult' => [ + "urn:mace:dir:attribute-def:displayName" => ["Ad Doe"], + "urn:mace:dir:attribute-def:cn" => ["Ad Doe"], + "urn:mace:dir:attribute-def:sn" => ["Doe"], + "urn:mace:dir:attribute-def:givenName" => ["Ad"], + "urn:mace:dir:attribute-def:mail" => ["ad@example.com"] + ], + 'expectedLogMessages' => 'Releasing "urn:mace:dir:attribute-def:eduPersonTargetedId" as "UserName" is not possible, value for "urn:mace:dir:attribute-def:eduPersonTargetedId" is null' + ], + ]; + } }