mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
23a12b2ab0
See https://goo.gl/zuku4E. > The most obvious remediation here is ensuring your SAML library is extracting the full text of a given XML element when comments are present. Our implementation asks for the innerxml of the NameID field, so it returns the entire text including the comment (See https://goo.gl/KLLXof). By default Go's XML parsing would return the text not including the comment (but including further text after the comment). Both of these options prevent the vulnerability.
55 lines
30 KiB
Go
55 lines
30 KiB
Go
package sso
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestDecodeSuccessfulSalesforceResponse(t *testing.T) {
|
|
samlResponse := `PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvYXBpL3YxL2tvbGlkZS9zc28vY2FsbGJhY2siIElEPSJfNTJmMjUxNWM1MzE5ZjJhZGYzZjA3MmQ5ZDlmMmI2ODgxNDkzMzA1Mzk2NzQ2IiBJblJlc3BvbnNlVG89IjQ5ODJiNDMwLTczZTEtNGFkMi04ODVhLTRhNzc1YTkxZjgyMCIgSXNzdWVJbnN0YW50PSIyMDE3LTA0LTI3VDE1OjAzOjE2Ljc0N1oiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2tvbGlkZS1kZXYtZWQubXkuc2FsZXNmb3JjZS5jb208L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgo8ZHM6UmVmZXJlbmNlIFVSST0iI181MmYyNTE1YzUzMTlmMmFkZjNmMDcyZDlkOWYyYjY4ODE0OTMzMDUzOTY3NDYiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9ImRzIHNhbWwgc2FtbHAgeHMgeHNpIi8+PC9kczpUcmFuc2Zvcm0+CjwvZHM6VHJhbnNmb3Jtcz4KPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CjxkczpEaWdlc3RWYWx1ZT5zeUtBOXhlNHZMSitXMVd4WXJURFY4Z2pYZGM9PC9kczpEaWdlc3RWYWx1ZT4KPC9kczpSZWZlcmVuY2U+CjwvZHM6U2lnbmVkSW5mbz4KPGRzOlNpZ25hdHVyZVZhbHVlPgpTSFhORW5SbFJtVE9wZ2ZBdFMxNFZOd0FGbXpSOHUyM3JMTmNyL0s4T2g1ZTNsOUxUdGJMOVF0dkxzeVlOVUZvaXpEczRmYkhmeUJICkRjQkQzekNFWEZWbnZTKzNUQTNTcFVNSCs0dXNkVHNMa1JoUzFLNUlyYS9NSy9hdW1SNDNJZE1GaWxNY2VjRjhKNFlBYmxSdEpJeWgKS3ZTZDFWS3VrVW9URHY3WU9NRXdjbzRoeHpMK2dWckU5SHpIZkF2L2ZTeXhPTVhvaEVITFBPOFFlZEJzWDRaS0lyNFp1T1B1VmlpSgpBdSswMUE4QU8wMWdiWld1WG1US21JL1dESDY2dEJRVWNQUkYyUkJXd3Z6aXJwWTg2TjRTZHY1OFZMZE01SU1hL2hodkxITU9IbEdNCitrRVJyN0txTGhNTkZUVHc5Vm5veWJCbW5pUjBpb0FnMmx3cFpBPT0KPC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJRXJEQ0NBNVNnQXdJQkFnSU9BVnVoSDNXa0FBQUFBQjVOcHZJd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pBeEtEQW1CZ05WQkFNTQpIMU5sYkdaVGFXZHVaV1JEWlhKMFh6STBRWEJ5TWpBeE4xOHhPREF3TkRReEdEQVdCZ05WQkFzTUR6QXdSRFpCTURBd01EQXdNVGQwCk9ERVhNQlVHQTFVRUNnd09VMkZzWlhObWIzSmpaUzVqYjIweEZqQVVCZ05WQkFjTURWTmhiaUJHY21GdVkybHpZMjh4Q3pBSkJnTlYKQkFnTUFrTkJNUXd3Q2dZRFZRUUdFd05WVTBFd0hoY05NVGN3TkRJME1UZ3dNRFExV2hjTk1UZ3dOREkwTVRJd01EQXdXakNCa0RFbwpNQ1lHQTFVRUF3d2ZVMlZzWmxOcFoyNWxaRU5sY25SZk1qUkJjSEl5TURFM1h6RTRNREEwTkRFWU1CWUdBMVVFQ3d3UE1EQkVOa0V3Ck1EQXdNREF4TjNRNE1SY3dGUVlEVlFRS0RBNVRZV3hsYzJadmNtTmxMbU52YlRFV01CUUdBMVVFQnd3TlUyRnVJRVp5WVc1amFYTmoKYnpFTE1Ba0dBMVVFQ0F3Q1EwRXhEREFLQmdOVkJBWVRBMVZUUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUlPUjdoOEJGMmVGT2xRSGhWLzFTN3VPQk4yMkp2N1BEQ1hNejJmVTB1TGMrbXJ2OXhER2o2RWxmVys5ZFNkWGFDYlF6RDMrClhxNHJlUzRwWVJhZkpaLzI3T3R5Z1hsM3Jwb1BqU2xoUmlXK29ZVnVEY0NVUkpwdTBLdVo0STBmbTVxMUJEWXF4Y0J4TlBTZTg1T0gKRTMrdWNtS3F2UG96aFFnWUxQQ3JlZ01Jb21DM3l5QU5abkxDb0dmQ3Y5VHBRbDYvK0kxODJ0U1Q0V1BOaFZQeEt4aWpvUFU0Umg2eApZMzRFejgrSnI4S2Rtem1ZU05lNHVra0lBU3BscHZHN3JLa2E4MjRIZjh6STFCV25qV0xEeGI1SUF4Z1VCYmRyNHg4ZDhDM2tQZlRmCiszLzZ5QzV3U09tOU5TczBCQTRPSk5vd3RYWkZyeU16RmZYekR6amw2OWtDQXdFQUFhT0NBUUF3Z2Ywd0hRWURWUjBPQkJZRUZPK0QKa29QNnFreXNpOVpDNzR5VFB1SlZWZzJ5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3Z2NvR0ExVWRJd1NCd2pDQnY0QVU3NE9TZy9xcQpUS3lMMWtMdmpKTSs0bFZXRGJLaGdaYWtnWk13Z1pBeEtEQW1CZ05WQkFNTUgxTmxiR1pUYVdkdVpXUkRaWEowWHpJMFFYQnlNakF4Ck4xOHhPREF3TkRReEdEQVdCZ05WQkFzTUR6QXdSRFpCTURBd01EQXdNVGQwT0RFWE1CVUdBMVVFQ2d3T1UyRnNaWE5tYjNKalpTNWoKYjIweEZqQVVCZ05WQkFjTURWTmhiaUJHY21GdVkybHpZMjh4Q3pBSkJnTlZCQWdNQWtOQk1Rd3dDZ1lEVlFRR0V3TlZVMEdDRGdGYgpvUjkxcEFBQUFBQWVUYWJ5TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBVmhZQnY1R0p2aGx0a3MyajdaYzl3ZEZIVzd5QjQvaFBGCm8wNXkweWlPZjcxdExqT2xCdWNTeXh0bVhMUGpyRUNKdklKd0toc0FJZ1lYblZwN2RpdHhmYXVDY3hjekpnZmVMMS9keEgvR2U4ZVAKa21INlNkc083MWNKTDhkWEV6T3NvRitQQVZRelVocWg4enhJaXBudEwwd3dOR1REMHpJVlFlVFNvem0wS0YwU3NTSElmYk55Mjc5dQpSZUdvbkM2MWk0T3VrNUFNS0E3UmU5ZlZlVXM2dHFNMmF0MjJoOVphai9yL09oWG9EY1poemtkOFdxMEVSL1VLTFpBMUN5Skhnd09DCjdSRUVaT3VLcnFnZldjWXQ0ZEdvNXE2Z3FHSEhQTXYwTjdzL014cUN2SkN3R0E4ZUpHdk9PNTZJMzIxdmhXSFE2WlNKRFdVcVFGTS8KWmU3QTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzlmZmFkOTBhYjM2N2YzMmE1MmI3NDlkNWM0YjJiN2RmMTQ5MzMwNTM5Njc0OSIgSXNzdWVJbnN0YW50PSIyMDE3LTA0LTI3VDE1OjAzOjE2Ljc0OVoiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2tvbGlkZS1kZXYtZWQubXkuc2FsZXNmb3JjZS5jb208L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgo8ZHM6UmVmZXJlbmNlIFVSST0iI185ZmZhZDkwYWIzNjdmMzJhNTJiNzQ5ZDVjNGIyYjdkZjE0OTMzMDUzOTY3NDkiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9ImRzIHNhbWwgeHMgeHNpIi8+PC9kczpUcmFuc2Zvcm0+CjwvZHM6VHJhbnNmb3Jtcz4KPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CjxkczpEaWdlc3RWYWx1ZT5CT2htcWtkLy9LWUJtQkpJWmZVcWdFeDZpTGM9PC9kczpEaWdlc3RWYWx1ZT4KPC9kczpSZWZlcmVuY2U+CjwvZHM6U2lnbmVkSW5mbz4KPGRzOlNpZ25hdHVyZVZhbHVlPgpVYVN5ZVBvUWROYzhBcGNMN0FrN05oV3VaWTlpbG1xYkpEYmtJRmpmWW9pa1BXcGlxcTBaNURIeFBWQ0hnUmk0MktDOW9jbFhQaldoCnY4YWNCWnJNWmxxbjB5VmFFZVZ3b3pjS1lHd3hoN21oblduVTJ6cmQ0aG5uZkRaYnd5VTNwY2hVVk5YeW5kUG1md25SUjh3QkRjSUQKKy91TDEwdTZ6QnpHYnR6dngxckczM09kOGY0aCtSRERPVFJWWDFpVkt3NXBibnZqcnJZY1kxZ3FJNU9RS0Jva2kxWDZMaFpFNHFrNQo3N0RHM1U5WjNxdXQyR1RZenVwUnA5bnN6Yk92MWwwalh1YXZ5Kzk0elozSzNvcWVMTkgzWlcxZkI4WEc4YjNuWDlyRkVZenRvNUNRClNTUWFVeXBBbGptZzlYcm1mVm9salVEcGFiUldLV2kwZWlFdnhRPT0KPC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJRXJEQ0NBNVNnQXdJQkFnSU9BVnVoSDNXa0FBQUFBQjVOcHZJd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z1pBeEtEQW1CZ05WQkFNTQpIMU5sYkdaVGFXZHVaV1JEWlhKMFh6STBRWEJ5TWpBeE4xOHhPREF3TkRReEdEQVdCZ05WQkFzTUR6QXdSRFpCTURBd01EQXdNVGQwCk9ERVhNQlVHQTFVRUNnd09VMkZzWlhObWIzSmpaUzVqYjIweEZqQVVCZ05WQkFjTURWTmhiaUJHY21GdVkybHpZMjh4Q3pBSkJnTlYKQkFnTUFrTkJNUXd3Q2dZRFZRUUdFd05WVTBFd0hoY05NVGN3TkRJME1UZ3dNRFExV2hjTk1UZ3dOREkwTVRJd01EQXdXakNCa0RFbwpNQ1lHQTFVRUF3d2ZVMlZzWmxOcFoyNWxaRU5sY25SZk1qUkJjSEl5TURFM1h6RTRNREEwTkRFWU1CWUdBMVVFQ3d3UE1EQkVOa0V3Ck1EQXdNREF4TjNRNE1SY3dGUVlEVlFRS0RBNVRZV3hsYzJadmNtTmxMbU52YlRFV01CUUdBMVVFQnd3TlUyRnVJRVp5WVc1amFYTmoKYnpFTE1Ba0dBMVVFQ0F3Q1EwRXhEREFLQmdOVkJBWVRBMVZUUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUlPUjdoOEJGMmVGT2xRSGhWLzFTN3VPQk4yMkp2N1BEQ1hNejJmVTB1TGMrbXJ2OXhER2o2RWxmVys5ZFNkWGFDYlF6RDMrClhxNHJlUzRwWVJhZkpaLzI3T3R5Z1hsM3Jwb1BqU2xoUmlXK29ZVnVEY0NVUkpwdTBLdVo0STBmbTVxMUJEWXF4Y0J4TlBTZTg1T0gKRTMrdWNtS3F2UG96aFFnWUxQQ3JlZ01Jb21DM3l5QU5abkxDb0dmQ3Y5VHBRbDYvK0kxODJ0U1Q0V1BOaFZQeEt4aWpvUFU0Umg2eApZMzRFejgrSnI4S2Rtem1ZU05lNHVra0lBU3BscHZHN3JLa2E4MjRIZjh6STFCV25qV0xEeGI1SUF4Z1VCYmRyNHg4ZDhDM2tQZlRmCiszLzZ5QzV3U09tOU5TczBCQTRPSk5vd3RYWkZyeU16RmZYekR6amw2OWtDQXdFQUFhT0NBUUF3Z2Ywd0hRWURWUjBPQkJZRUZPK0QKa29QNnFreXNpOVpDNzR5VFB1SlZWZzJ5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3Z2NvR0ExVWRJd1NCd2pDQnY0QVU3NE9TZy9xcQpUS3lMMWtMdmpKTSs0bFZXRGJLaGdaYWtnWk13Z1pBeEtEQW1CZ05WQkFNTUgxTmxiR1pUYVdkdVpXUkRaWEowWHpJMFFYQnlNakF4Ck4xOHhPREF3TkRReEdEQVdCZ05WQkFzTUR6QXdSRFpCTURBd01EQXdNVGQwT0RFWE1CVUdBMVVFQ2d3T1UyRnNaWE5tYjNKalpTNWoKYjIweEZqQVVCZ05WQkFjTURWTmhiaUJHY21GdVkybHpZMjh4Q3pBSkJnTlZCQWdNQWtOQk1Rd3dDZ1lEVlFRR0V3TlZVMEdDRGdGYgpvUjkxcEFBQUFBQWVUYWJ5TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBVmhZQnY1R0p2aGx0a3MyajdaYzl3ZEZIVzd5QjQvaFBGCm8wNXkweWlPZjcxdExqT2xCdWNTeXh0bVhMUGpyRUNKdklKd0toc0FJZ1lYblZwN2RpdHhmYXVDY3hjekpnZmVMMS9keEgvR2U4ZVAKa21INlNkc083MWNKTDhkWEV6T3NvRitQQVZRelVocWg4enhJaXBudEwwd3dOR1REMHpJVlFlVFNvem0wS0YwU3NTSElmYk55Mjc5dQpSZUdvbkM2MWk0T3VrNUFNS0E3UmU5ZlZlVXM2dHFNMmF0MjJoOVphai9yL09oWG9EY1poemtkOFdxMEVSL1VLTFpBMUN5Skhnd09DCjdSRUVaT3VLcnFnZldjWXQ0ZEdvNXE2Z3FHSEhQTXYwTjdzL014cUN2SkN3R0E4ZUpHdk9PNTZJMzIxdmhXSFE2WlNKRFdVcVFGTS8KWmU3QTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPmpvaG5Aa29saWRlLmNvPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSI0OTgyYjQzMC03M2UxLTRhZDItODg1YS00YTc3NWE5MWY4MjAiIE5vdE9uT3JBZnRlcj0iMjAxNy0wNC0yN1QxNTowODoxNi43NjBaIiBSZWNpcGllbnQ9Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvYXBpL3YxL2tvbGlkZS9zc28vY2FsbGJhY2siLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNy0wNC0yN1QxNTowMjo0Ni43NjBaIiBOb3RPbk9yQWZ0ZXI9IjIwMTctMDQtMjdUMTU6MDg6MTYuNzYwWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5rb2xpZGU8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE3LTA0LTI3VDE1OjAzOjE2Ljc1MFoiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3Nlczp1bnNwZWNpZmllZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVzZXJJZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6YW55VHlwZSI+MDA1NkEwMDAwMDBRNlJsPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVzZXJuYW1lIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czphbnlUeXBlIj5qb2huQGtvbGlkZS5jbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlbWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6YW55VHlwZSI+am9obkBrb2xpZGUuY288L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iaXNfcG9ydGFsX3VzZXIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOmFueVR5cGUiPmZhbHNlPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+`
|
|
auth, err := DecodeAuthResponse(samlResponse)
|
|
require.Nil(t, err)
|
|
require.NotNil(t, auth)
|
|
info, ok := auth.(*resp)
|
|
require.True(t, ok)
|
|
status, err := info.status()
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, Success, status)
|
|
assert.Equal(t, "john@kolide.co", auth.UserID())
|
|
}
|
|
|
|
func TestDecodeWithCommentInName(t *testing.T) {
|
|
// Testing for vuln described at
|
|
// https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
|
|
// Relevant XML snippets:
|
|
// <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
// <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john@kol<!---->ide.co</saml:NameID>
|
|
samlResponse := `PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvYXBpL3YxL2tvbGlkZS9zc28vY2FsbGJhY2siIElEPSJfNTJmMjUxNWM1MzE5ZjJhZGYzZjA3MmQ5ZDlmMmI2ODgxNDkzMzA1Mzk2NzQ2IiBJblJlc3BvbnNlVG89IjQ5ODJiNDMwLTczZTEtNGFkMi04ODVhLTRhNzc1YTkxZjgyMCIgSXNzdWVJbnN0YW50PSIyMDE3LTA0LTI3VDE1OjAzOjE2Ljc0N1oiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2tvbGlkZS1kZXYtZWQubXkuc2FsZXNmb3JjZS5jb208L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KPGRzOlNpZ25lZEluZm8+DQo8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KPGRzOlJlZmVyZW5jZSBVUkk9IiNfNTJmMjUxNWM1MzE5ZjJhZGYzZjA3MmQ5ZDlmMmI2ODgxNDkzMzA1Mzk2NzQ2Ij4NCjxkczpUcmFuc2Zvcm1zPg0KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+DQo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48ZWM6SW5jbHVzaXZlTmFtZXNwYWNlcyB4bWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJkcyBzYW1sIHNhbWxwIHhzIHhzaSIvPjwvZHM6VHJhbnNmb3JtPg0KPC9kczpUcmFuc2Zvcm1zPg0KPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+DQo8ZHM6RGlnZXN0VmFsdWU+c3lLQTl4ZTR2TEorVzFXeFlyVERWOGdqWGRjPTwvZHM6RGlnZXN0VmFsdWU+DQo8L2RzOlJlZmVyZW5jZT4NCjwvZHM6U2lnbmVkSW5mbz4NCjxkczpTaWduYXR1cmVWYWx1ZT4NClNIWE5FblJsUm1UT3BnZkF0UzE0Vk53QUZtelI4dTIzckxOY3IvSzhPaDVlM2w5TFR0Ykw5UXR2THN5WU5VRm9pekRzNGZiSGZ5QkgNCkRjQkQzekNFWEZWbnZTKzNUQTNTcFVNSCs0dXNkVHNMa1JoUzFLNUlyYS9NSy9hdW1SNDNJZE1GaWxNY2VjRjhKNFlBYmxSdEpJeWgNCkt2U2QxVkt1a1VvVER2N1lPTUV3Y280aHh6TCtnVnJFOUh6SGZBdi9mU3l4T01Yb2hFSExQTzhRZWRCc1g0WktJcjRadU9QdVZpaUoNCkF1KzAxQThBTzAxZ2JaV3VYbVRLbUkvV0RINjZ0QlFVY1BSRjJSQld3dnppcnBZODZONFNkdjU4VkxkTTVJTWEvaGh2TEhNT0hsR00NCitrRVJyN0txTGhNTkZUVHc5Vm5veWJCbW5pUjBpb0FnMmx3cFpBPT0NCjwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFckRDQ0E1U2dBd0lCQWdJT0FWdWhIM1drQUFBQUFCNU5wdkl3RFFZSktvWklodmNOQVFFTEJRQXdnWkF4S0RBbUJnTlZCQU1NDQpIMU5sYkdaVGFXZHVaV1JEWlhKMFh6STBRWEJ5TWpBeE4xOHhPREF3TkRReEdEQVdCZ05WQkFzTUR6QXdSRFpCTURBd01EQXdNVGQwDQpPREVYTUJVR0ExVUVDZ3dPVTJGc1pYTm1iM0pqWlM1amIyMHhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVZMmx6WTI4eEN6QUpCZ05WDQpCQWdNQWtOQk1Rd3dDZ1lEVlFRR0V3TlZVMEV3SGhjTk1UY3dOREkwTVRnd01EUTFXaGNOTVRnd05ESTBNVEl3TURBd1dqQ0JrREVvDQpNQ1lHQTFVRUF3d2ZVMlZzWmxOcFoyNWxaRU5sY25SZk1qUkJjSEl5TURFM1h6RTRNREEwTkRFWU1CWUdBMVVFQ3d3UE1EQkVOa0V3DQpNREF3TURBeE4zUTRNUmN3RlFZRFZRUUtEQTVUWVd4bGMyWnZjbU5sTG1OdmJURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qDQpiekVMTUFrR0ExVUVDQXdDUTBFeEREQUtCZ05WQkFZVEExVlRRVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DDQpnZ0VCQUlPUjdoOEJGMmVGT2xRSGhWLzFTN3VPQk4yMkp2N1BEQ1hNejJmVTB1TGMrbXJ2OXhER2o2RWxmVys5ZFNkWGFDYlF6RDMrDQpYcTRyZVM0cFlSYWZKWi8yN090eWdYbDNycG9QalNsaFJpVytvWVZ1RGNDVVJKcHUwS3VaNEkwZm01cTFCRFlxeGNCeE5QU2U4NU9IDQpFMyt1Y21LcXZQb3poUWdZTFBDcmVnTUlvbUMzeXlBTlpuTENvR2ZDdjlUcFFsNi8rSTE4MnRTVDRXUE5oVlB4S3hpam9QVTRSaDZ4DQpZMzRFejgrSnI4S2Rtem1ZU05lNHVra0lBU3BscHZHN3JLa2E4MjRIZjh6STFCV25qV0xEeGI1SUF4Z1VCYmRyNHg4ZDhDM2tQZlRmDQorMy82eUM1d1NPbTlOU3MwQkE0T0pOb3d0WFpGcnlNekZmWHpEempsNjlrQ0F3RUFBYU9DQVFBd2dmMHdIUVlEVlIwT0JCWUVGTytEDQprb1A2cWt5c2k5WkM3NHlUUHVKVlZnMnlNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdnY29HQTFVZEl3U0J3akNCdjRBVTc0T1NnL3FxDQpUS3lMMWtMdmpKTSs0bFZXRGJLaGdaYWtnWk13Z1pBeEtEQW1CZ05WQkFNTUgxTmxiR1pUYVdkdVpXUkRaWEowWHpJMFFYQnlNakF4DQpOMTh4T0RBd05EUXhHREFXQmdOVkJBc01EekF3UkRaQk1EQXdNREF3TVRkME9ERVhNQlVHQTFVRUNnd09VMkZzWlhObWIzSmpaUzVqDQpiMjB4RmpBVUJnTlZCQWNNRFZOaGJpQkdjbUZ1WTJselkyOHhDekFKQmdOVkJBZ01Ba05CTVF3d0NnWURWUVFHRXdOVlUwR0NEZ0ZiDQpvUjkxcEFBQUFBQWVUYWJ5TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBVmhZQnY1R0p2aGx0a3MyajdaYzl3ZEZIVzd5QjQvaFBGDQpvMDV5MHlpT2Y3MXRMak9sQnVjU3l4dG1YTFBqckVDSnZJSndLaHNBSWdZWG5WcDdkaXR4ZmF1Q2N4Y3pKZ2ZlTDEvZHhIL0dlOGVQDQprbUg2U2RzTzcxY0pMOGRYRXpPc29GK1BBVlF6VWhxaDh6eElpcG50TDB3d05HVEQweklWUWVUU296bTBLRjBTc1NISWZiTnkyNzl1DQpSZUdvbkM2MWk0T3VrNUFNS0E3UmU5ZlZlVXM2dHFNMmF0MjJoOVphai9yL09oWG9EY1poemtkOFdxMEVSL1VLTFpBMUN5Skhnd09DDQo3UkVFWk91S3JxZ2ZXY1l0NGRHbzVxNmdxR0hIUE12ME43cy9NeHFDdkpDd0dBOGVKR3ZPTzU2STMyMXZoV0hRNlpTSkRXVXFRRk0vDQpaZTdBPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfOWZmYWQ5MGFiMzY3ZjMyYTUyYjc0OWQ1YzRiMmI3ZGYxNDkzMzA1Mzk2NzQ5IiBJc3N1ZUluc3RhbnQ9IjIwMTctMDQtMjdUMTU6MDM6MTYuNzQ5WiIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmh0dHBzOi8va29saWRlLWRldi1lZC5teS5zYWxlc2ZvcmNlLmNvbTwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6U2lnbmVkSW5mbz4NCjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQo8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQo8ZHM6UmVmZXJlbmNlIFVSST0iI185ZmZhZDkwYWIzNjdmMzJhNTJiNzQ5ZDVjNGIyYjdkZjE0OTMzMDUzOTY3NDkiPg0KPGRzOlRyYW5zZm9ybXM+DQo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4NCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9ImRzIHNhbWwgeHMgeHNpIi8+PC9kczpUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCjxkczpEaWdlc3RWYWx1ZT5CT2htcWtkLy9LWUJtQkpJWmZVcWdFeDZpTGM9PC9kczpEaWdlc3RWYWx1ZT4NCjwvZHM6UmVmZXJlbmNlPg0KPC9kczpTaWduZWRJbmZvPg0KPGRzOlNpZ25hdHVyZVZhbHVlPg0KVWFTeWVQb1FkTmM4QXBjTDdBazdOaFd1Wlk5aWxtcWJKRGJrSUZqZllvaWtQV3BpcXEwWjVESHhQVkNIZ1JpNDJLQzlvY2xYUGpXaA0KdjhhY0Jack1abHFuMHlWYUVlVndvemNLWUd3eGg3bWhuV25VMnpyZDRobm5mRFpid3lVM3BjaFVWTlh5bmRQbWZ3blJSOHdCRGNJRA0KKy91TDEwdTZ6QnpHYnR6dngxckczM09kOGY0aCtSRERPVFJWWDFpVkt3NXBibnZqcnJZY1kxZ3FJNU9RS0Jva2kxWDZMaFpFNHFrNQ0KNzdERzNVOVozcXV0MkdUWXp1cFJwOW5zemJPdjFsMGpYdWF2eSs5NHpaM0szb3FlTE5IM1pXMWZCOFhHOGIzblg5ckZFWXp0bzVDUQ0KU1NRYVV5cEFsam1nOVhybWZWb2xqVURwYWJSV0tXaTBlaUV2eFE9PQ0KPC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUVyRENDQTVTZ0F3SUJBZ0lPQVZ1aEgzV2tBQUFBQUI1TnB2SXdEUVlKS29aSWh2Y05BUUVMQlFBd2daQXhLREFtQmdOVkJBTU0NCkgxTmxiR1pUYVdkdVpXUkRaWEowWHpJMFFYQnlNakF4TjE4eE9EQXdORFF4R0RBV0JnTlZCQXNNRHpBd1JEWkJNREF3TURBd01UZDANCk9ERVhNQlVHQTFVRUNnd09VMkZzWlhObWIzSmpaUzVqYjIweEZqQVVCZ05WQkFjTURWTmhiaUJHY21GdVkybHpZMjh4Q3pBSkJnTlYNCkJBZ01Ba05CTVF3d0NnWURWUVFHRXdOVlUwRXdIaGNOTVRjd05ESTBNVGd3TURRMVdoY05NVGd3TkRJME1USXdNREF3V2pDQmtERW8NCk1DWUdBMVVFQXd3ZlUyVnNabE5wWjI1bFpFTmxjblJmTWpSQmNISXlNREUzWHpFNE1EQTBOREVZTUJZR0ExVUVDd3dQTURCRU5rRXcNCk1EQXdNREF4TjNRNE1SY3dGUVlEVlFRS0RBNVRZV3hsYzJadmNtTmxMbU52YlRFV01CUUdBMVVFQnd3TlUyRnVJRVp5WVc1amFYTmoNCmJ6RUxNQWtHQTFVRUNBd0NRMEV4RERBS0JnTlZCQVlUQTFWVFFUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0MNCmdnRUJBSU9SN2g4QkYyZUZPbFFIaFYvMVM3dU9CTjIySnY3UERDWE16MmZVMHVMYyttcnY5eERHajZFbGZXKzlkU2RYYUNiUXpEMysNClhxNHJlUzRwWVJhZkpaLzI3T3R5Z1hsM3Jwb1BqU2xoUmlXK29ZVnVEY0NVUkpwdTBLdVo0STBmbTVxMUJEWXF4Y0J4TlBTZTg1T0gNCkUzK3VjbUtxdlBvemhRZ1lMUENyZWdNSW9tQzN5eUFOWm5MQ29HZkN2OVRwUWw2LytJMTgydFNUNFdQTmhWUHhLeGlqb1BVNFJoNngNClkzNEV6OCtKcjhLZG16bVlTTmU0dWtrSUFTcGxwdkc3cktrYTgyNEhmOHpJMUJXbmpXTER4YjVJQXhnVUJiZHI0eDhkOEMza1BmVGYNCiszLzZ5QzV3U09tOU5TczBCQTRPSk5vd3RYWkZyeU16RmZYekR6amw2OWtDQXdFQUFhT0NBUUF3Z2Ywd0hRWURWUjBPQkJZRUZPK0QNCmtvUDZxa3lzaTlaQzc0eVRQdUpWVmcyeU1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d2djb0dBMVVkSXdTQndqQ0J2NEFVNzRPU2cvcXENClRLeUwxa0x2akpNKzRsVldEYktoZ1pha2daTXdnWkF4S0RBbUJnTlZCQU1NSDFObGJHWlRhV2R1WldSRFpYSjBYekkwUVhCeU1qQXgNCk4xOHhPREF3TkRReEdEQVdCZ05WQkFzTUR6QXdSRFpCTURBd01EQXdNVGQwT0RFWE1CVUdBMVVFQ2d3T1UyRnNaWE5tYjNKalpTNWoNCmIyMHhGakFVQmdOVkJBY01EVk5oYmlCR2NtRnVZMmx6WTI4eEN6QUpCZ05WQkFnTUFrTkJNUXd3Q2dZRFZRUUdFd05WVTBHQ0RnRmINCm9SOTFwQUFBQUFBZVRhYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFWaFlCdjVHSnZobHRrczJqN1pjOXdkRkhXN3lCNC9oUEYNCm8wNXkweWlPZjcxdExqT2xCdWNTeXh0bVhMUGpyRUNKdklKd0toc0FJZ1lYblZwN2RpdHhmYXVDY3hjekpnZmVMMS9keEgvR2U4ZVANCmttSDZTZHNPNzFjSkw4ZFhFek9zb0YrUEFWUXpVaHFoOHp4SWlwbnRMMHd3TkdURDB6SVZRZVRTb3ptMEtGMFNzU0hJZmJOeTI3OXUNClJlR29uQzYxaTRPdWs1QU1LQTdSZTlmVmVVczZ0cU0yYXQyMmg5WmFqL3IvT2hYb0RjWmh6a2Q4V3EwRVIvVUtMWkExQ3lKSGd3T0MNCjdSRUVaT3VLcnFnZldjWXQ0ZEdvNXE2Z3FHSEhQTXYwTjdzL014cUN2SkN3R0E4ZUpHdk9PNTZJMzIxdmhXSFE2WlNKRFdVcVFGTS8NClplN0E8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5qb2huQGtvbDwhLS0tLT5pZGUuY288L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89IjQ5ODJiNDMwLTczZTEtNGFkMi04ODVhLTRhNzc1YTkxZjgyMCIgTm90T25PckFmdGVyPSIyMDE3LTA0LTI3VDE1OjA4OjE2Ljc2MFoiIFJlY2lwaWVudD0iaHR0cHM6Ly9sb2NhbGhvc3Q6ODA4MC9hcGkvdjEva29saWRlL3Nzby9jYWxsYmFjayIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE3LTA0LTI3VDE1OjAyOjQ2Ljc2MFoiIE5vdE9uT3JBZnRlcj0iMjAxNy0wNC0yN1QxNTowODoxNi43NjBaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmtvbGlkZTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTctMDQtMjdUMTU6MDM6MTYuNzUwWiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOnVuc3BlY2lmaWVkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idXNlcklkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czphbnlUeXBlIj4wMDU2QTAwMDAwMFE2Umw8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idXNlcm5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOmFueVR5cGUiPmpvaG5Aa29saWRlLmNvPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czphbnlUeXBlIj5qb2huQGtvbGlkZS5jbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJpc19wb3J0YWxfdXNlciIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6YW55VHlwZSI+ZmFsc2U8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=`
|
|
auth, err := DecodeAuthResponse(samlResponse)
|
|
require.Nil(t, err)
|
|
require.NotNil(t, auth)
|
|
info, ok := auth.(*resp)
|
|
require.True(t, ok)
|
|
status, err := info.status()
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, Success, status)
|
|
assert.Equal(t, "john@kol<!---->ide.co", auth.UserID())
|
|
}
|
|
|
|
func TestDecodeSuccessfulGoogleResponse(t *testing.T) {
|
|
samlResponse :=
|
|
`PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwycDpSZXNwb25zZSB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvYXBpL3YxL2tvbGlkZS9zc28vY2FsbGJhY2siIElEPSJfODM1NzlhOTAwOGVmNzI2Zjg3YzUyYWFkNGI2ZGNjMDQiIEluUmVzcG9uc2VUbz0iU0dKaGkxZzVENC9ucE93WGF3OHQ2QT09IiBJc3N1ZUluc3RhbnQ9IjIwMTctMDctMThUMTQ6NDc6MDguMDM1WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9zYW1sMj9pZHBpZD1DMDE3MWJzdGY8L3NhbWwyOklzc3Vlcj48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzUwMDA2MTk5MGFjYzAwNzIzMjg4ODMzYTMyN2NjOTg2IiBJc3N1ZUluc3RhbnQ9IjIwMTctMDctMThUMTQ6NDc6MDguMDM1WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyPmh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL3NhbWwyP2lkcGlkPUMwMTcxYnN0Zjwvc2FtbDI6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHM6UmVmZXJlbmNlIFVSST0iI181MDAwNjE5OTBhY2MwMDcyMzI4ODgzM2EzMjdjYzk4NiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRpZ2VzdFZhbHVlPm5abWdLOVh0anlUN3NCQXBVMHR5WmJVRTRXV013Q3NEejhqNklaRTVJeHc9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkRIZFUrTG5PWC91OEh1angrSXBEbW96dDl1MlJPRDlVVTJPYjVFbDBaakVwQUVTcXlZMlBqOVk0S2QwMUlzRFRmL2dGS0pXT3lWTXoKUFAzaW81UDRlaUE5NnArMGcwWU51TzZpY2tWRjlCSEFKeWpFVDM4QzNwQjk1cmdxVWI3ckxhRDZYZGZBWEZRN2wyZGFsSFM5eUxhLwpLQnRUM2YzeWtZUGI3NE5yQWhpaFY4WjBndlBweVdxQkRnMjNCNzZ0SWVyV24yNkxvb1prUE5YUFRHdi9zeThvY1k1b3o1NnBsS3ZaCk9tVmR3cHp3SDcvN2kvVUVuTnY2c2lzMy9lczBPbW01Z3hlS0xQNDB2V2I5bFRtMUhtdkxUVjNzWmlIWlFRbVV3bWZjc1pMNmd5VkUKZWFKTkRRUDR5T3crdlhLZGV5QWxWQzZqdHQwNk1nWTlWMHpqNWc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5U3ViamVjdE5hbWU+U1Q9Q2FsaWZvcm5pYSxDPVVTLE9VPUdvb2dsZSBGb3IgV29yayxDTj1Hb29nbGUsTD1Nb3VudGFpbiBWaWV3LE89R29vZ2xlIEluYy48L2RzOlg1MDlTdWJqZWN0TmFtZT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURkRENDQWx5Z0F3SUJBZ0lHQVYxU0tlaWpNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Ic3hGREFTQmdOVkJBb1RDMGR2YjJkc1pTQkoKYm1NdU1SWXdGQVlEVlFRSEV3MU5iM1Z1ZEdGcGJpQldhV1YzTVE4d0RRWURWUVFERXdaSGIyOW5iR1V4R0RBV0JnTlZCQXNURDBkdgpiMmRzWlNCR2IzSWdWMjl5YXpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ1RDa05oYkdsbWIzSnVhV0V3SGhjTk1UY3dOekUzCk1qQXdOelF6V2hjTk1qSXdOekUyTWpBd056UXpXakI3TVJRd0VnWURWUVFLRXd0SGIyOW5iR1VnU1c1akxqRVdNQlFHQTFVRUJ4TU4KVFc5MWJuUmhhVzRnVm1sbGR6RVBNQTBHQTFVRUF4TUdSMjl2WjJ4bE1SZ3dGZ1lEVlFRTEV3OUhiMjluYkdVZ1JtOXlJRmR2Y21zeApDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJRXdwRFlXeHBabTl5Ym1saE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXpMWE5uN1ZtSkJrdlZOWUhmZlR6RG9vdy84ZVNrbGF1VmVZamhFTFk2ZHRGdjU2d0FRc0ZOZU1vdkZVUHhQZUcKN0ZjaTUwL0tTdHZvTlpPZEtxWkZDd1lrZkkyc3NYdU1wQlAzN3gyaXByVjdtb1Z3R2RHSmI1MmVsTU5lMERlc2dUUGJKL0lXSXZ6RgozR1l4cVlDSFVsSHV6SkV6QllzZHR2TThUL1BDbEJ4aUxYUk5ibmpvdHpsZUZxYjI1dzNYUmZheU9aZzVHZFFQZUVtY2VXWERCaENhCmVReUVQT3JVVForLy9wWlhTdUtuT3lhRmZFU05GTmd2UUpsWVFRdWtqbmhQdGY2NzRlV1Q2T2RnWkh5cThFQmJaS2ZFaHM1K0tpQU4KVTQzYkRoOXJwVEpDQjdyQUtrMUJGQVczcjcycGdnd045Wi9zZnAvQzVCN3VLQU01aHdJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQQpBNElCQVFBWlh5cGlrYmJSemljaE5YTGRLOTZNL2RvOW5HUzVRM3hWZ0EydXhUem0vNnFOa0FmT1NHU2s4T2NMcnBwUG9uYm9oa2VaCldWbk5CNVZaWmF2YTREb1NaNk9ac3ZLYzFGTTB3S3ZQSmQ4M0tVYjdTeWsxYlY3VGtUOERQRWNsZnNMbm41czVnMG9IbGhzcWtObHkKMFdQRlRBb0dIWFl5T0tHRUFSUG9DL28rWmZnZnZvTU55WmtTUUhpUmJvVlZQMmNUMWNrSnQ0aUNBNjVoTkdYdGUyOWhTR21uWDdRRwpReXJCUnA4bjRVUjlQam9lSXkwdFRDbUcwdHF1L05hY2tGSDRQa2FtWTg0RXR4ZTl1SDBTdG1raElENDZRVFQ0Q3YyK2pxQ2FrbGcrCjdWWXFYYlk2NFdjL2swc0s3V0kxbzNJVkxXQVBOYjhhalY2RW8wWTh1KzFOPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWwyOlN1YmplY3Q+PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+am9obkBlZGlsb2submV0PC9zYW1sMjpOYW1lSUQ+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJTR0poaTFnNUQ0L25wT3dYYXc4dDZBPT0iIE5vdE9uT3JBZnRlcj0iMjAxNy0wNy0xOFQxNDo1MjowOC4wMzVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vbG9jYWxob3N0OjgwODAvYXBpL3YxL2tvbGlkZS9zc28vY2FsbGJhY2siLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNy0wNy0xOFQxNDo0MjowOC4wMzVaIiBOb3RPbk9yQWZ0ZXI9IjIwMTctMDctMThUMTQ6NTI6MDguMDM1WiI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPmtvbGlkZS5lZGlsb2submV0PC9zYW1sMjpBdWRpZW5jZT48L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sMjpDb25kaXRpb25zPjxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJteWF0dHJpYnV0ZSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOmFueVR5cGUiPmpvaG5AZWRpbG9rLm5ldDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWwyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNy0wNy0xOFQxNDozMzo0MS4wMDBaIiBTZXNzaW9uSW5kZXg9Il81MDAwNjE5OTBhY2MwMDcyMzI4ODgzM2EzMjdjYzk4NiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6dW5zcGVjaWZpZWQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+`
|
|
auth, err := DecodeAuthResponse(samlResponse)
|
|
require.Nil(t, err)
|
|
require.NotNil(t, auth)
|
|
info, ok := auth.(*resp)
|
|
require.True(t, ok)
|
|
status, err := info.status()
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, Success, status)
|
|
assert.Equal(t, "john@edilok.net", auth.UserID())
|
|
|
|
}
|