Add test for invalid audience exception

Makes debugging issues far easier, also I adjusted the code in the `in_array` here to use a strict comparison. Signed-off-by: Lukas Reschke <[email protected]>
DINKIN · Feb 14, 2017 · 0fa037c · 0fa037c
1 parent 4210bc8
commit 0fa037c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/lib/Saml2/Response.php b/lib/Saml2/Response.php
@@ -243,9 +243,13 @@ public function isValid($requestId = null)
 
                 // Check audience
                 $validAudiences = $this->getAudiences();
-                if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences)) {
+                if (!empty($validAudiences) && !in_array($spEntityId, $validAudiences, true)) {
                     throw new OneLogin_Saml2_ValidationError(
-                        "$spEntityId is not a valid audience for this Response",
+                        sprintf(
+                            "Invalid audience for this Response (expected '%s', got '%s')",
+                            $spEntityId,
+                            implode(',', $validAudiences)
+                        ),
                         OneLogin_Saml2_ValidationError::WRONG_AUDIENCE
                     );
                 }

diff --git a/tests/src/OneLogin/Saml2/ResponseTest.php b/tests/src/OneLogin/Saml2/ResponseTest.php
@@ -915,7 +915,7 @@ public function testIsInValidAudience()
         $response2 = new OneLogin_Saml2_Response($this->_settings, $message);
 
         $this->assertFalse($response2->isValid());
-        $this->assertContains('is not a valid audience for this Response', $response2->getError());
+        $this->assertSame('Invalid audience for this Response (expected \'http://stuff.com/endpoints/metadata.php\', got \'http://invalid.audience.com\')', $response2->getError());
     }
 
     /**