Merge pull request #163 from oat-sa/release/SOLAR-68/tao-3-x-sso

[RELEASE] [SOLAR-68] tao 3 x sso

src/Message/Launch/Validator/AbstractLaunchValidator.php

@@ -51,6 +51,12 @@ abstract class AbstractLaunchValidator implements LaunchValidatorInterface
     /** @var string[] */
     protected $successes = [];
 
+    /** @var bool */
+    protected $isStateValidationRequired = true;
+
+    /** @var bool */
+    protected $isNonceValidationRequired = true;
+
     public function __construct(
         RegistrationRepositoryInterface $registrationRepository,
         NonceRepositoryInterface $nonceRepository,
@@ -78,4 +84,14 @@ protected function reset(): self
 
         return $this;
     }
+
+    public function isStateValidationRequired(): bool
+    {
+        return $this->isStateValidationRequired;
+    }
+
+    public function isNonceValidationRequired(): bool
+    {
+        return $this->isNonceValidationRequired;
+    }
 }

src/Message/Launch/Validator/Tool/ToolLaunchValidator.php

@@ -88,11 +88,19 @@ public function validatePlatformOriginatingLaunch(ServerRequestInterface $reques
                 ->validatePayloadVersion($payload)
                 ->validatePayloadMessageType($payload)
                 ->validatePayloadRoles($payload)
-                ->validatePayloadUserIdentifier($payload)
-                ->validatePayloadNonce($payload)
+                ->validatePayloadUserIdentifier($payload);
+
+            if ($this->isNonceValidationRequired()) {
+                $this->validatePayloadNonce($payload);
+            }
+
+            $this
                 ->validatePayloadDeploymentId($registration, $payload)
-                ->validatePayloadLaunchMessageTypeSpecifics($payload)
-                ->validateStateToken($registration, $state);
+                ->validatePayloadLaunchMessageTypeSpecifics($payload);
+
+            if ($this->isStateValidationRequired()) {
+                $this->validateStateToken($registration, $state);
+            }
 
             return new LaunchValidationResult($registration, $payload, $state, $this->successes);
 

tests/Integration/Message/Launch/Validator/Tool/ToolLaunchValidatorTest.php

@@ -23,6 +23,7 @@
 namespace OAT\Library\Lti1p3Core\Tests\Integration\Message\Launch\Validator\Tool;
 
 use Carbon\Carbon;
+use OAT\Library\Lti1p3Core\Exception\LtiExceptionInterface;
 use OAT\Library\Lti1p3Core\Message\Launch\Builder\PlatformOriginatingLaunchBuilder;
 use OAT\Library\Lti1p3Core\Message\Launch\Validator\Result\LaunchValidationResultInterface;
 use OAT\Library\Lti1p3Core\Message\Launch\Validator\Tool\ToolLaunchValidator;
@@ -40,6 +41,7 @@
 use OAT\Library\Lti1p3Core\Tests\Traits\OidcTestingTrait;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\ServerRequestInterface;
+use ReflectionProperty;
 
 class ToolLaunchValidatorTest extends TestCase
 {
@@ -93,7 +95,6 @@ public function testGetSupportedMessageTypes(): void
             $this->subject->getSupportedMessageTypes()
         );
     }
-
     public function testValidatePlatformOriginatingLaunchForLtiResourceLinkSuccess(): void
     {
         $message = $this->builder->buildPlatformOriginatingLaunch(
@@ -135,6 +136,62 @@ public function testValidatePlatformOriginatingLaunchForLtiResourceLinkSuccess()
         $this->assertEquals('identifier', $result->getPayload()->getResourceLink()->getIdentifier());
     }
 
+    /**
+     * @throws LtiExceptionInterface
+     */
+    public function testValidatePlatformOriginatingLaunchWithoutNonceAndStateValidationsLinkSuccess(): void
+    {
+        $isStateValidationRequiredProperty = new ReflectionProperty(
+            ToolLaunchValidator::class,
+            "isStateValidationRequired"
+        );
+        $isStateValidationRequiredProperty->setAccessible(true);
+        $isStateValidationRequiredProperty->setValue($this->subject, false);
+
+        $isNonceValidationRequiredProperty = new ReflectionProperty(
+            ToolLaunchValidator::class,
+            "isNonceValidationRequired"
+        );
+        $isNonceValidationRequiredProperty->setAccessible(true);
+        $isNonceValidationRequiredProperty->setValue($this->subject, false);
+
+        $message = $this->builder->buildPlatformOriginatingLaunch(
+            $this->registration,
+            LtiMessageInterface::LTI_MESSAGE_TYPE_RESOURCE_LINK_REQUEST,
+            $this->registration->getTool()->getLaunchUrl(),
+            'loginHint',
+            null,
+            [],
+            [
+                new ResourceLinkClaim('identifier')
+            ]
+        );
+
+        $result = $this->subject->validatePlatformOriginatingLaunch($this->buildOidcFlowRequest($message));
+
+        $this->assertInstanceOf(LaunchValidationResultInterface::class, $result);
+        $this->assertFalse($result->hasError());
+
+        $this->verifyJwt($result->getPayload()->getToken(), $this->registration->getPlatformKeyChain()->getPublicKey());
+        $this->verifyJwt($result->getState()->getToken(), $this->registration->getToolKeyChain()->getPublicKey());
+
+        $this->assertEquals(
+            [
+                'ID token kid header is provided',
+                'ID token validation success',
+                'ID token version claim is valid',
+                'ID token message_type claim is valid',
+                'ID token roles claim is valid',
+                'ID token user identifier (sub) claim is valid',
+                'ID token deployment_id claim valid for this registration',
+                'ID token message type claim LtiResourceLinkRequest requirements are valid',
+            ],
+            $result->getSuccesses()
+        );
+
+        $this->assertEquals('identifier', $result->getPayload()->getResourceLink()->getIdentifier());
+    }
+
     public function testValidatePlatformOriginatingLaunchForDeepLinkingSuccess(): void
     {
         $message = $this->builder->buildPlatformOriginatingLaunch(