Skip to content

Commit 34b0403

Browse files
committed
Enforce the use of a synchronous binding
1 parent 04085d3 commit 34b0403

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

src/Controller/AttributeServer.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
use SimpleSAML\HTTP\RunnableResponse;
1111
use SimpleSAML\Metadata\MetaDataStorageHandler;
1212
use SimpleSAML\SAML2\Binding;
13-
use SimpleSAML\SAML2\Binding\HTTPPost;
13+
use SimpleSAML\SAML2\Binding\{SynchronousBindingException, HTTPPost};
1414
use SimpleSAML\SAML2\Constants as C;
1515
use SimpleSAML\SAML2\Utils as SAML2_Utils;
1616
use SimpleSAML\SAML2\XML\saml\{
@@ -89,6 +89,10 @@ public function main(/** @scrutinizer ignore-unused */ Request $request): Runnab
8989
$psrRequest = $psrHttpFactory->createRequest($request);
9090

9191
$binding = Binding::getCurrentBinding($psrRequest);
92+
if (!($binding instanceof SynchronousBindingInterface)) {
93+
throw new Error\BadRequest('Invalid binding; MUST use a synchronous binding.');
94+
}
95+
9296
$message = $binding->receive($psrRequest);
9397
if (!($message instanceof AttributeQuery)) {
9498
throw new Error\BadRequest('Invalid message received to AttributeQuery endpoint.');
@@ -222,7 +226,6 @@ public function main(/** @scrutinizer ignore-unused */ Request $request): Runnab
222226

223227
self::addSign($idpMetadata, $spMetadata, $response);
224228

225-
/** @var \SimpleSAML\SAML2\Binding\HTTPPost $httpPost */
226229
$httpPost = new HTTPPost();
227230
$httpPost->setRelayState($binding->getRelayState());
228231

0 commit comments

Comments
 (0)