Add ARP santizer (#286)

* Add ARP santizer

* Run PHPCBF

* Fix phpstan

* Make abbreviation a normal word

* Add motivation and unused key

* Change caller to word abbreviation too

* Add filter test case

* Add return type

src/OpenConext/Profile/Tests/Value/ArpTest.php

@@ -27,6 +27,7 @@
 use Surfnet\SamlBundle\SAML2\Attribute\Attribute;
 use Surfnet\SamlBundle\SAML2\Attribute\AttributeDefinition;
 use Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary;
+use function PHPUnit\Framework\assertTrue;
 
 class ArpTest extends TestCase
 {
@@ -96,6 +97,31 @@ public function test_dictionary_usage(): void
         }
     }
 
+    public function test_that_sanitized_arp_data_only_have_the_allowed_keys(): void
+    {
+        $input = ['urn:mace:terena.org:attribute-def:schacHomeOrganization' => [[
+            'invalid-key' => 'foo',
+            'value' => '*',
+            'source' => 'voot',
+            'motivation' => 'foo',
+            'test' => true,
+        ]]];
+
+        $expected = [
+            "value" => "*",
+            "source" => "voot",
+            "motivation" => "foo",
+          ];
+
+        $arp = Arp::createWith($input);
+
+
+        $this->assertTrue(
+            $expected === $arp->getAttributesGroupedBySource()[$expected['source']][0]->getValue()[0]
+        );
+
+    }
+
     public function invalidArpData(): array
     {
         return [

src/OpenConext/Profile/Tests/fixture/arp-response.json

@@ -59,12 +59,14 @@
   ],
   "urn:mace:dir:attribute-def:uid": [
     {
-      "value": "*"
+      "value": "*",
+      "motivation": "my-motivation"
     }
   ],
   "urn:mace:dir:attribute-def:preferredLanguage": [
     {
-      "value": "*"
+      "value": "*",
+      "use_as_name_id": false
     }
   ]
-}
+}

src/OpenConext/Profile/Value/Arp.php

@@ -40,11 +40,11 @@ public static function createWith(
         array $arp,
         AttributeDictionary $dictionary = null,
     ): self {
+
+        $arp = self::sanitizeArpData($arp);
+
         // Input validation
         foreach ($arp as $attributeInformation) {
-            if (!is_array($attributeInformation)) {
-                throw new InvalidArpDataException('The attribute information in the arp should be an array.');
-            }
             if (!self::isValidAttribute($attributeInformation)) {
                 throw new InvalidArpDataException('The attribute information is formatted invalidly.');
             }
@@ -186,4 +186,45 @@ public function getMotivationFor(
         }
         return '';
     }
+
+    /**
+     * Accordingly to https://www.pivotaltracker.com/n/projects/1453004/stories/187607790
+     * the ARP data should only contain the following keys: value, source, motivation.
+     * This function will filter out all other keys, which are to be ignored.
+     *
+     * @param array<string, array<array<string, string>>> $arp
+     * @return array<string, array<array<string, string>>>
+     */
+    private static function sanitizeArpData(
+        array $arp,
+    ): array {
+
+        $validKeys = ['value', 'source', 'motivation'];
+
+        $sanitizedArp = [];
+        foreach ($arp as $attributeName => $attributeInformation) {
+            if (!is_array($attributeInformation)) {
+                throw new InvalidArpDataException('The attribute information in the arp should be an array.');
+            }
+
+            $sanitizedAttributeInformation = [];
+            foreach ($attributeInformation as $attributeInformationEntry) {
+                if (!is_array($attributeInformationEntry)) {
+                    continue;
+                }
+
+                $sanitizedAttributeInformation[] = array_filter(
+                    $attributeInformationEntry,
+                    function ($key) use ($validKeys) {
+                        return in_array($key, $validKeys);
+                    },
+                    ARRAY_FILTER_USE_KEY,
+                );
+            }
+
+            $sanitizedArp[$attributeName] = $sanitizedAttributeInformation;
+        }
+
+        return $sanitizedArp;
+    }
 }