Assert that all attribute values have the same type

tvdijen · tvdijen · commit 59575a05dea5 · 2025-12-22T01:22:53.000+01:00
diff --git a/src/XML/saml/Attribute.php b/src/XML/saml/Attribute.php
@@ -18,6 +18,8 @@
 use SimpleSAML\XMLSecurity\Backend\EncryptionBackend;
 use SimpleSAML\XMLSecurity\XML\EncryptableElementInterface;
 
+use function array_unique;
+use function count;
 use function strval;
 
 /**
@@ -65,7 +67,7 @@ public function __construct(
         array $namespacedAttribute = [],
     ) {
         Assert::maxCount($attributeValue, C::UNBOUNDED_LIMIT);
-        Assert::allIsInstanceOf($attributeValue, AttributeValue::class, 'Invalid AttributeValue.');
+        Assert::allIsInstanceOf($attributeValue, AttributeValue::class, InvalidDOMElementException::class);
 
         switch (strval($nameFormat)) {
             case C::NAMEFORMAT_URI:
@@ -82,6 +84,22 @@ public function __construct(
                 break;
         }
 
+        $types = array_map(
+            function(AttributeValue $av) {
+                return $av->getXsiType();
+            },
+            $attributeValue,
+        );
+
+        if ($types !== []) {
+            Assert::same(
+                count(array_unique($types)),
+                1,
+                "All of the <AttributeValue> elements must have the identical datatype assigned.",
+                ProtocolViolationException::class,
+            );
+        }
+
         $this->setAttributesNS($namespacedAttribute);
     }
 
diff --git a/tests/SAML2/XML/saml/AttributeTest.php b/tests/SAML2/XML/saml/AttributeTest.php
@@ -93,9 +93,6 @@ public function testMarshalling(): void
             [
                 new AttributeValue(StringValue::fromString('FirstValue')),
                 new AttributeValue(StringValue::fromString('SecondValue')),
-                new AttributeValue(IntegerValue::fromInteger(3)),
-                new AttributeValue(DateTimeValue::fromString('2024-04-04T04:44:44Z')),
-                new AttributeValue(null),
             ],
             [$attr1, $attr2],
         );
diff --git a/tests/resources/xml/saml_Attribute.xml b/tests/resources/xml/saml_Attribute.xml
@@ -1,7 +1,4 @@
-<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:test="urn:test:something" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" Name="TheName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="TheFriendlyName" test:attr1="testval1" test:attr2="testval2">
+<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:test="urn:test:something" Name="TheName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="TheFriendlyName" test:attr1="testval1" test:attr2="testval2">
   <saml:AttributeValue>FirstValue</saml:AttributeValue>
   <saml:AttributeValue>SecondValue</saml:AttributeValue>
-  <saml:AttributeValue xsi:type="xs:integer">3</saml:AttributeValue>
-  <saml:AttributeValue xsi:type="xs:dateTime">2024-04-04T04:44:44Z</saml:AttributeValue>
-  <saml:AttributeValue xsi:nil="1"/>
 </saml:Attribute>
