From 3fb6e9d97af71473aa8b340d95827a623917edab Mon Sep 17 00:00:00 2001
From: oleksandrkit <oleksandrkit@softwareplanetgroup.com>
Date: Mon, 9 Sep 2024 18:07:34 +0300
Subject: [PATCH 1/2] Add JWT requirement for metadata endpoint access

---
 src/Resources/Metadata.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Resources/Metadata.php b/src/Resources/Metadata.php
index 51466d4..66d3698 100644
--- a/src/Resources/Metadata.php
+++ b/src/Resources/Metadata.php
@@ -2,9 +2,11 @@
 
 namespace DreamFactory\Core\Saml\Resources;
 
+use DreamFactory\Core\Exceptions\BadRequestException;
 use DreamFactory\Core\Exceptions\InternalServerErrorException;
 use DreamFactory\Core\Saml\Services\SAML;
 use DreamFactory\Core\Utility\ResponseFactory;
+use DreamFactory\Core\Utility\Session as SessionUtilities;
 
 class Metadata extends BaseSamlResource
 {
@@ -15,6 +17,11 @@ class Metadata extends BaseSamlResource
      */
     protected function handleGET()
     {
+        if (!SessionUtilities::isAuthenticated()) {
+            return ResponseFactory::sendException(new BadRequestException(
+                "No session token (JWT) provided. Please provide a valid JWT using X-DreamFactory-Session-Token request header or 'session_token' url query parameter."
+            ));
+        }
         /** @var SAML $service */
         $service = $this->getParent();
         $settings = $service->getAuth()->getSettings();

From 1aa2ec27bfc14aa0d74c4743b12358906154c0a5 Mon Sep 17 00:00:00 2001
From: Kevin McGahey <36458555+thekevinm@users.noreply.github.com>
Date: Mon, 9 Sep 2024 09:32:15 -0700
Subject: [PATCH 2/2] Update Metadata.php

Update auth error content-type to JSON, otherwise the metadata file is specifying XML which interferes with the response.
---
 src/Resources/Metadata.php | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/Resources/Metadata.php b/src/Resources/Metadata.php
index 66d3698..3bb9362 100644
--- a/src/Resources/Metadata.php
+++ b/src/Resources/Metadata.php
@@ -17,10 +17,19 @@ class Metadata extends BaseSamlResource
      */
     protected function handleGET()
     {
+        // Check if the user is authenticated
         if (!SessionUtilities::isAuthenticated()) {
-            return ResponseFactory::sendException(new BadRequestException(
-                "No session token (JWT) provided. Please provide a valid JWT using X-DreamFactory-Session-Token request header or 'session_token' url query parameter."
-            ));
+            // Return a JSON response with the appropriate headers
+            return ResponseFactory::create(
+                [
+                    'error' => [
+                        'code' => 400,
+                        'message' => "No session token (JWT) provided. Please provide a valid JWT using X-DreamFactory-Session-Token request header or 'session_token' url query parameter."
+                    ]
+                ],
+                'application/json', // Set content-type to JSON
+                400 // HTTP status code
+            );
         }
         /** @var SAML $service */
         $service = $this->getParent();
@@ -60,4 +69,4 @@ protected function getApiDocPaths()
 
         return $base;
     }
-}
\ No newline at end of file
+}