Skip to content
Snippets Groups Projects
Commit db259765 authored by Dominik František Bučík's avatar Dominik František Bučík
Browse files

chore: merge branch 'fix_is_einfra_assured' into 'main'

Fixes in AuthProc filters

See merge request perun-proxy-aai/simplesamlphp/simplesamlphp-module-cesnet!63
parents 68466dd3 f7b3bf4a
No related branches found
No related tags found
1 merge request!63Fixes in AuthProc filters
Pipeline #354763 passed with warnings
...@@ -40,7 +40,7 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter ...@@ -40,7 +40,7 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter
{ {
parent::__construct($config, $reserved); parent::__construct($config, $reserved);
if (isset($config['attrName'])) { if (!empty($config['attrName'])) {
$this->attrName = $config['attrName']; $this->attrName = $config['attrName'];
} else { } else {
$this->attrName = self::DEFAULT_ATTR_NAME; $this->attrName = self::DEFAULT_ATTR_NAME;
...@@ -51,13 +51,13 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter ...@@ -51,13 +51,13 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter
{ {
assert('is_array($request)'); assert('is_array($request)');
if (isset($request['Attributes'][$this->attrName])) { if (!empty($request['Attributes'][$this->attrName])) {
return; return;
} }
$this->metadata = MetaDataStorageHandler::getMetadataHandler(); $this->metadata = MetaDataStorageHandler::getMetadataHandler();
$sourceIdpMeta = $this->metadata->getMetaData($request['saml:sp:IdP'], 'saml20-idp-remote'); $sourceIdpMeta = $this->metadata->getMetaData($request['saml:sp:IdP'], 'saml20-idp-remote');
if (isset($sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category'])) { if (!empty($sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category'])) {
$entityCategoryAttributes = $sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category']; $entityCategoryAttributes = $sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category'];
} else { } else {
Logger::error('cesnet:ComputeLoA - There are no element with name \'EntityAttributes\' ' Logger::error('cesnet:ComputeLoA - There are no element with name \'EntityAttributes\' '
...@@ -66,7 +66,7 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter ...@@ -66,7 +66,7 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter
$entityCategoryAttributes = []; $entityCategoryAttributes = [];
} }
if (isset($request['Attributes']['eduPersonScopedAffiliation'])) { if (!empty($request['Attributes']['eduPersonScopedAffiliation'])) {
$this->eduPersonScopedAffiliation = $request['Attributes']['eduPersonScopedAffiliation']; $this->eduPersonScopedAffiliation = $request['Attributes']['eduPersonScopedAffiliation'];
} else { } else {
Logger::error( Logger::error(
......
...@@ -85,7 +85,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -85,7 +85,7 @@ class IsCesnetEligible extends ProcessingFilter
{ {
parent::__construct($config, $reserved); parent::__construct($config, $reserved);
$conf = Configuration::loadFromArray($config); $conf = Configuration::loadFromArray($config);
if (!isset($config[self::RPC_ATTRIBUTE_NAME]) || empty($config[self::RPC_ATTRIBUTE_NAME])) { if (empty($config[self::RPC_ATTRIBUTE_NAME])) {
throw new Exception( throw new Exception(
'cesnet:IsCesnetEligible - missing mandatory configuration option \'' . self::RPC_ATTRIBUTE_NAME . '\'.' 'cesnet:IsCesnetEligible - missing mandatory configuration option \'' . self::RPC_ATTRIBUTE_NAME . '\'.'
); );
...@@ -96,13 +96,13 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -96,13 +96,13 @@ class IsCesnetEligible extends ProcessingFilter
$this->cesnetLdapConnector = (new AdapterLdap(self::CONFIG_FILE_NAME))->getConnector(); $this->cesnetLdapConnector = (new AdapterLdap(self::CONFIG_FILE_NAME))->getConnector();
$this->rpcAdapter = Adapter::getInstance(Adapter::RPC); $this->rpcAdapter = Adapter::getInstance(Adapter::RPC);
if (isset($config[self::ATTR_NAME]) && !empty($config[self::ATTR_NAME])) { if (!empty($config[self::ATTR_NAME])) {
$this->returnAttrName = $config['attrName']; $this->returnAttrName = $config['attrName'];
} }
if ( if (
isset($config[self::INTERFACE_PROPNAME], $config[self::LDAP_ATTRIBUTE_NAME]) && ($config[self::INTERFACE_PROPNAME] ?? self::RPC) === self::LDAP
$config[self::INTERFACE_PROPNAME] === self::LDAP && !empty($config[self::LDAP_ATTRIBUTE_NAME]) && !empty($config[self::LDAP_ATTRIBUTE_NAME])
) { ) {
$this->interface = $config[self::INTERFACE_PROPNAME]; $this->interface = $config[self::INTERFACE_PROPNAME];
$this->ldapAttrName = $config[self::LDAP_ATTRIBUTE_NAME]; $this->ldapAttrName = $config[self::LDAP_ATTRIBUTE_NAME];
...@@ -119,7 +119,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -119,7 +119,7 @@ class IsCesnetEligible extends ProcessingFilter
$conf->getString(self::PERUN_USER_SPONSORING_ORGANIZATIONS_ATTR_NAME, null); $conf->getString(self::PERUN_USER_SPONSORING_ORGANIZATIONS_ATTR_NAME, null);
$this->userAffiliationsAttrName = $conf->getString(self::PERUN_USER_AFFILIATIONS_ATTR_NAME, null); $this->userAffiliationsAttrName = $conf->getString(self::PERUN_USER_AFFILIATIONS_ATTR_NAME, null);
if (!isset($this->userAffiliationsAttrName, $this->userSponsoringOrganizationsAttrName)) { if (empty($this->userAffiliationsAttrName) || empty($this->userSponsoringOrganizationsAttrName)) {
Logger::warning( Logger::warning(
'cesnet:IsCesnetEligible - One of attributes [' . $this->userAffiliationsAttrName . ', ' . 'cesnet:IsCesnetEligible - One of attributes [' . $this->userAffiliationsAttrName . ', ' .
$this->userSponsoringOrganizationsAttrName . '] wasn\'t set!' $this->userSponsoringOrganizationsAttrName . '] wasn\'t set!'
...@@ -129,7 +129,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -129,7 +129,7 @@ class IsCesnetEligible extends ProcessingFilter
public function process(&$request) public function process(&$request)
{ {
if (isset($request['perun']['user'])) { if (!empty($request['perun']['user'])) {
$user = $request['perun']['user']; $user = $request['perun']['user'];
} else { } else {
Logger::debug( Logger::debug(
...@@ -140,7 +140,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -140,7 +140,7 @@ class IsCesnetEligible extends ProcessingFilter
} }
$this->idpEntityId = $request['saml:sp:IdP']; $this->idpEntityId = $request['saml:sp:IdP'];
if (isset($request['Attributes']['eduPersonScopedAffiliation'])) { if (!empty($request['Attributes']['eduPersonScopedAffiliation'])) {
$this->eduPersonScopedAffiliation $this->eduPersonScopedAffiliation
= $request['Attributes']['eduPersonScopedAffiliation']; = $request['Attributes']['eduPersonScopedAffiliation'];
} else { } else {
...@@ -153,7 +153,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -153,7 +153,7 @@ class IsCesnetEligible extends ProcessingFilter
if (!empty($user)) { if (!empty($user)) {
if ($this->interface === self::LDAP) { if ($this->interface === self::LDAP) {
$attrs = $this->adapter->getUserAttributes($user, [$this->ldapAttrName]); $attrs = $this->adapter->getUserAttributes($user, [$this->ldapAttrName]);
if (isset($attrs[$this->ldapAttrName][0])) { if (!empty($attrs[$this->ldapAttrName][0])) {
$this->cesnetEligibleLastSeenValue = $attrs[$this->ldapAttrName][0]; $this->cesnetEligibleLastSeenValue = $attrs[$this->ldapAttrName][0];
} }
} else { } else {
......
...@@ -61,7 +61,7 @@ class IsEinfraCZEligible extends ProcessingFilter ...@@ -61,7 +61,7 @@ class IsEinfraCZEligible extends ProcessingFilter
public function process(&$request) public function process(&$request)
{ {
$userScopedAffiliations = []; $userScopedAffiliations = [];
if (isset($request['Attributes'][$this->userAffiliationAttr])) { if (!empty($request['Attributes'][$this->userAffiliationAttr])) {
$userScopedAffiliations $userScopedAffiliations
= $request['Attributes'][$this->userAffiliationAttr]; = $request['Attributes'][$this->userAffiliationAttr];
} else { } else {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment