chore: merge branch 'fix_is_einfra_assured' into 'main'

Fixes in AuthProc filters See merge request perun-proxy-aai/simplesamlphp/simplesamlphp-module-cesnet!63

chore: merge branch 'fix_is_einfra_assured' into 'main'
db259765 · Dominik František Bučík · 68466dd3 · f7b3bf4a · db259765 · db259765
Commit db259765 authored 1 year ago by Dominik František Bučík
--- a/lib/Auth/Process/ComputeLoA.php
+++ b/lib/Auth/Process/ComputeLoA.php
@@ -40,7 +40,7 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter
    {
        parent::__construct($config, $reserved);
-        if (isset($config['attrName'])) {
+        if (!empty($config['attrName'])) {
            $this->attrName = $config['attrName'];
        } else {
            $this->attrName = self::DEFAULT_ATTR_NAME;
@@ -51,13 +51,13 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter
    {
        assert('is_array($request)');
-        if (isset($request['Attributes'][$this->attrName])) {
+        if (!empty($request['Attributes'][$this->attrName])) {
            return;
        }
        $this->metadata = MetaDataStorageHandler::getMetadataHandler();
        $sourceIdpMeta = $this->metadata->getMetaData($request['saml:sp:IdP'], 'saml20-idp-remote');
-        if (isset($sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category'])) {
+        if (!empty($sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category'])) {
            $entityCategoryAttributes = $sourceIdpMeta['EntityAttributes']['http://macedir.org/entity-category'];
        } else {
            Logger::error('cesnet:ComputeLoA - There are no element with name \'EntityAttributes\' '
@@ -66,7 +66,7 @@ class ComputeLoA extends \SimpleSAML\Auth\ProcessingFilter
            $entityCategoryAttributes = [];
        }
-        if (isset($request['Attributes']['eduPersonScopedAffiliation'])) {
+        if (!empty($request['Attributes']['eduPersonScopedAffiliation'])) {
            $this->eduPersonScopedAffiliation = $request['Attributes']['eduPersonScopedAffiliation'];
        } else {
            Logger::error(

--- a/lib/Auth/Process/IsCesnetEligible.php
+++ b/lib/Auth/Process/IsCesnetEligible.php
@@ -85,7 +85,7 @@ class IsCesnetEligible extends ProcessingFilter
    {
        parent::__construct($config, $reserved);
        $conf = Configuration::loadFromArray($config);
-        if (!isset($config[self::RPC_ATTRIBUTE_NAME]) || empty($config[self::RPC_ATTRIBUTE_NAME])) {
+        if (empty($config[self::RPC_ATTRIBUTE_NAME])) {
            throw new Exception(
                'cesnet:IsCesnetEligible - missing mandatory configuration option \'' . self::RPC_ATTRIBUTE_NAME . '\'.'
            );
@@ -96,13 +96,13 @@ class IsCesnetEligible extends ProcessingFilter
        $this->cesnetLdapConnector = (new AdapterLdap(self::CONFIG_FILE_NAME))->getConnector();
        $this->rpcAdapter = Adapter::getInstance(Adapter::RPC);
-        if (isset($config[self::ATTR_NAME]) && !empty($config[self::ATTR_NAME])) {
+        if (!empty($config[self::ATTR_NAME])) {
            $this->returnAttrName = $config['attrName'];
        }
        if (
-            isset($config[self::INTERFACE_PROPNAME], $config[self::LDAP_ATTRIBUTE_NAME]) &&
+            ($config[self::INTERFACE_PROPNAME] ?? self::RPC) === self::LDAP
-            $config[self::INTERFACE_PROPNAME] === self::LDAP && !empty($config[self::LDAP_ATTRIBUTE_NAME])
+            && !empty($config[self::LDAP_ATTRIBUTE_NAME])
        ) {
            $this->interface = $config[self::INTERFACE_PROPNAME];
            $this->ldapAttrName = $config[self::LDAP_ATTRIBUTE_NAME];
@@ -119,7 +119,7 @@ class IsCesnetEligible extends ProcessingFilter
            $conf->getString(self::PERUN_USER_SPONSORING_ORGANIZATIONS_ATTR_NAME, null);
        $this->userAffiliationsAttrName = $conf->getString(self::PERUN_USER_AFFILIATIONS_ATTR_NAME, null);
-        if (!isset($this->userAffiliationsAttrName, $this->userSponsoringOrganizationsAttrName)) {
+        if (empty($this->userAffiliationsAttrName) || empty($this->userSponsoringOrganizationsAttrName)) {
            Logger::warning(
                'cesnet:IsCesnetEligible - One of attributes [' . $this->userAffiliationsAttrName . ', ' .
                $this->userSponsoringOrganizationsAttrName . '] wasn\'t set!'
@@ -129,7 +129,7 @@ class IsCesnetEligible extends ProcessingFilter
    public function process(&$request)
    {
-        if (isset($request['perun']['user'])) {
+        if (!empty($request['perun']['user'])) {
            $user = $request['perun']['user'];
        } else {
            Logger::debug(
@@ -140,7 +140,7 @@ class IsCesnetEligible extends ProcessingFilter
        }
        $this->idpEntityId = $request['saml:sp:IdP'];
-        if (isset($request['Attributes']['eduPersonScopedAffiliation'])) {
+        if (!empty($request['Attributes']['eduPersonScopedAffiliation'])) {
            $this->eduPersonScopedAffiliation
                = $request['Attributes']['eduPersonScopedAffiliation'];
        } else {
@@ -153,7 +153,7 @@ class IsCesnetEligible extends ProcessingFilter
        if (!empty($user)) {
            if ($this->interface === self::LDAP) {
                $attrs = $this->adapter->getUserAttributes($user, [$this->ldapAttrName]);
-                if (isset($attrs[$this->ldapAttrName][0])) {
+                if (!empty($attrs[$this->ldapAttrName][0])) {
                    $this->cesnetEligibleLastSeenValue = $attrs[$this->ldapAttrName][0];
                }
            } else {

--- a/lib/Auth/Process/IsEinfraCZEligible.php
+++ b/lib/Auth/Process/IsEinfraCZEligible.php
@@ -61,7 +61,7 @@ class IsEinfraCZEligible extends ProcessingFilter
    public function process(&$request)
    {
        $userScopedAffiliations = [];
-        if (isset($request['Attributes'][$this->userAffiliationAttr])) {
+        if (!empty($request['Attributes'][$this->userAffiliationAttr])) {
            $userScopedAffiliations
                = $request['Attributes'][$this->userAffiliationAttr];
        } else {