Skip to content
Snippets Groups Projects

feat: rename greylist to hide_from_discovery

Merged feat: rename greylist to hide_from_discovery
hide_from_discovery into main
Merged Pavel Břoušek requested to merge hide_from_discovery into main
Compare
and
1 file
+ 19
7
Compare changes
  • Side-by-side
  • Inline
lib/Disco.php
+ 19
7
@@ -19,9 +19,9 @@ use SimpleSAML\Utils\HTTP;
@@ -19,9 +19,9 @@ use SimpleSAML\Utils\HTTP;
*
*
* This module extends the DiscoPower IdP disco handler, so it needs to be avaliable and enabled and configured.
* This module extends the DiscoPower IdP disco handler, so it needs to be avaliable and enabled and configured.
*
*
* It adds functionality of greylisting IdPs per SP. for security reasons for blacklisting please manipulate
* Supports hiding IdPs from discovery per SP.
* directly with metadata. In case of manual idps comment them out or in case of automated metadata fetching configure
* If you want to block IdPs, please modify metadata directly.
* blacklist in config-metarefresh.php
* Either remove individual IdPs from metadata or configure metarefresh to skip them in config-metarefresh.php.
*/
*/
class Disco extends PowerIdPDisco
class Disco extends PowerIdPDisco
{
{
@@ -107,8 +107,11 @@ class Disco extends PowerIdPDisco
@@ -107,8 +107,11 @@ class Disco extends PowerIdPDisco
public const METADATA_ADD_INSTITUTION_APP = 'disco.addInstitutionApp';
public const METADATA_ADD_INSTITUTION_APP = 'disco.addInstitutionApp';
 
/** @deprecated */
public const SP_GREYLIST = 'greylist';
public const SP_GREYLIST = 'greylist';
 
public const SP_HIDE_FROM_DISCOVERY = 'hide_from_discovery';
 
public const IDP_ENTITY_ID = 'entityid';
public const IDP_ENTITY_ID = 'entityid';
public const SP_ENTITY_ID = 'entityid';
public const SP_ENTITY_ID = 'entityid';
@@ -658,11 +661,20 @@ class Disco extends PowerIdPDisco
@@ -658,11 +661,20 @@ class Disco extends PowerIdPDisco
protected static function scoping(array $list, array $scopedIDPList): array
protected static function scoping(array $list, array $scopedIDPList): array
{
{
if (!empty($scopedIDPList)) {
if (!empty($scopedIDPList)) {
foreach ($list as $entityId => $idp) {
if (isset($sp[self::SP_HIDE_FROM_DISCOVERY])) {
if (!in_array($entityId, $scopedIDPList, true)) {
$hideFromDiscovery = $sp[self::SP_HIDE_FROM_DISCOVERY];
unset($list[$entityId]);
} elseif (isset($sp[self::SP_GREYLIST])) {
}
Logger::warning(sprintf(
 
'perun:Disco: You are using a deprecated option %s in your SP metadata. Please rename it to %s.',
 
self::SP_GREYLIST,
 
self::SP_HIDE_FROM_DISCOVERY
 
));
 
$hideFromDiscovery = $sp[self::SP_GREYLIST];
 
} else {
 
return $list;
}
}
 
 
return array_diff_key($list, array_flip($hideFromDiscovery));
}
}
return $list;
return $list;