diff --git a/composer.json b/composer.json index 1bb7fc0a864d8d706a3246df8f7e7786657080cd..9512ba875e581cfa6603a26e47daf695c8151787 100644 --- a/composer.json +++ b/composer.json @@ -86,7 +86,7 @@ "symfony/routing": "^3.4 || ^4.0", "symfony/yaml": "^3.4 || ^4.0", "twig/twig": "~1.0 || ~2.0", - "webmozart/assert": "~1.4", + "webmozart/assert": "~1.5", "whitehat101/apr1-md5": "~1.0" }, "require-dev": { diff --git a/lib/SimpleSAML/Auth/ProcessingChain.php b/lib/SimpleSAML/Auth/ProcessingChain.php index 3ba249ecf344123c3f921b98d42c83646c23ef19..468940c71c41aa5be1d5a92eac6c468b90020139 100644 --- a/lib/SimpleSAML/Auth/ProcessingChain.php +++ b/lib/SimpleSAML/Auth/ProcessingChain.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Class for implementing authentication processing chains for IdPs. @@ -58,8 +59,8 @@ class ProcessingChain */ public function __construct($idpMetadata, $spMetadata, $mode = 'idp') { - assert(is_array($idpMetadata)); - assert(is_array($spMetadata)); + Assert::isArray($idpMetadata); + Assert::isArray($spMetadata); $this->filters = []; @@ -192,9 +193,9 @@ class ProcessingChain */ public function processState(&$state) { - assert(is_array($state)); - assert(array_key_exists('ReturnURL', $state) || array_key_exists('ReturnCall', $state)); - assert(!array_key_exists('ReturnURL', $state) || !array_key_exists('ReturnCall', $state)); + Assert::isArray($state); + Assert::true(array_key_exists('ReturnURL', $state) || array_key_exists('ReturnCall', $state)); + Assert::true(!array_key_exists('ReturnURL', $state) || !array_key_exists('ReturnCall', $state)); $state[self::FILTERS_INDEX] = $this->filters; @@ -238,7 +239,7 @@ class ProcessingChain */ public static function resumeProcessing($state) { - assert(is_array($state)); + Assert::isArray($state); while (count($state[self::FILTERS_INDEX]) > 0) { $filter = array_shift($state[self::FILTERS_INDEX]); @@ -254,8 +255,8 @@ class ProcessingChain // Completed - assert(array_key_exists('ReturnURL', $state) || array_key_exists('ReturnCall', $state)); - assert(!array_key_exists('ReturnURL', $state) || !array_key_exists('ReturnCall', $state)); + Assert::true(array_key_exists('ReturnURL', $state) || array_key_exists('ReturnCall', $state)); + Assert::true(!array_key_exists('ReturnURL', $state) || !array_key_exists('ReturnCall', $state)); if (array_key_exists('ReturnURL', $state)) { @@ -272,10 +273,10 @@ class ProcessingChain State::deleteState($state); $func = $state['ReturnCall']; - assert(is_callable($func)); + Assert::isCallable($func); call_user_func($func, $state); - assert(false); + Assert::true(false); } } @@ -293,9 +294,9 @@ class ProcessingChain */ public function processStatePassive(&$state) { - assert(is_array($state)); + Assert::isArray($state); // Should not be set when calling this method - assert(!array_key_exists('ReturnURL', $state)); + Assert::keyNotExists($state, 'ReturnURL'); // Notify filters about passive request $state['isPassive'] = true; @@ -330,7 +331,7 @@ class ProcessingChain */ public static function fetchProcessedState($id) { - assert(is_string($id)); + Assert::string($id); return State::loadState($id, self::COMPLETED_STAGE); } @@ -343,7 +344,7 @@ class ProcessingChain */ private static function addUserID(array &$state) { - assert(array_key_exists('Attributes', $state)); + Assert::keyExists($state, 'Attributes'); if (isset($state['Destination']['userid.attribute'])) { $attributeName = $state['Destination']['userid.attribute']; diff --git a/lib/SimpleSAML/Auth/ProcessingFilter.php b/lib/SimpleSAML/Auth/ProcessingFilter.php index 964e63e1a7884b8800b47427e12428ec9f661780..8622b987bccb17d720551d0e5c9edbd9c3dcf62f 100644 --- a/lib/SimpleSAML/Auth/ProcessingFilter.php +++ b/lib/SimpleSAML/Auth/ProcessingFilter.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Auth; +use Webmozart\Assert\Assert; + /** * Base class for authentication processing filters. * @@ -47,7 +49,7 @@ abstract class ProcessingFilter */ public function __construct(&$config, $reserved) { - assert(is_array($config)); + Assert::isArray($config); if (array_key_exists('%priority', $config)) { $this->priority = $config['%priority']; diff --git a/lib/SimpleSAML/Auth/Simple.php b/lib/SimpleSAML/Auth/Simple.php index ac9e5afe8a1ba01b9273e16b3725460230bdd1ba..652fcdc7f4a3af06e7b29092dc8ee38e04e7920a 100644 --- a/lib/SimpleSAML/Auth/Simple.php +++ b/lib/SimpleSAML/Auth/Simple.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\Module; use SimpleSAML\Session; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Helper class for simple authentication applications. @@ -41,7 +42,7 @@ class Simple */ public function __construct($authSource, Configuration $config = null, Session $session = null) { - assert(is_string($authSource)); + Assert::string($authSource); if ($config === null) { $config = Configuration::getInstance(); @@ -167,7 +168,7 @@ class Simple $as = $this->getAuthSource(); $as->initLogin($returnTo, $errorURL, $params); - assert(false); + Assert::true(false); } @@ -189,7 +190,7 @@ class Simple */ public function logout($params = null) { - assert(is_array($params) || is_string($params) || $params === null); + Assert::true(is_array($params) || is_string($params) || $params === null); if ($params === null) { $params = Utils\HTTP::getSelfURL(); @@ -201,11 +202,11 @@ class Simple ]; } - assert(is_array($params)); - assert(isset($params['ReturnTo']) || isset($params['ReturnCallback'])); + Assert::isArray($params); + Assert::true(isset($params['ReturnTo']) || isset($params['ReturnCallback'])); if (isset($params['ReturnStateParam']) || isset($params['ReturnStateStage'])) { - assert(isset($params['ReturnStateParam'], $params['ReturnStateStage'])); + Assert::true(isset($params['ReturnStateParam'], $params['ReturnStateStage'])); } if ($this->session->isValid($this->authSource)) { @@ -238,16 +239,16 @@ class Simple */ public static function logoutCompleted($state) { - assert(is_array($state)); - assert(isset($state['ReturnTo']) || isset($state['ReturnCallback'])); + Assert::isArray($state); + Assert::true(isset($state['ReturnTo']) || isset($state['ReturnCallback'])); if (isset($state['ReturnCallback'])) { call_user_func($state['ReturnCallback'], $state); - assert(false); + Assert::true(false); } else { $params = []; if (isset($state['ReturnStateParam']) || isset($state['ReturnStateStage'])) { - assert(isset($state['ReturnStateParam'], $state['ReturnStateStage'])); + Assert::true(isset($state['ReturnStateParam'], $state['ReturnStateStage'])); $stateID = State::saveState($state, $state['ReturnStateStage']); $params[$state['ReturnStateParam']] = $stateID; } @@ -285,7 +286,7 @@ class Simple */ public function getAuthData($name) { - assert(is_string($name)); + Assert::string($name); if (!$this->isAuthenticated()) { return null; @@ -320,7 +321,7 @@ class Simple */ public function getLoginURL($returnTo = null) { - assert($returnTo === null || is_string($returnTo)); + Assert::nullOrString($returnTo); if ($returnTo === null) { $returnTo = Utils\HTTP::getSelfURL(); @@ -345,7 +346,7 @@ class Simple */ public function getLogoutURL($returnTo = null) { - assert($returnTo === null || is_string($returnTo)); + Assert::nullOrString($returnTo); if ($returnTo === null) { $returnTo = Utils\HTTP::getSelfURL(); diff --git a/lib/SimpleSAML/Auth/Source.php b/lib/SimpleSAML/Auth/Source.php index b818ccc9d2c8b06c54202fd20937853c17dcee65..9f1acd989a27bfb86b559debe15070a4849b2f47 100644 --- a/lib/SimpleSAML/Auth/Source.php +++ b/lib/SimpleSAML/Auth/Source.php @@ -10,6 +10,7 @@ use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Session; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This class defines a base class for authentication source. @@ -42,10 +43,10 @@ abstract class Source */ public function __construct($info, &$config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); + Assert::keyExists($info, 'AuthId'); - assert(array_key_exists('AuthId', $info)); $this->authId = $info['AuthId']; } @@ -60,7 +61,7 @@ abstract class Source */ public static function getSourcesOfType($type) { - assert(is_string($type)); + Assert::string($type); $config = Configuration::getConfig('authsources.php'); @@ -123,7 +124,7 @@ abstract class Source */ public function reauthenticate(array &$state) { - assert(isset($state['ReturnCallback'])); + Assert::notNull($state['ReturnCallback']); // the default implementation just copies over the previous authentication data $session = Session::getSessionFromRequest(); @@ -150,16 +151,16 @@ abstract class Source */ public static function completeAuth(&$state) { - assert(is_array($state)); - assert(array_key_exists('LoginCompletedHandler', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'LoginCompletedHandler'); State::deleteState($state); $func = $state['LoginCompletedHandler']; - assert(is_callable($func)); + Assert::isCallable($func); call_user_func($func, $state); - assert(false); + Assert::true(false); } @@ -179,8 +180,8 @@ abstract class Source */ public function initLogin($return, $errorURL = null, array $params = []) { - assert(is_string($return) || is_array($return)); - assert(is_string($errorURL) || $errorURL === null); + Assert::True(is_string($return) || is_array($return)); + Assert::nullOrString($errorURL); $state = array_merge($params, [ '\SimpleSAML\Auth\DefaultAuth.id' => $this->authId, // TODO: remove in 2.0 @@ -228,11 +229,11 @@ abstract class Source */ public static function loginCompleted($state) { - assert(is_array($state)); - assert(array_key_exists('\SimpleSAML\Auth\Source.Return', $state)); - assert(array_key_exists('\SimpleSAML\Auth\Source.id', $state)); - assert(array_key_exists('Attributes', $state)); - assert(!array_key_exists('LogoutState', $state) || is_array($state['LogoutState'])); + Assert::isArray($state); + Assert::keyExists($state, '\SimpleSAML\Auth\Source.Return'); + Assert::keyExists($state, '\SimpleSAML\Auth\Source.id'); + Assert::keyExists($state, 'Attributes'); + Assert::true(!array_key_exists('LogoutState', $state) || is_array($state['LogoutState'])); $return = $state['\SimpleSAML\Auth\Source.Return']; @@ -247,7 +248,7 @@ abstract class Source } else { call_user_func($return, $state); } - assert(false); + Assert::true(false); } @@ -267,7 +268,7 @@ abstract class Source */ public function logout(&$state) { - assert(is_array($state)); + Assert::isArray($state); // default logout handler which doesn't do anything } @@ -284,16 +285,16 @@ abstract class Source */ public static function completeLogout(&$state) { - assert(is_array($state)); - assert(array_key_exists('LogoutCompletedHandler', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'LogoutCompletedHandler'); State::deleteState($state); $func = $state['LogoutCompletedHandler']; - assert(is_callable($func)); + Assert::isCallable($func); call_user_func($func, $state); - assert(false); + Assert::true(false); } @@ -361,8 +362,8 @@ abstract class Source */ public static function getById($authId, $type = null) { - assert(is_string($authId)); - assert($type === null || is_string($type)); + Assert::string($authId); + Assert::nullOrString($type); // for now - load and parse config file $config = Configuration::getConfig('authsources.php'); @@ -401,8 +402,8 @@ abstract class Source */ public static function logoutCallback($state) { - assert(is_array($state)); - assert(array_key_exists('\SimpleSAML\Auth\Source.logoutSource', $state)); + Assert::isArray($state); + Assert::keyExists($state, '\SimpleSAML\Auth\Source.logoutSource'); $source = $state['\SimpleSAML\Auth\Source.logoutSource']; @@ -434,8 +435,8 @@ abstract class Source */ protected function addLogoutCallback($assoc, $state) { - assert(is_string($assoc)); - assert(is_array($state)); + Assert::string($assoc); + Assert::isArray($state); if (!array_key_exists('LogoutCallback', $state)) { // the authentication requester doesn't have a logout callback @@ -479,7 +480,7 @@ abstract class Source */ protected function callLogoutCallback($assoc) { - assert(is_string($assoc)); + Assert::string($assoc); $id = strlen($this->authId) . ':' . $this->authId . $assoc; @@ -493,9 +494,9 @@ abstract class Source return; } - assert(is_array($data)); - assert(array_key_exists('callback', $data)); - assert(array_key_exists('state', $data)); + Assert::isArray($data); + Assert::keyExists($data, 'callback'); + Assert::keyExists($data, 'state'); $callback = $data['callback']; $callbackState = $data['state']; diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php index 2a298356d0569a8595187a7308b122ef5451dea6..4821b8d0ffbd4f47a529bcb6d17f4e73687f2851 100644 --- a/lib/SimpleSAML/Auth/State.php +++ b/lib/SimpleSAML/Auth/State.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Session; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This is a helper class for saving and loading state information. @@ -155,8 +156,8 @@ class State */ public static function getStateId(&$state, $rawId = false) { - assert(is_array($state)); - assert(is_bool($rawId)); + Assert::isArray($state); + Assert::boolean($rawId); if (!array_key_exists(self::ID, $state)) { $state[self::ID] = Utils\Random::generateID(); @@ -204,9 +205,9 @@ class State */ public static function saveState(&$state, $stage, $rawId = false) { - assert(is_array($state)); - assert(is_string($stage)); - assert(is_bool($rawId)); + Assert::isArray($state); + Assert::string($stage); + Assert::boolean($rawId); $return = self::getStateId($state, $rawId); $id = $state[self::ID]; @@ -269,9 +270,9 @@ class State */ public static function loadState($id, $stage, $allowMissing = false) { - assert(is_string($id)); - assert(is_string($stage)); - assert(is_bool($allowMissing)); + Assert::string($id); + Assert::string($stage); + Assert::boolean($allowMissing); Logger::debug('Loading state: ' . var_export($id, true)); $sid = self::parseStateID($id); @@ -293,9 +294,9 @@ class State } $state = unserialize($state); - assert(is_array($state)); - assert(array_key_exists(self::ID, $state)); - assert(array_key_exists(self::STAGE, $state)); + Assert::isArray($state); + Assert::keyExists($state, self::ID); + Assert::keyExists($state, self::STAGE); // Verify stage if ($state[self::STAGE] !== $stage) { @@ -330,7 +331,7 @@ class State */ public static function deleteState(&$state) { - assert(is_array($state)); + Assert::isArray($state); if (!array_key_exists(self::ID, $state)) { // This state hasn't been saved @@ -355,7 +356,7 @@ class State */ public static function throwException($state, Error\Exception $exception) { - assert(is_array($state)); + Assert::isArray($state); if (array_key_exists(self::EXCEPTION_HANDLER_URL, $state)) { // Save the exception @@ -370,10 +371,10 @@ class State } elseif (array_key_exists(self::EXCEPTION_HANDLER_FUNC, $state)) { // Call the exception handler $func = $state[self::EXCEPTION_HANDLER_FUNC]; - assert(is_callable($func)); + Assert::isCallable($func); call_user_func($func, $exception, $state); - assert(false); + Assert::true(false); } else { /* * No exception handler is defined for the current state. @@ -393,7 +394,7 @@ class State */ public static function loadExceptionState($id = null) { - assert(is_string($id) || $id === null); + Assert::nullOrString($id); if ($id === null) { if (!array_key_exists(self::EXCEPTION_PARAM, $_REQUEST)) { @@ -405,7 +406,7 @@ class State /** @var array $state */ $state = self::loadState($id, self::EXCEPTION_STAGE); - assert(array_key_exists(self::EXCEPTION_DATA, $state)); + Assert::keyExists($state, self::EXCEPTION_DATA); return $state; } diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php index cc37699003620c0c4f675d4e92ac07bc2128f493..f1b6741c6904bdedc453964579d9ca280df42828 100644 --- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php +++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php @@ -15,6 +15,7 @@ use SAML2\DOMDocumentFactory; use SimpleSAML\Configuration; use SimpleSAML\Error; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; class Artifact { @@ -28,7 +29,7 @@ class Artifact */ private static function getArtifacts(): array { - assert(array_key_exists('QUERY_STRING', $_SERVER)); + Assert::keyExists($_SERVER, 'QUERY_STRING'); // We need to process the query string manually, to capture all SAMLart parameters diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php index 594c079d3d1117e6b8e4206d4a46d03e94eebf06..82e491ad4dba74236797b2951a561c2a58f26515 100644 --- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php +++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php @@ -18,6 +18,7 @@ use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Utils; use SimpleSAML\XML\Shib13\AuthnResponse; use SimpleSAML\XML\Signer; +use Webmozart\Assert\Assert; class HTTPPost { @@ -105,7 +106,7 @@ class HTTPPost // sign the response - this must be done after encrypting the assertion // we insert the signature before the saml2p:Status element $statusElements = Utils\XML::getDOMChildren($responseroot, 'Status', '@saml1p'); - assert(count($statusElements) === 1); + Assert::same(count($statusElements), 1); $signer->sign($responseroot, $responseroot, $statusElements[0]); } else { // Sign the assertion @@ -132,7 +133,7 @@ class HTTPPost */ public function decodeResponse($post) { - assert(is_array($post)); + Assert::isArray($post); if (!array_key_exists('SAMLResponse', $post)) { throw new \Exception('Missing required SAMLResponse parameter.'); diff --git a/lib/SimpleSAML/Configuration.php b/lib/SimpleSAML/Configuration.php index aa05a86607711b007b3ede4b9a56a87c3c702191..7a58db7c38be548de8dde35a30903e499a008a9e 100644 --- a/lib/SimpleSAML/Configuration.php +++ b/lib/SimpleSAML/Configuration.php @@ -7,6 +7,7 @@ namespace SimpleSAML; use SAML2\Constants; use SimpleSAML\Error; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Configuration of SimpleSAMLphp @@ -93,8 +94,8 @@ class Configuration implements Utils\ClearableState */ public function __construct($config, $location) { - assert(is_array($config)); - assert(is_string($location)); + Assert::isArray($config); + Assert::string($location); $this->configuration = $config; $this->location = $location; @@ -193,8 +194,8 @@ class Configuration implements Utils\ClearableState */ public static function setConfigDir($path, $configSet = 'simplesaml') { - assert(is_string($path)); - assert(is_string($configSet)); + Assert::string($path); + Assert::string($configSet); self::$configDirs[$configSet] = $path; } @@ -216,8 +217,8 @@ class Configuration implements Utils\ClearableState $filename = 'config.php', $configSet = 'simplesaml' ) { - assert(is_string($filename)); - assert(is_string($configSet)); + Assert::string($filename); + Assert::string($configSet); if (!array_key_exists($configSet, self::$configDirs)) { if ($configSet !== 'simplesaml') { @@ -245,8 +246,8 @@ class Configuration implements Utils\ClearableState */ public static function getConfig($filename = 'config.php', $configSet = 'simplesaml') { - assert(is_string($filename)); - assert(is_string($configSet)); + Assert::string($filename); + Assert::string($configSet); if (!array_key_exists($configSet, self::$configDirs)) { if ($configSet !== 'simplesaml') { @@ -275,8 +276,8 @@ class Configuration implements Utils\ClearableState */ public static function getOptionalConfig($filename = 'config.php', $configSet = 'simplesaml') { - assert(is_string($filename)); - assert(is_string($configSet)); + Assert::string($filename); + Assert::string($configSet); if (!array_key_exists($configSet, self::$configDirs)) { if ($configSet !== 'simplesaml') { @@ -305,8 +306,8 @@ class Configuration implements Utils\ClearableState */ public static function loadFromArray($config, $location = '[ARRAY]', $instance = null) { - assert(is_array($config)); - assert(is_string($location)); + Assert::isArray($config); + Assert::string($location); $c = new Configuration($config, $location); if ($instance !== null) { @@ -333,7 +334,7 @@ class Configuration implements Utils\ClearableState */ public static function getInstance($instancename = 'simplesaml') { - assert(is_string($instancename)); + Assert::string($instancename); // check if the instance exists already if (array_key_exists($instancename, self::$instance)) { @@ -369,9 +370,9 @@ class Configuration implements Utils\ClearableState */ public static function init($path, $instancename = 'simplesaml', $configfilename = 'config.php') { - assert(is_string($path)); - assert(is_string($instancename)); - assert(is_string($configfilename)); + Assert::string($path); + Assert::string($instancename); + Assert::string($configfilename); if ($instancename === 'simplesaml') { // for backwards compatibility @@ -402,15 +403,16 @@ class Configuration implements Utils\ClearableState */ public function copyFromBase($instancename, $filename) { - assert(is_string($instancename)); - assert(is_string($filename)); - assert($this->filename !== null); + Assert::string($instancename); + Assert::string($filename); + Assert::notNull($this->filename); // check if we already have loaded the given config - return the existing instance if we have if (array_key_exists($instancename, self::$instance)) { return self::$instance[$instancename]; } + /** @var string $this->filename */ $dir = dirname($this->filename); self::$instance[$instancename] = self::loadFromFile($dir . '/' . $filename, true); @@ -578,7 +580,7 @@ class Configuration implements Utils\ClearableState return null; } - assert(is_string($path)); + Assert::string($path); return Utils\System::resolvePath($path, $this->getBaseDir()); } @@ -640,13 +642,13 @@ class Configuration implements Utils\ClearableState // the directory wasn't set in the configuration file, path is <base directory>/lib/SimpleSAML/Configuration.php $dir = __FILE__; - assert(basename($dir) === 'Configuration.php'); + Assert::same(basename($dir), 'Configuration.php'); $dir = dirname($dir); - assert(basename($dir) === 'SimpleSAML'); + Assert::same(basename($dir), 'SimpleSAML'); $dir = dirname($dir); - assert(basename($dir) === 'lib'); + Assert::same(basename($dir), 'lib'); $dir = dirname($dir); @@ -675,7 +677,7 @@ class Configuration implements Utils\ClearableState */ public function getBoolean($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); @@ -713,7 +715,7 @@ class Configuration implements Utils\ClearableState */ public function getString($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); @@ -751,7 +753,7 @@ class Configuration implements Utils\ClearableState */ public function getInteger($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); @@ -793,9 +795,9 @@ class Configuration implements Utils\ClearableState */ public function getIntegerRange($name, $minimum, $maximum, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); - assert(is_int($minimum)); - assert(is_int($maximum)); + Assert::string($name); + Assert::integer($minimum); + Assert::integer($maximum); $ret = $this->getInteger($name, $default); @@ -839,8 +841,8 @@ class Configuration implements Utils\ClearableState */ public function getValueValidate($name, $allowedValues, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); - assert(is_array($allowedValues)); + Assert::string($name); + Assert::isArray($allowedValues); $ret = $this->getValue($name, $default); if ($ret === $default) { @@ -884,7 +886,7 @@ class Configuration implements Utils\ClearableState */ public function getArray($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); @@ -916,7 +918,7 @@ class Configuration implements Utils\ClearableState */ public function getArrayize($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); @@ -949,7 +951,7 @@ class Configuration implements Utils\ClearableState */ public function getArrayizeString($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getArrayize($name, $default); @@ -992,7 +994,7 @@ class Configuration implements Utils\ClearableState */ public function getConfigItem($name, $default = []) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); @@ -1033,7 +1035,7 @@ class Configuration implements Utils\ClearableState */ public function getConfigList($name) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, []); @@ -1097,7 +1099,7 @@ class Configuration implements Utils\ClearableState */ private function getDefaultBinding($endpointType) { - assert(is_string($endpointType)); + Assert::string($endpointType); $set = $this->getString('metadata-set'); switch ($set . ':' . $endpointType) { @@ -1130,7 +1132,7 @@ class Configuration implements Utils\ClearableState */ public function getEndpoints($endpointType) { - assert(is_string($endpointType)); + Assert::string($endpointType); $loc = $this->location . '[' . var_export($endpointType, true) . ']:'; @@ -1211,7 +1213,7 @@ class Configuration implements Utils\ClearableState */ public function getEndpointPrioritizedByBinding($endpointType, array $bindings, $default = self::REQUIRED_OPTION) { - assert(is_string($endpointType)); + Assert::string($endpointType); $endpoints = $this->getEndpoints($endpointType); @@ -1246,7 +1248,7 @@ class Configuration implements Utils\ClearableState */ public function getDefaultEndpoint($endpointType, array $bindings = null, $default = self::REQUIRED_OPTION) { - assert(is_string($endpointType)); + Assert::string($endpointType); $endpoints = $this->getEndpoints($endpointType); @@ -1279,7 +1281,7 @@ class Configuration implements Utils\ClearableState */ public function getLocalizedString($name, $default = self::REQUIRED_OPTION) { - assert(is_string($name)); + Assert::string($name); $ret = $this->getValue($name, $default); if ($ret === $default) { @@ -1327,8 +1329,8 @@ class Configuration implements Utils\ClearableState */ public function getPublicKeys($use = null, $required = false, $prefix = '') { - assert(is_bool($required)); - assert(is_string($prefix)); + Assert::boolean($required); + Assert::string($prefix); if ($this->hasValue($prefix . 'keys')) { $ret = []; diff --git a/lib/SimpleSAML/Error/Assertion.php b/lib/SimpleSAML/Error/Assertion.php index 30e6d786647896d3a71117747f5769a45a6c1721..28f88b5f021ae7180330e5e87c0c28af6181b7f8 100644 --- a/lib/SimpleSAML/Error/Assertion.php +++ b/lib/SimpleSAML/Error/Assertion.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Error; +use Webmozart\Assert\Assert; + /** * Class for creating exceptions from assertion failures. * @@ -30,7 +32,7 @@ class Assertion extends Exception */ public function __construct($assertion = null) { - assert($assertion === null || is_string($assertion)); + Assert::nullOrString($assertion); $msg = 'Assertion failed: ' . var_export($assertion, true); parent::__construct($msg); diff --git a/lib/SimpleSAML/Error/AuthSource.php b/lib/SimpleSAML/Error/AuthSource.php index f6caaf1ade47c71b9806526a06af0afb85835e37..fcc3f3c027e4eb9a840559c466ebdb77db48aea5 100644 --- a/lib/SimpleSAML/Error/AuthSource.php +++ b/lib/SimpleSAML/Error/AuthSource.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Error; +use Webmozart\Assert\Assert; + /** * Baseclass for auth source exceptions. * @@ -36,8 +38,8 @@ class AuthSource extends Error */ public function __construct($authsource, $reason, $cause = null) { - assert(is_string($authsource)); - assert(is_string($reason)); + Assert::string($authsource); + Assert::string($reason); $this->authsource = $authsource; $this->reason = $reason; diff --git a/lib/SimpleSAML/Error/BadRequest.php b/lib/SimpleSAML/Error/BadRequest.php index d45c2ba442ec79ea30aa1058fe6bf0422db582fe..77463b452bc945259669e802c19df9d713507f03 100644 --- a/lib/SimpleSAML/Error/BadRequest.php +++ b/lib/SimpleSAML/Error/BadRequest.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Error; +use Webmozart\Assert\Assert; + /** * Exception which will show a 400 Bad Request error page. * @@ -30,7 +32,7 @@ class BadRequest extends Error */ public function __construct($reason) { - assert(is_string($reason)); + Assert::string($reason); $this->reason = $reason; parent::__construct(['BADREQUEST', '%REASON%' => $this->reason]); diff --git a/lib/SimpleSAML/Error/Error.php b/lib/SimpleSAML/Error/Error.php index 563d373816971a40331a32c543477c1208eeb975..ffa004f4ebe82233a1502abba40a82075f0f08fc 100644 --- a/lib/SimpleSAML/Error/Error.php +++ b/lib/SimpleSAML/Error/Error.php @@ -9,6 +9,7 @@ use SimpleSAML\Logger; use SimpleSAML\Session; use SimpleSAML\Utils; use SimpleSAML\XHTML\Template; +use Webmozart\Assert\Assert; /** * Class that wraps SimpleSAMLphp errors in exceptions. @@ -80,7 +81,7 @@ class Error extends Exception */ public function __construct($errorCode, \Exception $cause = null, $httpCode = null) { - assert(is_string($errorCode) || is_array($errorCode)); + Assert::true(is_string($errorCode) || is_array($errorCode)); if (is_array($errorCode)) { $this->parameters = $errorCode; @@ -263,9 +264,9 @@ class Error extends Exception $show_function = $config->getArray('errors.show_function', null); if (isset($show_function)) { - assert(is_callable($show_function)); + Assert::isCallable($show_function); call_user_func($show_function, $config, $data); - assert(false); + Assert::true(false); } else { $t = new Template($config, 'error.php', 'errors'); $t->data = array_merge($t->data, $data); diff --git a/lib/SimpleSAML/Error/Exception.php b/lib/SimpleSAML/Error/Exception.php index b0b7b8809bd0c94ae1c213dd2abb42edf5a601b4..885ef1e8db8d8afd9fb113f61a49cd66f636372e 100644 --- a/lib/SimpleSAML/Error/Exception.php +++ b/lib/SimpleSAML/Error/Exception.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Error; use SimpleSAML\Configuration; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Base class for SimpleSAMLphp Exceptions @@ -49,8 +50,8 @@ class Exception extends \Exception */ public function __construct($message, $code = 0, \Exception $cause = null) { - assert(is_string($message)); - assert(is_int($code)); + Assert::string($message); + Assert::integer($code); parent::__construct($message, $code); diff --git a/lib/SimpleSAML/Error/MetadataNotFound.php b/lib/SimpleSAML/Error/MetadataNotFound.php index 9eabf67af9837c6bfce51218653948b18d7e7dbd..8ef13f5cde57785f1e5f3b6b350cbad2f876fd87 100644 --- a/lib/SimpleSAML/Error/MetadataNotFound.php +++ b/lib/SimpleSAML/Error/MetadataNotFound.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Error; +use Webmozart\Assert\Assert; + /** * Error for missing metadata. * @@ -19,7 +21,7 @@ class MetadataNotFound extends Error */ public function __construct($entityId) { - assert(is_string($entityId)); + Assert::string($entityId); $this->includeTemplate = 'core:no_metadata.tpl.php'; parent::__construct([ diff --git a/lib/SimpleSAML/Error/NotFound.php b/lib/SimpleSAML/Error/NotFound.php index 0a5f72e0fa91ef18201f40de4330c0e14b500c4e..498427eabd503a50feb86c849c372eb1a7eb31c5 100644 --- a/lib/SimpleSAML/Error/NotFound.php +++ b/lib/SimpleSAML/Error/NotFound.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Error; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Exception which will show a 404 Not Found error page. @@ -31,7 +32,7 @@ class NotFound extends Error */ public function __construct($reason = null) { - assert($reason === null || is_string($reason)); + Assert::nullOrString($reason); $url = Utils\HTTP::getSelfURL(); diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php index bacc8c8040279e7e784c3542f7169994ab2b8381..5590304f0010fbd92cbdcc4b4d8c1cf7a3663672 100644 --- a/lib/SimpleSAML/IdP.php +++ b/lib/SimpleSAML/IdP.php @@ -4,12 +4,13 @@ declare(strict_types=1); namespace SimpleSAML; -use SAML2\Constants as SAML2; +use SAML2\Constants; use SimpleSAML\Auth; use SimpleSAML\Error; use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Module\saml\Error\NoPassive; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * IdP class. @@ -130,7 +131,7 @@ class IdP */ public static function getById($id) { - assert(is_string($id)); + Assert::string($id); if (isset(self::$idpCache[$id])) { return self::$idpCache[$id]; @@ -151,7 +152,7 @@ class IdP */ public static function getByState(array &$state) { - assert(isset($state['core:IdP'])); + Assert::notNull($state['core:IdP']); return self::getById($state['core:IdP']); } @@ -177,7 +178,7 @@ class IdP */ public function getSPName($assocId) { - assert(is_string($assocId)); + Assert::string($assocId); $prefix = substr($assocId, 0, 4); $spEntityId = substr($assocId, strlen($prefix) + 1); @@ -219,8 +220,8 @@ class IdP */ public function addAssociation(array $association) { - assert(isset($association['id'])); - assert(isset($association['Handler'])); + Assert::notNull($association['id']); + Assert::notNull($association['Handler']); $association['core:IdP'] = $this->id; @@ -249,7 +250,7 @@ class IdP */ public function terminateAssociation($assocId) { - assert(is_string($assocId)); + Assert::string($assocId); $session = Session::getSessionFromRequest(); $session->terminateAssociation($this->associationGroup, $assocId); @@ -275,7 +276,7 @@ class IdP */ public static function postAuthProc(array $state) { - assert(is_callable($state['Responder'])); + Assert::isCallable($state['Responder']); if (isset($state['core:SP'])) { $session = Session::getSessionFromRequest(); @@ -288,7 +289,7 @@ class IdP } call_user_func($state['Responder'], $state); - assert(false); + Assert::true(false); } @@ -351,7 +352,7 @@ class IdP private function authenticate(array &$state) { if (isset($state['isPassive']) && (bool) $state['isPassive']) { - throw new NoPassive(SAML2::STATUS_RESPONDER, 'Passive authentication not supported.'); + throw new NoPassive(Constants::STATUS_RESPONDER, 'Passive authentication not supported.'); } $this->authSource->login($state); @@ -386,7 +387,7 @@ class IdP */ public function handleAuthenticationRequest(array &$state) { - assert(isset($state['Responder'])); + Assert::notNull($state['Responder']); $state['core:IdP'] = $this->id; @@ -413,7 +414,7 @@ class IdP try { if ($needAuth) { $this->authenticate($state); - assert(false); + Assert::true(false); } else { $this->reauthenticate($state); } @@ -463,11 +464,11 @@ class IdP */ public function finishLogout(array &$state) { - assert(isset($state['Responder'])); + Assert::notNull($state['Responder']); $idp = IdP::getByState($state); call_user_func($state['Responder'], $idp, $state); - assert(false); + Assert::true(false); } @@ -483,8 +484,8 @@ class IdP */ public function handleLogoutRequest(array &$state, $assocId) { - assert(isset($state['Responder'])); - assert(is_string($assocId) || $assocId === null); + Assert::notNull($state['Responder']); + Assert::nullOrString($assocId); $state['core:IdP'] = $this->id; $state['core:TerminatedAssocId'] = $assocId; @@ -505,7 +506,7 @@ class IdP $handler = $this->getLogoutHandler(); $handler->startLogout($state, $assocId); } - assert(false); + Assert::true(false); } @@ -521,11 +522,11 @@ class IdP */ public function handleLogoutResponse($assocId, $relayState, Error\Exception $error = null) { - assert(is_string($assocId)); - assert(is_string($relayState) || $relayState === null); + Assert::string($assocId); + Assert::nullOrString($relayState); $index = strpos($assocId, ':'); - assert(is_int($index)); + Assert::integer($index); $session = Session::getSessionFromRequest(); $session->deleteData('core:idp-ssotime', $this->id . ';' . substr($assocId, $index + 1)); @@ -533,7 +534,7 @@ class IdP $handler = $this->getLogoutHandler(); $handler->onResponse($assocId, $relayState, $error); - assert(false); + Assert::true(false); } @@ -547,7 +548,7 @@ class IdP */ public function doLogoutRedirect($url) { - assert(is_string($url)); + Assert::string($url); $state = [ 'Responder' => ['\SimpleSAML\IdP', 'finishLogoutRedirect'], @@ -555,7 +556,7 @@ class IdP ]; $this->handleLogoutRequest($state, null); - assert(false); + Assert::true(false); } @@ -570,9 +571,9 @@ class IdP */ public static function finishLogoutRedirect(IdP $idp, array $state) { - assert(isset($state['core:Logout:URL'])); + Assert::notNull($state['core:Logout:URL']); Utils\HTTP::redirectTrustedURL($state['core:Logout:URL']); - assert(false); + Assert::true(false); } } diff --git a/lib/SimpleSAML/IdP/IFrameLogoutHandler.php b/lib/SimpleSAML/IdP/IFrameLogoutHandler.php index c315cc82f27625fc9007d7b9b8226d98f95bf705..b95fc62feee9ea9d8554333486bb8c57269d34c0 100644 --- a/lib/SimpleSAML/IdP/IFrameLogoutHandler.php +++ b/lib/SimpleSAML/IdP/IFrameLogoutHandler.php @@ -11,6 +11,7 @@ use SimpleSAML\IdP; use SimpleSAML\Module; use SimpleSAML\Utils; use SimpleSAML\XHTML\Template; +use Webmozart\Assert\Assert; /** * Class that handles iframe logout. @@ -46,7 +47,7 @@ class IFrameLogoutHandler implements LogoutHandlerInterface */ public function startLogout(array &$state, $assocId) { - assert(is_string($assocId) || $assocId === null); + Assert::nullOrString($assocId); $associations = $this->idp->getAssociations(); @@ -96,7 +97,7 @@ class IFrameLogoutHandler implements LogoutHandlerInterface */ public function onResponse($assocId, $relayState, Error\Exception $error = null) { - assert(is_string($assocId)); + Assert::string($assocId); $this->idp->terminateAssociation($assocId); diff --git a/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php b/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php index 7ea2bfe74c88651681b6f25611a9aeedc5b4287f..88543949002a0d2c9e1de3371617d910cda3d35f 100644 --- a/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php +++ b/lib/SimpleSAML/IdP/TraditionalLogoutHandler.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\IdP; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Class that handles traditional logout. @@ -68,7 +69,7 @@ class TraditionalLogoutHandler implements LogoutHandlerInterface // Try the next SP $this->logoutNextSP($state); - assert(false); + Assert::true(false); } } @@ -104,8 +105,8 @@ class TraditionalLogoutHandler implements LogoutHandlerInterface */ public function onResponse($assocId, $relayState, Error\Exception $error = null) { - assert(is_string($assocId)); - assert(is_string($relayState) || $relayState === null); + Assert::string($assocId); + Assert::nullOrString($relayState); if ($relayState === null) { throw new Error\Exception('RelayState lost during logout.'); diff --git a/lib/SimpleSAML/Locale/Language.php b/lib/SimpleSAML/Locale/Language.php index 4f6581313c7787965f278652de53336d7b88db87..13cba995b0f60bd8d9bb65ea2d24d38b7c413ee4 100644 --- a/lib/SimpleSAML/Locale/Language.php +++ b/lib/SimpleSAML/Locale/Language.php @@ -15,6 +15,7 @@ namespace SimpleSAML\Locale; use SimpleSAML\Configuration; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; class Language { @@ -410,7 +411,7 @@ class Language */ public static function setLanguageCookie($language) { - assert(is_string($language)); + Assert::string($language); $language = strtolower($language); $config = Configuration::getInstance(); diff --git a/lib/SimpleSAML/Locale/Translate.php b/lib/SimpleSAML/Locale/Translate.php index 768e5302983f13d405a8d0efdf02c916b85948f3..4d441c21b0e53e4aa3398be9483a8df6a7d7c0dd 100644 --- a/lib/SimpleSAML/Locale/Translate.php +++ b/lib/SimpleSAML/Locale/Translate.php @@ -16,6 +16,7 @@ use Gettext\BaseTranslator; use SimpleSAML\Configuration; use SimpleSAML\Logger; use SimpleSAML\Module; +use Webmozart\Assert\Assert; class Translate { @@ -128,7 +129,7 @@ class Translate */ public function getTag($tag) { - assert(is_string($tag)); + Assert::string($tag); // first check translations loaded by the includeInlineTranslation and includeLanguageFile methods if (array_key_exists($tag, $this->langtext)) { @@ -166,7 +167,7 @@ class Translate */ public function getPreferredTranslation($translations) { - assert(is_array($translations)); + Assert::isArray($translations); // look up translation of tag in the selected language $selected_language = $this->language->getLanguage(); @@ -387,7 +388,7 @@ class Translate private function readDictionaryJSON(string $filename): array { $definitionFile = $filename . '.definition.json'; - assert(file_exists($definitionFile)); + Assert::true(file_exists($definitionFile)); $fileContent = file_get_contents($definitionFile); $lang = json_decode($fileContent, true); @@ -419,7 +420,7 @@ class Translate private function readDictionaryPHP(string $filename): array { $phpFile = $filename . '.php'; - assert(file_exists($phpFile)); + Assert::true(file_exists($phpFile)); $lang = null; include($phpFile); diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php index c7a86e0f3fb3d630a3d12beb246900f761dac4f6..5556e22a1b72bb7f95d4f652914fca59128c4d56 100644 --- a/lib/SimpleSAML/Logger.php +++ b/lib/SimpleSAML/Logger.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML; use SimpleSAML\Logger\ErrorLogLoggingHandler; +use Webmozart\Assert\Assert; /** * The main logger class for SimpleSAMLphp. @@ -357,7 +358,7 @@ class Logger */ public static function maskErrors($mask) { - assert(is_int($mask)); + Assert::integer($mask); $currentEnabled = error_reporting(); self::$logLevelStack[] = [$currentEnabled, self::$logMask]; @@ -423,7 +424,7 @@ class Logger // get the configuration $config = Configuration::getInstance(); - assert($config instanceof Configuration); + Assert::isInstanceOf($config, Configuration::class); // setting minimum log_level self::$logLevel = $config->getInteger('logging.level', self::INFO); diff --git a/lib/SimpleSAML/Memcache.php b/lib/SimpleSAML/Memcache.php index 98684debd6d973268df9cb2c2d03987ca573ba99..84b5b83f48be6a7b9a52349a54c1ccc7e784b428 100644 --- a/lib/SimpleSAML/Memcache.php +++ b/lib/SimpleSAML/Memcache.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This file implements functions to read and write to a group of memcache @@ -186,7 +187,7 @@ class Memcache */ public static function delete($key) { - assert(is_string($key)); + Assert::string($key); Logger::debug("deleting key $key from memcache"); // store this object to all groups of memcache servers @@ -429,7 +430,7 @@ class Memcache { // get the configuration instance $config = Configuration::getInstance(); - assert($config instanceof Configuration); + Assert::isInstanceOf($config, Configuration::class); // get the expire-value from the configuration $expire = $config->getInteger('memcache_store.expires', 0); diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php index 98548235911f63fb266a46dfb9ff32ed8e8f0bcb..c284deec700137d53f31faf19d3a95d21fed8d48 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandler.php @@ -12,6 +12,7 @@ use SimpleSAML\Logger; use SimpleSAML\Utils; use SimpleSAML\Error\MetadataNotFound; use SimpleSAML\Utils\ClearableState; +use Webmozart\Assert\Assert; /** * This file defines a class for metadata handling. @@ -107,7 +108,7 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState // get the configuration $config = Configuration::getInstance(); - assert($config instanceof Configuration); + Assert::isInstanceOf($config, Configuration::class); $baseurl = Utils\HTTP::getSelfURLHost() . $config->getBasePath(); @@ -150,7 +151,7 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState */ public function getList($set = 'saml20-idp-remote', $showExpired = false) { - assert(is_string($set)); + Assert::string($set); $result = []; @@ -205,7 +206,7 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState */ public function getMetaDataCurrentEntityID($set, $type = 'entityid') { - assert(is_string($set)); + Assert::string($set); // first we look for the hostname/path combination $currenthostwithpath = Utils\HTTP::getSelfHostWithPath(); // sp.example.org/university @@ -312,13 +313,13 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState */ public function getMetaData($index, $set) { - assert(is_string($set)); + Assert::string($set); if ($index === null) { $index = $this->getMetaDataCurrentEntityID($set, 'metaindex'); } - assert(is_string($index)); + Assert::string($index); foreach ($this->sources as $source) { $metadata = $source->getMetaData($index, $set); @@ -335,7 +336,7 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState $metadata['metadata-index'] = $index; $metadata['metadata-set'] = $set; - assert(array_key_exists('entityid', $metadata)); + Assert::keyExists($metadata, 'entityid'); return $metadata; } } @@ -357,8 +358,8 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState */ public function getMetaDataConfig($entityId, $set) { - assert(is_string($entityId)); - assert(is_string($set)); + Assert::string($entityId); + Assert::string($set); $metadata = $this->getMetaData($entityId, $set); return Configuration::loadFromArray($metadata, $set . '/' . var_export($entityId, true)); @@ -376,8 +377,8 @@ class MetaDataStorageHandler implements \SimpleSAML\Utils\ClearableState */ public function getMetaDataConfigForSha1($sha1, $set) { - assert(is_string($sha1)); - assert(is_string($set)); + Assert::string($sha1); + Assert::string($set); $result = []; diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php index 45d8e61fae35659d3cd3d9255ce9e028857bb1b2..fb123fcb43046eb4c32af62a3cb0c2b34c2c6e78 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerFlatFile.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Metadata; use SimpleSAML\Configuration; +use Webmozart\Assert\Assert; /** * This file defines a flat file metadata source. @@ -45,7 +46,7 @@ class MetaDataStorageHandlerFlatFile extends MetaDataStorageSource */ protected function __construct($config) { - assert(is_array($config)); + Assert::isArray($config); // get the configuration $globalConfig = Configuration::getInstance(); diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php index 841f7282dedac466fc6cfe99c33c703123c7b2db..d6c08b0e9cdda475d5d87531603b794f65c8d572 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerPdo.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Metadata; use SimpleSAML\Database; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Class for handling metadata files stored in a database. @@ -63,7 +64,7 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource */ public function __construct($config) { - assert(is_array($config)); + Assert::isArray($config); $this->db = Database::getInstance(); } @@ -122,7 +123,7 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource */ public function getMetadataSet($set) { - assert(is_string($set)); + Assert::string($set); if (array_key_exists($set, $this->cachedMetadata)) { return $this->cachedMetadata[$set]; @@ -153,8 +154,8 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource */ public function getMetaData($entityId, $set) { - assert(is_string($entityId)); - assert(is_string($set)); + Assert::string($entityId); + Assert::string($set); // validate the metadata set is valid if (!in_array($set, $this->supportedSets, true)) { @@ -227,9 +228,9 @@ class MetaDataStorageHandlerPdo extends MetaDataStorageSource */ public function addEntry($index, $set, $entityData) { - assert(is_string($index)); - assert(is_string($set)); - assert(is_array($entityData)); + Assert::string($index); + Assert::string($set); + assert::isArray($entityData); if (!in_array($set, $this->supportedSets, true)) { return false; diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php index c2dd6b0f1d8caf276a100ed7ae64ae747ca9d7ce..b797b1da76a7a2507f952ff34fb0e391888991a8 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSerialize.php @@ -7,6 +7,7 @@ namespace SimpleSAML\Metadata; use SimpleSAML\Configuration; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Class for handling metadata files in serialized format. @@ -41,7 +42,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource */ public function __construct($config) { - assert(is_array($config)); + Assert::isArray($config); $globalConfig = Configuration::getInstance(); @@ -121,7 +122,7 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource */ public function getMetadataSet($set) { - assert(is_string($set)); + Assert::string($set); $ret = []; @@ -176,8 +177,8 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource */ public function getMetaData($entityId, $set) { - assert(is_string($entityId)); - assert(is_string($set)); + Assert::string($entityId); + Assert::string($set); $filePath = $this->getMetadataPath($entityId, $set); @@ -220,9 +221,9 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource */ public function saveMetadata($entityId, $set, $metadata) { - assert(is_string($entityId)); - assert(is_string($set)); - assert(is_array($metadata)); + Assert::string($entityId); + Assert::string($set); + Assert::isArray($metadata); $filePath = $this->getMetadataPath($entityId, $set); $newPath = $filePath . '.new'; @@ -272,8 +273,8 @@ class MetaDataStorageHandlerSerialize extends MetaDataStorageSource */ public function deleteMetadata($entityId, $set) { - assert(is_string($entityId)); - assert(is_string($set)); + Assert::string($entityId); + Assert::string($set); $filePath = $this->getMetadataPath($entityId, $set); diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageSource.php b/lib/SimpleSAML/Metadata/MetaDataStorageSource.php index 7a0b4be4bff3134e9fc6da7a637c0367461c9ca2..481572288dca6fe0b82e4912c749296be6db93b2 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageSource.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageSource.php @@ -7,6 +7,7 @@ namespace SimpleSAML\Metadata; use SimpleSAML\Error; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This abstract class defines an interface for metadata storage sources. @@ -36,7 +37,7 @@ abstract class MetaDataStorageSource */ public static function parseSources($sourcesConfig) { - assert(is_array($sourcesConfig)); + Assert::isArray($sourcesConfig); $sources = []; @@ -65,7 +66,7 @@ abstract class MetaDataStorageSource */ public static function getSource($sourceConfig) { - assert(is_array($sourceConfig)); + Assert::isArray($sourceConfig); if (array_key_exists('type', $sourceConfig)) { $type = $sourceConfig['type']; @@ -238,8 +239,8 @@ abstract class MetaDataStorageSource public function getMetaData($index, $set) { - assert(is_string($index)); - assert(isset($set)); + Assert::string($index); + Assert::notNull($set); $metadataSet = $this->getMetadataSet($set); @@ -299,7 +300,7 @@ abstract class MetaDataStorageSource */ protected function lookupIndexFromEntityId($entityId, array $metadataSet) { - assert(is_string($entityId)); + Assert::string($entityId); // check for hostname $currentHost = Utils\HTTP::getSelfHost(); // sp.example.org @@ -359,8 +360,8 @@ abstract class MetaDataStorageSource */ protected function updateEntityID($metadataSet, $entityId, array $metadataEntry) { - assert(is_string($metadataSet)); - assert(is_string($entityId)); + Assert::string($metadataSet); + Assert::string($entityId); $modifiedMetadataEntry = $metadataEntry; diff --git a/lib/SimpleSAML/Metadata/SAMLBuilder.php b/lib/SimpleSAML/Metadata/SAMLBuilder.php index e90df10dab41aa8987a23e63785066fc00b34bce..b066db7427e06b15e67cfb2a981316366c7f872f 100644 --- a/lib/SimpleSAML/Metadata/SAMLBuilder.php +++ b/lib/SimpleSAML/Metadata/SAMLBuilder.php @@ -28,6 +28,7 @@ use SimpleSAML\Configuration; use SimpleSAML\Logger; use SimpleSAML\Module\adfs\SAML2\XML\fed\SecurityTokenServiceType; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Class for generating SAML 2.0 metadata from SimpleSAMLphp metadata arrays. @@ -74,7 +75,7 @@ class SAMLBuilder */ public function __construct($entityId, $maxCache = null, $maxDuration = null) { - assert(is_string($entityId)); + Assert::string($entityId); $this->maxCache = $maxCache; $this->maxDuration = $maxDuration; @@ -130,7 +131,7 @@ class SAMLBuilder */ public function getEntityDescriptorText($formatted = true) { - assert(is_bool($formatted)); + Assert::boolean($formatted); $xml = $this->getEntityDescriptor(); if ($formatted) { @@ -149,9 +150,9 @@ class SAMLBuilder */ public function addSecurityTokenServiceType($metadata) { - assert(is_array($metadata)); - assert(isset($metadata['entityid'])); - assert(isset($metadata['metadata-set'])); + Assert::isArray($metadata); + Assert::notNull($metadata['entityid']); + Assert::notNull($metadata['metadata-set']); $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']); $defaultEndpoint = $metadata->getDefaultEndpoint('SingleSignOnService'); @@ -478,8 +479,8 @@ class SAMLBuilder */ public function addMetadata($set, $metadata) { - assert(is_string($set)); - assert(is_array($metadata)); + Assert::string($set); + Assert::isArray($metadata); $this->setExpiration($metadata); @@ -514,10 +515,10 @@ class SAMLBuilder */ public function addMetadataSP20($metadata, $protocols = [Constants::NS_SAMLP]) { - assert(is_array($metadata)); - assert(is_array($protocols)); - assert(isset($metadata['entityid'])); - assert(isset($metadata['metadata-set'])); + Assert::isArray($metadata); + Assert::isArray($protocols); + Assert::notNull($metadata['entityid']); + Assert::notNull($metadata['metadata-set']); $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']); @@ -571,9 +572,9 @@ class SAMLBuilder */ public function addMetadataIdP20($metadata) { - assert(is_array($metadata)); - assert(isset($metadata['entityid'])); - assert(isset($metadata['metadata-set'])); + Assert::isArray($metadata); + Assert::notNull($metadata['entityid']); + Assert::notNull($metadata['metadata-set']); $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']); @@ -621,9 +622,9 @@ class SAMLBuilder */ public function addMetadataSP11($metadata) { - assert(is_array($metadata)); - assert(isset($metadata['entityid'])); - assert(isset($metadata['metadata-set'])); + Assert::isArray($metadata); + Assert::notNull($metadata['entityid']); + Assert::notNull($metadata['metadata-set']); $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']); @@ -662,9 +663,9 @@ class SAMLBuilder */ public function addMetadataIdP11($metadata) { - assert(is_array($metadata)); - assert(isset($metadata['entityid'])); - assert(isset($metadata['metadata-set'])); + Assert::isArray($metadata); + Assert::notNull($metadata['entityid']); + Assert::notNull($metadata['metadata-set']); $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']); @@ -695,8 +696,8 @@ class SAMLBuilder */ public function addAttributeAuthority(array $metadata) { - assert(isset($metadata['entityid'])); - assert(isset($metadata['metadata-set'])); + Assert::notNull($metadata['entityid']); + Assert::notNull($metadata['metadata-set']); $metadata = Configuration::loadFromArray($metadata, $metadata['entityid']); @@ -734,9 +735,9 @@ class SAMLBuilder */ public function addContact($type, $details) { - assert(is_string($type)); - assert(is_array($details)); - assert(in_array($type, ['technical', 'support', 'administrative', 'billing', 'other'], true)); + Assert::string($type); + Assert::isArray($details); + Assert::oneOf($type, ['technical', 'support', 'administrative', 'billing', 'other']); // TODO: remove this check as soon as getContact() is called always before calling this function $details = Utils\Config\Metadata::getContact($details); @@ -792,7 +793,7 @@ class SAMLBuilder */ private function addX509KeyDescriptor(RoleDescriptor $rd, string $use, string $x509data) { - assert(in_array($use, ['encryption', 'signing'], true)); + Assert::oneOf($use, ['encryption', 'signing']); $keyDescriptor = \SAML2\Utils::createKeyDescriptor($x509data); $keyDescriptor->setUse($use); diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php index 73d64c9419d89e5eab830f2f58b9dd660eca6545..45880788020fcbe58ba310b0c698f51f79c08c94 100644 --- a/lib/SimpleSAML/Metadata/SAMLParser.php +++ b/lib/SimpleSAML/Metadata/SAMLParser.php @@ -37,6 +37,7 @@ use SAML2\XML\saml\Attribute; use SAML2\XML\shibmd\Scope; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This is class for parsing of SAML 1.x and SAML 2.0 metadata. @@ -287,7 +288,7 @@ class SAMLParser */ public static function parseDocument($document) { - assert($document instanceof DOMDocument); + Assert::isInstanceOf($document, DOMDocument::class); $entityElement = self::findEntityDescriptor($document); @@ -305,7 +306,7 @@ class SAMLParser */ public static function parseElement($entityElement) { - assert($entityElement instanceof EntityDescriptor); + Assert::isInstanceOf($entityElement, EntityDescriptor::class); return new SAMLParser($entityElement, null, []); } @@ -412,7 +413,7 @@ class SAMLParser return $ret; } - assert($element instanceof EntitiesDescriptor); + Assert::isInstanceOf($element, EntitiesDescriptor::class); $extensions = self::processExtensions($element, $parentExtensions); $expTime = self::getExpireTime($element, $maxExpireTime); @@ -503,8 +504,8 @@ class SAMLParser */ private function addExtensions(array &$metadata, array $roleDescriptor) { - assert(array_key_exists('scope', $roleDescriptor)); - assert(array_key_exists('tags', $roleDescriptor)); + Assert::keyExists($roleDescriptor, 'scope'); + Assert::keyExists($roleDescriptor, 'tags'); $scopes = array_merge($this->scopes, array_diff($roleDescriptor['scope'], $this->scopes)); if (!empty($scopes)) { @@ -1004,7 +1005,7 @@ class SAMLParser AttributeAuthorityDescriptor $element, $expireTime ) { - assert($expireTime === null || is_int($expireTime)); + Assert::nullOrInteger($expireTime); $aad = self::parseRoleDescriptorType($element, $expireTime); $aad['entityid'] = $this->getEntityId(); @@ -1450,7 +1451,7 @@ class SAMLParser public function validateSignature($certificates) { foreach ($certificates as $cert) { - assert(is_string($cert)); + Assert::string($cert); $certFile = Utils\Config::getCertPath($cert); if (!file_exists($certFile)) { throw new \Exception( @@ -1525,7 +1526,7 @@ class SAMLParser */ public function validateFingerprint($fingerprint, $algorithm) { - assert(is_string($fingerprint)); + Assert::string($fingerprint); $fingerprint = strtolower(str_replace(":", "", $fingerprint)); diff --git a/lib/SimpleSAML/Metadata/Sources/MDQ.php b/lib/SimpleSAML/Metadata/Sources/MDQ.php index 4b3a3adb7ef2ddc46da6167609e1c58570a409f5..889b429e086f68d9f86883048494cb085f0b4b07 100644 --- a/lib/SimpleSAML/Metadata/Sources/MDQ.php +++ b/lib/SimpleSAML/Metadata/Sources/MDQ.php @@ -10,6 +10,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Metadata\SAMLParser; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This class implements SAML Metadata Query Protocol @@ -76,7 +77,7 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource */ protected function __construct($config) { - assert(is_array($config)); + Assert::isArray($config); if (!array_key_exists('server', $config)) { throw new \Exception(__CLASS__ . ": the 'server' configuration option is not set."); @@ -134,8 +135,8 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource */ private function getCacheFilename($set, $entityId) { - assert(is_string($set)); - assert(is_string($entityId)); + Assert::string($set); + Assert::string($entityId); if ($this->cacheDir === null) { throw new Error\ConfigurationError("Missing cache directory configuration."); @@ -280,8 +281,8 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource */ public function getMetaData($index, $set) { - assert(is_string($index)); - assert(is_string($set)); + Assert::string($index); + Assert::string($set); Logger::info(__CLASS__ . ': loading metadata entity [' . $index . '] from [' . $set . ']'); diff --git a/lib/SimpleSAML/Module.php b/lib/SimpleSAML/Module.php index 88692e246174b77fa687edadff4da7b881d04111..674312c3054003a404f6ed3586df5bbfe3d9eb2c 100644 --- a/lib/SimpleSAML/Module.php +++ b/lib/SimpleSAML/Module.php @@ -13,6 +13,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; +use Webmozart\Assert\Assert; /** * Helper class for accessing information about modules. @@ -136,7 +137,7 @@ class Module } $url = $request->server->get('PATH_INFO'); - assert(substr($url, 0, 1) === '/'); + Assert::same(substr($url, 0, 1), '/'); /* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the *'.php'-ending. @@ -423,9 +424,9 @@ class Module */ public static function resolveClass($id, $type, $subclass = null) { - assert(is_string($id)); - assert(is_string($type)); - assert(is_string($subclass) || $subclass === null); + Assert::string($id); + Assert::string($type); + Assert::nullOrString($subclass); $tmp = explode(':', $id, 2); if (count($tmp) === 1) { @@ -475,8 +476,8 @@ class Module */ public static function getModuleURL($resource, array $parameters = []) { - assert(is_string($resource)); - assert($resource[0] !== '/'); + Assert::string($resource); + Assert::notSame($resource[0], '/'); $url = Utils\HTTP::getBaseURL() . 'module.php/' . $resource; if (!empty($parameters)) { @@ -537,7 +538,7 @@ class Module */ public static function callHooks($hook, &$data = null) { - assert(is_string($hook)); + Assert::string($hook); $modules = self::getModules(); $config = Configuration::getOptionalConfig()->getArray('module.enable', []); diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 5d6b6f683bc906a2a32af0d8ddc2cf0994a1b042..fdb69c9614f4a7bbd9355667e02ee0158601c2c4 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -7,6 +7,7 @@ namespace SimpleSAML; use SAML2\XML\saml\AttributeValue; use SimpleSAML\Error; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * The Session class holds information about a user session, and everything attached to it. @@ -324,7 +325,7 @@ class Session implements \Serializable, Utils\ClearableState */ public static function getSession($sessionId = null) { - assert(is_string($sessionId) || $sessionId === null); + Assert::nullOrString($sessionId); $sh = SessionHandler::getSessionHandler(); @@ -347,7 +348,7 @@ class Session implements \Serializable, Utils\ClearableState return null; } - assert($session instanceof self); + Assert::isInstanceOf($session, self::class); if ($checkToken) { $globalConfig = Configuration::getInstance(); @@ -426,7 +427,7 @@ class Session implements \Serializable, Utils\ClearableState */ public static function createSession($sessionId) { - assert(is_string($sessionId)); + Assert::string($sessionId); self::$sessions[$sessionId] = null; } @@ -567,7 +568,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function setRememberMeExpire($expire = null) { - assert(is_int($expire) || $expire === null); + Assert::nullOrInteger($expire); if ($expire === null) { $expire = time() + self::$config->getInteger('session.rememberme.lifetime', 14 * 86400); @@ -591,8 +592,8 @@ class Session implements \Serializable, Utils\ClearableState */ public function doLogin($authority, array $data = null) { - assert(is_string($authority)); - assert(is_array($data) || $data === null); + Assert::string($authority); + Assert::nullOrArray($data); Logger::debug('Session: doLogin("' . $authority . '")'); @@ -716,7 +717,7 @@ class Session implements \Serializable, Utils\ClearableState */ private function callLogoutHandlers(string $authority) { - assert(isset($this->authData[$authority])); + Assert::notNull($this->authData[$authority]); if (empty($this->authData[$authority]['LogoutHandlers'])) { return; @@ -751,7 +752,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function isValid($authority) { - assert(is_string($authority)); + Assert::string($authority); if (!isset($this->authData[$authority])) { Logger::debug( @@ -779,7 +780,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function updateSessionCookies($params = null) { - assert(is_null($params) || is_array($params)); + Assert::nullOrArray($params); $sessionHandler = SessionHandler::getSessionHandler(); @@ -807,8 +808,8 @@ class Session implements \Serializable, Utils\ClearableState */ public function setAuthorityExpire($authority, $expire = null) { - assert(isset($this->authData[$authority])); - assert(is_int($expire) || $expire === null); + Assert::notNull($this->authData[$authority]); + Assert::nullOrInteger($expire); $this->markDirty(); @@ -831,7 +832,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function registerLogoutHandler($authority, $classname, $functionname) { - assert(isset($this->authData[$authority])); + Assert::notNull($this->authData[$authority]); $logout_handler = [$classname, $functionname]; @@ -857,8 +858,8 @@ class Session implements \Serializable, Utils\ClearableState */ public function deleteData($type, $id) { - assert(is_string($type)); - assert(is_string($id)); + Assert::string($type); + Assert::string($id); if (!array_key_exists($type, $this->dataStore)) { return; @@ -887,9 +888,9 @@ class Session implements \Serializable, Utils\ClearableState */ public function setData($type, $id, $data, $timeout = null) { - assert(is_string($type)); - assert(is_string($id)); - assert(is_int($timeout) || $timeout === null || $timeout === self::DATA_TIMEOUT_SESSION_END); + Assert::string($type); + Assert::string($id); + Assert::true(is_int($timeout) || $timeout === null || $timeout === self::DATA_TIMEOUT_SESSION_END); if ($timeout === null) { // use the default timeout @@ -962,8 +963,8 @@ class Session implements \Serializable, Utils\ClearableState */ public function getData($type, $id) { - assert(is_string($type)); - assert($id === null || is_string($id)); + Assert::string($type); + Assert::nullOrString($id); if ($id === null) { return null; @@ -995,7 +996,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function getDataOfType($type) { - assert(is_string($type)); + Assert::string($type); if (!array_key_exists($type, $this->dataStore)) { return []; @@ -1018,7 +1019,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function getAuthState($authority) { - assert(is_string($authority)); + Assert::string($authority); if (!isset($this->authData[$authority])) { return null; @@ -1051,9 +1052,9 @@ class Session implements \Serializable, Utils\ClearableState */ public function addAssociation($idp, array $association) { - assert(is_string($idp)); - assert(isset($association['id'])); - assert(isset($association['Handler'])); + Assert::string($idp); + Assert::notNull($association['id']); + Assert::notNull($association['Handler']); if (!isset($this->associations)) { $this->associations = []; @@ -1079,7 +1080,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function getAssociations($idp) { - assert(is_string($idp)); + Assert::string($idp); if (!isset($this->associations)) { $this->associations = []; @@ -1114,8 +1115,8 @@ class Session implements \Serializable, Utils\ClearableState */ public function terminateAssociation($idp, $associationId) { - assert(is_string($idp)); - assert(is_string($associationId)); + Assert::string($idp); + Assert::string($associationId); if (!isset($this->associations)) { return; @@ -1140,8 +1141,8 @@ class Session implements \Serializable, Utils\ClearableState */ public function getAuthData($authority, $name) { - assert(is_string($authority)); - assert(is_string($name)); + Assert::string($authority); + Assert::string($name); if (!isset($this->authData[$authority][$name])) { return null; diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php index 3cef005df778c43a81c4f34c81e18ce20cc27bd9..02c3de3f53c2efc79919acc2edde4712a57c7ee4 100644 --- a/lib/SimpleSAML/SessionHandlerCookie.php +++ b/lib/SimpleSAML/SessionHandlerCookie.php @@ -16,6 +16,7 @@ declare(strict_types=1); namespace SimpleSAML; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; abstract class SessionHandlerCookie extends SessionHandler { @@ -157,8 +158,8 @@ abstract class SessionHandlerCookie extends SessionHandler */ public function setCookie($sessionName, $sessionID, array $cookieParams = null) { - assert(is_string($sessionName)); - assert(is_string($sessionID) || $sessionID === null); + Assert::string($sessionName); + Assert::nullOrString($sessionID); if ($cookieParams !== null) { $params = array_merge($this->getCookieParams(), $cookieParams); diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php index c1832f20a6e1a76583468d410c0958fbc06c086e..1952946d3e913e55bf8e76464cee3e4141e94b11 100644 --- a/lib/SimpleSAML/SessionHandlerPHP.php +++ b/lib/SimpleSAML/SessionHandlerPHP.php @@ -15,6 +15,7 @@ namespace SimpleSAML; use SimpleSAML\Error; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; class SessionHandlerPHP extends SessionHandler { @@ -251,7 +252,7 @@ class SessionHandlerPHP extends SessionHandler */ public function loadSession($sessionId = null) { - assert(is_string($sessionId) || $sessionId === null); + Assert::nullOrString($sessionId); if ($sessionId !== null) { if (session_id() === '' && !(version_compare(PHP_VERSION, '7.2', 'ge') && headers_sent())) { @@ -275,7 +276,7 @@ class SessionHandlerPHP extends SessionHandler } $session = $_SESSION['SimpleSAMLphp_SESSION']; - assert(is_string($session)); + Assert::string($session); $session = unserialize($session); diff --git a/lib/SimpleSAML/SessionHandlerStore.php b/lib/SimpleSAML/SessionHandlerStore.php index 1169fab11035e1bfdffac47d1a09c312e2ce1ff7..4f459fa847fcbca10df7f0bcb526d2e8b6a0ba5f 100644 --- a/lib/SimpleSAML/SessionHandlerStore.php +++ b/lib/SimpleSAML/SessionHandlerStore.php @@ -10,6 +10,8 @@ declare(strict_types=1); namespace SimpleSAML; +use Webmozart\Assert\Assert; + class SessionHandlerStore extends SessionHandlerCookie { /** @@ -42,7 +44,7 @@ class SessionHandlerStore extends SessionHandlerCookie */ public function loadSession($sessionId = null) { - assert(is_string($sessionId) || $sessionId === null); + Assert::nullOrString($sessionId); if ($sessionId === null) { $sessionId = $this->getCookieSessionId(); @@ -54,7 +56,7 @@ class SessionHandlerStore extends SessionHandlerCookie $session = $this->store->get('session', $sessionId); if ($session !== null) { - assert($session instanceof Session); + Assert::isInstanceOf($session, Session::class); return $session; } diff --git a/lib/SimpleSAML/Stats.php b/lib/SimpleSAML/Stats.php index caa0afe699f1ae91eb3c38fa74771ddfadf6d94e..281e35bb6d9ba8db5eed3e0c8ba548da4e87767f 100644 --- a/lib/SimpleSAML/Stats.php +++ b/lib/SimpleSAML/Stats.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML; +use Webmozart\Assert\Assert; + /** * Statistics handler class. * @@ -74,10 +76,10 @@ class Stats */ public static function log($event, array $data = []) { - assert(is_string($event)); - assert(!isset($data['op'])); - assert(!isset($data['time'])); - assert(!isset($data['_id'])); + Assert::string($event); + Assert::keyNotExists($data, 'op'); + Assert::keyNotExists($data, 'time'); + Assert::keyNotExists($data, '_id'); if (!self::$initialized) { self::initOutputs(); diff --git a/lib/SimpleSAML/Store/Memcache.php b/lib/SimpleSAML/Store/Memcache.php index e674ae0fdb746b1b415b0e2ae01d53fce8d29e4e..d704cf55938c17666e5eef56cdc3db9f13f05f73 100644 --- a/lib/SimpleSAML/Store/Memcache.php +++ b/lib/SimpleSAML/Store/Memcache.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Store; use SimpleSAML\Configuration; use SimpleSAML\Store; +use Webmozart\Assert\Assert; /** * A memcache based data store. @@ -41,8 +42,8 @@ class Memcache extends Store */ public function get($type, $key) { - assert(is_string($type)); - assert(is_string($key)); + Assert::string($type); + Assert::string($key); return \SimpleSAML\Memcache::get($this->prefix . '.' . $type . '.' . $key); } @@ -59,9 +60,9 @@ class Memcache extends Store */ public function set($type, $key, $value, $expire = null) { - assert(is_string($type)); - assert(is_string($key)); - assert($expire === null || (is_int($expire) && $expire > 2592000)); + Assert::string($type); + Assert::string($key); + Assert::nullOrGreaterThan($expire, 2592000); if ($expire === null) { $expire = 0; @@ -80,8 +81,8 @@ class Memcache extends Store */ public function delete($type, $key) { - assert(is_string($type)); - assert(is_string($key)); + Assert::string($type); + Assert::string($key); \SimpleSAML\Memcache::delete($this->prefix . '.' . $type . '.' . $key); } diff --git a/lib/SimpleSAML/Store/Redis.php b/lib/SimpleSAML/Store/Redis.php index acf766e35db88cdbcafd170e70ce9c99d8c23fba..f502977bc5dcc4bc58e0b0926773ca39b5c67e68 100644 --- a/lib/SimpleSAML/Store/Redis.php +++ b/lib/SimpleSAML/Store/Redis.php @@ -8,6 +8,7 @@ use Predis\Client; use SimpleSAML\Configuration; use SimpleSAML\Error; use SimpleSAML\Store; +use Webmozart\Assert\Assert; /** * A data store using Redis to keep the data. @@ -23,14 +24,14 @@ class Redis extends Store * Initialize the Redis data store. * @param \Predis\Client|null $redis */ - public function __construct($redis = null) + public function __construct(Client $redis = null) { - assert($redis === null || is_subclass_of($redis, Client::class)); - if (!class_exists(Client::class)) { throw new Error\CriticalConfigurationError('predis/predis is not available.'); } + Assert::nullOrIsInstanceOf($redis, \Predis\Client::class); + if ($redis === null) { $config = Configuration::getInstance(); @@ -78,8 +79,8 @@ class Redis extends Store */ public function get($type, $key) { - assert(is_string($type)); - assert(is_string($key)); + Assert::string($type); + Assert::string($key); $result = $this->redis->get("{$type}.{$key}"); @@ -102,9 +103,9 @@ class Redis extends Store */ public function set($type, $key, $value, $expire = null) { - assert(is_string($type)); - assert(is_string($key)); - assert($expire === null || (is_int($expire) && $expire > 2592000)); + Assert::string($type); + Assert::string($key); + Assert::nullOrGreaterThan($expire, 2592000); $serialized = serialize($value); @@ -126,8 +127,8 @@ class Redis extends Store */ public function delete($type, $key) { - assert(is_string($type)); - assert(is_string($key)); + Assert::string($type); + Assert::string($key); $this->redis->del("{$type}.{$key}"); } diff --git a/lib/SimpleSAML/Store/SQL.php b/lib/SimpleSAML/Store/SQL.php index 08e7d1837b6977dc9b310664eb56fab43da88202..501cc68aa26fe498a401e65b3f8c1702779ad28e 100644 --- a/lib/SimpleSAML/Store/SQL.php +++ b/lib/SimpleSAML/Store/SQL.php @@ -9,6 +9,7 @@ use PDOException; use SimpleSAML\Configuration; use SimpleSAML\Logger; use SimpleSAML\Store; +use Webmozart\Assert\Assert; /** * A data store using a RDBMS to keep the data. @@ -189,7 +190,7 @@ class SQL extends Store */ public function getTableVersion($name) { - assert(is_string($name)); + Assert::string($name); if (!isset($this->tableVersions[$name])) { return 0; @@ -208,8 +209,8 @@ class SQL extends Store */ public function setTableVersion($name, $version) { - assert(is_string($name)); - assert(is_int($version)); + Assert::string($name); + Assert::integer($version); $this->insertOrUpdate( $this->prefix . '_tableVersion', @@ -232,7 +233,7 @@ class SQL extends Store */ public function insertOrUpdate($table, array $keys, array $data) { - assert(is_string($table)); + Assert::string($table); $colNames = '(' . implode(', ', array_keys($data)) . ')'; $values = 'VALUES(:' . implode(', :', array_keys($data)) . ')'; @@ -310,8 +311,8 @@ class SQL extends Store */ public function get($type, $key) { - assert(is_string($type)); - assert(is_string($key)); + Assert::string($type); + Assert::string($key); if (strlen($key) > 50) { $key = sha1($key); @@ -354,9 +355,9 @@ class SQL extends Store */ public function set($type, $key, $value, $expire = null) { - assert(is_string($type)); - assert(is_string($key)); - assert($expire === null || (is_int($expire) && $expire > 2592000)); + Assert::string($type); + Assert::string($key); + Assert::nullOrGreaterThan($expire, 2592000); if (rand(0, 1000) < 10) { $this->cleanKVStore(); @@ -393,8 +394,8 @@ class SQL extends Store */ public function delete($type, $key) { - assert(is_string($type)); - assert(is_string($key)); + Assert::string($type); + Assert::string($key); if (strlen($key) > 50) { $key = sha1($key); diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php index 59c6cd2fa0507ed22ee0b1f00320a85c2714faa5..c12519adb178984f355ee19eeec5138c4fc7e1e0 100644 --- a/lib/SimpleSAML/Utils/Crypto.php +++ b/lib/SimpleSAML/Utils/Crypto.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Utils; use SimpleSAML\Configuration; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * A class for cryptography-related functions. @@ -289,7 +290,7 @@ class Crypto // normalize fingerprint(s) - lowercase and no colons foreach ($fps as &$fp) { - assert(is_string($fp)); + Assert::string($fp); $fp = strtolower(str_replace(':', '', $fp)); } diff --git a/lib/SimpleSAML/Utils/EMail.php b/lib/SimpleSAML/Utils/EMail.php index 08c70df75adcc5ed5dddbbcb82fe5f13c9cf9414..dd861bc3803f2691afce2c46c539790147b26849 100644 --- a/lib/SimpleSAML/Utils/EMail.php +++ b/lib/SimpleSAML/Utils/EMail.php @@ -8,6 +8,7 @@ use PHPMailer\PHPMailer\PHPMailer; use SimpleSAML\Configuration; use SimpleSAML\Logger; use SimpleSAML\XHTML\Template; +use Webmozart\Assert\Assert; /** * E-mailer class that can generate a formatted e-mail from array @@ -159,7 +160,7 @@ class EMail */ public function setTransportMethod($transportMethod, array $transportOptions = []) { - assert(is_string($transportMethod)); + Assert::string($transportMethod); switch (strtolower($transportMethod)) { // smtp transport method @@ -231,7 +232,7 @@ class EMail */ public static function initFromConfig(EMail $EMail) { - assert($EMail instanceof EMail); + Assert::isInstanceOf($EMail, EMail::class); $config = Configuration::getInstance(); $EMail->setTransportMethod( diff --git a/lib/SimpleSAML/Utils/XML.php b/lib/SimpleSAML/Utils/XML.php index 8c178fee12edb3c0c53697b6cd85e4ecc5cec13b..6f97ccb4e8e766b579a4a6bcc73d508e1408ce59 100644 --- a/lib/SimpleSAML/Utils/XML.php +++ b/lib/SimpleSAML/Utils/XML.php @@ -20,6 +20,7 @@ use SimpleSAML\Configuration; use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\XML\Errors; +use Webmozart\Assert\Assert; class XML { @@ -144,7 +145,7 @@ class XML Logger::debug('Encrypted message:'); break; default: - assert(false); + Assert::true(false); } $str = self::formatXMLString($message); diff --git a/lib/SimpleSAML/XHTML/IdPDisco.php b/lib/SimpleSAML/XHTML/IdPDisco.php index d5b64751346121ffb202aa2af8fc21e37c3bb5b4..8e941879832f9151505eb40c39446144e30baf50 100644 --- a/lib/SimpleSAML/XHTML/IdPDisco.php +++ b/lib/SimpleSAML/XHTML/IdPDisco.php @@ -9,6 +9,7 @@ use SimpleSAML\Logger; use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Session; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * This class implements a generic IdP discovery service, for use in various IdP @@ -119,7 +120,7 @@ class IdPDisco */ public function __construct(array $metadataSets, $instance) { - assert(is_string($instance)); + Assert::string($instance); // initialize standard classes $this->config = Configuration::getInstance(); @@ -395,7 +396,7 @@ class IdPDisco */ protected function setPreviousIdP($idp) { - assert(is_string($idp)); + Assert::string($idp); $this->log('Choice made [' . $idp . '] Setting cookie.'); $this->setCookie('lastidp', $idp); diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php index e584d825de589b62b9f13c79d09cc021b8397fa2..4ceed77ea29ccb2139e7e6c15fe0e5df3e688ad8 100644 --- a/lib/SimpleSAML/XHTML/Template.php +++ b/lib/SimpleSAML/XHTML/Template.php @@ -24,6 +24,7 @@ use Symfony\Component\HttpFoundation\Response; use Twig\Loader\FilesystemLoader; use Twig\TwigFilter; use Twig\TwigFunction; +use Webmozart\Assert\Assert; class Template extends Response { @@ -588,6 +589,7 @@ class Template extends Response { $extensions = ['.tpl.php', '.php']; + $extensions = ['.tpl.php', '.php']; list($templateModule, $templateName) = $this->findModuleAndTemplateName($template); $templateModule = ($templateModule !== null) ? $templateModule : 'default'; diff --git a/lib/SimpleSAML/XML/Errors.php b/lib/SimpleSAML/XML/Errors.php index 7db0b0699bf1dea6df29a3bb129d343d2c320c49..2f7114f53ef299fd40e1091098162ae7a12ed483 100644 --- a/lib/SimpleSAML/XML/Errors.php +++ b/lib/SimpleSAML/XML/Errors.php @@ -15,6 +15,7 @@ declare(strict_types=1); namespace SimpleSAML\XML; use LibXMLError; +use Webmozart\Assert\Assert; class Errors { @@ -114,7 +115,7 @@ class Errors */ public static function formatError($error) { - assert($error instanceof LibXMLError); + Assert::isInstanceOf($error, LibXMLError::class); return 'level=' . $error->level . ',code=' . $error->code . ',line=' . $error->line @@ -135,7 +136,7 @@ class Errors */ public static function formatErrors($errors) { - assert(is_array($errors)); + Assert::isArray($errors); $ret = ''; foreach ($errors as $error) { diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php index e61e369fe895876a40cb5769ae241a8905c198b0..0d666a97fc237d2422d03ec6f75cab5fc8dbdcda 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php @@ -22,6 +22,7 @@ use SimpleSAML\Error; use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Utils; use SimpleSAML\XML\Validator; +use Webmozart\Assert\Assert; class AuthnResponse { @@ -64,7 +65,7 @@ class AuthnResponse */ public function setMessageValidated($messageValidated) { - assert(is_bool($messageValidated)); + Assert::boolean($messageValidated); $this->messageValidated = $messageValidated; } @@ -77,7 +78,7 @@ class AuthnResponse */ public function setXML($xml) { - assert(is_string($xml)); + Assert::string($xml); try { $this->dom = DOMDocumentFactory::fromString(str_replace("\r", "", $xml)); @@ -112,7 +113,7 @@ class AuthnResponse */ public function validate() { - assert($this->dom instanceof DOMDocument); + Assert::isInstanceOf($this->dom, DOMDocument::class); if ($this->messageValidated) { // This message was validated externally @@ -120,6 +121,7 @@ class AuthnResponse } // Validate the signature + /** @var \DOMDocument $this->dom */ $this->validator = new Validator($this->dom, ['ResponseID', 'AssertionID']); // Get the issuer of the response @@ -179,7 +181,7 @@ class AuthnResponse $node = dom_import_simplexml($node); } - assert($node instanceof DOMNode); + Assert::isInstanceOf($node, DOMNode::class); return $this->validator->isNodeValidated($node); } @@ -195,14 +197,15 @@ class AuthnResponse */ private function doXPathQuery(string $query, DOMNode $node = null): DOMNodeList { - assert($this->dom instanceof DOMDocument); - + Assert::isInstanceOf($this->dom, DOMDocument::class); if ($node === null) { + /** @var \DOMDocument $this->dom */ $node = $this->dom->documentElement; } - assert($node instanceof DOMNode); + Assert::isInstanceOf($node, DOMNode::class); + /** @var \DOMDocument $this->dom */ $xPath = new DOMXpath($this->dom); $xPath->registerNamespace('shibp', self::SHIB_PROTOCOL_NS); $xPath->registerNamespace('shib', self::SHIB_ASSERT_NS); @@ -218,7 +221,7 @@ class AuthnResponse */ public function getSessionIndex() { - assert($this->dom instanceof DOMDocument); + Assert::isInstanceOf($this->dom, DOMDocument::class); $query = '/shibp:Response/shib:Assertion/shib:AuthnStatement'; $nodelist = $this->doXPathQuery($query); @@ -357,8 +360,8 @@ class AuthnResponse */ public function generate(Configuration $idp, Configuration $sp, $shire, $attributes) { - assert(is_string($shire)); - assert($attributes === null || is_array($attributes)); + Assert::string($shire); + Assert::nullOrArray($attributes); if ($sp->hasValue('scopedattributes')) { $scopedAttributes = $sp->getArray('scopedattributes'); diff --git a/lib/SimpleSAML/XML/Signer.php b/lib/SimpleSAML/XML/Signer.php index e71c9079eec21cb0d34f1d0d1eaf596b859d8013..7c84570fbb99f0f285a48be9a8b43f8594ab853f 100644 --- a/lib/SimpleSAML/XML/Signer.php +++ b/lib/SimpleSAML/XML/Signer.php @@ -19,6 +19,7 @@ use DOMText; use RobRichards\XMLSecLibs\XMLSecurityDSig; use RobRichards\XMLSecLibs\XMLSecurityKey; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; class Signer { @@ -62,7 +63,7 @@ class Signer */ public function __construct($options = []) { - assert(is_array($options)); + Assert::isArray($options); if (array_key_exists('privatekey', $options)) { $pass = null; @@ -102,8 +103,8 @@ class Signer */ public function loadPrivateKeyArray($privatekey) { - assert(is_array($privatekey)); - assert(array_key_exists('PEM', $privatekey)); + Assert::isArray($privatekey); + Assert::keyExists($privatekey, 'PEM'); $this->privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, ['type' => 'private']); if (array_key_exists('password', $privatekey)) { @@ -129,9 +130,9 @@ class Signer */ public function loadPrivateKey($file, $pass = null, $full_path = false) { - assert(is_string($file)); - assert(is_string($pass) || $pass === null); - assert(is_bool($full_path)); + Assert::string($file); + Assert::nullOrString($pass); + Assert::boolean($full_path); if (!$full_path) { $keyFile = Utils\Config::getCertPath($file); @@ -167,7 +168,7 @@ class Signer */ public function loadPublicKeyArray($publickey) { - assert(is_array($publickey)); + Assert::isArray($publickey); if (!array_key_exists('PEM', $publickey)) { // We have a public key with only a fingerprint @@ -194,8 +195,8 @@ class Signer */ public function loadCertificate($file, $full_path = false) { - assert(is_string($file)); - assert(is_bool($full_path)); + Assert::string($file); + Assert::boolean($full_path); if (!$full_path) { $certFile = Utils\Config::getCertPath($file); @@ -223,7 +224,7 @@ class Signer */ public function setIDAttribute($idAttrName) { - assert(is_string($idAttrName)); + Assert::string($idAttrName); $this->idAttrName = $idAttrName; } @@ -243,8 +244,8 @@ class Signer */ public function addCertificate($file, $full_path = false) { - assert(is_string($file)); - assert(is_bool($full_path)); + Assert::string($file); + Assert::boolean($full_path); if (!$full_path) { $certFile = Utils\Config::getCertPath($file); @@ -280,10 +281,9 @@ class Signer */ public function sign($node, $insertInto, $insertBefore = null) { - assert($node instanceof DOMElement); - assert($insertInto instanceof DOMElement); - assert($insertBefore === null || $insertBefore instanceof DOMElement || - $insertBefore instanceof DOMComment || $insertBefore instanceof DOMText); + Assert::isInstanceOf($node, DOMElement::class); + Assert::isInstanceOf($insertInto, DOMElement::class); + Assert::nullOrInstanceOfAny($insertBefore, [DOMElement::class, DOMComment::class, DOMText::class]); $privateKey = $this->privateKey; if ($privateKey === false) { diff --git a/lib/SimpleSAML/XML/Validator.php b/lib/SimpleSAML/XML/Validator.php index 665f20ec206ec1d412edd5943b323db4e39ed8d2..33c17bf234b6b58d69312a0c7223db317b6bca1f 100644 --- a/lib/SimpleSAML/XML/Validator.php +++ b/lib/SimpleSAML/XML/Validator.php @@ -11,9 +11,11 @@ declare(strict_types=1); namespace SimpleSAML\XML; +use DOMNode; use RobRichards\XMLSecLibs\XMLSecEnc; use RobRichards\XMLSecLibs\XMLSecurityDSig; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; class Validator { @@ -44,12 +46,12 @@ class Validator * this attribute is NULL (the default), then we will use whatever is the default * ID. Can be eigther a string with one value, or an array with multiple ID * attrbute names. - * @param array|bool $publickey The public key / certificate which should be used to validate the XML node. + * @param array|false $publickey The public key / certificate which should be used to validate the XML node. * @throws \Exception */ public function __construct($xmlNode, $idAttribute = null, $publickey = false) { - assert($xmlNode instanceof \DOMDocument); + Assert::isInstanceOf($xmlNode, DOMNode::class); if ($publickey === null) { $publickey = false; @@ -58,7 +60,7 @@ class Validator 'PEM' => $publickey, ]; } else { - assert($publickey === false || is_array($publickey)); + Assert::true($publickey === false || is_array($publickey)); } // Create an XML security object @@ -112,7 +114,7 @@ class Validator * Check that the response contains a certificate with a matching * fingerprint. */ - assert(is_array($publickey['certFingerprint'])); + Assert::isArray($publickey['certFingerprint']); $certificate = $objKey->getX509Certificate(); if ($certificate === null) { @@ -213,7 +215,7 @@ class Validator } foreach ($fingerprints as $fp) { - assert(is_string($fp)); + Assert::string($fp); if ($fp === $certFingerprint) { // The fingerprints matched @@ -241,7 +243,7 @@ class Validator */ public function validateFingerprint($fingerprints) { - assert(is_string($fingerprints) || is_array($fingerprints)); + Assert::true(is_string($fingerprints) || is_array($fingerprints)); if ($this->x509Certificate === null) { throw new \Exception('Key used to sign the message was not an X509 certificate.'); @@ -253,7 +255,7 @@ class Validator // Normalize the fingerprints foreach ($fingerprints as &$fp) { - assert(is_string($fp)); + Assert::string($fp); // Make sure that the fingerprint is in the correct format $fp = strtolower(str_replace(":", "", $fp)); @@ -272,7 +274,7 @@ class Validator */ public function isNodeValidated($node) { - assert($node instanceof \DOMNode); + Assert::isInstanceOf($node, DOMNode::class); if ($this->validNodes !== null) { while ($node !== null) { @@ -302,7 +304,7 @@ class Validator */ public function validateCA($caFile) { - assert(is_string($caFile)); + Assert::string($caFile); if ($this->x509Certificate === null) { throw new \Exception('Key used to sign the message was not an X509 certificate.'); @@ -414,8 +416,8 @@ class Validator */ public static function validateCertificate($certificate, $caFile) { - assert(is_string($certificate)); - assert(is_string($caFile)); + Assert::string($certificate); + Assert::string($caFile); if (!file_exists($caFile)) { throw new \Exception('Could not load CA file: ' . $caFile); diff --git a/modules/core/hooks/hook_frontpage.php b/modules/core/hooks/hook_frontpage.php index d56a7f0ed433496971e21ec1148c893e475b8f8f..f6ff146a3978a41970a25dbefc0979a22e4a7612 100644 --- a/modules/core/hooks/hook_frontpage.php +++ b/modules/core/hooks/hook_frontpage.php @@ -2,6 +2,8 @@ declare(strict_types=1); +use Webmozart\Assert\Assert; + /** * Hook to add the modinfo module to the frontpage. * @@ -10,8 +12,8 @@ declare(strict_types=1); */ function core_hook_frontpage(&$links) { - assert(is_array($links)); - assert(array_key_exists('links', $links)); + Assert::isArray($links); + Assert::keyExists($links, 'links'); $links['links']['frontpage_welcome'] = [ 'href' => SimpleSAML\Module::getModuleURL('core/frontpage_welcome.php'), diff --git a/modules/core/hooks/hook_sanitycheck.php b/modules/core/hooks/hook_sanitycheck.php index 9bf9132d59f0e476a222e9470e9f2c494d72da7d..c786872bb70049a549d8e81c4ea825ddb4a22a6d 100644 --- a/modules/core/hooks/hook_sanitycheck.php +++ b/modules/core/hooks/hook_sanitycheck.php @@ -2,6 +2,8 @@ declare(strict_types=1); +use Webmozart\Assert\Assert; + /** * Hook to do sanitycheck * @@ -10,9 +12,9 @@ declare(strict_types=1); */ function core_hook_sanitycheck(&$hookinfo) { - assert(is_array($hookinfo)); - assert(array_key_exists('errors', $hookinfo)); - assert(array_key_exists('info', $hookinfo)); + Assert::isArray($hookinfo); + Assert::keyExists($hookinfo, 'errors'); + Assert::keyExists($hookinfo, 'info'); $config = \SimpleSAML\Configuration::getInstance(); diff --git a/modules/core/lib/ACL.php b/modules/core/lib/ACL.php index a952cbe531c80c98584782fcfa885a81201e7542..6ab1baa790f1ea76cf345e95b5794ac05221e0cb 100644 --- a/modules/core/lib/ACL.php +++ b/modules/core/lib/ACL.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core; use SimpleSAML\Configuration; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Generic library for access control lists. @@ -29,7 +30,7 @@ class ACL */ public function __construct($acl) { - assert(is_string($acl) || is_array($acl)); + Assert::true(is_string($acl) || is_array($acl)); if (is_string($acl)) { $acl = self::getById($acl); diff --git a/modules/core/lib/Auth/Process/AttributeAdd.php b/modules/core/lib/Auth/Process/AttributeAdd.php index 116fd8ce4145193d8a1a4fe45e512cb9f9be2621..59d1dce47053ef1ae5fce9474aa15b56e8179911 100644 --- a/modules/core/lib/Auth/Process/AttributeAdd.php +++ b/modules/core/lib/Auth/Process/AttributeAdd.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; +use Webmozart\Assert\Assert; + /** * Filter to add attributes. * @@ -39,7 +41,7 @@ class AttributeAdd extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); foreach ($config as $name => $values) { if (is_int($name)) { @@ -77,8 +79,8 @@ class AttributeAdd extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/AttributeAlter.php b/modules/core/lib/Auth/Process/AttributeAlter.php index 2ca333dc896b517d4a0f2f9fc0ffa3f96d6ad5cd..4fec537e847a5fbac759a3aadba857e6de780343 100644 --- a/modules/core/lib/Auth/Process/AttributeAlter.php +++ b/modules/core/lib/Auth/Process/AttributeAlter.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Filter to modify attributes using regular expressions @@ -64,7 +65,7 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); // parse filter configuration foreach ($config as $name => $value) { @@ -106,8 +107,8 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); // get attributes from request $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/AttributeCopy.php b/modules/core/lib/Auth/Process/AttributeCopy.php index 29fdd4fe3908287782cf15114bb9fe60ebc7517e..fe1ae5017595ef40ed9e93ed208010d59ba20180 100644 --- a/modules/core/lib/Auth/Process/AttributeCopy.php +++ b/modules/core/lib/Auth/Process/AttributeCopy.php @@ -4,6 +4,8 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; +use Webmozart\Assert\Assert; + /** * Attribute filter for renaming attributes. * @@ -38,7 +40,7 @@ class AttributeCopy extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); foreach ($config as $source => $destination) { if (!is_string($source)) { @@ -62,8 +64,8 @@ class AttributeCopy extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/AttributeLimit.php b/modules/core/lib/Auth/Process/AttributeLimit.php index ee4b32240154d20ed20be3de39bb6da9a3a897f1..ffa79c0b501d849aaa2d40d38e513b1cd6e88f5d 100644 --- a/modules/core/lib/Auth/Process/AttributeLimit.php +++ b/modules/core/lib/Auth/Process/AttributeLimit.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Error; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * A filter for limiting which attributes are passed on. @@ -40,7 +41,7 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); foreach ($config as $index => $value) { if ($index === 'default') { @@ -95,8 +96,8 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + assert::keyExists($request, 'Attributes'); if ($this->isDefault) { $allowedAttributes = self::getSPIdPAllowed($request); diff --git a/modules/core/lib/Auth/Process/AttributeMap.php b/modules/core/lib/Auth/Process/AttributeMap.php index bc21b574610f2e3db8756958d902f9bf52104041..2ff61fc2e867310fb8a021451e99d856de765576 100644 --- a/modules/core/lib/Auth/Process/AttributeMap.php +++ b/modules/core/lib/Auth/Process/AttributeMap.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Configuration; use SimpleSAML\Module; +use Webmozart\Assert\Assert; /** * Attribute filter for renaming attributes. @@ -40,7 +41,7 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $mapFiles = []; foreach ($config as $origName => $newName) { @@ -123,8 +124,8 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $mapped_attributes = []; diff --git a/modules/core/lib/Auth/Process/AttributeValueMap.php b/modules/core/lib/Auth/Process/AttributeValueMap.php index 86a2471113464f77b73ec35c646f537d41dc4c99..9f640777153e046f6ca71086bd1aa41956b8e1d5 100644 --- a/modules/core/lib/Auth/Process/AttributeValueMap.php +++ b/modules/core/lib/Auth/Process/AttributeValueMap.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Error; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Filter to create target attribute based on value(s) in source attribute @@ -57,7 +58,7 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); // parse configuration foreach ($config as $name => $value) { @@ -115,8 +116,8 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter { Logger::debug('Processing the AttributeValueMap filter.'); - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $attributes = &$request['Attributes']; if (!array_key_exists($this->sourceattribute, $attributes)) { diff --git a/modules/core/lib/Auth/Process/Cardinality.php b/modules/core/lib/Auth/Process/Cardinality.php index 0ddb1ff8916144a297550e9bcdaec1c29ef75fd1..96f68fbd090d073230639729ccc98aa5bd501dc5 100644 --- a/modules/core/lib/Auth/Process/Cardinality.php +++ b/modules/core/lib/Auth/Process/Cardinality.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Filter to ensure correct cardinality of attributes @@ -39,7 +40,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter public function __construct(&$config, $reserved, Utils\HttpAdapter $http = null) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $this->http = $http ? : new Utils\HttpAdapter(); @@ -112,8 +113,8 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists("Attributes", $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $entityid = false; if (array_key_exists('Source', $request) && array_key_exists('entityid', $request['Source'])) { diff --git a/modules/core/lib/Auth/Process/CardinalitySingle.php b/modules/core/lib/Auth/Process/CardinalitySingle.php index 36d0b8bb3631d51a1db1508e5dfefba5be896ec5..cf59af15f59fdf23e70ea6c8e9dea7e324582c71 100644 --- a/modules/core/lib/Auth/Process/CardinalitySingle.php +++ b/modules/core/lib/Auth/Process/CardinalitySingle.php @@ -8,6 +8,7 @@ use SimpleSAML\Auth; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Filter to ensure correct cardinality of single-valued attributes @@ -49,7 +50,7 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter public function __construct(&$config, $reserved, Utils\HttpAdapter $http = null) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $this->http = $http ? : new Utils\HttpAdapter(); @@ -87,8 +88,8 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists("Attributes", $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); if ( array_key_exists('Source', $request) diff --git a/modules/core/lib/Auth/Process/ExtendIdPSession.php b/modules/core/lib/Auth/Process/ExtendIdPSession.php index ab4e2126b997260016e7200f5cbbb045d9828be2..0366ff2f36f4bea607e40702822eb643db1743ae 100644 --- a/modules/core/lib/Auth/Process/ExtendIdPSession.php +++ b/modules/core/lib/Auth/Process/ExtendIdPSession.php @@ -7,6 +7,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Configuration; use SimpleSAML\Session; use SimpleSAML\SessionHandler; +use Webmozart\Assert\Assert; /** * Extend IdP session and cookies. @@ -19,7 +20,7 @@ class ExtendIdPSession extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); + Assert::isArray($state); if (empty($state['Expire']) || empty($state['Authority'])) { return; diff --git a/modules/core/lib/Auth/Process/GenerateGroups.php b/modules/core/lib/Auth/Process/GenerateGroups.php index e04b800dfc197e63f47135c06f5a091560c0dae7..9a6ef0d3de93487be498fc1d259ef7e9dadafd70 100644 --- a/modules/core/lib/Auth/Process/GenerateGroups.php +++ b/modules/core/lib/Auth/Process/GenerateGroups.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Filter to generate a groups attribute based on many of the attributes of the user. @@ -31,7 +32,7 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (count($config) === 0) { // Use default groups @@ -61,8 +62,8 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $groups = []; $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/LanguageAdaptor.php b/modules/core/lib/Auth/Process/LanguageAdaptor.php index 45889c068d29a709e368fd5920f5989bf92c6d87..1984c4e32b683c538179bdbb52d319246e535bf7 100644 --- a/modules/core/lib/Auth/Process/LanguageAdaptor.php +++ b/modules/core/lib/Auth/Process/LanguageAdaptor.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Locale\Language; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Filter to set and get language settings from attributes. @@ -28,7 +29,7 @@ class LanguageAdaptor extends \SimpleSAML\Auth\ProcessingFilter public function __construct(&$config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (array_key_exists('attributename', $config)) { $this->langattr = $config['attributename']; @@ -46,8 +47,8 @@ class LanguageAdaptor extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/PHP.php b/modules/core/lib/Auth/Process/PHP.php index 9b79f0988a467c201116e8b192c04b9c8ed3c7ca..5bcf8c0e06d1ab4b7682edd24446a1c5f939125c 100644 --- a/modules/core/lib/Auth/Process/PHP.php +++ b/modules/core/lib/Auth/Process/PHP.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Attribute filter for running arbitrary PHP code. @@ -34,7 +35,7 @@ class PHP extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (!isset($config['code'])) { throw new Error\Exception("core:PHP: missing mandatory configuration option 'code'."); @@ -53,8 +54,8 @@ class PHP extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); /** * @param array &$attributes diff --git a/modules/core/lib/Auth/Process/ScopeAttribute.php b/modules/core/lib/Auth/Process/ScopeAttribute.php index 7effc2adbbbfb2d361c9614cb01b7c1b54c9d895..b1228a1f68fd997f634ec5d9ec17bde26202258d 100644 --- a/modules/core/lib/Auth/Process/ScopeAttribute.php +++ b/modules/core/lib/Auth/Process/ScopeAttribute.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Configuration; +use Webmozart\Assert\Assert; /** * Add a scoped variant of an attribute. @@ -52,7 +53,7 @@ class ScopeAttribute extends \SimpleSAML\Auth\ProcessingFilter public function __construct(&$config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $cfg = Configuration::loadFromArray($config, 'ScopeAttribute'); @@ -71,8 +72,8 @@ class ScopeAttribute extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/ScopeFromAttribute.php b/modules/core/lib/Auth/Process/ScopeFromAttribute.php index e94acfe33c1e062d06776e0483555fe36e12e6ed..a8a44012b34b34e44c2f546937aaa9132378196c 100644 --- a/modules/core/lib/Auth/Process/ScopeFromAttribute.php +++ b/modules/core/lib/Auth/Process/ScopeFromAttribute.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Configuration; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Retrieve a scope from a source attribute and add it as a virtual target @@ -49,7 +50,7 @@ class ScopeFromAttribute extends \SimpleSAML\Auth\ProcessingFilter public function __construct(&$config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $cfg = Configuration::loadFromArray($config, 'ScopeFromAttribute'); $this->targetAttribute = $cfg->getString('targetAttribute'); @@ -65,8 +66,8 @@ class ScopeFromAttribute extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('Attributes', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $attributes = &$request['Attributes']; diff --git a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php index 05f5d92ed88aafc5e95010c1a4f273fbd966bcfe..07ecc94d0924278940e52f921eb2087c96c9ab9b 100644 --- a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php +++ b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\core\Auth\Process; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Log a line in the STAT log with one attribute. @@ -41,7 +42,7 @@ class StatisticsWithAttribute extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (array_key_exists('attributename', $config)) { $this->attribute = $config['attributename']; @@ -71,8 +72,8 @@ class StatisticsWithAttribute extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); - assert(array_key_exists('Attributes', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'Attributes'); $logAttribute = 'NA'; $isPassive = ''; diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php index 66095c0c7daa0bbbac1d40a605dbb784e860199b..1e8273bd974e1a9f89475b65a99acdbb5b577bb4 100644 --- a/modules/core/lib/Auth/Process/TargetedID.php +++ b/modules/core/lib/Auth/Process/TargetedID.php @@ -7,6 +7,7 @@ namespace SimpleSAML\Module\core\Auth\Process; use SAML2\Constants; use SAML2\XML\saml\NameID; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Filter to generate the eduPersonTargetedID attribute. @@ -64,7 +65,7 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (array_key_exists('attributename', $config)) { $this->attribute = $config['attributename']; @@ -90,8 +91,8 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); - assert(array_key_exists('Attributes', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'Attributes'); if ($this->attribute === null) { if (!array_key_exists('UserID', $state)) { diff --git a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php index 7f2005b96ab3315d6b40ee48f9d4fe09bddcc051..e75b56cd7cac3eac4ca352a1010861dc3873de42 100644 --- a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php +++ b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php @@ -8,6 +8,7 @@ use SimpleSAML\Auth; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Give a warning to the user if we receive multiple requests in a short time. @@ -27,7 +28,7 @@ class WarnShortSSOInterval extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); + Assert::isArray($state); if (!array_key_exists('PreviousSSOTimestamp', $state)) { /* diff --git a/modules/core/lib/Auth/Source/AdminPassword.php b/modules/core/lib/Auth/Source/AdminPassword.php index 7875e1a1abe72f12d569ad759901f8ca886708db..5fc1b7b5e7ec5498ab6423244c12632a63288f07 100644 --- a/modules/core/lib/Auth/Source/AdminPassword.php +++ b/modules/core/lib/Auth/Source/AdminPassword.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Auth\Source; use SimpleSAML\Configuration; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Authentication source which verifies the password against @@ -24,8 +25,8 @@ class AdminPassword extends \SimpleSAML\Module\core\Auth\UserPassBase */ public function __construct($info, $config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -49,8 +50,8 @@ class AdminPassword extends \SimpleSAML\Module\core\Auth\UserPassBase */ protected function login($username, $password) { - assert(is_string($username)); - assert(is_string($password)); + Assert::string($username); + Assert::string($password); $config = Configuration::getInstance(); $adminPassword = $config->getString('auth.adminpassword', '123'); diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php index e29512533fb07b1f3cff7f7c447f986b65ea90d5..919cda96af81d59c34738e4809ba94fe260df35e 100644 --- a/modules/core/lib/Auth/UserPassBase.php +++ b/modules/core/lib/Auth/UserPassBase.php @@ -11,6 +11,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils\HTTP; +use Webmozart\Assert\Assert; /** * Helper class for username/password authentication. @@ -101,8 +102,8 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source */ public function __construct($info, &$config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); if (isset($config['core:loginpage_links'])) { $this->loginLinks = $config['core:loginpage_links']; @@ -136,7 +137,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source */ public function setForcedUsername($forcedUsername) { - assert(is_string($forcedUsername) || $forcedUsername === null); + Assert::nullOrString($forcedUsername); $this->forcedUsername = $forcedUsername; } @@ -201,7 +202,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source */ public function authenticate(&$state) { - assert(is_array($state)); + Assert::isArray($state); /* * Save the identifier of this authentication source, so that we can @@ -239,7 +240,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source } $attributes = $this->login($username, $password); - assert(is_array($attributes)); + Assert::isArray($attributes); $state['Attributes'] = $attributes; return; @@ -257,7 +258,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source HTTP::redirectTrustedURL($url, $params); // The previous function never returns, so this code is never executed. - assert(false); + assert::true(false); } @@ -291,16 +292,16 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source */ public static function handleLogin($authStateId, $username, $password) { - assert(is_string($authStateId)); - assert(is_string($username)); - assert(is_string($password)); + Assert::string($authStateId); + Assert::string($username); + Assert::string($password); // Here we retrieve the state array we saved in the authenticate-function. /** @var array $state */ $state = Auth\State::loadState($authStateId, self::STAGEID); // Retrieve the authentication source we are executing. - assert(array_key_exists(self::AUTHID, $state)); + Assert::keyExists($state, self::AUTHID); /** @var \SimpleSAML\Module\core\Auth\UserPassBase|null $source */ $source = Auth\Source::getById($state[self::AUTHID]); @@ -324,7 +325,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source Logger::stats('User \'' . $username . '\' successfully authenticated from ' . $_SERVER['REMOTE_ADDR']); // Save the attributes we received from the login-function in the $state-array - assert(is_array($attributes)); + Assert::isArray($attributes); $state['Attributes'] = $attributes; // Return control to SimpleSAMLphp after successful authentication. diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php index 426eeb102c034071dc99002943208f59551da562..608ca86726a1c601d8ff94d9121e2b65e78bd09c 100644 --- a/modules/core/lib/Auth/UserPassOrgBase.php +++ b/modules/core/lib/Auth/UserPassOrgBase.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Helper class for username/password/organization authentication. @@ -100,8 +101,8 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source */ public function __construct($info, &$config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -144,7 +145,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source */ protected function setUsernameOrgMethod($usernameOrgMethod) { - assert(in_array($usernameOrgMethod, ['none', 'allow', 'force'], true)); + Assert::oneOf($usernameOrgMethod, ['none', 'allow', 'force']); $this->usernameOrgMethod = $usernameOrgMethod; } @@ -217,7 +218,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source */ public function authenticate(&$state) { - assert(is_array($state)); + Assert::isArray($state); // We are going to need the authId in order to retrieve this authentication source later $state[self::AUTHID] = $this->authId; @@ -275,17 +276,17 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source */ public static function handleLogin($authStateId, $username, $password, $organization) { - assert(is_string($authStateId)); - assert(is_string($username)); - assert(is_string($password)); - assert(is_string($organization)); + Assert::string($authStateId); + Assert::string($username); + Assert::string($password); + assert::string($organization); /* Retrieve the authentication state. */ /** @var array $state */ $state = Auth\State::loadState($authStateId, self::STAGEID); /* Find authentication source. */ - assert(array_key_exists(self::AUTHID, $state)); + Assert::keyExists($state, self::AUTHID); /** @var \SimpleSAML\Module\core\Auth\UserPassOrgBase|null $source */ $source = Auth\Source::getById($state[self::AUTHID]); @@ -340,14 +341,14 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source */ public static function listOrganizations($authStateId) { - assert(is_string($authStateId)); + Assert::string($authStateId); /* Retrieve the authentication state. */ /** @var array $state */ $state = Auth\State::loadState($authStateId, self::STAGEID); /* Find authentication source. */ - assert(array_key_exists(self::AUTHID, $state)); + Assert::keyExists($state, self::AUTHID); /** @var \SimpleSAML\Module\core\Auth\UserPassOrgBase|null $source */ $source = Auth\Source::getById($state[self::AUTHID]); diff --git a/modules/core/lib/Stats/Output/File.php b/modules/core/lib/Stats/Output/File.php index b39b072d4833fac58ecd306fd07fd5ce6d58e83d..4ff860d053923fa2ba748e5746b556d372c22249 100644 --- a/modules/core/lib/Stats/Output/File.php +++ b/modules/core/lib/Stats/Output/File.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\core\Stats\Output; use SimpleSAML\Configuration; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Statistics logger that writes to a set of log files @@ -86,7 +87,7 @@ class File extends \SimpleSAML\Stats\Output */ public function emit(array $data) { - assert(isset($data['time'])); + Assert::notNull($data['time']); $time = $data['time']; $milliseconds = (int) (($time - (int) $time) * 1000); diff --git a/modules/core/templates/logout-iframe-wrapper.tpl.php b/modules/core/templates/logout-iframe-wrapper.tpl.php index 3392e4cb4f0dd202417ba8def2047a38bba938a2..a26e55a62b72e87ae1213b0ada1018aa3edc544e 100644 --- a/modules/core/templates/logout-iframe-wrapper.tpl.php +++ b/modules/core/templates/logout-iframe-wrapper.tpl.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + $id = $this->data['auth_state']; $SPs = $this->data['SPs']; @@ -19,7 +21,7 @@ foreach ($SPs as $assocId => $sp) { if ($sp['core:Logout-IFrame:State'] !== 'inprogress') { continue; } - assert(isset($sp['core:Logout-IFrame:URL'])); + Assert::notNull($sp['core:Logout-IFrame:URL']); $url = $sp["core:Logout-IFrame:URL"]; diff --git a/modules/core/templates/logout-iframe.tpl.php b/modules/core/templates/logout-iframe.tpl.php index 54ca2c1829d135cef464a64a055d7aa965443f67..fca62bba7b2762e7fa8bf5532bae9bca3b52b5e1 100644 --- a/modules/core/templates/logout-iframe.tpl.php +++ b/modules/core/templates/logout-iframe.tpl.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + $id = $this->data['auth_state']; $type = $this->data['type']; $from = $this->data['from']; @@ -26,7 +28,7 @@ $spTimeout = []; $nFailed = 0; $nProgress = 0; foreach ($SPs as $assocId => $sp) { - assert(isset($sp['core:Logout-IFrame:State'])); + Assert::notNull($sp['core:Logout-IFrame:State']); $state = $sp['core:Logout-IFrame:State']; $spStatus[sha1($assocId)] = $state; if (isset($sp['core:Logout-IFrame:Timeout'])) { @@ -101,7 +103,7 @@ foreach ($SPs as $assocId => $sp) { $spName = $assocId; } - assert(isset($sp['core:Logout-IFrame:State'])); + Assert::notNull($sp['core:Logout-IFrame:State']); $spState = $sp['core:Logout-IFrame:State']; $spId = sha1($assocId); @@ -181,7 +183,7 @@ if ($type === 'init') { if ($sp['core:Logout-IFrame:State'] !== 'inprogress') { continue; } - assert(isset($sp['core:Logout-IFrame:URL'])); + Assert::notNull($sp['core:Logout-IFrame:URL']); echo '<iframe style="width:0; height:0; border:0;" src="'. htmlspecialchars($sp['core:Logout-IFrame:URL']).'"></iframe>'; } diff --git a/modules/core/templates/no_cookie.tpl.php b/modules/core/templates/no_cookie.tpl.php index 65bdd8ceff54ea9c829b896e87f62be67748b75a..8c6c34e25288a99051c1675a055886d68881928b 100644 --- a/modules/core/templates/no_cookie.tpl.php +++ b/modules/core/templates/no_cookie.tpl.php @@ -1,6 +1,8 @@ <?php -assert(array_key_exists('retryURL', $this->data)); +use Webmozart\Assert\Assert; + +Assert::keyExists($this->data, 'retryURL'); $retryURL = $this->data['retryURL']; $header = htmlspecialchars($this->t('{core:no_cookie:header}')); diff --git a/modules/core/www/authenticate.php b/modules/core/www/authenticate.php index 4658cb151c4291d0b1c7c7851488dc5a9373d62e..62ab03fc8c58977833c526d83da542f18aae66b9 100644 --- a/modules/core/www/authenticate.php +++ b/modules/core/www/authenticate.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + $config = \SimpleSAML\Configuration::getInstance(); if (!array_key_exists('as', $_REQUEST)) { @@ -23,9 +25,9 @@ if (array_key_exists(\SimpleSAML\Auth\State::EXCEPTION_PARAM, $_REQUEST)) { /** @var array $state */ $state = \SimpleSAML\Auth\State::loadExceptionState(); - assert(array_key_exists(\SimpleSAML\Auth\State::EXCEPTION_DATA, $state)); - $e = $state[\SimpleSAML\Auth\State::EXCEPTION_DATA]; + Assert::keyExists($state, \SimpleSAML\Auth\State::EXCEPTION_DATA); + $e = $state[\SimpleSAML\Auth\State::EXCEPTION_DATA]; throw $e; } diff --git a/modules/core/www/postredirect.php b/modules/core/www/postredirect.php index ac2439b93f69246cc394491f4f061bf1c4de58bb..b5d08eeb0ffbfe7dd8237a17f3de14e9ebbaa19f 100644 --- a/modules/core/www/postredirect.php +++ b/modules/core/www/postredirect.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + /** * This page provides a way to create a redirect to a POST request. * @@ -40,9 +42,9 @@ if ($postData === null) { $session->deleteData('core_postdatalink', $postId); -assert(is_array($postData)); -assert(array_key_exists('url', $postData)); -assert(array_key_exists('post', $postData)); +Assert::isArray($postData); +Assert::keyExists($postData, 'url'); +Assert::keyExists($postData, 'post'); if (!\SimpleSAML\Utils\HTTP::isValidURL($postData['url'])) { throw new \SimpleSAML\Error\Exception('Invalid destination URL.'); diff --git a/modules/cron/hooks/hook_cron.php b/modules/cron/hooks/hook_cron.php index a135360764f5f724e545e2c9df274c3c3e9d9fb6..18b18847b750b9b263f6bdaf1e57882cf1f59245 100644 --- a/modules/cron/hooks/hook_cron.php +++ b/modules/cron/hooks/hook_cron.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + /** * Hook to run a cron job. * @@ -8,9 +10,9 @@ */ function cron_hook_cron(&$croninfo) { - assert(is_array($croninfo)); - assert(array_key_exists('summary', $croninfo)); - assert(array_key_exists('tag', $croninfo)); + Assert::isArray($croninfo); + Assert::keyExists($croninfo, 'summary'); + Assert::keyExists($croninfo, 'tag'); $cronconfig = \SimpleSAML\Configuration::getConfig('module_cron.php'); diff --git a/modules/cron/hooks/hook_frontpage.php b/modules/cron/hooks/hook_frontpage.php index 2de5d22e2ff803d1b0c1752a6319773b6d7cdce3..3ca4903136dbf2064e59cf529cbc95260c970750 100644 --- a/modules/cron/hooks/hook_frontpage.php +++ b/modules/cron/hooks/hook_frontpage.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + /** * Hook to add the modinfo module to the frontpage. * @@ -8,8 +10,8 @@ */ function cron_hook_frontpage(&$links) { - assert(is_array($links)); - assert(array_key_exists('links', $links)); + Assert::isArray($links); + Assert::keyExists($links, 'links'); $links['config'][] = [ 'href' => SimpleSAML\Module::getModuleURL('cron/croninfo.php'), diff --git a/modules/exampleauth/lib/Auth/Process/RedirectTest.php b/modules/exampleauth/lib/Auth/Process/RedirectTest.php index 50b5ca18142b04e6ad8a1aeef6b3fabd4dba4f71..88e6da07fac2005786dbb8a360faba0d2f1fbe5e 100644 --- a/modules/exampleauth/lib/Auth/Process/RedirectTest.php +++ b/modules/exampleauth/lib/Auth/Process/RedirectTest.php @@ -7,6 +7,7 @@ namespace SimpleSAML\Module\exampleauth\Auth\Process; use SimpleSAML\Auth; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * A simple processing filter for testing that redirection works as it should. @@ -22,8 +23,8 @@ class RedirectTest extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); - assert(array_key_exists('Attributes', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'Attributes'); // To check whether the state is saved correctly $state['Attributes']['RedirectTest1'] = ['OK']; diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php index f6560882719a724f6539bd51c3fd962e57824f6b..b6e8101d80385f00fe0813472284410b92562fe8 100644 --- a/modules/exampleauth/lib/Auth/Source/External.php +++ b/modules/exampleauth/lib/Auth/Source/External.php @@ -8,6 +8,7 @@ use SimpleSAML\Auth; use SimpleSAML\Error; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Example external authentication source. @@ -45,8 +46,8 @@ class External extends \SimpleSAML\Auth\Source */ public function __construct($info, $config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -108,7 +109,7 @@ class External extends \SimpleSAML\Auth\Source */ public function authenticate(&$state) { - assert(is_array($state)); + Assert::isArray($state); $attributes = $this->getUser(); if ($attributes !== null) { @@ -179,7 +180,7 @@ class External extends \SimpleSAML\Auth\Source /* * The redirect function never returns, so we never get this far. */ - assert(false); + Assert::true(false); } @@ -259,7 +260,7 @@ class External extends \SimpleSAML\Auth\Source /* * The completeAuth-function never returns, so we never get this far. */ - assert(false); + Assert::true(false); } @@ -272,7 +273,7 @@ class External extends \SimpleSAML\Auth\Source */ public function logout(&$state) { - assert(is_array($state)); + Assert::isArray($state); if (!session_id()) { // session_start not called before. Do it here diff --git a/modules/exampleauth/lib/Auth/Source/StaticSource.php b/modules/exampleauth/lib/Auth/Source/StaticSource.php index 5901d9b67bf0d9217077a57dd4454fb2512e9ceb..35deb54794a4df15f72417ce5fa675629be29b85 100644 --- a/modules/exampleauth/lib/Auth/Source/StaticSource.php +++ b/modules/exampleauth/lib/Auth/Source/StaticSource.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\exampleauth\Auth\Source; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Example authentication source. @@ -32,8 +33,8 @@ class StaticSource extends \SimpleSAML\Auth\Source */ public function __construct($info, $config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -56,7 +57,7 @@ class StaticSource extends \SimpleSAML\Auth\Source */ public function authenticate(&$state) { - assert(is_array($state)); + Assert::isArray($state); $state['Attributes'] = $this->attributes; } } diff --git a/modules/exampleauth/lib/Auth/Source/UserPass.php b/modules/exampleauth/lib/Auth/Source/UserPass.php index 4a615881447cc6c5ce935212925b882241a00ec9..6d6849f2377e862b27f5c629f4e800ae2c08bf9c 100644 --- a/modules/exampleauth/lib/Auth/Source/UserPass.php +++ b/modules/exampleauth/lib/Auth/Source/UserPass.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\exampleauth\Auth\Source; use SimpleSAML\Error; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Example authentication source - username & password. @@ -36,8 +37,8 @@ class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase */ public function __construct($info, $config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -87,8 +88,8 @@ class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase */ protected function login($username, $password) { - assert(is_string($username)); - assert(is_string($password)); + Assert::string($username); + Assert::string($password); $userpass = $username . ':' . $password; if (!array_key_exists($userpass, $this->users)) { diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php index 6bc2cc0abc0c6eb15ee76bc5e7551bd6e956926c..9592429730559dc981b6b8da9709269fa10a86e9 100644 --- a/modules/multiauth/lib/Auth/Source/MultiAuth.php +++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php @@ -10,6 +10,7 @@ use SimpleSAML\Error; use SimpleSAML\Module; use SimpleSAML\Session; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Authentication source which let the user chooses among a list of @@ -60,8 +61,8 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public function __construct($info, $config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -140,7 +141,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public function authenticate(&$state) { - assert(is_array($state)); + Assert::isArray($state); $state[self::AUTHID] = $this->authId; $state[self::SOURCESID] = $this->sources; @@ -166,7 +167,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source Utils\HTTP::redirectTrustedURL($url, $params); // The previous function never returns, so this code is never executed - assert(false); + Assert::true(false); } @@ -185,8 +186,8 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public static function delegateAuthentication($authId, $state) { - assert(is_string($authId)); - assert(is_array($state)); + assert::string($authId); + Assert::isArray($state); $as = Auth\Source::getById($authId); $valid_sources = array_map( @@ -235,7 +236,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public function logout(&$state) { - assert(is_array($state)); + Assert::isArray($state); // Get the source that was used to authenticate $session = Session::getSessionFromRequest(); @@ -261,7 +262,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source */ public function setPreviousSource($source) { - assert(is_string($source)); + Assert::string($source); $cookieName = 'multiauth_source_' . $this->authId; diff --git a/modules/portal/hooks/hook_htmlinject.php b/modules/portal/hooks/hook_htmlinject.php index 7939763eee71a042a4c7cf68e5b3dc6ad1249393..d446a6ed63b8c1a60a0011ab67f6eed95b631afb 100644 --- a/modules/portal/hooks/hook_htmlinject.php +++ b/modules/portal/hooks/hook_htmlinject.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + /** * Hook to inject HTML content into all pages... * @@ -8,15 +10,15 @@ */ function portal_hook_htmlinject(&$hookinfo) { - assert(is_array($hookinfo)); - assert(array_key_exists('pre', $hookinfo)); - assert(array_key_exists('post', $hookinfo)); - assert(array_key_exists('page', $hookinfo)); + Assert::isArray($hookinfo); + Assert::keyExists($hookinfo, 'pre'); + Assert::keyExists($hookinfo, 'post'); + Assert::keyExists($hookinfo, 'page'); $links = ['links' => []]; \SimpleSAML\Module::callHooks('frontpage', $links); - assert(is_array($links)); + Assert::isArray($links); $portalConfig = \SimpleSAML\Configuration::getOptionalConfig('module_portal.php'); diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php index 569a6803197881b9239b48738956ac9a6b58b0a2..75ee581b251354789831b7f8b8c24b68770f1c55 100644 --- a/modules/saml/hooks/hook_metadata_hosted.php +++ b/modules/saml/hooks/hook_metadata_hosted.php @@ -1,5 +1,7 @@ <?php +use Webmozart\Assert\Assert; + /** * Hook to add the metadata for hosted entities to the frontpage. * @@ -8,7 +10,7 @@ */ function saml_hook_metadata_hosted(&$metadataHosted) { - assert(is_array($metadataHosted)); + Assert::isArray($metadataHosted); $sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP'); diff --git a/modules/saml/lib/Auth/Process/AttributeNameID.php b/modules/saml/lib/Auth/Process/AttributeNameID.php index 51e7d8739817639983396ca776c3d667aa11188e..7e5647cf8b230fe7dd05b2feb84236b4884a2201 100644 --- a/modules/saml/lib/Auth/Process/AttributeNameID.php +++ b/modules/saml/lib/Auth/Process/AttributeNameID.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\saml\Auth\Process; use SimpleSAML\Error; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Authentication processing filter to create a NameID from an attribute. @@ -34,7 +35,7 @@ class AttributeNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (!isset($config['Format'])) { throw new Error\Exception("AttributeNameID: Missing required option 'Format'."); diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php index 407e08de35fa1f60d18436a809cecf2e2dd71024..e717accfdd91e6eb43f9854bc3e4d9b16e16122d 100644 --- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php +++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\saml\Auth\Process; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Filter for setting the AuthnContextClassRef in the response. @@ -32,7 +33,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (!isset($config['AuthnContextClassRef'])) { throw new Error\Exception('Missing AuthnContextClassRef option in processing filter.'); @@ -50,7 +51,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); + Assert::isArray($state); $state['saml:AuthnContextClassRef'] = $this->authnContextClassRef; } diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php index 7b0fd991cc296df664feb7bb171ca9f93d8a44f1..0edc8e00e4cc17d6018f961f440eff16d25edd71 100644 --- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php +++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php @@ -9,6 +9,7 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Module; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Attribute filter to validate AuthnContextClassRef values. @@ -54,7 +55,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (empty($config['accepted'])) { Logger::error( 'ExpectedAuthnContextClassRef: Configuration error. There is no accepted AuthnContextClassRef.' @@ -74,8 +75,8 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$request) { - assert(is_array($request)); - assert(array_key_exists('saml:sp:State', $request)); + Assert::isArray($request); + Assert::keyExists($request, 'Attributes'); $this->AuthnContextClassRef = $request['saml:sp:State']['saml:sp:AuthnContext']; diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php index 8965e843732e51b0da9038ca5f0bf1bced2240cd..8b33e723a18bd1a9e1b64b3bc85b230146b542d5 100644 --- a/modules/saml/lib/Auth/Process/FilterScopes.php +++ b/modules/saml/lib/Auth/Process/FilterScopes.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\saml\Auth\Process; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Filter to remove attribute values which are not properly scoped. @@ -35,7 +36,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter public function __construct(&$config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (array_key_exists('attributes', $config) && !empty($config['attributes'])) { $this->scopedAttributes = $config['attributes']; diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php index f112f37b384c9c87eb6e94a88869637e27ba46e6..e7e5655e5cdc300965fafb5fa744be58c43dff20 100644 --- a/modules/saml/lib/Auth/Process/NameIDAttribute.php +++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\saml\Auth\Process; use SAML2\Constants; use SimpleSAML\Error; +use Webmozart\Assert\Assert; /** * Authentication processing filter to create an attribute from a NameID. @@ -40,7 +41,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (isset($config['attribute'])) { $this->attribute = (string) $config['attribute']; @@ -110,16 +111,16 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); - assert(isset($state['Source']['entityid'])); - assert(isset($state['Destination']['entityid'])); + Assert::isArray($state); + Assert::keyExists($state['Source'], 'entityid'); + Assert::keyExists($state['Destination'], 'entityid'); if (!isset($state['saml:sp:NameID'])) { return; } $rep = $state['saml:sp:NameID']; - assert(!is_null($rep->getValue())); + Assert::notNull($rep->getValue()); $rep->{'%'} = '%'; if ($rep->getFormat() !== null) { $rep->setFormat(Constants::NAMEID_UNSPECIFIED); diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php index f5c568e9aee55c2d484b62a93a5670c478d4aedd..07965c8e0101d0b9cd97d21f21fd79595febc7c6 100644 --- a/modules/saml/lib/Auth/Process/PersistentNameID.php +++ b/modules/saml/lib/Auth/Process/PersistentNameID.php @@ -8,6 +8,7 @@ use SAML2\Constants; use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Authentication processing filter to generate a persistent NameID. @@ -36,7 +37,7 @@ class PersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $this->format = Constants::NAMEID_PERSISTENT; diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php index 24399d6596c87a81332a822224ea37c5b1a6e092..3c98c4405e3575e8e5b8b75e586b5b0a4463ab11 100644 --- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php +++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\saml\Auth\Process; use SAML2\Constants; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Authentication processing filter to create the eduPersonTargetedID attribute from the persistent NameID. @@ -40,7 +41,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (isset($config['attribute'])) { $this->attribute = (string) $config['attribute']; @@ -64,7 +65,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); + Assert::isArray($state); if (!isset($state['saml:NameID'][Constants::NAMEID_PERSISTENT])) { Logger::warning( 'Unable to generate eduPersonTargetedID because no persistent NameID was available.' diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php index c8550368f21fa0a4bc0676b5dec2c0f377413850..76a676bf15b53ceb0736ef73ef97013be440608d 100644 --- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php +++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php @@ -7,6 +7,7 @@ namespace SimpleSAML\Module\saml\Auth\Process; use SAML2\Constants; use SimpleSAML\Error; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Authentication processing filter to generate a persistent NameID. @@ -63,7 +64,7 @@ class SQLPersistentNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $this->format = Constants::NAMEID_PERSISTENT; diff --git a/modules/saml/lib/Auth/Process/TransientNameID.php b/modules/saml/lib/Auth/Process/TransientNameID.php index 7ab4fec76ae37069590f9e76955cf61c339808bf..4f82a7fbb38b40a55dc9d62f0736477b1bacdd6a 100644 --- a/modules/saml/lib/Auth/Process/TransientNameID.php +++ b/modules/saml/lib/Auth/Process/TransientNameID.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\saml\Auth\Process; use SAML2\Constants; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Authentication processing filter to generate a transient NameID. @@ -24,7 +25,7 @@ class TransientNameID extends \SimpleSAML\Module\saml\BaseNameIDGenerator public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); $this->format = Constants::NAMEID_TRANSIENT; } diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index 99ce51a6712d04ac921b707e1dc81820e34bfc44..e9ebaa259d02b1d081d89ee474fcd88d692549c9 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -19,6 +19,7 @@ use SimpleSAML\Session; use SimpleSAML\Store; use SimpleSAML\Utils; use SimpleSAML\XML\Shib13; +use Webmozart\Assert\Assert; class SP extends \SimpleSAML\Auth\Source { @@ -73,8 +74,8 @@ class SP extends \SimpleSAML\Auth\Source */ public function __construct($info, $config) { - assert(is_array($info)); - assert(is_array($config)); + Assert::isArray($info); + Assert::isArray($config); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); @@ -288,7 +289,7 @@ class SP extends \SimpleSAML\Auth\Source */ public function getIdPMetadata($entityId) { - assert(is_string($entityId)); + Assert::string($entityId); if ($this->idp !== null && $this->idp !== $entityId) { throw new Error\Exception('Cannot retrieve metadata for IdP ' . @@ -687,7 +688,7 @@ class SP extends \SimpleSAML\Auth\Source $this->sendSAML2AuthnRequest($state, $b, $ar); - assert(false); + Assert::true(false); } @@ -704,7 +705,7 @@ class SP extends \SimpleSAML\Auth\Source public function sendSAML2AuthnRequest(array &$state, Binding $binding, AuthnRequest $ar) { $binding->send($ar); - assert(false); + Assert::true(false); } @@ -717,7 +718,7 @@ class SP extends \SimpleSAML\Auth\Source */ public function startSSO($idp, array $state) { - assert(is_string($idp)); + Assert::string($idp); $idpMetadata = $this->getIdPMetadata($idp); @@ -725,13 +726,13 @@ class SP extends \SimpleSAML\Auth\Source switch ($type) { case 'shib13-idp-remote': $this->startSSO1($idpMetadata, $state); - assert(false); // Should not return + Assert::true(false); // Should not return case 'saml20-idp-remote': $this->startSSO2($idpMetadata, $state); - assert(false); // Should not return + Assert::true(false); // Should not return default: // Should only be one of the known types - assert(false); + Assert::true(false); } } @@ -782,7 +783,7 @@ class SP extends \SimpleSAML\Auth\Source */ public function authenticate(&$state) { - assert(is_array($state)); + Assert::isArray($state); // We are going to need the authId in order to retrieve this authentication source later $state['saml:sp:AuthId'] = $this->authId; @@ -822,11 +823,11 @@ class SP extends \SimpleSAML\Auth\Source if ($idp === null) { $this->startDisco($state); - assert(false); + Assert::true(false); } $this->startSSO($idp, $state); - assert(false); + Assert::true(false); } @@ -929,10 +930,10 @@ class SP extends \SimpleSAML\Auth\Source */ public static function askForIdPChange(array &$state) { - assert(array_key_exists('saml:sp:IdPMetadata', $state)); - assert(array_key_exists('saml:sp:AuthId', $state)); - assert(array_key_exists('core:IdP', $state)); - assert(array_key_exists('SPMetadata', $state)); + Assert::keyExists($state, 'saml:sp:IdPMetadata'); + Assert::keyExists($state, 'saml:sp:AuthId'); + Assert::keyExists($state, 'core:IdP'); + Assert::keyExists($state, 'SPMetadata'); if (isset($state['isPassive']) && (bool) $state['isPassive']) { // passive request, we cannot authenticate the user @@ -946,7 +947,7 @@ class SP extends \SimpleSAML\Auth\Source $id = Auth\State::saveState($state, 'saml:proxy:invalid_idp', true); $url = Module::getModuleURL('saml/proxy/invalid_session.php'); Utils\HTTP::redirectTrustedURL($url, ['AuthState' => $id]); - assert(false); + Assert::true(false); } @@ -969,7 +970,7 @@ class SP extends \SimpleSAML\Auth\Source $idp = IdP::getByState($state); $idp->handleLogoutRequest($state, null); - assert(false); + Assert::true(false); } @@ -981,7 +982,7 @@ class SP extends \SimpleSAML\Auth\Source */ public static function reauthPostLogin(array $state) { - assert(isset($state['ReturnCallback'])); + Assert::keyExists($state, 'ReturnCallback'); // Update session state $session = Session::getSessionFromRequest(); @@ -990,7 +991,7 @@ class SP extends \SimpleSAML\Auth\Source // resume the login process call_user_func($state['ReturnCallback'], $state); - assert(false); + Assert::true(false); } @@ -1005,7 +1006,7 @@ class SP extends \SimpleSAML\Auth\Source */ public static function reauthPostLogout(IdP $idp, array $state) { - assert(isset($state['saml:sp:AuthId'])); + Assert::keyExists($state, 'saml:sp:AuthId'); Logger::debug('Proxy: logout completed.'); @@ -1018,7 +1019,7 @@ class SP extends \SimpleSAML\Auth\Source Logger::debug('Proxy: logging in again.'); $sp->authenticate($state); - assert(false); + Assert::true(false); } @@ -1030,10 +1031,10 @@ class SP extends \SimpleSAML\Auth\Source */ public function startSLO2(&$state) { - assert(is_array($state)); - assert(array_key_exists('saml:logout:IdP', $state)); - assert(array_key_exists('saml:logout:NameID', $state)); - assert(array_key_exists('saml:logout:SessionIndex', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'saml:logout:IdP'); + Assert::keyExists($state, 'saml:logout:NameID'); + Assert::keyExists($state, 'saml:logout:SessionIndex'); $id = Auth\State::saveState($state, 'saml:slosent'); @@ -1074,7 +1075,7 @@ class SP extends \SimpleSAML\Auth\Source $b = Binding::getBinding($endpoint['Binding']); $b->send($lr); - assert(false); + Assert::true(false); } @@ -1086,8 +1087,8 @@ class SP extends \SimpleSAML\Auth\Source */ public function logout(&$state) { - assert(is_array($state)); - assert(array_key_exists('saml:logout:Type', $state)); + Assert::isArray($state); + Assert::keyExists($state, 'saml:logout:Type'); $logoutType = $state['saml:logout:Type']; switch ($logoutType) { @@ -1099,7 +1100,7 @@ class SP extends \SimpleSAML\Auth\Source return; default: // Should never happen - assert(false); + Assert::true(false); } } @@ -1114,9 +1115,9 @@ class SP extends \SimpleSAML\Auth\Source */ public function handleResponse(array $state, $idp, array $attributes) { - assert(is_string($idp)); - assert(array_key_exists('LogoutState', $state)); - assert(array_key_exists('saml:logout:Type', $state['LogoutState'])); + Assert::string($idp); + Assert::keyExists($state, 'LogoutState'); + Assert::keyExists($state, 'saml:logout:Type'); $idpMetadata = $this->getIdPMetadata($idp); @@ -1159,7 +1160,7 @@ class SP extends \SimpleSAML\Auth\Source */ public function handleLogout($idpEntityId) { - assert(is_string($idpEntityId)); + Assert::string($idpEntityId); /* Call the logout callback we registered in onProcessingCompleted(). */ $this->callLogoutCallback($idpEntityId); @@ -1183,8 +1184,8 @@ class SP extends \SimpleSAML\Auth\Source */ public static function handleUnsolicitedAuth($authId, array $state, $redirectTo) { - assert(is_string($authId)); - assert(is_string($redirectTo)); + Assert::string($authId); + Assert::string($redirectTo); $session = Session::getSessionFromRequest(); $session->doLogin($authId, Auth\State::getPersistentAuthData($state)); @@ -1201,9 +1202,9 @@ class SP extends \SimpleSAML\Auth\Source */ public static function onProcessingCompleted(array $authProcState) { - assert(array_key_exists('saml:sp:IdP', $authProcState)); - assert(array_key_exists('saml:sp:State', $authProcState)); - assert(array_key_exists('Attributes', $authProcState)); + Assert::keyExists($authProcState, 'saml:sp:IdP'); + Assert::keyExists($authProcState, 'saml:sp:State'); + Assert::keyExists($authProcState, 'Attributes'); $idp = $authProcState['saml:sp:IdP']; $state = $authProcState['saml:sp:State']; diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php index 04f4e4e22e5f54d50b981c0981e0cb90158d7438..bffb4435eb5d50cf6105b49c6f8ec83a06a6f8b0 100644 --- a/modules/saml/lib/BaseNameIDGenerator.php +++ b/modules/saml/lib/BaseNameIDGenerator.php @@ -6,6 +6,7 @@ namespace SimpleSAML\Module\saml; use SAML2\XML\saml\NameID; use SimpleSAML\Logger; +use Webmozart\Assert\Assert; /** * Base filter for generating NameID values. @@ -57,7 +58,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter public function __construct($config, $reserved) { parent::__construct($config, $reserved); - assert(is_array($config)); + Assert::isArray($config); if (isset($config['NameQualifier'])) { $this->nameQualifier = $config['NameQualifier']; @@ -89,8 +90,8 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter */ public function process(&$state) { - assert(is_array($state)); - assert(is_string($this->format)); + Assert::isArray($state); + Assert::string($this->format); $value = $this->getValue($state); if ($value === null) { @@ -121,6 +122,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter $nameId->setSPNameQualifier($this->spNameQualifier); } + /** @psalm-suppress PossiblyNullArrayOffset */ $state['saml:NameID'][$this->format] = $nameId; } } diff --git a/modules/saml/lib/Error.php b/modules/saml/lib/Error.php index c91c8e97d2e9d7cb3abe52807a94007f8f5c4c27..26c51bcb921eb66b2b7c0a414a0b030f0befe961 100644 --- a/modules/saml/lib/Error.php +++ b/modules/saml/lib/Error.php @@ -5,6 +5,7 @@ declare(strict_types=1); namespace SimpleSAML\Module\saml; use SAML2\Constants; +use Webmozart\Assert\Assert; /** * Class for representing a SAML 2 error. @@ -48,9 +49,9 @@ class Error extends \SimpleSAML\Error\Exception */ public function __construct($status, $subStatus = null, $statusMessage = null, \Exception $cause = null) { - assert(is_string($status)); - assert($subStatus === null || is_string($subStatus)); - assert($statusMessage === null || is_string($statusMessage)); + Assert::string($status); + Assert::nullOrString($subStatus); + Assert::nullOrString($statusMessage); $st = self::shortStatus($status); if ($subStatus !== null) { diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php index 861f9612ba964de1fe62de598d00bd78db6ab7ba..5b2eeb226757ee6f9846b45394651603b84640b8 100644 --- a/modules/saml/lib/IdP/SAML1.php +++ b/modules/saml/lib/IdP/SAML1.php @@ -14,6 +14,7 @@ use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Stats; use SimpleSAML\Utils; use SimpleSAML\XML\Shib13\AuthnResponse; +use Webmozart\Assert\Assert; /** * IdP implementation for SAML 1.1 protocol. @@ -137,10 +138,13 @@ class SAML1 */ public static function sendResponse(array $state) { - assert(isset($state['Attributes'])); - assert(isset($state['SPMetadata'])); - assert(isset($state['saml:shire'])); - assert(array_key_exists('saml:target', $state)); // Can be NULL + Assert::keyExists($state, 'Attributes'); + Assert::keyExists($state, 'SPMetadata'); + Assert::keyExists($state, 'saml:shire'); + Assert::notNull($state['Attributes']); + Assert::notNull($state['SPMetadata']); + Assert::notNull($state['saml:shire']); + Assert::keyExists($state, 'saml:target'); // Can be NULL $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php index 0e654d133e288f15a8cda9fe4bcd48567b1b898f..664bcf6f5ca337fb640e4f2d72fd91d5b94682e3 100644 --- a/modules/saml/lib/IdP/SAML2.php +++ b/modules/saml/lib/IdP/SAML2.php @@ -34,6 +34,7 @@ use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Module; use SimpleSAML\Stats; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * IdP implementation for SAML 2.0 protocol. @@ -50,11 +51,11 @@ class SAML2 */ public static function sendResponse(array $state) { - assert(isset($state['Attributes'])); - assert(isset($state['SPMetadata'])); - assert(isset($state['saml:ConsumerURL'])); - assert(array_key_exists('saml:RequestId', $state)); // Can be NULL - assert(array_key_exists('saml:RelayState', $state)); // Can be NULL. + Assert::keyExists($state, 'saml:RequestId'); // Can be NULL + Assert::keyExists($state, 'saml:RelayState'); // Can be NULL. + Assert::notNull($state['Attributes']); + Assert::notNull($state['SPMetadata']); + Assert::notNull($state['saml:ConsumerURL']); $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; @@ -128,10 +129,10 @@ class SAML2 */ public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state) { - assert(isset($state['SPMetadata'])); - assert(isset($state['saml:ConsumerURL'])); - assert(array_key_exists('saml:RequestId', $state)); // Can be NULL. - assert(array_key_exists('saml:RelayState', $state)); // Can be NULL. + Assert::keyExists($state, 'saml:RequestId'); // Can be NULL. + Assert::keyExists($state, 'saml:RelayState'); // Can be NULL. + Assert::notNull($state['SPMetadata']); + Assert::notNull($state['saml:ConsumerURL']); $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; @@ -495,7 +496,7 @@ class SAML2 */ public static function sendLogoutRequest(IdP $idp, array $association, $relayState) { - assert(is_string($relayState) || $relayState === null); + Assert::nullOrString($relayState); Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], true)); @@ -533,9 +534,9 @@ class SAML2 */ public static function sendLogoutResponse(IdP $idp, array $state) { - assert(isset($state['saml:SPEntityId'])); - assert(isset($state['saml:RequestId'])); - assert(array_key_exists('saml:RelayState', $state)); // Can be NULL. + Assert::keyExists($state, 'saml:RelayState'); // Can be NULL. + Assert::notNull($state['saml:SPEntityId']); + Assert::notNull($state['saml:RequestId']); $spEntityId = $state['saml:SPEntityId']; @@ -678,7 +679,7 @@ class SAML2 */ public static function getLogoutURL(IdP $idp, array $association, $relayState) { - assert(is_string($relayState) || $relayState === null); + Assert::nullOrString($relayState); Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], true)); @@ -1048,7 +1049,7 @@ class SAML2 $doc = DOMDocumentFactory::fromString('<root>' . $value . '</root>'); $value = $doc->firstChild->childNodes; } - assert($value instanceof DOMNodeList || $value instanceof NameID); + Assert::isInstanceOfAny($value, [\DOMNodeList::class, \SAML2\XML\saml\NameID::class]); break; default: throw new Error\Exception('Invalid encoding for attribute ' . @@ -1115,8 +1116,8 @@ class SAML2 Configuration $spMetadata, array &$state ): Assertion { - assert(isset($state['Attributes'])); - assert(isset($state['saml:ConsumerURL'])); + Assert::notNull($state['Attributes']); + Assert::notNull($state['saml:ConsumerURL']); $now = time(); diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php index 592ec92c05bad3e5cda8886e28a33d24ec5a61af..37a3a2899ae56ed753212a3f4d4a6a1ae61e1afb 100644 --- a/modules/saml/lib/IdP/SQLNameID.php +++ b/modules/saml/lib/IdP/SQLNameID.php @@ -10,6 +10,7 @@ use SimpleSAML\Error; use SimpleSAML\Store; use SimpleSAML\Database; use SimpleSAML\Configuration; +use Webmozart\Assert\Assert; /** * Helper class for working with persistent NameIDs stored in SQL datastore. @@ -179,10 +180,10 @@ class SQLNameID */ public static function add($idpEntityId, $spEntityId, $user, $value, array $config = []) { - assert(is_string($idpEntityId)); - assert(is_string($spEntityId)); - assert(is_string($user)); - assert(is_string($value)); + Assert::string($idpEntityId); + Assert::string($spEntityId); + Assert::string($user); + Assert::string($value); $params = [ '_idp' => $idpEntityId, @@ -208,9 +209,9 @@ class SQLNameID */ public static function get($idpEntityId, $spEntityId, $user, array $config = []) { - assert(is_string($idpEntityId)); - assert(is_string($spEntityId)); - assert(is_string($user)); + Assert::string($idpEntityId); + Assert::string($spEntityId); + Assert::string($user); $params = [ '_idp' => $idpEntityId, @@ -243,9 +244,9 @@ class SQLNameID */ public static function delete($idpEntityId, $spEntityId, $user, array $config = []) { - assert(is_string($idpEntityId)); - assert(is_string($spEntityId)); - assert(is_string($user)); + Assert::string($idpEntityId); + Assert::string($spEntityId); + assert::string($user); $params = [ '_idp' => $idpEntityId, @@ -269,8 +270,8 @@ class SQLNameID */ public static function getIdentities($idpEntityId, $spEntityId, array $config = []) { - assert(is_string($idpEntityId)); - assert(is_string($spEntityId)); + Assert::string($idpEntityId); + assert::string($spEntityId); $params = [ '_idp' => $idpEntityId, diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php index 57814ba7ddd16ea318d16cbaf43437fa8e8e0b9a..fe047d955ef7585298a1dbd8634d0113c7a2842b 100644 --- a/modules/saml/lib/Message.php +++ b/modules/saml/lib/Message.php @@ -22,6 +22,7 @@ use SimpleSAML\Configuration; use SimpleSAML\Error as SSP_Error; use SimpleSAML\Logger; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * Common code for building SAML 2 messages based on the available metadata. @@ -319,7 +320,7 @@ class Message // load the new private key if it exists $keyArray = Utils\Crypto::loadPrivateKey($dstMetadata, false, 'new_'); if ($keyArray !== null) { - assert(isset($keyArray['PEM'])); + assert::keyExists($keyArray, 'PEM'); $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, ['type' => 'private']); if (array_key_exists('password', $keyArray)) { @@ -329,9 +330,13 @@ class Message $keys[] = $key; } - // find the existing private key + /** + * find the existing private key + * + * @var array $keyArray Because the second param is true + */ $keyArray = Utils\Crypto::loadPrivateKey($dstMetadata, true); - assert(isset($keyArray['PEM'])); + Assert::keyExists($keyArray, 'PEM'); $key = new XMLSecurityKey(XMLSecurityKey::RSA_1_5, ['type' => 'private']); if (array_key_exists('password', $keyArray)) { @@ -384,7 +389,7 @@ class Message Configuration $dstMetadata, $assertion ): Assertion { - assert($assertion instanceof Assertion || $assertion instanceof EncryptedAssertion); + Assert::isInstanceOfAny($assertion, [\SAML2\Assertion::class, \SAML2\EncryptedAssertion::class]); if ($assertion instanceof Assertion) { $encryptAssertion = $srcMetadata->getBoolean('assertion.encryption', null); @@ -669,7 +674,7 @@ class Message $assertion, bool $responseSigned ): Assertion { - assert($assertion instanceof Assertion || $assertion instanceof EncryptedAssertion); + Assert::isInstanceOfAny($assertion, [\SAML2\Assertion::class, \SAML2\EncryptedAssertion::class]); $assertion = self::decryptAssertion($idpMetadata, $spMetadata, $assertion); self::decryptAttributes($idpMetadata, $spMetadata, $assertion); diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php index fd64666945edc2e312caa5ae9a75a4a02a4c646a..9123eadd0368d97b90992b3e1988afa3054b0c6d 100644 --- a/modules/saml/lib/SP/LogoutStore.php +++ b/modules/saml/lib/SP/LogoutStore.php @@ -10,6 +10,7 @@ use SimpleSAML\Logger; use SimpleSAML\Session; use SimpleSAML\Store; use SimpleSAML\Utils; +use Webmozart\Assert\Assert; /** * A directory over logout information. @@ -306,7 +307,7 @@ class LogoutStore if ($sessionId === null) { continue; } - assert(is_string($sessionId)); + Assert::string($sessionId); $res[$sessionIndex] = $sessionId; } @@ -331,9 +332,9 @@ class LogoutStore */ public static function addSession($authId, $nameId, $sessionIndex, $expire) { - assert(is_string($authId)); - assert(is_string($sessionIndex) || $sessionIndex === null); - assert(is_int($expire)); + Assert::string($authId); + Assert::nullorString($sessionIndex); + Assert::integer($expire); $session = Session::getSessionFromRequest(); if ($session->isTransient()) { @@ -386,7 +387,7 @@ class LogoutStore */ public static function logoutSessions($authId, $nameId, array $sessionIndexes) { - assert(is_string($authId)); + Assert::string($authId); $store = Store::getInstance(); if ($store === false) { @@ -400,7 +401,7 @@ class LogoutStore // Normalize SessionIndexes foreach ($sessionIndexes as &$sessionIndex) { - assert(is_string($sessionIndex)); + Assert::string($sessionIndex); if (strlen($sessionIndex) > 50) { $sessionIndex = sha1($sessionIndex); } diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php index ec944c3ed8ed6e15bf997f2cf8b2e671980f4fe5..8ee798645fc591a1f35fba38175eac2a92cdd322 100644 --- a/modules/saml/www/sp/discoresp.php +++ b/modules/saml/www/sp/discoresp.php @@ -4,6 +4,8 @@ * Handler for response from IdP discovery service. */ +use Webmozart\Assert\Assert; + if (!array_key_exists('AuthID', $_REQUEST)) { throw new \SimpleSAML\Error\BadRequest('Missing AuthID to discovery service response handler'); } @@ -16,7 +18,7 @@ if (!array_key_exists('idpentityid', $_REQUEST)) { $state = \SimpleSAML\Auth\State::loadState($_REQUEST['AuthID'], 'saml:sp:sso'); // Find authentication source -assert(array_key_exists('saml:sp:AuthId', $state)); +Assert::keyExists($state, 'saml:sp:AuthId'); $sourceId = $state['saml:sp:AuthId']; $source = \SimpleSAML\Auth\Source::getById($sourceId); diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php index 6b981774ce113d96c7e72748fab7c3c4874f5a83..34ca9ece6428edc6edcd48e11ff7b6d469d2099e 100644 --- a/modules/saml/www/sp/saml1-acs.php +++ b/modules/saml/www/sp/saml1-acs.php @@ -1,6 +1,7 @@ <?php use SimpleSAML\Bindings\Shib13\Artifact; +use Webmozart\Assert\Assert; if (!array_key_exists('SAMLResponse', $_REQUEST) && !array_key_exists('SAMLart', $_REQUEST)) { throw new \SimpleSAML\Error\BadRequest('Missing SAMLResponse or SAMLart parameter.'); @@ -40,14 +41,14 @@ if (preg_match('@^https?://@i', $target)) { $state = \SimpleSAML\Auth\State::loadState($_REQUEST['TARGET'], 'saml:sp:sso'); // Check that the authentication source is correct - assert(array_key_exists('saml:sp:AuthId', $state)); + Assert::keyExists($state, 'saml:sp:AuthId'); if ($state['saml:sp:AuthId'] !== $sourceId) { throw new \SimpleSAML\Error\Exception( 'The authentication source id in the URL does not match the authentication source which sent the request.' ); } - assert(isset($state['saml:idp'])); + Assert::notNull($state['saml:idp']); } $spMetadata = $source->getMetadata(); @@ -92,4 +93,4 @@ $state['LogoutState'] = $logoutState; $state['saml:sp:NameID'] = $response->getNameID(); $source->handleResponse($state, $responseIssuer, $attributes); -assert(false); +Assert::true(false); diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php index 3d1db4088bc4cdbcb5f592f6e4996c8851d0de9c..11a17bf4d64028e58348754317eba629ef242b53 100644 --- a/modules/saml/www/sp/saml2-acs.php +++ b/modules/saml/www/sp/saml2-acs.php @@ -4,6 +4,8 @@ * Assertion consumer service handler for SAML 2.0 SP authentication client. */ +use Webmozart\Assert\Assert; + if (!array_key_exists('PATH_INFO', $_SERVER)) { throw new \SimpleSAML\Error\BadRequest('Missing authentication source ID in assertion consumer service URL'); } @@ -95,7 +97,7 @@ if (!empty($stateId)) { if ($state) { // check that the authentication source is correct - assert(array_key_exists('saml:sp:AuthId', $state)); + Assert::keyExists($state, 'saml:sp:AuthId'); if ($state['saml:sp:AuthId'] !== $sourceId) { throw new \SimpleSAML\Error\Exception( 'The authentication source id in the URL does not match the authentication source which sent the request.' @@ -103,7 +105,7 @@ if ($state) { } // check that the issuer is the one we are expecting - assert(array_key_exists('ExpectedIssuer', $state)); + Assert::keyExists($state, 'ExpectedIssuer'); if ($state['ExpectedIssuer'] !== $issuer) { $idpMetadata = $source->getIdPMetadata($issuer); $idplist = $idpMetadata->getArrayize('IDPList', []); @@ -262,4 +264,4 @@ if (isset($state['\SimpleSAML\Auth\Source.ReturnURL'])) { $state['PersistentAuthData'][] = 'saml:sp:prevAuth'; $source->handleResponse($state, $issuer, $attributes); -assert(false); +Assert::true(false); diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php index 5a400b854499c39bc04cf7fc62d99ede897551ed..61b472ece679d30b62af7dfd008ba67b756e7959 100644 --- a/www/saml2/idp/SSOService.php +++ b/www/saml2/idp/SSOService.php @@ -11,6 +11,8 @@ require_once('../../_include.php'); +use Webmozart\Assert\Assert; + \SimpleSAML\Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService'); $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler(); @@ -26,4 +28,4 @@ try { throw $e; // do not ignore other exceptions! } } -assert(false); +Assert::true(false); diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php index 2d3c0e4b4a1c1f2331aab0c9da1b9e80d31b0eb1..ab4a49b0f1062346cf10f3b119d24511371238ed 100644 --- a/www/saml2/idp/SingleLogoutService.php +++ b/www/saml2/idp/SingleLogoutService.php @@ -10,6 +10,8 @@ require_once('../../_include.php'); +use Webmozart\Assert\Assert; + \SimpleSAML\Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService'); $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler(); @@ -34,4 +36,4 @@ if (isset($_REQUEST['ReturnTo'])) { } } } -assert(false); +Assert::true(false); diff --git a/www/saml2/idp/initSLO.php b/www/saml2/idp/initSLO.php index 82c38c8d4d0dddcb4d895916a9b09551faa76466..24e6748f870df7e971643feb540de754d3950cfe 100644 --- a/www/saml2/idp/initSLO.php +++ b/www/saml2/idp/initSLO.php @@ -2,6 +2,8 @@ require_once('../../_include.php'); +use Webmozart\Assert\Assert; + $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = \SimpleSAML\IdP::getById('saml2:' . $idpEntityId); @@ -13,4 +15,4 @@ if (!isset($_GET['RelayState'])) { } $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string) $_GET['RelayState'])); -assert(false); +Assert::true(false); diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index 698cb9f4a308397905fe66165d02f9aeb9f3ea6c..4ba2fa1d82b92e9ab30b0e5556955c4bd668b142 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -8,6 +8,7 @@ use SimpleSAML\Utils\Auth as Auth; use SimpleSAML\Utils\Crypto as Crypto; use SimpleSAML\Utils\HTTP as HTTP; use SimpleSAML\Utils\Config\Metadata as Metadata; +use Webmozart\Assert\Assert; // load SimpleSAMLphp configuration and metadata $config = \SimpleSAML\Configuration::getInstance(); @@ -55,7 +56,7 @@ try { if ($idpmeta->hasValue('https.certificate')) { $httpsCert = Crypto::loadPublicKey($idpmeta, true, 'https.'); - assert(isset($httpsCert['certData'])); + Assert::notNull($httpsCert['certData']); $availableCerts['https.crt'] = $httpsCert; $keys[] = [ 'type' => 'X509Certificate', diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index 14a014fcdb8e8e56b948534494fdea47c34ade5e..d99365867b8322486f15e7ac192c50ee8f548473 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -11,6 +11,8 @@ require_once '../../_include.php'; +use Webmozart\Assert\Assert; + \SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService'); $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler(); @@ -18,4 +20,4 @@ $idpEntityId = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted'); $idp = \SimpleSAML\IdP::getById('saml1:'.$idpEntityId); \SimpleSAML\Module\saml\IdP\SAML1::receiveAuthnRequest($idp); -assert(false); +Assert::true(false);