Start using the external module for authmemcookie

11e05f1c · Tim van Dijen · 6714b780 · 11e05f1c · 6714b780 · 11e05f1c
Commit 11e05f1c authored 6 years ago by Tim van Dijen
--- a/bin/build-release.sh
+++ b/bin/build-release.sh
@@ -44,6 +44,7 @@ fi
 php "$TARGET/composer.phar" install --no-dev --prefer-dist -o -d "$TARGET"
 # Install external modules
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-memcookie
 php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-riak
 php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-oauth

--- a/config-templates/authmemcookie.php
+++ b/config-templates/authmemcookie.php
-<?php
-/**
- * This is the configuration file for the Auth MemCookie example.
- */
-$config = [
-    /*
-     * The authentication source that should be used.
-     *
-     * This must be one of the authentication sources configured in config/authsources.php.
-     */
-    'authsource' => 'default-sp',
-    /*
-     * This is the name of the cookie we should save the session id in. The value of this option must match the
-     * Auth_memCookie_CookieName option in the Auth MemCookie configuration. The default value is 'AuthMemCookie'.
-     *
-     * Default:
-     *  'cookiename' => 'AuthMemCookie',
-     */
-    'cookiename' => 'AuthMemCookie',
-    /*
-     * This option specifies the name of the attribute which contains the username of the user. It must be set to
-     * a valid attribute name.
-     *
-     * Examples:
-     *  'username' => 'uid', // LDAP attribute for user id.
-     *  'username' => 'mail', // LDAP attribute for email address.
-     *
-     * Default:
-     *  No default value.
-     */
-    'username' => null,
-    /*
-     * This option specifies the name of the attribute which contains the groups of the user. Set this option to
-     * NULL if you don't want to include any groups.
-     *
-     * Example:
-     *  'groups' => 'edupersonaffiliation',
-     *
-     * Default:
-     *  'groups' => null,
-     */
-    'groups' => null,
-    /*
-     * This option contains the hostnames or IP addresses of the memcache servers where we should store the
-     * authentication information. Separator is a comma. This option should match the address part of the
-     * Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
-     *
-     * Examples:
-     *  'memcache.host' => '192.168.93.52',
-     *  'memcache.host' => 'memcache.example.org',
-     *  'memcache.host' => 'memcache1.example.org,memcache2.example.org'
-     *
-     * Default:
-     *  'memcache.host' => '127.0.0.1',
-     */
-    'memcache.host' => '127.0.0.1',
-    /*
-     * This option contains the port number of the memcache server where we should store the
-     * authentication information. This option should match the port part of the
-     * Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
-     *
-     * Default:
-     *  'memcache.port' => 11211,
-     */
-    'memcache.port' => 11211,
-];
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -440,7 +440,6 @@ $config = [
    'enable.shib13-idp' => false,
    'enable.adfs-idp' => false,
    'enable.wsfed-sp' => false,
-    'enable.authmemcookie' => false,
    /*
     * Default IdP for WS-Fed.

--- a/extra/auth_memcookie.conf
+++ b/extra/auth_memcookie.conf
-<Location />
-        # This is a list of memcache servers which Auth MemCookie
-        # should use. It is a ','-separated list of
-        # host:port-pairs.
-        # Note that this list must list the same servers as the
-        # 'authmemcookie.servers'-option in config.php in the
-        # configuration for simpleSAMLphp.
-        Auth_memCookie_Memcached_AddrPort "127.0.0.1:11211"
-        # This must be set to 'on' to enable Auth MemCookie for
-        # this directory.
-        Auth_memCookie_Authoritative on
-        # This adjusts the maximum number of data elements in the
-        # session data. The default is 10, which can be to low.
-        Auth_memCookie_SessionTableSize "40"
-        # These two commands are required to enable access control
-        # in Apache.
-        AuthType Cookie
-        AuthName "My Login"
-        # This command causes apache to redirect to the given
-        # URL when we receive a '401 Authorization Required'
-        # error. We redirect to "/simplesaml/authmemcookie.php",
-        # which initializes a login to the IdP.
-        ErrorDocument 401 "/simplesaml/authmemcookie.php"
-</Location>
-<Location /secret>
-        # This allows all authenticated users to access the
-        # directory. To learn more about the 'Require' command,
-        # please look at:
-        # http://httpd.apache.org/docs/2.0/mod/core.html#require
-        Require valid-user
-</Location>
--- a/extra/simplesamlphp.spec
+++ b/extra/simplesamlphp.spec
@@ -70,7 +70,6 @@ tar cf - . | (cd %{buildroot}%{_prefix}simplesamlphp; tar xfp -)
 /var/lib/simplesamlphp/
 %dir %attr(0750, root,apache) /var/lib/simplesamlphp/config
 %config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/acl.php
-%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/authmemcookie.php
 %config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/authsources.php
 %config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/config.php
 %dir %attr(0750, root,apache) /var/lib/simplesamlphp/metadata

--- a/lib/SimpleSAML/AuthMemCookie.php
+++ b/lib/SimpleSAML/AuthMemCookie.php
-<?php
-namespace SimpleSAML;
-/**
- * This is a helper class for the Auth MemCookie module.
- * It handles the configuration, and implements the logout handler.
- *
- * @author Olav Morken, UNINETT AS.
- * @package SimpleSAMLphp
- *
- * @deprecated This class has been deprecated and will be removed in SSP 2.0. Use the memcookie module instead.
- */
-class AuthMemCookie
-{
-    /**
-     * @var AuthMemCookie This is the singleton instance of this class.
-     */
-    private static $instance = null;
-    /**
-     * @var Configuration The configuration for Auth MemCookie.
-     */
-    private $amcConfig;
-    /**
-     * This function is used to retrieve the singleton instance of this class.
-     *
-     * @return AuthMemCookie The singleton instance of this class.
-     */
-    public static function getInstance()
-    {
-        if (self::$instance === null) {
-            self::$instance = new AuthMemCookie();
-        }
-        return self::$instance;
-    }
-    /**
-     * This function implements the constructor for this class. It loads the Auth MemCookie configuration.
-     */
-    private function __construct()
-    {
-        // load AuthMemCookie configuration
-        $this->amcConfig = Configuration::getConfig('authmemcookie.php');
-    }
-    /**
-     * Retrieve the authentication source that should be used to authenticate the user.
-     *
-     * @return string The login type which should be used for Auth MemCookie.
-     */
-    public function getAuthSource()
-    {
-        return $this->amcConfig->getString('authsource');
-    }
-    /**
-     * This function retrieves the name of the cookie from the configuration.
-     *
-     * @return string The name of the cookie.
-     * @throws Exception If the value of the 'cookiename' configuration option is invalid.
-     */
-    public function getCookieName()
-    {
-        $cookieName = $this->amcConfig->getString('cookiename', 'AuthMemCookie');
-        if (!is_string($cookieName) || strlen($cookieName) === 0) {
-            throw new \Exception(
-                "Configuration option 'cookiename' contains an invalid value. This option should be a string."
-            );
-        }
-        return $cookieName;
-    }
-    /**
-     * This function retrieves the name of the attribute which contains the username from the configuration.
-     *
-     * @return string The name of the attribute which contains the username.
-     */
-    public function getUsernameAttr()
-    {
-        $usernameAttr = $this->amcConfig->getString('username', null);
-        return $usernameAttr;
-    }
-    /**
-     * This function retrieves the name of the attribute which contains the groups from the configuration.
-     *
-     * @return string The name of the attribute which contains the groups.
-     */
-    public function getGroupsAttr()
-    {
-        $groupsAttr = $this->amcConfig->getString('groups', null);
-        return $groupsAttr;
-    }
-    /**
-     * This function creates and initializes a Memcache object from our configuration.
-     *
-     * @return \Memcache A Memcache object initialized from our configuration.
-     * @throws \Exception If the servers configuration is invalid.
-     */
-    public function getMemcache()
-    {
-        $memcacheHost = $this->amcConfig->getString('memcache.host', '127.0.0.1');
-        $memcachePort = $this->amcConfig->getInteger('memcache.port', 11211);
-        $class = class_exists('Memcache') ? '\Memcache' : (class_exists('Memcached') ? '\Memcached' : false);
-        if (!$class) {
-            throw new \Exception(
-                'Missing Memcached implementation. You must install either the Memcache or Memcached extension.'
-            );
-        }
-        // Create the Memcache(d) object.
-        $memcache = new $class();
-        foreach (explode(',', $memcacheHost) as $memcacheHost) {
-            $memcache->addServer($memcacheHost, $memcachePort);
-        }
-        return $memcache;
-    }
-    /**
-     * This function logs the user out by deleting the session information from memcache.
-     */
-    private function doLogout()
-    {
-        $cookieName = $this->getCookieName();
-        // check if we have a valid cookie
-        if (!array_key_exists($cookieName, $_COOKIE)) {
-            return;
-        }
-        $sessionID = $_COOKIE[$cookieName];
-        // delete the session from memcache
-        $memcache = $this->getMemcache();
-        $memcache->delete($sessionID);
-        // delete the session cookie
-        \SimpleSAML\Utils\HTTP::setCookie($cookieName, null);
-    }
-    /**
-     * This function implements the logout handler. It deletes the information from Memcache.
-     */
-    public static function logoutHandler()
-    {
-        self::getInstance()->doLogout();
-    }
-}
--- a/www/authmemcookie.php
+++ b/www/authmemcookie.php
-<?php
-/**
- * This file implements an script which can be used to authenticate users with Auth MemCookie.
- * See: http://authmemcookie.sourceforge.net/
- *
- * The configuration for this script is stored in config/authmemcookie.php.
- *
- * The file extra/auth_memcookie.conf contains an example of how Auth Memcookie can be configured
- * to use SimpleSAMLphp.
- *
- * @deprecated This file has been deprecated and will be removed in SSP 2.0. Use the memcookie module instead.
- */
-require_once('_include.php');
-try {
-    // load SimpleSAMLphp configuration
-    $globalConfig = \SimpleSAML\Configuration::getInstance();
-    // check if this module is enabled
-    if (!$globalConfig->getBoolean('enable.authmemcookie', false)) {
-        throw new \SimpleSAML\Error\Error('NOACCESS');
-    }
-    // load Auth MemCookie configuration
-    $amc = \SimpleSAML\AuthMemCookie::getInstance();
-    $sourceId = $amc->getAuthSource();
-    $s = new \SimpleSAML\Auth\Simple($sourceId);
-    // check if the user is authorized. We attempt to authenticate the user if not
-    $s->requireAuth();
-    // generate session id and save it in a cookie
-    $sessionID = \SimpleSAML\Utils\Random::generateID();
-    $cookieName = $amc->getCookieName();
-    \SimpleSAML\Utils\HTTP::setCookie($cookieName, $sessionID);
-    // generate the authentication information
-    $attributes = $s->getAttributes();
-    $authData = [];
-    // username
-    $usernameAttr = $amc->getUsernameAttr();
-    if (!array_key_exists($usernameAttr, $attributes)) {
-        throw new \Exception(
-            "The user doesn't have an attribute named '".$usernameAttr.
-            "'. This attribute is expected to contain the username."
-        );
-    }
-    $authData['UserName'] = $attributes[$usernameAttr];
-    // groups
-    $groupsAttr = $amc->getGroupsAttr();
-    if ($groupsAttr !== null) {
-        if (!array_key_exists($groupsAttr, $attributes)) {
-            throw new \Exception(
-                "The user doesn't have an attribute named '".$groupsAttr.
-                "'. This attribute is expected to contain the groups the user is a member of."
-            );
-        }
-        $authData['Groups'] = $attributes[$groupsAttr];
-    } else {
-        $authData['Groups'] = [];
-    }
-    $authData['RemoteIP'] = $_SERVER['REMOTE_ADDR'];
-    foreach ($attributes as $n => $v) {
-        $authData['ATTR_'.$n] = $v;
-    }
-    // store the authentication data in the memcache server
-    $data = '';
-    foreach ($authData as $name => $values) {
-        if (is_array($values)) {
-            foreach ($values as $i => $value) {
-                if (!is_a($value, 'DOMNodeList')) {
-                    continue;
-                }
-                /* @var \DOMNodeList $value */
-                if ($value->length === 0) {
-                    continue;
-                }
-                $values[$i] = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
-            }
-            $values = implode(':', $values);
-        }
-        $data .= $name.'='.$values."\r\n";
-    }
-    $memcache = $amc->getMemcache();
-    $expirationTime = $s->getAuthData('Expire');
-    $memcache->set($sessionID, $data, 0, $expirationTime);
-    // register logout handler
-    $session = \SimpleSAML\Session::getSessionFromRequest();
-    $session->registerLogoutHandler($sourceId, '\SimpleSAML\AuthMemCookie', 'logoutHandler');
-    // redirect the user back to this page to signal that the login is completed
-    \SimpleSAML\Utils\HTTP::redirectTrustedURL(\SimpleSAML\Utils\HTTP::getSelfURL());
-} catch (\Exception $e) {
-    throw new \SimpleSAML\Error\Error('CONFIG', $e);
-}