diff --git a/.travis.yml b/.travis.yml
index 8cc6a15ab84a1cc13317a1d10c2996b2d572f9ff..675675ab02068cb25fe0b50e53309c0006740465 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,16 +6,11 @@ php:
- 7.1
- 7.2
- 7.3
- - hhvm
env:
- COMMAND="install"
- COMMAND="update"
-matrix:
- allow_failures:
- - php: hhvm
-
before_script:
- composer ${COMMAND}
- if [[ "$TRAVIS_PHP_VERSION" == "7.3" ]]; then composer require --dev vimeo/psalm:0.3.92; fi
diff --git a/TESTING.md b/TESTING.md
index e0c4fd0e94ef4cffec6addb03fe9a0f3edec5eb3..c38db47e8f070fb652931a0599c3cfaf8d520d39 100644
--- a/TESTING.md
+++ b/TESTING.md
@@ -56,14 +56,14 @@ SimpleSAMLphp installation, as the tests cannot use that. Make sure
you have `phpunit` installed and run:
```sh
-phpunit -c tools/phpunit/phpunit.xml
+phpunit -c ./phpunit.xml
```
If your default version of `phpunit` is more recent than 4.8, you can run
the old version installed by composer
```sh
-./vendor/bin/phpunit -c tools/phpunit/phpunit.xml
+./vendor/bin/phpunit -c ./phpunit.xml
```
All the tests are run by our *continuous integration* platform,
diff --git a/bin/build-release.sh b/bin/build-release.sh
index e7b03bbdd913f0ff16554761621dcc6672e2bcaf..6820c7a5379ed3debf433ad54262d611040e0aac 100755
--- a/bin/build-release.sh
+++ b/bin/build-release.sh
@@ -40,10 +40,19 @@ if [ ! -x "$TARGET/composer.phar" ]; then
curl -sS https://getcomposer.org/installer | php -- --install-dir=$TARGET
fi
+# Set the version in composer.json
+php "$TARGET/composer.phar" config version "$VERSION" -d "$TARGET"
+
# Install dependencies (without vcs history or dev tools)
php "$TARGET/composer.phar" install --no-dev --prefer-dist -o -d "$TARGET"
-cd $TARGET
+# Install external modules
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-cdc
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-memcookie
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-oauth
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-riak
+
+cd $TARGET
npm install
npm audit fix
npm run build
diff --git a/composer.json b/composer.json
index 2e9ed9ea992cdd8a8b784a3f5df538050c427621..f55f9dd38f326d0ce37231cd86c4b8fb3bd2061d 100644
--- a/composer.json
+++ b/composer.json
@@ -36,23 +36,27 @@
"ext-hash": "*",
"ext-json": "*",
"ext-mbstring": "*",
- "simplesamlphp/saml2": "^3.3",
- "robrichards/xmlseclibs": "^3.0",
- "whitehat101/apr1-md5": "~1.0",
- "twig/twig": "~1.0 || ~2.0",
"gettext/gettext": "^4.6",
"jaimeperez/twig-configurable-i18n": "^2.0",
+ "robrichards/xmlseclibs": "^3.0",
+ "simplesamlphp/saml2": "^3.3",
+ "simplesamlphp/simplesamlphp-module-cdc": "^1.0",
+ "simplesamlphp/simplesamlphp-module-memcookie": "^1.2",
+ "simplesamlphp/simplesamlphp-module-oauth": "^1.0",
+ "simplesamlphp/simplesamlphp-module-riak": "^1.0.0",
"symfony/routing": "^3.4 || ^4.0",
"symfony/http-foundation": "^3.4 || ^4.0",
"symfony/config": "^3.4 || ^4.0",
"symfony/http-kernel": "^3.4 || ^4.0",
"symfony/dependency-injection": "^3.4 || ^4.0",
- "symfony/yaml": "^3.4 || ^4.0"
+ "symfony/yaml": "^3.4 || ^4.0",
+ "twig/twig": "~1.0 || ~2.0",
+ "whitehat101/apr1-md5": "~1.0"
},
"require-dev": {
- "phpunit/phpunit": "~4.8",
+ "ext-curl": "*",
"mikey179/vfsstream": "~1.6",
- "ext-curl": "*"
+ "phpunit/phpunit": "~4.8"
},
"suggest": {
"predis/predis": "Needed if a Redis server is used to store session information",
diff --git a/config-templates/authmemcookie.php b/config-templates/authmemcookie.php
deleted file mode 100644
index fac02813814cd56c09cd69ce3b526408d35da4e9..0000000000000000000000000000000000000000
--- a/config-templates/authmemcookie.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-
-/**
- * This is the configuration file for the Auth MemCookie example.
- */
-
-$config = [
- /*
- * The authentication source that should be used.
- *
- * This must be one of the authentication sources configured in config/authsources.php.
- */
- 'authsource' => 'default-sp',
-
- /*
- * This is the name of the cookie we should save the session id in. The value of this option must match the
- * Auth_memCookie_CookieName option in the Auth MemCookie configuration. The default value is 'AuthMemCookie'.
- *
- * Default:
- * 'cookiename' => 'AuthMemCookie',
- */
- 'cookiename' => 'AuthMemCookie',
-
- /*
- * This option specifies the name of the attribute which contains the username of the user. It must be set to
- * a valid attribute name.
- *
- * Examples:
- * 'username' => 'uid', // LDAP attribute for user id.
- * 'username' => 'mail', // LDAP attribute for email address.
- *
- * Default:
- * No default value.
- */
- 'username' => null,
-
- /*
- * This option specifies the name of the attribute which contains the groups of the user. Set this option to
- * NULL if you don't want to include any groups.
- *
- * Example:
- * 'groups' => 'edupersonaffiliation',
- *
- * Default:
- * 'groups' => null,
- */
- 'groups' => null,
-
- /*
- * This option contains the hostnames or IP addresses of the memcache servers where we should store the
- * authentication information. Separator is a comma. This option should match the address part of the
- * Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
- *
- * Examples:
- * 'memcache.host' => '192.168.93.52',
- * 'memcache.host' => 'memcache.example.org',
- * 'memcache.host' => 'memcache1.example.org,memcache2.example.org'
- *
- * Default:
- * 'memcache.host' => '127.0.0.1',
- */
- 'memcache.host' => '127.0.0.1',
-
- /*
- * This option contains the port number of the memcache server where we should store the
- * authentication information. This option should match the port part of the
- * Auth_memCookie_Memcached_AddrPort option in the Auth MemCookie configuration.
- *
- * Default:
- * 'memcache.port' => 11211,
- */
- 'memcache.port' => 11211,
-];
diff --git a/config-templates/config.php b/config-templates/config.php
index 6d9c71b8c9f9610a8b6addc5dae0502865eb4f8e..aecb8f0177e2c9491382f21a7bca5f202bf77c82 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -57,7 +57,7 @@ $config = [
* - 'certdir': The base directory for certificate and key material.
* - 'loggingdir': Where to write logs.
* - 'datadir': Storage of general data.
- * - 'temdir': Saving temporary files. SimpleSAMLphp will attempt to create
+ * - 'tempdir': Saving temporary files. SimpleSAMLphp will attempt to create
* this directory if it doesn't exist.
* When specified as a relative path, this is relative to the SimpleSAMLphp
* root directory.
@@ -440,7 +440,6 @@ $config = [
'enable.shib13-idp' => false,
'enable.adfs-idp' => false,
'enable.wsfed-sp' => false,
- 'enable.authmemcookie' => false,
/*
* Default IdP for WS-Fed.
@@ -959,6 +958,12 @@ $config = [
| METADATA CONFIGURATION |
**************************/
+ /*
+ * This option allows you to specify a directory for your metadata outside of the standard metadata directory
+ * included in the standard distribution of the software.
+ */
+ 'metadatadir' => 'metadata',
+
/*
* This option configures the metadata sources. The metadata sources is given as an array with
* different metadata sources. When searching for metadata, SimpleSAMLphp will search through
diff --git a/docs/simplesamlphp-automated_metadata.md b/docs/simplesamlphp-automated_metadata.md
index cc40de2ceb6f5367dc6edf95b91e5462f0d40ddd..b06b116f709a4aae6f3289222239cf0d9d8ee16e 100644
--- a/docs/simplesamlphp-automated_metadata.md
+++ b/docs/simplesamlphp-automated_metadata.md
@@ -162,6 +162,10 @@ Each metadata source has the following options:
don't need this option if you don't want to validate the signature
on the metadata.
+`validateFingerprintAlgorithm`
+: Algorithm used to compute the signing certificate's fingerprint. Defaults to
+ `XMLSecurityDSig::SHA1`.
+
`template`
: This is an array which will be combined with the metadata fetched to
generate the final metadata array.
diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index c575569753c68ec2c2a8c820a118211a72c3bf12..3f944098547ae58b6c4cc9384055b8cc8cb6f86c 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -6,10 +6,26 @@ SimpleSAMLphp changelog
This document lists the changes between versions of SimpleSAMLphp.
See the upgrade notes for specific information about upgrading.
-## Version 1.17.0
+## Version 1.18.0
Released TBD
+### metarefresh
+ * The algorithm to compute the fingerprint of the certificate that signed
+ metadata can be specified with the new `validateFingerprintAlgorithm`
+ configuration option.
+
+## Version 1.17.1
+
+Released 2019-03-07
+
+ * Fixed an issue with composer that made it impossible to install modules
+ if SimpleSAMLphp was installed itself with the provided package (tar.gz file).
+
+## Version 1.17.0
+
+Released 2019-03-07
+
* Introduce a new experimental user interface based on Twig templates.
The new Twig templates co-exist next to the old ones and come
with a new look-and-feel for SimpleSAMLphp and independent interfaces for
diff --git a/docs/simplesamlphp-install.md b/docs/simplesamlphp-install.md
index 346bbca6d09e36171a57c5a1e0e3be23139ad3ee..231d27cf920359fc11599b35b59d1e45723a243c 100644
--- a/docs/simplesamlphp-install.md
+++ b/docs/simplesamlphp-install.md
@@ -206,19 +206,18 @@ look like this:
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
- location / {
- root /var/simplesamlphp/www;
- index index.php;
- }
-
- location ~ \.php {
- root /var/simplesamlphp/www;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- include fastcgi_params;
+ location ^~ /simplesaml {
+ alias /var/simplesamlphp/www;
+
+ location ~ \.php(/|$) {
+ root /var/simplesamlphp/www;
+ fastcgi_pass 127.0.0.1:9000;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ include fastcgi_params;
+ }
}
}
```
diff --git a/extra/auth_memcookie.conf b/extra/auth_memcookie.conf
deleted file mode 100644
index c387a85dc9c12f9d6d03f3fa1af2678fcea4e19a..0000000000000000000000000000000000000000
--- a/extra/auth_memcookie.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-<Location />
- # This is a list of memcache servers which Auth MemCookie
- # should use. It is a ','-separated list of
- # host:port-pairs.
- # Note that this list must list the same servers as the
- # 'authmemcookie.servers'-option in config.php in the
- # configuration for simpleSAMLphp.
- Auth_memCookie_Memcached_AddrPort "127.0.0.1:11211"
-
- # This must be set to 'on' to enable Auth MemCookie for
- # this directory.
- Auth_memCookie_Authoritative on
-
- # This adjusts the maximum number of data elements in the
- # session data. The default is 10, which can be to low.
- Auth_memCookie_SessionTableSize "40"
-
- # These two commands are required to enable access control
- # in Apache.
- AuthType Cookie
- AuthName "My Login"
-
- # This command causes apache to redirect to the given
- # URL when we receive a '401 Authorization Required'
- # error. We redirect to "/simplesaml/authmemcookie.php",
- # which initializes a login to the IdP.
- ErrorDocument 401 "/simplesaml/authmemcookie.php"
-
-</Location>
-
-<Location /secret>
- # This allows all authenticated users to access the
- # directory. To learn more about the 'Require' command,
- # please look at:
- # http://httpd.apache.org/docs/2.0/mod/core.html#require
- Require valid-user
-</Location>
-
diff --git a/extra/simplesamlphp.spec b/extra/simplesamlphp.spec
index 7118153f626039f4247ba376e7edfda1d2ce24c3..6ea33d47160a4cf602ccaf0e079d20abeb0967e3 100644
--- a/extra/simplesamlphp.spec
+++ b/extra/simplesamlphp.spec
@@ -70,7 +70,6 @@ tar cf - . | (cd %{buildroot}%{_prefix}simplesamlphp; tar xfp -)
/var/lib/simplesamlphp/
%dir %attr(0750, root,apache) /var/lib/simplesamlphp/config
%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/acl.php
-%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/authmemcookie.php
%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/authsources.php
%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/config.php
%dir %attr(0750, root,apache) /var/lib/simplesamlphp/metadata
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 4a9f713753dabbca4d4c1ae29f0afcdddbfbd880..f85c7b894f2429f6d43e41c7251ff6736834cca0 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -2,6 +2,7 @@
namespace SimpleSAML\Metadata;
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
use RobRichards\XMLSecLibs\XMLSecurityKey;
/**
@@ -1463,16 +1464,48 @@ class SAMLParser
}
+ private function computeFingerprint($algorithm, $data)
+ {
+ switch ($algorithm) {
+ case XMLSecurityDSig::SHA1:
+ $algo = 'SHA1';
+ break;
+ case XMLSecurityDSig::SHA256:
+ $algo = 'SHA256';
+ break;
+ case XMLSecurityDSig::SHA384:
+ $algo = 'SHA384';
+ break;
+ case XMLSecurityDSig::SHA512:
+ $algo = 'SHA512';
+ break;
+ default:
+ $known_opts = implode(", ", [
+ XMLSecurityDSig::SHA1,
+ XMLSecurityDSig::SHA256,
+ XMLSecurityDSig::SHA384,
+ XMLSecurityDSig::SHA512,
+ ]);
+ throw new \UnexpectedValueException(
+ "Unsupported hashing function {$algorithm}. " .
+ "Known options: [{$known_opts}]"
+ );
+ }
+ return hash($algo, $data);
+ }
+
+
/**
* This function checks if this EntityDescriptor was signed with a certificate with the
* given fingerprint.
*
* @param string $fingerprint Fingerprint of the certificate which should have been used to sign this
* EntityDescriptor.
+ * @param string $algorithm Algorithm used to compute the fingerprint of the signing certicate.
*
* @return boolean True if it was signed with the certificate with the given fingerprint, false otherwise.
*/
- public function validateFingerprint($fingerprint)
+ public function validateFingerprint($fingerprint, $algorithm)
{
assert(is_string($fingerprint));
@@ -1481,7 +1514,8 @@ class SAMLParser
$candidates = [];
foreach ($this->validators as $validator) {
foreach ($validator->getValidatingCertificates() as $cert) {
- $fp = strtolower(sha1(base64_decode($cert)));
+ $decoded_cert = base64_decode($cert);
+ $fp = $this->computeFingerprint($algorithm, $decoded_cert);
$candidates[] = $fp;
if ($fp === $fingerprint) {
return true;
diff --git a/lib/SimpleSAML/Metadata/Sources/MDQ.php b/lib/SimpleSAML/Metadata/Sources/MDQ.php
index db6a1135487a75c416d60145651d027e7189f805..1f141657be9631a62597c2916c7fad85a23341df 100644
--- a/lib/SimpleSAML/Metadata/Sources/MDQ.php
+++ b/lib/SimpleSAML/Metadata/Sources/MDQ.php
@@ -2,6 +2,7 @@
namespace SimpleSAML\Metadata\Sources;
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
use SimpleSAML\Logger;
use SimpleSAML\Utils\HTTP;
@@ -78,6 +79,11 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource
} else {
$this->validateFingerprint = null;
}
+ if (isset($config['validateFingerprintAlgorithm'])) {
+ $this->validateFingerprintAlgorithm = $config['validateFingerprintAlgorithm'];
+ } else {
+ $this->validateFingerprintAlgorithm = XMLSecurityDSig::SHA1;
+ }
if (array_key_exists('cachedir', $config)) {
$globalConfig = \SimpleSAML\Configuration::getInstance();
@@ -316,7 +322,10 @@ class MDQ extends \SimpleSAML\Metadata\MetaDataStorageSource
Logger::debug(__CLASS__.': completed parsing of ['.$mdq_url.']');
if ($this->validateFingerprint !== null) {
- if (!$entity->validateFingerprint($this->validateFingerprint)) {
+ if (!$entity->validateFingerprint(
+ $this->validateFingerprint,
+ $this->validateFingerprintAlgorithm
+ )) {
throw new \Exception(__CLASS__.': error, could not verify signature for entity: '.$index.'".');
}
}
diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php
index d8c7c42fd649d85f41138a603656e5e57530e124..edb4b200c9b7d12614f3d387cd9f92442bf18dc9 100644
--- a/lib/SimpleSAML/XHTML/Template.php
+++ b/lib/SimpleSAML/XHTML/Template.php
@@ -298,6 +298,7 @@ class Template extends Response
$twig->addGlobal('queryParams', $queryParams);
$twig->addGlobal('templateId', str_replace('.twig', '', $this->normalizeTemplateName($this->template)));
$twig->addGlobal('isProduction', $this->configuration->getBoolean('production', true));
+ $twig->addGlobal('baseurlpath', ltrim($this->configuration->getBasePath(), '/'));
// add a filter for translations out of arrays
$twig->addFilter(
diff --git a/locales/nl/LC_MESSAGES/messages.po b/locales/nl/LC_MESSAGES/messages.po
index d562f8b167757334bb0282d9c0a4ace1f87a8ee6..ef2a72db21b22e90121b1cc099966fa87f23c38d 100644
--- a/locales/nl/LC_MESSAGES/messages.po
+++ b/locales/nl/LC_MESSAGES/messages.po
@@ -1680,4 +1680,4 @@ msgstr ""
"Je gaat nu een pre-productiesysteem gebruiken. Deze authenticatie is "
"uitsluitend opgezet voor testen en pre-productie-verfificatie. Als iemand"
" je een link hierheen stuurde, en je bent geen <i>tester</i>, dan is dit "
-"waarschijlijk een vergissing en zou je <b>niet hier moeten zijn</b>."
+"waarschijnlijk een vergissing en zou je <b>niet hier moeten zijn</b>."
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 0989d11735d49477bc1afa94b24844b21fa620d1..aecba0b96b13d164877e99e285513de1674ef852 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -9,6 +9,11 @@ use SimpleSAML\Utils\Crypto;
class ADFS
{
+ /**
+ * @param \SimpleSAML\IdP $idp
+ * @throws \Exception
+ * @return void
+ */
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
{
try {
@@ -41,6 +46,15 @@ class ADFS
$idp->handleAuthenticationRequest($state);
}
+
+ /**
+ * @param string $issuer
+ * @param string $target
+ * @param string $nameid
+ * @param array $attributes
+ * @param int $assertionLifetime
+ * @return string
+ */
private static function generateResponse($issuer, $target, $nameid, $attributes, $assertionLifetime)
{
$issueInstant = \SimpleSAML\Utils\Time::generateTimestamp();
@@ -49,26 +63,7 @@ class ADFS
$assertionID = \SimpleSAML\Utils\Random::generateID();
$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
$nameid = htmlspecialchars($nameid);
-
- $result = <<<MSG
-<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
- <wst:RequestedSecurityToken>
- <saml:Assertion Issuer="$issuer" IssueInstant="$issueInstant" AssertionID="$assertionID" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
- <saml:Conditions NotOnOrAfter="$assertionExpire" NotBefore="$notBefore">
- <saml:AudienceRestrictionCondition>
- <saml:Audience>$target</saml:Audience>
- </saml:AudienceRestrictionCondition>
- </saml:Conditions>
- <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="$issueInstant">
- <saml:Subject>
- <saml:NameIdentifier Format="$nameidFormat">$nameid</saml:NameIdentifier>
- </saml:Subject>
- </saml:AuthenticationStatement>
- <saml:AttributeStatement>
- <saml:Subject>
- <saml:NameIdentifier Format="$nameidFormat">$nameid</saml:NameIdentifier>
- </saml:Subject>
-MSG;
+ $parsed_attrs = [];
foreach ($attributes as $name => $values) {
if ((!is_array($values)) || (count($values) == 0)) {
@@ -83,31 +78,37 @@ MSG;
if ((!isset($value)) || ($value === '')) {
continue;
}
- $value = htmlspecialchars($value);
-
- $result .= <<<MSG
- <saml:Attribute AttributeNamespace="$namespace" AttributeName="$name">
- <saml:AttributeValue>$value</saml:AttributeValue>
- </saml:Attribute>
-MSG;
+ $parsed_attrs[] = ['name' => $name, 'namespace' => $namespace, 'value' => htmlspecialchars($value)];
}
}
- $result .= <<<MSG
- </saml:AttributeStatement>
- </saml:Assertion>
- </wst:RequestedSecurityToken>
- <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
- <wsa:Address>$target</wsa:Address>
- </wsa:EndpointReference>
- </wsp:AppliesTo>
-</wst:RequestSecurityTokenResponse>
-MSG;
-
- return $result;
+ $config = \SimpleSAML\Configuration::getInstance();
+ $t = new \SimpleSAML\XHTML\Template($config, 'adfs:generateResponse.twig');
+ $twig = $t->getTwig();
+ return $twig->render(
+ 'adfs:generateResponse.twig',
+ [
+ 'issueInstant' => $issueInstant,
+ 'notBefore' => $notBefore,
+ 'issuer' => $issuer,
+ 'nameid' => $nameid,
+ 'nameidFormat' => $nameidFormat,
+ 'target' => $target,
+ 'assertionID' => $assertionID,
+ 'assertionExpire' => $assertionExpire,
+ 'parsedAttributes' => $parsed_attrs,
+ ]
+ );
}
+
+ /**
+ * @param string $response
+ * @param string $key
+ * @param string $cert
+ * @param string $algo
+ * @return string|bool
+ */
private static function signResponse($response, $key, $cert, $algo)
{
$objXMLSecDSig = new XMLSecurityDSig();
@@ -134,6 +135,13 @@ MSG;
return $responsedom->saveXML();
}
+
+ /**
+ * @param string $url
+ * @param string $wresult
+ * @param string $wctx
+ * @return void
+ */
private static function postResponse($url, $wresult, $wctx)
{
$config = \SimpleSAML\Configuration::getInstance();
@@ -150,8 +158,8 @@ MSG;
* Get the metadata of a given hosted ADFS IdP.
*
* @param string $entityid The entity ID of the hosted ADFS IdP whose metadata we want to fetch.
- *
* @return array
+ *
* @throws \SimpleSAML\Error\Exception
* @throws \SimpleSAML\Error\MetadataNotFound
*/
@@ -223,7 +231,7 @@ MSG;
);
if (!$config->hasValue('OrganizationURL')) {
- throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+ throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
}
@@ -271,6 +279,12 @@ MSG;
}
+ /**
+ * @param array $state
+ * @return void
+ *
+ * @throws \Exception
+ */
public static function sendResponse(array $state)
{
$spMetadata = $state["SPMetadata"];
@@ -323,6 +337,12 @@ MSG;
ADFS::postResponse($wreply, $wresult, $wctx);
}
+
+ /**
+ * @param \SimpleSAML\IdP $idp
+ * @param array $state
+ * @return void
+ */
public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
{
// NB:: we don't know from which SP the logout request came from
@@ -332,6 +352,11 @@ MSG;
);
}
+
+ /**
+ * @param \SimpleSAML\IdP $idp
+ * @return void
+ */
public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
{
// if a redirect is to occur based on wreply, we will redirect to url as
@@ -351,7 +376,14 @@ MSG;
$idp->handleLogoutRequest($state, $assocId);
}
- // accepts an association array, and returns a URL that can be accessed to terminate the association
+
+ /**
+ * Accepts an association array, and returns a URL that can be accessed to terminate the association
+ * @param \SimpleSAML\IdP $idp
+ * @param array $association
+ * @param string $relayState
+ * @return string
+ */
public static function getLogoutURL(\SimpleSAML\IdP $idp, array $association, $relayState)
{
$metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
diff --git a/modules/adfs/lib/SAML2/XML/fed/Endpoint.php b/modules/adfs/lib/SAML2/XML/fed/Endpoint.php
index d3ac56ad346d423bc21b354243dcaebae6112bb3..46b4940251b14f16e7b4615dca5fcc6e22503396 100644
--- a/modules/adfs/lib/SAML2/XML/fed/Endpoint.php
+++ b/modules/adfs/lib/SAML2/XML/fed/Endpoint.php
@@ -15,6 +15,8 @@ class Endpoint
*
* @param \DOMElement $parent The element we should append this endpoint to.
* @param string $name The name of the element we should create.
+ * @param string $address
+ * @return \DOMElement
*/
public static function appendXML(\DOMElement $parent, $name, $address)
{
diff --git a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
index de386e9f65dc932d4c112dacc3bfa8e5a5389372..e3fc90e01a78c0fba004267b98dd1af69c29bc93 100644
--- a/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
+++ b/modules/adfs/lib/SAML2/XML/fed/SecurityTokenServiceType.php
@@ -20,9 +20,10 @@ class SecurityTokenServiceType extends \SAML2\XML\md\RoleDescriptor
/**
* The Location of Services.
*
- * @var string
+ * @var string|null
*/
- public $Location;
+ public $Location = null;
+
/**
* Initialize a SecurityTokenServiceType element.
@@ -37,6 +38,7 @@ class SecurityTokenServiceType extends \SAML2\XML\md\RoleDescriptor
}
}
+
/**
* Convert this SecurityTokenServiceType RoleDescriptor to XML.
*
@@ -61,7 +63,7 @@ class SecurityTokenServiceType extends \SAML2\XML\md\RoleDescriptor
/**
* Get the location of this service.
*
- * @return string The full URL where this service can be reached.
+ * @return string|null The full URL where this service can be reached.
*/
public function getLocation()
{
@@ -73,6 +75,7 @@ class SecurityTokenServiceType extends \SAML2\XML\md\RoleDescriptor
* Set the location of this service.
*
* @param string $location The full URL where this service can be reached.
+ * @return void
*/
public function setLocation($location)
{
diff --git a/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php b/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
index 5df8f3f9cccd17214333621b7800417cb4176187..659628ada5a0d3b4ea91e8ae487d436385fdc4d1 100644
--- a/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
+++ b/modules/adfs/lib/SAML2/XML/fed/TokenTypesOffered.php
@@ -14,6 +14,7 @@ class TokenTypesOffered
* Add tokentypesoffered to an XML element.
*
* @param \DOMElement $parent The element we should append this endpoint to.
+ * @return \DOMElement
*/
public static function appendXML(\DOMElement $parent)
{
diff --git a/modules/adfs/templates/generateResponse.twig b/modules/adfs/templates/generateResponse.twig
new file mode 100644
index 0000000000000000000000000000000000000000..2d5f9a476b3c0572dde48f0043430c4466719099
--- /dev/null
+++ b/modules/adfs/templates/generateResponse.twig
@@ -0,0 +1,31 @@
+<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
+ <wst:RequestedSecurityToken>
+ <saml:Assertion Issuer="{{ issuer }}" IssueInstant="{{ issueInstant }}" AssertionID="{{ assertionID }}" MinorVersion="1" MajorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <saml:Conditions NotOnOrAfter="{{ assertionExpire }}" NotBefore="{{ notBefore }}">
+ <saml:AudienceRestrictionCondition>
+ <saml:Audience>{{ target }}</saml:Audience>
+ </saml:AudienceRestrictionCondition>
+ </saml:Conditions>
+ <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified" AuthenticationInstant="{{ issueInstant }}">
+ <saml:Subject>
+ <saml:NameIdentifier Format="{{ nameidFormat }}">{{ nameid }}</saml:NameIdentifier>
+ </saml:Subject>
+ </saml:AuthenticationStatement>
+ <saml:AttributeStatement>
+ <saml:Subject>
+ <saml:NameIdentifier Format="{{ nameidFormat }}">{{ nameid }}</saml:NameIdentifier>
+ </saml:Subject>
+{% for attr in parsedAttributes %}
+ <saml:Attribute AttributeNamespace="{{ attr.namespace }}" AttributeName="{{ attr.name }}">
+ <saml:AttributeValue>{{ attr.value }}</saml:AttributeValue>
+ </saml:Attribute>
+{% endfor %}
+ </saml:AttributeStatement>
+ </saml:Assertion>
+ </wst:RequestedSecurityToken>
+ <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsa:Address>{{ target }}</wsa:Address>
+ </wsa:EndpointReference>
+ </wsp:AppliesTo>
+</wst:RequestSecurityTokenResponse>
diff --git a/modules/adfs/templates/postResponse.twig b/modules/adfs/templates/postResponse.twig
index 857aa8d7ab6fcd28e21630ea84031a22452840a4..16f0eab1802ea633b8da3d64a1a3376b9ee52bef 100644
--- a/modules/adfs/templates/postResponse.twig
+++ b/modules/adfs/templates/postResponse.twig
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
- <script src="{{ baseurlpath }}/assets/js/postResponse.js"></script>
+ <script src="/{{ baseurlpath }}module.php/adfs/assets/js/postResponse.js"></script>
</head>
<body>
<form method="post" action="{{ url }}">
diff --git a/modules/adfs/www/assets/js/postReponse.js b/modules/adfs/www/assets/js/postResponse.js
similarity index 100%
rename from modules/adfs/www/assets/js/postReponse.js
rename to modules/adfs/www/assets/js/postResponse.js
diff --git a/modules/admin/lib/Menu.php b/modules/admin/lib/Menu.php
index e4e55250cfda2b9e43a1e5bb8ab58b87298b52a1..c1d87d9597776ca7d533b26fcf2f578072c5fbac 100644
--- a/modules/admin/lib/Menu.php
+++ b/modules/admin/lib/Menu.php
@@ -51,6 +51,7 @@ final class Menu
* @param string $id The identifier of this option.
* @param string $url The URL this option points to.
* @param string $name The name of the option for display purposes.
+ * @return void
*/
public function addOption($id, $url, $name)
{
diff --git a/modules/admin/lib/TestController.php b/modules/admin/lib/TestController.php
index c330c81489d122b8aa66c5a4aad5003b9485bf5e..be7a47033687b9992e23626a10ed78ea3a0407b0 100644
--- a/modules/admin/lib/TestController.php
+++ b/modules/admin/lib/TestController.php
@@ -45,6 +45,7 @@ class TestController
/**
* Display the list of available authsources.
*
+ * @param string|null $as
* @return \SimpleSAML\XHTML\Template
*/
public function main(Request $request, $as)
@@ -67,7 +68,7 @@ class TestController
}
if (!$authsource->isAuthenticated()) {
- $url = \SimpleSAML\Module::getModuleURL('admin/test/' .$as, []);
+ $url = \SimpleSAML\Module::getModuleURL('admin/test/'.$as, []);
$params = [
'ErrorURL' => $url,
'ReturnTo' => $url,
@@ -99,6 +100,11 @@ class TestController
}
+ /**
+ * @param \SimpleSAML\XHTML\Template $t
+ * @param \SAML2\XML\saml\NameID $nameId
+ * @return string
+ */
private function getNameIDHTML(\SimpleSAML\XHTML\Template $t, \SAML2\XML\saml\NameID $nameId)
{
$result = '';
@@ -126,6 +132,12 @@ class TestController
}
+ /**
+ * @param \SimpleSAML\XHTML\Template $t
+ * @param array $attributes
+ * @param string $nameParent
+ * @return string
+ */
private function getAttributesHTML(\SimpleSAML\XHTML\Template $t, $attributes, $nameParent)
{
$alternate = ['pure-table-odd', 'pure-table-even'];
@@ -197,6 +209,11 @@ class TestController
return $str;
}
+
+ /**
+ * @param array|string $attr
+ * @return string
+ */
private function present_list($attr)
{
if (is_array($attr) && count($attr) > 1) {
@@ -211,6 +228,11 @@ class TestController
}
}
+
+ /**
+ * @param array|string $attr
+ * @return string
+ */
private function present_assoc($attr)
{
if (is_array($attr)) {
@@ -225,6 +247,12 @@ class TestController
}
}
+
+ /**
+ * @param \SimpleSAML\Locale\Translate $t
+ * @param \SAML2\XML\saml\NameID $nameID
+ * @return string
+ */
private function present_eptid(\SimpleSAML\Locale\Translate $t, \SAML2\XML\saml\NameID $nameID)
{
$eptid = [
diff --git a/modules/admin/templates/authsource_list.twig b/modules/admin/templates/authsource_list.twig
index e00b3c356a98a27d9a5b76590ba573e6fb0f022c..6a40aca0a4365e6026068a0e71b2eff36f6bf0e6 100644
--- a/modules/admin/templates/authsource_list.twig
+++ b/modules/admin/templates/authsource_list.twig
@@ -4,6 +4,8 @@
{% block content %}
{%- include "@admin/includes/menu.twig" %}
+
+ <h2>{{ pagetitle }} </h2>
<ul>
{% for key, name in sources %}
<li><a href="test/{{ name|escape('url') }}">{{ name }}</a></li>
diff --git a/modules/admin/templates/diagnostics.twig b/modules/admin/templates/diagnostics.twig
index 7e5e36064e20cd1312e6e1eda6dc79383ca081b9..8e900f48731384a75253852bfe44982c3e21e970 100644
--- a/modules/admin/templates/diagnostics.twig
+++ b/modules/admin/templates/diagnostics.twig
@@ -4,6 +4,9 @@
{% block content %}
{%- include "@admin/includes/menu.twig" %}
+
+ <h2>{{ pagetitle }} </h2>
+
{%- embed "_table.twig" %}
{%- block namecol %}
diff --git a/modules/authX509/lib/Auth/Process/ExpiryWarning.php b/modules/authX509/lib/Auth/Process/ExpiryWarning.php
index 1b9c1ca8753b5dc95ae1bb3a6830245a400e45f7..9ef69aeb976d945157b1f187a4e81ea7cd8259fd 100644
--- a/modules/authX509/lib/Auth/Process/ExpiryWarning.php
+++ b/modules/authX509/lib/Auth/Process/ExpiryWarning.php
@@ -19,8 +19,10 @@ namespace SimpleSAML\Module\authX509\Auth\Process;
class ExpiryWarning extends \SimpleSAML\Auth\ProcessingFilter
{
-
+ /** @var int */
private $warndaysbefore = 30;
+
+ /** @var string|null */
private $renewurl = null;
/**
@@ -57,6 +59,7 @@ class ExpiryWarning extends \SimpleSAML\Auth\ProcessingFilter
* is informed about the expiry date of his/her certificate.
*
* @param array $state The state of the response.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/authX509/lib/Auth/Source/X509userCert.php b/modules/authX509/lib/Auth/Source/X509userCert.php
index 4605c0ee97e4b19e95909e81c2ab255ee7922254..7739cbdb76bca2b6a4e2c9de817c7d15e6b4829d 100644
--- a/modules/authX509/lib/Auth/Source/X509userCert.php
+++ b/modules/authX509/lib/Auth/Source/X509userCert.php
@@ -13,18 +13,21 @@ class X509userCert extends \SimpleSAML\Auth\Source
{
/**
* x509 attributes to use from the certificate for searching the user in the LDAP directory.
+ * @var array
*/
private $x509attributes = ['UID' => 'uid'];
/**
* LDAP attribute containing the user certificate.
+ * This can be set to NULL to avoid looking up the certificate in LDAP
+ * @var array|null
*/
private $ldapusercert = ['userCertificate;binary'];
/**
- * LDAPConfigHelper object
+ * @var \SimpleSAML\Module\ldap\ConfigHelper
*/
private $ldapcf;
@@ -56,8 +59,6 @@ class X509userCert extends \SimpleSAML\Auth\Source
$config,
'Authentication source '.var_export($this->authId, true)
);
-
- return;
}
@@ -67,6 +68,7 @@ class X509userCert extends \SimpleSAML\Auth\Source
* This function can be overloaded by a child authentication class that wish to perform some operations on failure.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authFailed(&$state)
{
@@ -89,6 +91,7 @@ class X509userCert extends \SimpleSAML\Auth\Source
* page. On failure, The authX509:X509error.php template is loaded.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -199,12 +202,12 @@ class X509userCert extends \SimpleSAML\Auth\Source
* This function can be overloaded by a child authentication class that wish to perform some operations after login.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authSuccesful(&$state)
{
\SimpleSAML\Auth\Source::completeAuth($state);
assert(false); // should never be reached
- return;
}
}
diff --git a/modules/authX509/templates/X509error.php b/modules/authX509/templates/X509error.php
index b7f8d42802a9a48e5923fd52e0d577909e409dd2..5db087b3adb7a9537add780cc47123b877f29d48 100644
--- a/modules/authX509/templates/X509error.php
+++ b/modules/authX509/templates/X509error.php
@@ -1,4 +1,5 @@
<?php
+
$this->data['header'] = $this->t('{authX509:X509error:certificate_header}');
$this->includeAtTemplateBase('includes/header.php');
diff --git a/modules/authYubiKey/lib/Auth/Process/OTP2YubiPrefix.php b/modules/authYubiKey/lib/Auth/Process/OTP2YubiPrefix.php
index 42ef300f39b3c68bdbb23e1a1ae7a89620e707ef..b6e7896715bcbe39cf21161d33ab01e6f1f28875 100644
--- a/modules/authYubiKey/lib/Auth/Process/OTP2YubiPrefix.php
+++ b/modules/authYubiKey/lib/Auth/Process/OTP2YubiPrefix.php
@@ -52,6 +52,7 @@ class OTP2YubiPrefix extends \SimpleSAML\Auth\ProcessingFilter
* a 'yubiPrefix' attribute that leaves out the dynamic part.
*
* @param array &$state The state we should update.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/authYubiKey/lib/Auth/Source/YubiKey.php b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
index 65ddf84906d3de16f15fc0f04efc73100fe2cb0e..864f595cbe658ce58ce19e81dd6d958b9c970566 100644
--- a/modules/authYubiKey/lib/Auth/Source/YubiKey.php
+++ b/modules/authYubiKey/lib/Auth/Source/YubiKey.php
@@ -62,10 +62,14 @@ class YubiKey extends \SimpleSAML\Auth\Source
/**
* The client id/key for use with the Auth_Yubico PHP module.
+ * @var string
*/
private $yubi_id;
+
+ /** @var string */
private $yubi_key;
+
/**
* Constructor for this authentication source.
*
@@ -97,6 +101,7 @@ class YubiKey extends \SimpleSAML\Auth\Source
* login page.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -162,8 +167,12 @@ class YubiKey extends \SimpleSAML\Auth\Source
return null;
}
+
/**
* Return the user id part of a one time passord
+ *
+ * @param string $otp
+ * @return string
*/
public static function getYubiKeyPrefix($otp)
{
@@ -171,6 +180,7 @@ class YubiKey extends \SimpleSAML\Auth\Source
return $uid;
}
+
/**
* Attempt to log in using the given username and password.
*
diff --git a/modules/authYubiKey/libextinc/Yubico.php b/modules/authYubiKey/libextinc/Yubico.php
index d6f4c709aafe84ea19f5ff1a6724a8b322d49c59..d222f6b67e07a18c6b045a26cef2c7623fead10d 100644
--- a/modules/authYubiKey/libextinc/Yubico.php
+++ b/modules/authYubiKey/libextinc/Yubico.php
@@ -125,9 +125,11 @@ class Auth_Yubico
// Support https
$url = "https://api.yubico.com/wsapi/verify?".$parameters;
+ /** @var string $responseMsg */
$responseMsg = \SimpleSAML\Utils\HTTP::fetch($url);
- if (!preg_match("/status=([a-zA-Z0-9_]+)/", $responseMsg, $out)) {
+ $out = [];
+ if (preg_match("/status=([a-zA-Z0-9_]+)/", $responseMsg, $out) !== 1) {
throw new Exception('Could not parse response');
}
diff --git a/modules/authYubiKey/templates/yubikeylogin.twig b/modules/authYubiKey/templates/yubikeylogin.twig
index 8fa4385f21dfba30141035b379d0b5793764b82e..cedb3f703c3acff864cf0b0ba1790965d408b466 100644
--- a/modules/authYubiKey/templates/yubikeylogin.twig
+++ b/modules/authYubiKey/templates/yubikeylogin.twig
@@ -2,11 +2,11 @@
{% extends "base.twig" %}
{% block preload %}
- <link rel="stylesheet" type="text/css" href="{{ baseurlpath }}assets/css/yubikey.css">
+ <link rel="stylesheet" href="/{{ baseurlpath }}module.php/authYubiKey/assets/css/yubikey.css">
{% endblock %}
{% block postload %}
- <script src="{{ baseurlpath }}assets/js/autofocus.js"></script>
+ <script src="/{{ baseurlpath }}module.php/authYubiKey/assets/js/autofocus.js"></script>
{% endblock %}
{% block content %}
diff --git a/modules/authfacebook/extlibinc/base_facebook.php b/modules/authfacebook/extlibinc/base_facebook.php
index aa1a23efb24e0139820037d699d1809a0d82b509..d83380497902868026295ea30860d8e153ae7a44 100644
--- a/modules/authfacebook/extlibinc/base_facebook.php
+++ b/modules/authfacebook/extlibinc/base_facebook.php
@@ -170,25 +170,27 @@ abstract class BaseFacebook
/**
* The ID of the Facebook user, or 0 if the user is logged out.
*
- * @var integer
+ * @var integer|string|null
*/
- protected $user;
+ protected $user = null;
/**
* The data from the signed_request token.
+ * @var array|null
*/
- protected $signedRequest;
+ protected $signedRequest = null;
/**
* A CSRF state variable to assist in the defense against CSRF attacks.
+ * @var string|null
*/
- protected $state;
+ protected $state = null;
/**
* The OAuth access token received in exchange for a valid authorization
* code. null means the access token has yet to be determined.
*
- * @var string
+ * @var string|null
*/
protected $accessToken = null;
@@ -402,7 +404,7 @@ abstract class BaseFacebook
* access token if a valid user access token wasn't available. Subsequent
* calls return whatever the first call returned.
*
- * @return string The access token
+ * @return string|null The access token
*/
public function getAccessToken()
{
@@ -495,7 +497,7 @@ abstract class BaseFacebook
* Retrieve the signed request, either from a request parameter or,
* if not present, from a cookie.
*
- * @return array the signed request, if available, or null otherwise.
+ * @return array|null the signed request, if available, or null otherwise.
*/
public function getSignedRequest()
{
@@ -517,7 +519,7 @@ abstract class BaseFacebook
* Get the UID of the connected user, or 0
* if the Facebook user is not connected.
*
- * @return string the UID if available.
+ * @return string|int the UID if available.
*/
public function getUser()
{
@@ -560,7 +562,7 @@ abstract class BaseFacebook
return 0;
}
- $user = $this->getPersistentData('user_id', $default = 0);
+ $user = $this->getPersistentData('user_id', $default = false);
$persisted_access_token = $this->getPersistentData('access_token');
// use access_token to fetch user id if we have a user access_token, or if
@@ -787,6 +789,7 @@ abstract class BaseFacebook
* either logged in to Facebook or has granted an offline access permission.
*
* @param string $code An authorization code.
+ * @param string|null $redirect_uri
* @return mixed An access token exchanged for the authorization code, or
* false if an access token could not be generated.
*/
@@ -893,7 +896,7 @@ abstract class BaseFacebook
* Invoke the Graph API.
*
* @param string $path The path (required)
- * @param string $method The http method (default 'GET')
+ * @param array|string $method The http method (default 'GET')
* @param array $params The query/post data
*
* @return mixed The decoded response object
@@ -937,7 +940,7 @@ abstract class BaseFacebook
* @param string $url The path (required)
* @param array $params The query/post data
*
- * @return string The decoded response object
+ * @return string|null The decoded response object
* @throws FacebookApiException
*/
protected function _oauthRequest($url, $params)
@@ -963,13 +966,13 @@ abstract class BaseFacebook
*
* @param string $url The URL to make the request to
* @param array $params The parameters to use for the POST body
- * @param CurlHandler $ch Initialized curl handle
+ * @param resource|null $ch Initialized curl handle
*
- * @return string The response text
+ * @return string|true The response text
*/
protected function makeRequest($url, $params, $ch = null)
{
- if (!$ch) {
+ if ($ch === null) {
$ch = curl_init();
}
@@ -1039,7 +1042,7 @@ abstract class BaseFacebook
* Parses a signed_request and validates the signature.
*
* @param string $signed_request A signed token
- * @return array The payload inside it or null if the sig is wrong
+ * @return array|null The payload inside it or null if the sig is wrong
*/
protected function parseSignedRequest($signed_request)
{
@@ -1067,7 +1070,7 @@ abstract class BaseFacebook
/**
* Makes a signed_request blob using the given data.
*
- * @param $data array The data array.
+ * @param array $data The data array.
* @return string The signed request.
*/
protected function makeSignedRequest($data)
@@ -1089,7 +1092,7 @@ abstract class BaseFacebook
/**
* Build the URL for api given parameters.
*
- * @param $method String the method name.
+ * @param string $method String the method name.
* @return string The URL for the given parameters
*/
protected function getApiUrl($method)
@@ -1169,9 +1172,9 @@ abstract class BaseFacebook
/**
* Build the URL for given domain alias, path and parameters.
*
- * @param $name string The name of the domain
- * @param $path string Optional path (without a leading slash)
- * @param $params array Optional query parameters
+ * @param string $name The name of the domain
+ * @param string $path Optional path (without a leading slash)
+ * @param array $params Optional query parameters
*
* @return string The URL for the given parameters
*/
@@ -1191,6 +1194,9 @@ abstract class BaseFacebook
return $url;
}
+ /**
+ * @return string
+ */
protected function getHttpHost()
{
if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
@@ -1199,6 +1205,9 @@ abstract class BaseFacebook
return $_SERVER['HTTP_HOST'];
}
+ /**
+ * @return string
+ */
protected function getHttpProtocol()
{
if ($this->trustForwarded && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
@@ -1220,6 +1229,7 @@ abstract class BaseFacebook
/**
* Get the base domain used for the cookie.
+ * @return string
*/
protected function getBaseDomain()
{
@@ -1261,8 +1271,9 @@ abstract class BaseFacebook
* because the access token is no longer valid. If that is
* the case, then we destroy the session.
*
- * @param $result array A record storing the error message returned
+ * @param array $result A record storing the error message returned
* by a failed API call.
+ * @return void
*/
protected function throwAPIException($result)
{
@@ -1292,6 +1303,7 @@ abstract class BaseFacebook
* Prints to the error log if you aren't in command line mode.
*
* @param string $msg Log message
+ * @return void
*/
protected static function errorLog($msg)
{
@@ -1336,6 +1348,7 @@ abstract class BaseFacebook
/**
* Destroy the current session
+ * @return void
*/
public function destroySession()
{
@@ -1395,6 +1408,11 @@ abstract class BaseFacebook
return $metadata;
}
+ /**
+ * @param string $big
+ * @param string $small
+ * @return string|bool
+ */
protected static function isAllowedDomain($big, $small)
{
if ($big === $small) {
@@ -1403,6 +1421,11 @@ abstract class BaseFacebook
return self::endsWith($big, '.'.$small);
}
+ /**
+ * @param string $big
+ * @param string $small
+ * @return string|bool
+ */
protected static function endsWith($big, $small)
{
$len = strlen($small);
@@ -1427,7 +1450,7 @@ abstract class BaseFacebook
* getPersistentData($key) return $value. This call may be in another request.
*
* @param string $key
- * @param array $value
+ * @param mixed $value
*
* @return void
*/
diff --git a/modules/authfacebook/lib/Auth/Source/Facebook.php b/modules/authfacebook/lib/Auth/Source/Facebook.php
index a2bee6a7a368d460d2998aef16d72810a834ab97..69dd4624bc908758a4fa92936a9c8c3aae5c2dcc 100644
--- a/modules/authfacebook/lib/Auth/Source/Facebook.php
+++ b/modules/authfacebook/lib/Auth/Source/Facebook.php
@@ -88,6 +88,7 @@ class Facebook extends \SimpleSAML\Auth\Source
* Log-in using Facebook platform
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -111,6 +112,10 @@ class Facebook extends \SimpleSAML\Auth\Source
}
+ /**
+ * @param array &$state
+ * @return void
+ */
public function finalStep(&$state)
{
assert(is_array($state));
diff --git a/modules/authfacebook/lib/Facebook.php b/modules/authfacebook/lib/Facebook.php
index cf68d348a52d3530b98879a284977efc120cbf61..c39183c08e42efaae0dfd8f51d1fe715d5a888d9 100644
--- a/modules/authfacebook/lib/Facebook.php
+++ b/modules/authfacebook/lib/Facebook.php
@@ -17,14 +17,24 @@ class Facebook extends \BaseFacebook
// expiration will trump this
const FBSS_COOKIE_EXPIRE = 31556926; // 1 year
- // Stores the shared session ID if one is set
+ /**
+ * Stores the shared session ID if one is set
+ * @var string
+ */
protected $sharedSessionID;
- // SimpleSAMLphp state array
+ /**
+ * SimpleSAMLphp state array
+ * @var array
+ */
protected $ssp_state;
- // \SimpleSAML\Auth\State
- protected $state;
+ /** @var string|null */
+ protected $state = null;
+
+ /** @var array */
+ protected static $kSupportedKeys = ['state', 'code', 'access_token', 'user_id'];
+
/**
* Identical to the parent constructor, except that
@@ -32,7 +42,8 @@ class Facebook extends \BaseFacebook
* access token if during the course of execution
* we discover them.
*
- * @param Array $config the application configuration. Additionally
+ * @param array $config the application configuration. Additionally
+ * @param array &$ssp_state
* accepts "sharedSession" as a boolean to turn on a secondary
* cookie for environments with a shared session (that is, your app
* shares the domain with other apps).
@@ -48,8 +59,10 @@ class Facebook extends \BaseFacebook
}
}
- protected static $kSupportedKeys = ['state', 'code', 'access_token', 'user_id'];
+ /**
+ * @return void
+ */
protected function initSharedSession()
{
$cookie_name = $this->getSharedSessionCookieName();
@@ -87,11 +100,16 @@ class Facebook extends \BaseFacebook
}
}
+
/**
* Provides the implementations of the inherited abstract
* methods. The implementation uses PHP sessions to maintain
* a store for authorization codes, user ids, CSRF states, and
* access tokens.
+ *
+ * @param string $key
+ * @param mixed $value
+ * @return void
*/
protected function setPersistentData($key, $value)
{
@@ -104,6 +122,12 @@ class Facebook extends \BaseFacebook
$this->ssp_state[$session_var_name] = $value;
}
+
+ /**
+ * @param string $key
+ * @param bool $default
+ * @return mixed
+ */
protected function getPersistentData($key, $default = false)
{
if (!in_array($key, self::$kSupportedKeys)) {
@@ -115,6 +139,11 @@ class Facebook extends \BaseFacebook
return isset($this->ssp_state[$session_var_name]) ? $this->ssp_state[$session_var_name] : $default;
}
+
+ /**
+ * @param string $key
+ * @return void
+ */
protected function clearPersistentData($key)
{
if (!in_array($key, self::$kSupportedKeys)) {
@@ -128,6 +157,10 @@ class Facebook extends \BaseFacebook
}
}
+
+ /**
+ * @return void
+ */
protected function clearAllPersistentData()
{
foreach (self::$kSupportedKeys as $key) {
@@ -138,6 +171,10 @@ class Facebook extends \BaseFacebook
}
}
+
+ /**
+ * @return void
+ */
protected function deleteSharedSessionCookie()
{
$cookie_name = $this->getSharedSessionCookieName();
@@ -146,11 +183,20 @@ class Facebook extends \BaseFacebook
setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
}
+
+ /**
+ * @return string
+ */
protected function getSharedSessionCookieName()
{
return self::FBSS_COOKIE_NAME.'_'.$this->getAppId();
}
+
+ /**
+ * @param string $key
+ * @return string
+ */
protected function constructSessionVariableName($key)
{
$parts = ['authfacebook:authdata:fb', $this->getAppId(), $key];
@@ -160,6 +206,10 @@ class Facebook extends \BaseFacebook
return implode('_', $parts);
}
+
+ /**
+ * @return void
+ */
protected function establishCSRFTokenState()
{
if ($this->state === null) {
diff --git a/modules/authfacebook/www/linkback.php b/modules/authfacebook/www/linkback.php
index 6a24590194e4ec6a3e390386b5f937853fec4e86..2b95301f0a1f7f5451bf9ad0d86c21cd695b9b2f 100644
--- a/modules/authfacebook/www/linkback.php
+++ b/modules/authfacebook/www/linkback.php
@@ -27,6 +27,7 @@ if (!array_key_exists(\SimpleSAML\Module\authfacebook\Auth\Source\Facebook::AUTH
}
$sourceId = $state[\SimpleSAML\Module\authfacebook\Auth\Source\Facebook::AUTHID];
+/** @var \SimpleSAML\Module\authfacebook\Auth\Source\Facebook|null $source */
$source = \SimpleSAML\Auth\Source::getById($sourceId);
if ($source === null) {
throw new \SimpleSAML\Error\BadRequest(
diff --git a/modules/authlinkedin/lib/Auth/Source/LinkedIn.php b/modules/authlinkedin/lib/Auth/Source/LinkedIn.php
index 0716d8663f296366c247fb46ae22801ccab9b6cf..f270834c73b5b47e20aad2a478264c763e03d2fa 100644
--- a/modules/authlinkedin/lib/Auth/Source/LinkedIn.php
+++ b/modules/authlinkedin/lib/Auth/Source/LinkedIn.php
@@ -23,8 +23,13 @@ class LinkedIn extends \SimpleSAML\Auth\Source
*/
const AUTHID = 'authlinkedin:AuthId';
+ /** @var string */
private $key;
+
+ /** @var string */
private $secret;
+
+ /** @var string */
private $attributes;
@@ -33,6 +38,7 @@ class LinkedIn extends \SimpleSAML\Auth\Source
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
+ * @throws \Exception
*/
public function __construct($info, $config)
{
@@ -68,6 +74,7 @@ class LinkedIn extends \SimpleSAML\Auth\Source
* Documentation at: http://developer.linkedin.com/docs/DOC-1008
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -104,6 +111,10 @@ class LinkedIn extends \SimpleSAML\Auth\Source
}
+ /**
+ * @param array &$state
+ * @return void
+ */
public function finalStep(&$state)
{
$requestToken = $state['authlinkedin:requestToken'];
diff --git a/modules/authlinkedin/www/linkback.php b/modules/authlinkedin/www/linkback.php
index 157525ab29b505ada5462f70bd368fb4b74495c8..922e157fccc47364a60220ab511bf1366cae153b 100644
--- a/modules/authlinkedin/www/linkback.php
+++ b/modules/authlinkedin/www/linkback.php
@@ -23,6 +23,7 @@ if (array_key_exists('oauth_verifier', $_REQUEST)) {
assert(array_key_exists(\SimpleSAML\Module\authlinkedin\Auth\Source\LinkedIn::AUTHID, $state));
$sourceId = $state[\SimpleSAML\Module\authlinkedin\Auth\Source\LinkedIn::AUTHID];
+/** @var \SimpleSAML\Module\authlinkedin\Auth\Source\LinkedIn|null $source */
$source = \SimpleSAML\Auth\Source::getById($sourceId);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$sourceId);
diff --git a/modules/authorize/lib/Auth/Process/Authorize.php b/modules/authorize/lib/Auth/Process/Authorize.php
index e40cbaf36274373fc66bb2694d84bfa79cc3ea18..8185e03c0d111b5ef3667d2b5707edeb63e6c77a 100644
--- a/modules/authorize/lib/Auth/Process/Authorize.php
+++ b/modules/authorize/lib/Auth/Process/Authorize.php
@@ -99,6 +99,7 @@ class Authorize extends \SimpleSAML\Auth\ProcessingFilter
* Apply filter to validate attributes.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
@@ -108,7 +109,7 @@ class Authorize extends \SimpleSAML\Auth\ProcessingFilter
$attributes = &$request['Attributes'];
// Store the rejection message array in the $request
- if(!empty($this->reject_msg)) {
+ if (!empty($this->reject_msg)) {
$request['authprocAuthorize_reject_msg'] = $this->reject_msg;
}
@@ -149,6 +150,7 @@ class Authorize extends \SimpleSAML\Auth\ProcessingFilter
* permission logic.
*
* @param array $request
+ * @return void
*/
protected function unauthorized(&$request)
{
diff --git a/modules/authorize/templates/authorize_403.php b/modules/authorize/templates/authorize_403.php
index d4d5b79a09c0f49916ab6af16a9def6da26e8626..0c102a1bc28d60bf2581f480328a6bd9348e998d 100644
--- a/modules/authorize/templates/authorize_403.php
+++ b/modules/authorize/templates/authorize_403.php
@@ -14,7 +14,7 @@ $this->data['403_header'] = $this->t('{authorize:Authorize:403_header}');
$this->data['403_text'] = $this->t('{authorize:Authorize:403_text}');
if (array_key_exists('reject_msg', $this->data)) {
- if(isset($this->data['reject_msg'][$this->getLanguage()])) {
+ if (isset($this->data['reject_msg'][$this->getLanguage()])) {
$this->data['403_text'] = $this->data['reject_msg'][$this->getLanguage()];
}
}
diff --git a/modules/authtwitter/lib/Auth/Source/Twitter.php b/modules/authtwitter/lib/Auth/Source/Twitter.php
index 19ff725800132cef6758cdaf9366a9b1a96f0f35..6a0a03e99d92d152a968e1897399d338f445a2e4 100644
--- a/modules/authtwitter/lib/Auth/Source/Twitter.php
+++ b/modules/authtwitter/lib/Auth/Source/Twitter.php
@@ -72,6 +72,7 @@ class Twitter extends \SimpleSAML\Auth\Source
* Log-in using Twitter platform
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -103,6 +104,11 @@ class Twitter extends \SimpleSAML\Auth\Source
$consumer->getAuthorizeRequest($url, $requestToken);
}
+
+ /**
+ * @param array &$state
+ * @return void
+ */
public function finalStep(&$state)
{
$requestToken = $state['authtwitter:authdata:requestToken'];
diff --git a/modules/authtwitter/www/linkback.php b/modules/authtwitter/www/linkback.php
index cbeed68a7be8028ae0e217cadb15d199948b56af..78c0382a42b9ad56acd10d12c6875eba7297993e 100644
--- a/modules/authtwitter/www/linkback.php
+++ b/modules/authtwitter/www/linkback.php
@@ -20,6 +20,7 @@ if (!array_key_exists(\SimpleSAML\Module\authtwitter\Auth\Source\Twitter::AUTHID
}
$sourceId = $state[\SimpleSAML\Module\authtwitter\Auth\Source\Twitter::AUTHID];
+/** @var \SimpleSAML\Module\authtwitter\Auth\Source\Twitter|null $source */
$source = \SimpleSAML\Auth\Source::getById($sourceId);
if ($source === null) {
throw new \SimpleSAML\Error\BadRequest(
diff --git a/modules/authwindowslive/lib/Auth/Source/LiveID.php b/modules/authwindowslive/lib/Auth/Source/LiveID.php
index 3f4dc5446d3cd64b7020d66f2fd4e821736a2d58..1b64be62f09cdfe8cf18762133a34ffaad069342 100644
--- a/modules/authwindowslive/lib/Auth/Source/LiveID.php
+++ b/modules/authwindowslive/lib/Auth/Source/LiveID.php
@@ -21,9 +21,13 @@ class LiveID extends \SimpleSAML\Auth\Source
*/
const AUTHID = 'authwindowslive:AuthId';
+ /** @var string */
private $key;
+
+ /** @var string */
private $secret;
+
/**
* Constructor for this authentication source.
*
@@ -57,6 +61,7 @@ class LiveID extends \SimpleSAML\Auth\Source
* Log-in using LiveID platform
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -85,8 +90,8 @@ class LiveID extends \SimpleSAML\Auth\Source
}
/**
- * @param $state
- *
+ * @param array &$state
+ * @return void
* @throws \Exception
*/
public function finalStep(&$state)
diff --git a/modules/authwindowslive/www/linkback.php b/modules/authwindowslive/www/linkback.php
index 758bdd215f6b490ef11b8b554e1cf2914929595b..3800cd180b8440417cece31febaa91de31de20c3 100644
--- a/modules/authwindowslive/www/linkback.php
+++ b/modules/authwindowslive/www/linkback.php
@@ -39,6 +39,7 @@ if (array_key_exists('code', $_REQUEST)) {
assert(array_key_exists(\SimpleSAML\Module\authwindowslive\Auth\Source\LiveID::AUTHID, $state));
$sourceId = $state[\SimpleSAML\Module\authwindowslive\Auth\Source\LiveID::AUTHID];
+/** @var \SimpleSAML\Module\authwindowslive\Auth\Source\LiveID|null $source */
$source = \SimpleSAML\Auth\Source::getById($sourceId);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$sourceId);
diff --git a/modules/cas/lib/Auth/Source/CAS.php b/modules/cas/lib/Auth/Source/CAS.php
index 08f153c130f4a0ae2b545ba3e950f369f06f9d64..e4a231327ae88937d0707574a61fdadde028ba9d 100644
--- a/modules/cas/lib/Auth/Source/CAS.php
+++ b/modules/cas/lib/Auth/Source/CAS.php
@@ -29,7 +29,7 @@ class CAS extends \SimpleSAML\Auth\Source
private $ldapConfig;
/**
- * @var cas configuration
+ * @var array cas configuration
*/
private $casConfig;
@@ -178,6 +178,7 @@ class CAS extends \SimpleSAML\Auth\Source
/**
* Called by linkback, to finish validate/ finish logging in.
* @param array $state
+ * @return void
*/
public function finalStep(&$state)
{
@@ -213,6 +214,7 @@ class CAS extends \SimpleSAML\Auth\Source
* Log-in using cas
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -241,6 +243,7 @@ class CAS extends \SimpleSAML\Auth\Source
* showing the user a page, or redirecting, this function should return.
*
* @param array &$state Information about the current logout operation.
+ * @return void
*/
public function logout(&$state)
{
diff --git a/modules/cas/www/linkback.php b/modules/cas/www/linkback.php
index 366583c8a7e572099e66cfaad716faaa084f3788..0b062a060b0a7841ce1d867dba5a0939c723e2be 100644
--- a/modules/cas/www/linkback.php
+++ b/modules/cas/www/linkback.php
@@ -18,6 +18,7 @@ $state['cas:ticket'] = (string) $_GET['ticket'];
assert(array_key_exists(\SimpleSAML\Module\cas\Auth\Source\CAS::AUTHID, $state));
$sourceId = $state[\SimpleSAML\Module\cas\Auth\Source\CAS::AUTHID];
+/** @var \SimpleSAML\Module\cas\Auth\Source\CAS|null $source */
$source = \SimpleSAML\Auth\Source::getById($sourceId);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$sourceId);
diff --git a/modules/cdc/config-templates/module_cdc.php b/modules/cdc/config-templates/module_cdc.php
deleted file mode 100644
index 411bbc47110b4581eab72f0174f4edd66da9ff3e..0000000000000000000000000000000000000000
--- a/modules/cdc/config-templates/module_cdc.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-
-$config = [
- 'example.org' => [
- /*
- * The shared key for this CDC server.
- */
- 'key' => 'ExampleSharedKey',
-
- /*
- * The URL to the server script.
- */
- 'server' => 'https://my-cdc.example.org/simplesaml/module.php/cdc/server.php',
-
- /*
- * The lifetime of our cookie, in seconds.
- *
- * If this is 0, the cookie will expire when the browser is closed.
- */
- 'cookie.lifetime' => 0,
- ],
-];
diff --git a/modules/cdc/default-disable b/modules/cdc/default-disable
deleted file mode 100644
index fa0bd82e2df7bd79d57593d35bc53c1f9d3ef71f..0000000000000000000000000000000000000000
--- a/modules/cdc/default-disable
+++ /dev/null
@@ -1,3 +0,0 @@
-This file indicates that the default state of this module
-is disabled. To enable, create a file named enable in the
-same directory as this file.
diff --git a/modules/cdc/lib/Auth/Process/CDC.php b/modules/cdc/lib/Auth/Process/CDC.php
deleted file mode 100644
index bf2a669d67ca5b60275cb3c4f26ea71deab7fd29..0000000000000000000000000000000000000000
--- a/modules/cdc/lib/Auth/Process/CDC.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-
-namespace SimpleSAML\module\cdc\Auth\Process;
-
-/**
- * Filter for setting the SAML 2 common domain cookie.
- *
- * @package SimpleSAMLphp
- */
-
-class CDC extends \SimpleSAML\Auth\ProcessingFilter
-{
- /**
- * Our CDC domain.
- *
- * @var string
- */
- private $domain;
-
-
- /**
- * Our CDC client.
- *
- * @var \SimpleSAML\Module\cdc\Client
- */
- private $client;
-
-
- /**
- * Initialize this filter.
- *
- * @param array $config Configuration information about this filter.
- * @param mixed $reserved For future use.
- */
- public function __construct($config, $reserved)
- {
- parent::__construct($config, $reserved);
- assert(is_array($config));
-
- if (!isset($config['domain'])) {
- throw new \SimpleSAML\Error\Exception('Missing domain option in cdc:CDC filter.');
- }
- $this->domain = (string) $config['domain'];
-
- $this->client = new \SimpleSAML\Module\cdc\Client($this->domain);
- }
-
-
- /**
- * Redirect to page setting CDC.
- *
- * @param array &$state The request state.
- */
- public function process(&$state)
- {
- assert(is_array($state));
-
- if (!isset($state['Source']['entityid'])) {
- \SimpleSAML\Logger::warning('saml:CDC: Could not find IdP entityID.');
- return;
- }
-
- // Save state and build request
- $id = \SimpleSAML\Auth\State::saveState($state, 'cdc:resume');
-
- $returnTo = \SimpleSAML\Module::getModuleURL('cdc/resume.php', ['domain' => $this->domain]);
-
- $params = [
- 'id' => $id,
- 'entityID' => $state['Source']['entityid'],
- ];
- $this->client->sendRequest($returnTo, 'append', $params);
- }
-}
diff --git a/modules/cdc/lib/Client.php b/modules/cdc/lib/Client.php
deleted file mode 100644
index 609aef63f403f78256597fc3a2e4f6a4d075cfe9..0000000000000000000000000000000000000000
--- a/modules/cdc/lib/Client.php
+++ /dev/null
@@ -1,70 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\cdc;
-
-/**
- * CDC client class.
- *
- * @package SimpleSAMLphp
- */
-
-class Client
-{
- /**
- * Our CDC domain.
- *
- * @var string
- */
- private $domain;
-
-
- /**
- * The CDC server we send requests to.
- *
- * @var Server|NULL
- */
- private $server;
-
-
- /**
- * Initialize a CDC client.
- *
- * @param string $domain The domain we should query the server for.
- */
- public function __construct($domain)
- {
- assert(is_string($domain));
-
- $this->domain = $domain;
- $this->server = new Server($domain);
- }
-
-
- /**
- * Receive a CDC response.
- *
- * @return array|NULL The response, or NULL if no response is received.
- */
- public function getResponse()
- {
- return $this->server->getResponse();
- }
-
-
- /**
- * Send a request.
- *
- * @param string $returnTo The URL we should return to afterwards.
- * @param string $op The operation we are performing.
- * @param array $params Additional parameters.
- */
- public function sendRequest($returnTo, $op, array $params = [])
- {
- assert(is_string($returnTo));
- assert(is_string($op));
-
- $params['op'] = $op;
- $params['return'] = $returnTo;
- $this->server->sendRequest($params);
- }
-}
diff --git a/modules/cdc/lib/Server.php b/modules/cdc/lib/Server.php
deleted file mode 100644
index affcf668ac241429c7eb933f87bfb48605dac0f1..0000000000000000000000000000000000000000
--- a/modules/cdc/lib/Server.php
+++ /dev/null
@@ -1,426 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\cdc;
-
-/**
- * CDC server class.
- *
- * @package SimpleSAMLphp
- */
-
-class Server
-{
- /**
- * The domain.
- *
- * @var string
- */
- private $domain;
-
-
- /**
- * The URL to the server.
- *
- * @var string
- */
- private $server;
-
-
- /**
- * Our shared key.
- *
- * @var string
- */
- private $key;
-
-
- /**
- * The lifetime of our cookie, in seconds.
- *
- * If this is 0, the cookie will expire when the browser is closed.
- *
- * @param int
- */
- private $cookieLifetime;
-
-
- /**
- * Initialize a CDC server.
- *
- * @param string $domain The domain we are a server for.
- */
- public function __construct($domain)
- {
- assert(is_string($domain));
-
- $cdcConfig = \SimpleSAML\Configuration::getConfig('module_cdc.php');
- $config = $cdcConfig->getConfigItem($domain, null);
-
- if ($config === null) {
- throw new \SimpleSAML\Error\Exception('Unknown CDC domain: '.var_export($domain, true));
- }
-
- $this->domain = $domain;
- $this->server = $config->getString('server');
- $this->key = $config->getString('key');
- $this->cookieLifetime = $config->getInteger('cookie.lifetime', 0);
-
- if ($this->key === 'ExampleSharedKey') {
- throw new \SimpleSAML\Error\Exception(
- 'Key for CDC domain '.var_export($domain, true).' not changed from default.'
- );
- }
- }
-
-
- /**
- * Send a request to this CDC server.
- *
- * @param array $request The CDC request.
- */
- public function sendRequest(array $request)
- {
- assert(isset($request['return']));
- assert(isset($request['op']));
-
- $request['domain'] = $this->domain;
- $this->send($this->server, 'CDCRequest', $request);
- }
-
-
- /**
- * Parse and validate response received from a CDC server.
- *
- * @return array|NULL The response, or NULL if no response is received.
- */
- public function getResponse()
- {
- $response = self::get('CDCResponse');
- if ($response === null) {
- return null;
- }
-
- if ($response['domain'] !== $this->domain) {
- throw new \SimpleSAML\Error\Exception('Response received from wrong domain.');
- }
-
- $this->validate('CDCResponse');
-
- return $response;
- }
-
-
- /**
- * Parse and process a CDC request.
- */
- public static function processRequest()
- {
- $request = self::get('CDCRequest');
- if ($request === null) {
- throw new \SimpleSAML\Error\BadRequest('Missing "CDCRequest" parameter.');
- }
-
- $domain = $request['domain'];
- $server = new Server($domain);
-
- $server->validate('CDCRequest');
- $server->handleRequest($request);
- }
-
-
- /**
- * Handle a parsed CDC requst.
- *
- * @param array $request
- */
- private function handleRequest(array $request)
- {
- if (!isset($request['op'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing "op" in CDC request.');
- }
- $op = (string) $request['op'];
-
- \SimpleSAML\Logger::info('Received CDC request with "op": '.var_export($op, true));
-
- if (!isset($request['return'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing "return" in CDC request.');
- }
- $return = (string) $request['return'];
-
- switch ($op) {
- case 'append':
- $response = $this->handleAppend($request);
- break;
- case 'delete':
- $response = $this->handleDelete($request);
- break;
- case 'read':
- $response = $this->handleRead($request);
- break;
- default:
- $response = 'unknown-op';
- }
-
- if (is_string($response)) {
- $response = [
- 'status' => $response,
- ];
- }
-
- $response['op'] = $op;
- if (isset($request['id'])) {
- $response['id'] = (string) $request['id'];
- }
- $response['domain'] = $this->domain;
-
- $this->send($return, 'CDCResponse', $response);
- }
-
-
- /**
- * Handle an append request.
- *
- * @param array $request The request.
- * @return string The response.
- */
- private function handleAppend(array $request)
- {
- if (!isset($request['entityID'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing entityID in append request.');
- }
- $entityID = (string) $request['entityID'];
-
- $list = $this->getCDC();
-
- $prevIndex = array_search($entityID, $list, true);
- if ($prevIndex !== false) {
- unset($list[$prevIndex]);
- }
- $list[] = $entityID;
-
- $this->setCDC($list);
-
- return 'ok';
- }
-
-
- /**
- * Handle a delete request.
- *
- * @param array $request The request.
- * @return string The response.
- */
- private function handleDelete(array $request)
- {
- $params = [
- 'path' => '/',
- 'domain' => '.'.$this->domain,
- 'secure' => true,
- 'httponly' => false,
- ];
-
- \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', null, $params, false);
- return 'ok';
- }
-
-
- /**
- * Handle a read request.
- *
- * @param array $request The request.
- * @return array The response.
- */
- private function handleRead(array $request)
- {
- $list = $this->getCDC();
-
- return [
- 'status' => 'ok',
- 'cdc' => $list,
- ];
- }
-
-
- /**
- * Helper function for parsing and validating a CDC message.
- *
- * @param string $parameter The name of the query parameter.
- * @return array|NULL The response, or NULL if no response is received.
- */
- private static function get($parameter)
- {
- assert(is_string($parameter));
-
- if (!isset($_REQUEST[$parameter])) {
- return null;
- }
- $message = (string) $_REQUEST[$parameter];
-
- $message = @base64_decode($message);
- if ($message === false) {
- throw new \SimpleSAML\Error\BadRequest('Error base64-decoding CDC message.');
- }
-
- $message = @json_decode($message, true);
- if ($message === false) {
- throw new \SimpleSAML\Error\BadRequest('Error json-decoding CDC message.');
- }
-
- if (!isset($message['timestamp'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing timestamp in CDC message.');
- }
- $timestamp = (int) $message['timestamp'];
-
- if ($timestamp + 60 < time()) {
- throw new \SimpleSAML\Error\BadRequest('CDC signature has expired.');
- }
- if ($timestamp - 60 > time()) {
- throw new \SimpleSAML\Error\BadRequest('CDC signature from the future.');
- }
-
- if (!isset($message['domain'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing domain in CDC message.');
- }
-
- return $message;
- }
-
-
- /**
- * Helper function for validating the signature on a CDC message.
- *
- * Will throw an exception if the message is invalid.
- *
- * @param string $parameter The name of the query parameter.
- */
- private function validate($parameter)
- {
- assert(is_string($parameter));
- assert(isset($_REQUEST[$parameter]));
-
- $message = (string) $_REQUEST[$parameter];
-
- if (!isset($_REQUEST['Signature'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing Signature on CDC message.');
- }
- $signature = (string) $_REQUEST['Signature'];
-
- $cSignature = $this->calcSignature($message);
- if ($signature !== $cSignature) {
- throw new \SimpleSAML\Error\BadRequest('Invalid signature on CDC message.');
- }
- }
-
-
- /**
- * Helper function for sending CDC messages.
- *
- * @param string $to The URL the message should be delivered to.
- * @param string $parameter The query parameter the message should be sent in.
- * @param array $message The CDC message.
- */
- private function send($to, $parameter, array $message)
- {
- assert(is_string($to));
- assert(is_string($parameter));
-
- $message['timestamp'] = time();
- $message = json_encode($message);
- $message = base64_encode($message);
-
- $signature = $this->calcSignature($message);
-
- $params = [
- $parameter => $message,
- 'Signature' => $signature,
- ];
-
- $url = \SimpleSAML\Utils\HTTP::addURLParameters($to, $params);
- if (strlen($url) < 2048) {
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
- } else {
- \SimpleSAML\Utils\HTTP::submitPOSTData($to, $params);
- }
- }
-
-
- /**
- * Calculate the signature on the given message.
- *
- * @param string $rawMessage The base64-encoded message.
- * @return string The signature.
- */
- private function calcSignature($rawMessage)
- {
- assert(is_string($rawMessage));
-
- return sha1($this->key.$rawMessage.$this->key);
- }
-
-
- /**
- * Get the IdP entities saved in the common domain cookie.
- *
- * @return array List of IdP entities.
- */
- private function getCDC()
- {
- if (!isset($_COOKIE['_saml_idp'])) {
- return [];
- }
-
- $ret = (string) $_COOKIE['_saml_idp'];
- $ret = explode(' ', $ret);
- foreach ($ret as &$idp) {
- $idp = base64_decode($idp);
- if ($idp === false) {
- // Not properly base64 encoded
- \SimpleSAML\Logger::warning('CDC - Invalid base64-encoding of CDC entry.');
- return [];
- }
- }
-
- return $ret;
- }
-
-
- /**
- * Build a CDC cookie string.
- *
- * @param array $list The list of IdPs.
- * @return string The CDC cookie value.
- */
- private function setCDC(array $list)
- {
- foreach ($list as &$value) {
- $value = base64_encode($value);
- }
-
- $cookie = implode(' ', $list);
-
- while (strlen($cookie) > 4000) {
- // The cookie is too long. Remove the oldest elements until it is short enough
- $tmp = explode(' ', $cookie, 2);
- if (count($tmp) === 1) {
- /*
- * We are left with a single entityID whose base64
- * representation is too long to fit in a cookie.
- */
- break;
- }
- $cookie = $tmp[1];
- }
-
- $params = [
- 'lifetime' => $this->cookieLifetime,
- 'path' => '/',
- 'domain' => '.'.$this->domain,
- 'secure' => true,
- 'httponly' => false,
- ];
-
- \SimpleSAML\Utils\HTTP::setCookie('_saml_idp', $cookie, $params, false);
-
- return '_saml_idp';
- }
-}
diff --git a/modules/cdc/www/resume.php b/modules/cdc/www/resume.php
deleted file mode 100644
index ebe6b1cc9f246b94dca7ab01d3b208f8f15bd281..0000000000000000000000000000000000000000
--- a/modules/cdc/www/resume.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-if (!array_key_exists('domain', $_REQUEST)) {
- throw new \SimpleSAML\Error\BadRequest('Missing domain to CDC resume handler.');
-}
-
-$domain = (string) $_REQUEST['domain'];
-$client = new \SimpleSAML\Module\cdc\Client($domain);
-
-$response = $client->getResponse();
-if ($response === null) {
- throw new \SimpleSAML\Error\BadRequest('Missing CDC response to CDC resume handler.');
-}
-
-if (!isset($response['id'])) {
- throw new \SimpleSAML\Error\BadRequest('CDCResponse without id.');
-}
-$state = \SimpleSAML\Auth\State::loadState($response['id'], 'cdc:resume');
-
-\SimpleSAML\Auth\ProcessingChain::resumeProcessing($state);
diff --git a/modules/cdc/www/server.php b/modules/cdc/www/server.php
deleted file mode 100644
index d5cfd16ece5aecda1184fdb626e824ca56e2d6a3..0000000000000000000000000000000000000000
--- a/modules/cdc/www/server.php
+++ /dev/null
@@ -1,3 +0,0 @@
-<?php
-
-\SimpleSAML\Module\cdc\Server::processRequest();
diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index f5b6bfc8105732dccc4ed98a80cd2075de87afb1..6af1b63dd867f19ae8b6f6560e7896c2021f83d4 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -383,7 +383,7 @@ class Consent extends \SimpleSAML\Auth\ProcessingFilter
* Create a hash value for the attributes that changes when attributes are added or removed. If the attribute
* values are included in the hash, the hash will change if the values change.
*
- * @param string $attributes The attributes.
+ * @param array $attributes The attributes.
* @param bool $includeValues Whether or not to include the attribute value in the generation of the hash.
*
* @return string SHA1 of the user id, source id, destination id and salt.
diff --git a/modules/consent/lib/Logout.php b/modules/consent/lib/Logout.php
index f82961ee3d487f34ca42225d7f400157f1f57894..0bfcf338528e36fd1ce35f66eece6493c3b99d0c 100644
--- a/modules/consent/lib/Logout.php
+++ b/modules/consent/lib/Logout.php
@@ -10,6 +10,11 @@ namespace SimpleSAML\Module\consent;
class Logout
{
+ /**
+ * @param \SimpleSAML\IdP $idp
+ * @param array $state
+ * @return void
+ */
public static function postLogout(\SimpleSAML\IdP $idp, array $state)
{
$url = \SimpleSAML\Module::getModuleURL('consent/logout_completed.php');
diff --git a/modules/consent/templates/consentform.twig b/modules/consent/templates/consentform.twig
index b1433046a9e07af6757ec0453c9b2c14c715f98b..c8084207d2df6c190f78e2afa93391c17ed4f025 100644
--- a/modules/consent/templates/consentform.twig
+++ b/modules/consent/templates/consentform.twig
@@ -2,7 +2,7 @@
{% extends "base.twig" %}
{% block preload %}
-<link rel="stylesheet" type="text/css" href="{{ baseurlpath }}assets/css/consent.css" />
+<link rel="stylesheet" href="/{{ baseurlpath }}module.php/consent/assets/css/consent.css">
{% endblock %}
{% block content %}
diff --git a/modules/consentAdmin/hooks/hook_configpage.php b/modules/consentAdmin/hooks/hook_configpage.php
index 2ea75afb1108e123dbe9c064e97d75e967cc672c..fc9384f983097fe93d335834b7e9a33c8281ae60 100644
--- a/modules/consentAdmin/hooks/hook_configpage.php
+++ b/modules/consentAdmin/hooks/hook_configpage.php
@@ -3,8 +3,8 @@
* Hook to add the consentAdmin module to the config page.
*
* @param \SimpleSAML\XHTML\Template $template The template that we should alter in this hook.
+ * @return void
*/
-
function consentAdmin_hook_configpage(\SimpleSAML\XHTML\Template &$template)
{
$template->data['links']['consentAdmin'] = [
diff --git a/modules/consentAdmin/hooks/hook_frontpage.php b/modules/consentAdmin/hooks/hook_frontpage.php
index b1903a580ab08beeed8ecc3b742b09a1ea3cf67a..5059384b6e6f1c232cf9cd62df046b2175ffb184 100644
--- a/modules/consentAdmin/hooks/hook_frontpage.php
+++ b/modules/consentAdmin/hooks/hook_frontpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add the consentAdmin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
-
function consentAdmin_hook_frontpage(&$links)
{
assert(is_array($links));
diff --git a/modules/consentAdmin/templates/consentadmin.twig b/modules/consentAdmin/templates/consentadmin.twig
index d27b8a63d399432c22585deb97e35d6aa7f54156..aa1e81ff42580b74a9f54d84673f6f9fa053cf43 100644
--- a/modules/consentAdmin/templates/consentadmin.twig
+++ b/modules/consentAdmin/templates/consentadmin.twig
@@ -2,11 +2,11 @@
{% extends "base.twig" %}
{% block preload %}
-<link rel="stylesheet" type="text/css" href="{{ basepathurl }}assets/css/consentAdmin.css" />
+<link rel="stylesheet" href="/{{ baseurlpath }}module.php/consentAdmin/assets/css/consentAdmin.css">
{% endblock %}
{% block postload %}
-<script src="{{ baseurlpath }}assets/js/consentAdmin.js"></script>
+<script src="/{{ baseurlpath }}module.php/consentAdmin/assets/js/consentAdmin.js"></script>
{% endblock %}
{% block content %}
@@ -77,6 +77,6 @@
<p>{{ '{consentAdmin:consentadmin:consentadmin_description2}'|trans|raw }}</p>
<h2>Logout</h2>
-<p><a href="{{ baseurlpath }}consentAdmin.php?logout=1">Logout</a></p>
+<p><a href="/{{ baseurlpath }}module.php/consentAdmin/consentAdmin.php?logout=1">Logout</a></p>
{% endblock %}
diff --git a/modules/consentAdmin/www/consentAdmin.php b/modules/consentAdmin/www/consentAdmin.php
index 17a091d0871c7a32efdc150c074f7daaaeb8a3c3..5a00ce4e476f7fd142d6c590dadabfb5a2a0035c 100644
--- a/modules/consentAdmin/www/consentAdmin.php
+++ b/modules/consentAdmin/www/consentAdmin.php
@@ -11,9 +11,19 @@
* Author: Mads Freek <freek@ruc.dk>, Jacob Christiansen <jach@wayf.dk>
*/
-/*
+/**
* Runs the processing chain and ignores all filter which have user
* interaction.
+ *
+ * @param array $idp_metadata
+ * @param string $source
+ * @param array $sp_metadata
+ * @param string $sp_entityid
+ * @param array $attributes
+ * @param string $userid
+ * @param bool $hashAttributes
+ * @param array $excludeAttributes
+ * @return array
*/
function driveProcessingChain(
$idp_metadata,
@@ -107,7 +117,6 @@ $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
* Get IdP id and metadata
*/
-
$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
@@ -176,6 +185,7 @@ if ($action !== null && $sp_entityid !== null) {
'consentAdmin:consentadminajax.php',
'consentAdmin:consentadmin'
);
+ $translator = $template->getTranslator();
// Get SP metadata
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
@@ -274,7 +284,7 @@ foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
\SimpleSAML\Logger::info('consentAdmin: ok');
$sp_status = "ok";
}
- // Consent does not exists
+ // Consent does not exist
} else {
SimpleSAML\Logger::info('consentAdmin: none');
$sp_status = "none";
diff --git a/modules/core/hooks/hook_frontpage.php b/modules/core/hooks/hook_frontpage.php
index d2b6eef9c0b15aa8d0020dd8cdd29472c1cf2edf..cbb1469c03a63179cd4d405d0e637b330f90e7f7 100644
--- a/modules/core/hooks/hook_frontpage.php
+++ b/modules/core/hooks/hook_frontpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
-
function core_hook_frontpage(&$links)
{
assert(is_array($links));
diff --git a/modules/core/hooks/hook_sanitycheck.php b/modules/core/hooks/hook_sanitycheck.php
index ef4af3049f99106c63bac2cbcad9d7f4a9fe578b..b7701d862cc462e09cdc5adfb281465793a6b4a1 100644
--- a/modules/core/hooks/hook_sanitycheck.php
+++ b/modules/core/hooks/hook_sanitycheck.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to do sanitycheck
*
* @param array &$hookinfo hookinfo
+ * @return void
*/
-
function core_hook_sanitycheck(&$hookinfo)
{
assert(is_array($hookinfo));
diff --git a/modules/core/lib/Auth/Process/AttributeAdd.php b/modules/core/lib/Auth/Process/AttributeAdd.php
index deb3ac310c4f1e8d6d4152080473dacaadc39814..b568998866cb160270989d141257ab1ac077fd18 100644
--- a/modules/core/lib/Auth/Process/AttributeAdd.php
+++ b/modules/core/lib/Auth/Process/AttributeAdd.php
@@ -10,7 +10,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class AttributeAdd extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -28,10 +27,10 @@ class AttributeAdd extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -66,6 +65,7 @@ class AttributeAdd extends \SimpleSAML\Auth\ProcessingFilter
* Add or replace existing attributes with the configured values.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/AttributeAlter.php b/modules/core/lib/Auth/Process/AttributeAlter.php
index 0d181a0d7cd45700556bd4d121cf4c90da087704..c8900822a025ac632cdd7e31289a0d8a2280fda4 100644
--- a/modules/core/lib/Auth/Process/AttributeAlter.php
+++ b/modules/core/lib/Auth/Process/AttributeAlter.php
@@ -10,7 +10,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Jacob Christiansen, WAYF
* @package SimpleSAMLphp
*/
-
class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -46,11 +45,11 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
* @throws \SimpleSAML\Error\Exception In case of invalid configuration.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -91,6 +90,7 @@ class AttributeAlter extends \SimpleSAML\Auth\ProcessingFilter
*
* @param array &$request The current request.
* @throws \SimpleSAML\Error\Exception In case of invalid configuration.
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/AttributeCopy.php b/modules/core/lib/Auth/Process/AttributeCopy.php
index 1b54da17ae14826a5c6abe82c83b87fef681c6a3..e9fab68d73790c93ca371a394787b247638f39fc 100644
--- a/modules/core/lib/Auth/Process/AttributeCopy.php
+++ b/modules/core/lib/Auth/Process/AttributeCopy.php
@@ -17,7 +17,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* ),
*
*/
-
class AttributeCopy extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -25,13 +24,14 @@ class AttributeCopy extends \SimpleSAML\Auth\ProcessingFilter
*/
private $map = [];
+
/**
* Initialize this filter, parse configuration
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -54,6 +54,7 @@ class AttributeCopy extends \SimpleSAML\Auth\ProcessingFilter
* Apply filter to rename attributes.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/AttributeLimit.php b/modules/core/lib/Auth/Process/AttributeLimit.php
index b90d1b0cdedad5ec6f3d34264254d30ec8128744..f0789d9a2dda31346619b1d1af532caf53a8f67c 100644
--- a/modules/core/lib/Auth/Process/AttributeLimit.php
+++ b/modules/core/lib/Auth/Process/AttributeLimit.php
@@ -8,7 +8,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -23,14 +22,15 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
*/
private $isDefault = false;
+
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use
* @throws \SimpleSAML\Error\Exception If invalid configuration is found.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -61,7 +61,7 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
* Get list of allowed from the SP/IdP config.
*
* @param array &$request The current request.
- * @return array|NULL Array with attribute names, or NULL if no limit is placed.
+ * @return array|null Array with attribute names, or NULL if no limit is placed.
*/
private static function getSPIdPAllowed(array &$request)
{
@@ -83,6 +83,7 @@ class AttributeLimit extends \SimpleSAML\Auth\ProcessingFilter
*
* @param array &$request The current request
* @throws \SimpleSAML\Error\Exception If invalid configuration is found.
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/AttributeMap.php b/modules/core/lib/Auth/Process/AttributeMap.php
index 7992f8b69d45163974ebc21096e7bdacec83087b..0a648dbccbfd5583545feb2cae627de0e48add48 100644
--- a/modules/core/lib/Auth/Process/AttributeMap.php
+++ b/modules/core/lib/Auth/Process/AttributeMap.php
@@ -8,7 +8,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -25,12 +24,12 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter, parse configuration
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*
* @throws Exception If the configuration of the filter is wrong.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -73,6 +72,7 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter
* of the SimpleSAMLphp installation, or in the root of a module.
*
* @throws Exception If the filter could not load the requested attribute map file.
+ * @return void
*/
private function loadMapFile($fileName)
{
@@ -111,6 +111,7 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter
* Apply filter to rename attributes.
*
* @param array &$request The current request.
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/AttributeRealm.php b/modules/core/lib/Auth/Process/AttributeRealm.php
index f6366e9fe66abb5cd0cd219d173dae82ba3cc7fc..c708ece37927747c46f44aff2e1637aa2ecf0692 100644
--- a/modules/core/lib/Auth/Process/AttributeRealm.php
+++ b/modules/core/lib/Auth/Process/AttributeRealm.php
@@ -13,15 +13,16 @@ namespace SimpleSAML\Module\core\Auth\Process;
class AttributeRealm extends \SimpleSAML\Auth\ProcessingFilter
{
+ /** @var string */
private $attributename = 'realm';
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
assert(is_array($config));
@@ -37,6 +38,7 @@ class AttributeRealm extends \SimpleSAML\Auth\ProcessingFilter
* Add or replace existing attributes with the configured values.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/AttributeValueMap.php b/modules/core/lib/Auth/Process/AttributeValueMap.php
index 9979ea66f27b8d5768c89c122ec10dddbc6be795..189560f0bae0e0f2d66e8a8f6da6fc8ef6e12960 100644
--- a/modules/core/lib/Auth/Process/AttributeValueMap.php
+++ b/modules/core/lib/Auth/Process/AttributeValueMap.php
@@ -8,42 +8,47 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Martin van Es, m7
* @package SimpleSAMLphp
*/
-
class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter
{
/**
* The name of the attribute we should assign values to (ie: the target attribute).
+ * @var string
*/
private $targetattribute;
/**
* The name of the attribute we should create values from.
+ * @var string
*/
private $sourceattribute;
/**
* The required $sourceattribute values and target affiliations.
+ * @var array
*/
private $values = [];
/**
* Whether $sourceattribute should be kept or not.
+ * @var bool
*/
private $keep = false;
/**
* Whether $target attribute values should be replaced by new values or not.
+ * @var bool
*/
private $replace = false;
+
/**
* Initialize the filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
* @throws \SimpleSAML\Error\Exception If the configuration is not valid.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -99,6 +104,7 @@ class AttributeValueMap extends \SimpleSAML\Auth\ProcessingFilter
* Apply filter.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/Cardinality.php b/modules/core/lib/Auth/Process/Cardinality.php
index ac4f1aad1edca4ca87a0ab54c71b40fe28fe9902..8e66ad93a7a8af6fa23c40092fec63068af149e4 100644
--- a/modules/core/lib/Auth/Process/Cardinality.php
+++ b/modules/core/lib/Auth/Process/Cardinality.php
@@ -10,7 +10,6 @@ use SimpleSAML\Utils\HttpAdapter;
* @author Guy Halse, http://orcid.org/0000-0002-9388-8592
* @package SimpleSAMLphp
*/
-
class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
{
/** @var array Associative array with the mappings of attribute names. */
@@ -25,12 +24,12 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter, parse configuration.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
* @param HTTPAdapter $http HTTP utility service (handles redirects).
* @throws \SimpleSAML\Error\Exception
*/
- public function __construct($config, $reserved, HttpAdapter $http = null)
+ public function __construct(&$config, $reserved, HttpAdapter $http = null)
{
parent::__construct($config, $reserved);
assert(is_array($config));
@@ -98,6 +97,7 @@ class Cardinality extends \SimpleSAML\Auth\ProcessingFilter
* Process this filter
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/CardinalitySingle.php b/modules/core/lib/Auth/Process/CardinalitySingle.php
index ac251319beef8ffe40c2e15e3da4db498bd4798b..ca758adec8c0ec7ec95b2911212eb7e4ba11df89 100644
--- a/modules/core/lib/Auth/Process/CardinalitySingle.php
+++ b/modules/core/lib/Auth/Process/CardinalitySingle.php
@@ -13,7 +13,6 @@ use SimpleSAML\Utils\HttpAdapter;
* @author Guy Halse, http://orcid.org/0000-0002-9388-8592
* @package SimpleSAMLphp
*/
-
class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
{
/** @var array Attributes that should be single-valued or we generate an error */
@@ -37,11 +36,11 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter, parse configuration.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
* @param HTTPAdapter $http HTTP utility service (handles redirects).
*/
- public function __construct($config, $reserved, HttpAdapter $http = null)
+ public function __construct(&$config, $reserved, HttpAdapter $http = null)
{
parent::__construct($config, $reserved);
assert(is_array($config));
@@ -73,10 +72,12 @@ class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
/**
* Process this filter
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/ExtendIdPSession.php b/modules/core/lib/Auth/Process/ExtendIdPSession.php
index 92102262b572ee8d0b0bfb07e35ef011c106c9a8..adfa3fd1e547f2e5b560cd9c8f553001c02d9be7 100644
--- a/modules/core/lib/Auth/Process/ExtendIdPSession.php
+++ b/modules/core/lib/Auth/Process/ExtendIdPSession.php
@@ -5,9 +5,12 @@ namespace SimpleSAML\Module\core\Auth\Process;
/**
* Extend IdP session and cookies.
*/
-
class ExtendIdPSession extends \SimpleSAML\Auth\ProcessingFilter
{
+ /**
+ * @param array &$state
+ * @return void
+ */
public function process(&$state)
{
assert(is_array($state));
diff --git a/modules/core/lib/Auth/Process/GenerateGroups.php b/modules/core/lib/Auth/Process/GenerateGroups.php
index ab9d15aad0498e93e46fc9f4e2552455b9529912..0ea05f67cd36f7e29777e3af32b0a96222696370 100644
--- a/modules/core/lib/Auth/Process/GenerateGroups.php
+++ b/modules/core/lib/Auth/Process/GenerateGroups.php
@@ -8,7 +8,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -19,10 +18,10 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -51,6 +50,7 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
* Apply filter to add groups attribute.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
@@ -86,6 +86,7 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
/**
* Determine which realm the user belongs to.
*
@@ -94,7 +95,7 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
* a realm, NULL will be returned.
*
* @param array $attributes The attributes of the user.
- * @return string|NULL The realm of the user, or NULL if we are unable to determine the realm.
+ * @return string|null The realm of the user, or NULL if we are unable to determine the realm.
*/
private static function getRealm($attributes)
{
@@ -119,6 +120,7 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
return self::escapeIllegalChars($realm);
}
+
/**
* Escape special characters in a string.
*
@@ -135,6 +137,10 @@ class GenerateGroups extends \SimpleSAML\Auth\ProcessingFilter
return preg_replace_callback(
'/([^a-zA-Z0-9_@=.])/',
+ /**
+ * @param array $m
+ * @return string
+ */
function ($m) {
return sprintf("%%%02x", ord($m[1]));
},
diff --git a/modules/core/lib/Auth/Process/LanguageAdaptor.php b/modules/core/lib/Auth/Process/LanguageAdaptor.php
index 771fb6357216575621aeaa067b77036e77c34e3a..952d800bdce52936922a1e02cce6dcd2a707ab2b 100644
--- a/modules/core/lib/Auth/Process/LanguageAdaptor.php
+++ b/modules/core/lib/Auth/Process/LanguageAdaptor.php
@@ -8,18 +8,18 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Andreas Ã…kre Solberg, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class LanguageAdaptor extends \SimpleSAML\Auth\ProcessingFilter
{
+ /** @var string */
private $langattr = 'preferredLanguage';
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
assert(is_array($config));
@@ -29,12 +29,14 @@ class LanguageAdaptor extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
/**
* Apply filter to add or replace attributes.
*
* Add or replace existing attributes with the configured values.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/PHP.php b/modules/core/lib/Auth/Process/PHP.php
index cd424c76e9a01e1b4705eb217014eab2c9ec5ed1..bf0504f52a570e2b6b6a79969f116ffd293b59ac 100644
--- a/modules/core/lib/Auth/Process/PHP.php
+++ b/modules/core/lib/Auth/Process/PHP.php
@@ -21,12 +21,12 @@ class PHP extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter, parse configuration
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*
* @throws \SimpleSAML\Error\Exception if the 'code' option is not defined.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -43,12 +43,18 @@ class PHP extends \SimpleSAML\Auth\ProcessingFilter
* Apply the PHP code to the attributes.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
assert(is_array($request));
assert(array_key_exists('Attributes', $request));
+ /**
+ * @param array &$attributes
+ * @param array &$state
+ * @return void
+ */
$function = function (
/** @scrutinizer ignore-unused */ &$attributes,
/** @scrutinizer ignore-unused */ &$state
diff --git a/modules/core/lib/Auth/Process/ScopeAttribute.php b/modules/core/lib/Auth/Process/ScopeAttribute.php
index 1db7d3c18a1bf3dd3f1f4cc1a3d1cc1bd090d7d7..f86058c5768a94d3321eb3ec8a6db4af75d8afcd 100644
--- a/modules/core/lib/Auth/Process/ScopeAttribute.php
+++ b/modules/core/lib/Auth/Process/ScopeAttribute.php
@@ -38,29 +38,32 @@ class ScopeAttribute extends \SimpleSAML\Auth\ProcessingFilter
*/
private $onlyIfEmpty = false;
+
/**
* Initialize this filter, parse configuration
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
assert(is_array($config));
- $config = \SimpleSAML\Configuration::loadFromArray($config, 'ScopeAttribute');
+ $cfg = \SimpleSAML\Configuration::loadFromArray($config, 'ScopeAttribute');
- $this->scopeAttribute = $config->getString('scopeAttribute');
- $this->sourceAttribute = $config->getString('sourceAttribute');
- $this->targetAttribute = $config->getString('targetAttribute');
- $this->onlyIfEmpty = $config->getBoolean('onlyIfEmpty', false);
+ $this->scopeAttribute = $cfg->getString('scopeAttribute');
+ $this->sourceAttribute = $cfg->getString('sourceAttribute');
+ $this->targetAttribute = $cfg->getString('targetAttribute');
+ $this->onlyIfEmpty = $cfg->getBoolean('onlyIfEmpty', false);
}
+
/**
* Apply this filter to the request.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/ScopeFromAttribute.php b/modules/core/lib/Auth/Process/ScopeFromAttribute.php
index b043de9fd86a0c58ba16e8d332b730c26ded02f6..323fc0038a914083988b57a53bb05f1493615b4d 100644
--- a/modules/core/lib/Auth/Process/ScopeFromAttribute.php
+++ b/modules/core/lib/Auth/Process/ScopeFromAttribute.php
@@ -18,7 +18,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* to add a virtual 'scope' attribute from the eduPersonPrincipalName
* attribute.
*/
-
class ScopeFromAttribute extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -35,26 +34,29 @@ class ScopeFromAttribute extends \SimpleSAML\Auth\ProcessingFilter
*/
private $targetAttribute;
+
/**
* Initialize this filter, parse configuration
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
assert(is_array($config));
- $config = \SimpleSAML\Configuration::loadFromArray($config, 'ScopeFromAttribute');
- $this->targetAttribute = $config->getString('targetAttribute');
- $this->sourceAttribute = $config->getString('sourceAttribute');
+ $cfg = \SimpleSAML\Configuration::loadFromArray($config, 'ScopeFromAttribute');
+ $this->targetAttribute = $cfg->getString('targetAttribute');
+ $this->sourceAttribute = $cfg->getString('sourceAttribute');
} // end constructor
+
/**
* Apply this filter.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
index 86db3063c575396706a4373d8ba5f8db9bc3b3d6..7d796eceec7d6e18282e8290fa02ca1fd957419a 100644
--- a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
+++ b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
@@ -8,7 +8,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Andreas Ã…kre Solberg, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class StatisticsWithAttribute extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -31,10 +30,10 @@ class StatisticsWithAttribute extends \SimpleSAML\Auth\ProcessingFilter
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -64,6 +63,7 @@ class StatisticsWithAttribute extends \SimpleSAML\Auth\ProcessingFilter
* Log line.
*
* @param array &$state The current state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index 710fa7f648861b7b515f5807775e19a9b5ba6699..46a6b04ff662cfe5c61b3b56722ab69b4de0065e 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -30,7 +30,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -46,13 +45,14 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
*/
private $generateNameId = false;
+
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -73,10 +73,12 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
/**
* Apply filter to add the targeted ID.
*
* @param array &$state The current state.
+ * @return void
*/
public function process(&$state)
{
@@ -142,6 +144,7 @@ class TargetedID extends \SimpleSAML\Auth\ProcessingFilter
$state['Attributes']['eduPersonTargetedID'] = [$nameId];
}
+
/**
* Generate ID from entity metadata.
*
diff --git a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
index 1d488b9db935886a2a2e2359ffddaf10ef3e4e56..a2cbe71e80c0f24b5f914a14c0f7e15d3a182fa7 100644
--- a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
+++ b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
@@ -7,7 +7,6 @@ namespace SimpleSAML\Module\core\Auth\Process;
*
* @package SimpleSAMLphp
*/
-
class WarnShortSSOInterval extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -17,6 +16,7 @@ class WarnShortSSOInterval extends \SimpleSAML\Auth\ProcessingFilter
* If it is to short a while since, we will show a warning to the user.
*
* @param array $state The state of the response.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index 8473344666aa5e02a8df33ef1cde898c586fdfb8..2730c8cb007df717d35e9a34a830437ad0d424cc 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -11,7 +11,6 @@ namespace SimpleSAML\Module\core\Auth;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
abstract class UserPassBase extends \SimpleSAML\Auth\Source
{
/**
@@ -72,6 +71,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
*/
protected $rememberMeChecked = false;
+
/**
* Constructor for this authentication source.
*
@@ -109,10 +109,12 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
$this->rememberMeChecked = $sspcnf->getBoolean('session.rememberme.checked', false);
}
+
/**
* Set forced username.
*
- * @param string|NULL $forcedUsername The forced username.
+ * @param string|null $forcedUsername The forced username.
+ * @return void
*/
public function setForcedUsername($forcedUsername)
{
@@ -122,12 +124,14 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
/**
* Return login links from configuration
+ * @return array
*/
public function getLoginLinks()
{
return $this->loginLinks;
}
+
/**
* Getter for the authsource config option remember.username.enabled
* @return bool
@@ -137,6 +141,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
return $this->rememberUsernameEnabled;
}
+
/**
* Getter for the authsource config option remember.username.checked
* @return bool
@@ -146,6 +151,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
return $this->rememberUsernameChecked;
}
+
/**
* Check if the "remember me" feature is enabled.
* @return bool TRUE if enabled, FALSE otherwise.
@@ -155,6 +161,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
return $this->rememberMeEnabled;
}
+
/**
* Check if the "remember me" checkbox should be checked.
* @return bool TRUE if enabled, FALSE otherwise.
@@ -164,6 +171,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
return $this->rememberMeChecked;
}
+
/**
* Initialize login.
*
@@ -171,6 +179,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
* login page.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -233,6 +242,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
assert(false);
}
+
/**
* Attempt to log in using the given username and password.
*
@@ -248,6 +258,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
*/
abstract protected function login($username, $password);
+
/**
* Handle login request.
*
@@ -258,6 +269,7 @@ abstract class UserPassBase extends \SimpleSAML\Auth\Source
* @param string $authStateId The identifier of the authentication state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
+ * @return void
*/
public static function handleLogin($authStateId, $username, $password)
{
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index 33168524c85c692c1f19fac1b3f08b684e3c3878..6eca0d095491f3c16d995fc0c487181a522e115a 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -13,7 +13,6 @@ namespace SimpleSAML\Module\core\Auth;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
{
/**
@@ -127,6 +126,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
* If unconfigured, the default is 'none'.
*
* @param string $usernameOrgMethod The method which should be used.
+ * @return void
*/
protected function setUsernameOrgMethod($usernameOrgMethod)
{
@@ -151,6 +151,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
return $this->usernameOrgMethod;
}
+
/**
* Getter for the authsource config option remember.username.enabled
* @return bool
@@ -160,6 +161,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
return $this->rememberUsernameEnabled;
}
+
/**
* Getter for the authsource config option remember.username.checked
* @return bool
@@ -169,6 +171,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
return $this->rememberUsernameChecked;
}
+
/**
* Getter for the authsource config option remember.organization.enabled
* @return bool
@@ -178,6 +181,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
return $this->rememberOrganizationEnabled;
}
+
/**
* Getter for the authsource config option remember.organization.checked
* @return bool
@@ -187,6 +191,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
return $this->rememberOrganizationChecked;
}
+
/**
* Initialize login.
*
@@ -194,6 +199,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
* login page.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -251,6 +257,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user chose.
+ * @return void
*/
public static function handleLogin($authStateId, $username, $password, $organization)
{
@@ -301,7 +308,7 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
* This function is used by the login form to get the available organizations.
*
* @param string $authStateId The identifier of the authentication state.
- * @return array|NULL Array of organizations. NULL if the user must enter the
+ * @return array|null Array of organizations. NULL if the user must enter the
* organization as part of the username.
*/
public static function listOrganizations($authStateId)
diff --git a/modules/core/lib/Stats/Output/File.php b/modules/core/lib/Stats/Output/File.php
index cac817c83b784f5e7fca13d3a6dca81d0497ab18..fb95e42e7382d6dea8b1d2a58dc39d6dee2d80a5 100644
--- a/modules/core/lib/Stats/Output/File.php
+++ b/modules/core/lib/Stats/Output/File.php
@@ -7,7 +7,6 @@ namespace SimpleSAML\Module\core\Stats\Output;
*
* @package SimpleSAMLphp
*/
-
class File extends \SimpleSAML\Stats\Output
{
/**
@@ -24,10 +23,11 @@ class File extends \SimpleSAML\Stats\Output
/**
* The current file date.
- * @var string
+ * @var string|null
*/
private $fileDate = null;
+
/**
* Initialize the output.
*
@@ -44,10 +44,12 @@ class File extends \SimpleSAML\Stats\Output
}
}
+
/**
* Open a log file.
*
* @param string $date The date for the log file.
+ * @return void
*/
private function openLog($date)
{
@@ -70,10 +72,12 @@ class File extends \SimpleSAML\Stats\Output
$this->fileDate = $date;
}
+
/**
* Write a stats event.
*
* @param array $data The event.
+ * @return void
*/
public function emit(array $data)
{
diff --git a/modules/core/lib/Stats/Output/Log.php b/modules/core/lib/Stats/Output/Log.php
index e3eff86663cac6955df4ff620944547578e4d415..d4919c5795cc2a02efb867e7b209e9df88828f00 100644
--- a/modules/core/lib/Stats/Output/Log.php
+++ b/modules/core/lib/Stats/Output/Log.php
@@ -7,19 +7,20 @@ namespace SimpleSAML\Module\core\Stats\Output;
*
* @package SimpleSAMLphp
*/
-
class Log extends \SimpleSAML\Stats\Output
{
/**
* The logging function we should call.
- * @var callback
+ * @var callable
*/
private $logger;
+
/**
* Initialize the output.
*
* @param \SimpleSAML\Configuration $config The configuration for this output.
+ * @throws \Exception
*/
public function __construct(\SimpleSAML\Configuration $config)
{
@@ -30,10 +31,12 @@ class Log extends \SimpleSAML\Stats\Output
}
}
+
/**
* Write a stats event.
*
- * @param string $data The event (as a JSON string).
+ * @param array $data The event
+ * @return void
*/
public function emit(array $data)
{
diff --git a/modules/core/lib/Storage/SQLPermanentStorage.php b/modules/core/lib/Storage/SQLPermanentStorage.php
index 4360d5e84ad015e37438810cdc61712a85aef9ee..0650f7bf2ce9588e1905f0e11ca2f7ea9ad19d6b 100644
--- a/modules/core/lib/Storage/SQLPermanentStorage.php
+++ b/modules/core/lib/Storage/SQLPermanentStorage.php
@@ -14,8 +14,15 @@ namespace SimpleSAML\Module\core\Storage;
class SQLPermanentStorage
{
+ /** @var \PDO */
private $db;
+
+ /**
+ * @param string $name
+ * @param \SimpleSAML\Configuration|null $config
+ * @throws \Exception
+ */
public function __construct($name, $config = null)
{
if (is_null($config)) {
@@ -57,6 +64,15 @@ class SQLPermanentStorage
}
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @param mixed $value
+ * @param int|null $duration
+ * @return void
+ */
public function set($type, $key1, $key2, $value, $duration = null)
{
if ($this->exists($type, $key1, $key2)) {
@@ -66,6 +82,15 @@ class SQLPermanentStorage
}
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @param mixed $value
+ * @param int|null $duration
+ * @return array
+ */
private function insert($type, $key1, $key2, $value, $duration = null)
{
$expire = is_null($duration) ? null : (time() + $duration);
@@ -82,6 +107,15 @@ class SQLPermanentStorage
return $results;
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @param mixed $value
+ * @param int|null $duration
+ * @return array
+ */
private function update($type, $key1, $key2, $value, $duration = null)
{
$expire = is_null($duration) ? null : (time() + $duration);
@@ -97,6 +131,13 @@ class SQLPermanentStorage
return $results;
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @return array|null
+ */
public function get($type = null, $key1 = null, $key2 = null)
{
$conditions = $this->getCondition($type, $key1, $key2);
@@ -114,8 +155,13 @@ class SQLPermanentStorage
return $res;
}
- /*
+ /**
* Return the value directly (not in a container)
+ *
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @return array|null
*/
public function getValue($type = null, $key1 = null, $key2 = null)
{
@@ -126,6 +172,13 @@ class SQLPermanentStorage
return $res['value'];
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @return bool
+ */
public function exists($type, $key1, $key2)
{
$query = 'SELECT * FROM data WHERE type = :type AND key1 = :key1 AND key2 = :key2 LIMIT 1';
@@ -136,6 +189,13 @@ class SQLPermanentStorage
return (count($results) == 1);
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @return array|false|null
+ */
public function getList($type = null, $key1 = null, $key2 = null)
{
$conditions = $this->getCondition($type, $key1, $key2);
@@ -154,6 +214,15 @@ class SQLPermanentStorage
return $results;
}
+
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @param string $whichKey
+ * @throws \Exception
+ * @return array|null
+ */
public function getKeys($type = null, $key1 = null, $key2 = null, $whichKey = 'type')
{
if (!in_array($whichKey, ['key1', 'key2', 'type'], true)) {
@@ -178,6 +247,12 @@ class SQLPermanentStorage
return $resarray;
}
+ /**
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @return bool
+ */
public function remove($type, $key1, $key2)
{
$query = 'DELETE FROM data WHERE type = :type AND key1 = :key1 AND key2 = :key2';
@@ -188,6 +263,10 @@ class SQLPermanentStorage
return (count($results) == 1);
}
+
+ /**
+ * @return int
+ */
public function removeExpired()
{
$query = "DELETE FROM data WHERE expire IS NOT NULL AND expire < :expire";
@@ -199,6 +278,11 @@ class SQLPermanentStorage
/**
* Create a SQL condition statement based on parameters
+ *
+ * @param string $type
+ * @param mixed $key1
+ * @param mixed $key2
+ * @return string
*/
private function getCondition($type = null, $key1 = null, $key2 = null)
{
diff --git a/modules/cron/hooks/hook_configpage.php b/modules/cron/hooks/hook_configpage.php
index dc3c8400b7169e66c4b4cd97756e1a0cbeccca4e..136888a0036582a91a086acf69179db53fa81fce 100644
--- a/modules/cron/hooks/hook_configpage.php
+++ b/modules/cron/hooks/hook_configpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add the cron module to the config page.
*
* @param \SimpleSAML\XHTML\Template &$template The template that we should alter in this hook.
+ * @return void
*/
-
function cron_hook_configpage(\SimpleSAML\XHTML\Template &$template)
{
$template->data['links']['cron'] = [
diff --git a/modules/cron/hooks/hook_cron.php b/modules/cron/hooks/hook_cron.php
index 61812906a2e8fee62ba13e042314d827ca36f39d..eb4718275f11e04da59d7f5f8c0b4e292f0ec3ec 100644
--- a/modules/cron/hooks/hook_cron.php
+++ b/modules/cron/hooks/hook_cron.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
+ * @return void
*/
-
function cron_hook_cron(&$croninfo)
{
assert(is_array($croninfo));
diff --git a/modules/cron/hooks/hook_frontpage.php b/modules/cron/hooks/hook_frontpage.php
index 73fcd215b74521dfb827f505f5896ec49a47de39..9a0401a275bb7dab7987008b725f7dc6a20e730e 100644
--- a/modules/cron/hooks/hook_frontpage.php
+++ b/modules/cron/hooks/hook_frontpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
-
function cron_hook_frontpage(&$links)
{
assert(is_array($links));
diff --git a/modules/cron/lib/Cron.php b/modules/cron/lib/Cron.php
index f8bda653b8b23b4dc6061668160c453e8044ba13..5396a2cfe0762221ccac7836b6c90718bb16b1cd 100644
--- a/modules/cron/lib/Cron.php
+++ b/modules/cron/lib/Cron.php
@@ -1,6 +1,6 @@
<?php
-namespace SimpleSAML\Module\cron;
+namespace SimpleSAML\Module\cron;
/**
* Handles interactions with SSP's cron system/hooks.
@@ -27,13 +27,12 @@ class Cron
/**
* Invoke the cron hook for the given tag
- * @param $tag string The tag to use. Must be valid in the cronConfig
+ * @param string $tag The tag to use. Must be valid in the cronConfig
* @return array the tag, and summary information from the run.
* @throws Exception If an invalid tag specified
*/
public function runTag($tag)
{
-
if (!$this->isValidTag($tag)) {
throw new \Exception("Invalid cron tag '$tag''");
}
@@ -53,6 +52,10 @@ class Cron
return $croninfo;
}
+ /**
+ * @param string $tag
+ * @return bool
+ */
public function isValidTag($tag)
{
if (!is_null($this->cronconfig->getValue('allowed_tags'))) {
diff --git a/modules/cron/templates/croninfo.twig b/modules/cron/templates/croninfo.twig
index b00b8905b8ab2107cb0c9d1980dc0a7fea539ea4..d2ea32988d69d46edbd58b76d1e48de895df60f2 100644
--- a/modules/cron/templates/croninfo.twig
+++ b/modules/cron/templates/croninfo.twig
@@ -2,7 +2,7 @@
{% extends "base.twig" %}
{% block preload %}
-<link rel="stylesheet" type="text/css" href="{{ baseurlpath }}assets/css/cron.css">
+<link rel="stylesheet" href="/{{ baseurlpath }}module.php/cron/assets/css/cron.css">
{% endblock %}
{% block content %}
diff --git a/modules/discopower/lib/PowerIdPDisco.php b/modules/discopower/lib/PowerIdPDisco.php
index a0955cb32d320448ab03a89f55a7dd0252d8dfee..c5ce0a954a091ce38e9a1dbc7b75509fc96b35f0 100644
--- a/modules/discopower/lib/PowerIdPDisco.php
+++ b/modules/discopower/lib/PowerIdPDisco.php
@@ -11,7 +11,6 @@ namespace SimpleSAML\Module\discopower;
* @author Andreas Ã…kre Solberg <andreas@uninett.no>, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class PowerIdPDisco extends \SimpleSAML\XHTML\IdPDisco
{
/**
@@ -69,6 +68,7 @@ class PowerIdPDisco extends \SimpleSAML\XHTML\IdPDisco
* This is an helper function for logging messages. It will prefix the messages with our discovery service type.
*
* @param string $message The message which should be logged.
+ * @return void
*/
protected function log($message)
{
@@ -236,6 +236,7 @@ class PowerIdPDisco extends \SimpleSAML\XHTML\IdPDisco
* Handles a request to this discovery service.
*
* The IdP disco parameters should be set before calling this function.
+ * @return void
*/
public function handleRequest()
{
@@ -303,6 +304,13 @@ class PowerIdPDisco extends \SimpleSAML\XHTML\IdPDisco
$t->show();
}
+
+ /**
+ * @param \SimpleSAML\XHTML\Template $t
+ * @param array $metadata
+ * @param string $favourite
+ * @return array
+ */
private function processMetadata($t, $metadata, $favourite)
{
$basequerystring = '?'.
@@ -394,6 +402,7 @@ class PowerIdPDisco extends \SimpleSAML\XHTML\IdPDisco
* This function overrides the corresponding function in the parent class, to add support for common domain cookie.
*
* @param string $idp The entityID of the IdP.
+ * @return void
*/
protected function setPreviousIdP($idp)
{
diff --git a/modules/discopower/templates/disco.twig b/modules/discopower/templates/disco.twig
index 5fd06df1b6e1a54799165b39bccfb6ce77dd2462..bd72483935347cd5dff98220a5f1c082fb9c5108 100644
--- a/modules/discopower/templates/disco.twig
+++ b/modules/discopower/templates/disco.twig
@@ -2,14 +2,13 @@
{% extends "base.twig" %}
{% block preload %}
- <link href="{{ baseurlpath }}style.css" rel="stylesheet" type="text/css" media="screen" />
- <link rel="stylesheet" media="screen" type="text/css" href="/resources/uitheme1.8/jquery-ui.css" />
+ <link rel="stylesheet" media="screen" href="/{{ baseurlpath }}resources/uitheme1.8/jquery-ui.css">
{% endblock %}
{% block postload %}
- <script type="text/javascript" src="/resources/jquery-1.8.js"></script>
- <script type="text/javascript" src="/resources/jquery-ui-1.8.js"></script>
- <script type="text/javascript" src="{{ baseurlpath }}js/jquery.livesearch.js"></script>
- <script type="text/javascript" src="{{ baseurlpath }}js/{{ score }}.js"></script>
+ <script src="/{{ baseurlpath }}resources/jquery-1.8.js"></script>
+ <script src="/{{ baseurlpath }}resources/jquery-ui-1.8.js"></script>
+ <script src="/{{ baseurlpath }}module.php/discopower/js/jquery.livesearch.js"></script>
+ <script src="/{{ baseurlpath }}module.php/discopower/js/{{ score }}.js"></script>
{{ search|raw }}
{% endblock %}
diff --git a/modules/exampleattributeserver/www/attributeserver.php b/modules/exampleattributeserver/www/attributeserver.php
index 9bdbe415a1ff0a52d2c7fe64701b1bc08550da5b..84aad77dd1204475d4a9d1b908e7c9c32904bb01 100644
--- a/modules/exampleattributeserver/www/attributeserver.php
+++ b/modules/exampleattributeserver/www/attributeserver.php
@@ -10,10 +10,13 @@ if (!($query instanceof \SAML2\AttributeQuery)) {
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-
-$spEntityId = $query->getIssuer();
-if ($spEntityId === null) {
+$issuer = $query->getIssuer();
+if ($issuer === null) {
throw new \SimpleSAML\Error\BadRequest('Missing <saml:Issuer> in <samlp:AttributeQuery>.');
+} elseif (is_string($issuer)) {
+ $spEntityId = $issuer;
+} else {
+ $spEntityId = $issuer->getValue();
}
$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-hosted');
@@ -41,6 +44,7 @@ if (count($returnAttributes) === 0) {
$returnAttributes = [];
} else {
foreach ($returnAttributes as $name => $values) {
+ /** @var array $values */
if (!array_key_exists($name, $attributes)) {
// We don't have this attribute
unset($returnAttributes[$name]);
diff --git a/modules/exampleauth/lib/Auth/Process/RedirectTest.php b/modules/exampleauth/lib/Auth/Process/RedirectTest.php
index 13ff82dbd2e92a09d64943c2b2d938a09f7f3537..e72c5459e197b7c03e3ec547206f4d5a224461e8 100644
--- a/modules/exampleauth/lib/Auth/Process/RedirectTest.php
+++ b/modules/exampleauth/lib/Auth/Process/RedirectTest.php
@@ -6,13 +6,13 @@ namespace SimpleSAML\Module\exampleautth\Auth\Process;
* A simple processing filter for testing that redirection works as it should.
*
*/
-
class RedirectTest extends \SimpleSAML\Auth\ProcessingFilter
{
/**
* Initialize processing of the redirect test.
*
* @param array &$state The state we should update.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php
index fef113edb9ed6a4fe6375a8baf614ea072bb1162..409b4ea42b8f87ff02fd3023925844ef6f328249 100644
--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -22,7 +22,6 @@ namespace SimpleSAML\Module\exampleauth\Auth\Source;
*
* @package SimpleSAMLphp
*/
-
class External extends \SimpleSAML\Auth\Source
{
/**
@@ -47,10 +46,11 @@ class External extends \SimpleSAML\Auth\Source
// Do any other configuration we need here
}
+
/**
* Retrieve attributes for the user.
*
- * @return array|NULL The user's attributes, or NULL if the user isn't authenticated.
+ * @return array|null The user's attributes, or NULL if the user isn't authenticated.
*/
private function getUser()
{
@@ -91,10 +91,12 @@ class External extends \SimpleSAML\Auth\Source
return $attributes;
}
+
/**
* Log in using an external authentication helper.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -172,6 +174,7 @@ class External extends \SimpleSAML\Auth\Source
assert(false);
}
+
/**
* Resume authentication process.
*
@@ -179,6 +182,9 @@ class External extends \SimpleSAML\Auth\Source
* entered his or her credentials.
*
* @param array &$state The authentication state.
+ * @return void
+ * @throws \SimpleSAML\Error\BadRequest
+ * @throws \SimpleSAML\Error\Exception
*/
public static function resume()
{
@@ -248,11 +254,13 @@ class External extends \SimpleSAML\Auth\Source
assert(false);
}
+
/**
* This function is called when the user start a logout operation, for example
* by logging out of a SP that supports single logout.
*
* @param array &$state The logout state array.
+ * @return void
*/
public function logout(&$state)
{
diff --git a/modules/exampleauth/lib/Auth/Source/StaticSource.php b/modules/exampleauth/lib/Auth/Source/StaticSource.php
index d81dd325638fe2c2e1f3e64d45ca329310115c54..607a2e4962c94518253d0df461372177e3d33149 100644
--- a/modules/exampleauth/lib/Auth/Source/StaticSource.php
+++ b/modules/exampleauth/lib/Auth/Source/StaticSource.php
@@ -11,7 +11,6 @@ namespace SimpleSAML\Module\exampleauth\Auth\Source;
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class StaticSource extends \SimpleSAML\Auth\Source
{
/**
@@ -42,10 +41,12 @@ class StaticSource extends \SimpleSAML\Auth\Source
}
}
+
/**
* Log in using static attributes.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
diff --git a/modules/expirycheck/lib/Auth/Process/ExpiryDate.php b/modules/expirycheck/lib/Auth/Process/ExpiryDate.php
index ddd5befc1548c290914a389771a26f632087c33d..a0ae17053fdf604caf4002dbe5e4af8e4b013f05 100644
--- a/modules/expirycheck/lib/Auth/Process/ExpiryDate.php
+++ b/modules/expirycheck/lib/Auth/Process/ExpiryDate.php
@@ -21,22 +21,28 @@ namespace SimpleSAML\Module\expirycheck\Auth\Process;
* @author Alex MihiÄinac, ARNES. <alexm@arnes.si>
* @package SimpleSAMLphp
*/
-
class ExpiryDate extends \SimpleSAML\Auth\ProcessingFilter
{
+ /** @var int */
private $warndaysbefore = 0;
+
+ /** @var string|null */
private $netid_attr = null;
+
+ /** @var string|null */
private $expirydate_attr = null;
+
+ /** @var string */
private $date_format = 'd.m.Y';
/**
* Initialize this filter.
*
- * @param array $config Configuration information about this filter.
+ * @param array &$config Configuration information about this filter.
* @param mixed $reserved For future use.
*/
- public function __construct($config, $reserved)
+ public function __construct(&$config, $reserved)
{
parent::__construct($config, $reserved);
@@ -75,12 +81,14 @@ class ExpiryDate extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
/**
* Show expirational warning if remaining days is equal or under defined $warndaysbefore
- * @param integer $expireOnDate
- * @param integer $warndaysbefore
- * @return bool
*
+ * @param array &$state
+ * @param int $expireOnDate
+ * @param int $warndaysbefore
+ * @return bool
*/
public function shWarning(&$state, $expireOnDate, $warndaysbefore)
{
@@ -97,11 +105,12 @@ class ExpiryDate extends \SimpleSAML\Auth\ProcessingFilter
return false;
}
+
/**
- * Check if given date is older than today
- * @param integer $expireOnDate
- * @return bool
+ * Check if given date is older than today
*
+ * @param int $expireOnDate
+ * @return bool
*/
public function checkDate($expireOnDate)
{
@@ -115,10 +124,12 @@ class ExpiryDate extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
/**
* Apply filter
*
* @param array &$state The current state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php b/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
index a1062376d98df4ba15fcce8c74d0b4ccb005a5a7..99ca6c0cc91a26407d977180a979f85ee54bc0e7 100644
--- a/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
+++ b/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
@@ -34,7 +34,6 @@ namespace SimpleSAML\Module\ldap\Auth\Process;
* @author Remy Blom <remy.blom@hku.nl>
* @package SimpleSAMLphp
*/
-
class AttributeAddFromLDAP extends BaseFilter
{
/**
@@ -60,6 +59,7 @@ class AttributeAddFromLDAP extends BaseFilter
*/
protected $attr_policy;
+
/**
* Initialize this filter.
*
@@ -136,6 +136,7 @@ class AttributeAddFromLDAP extends BaseFilter
* Add attributes from an LDAP server.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php b/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
index 6101e7b162921c732d4db64baab3ca827f0c9eb1..ccf94067aad2bf2014a3f43ea0dee2cf027aec8c 100644
--- a/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
+++ b/modules/ldap/lib/Auth/Process/AttributeAddUsersGroups.php
@@ -10,7 +10,6 @@ namespace SimpleSAML\Module\ldap\Auth\Process;
* @author Ryan Panning <panman@traileyes.com>
* @package SimpleSAMLphp
*/
-
class AttributeAddUsersGroups extends BaseFilter
{
/**
@@ -21,6 +20,7 @@ class AttributeAddUsersGroups extends BaseFilter
*
* @throws \SimpleSAML\Error\Exception
* @param $request
+ * @return void
*/
public function process(&$request)
{
@@ -171,7 +171,7 @@ class AttributeAddUsersGroups extends BaseFilter
// run through all groups and add each to our groups array
foreach ($all_groups as $group_entry) {
- $groups[] .= $group_entry[$map['member']][0];
+ $groups[] = $group_entry[$map['member']][0];
}
return $groups;
diff --git a/modules/ldap/lib/Auth/Process/BaseFilter.php b/modules/ldap/lib/Auth/Process/BaseFilter.php
index f7de0656fc8da7e7b090737fc0e2f5d8ec5fb916..4c1d9d002aadb87182e69899e9983c85cd0dbc46 100644
--- a/modules/ldap/lib/Auth/Process/BaseFilter.php
+++ b/modules/ldap/lib/Auth/Process/BaseFilter.php
@@ -14,7 +14,6 @@ namespace SimpleSAML\Module\ldap\Auth\Process;
* @author Remy Blom <remy.blom@hku.nl>
* @package SimpleSAMLphp
*/
-
abstract class BaseFilter extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -50,7 +49,7 @@ abstract class BaseFilter extends \SimpleSAML\Auth\ProcessingFilter
* Instance, object of the ldap connection. Stored here to
* be access later during processing.
*
- * @var \SimpleSAML\Auth\Ldap
+ * @var \SimpleSAML\Auth\LDAP
*/
private $ldap;
@@ -90,8 +89,8 @@ abstract class BaseFilter extends \SimpleSAML\Auth\ProcessingFilter
* instance/object and stores everything in class members.
*
* @throws \SimpleSAML\Error\Exception
- * @param array $config
- * @param $reserved
+ * @param array &$config
+ * @param mixed $reserved
*/
public function __construct(&$config, $reserved)
{
@@ -255,12 +254,12 @@ abstract class BaseFilter extends \SimpleSAML\Auth\ProcessingFilter
* rather than setting in the constructor to avoid unnecessarily
* connecting to LDAP when it might not be needed.
*
- * @return \SimpleSAML\Auth\Ldap
+ * @return \SimpleSAML\Auth\LDAP
*/
protected function getLdap()
{
// Check if already connected
- if ($this->ldap) {
+ if (isset($this->ldap)) {
return $this->ldap;
}
diff --git a/modules/ldap/lib/ConfigHelper.php b/modules/ldap/lib/ConfigHelper.php
index d4dcff33ad5084d1f8fdd08cca9bc1734cff91bf..6d862c5a0af14256ba8bdd6aca9fbd92aac47652 100644
--- a/modules/ldap/lib/ConfigHelper.php
+++ b/modules/ldap/lib/ConfigHelper.php
@@ -253,7 +253,7 @@ class ConfigHelper
* @param bool $allowZeroHits
* Determines if the method will throw an exception if no
* hits are found. Defaults to FALSE.
- * @return string
+ * @return string|null
* The DN of the matching element, if found. If no element was
* found and $allowZeroHits is set to FALSE, an exception will
* be thrown; otherwise NULL will be returned.
@@ -295,6 +295,13 @@ class ConfigHelper
);
}
+
+ /**
+ * @param string $dn
+ * @param array|null $attributes
+ * @return array
+ * @throws \Exception
+ */
public function getAttributes($dn, $attributes = null)
{
if ($attributes == null) {
diff --git a/modules/memcacheMonitor/hooks/hook_configpage.php b/modules/memcacheMonitor/hooks/hook_configpage.php
index 4debe964ee90ecd9d41b781763738c0beb1f6240..497c84893aa89a811e2db53f259bad67cb6a226a 100644
--- a/modules/memcacheMonitor/hooks/hook_configpage.php
+++ b/modules/memcacheMonitor/hooks/hook_configpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add the memcacheMonitor module to the config page.
*
* @param \SimpleSAML\XHTML\Template &$template The template that we should alter in this hook.
+ * @return void
*/
-
function memcacheMonitor_hook_configpage(\SimpleSAML\XHTML\Template &$template)
{
$template->data['links']['memcacheMonitor'] = [
diff --git a/modules/memcacheMonitor/hooks/hook_frontpage.php b/modules/memcacheMonitor/hooks/hook_frontpage.php
index d25437327aaad82653f3a517a8ecc9051d22dc38..9a1b4f07b7b4c329c0db156648a6a7d556309bb3 100644
--- a/modules/memcacheMonitor/hooks/hook_frontpage.php
+++ b/modules/memcacheMonitor/hooks/hook_frontpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add the simple consenet admin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
-
function memcacheMonitor_hook_frontpage(&$links)
{
assert(is_array($links));
diff --git a/modules/memcacheMonitor/hooks/hook_sanitycheck.php b/modules/memcacheMonitor/hooks/hook_sanitycheck.php
index a7a36c415dbdbbe7d1fec858040d650cdd5db5cd..ce95aada196521d5d94e07a27f155728f65b2202 100644
--- a/modules/memcacheMonitor/hooks/hook_sanitycheck.php
+++ b/modules/memcacheMonitor/hooks/hook_sanitycheck.php
@@ -6,8 +6,8 @@
* This function verifies that all memcache servers work.
*
* @param array &$hookinfo hookinfo
+ * @return void
*/
-
function memcacheMonitor_hook_sanitycheck(&$hookinfo)
{
assert(is_array($hookinfo));
diff --git a/modules/memcacheMonitor/templates/memcachestat.twig b/modules/memcacheMonitor/templates/memcachestat.twig
index fdc4af4bd03a307ad28974a4c4463185ec4ab749..f14848515f513d022a887d2f704d6e791279cd37 100644
--- a/modules/memcacheMonitor/templates/memcachestat.twig
+++ b/modules/memcacheMonitor/templates/memcachestat.twig
@@ -2,7 +2,7 @@
{% extends "base.twig" %}
{% block preload %}
- <link href="{{ baseurlpath }}assets/css/memcacheMonitor.css" rel="stylesheet" />
+ <link href="/{{ baseurlpath }}module.php/memcacheMonitor/assets/css/memcacheMonitor.css" rel="stylesheet">
{% endblock %}
{% block content %}
diff --git a/modules/memcacheMonitor/www/memcachestat.php b/modules/memcacheMonitor/www/memcachestat.php
index fde791e558da79aa1ad5c266ed7b73ba1e7c2edc..0e79858b98387203181d0084e6d18ffe70e2a5fa 100644
--- a/modules/memcacheMonitor/www/memcachestat.php
+++ b/modules/memcacheMonitor/www/memcachestat.php
@@ -1,10 +1,19 @@
<?php
+/**
+ * @param int $input
+ * @return string
+ */
function tdate($input)
{
return date(DATE_RFC822, $input);
}
+
+/**
+ * @param int $input
+ * @return string
+ */
function hours($input)
{
if ($input < 60) {
@@ -19,6 +28,11 @@ function hours($input)
return number_format($input / (24 * 60 * 60), 2).' days';
}
+
+/**
+ * @param int $input
+ * @return string
+ */
function humanreadable($input)
{
$output = "";
diff --git a/modules/metarefresh/bin/metarefresh.php b/modules/metarefresh/bin/metarefresh.php
index b02fb75a6a2385eba494f4a41d060e52ff35ce60..87def0acdc4dec43060ace9914eeda8d68103376 100755
--- a/modules/metarefresh/bin/metarefresh.php
+++ b/modules/metarefresh/bin/metarefresh.php
@@ -5,6 +5,7 @@
* This script can be used to generate metadata for SimpleSAMLphp
* based on an XML metadata file.
*/
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
// This is the base directory of the SimpleSAMLphp installation
@@ -44,6 +45,11 @@ $certificates = null;
*/
$validateFingerprint = null;
+/* $validateFingerprintAlgorithm is the algorithm to use to compute the fingerprint of the
+ * certificate that signed the metadata.
+ */
+$validateFingerprintAlgorithm = null;
+
// This variable contains the files we will parse
$files = [];
@@ -97,6 +103,9 @@ foreach ($argv as $a) {
}
$validateFingerprint = $v;
break;
+ case '--validate-fingerprint-algorithm':
+ $validateFingerprintAlgorithm = $v;
+ break;
case '--help':
printHelp();
exit(0);
@@ -134,6 +143,9 @@ foreach ($files as $f) {
if (isset($validateFingerprint)) {
$source['validateFingerprint'] = $validateFingerprint;
}
+ if (isset($validateFingerprintAlgorithm)) {
+ $source['validateFingerprintAlgorithm'] = $validateFingerprintAlgorithm;
+ }
$metaloader->loadSource($source);
}
@@ -145,6 +157,7 @@ if ($toStdOut) {
/**
* This function prints the help output.
+ * @return void
*/
function printHelp()
{
@@ -167,6 +180,10 @@ function printHelp()
echo ' Check the signature of the metadata,'."\n";
echo ' and check the fingerprint of the'."\n";
echo ' certificate against <FINGERPRINT>.'."\n";
+ echo ' --validate-fingerprint-algorithm=<ALGORITHM>'."\n";
+ echo ' Use <ALGORITHM> to validate fingerprint of'."\n";
+ echo ' the certificate that signed the metadata.'."\n";
+ echo ' Default: '.XMLSecurityDSig::SHA1.".\n";
echo ' -h, --help Print this help.'."\n";
echo ' -o=<DIR>, --out-dir=<DIR> Write the output to this directory. The'."\n";
echo ' default directory is metadata-generated/.'."\n";
diff --git a/modules/metarefresh/config-templates/config-metarefresh.php b/modules/metarefresh/config-templates/config-metarefresh.php
index c8009d4c2756ced568d6507b286e833431040f46..333b75dee3bc31798d354ecb7e82c93bb8db27f5 100644
--- a/modules/metarefresh/config-templates/config-metarefresh.php
+++ b/modules/metarefresh/config-templates/config-metarefresh.php
@@ -44,6 +44,7 @@ $config = [
'rollover.crt',
],
'validateFingerprint' => '59:1D:4B:46:70:46:3E:ED:A9:1F:CC:81:6D:C0:AF:2A:09:2A:A8:01',
+ #'validateFingerprintAlgorithm' => RobRichards\XMLSecLibs\XMLSecurityDSig::SHA1,
'template' => [
'tags' => ['kalmar'],
'authproc' => [
diff --git a/modules/metarefresh/hooks/hook_cron.php b/modules/metarefresh/hooks/hook_cron.php
index 4ab82e2272d8eaf4fa9ed4b8f7d5016bf8bbbdad..a0bc57862cf75810ce099d1199a92b0024a809e4 100644
--- a/modules/metarefresh/hooks/hook_cron.php
+++ b/modules/metarefresh/hooks/hook_cron.php
@@ -6,6 +6,7 @@ use \SimpleSAML\Logger;
* Hook to run a cron job.
*
* @param array &$croninfo Output
+ * @return void
*/
function metarefresh_hook_cron(&$croninfo)
{
diff --git a/modules/metarefresh/hooks/hook_frontpage.php b/modules/metarefresh/hooks/hook_frontpage.php
index e66c583f29758151ea05e792c06f0809340e85e9..7c0c2ec91eb5593ebcc1f0b296317d09045cccdf 100644
--- a/modules/metarefresh/hooks/hook_frontpage.php
+++ b/modules/metarefresh/hooks/hook_frontpage.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to add links to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
-
function metarefresh_hook_frontpage(&$links)
{
assert(is_array($links));
diff --git a/modules/metarefresh/lib/ARP.php b/modules/metarefresh/lib/ARP.php
index c64ff3463f593c0ed0565b578e069eb70e7c43be..51d7dec690a5b54ff6c265df98e87dfce85f7c88 100644
--- a/modules/metarefresh/lib/ARP.php
+++ b/modules/metarefresh/lib/ARP.php
@@ -6,7 +6,6 @@ namespace SimpleSAML\Module\metarefresh;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class ARP
{
/**
@@ -17,7 +16,7 @@ class ARP
/**
* @var array
*/
- private $attributes;
+ private $attributes = [];
/**
* @var string
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index e8007803d579e9b72735b123ad28ac3a386dacf2..9802e665d3c3580c2ced664d83e9941f7503d60d 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -2,21 +2,34 @@
namespace SimpleSAML\Module\metarefresh;
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
use SimpleSAML\Logger;
/**
* @package SimpleSAMLphp
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
*/
-
class MetaLoader
{
+ /** @var int|null */
private $expire;
- private $metadata;
+
+ /** @var array */
+ private $metadata = [];
+
+ /** @var object|null */
private $oldMetadataSrc;
+
+ /** @var string|null */
private $stateFile;
- private $changed;
- private $state;
+
+ /** @var bool*/
+ private $changed = false;
+
+ /** @var array */
+ private $state = [];
+
+ /** @var array */
private $types = [
'saml20-idp-remote',
'saml20-sp-remote',
@@ -25,29 +38,27 @@ class MetaLoader
'attributeauthority-remote'
];
+
/**
* Constructor
*
- * @param integer $expire
- * @param string $stateFile
- * @param object $oldMetadataSrc
+ * @param int|null $expire
+ * @param string|null $stateFile
+ * @param object|null $oldMetadataSrc
*/
public function __construct($expire = null, $stateFile = null, $oldMetadataSrc = null)
{
$this->expire = $expire;
- $this->metadata = [];
$this->oldMetadataSrc = $oldMetadataSrc;
$this->stateFile = $stateFile;
- $this->changed = false;
// Read file containing $state from disk
if (is_readable($stateFile)) {
include $stateFile;
}
-
- $this->state = [];
}
+
/**
* Get the types of entities that will be loaded.
*
@@ -58,11 +69,13 @@ class MetaLoader
return $this->types;
}
+
/**
* Set the types of entities that will be loaded.
*
* @param string|array $types Either a string with the name of one single type allowed, or an array with a list of
* types. Pass an empty array to reset to all types of entities.
+ * @return void
*/
public function setTypes($types)
{
@@ -72,10 +85,12 @@ class MetaLoader
$this->types = $types;
}
+
/**
* This function processes a SAML metadata file.
*
- * @param $source
+ * @param $source array
+ * @return void
*/
public function loadSource($source)
{
@@ -154,7 +169,10 @@ class MetaLoader
if (array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== null) {
if (!array_key_exists('certificates', $source) || $source['certificates'] == null) {
- if (!$entity->validateFingerprint($source['validateFingerprint'])) {
+ $algo = isset($source['validateFingerprintAlgorithm'])
+ ? $source['validateFingerprintAlgorithm']
+ : XMLSecurityDSig::SHA1;
+ if (!$entity->validateFingerprint($source['validateFingerprint'], $algo)) {
Logger::info(
'Skipping "'.$entity->getEntityId().'" - could not verify signature using fingerprint.'."\n"
);
@@ -198,8 +216,12 @@ class MetaLoader
$this->saveState($source, $responseHeaders);
}
+
/**
* Create HTTP context, with any available caches taken into account
+ *
+ * @param array $source
+ * @return array
*/
private function createContext($source)
{
@@ -227,6 +249,10 @@ class MetaLoader
}
+ /**
+ * @param array $source
+ * @return void
+ */
private function addCachedMetadata($source)
{
if (isset($this->oldMetadataSrc)) {
@@ -245,6 +271,10 @@ class MetaLoader
/**
* Store caching state data for a source
+ *
+ * @param array $source
+ * @param array $responseHeaders
+ * @return void
*/
private function saveState($source, $responseHeaders)
{
@@ -268,8 +298,14 @@ class MetaLoader
}
}
+
/**
* Parse XML metadata and return entities
+ *
+ * @param string $data
+ * @param array $source
+ * @return \SimpleSAML\Metadata\SAMLParser[]
+ * @throws \Exception
*/
private function loadXML($data, $source)
{
@@ -287,6 +323,8 @@ class MetaLoader
/**
* This function writes the state array back to disk
+ *
+ * @return void
*/
public function writeState()
{
@@ -305,6 +343,8 @@ class MetaLoader
/**
* This function writes the metadata to stdout.
+ *
+ * @return void
*/
public function dumpMetadataStdOut()
{
@@ -332,8 +372,10 @@ class MetaLoader
* This function will return without making any changes if $metadata is NULL.
*
* @param string $filename The filename the metadata comes from.
- * @param array $metadata The metadata.
+ * @param array $metadata The metadata.
* @param string $type The metadata type.
+ * @param array|null $template The template.
+ * @return void
*/
private function addMetadata($filename, $metadata, $type, $template = null)
{
@@ -370,6 +412,9 @@ class MetaLoader
/**
* This function writes the metadata to an ARP file
+ *
+ * @param \SimpleSAML\Configuration $config
+ * @return void
*/
public function writeARPfile($config)
{
@@ -404,6 +449,9 @@ class MetaLoader
/**
* This function writes the metadata to to separate files in the output directory.
+ *
+ * @param string $outputDir
+ * @return void
*/
public function writeMetadataFiles($outputDir)
{
@@ -453,6 +501,7 @@ class MetaLoader
* Save metadata for loading with the 'serialize' metadata loader.
*
* @param string $outputDir The directory we should save the metadata to.
+ * @return void
*/
public function writeMetadataSerialize($outputDir)
{
@@ -499,6 +548,9 @@ class MetaLoader
}
+ /**
+ * @return string
+ */
private function getTime()
{
// The current date, as a string
diff --git a/modules/multiauth/lib/Auth/Source/MultiAuth.php b/modules/multiauth/lib/Auth/Source/MultiAuth.php
index c25f85ba5d224feb17c8751648f80d56f2239588..185ccb46b2ed5d80c6b7259d080fbb0f64e5d174 100644
--- a/modules/multiauth/lib/Auth/Source/MultiAuth.php
+++ b/modules/multiauth/lib/Auth/Source/MultiAuth.php
@@ -9,7 +9,6 @@ namespace SimpleSAML\Module\multiauth\Auth\Source;
* @author Lorenzo Gil, Yaco Sistemas S.L.
* @package SimpleSAMLphp
*/
-
class MultiAuth extends \SimpleSAML\Auth\Source
{
/**
@@ -42,6 +41,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
*/
private $preselect;
+
/**
* Constructor for this authentication source.
*
@@ -111,6 +111,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
}
}
+
/**
* Prompt the user with a list of authentication sources.
*
@@ -122,6 +123,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
* in the delegateAuthentication method.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -154,6 +156,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
assert(false);
}
+
/**
* Delegate authentication.
*
@@ -164,6 +167,8 @@ class MultiAuth extends \SimpleSAML\Auth\Source
*
* @param string $authId Selected authentication source
* @param array $state Information about the current authentication.
+ * @return void
+ * @throws \Exception
*/
public static function delegateAuthentication($authId, $state)
{
@@ -172,6 +177,10 @@ class MultiAuth extends \SimpleSAML\Auth\Source
$as = \SimpleSAML\Auth\Source::getById($authId);
$valid_sources = array_map(
+ /**
+ * @param array $src
+ * @return string
+ */
function ($src) {
return $src['source'];
},
@@ -201,6 +210,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
\SimpleSAML\Auth\Source::completeAuth($state);
}
+
/**
* Log out from this authentication source.
*
@@ -208,6 +218,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
* session and then call the logout method on it.
*
* @param array &$state Information about the current logout operation.
+ * @return void
*/
public function logout(&$state)
{
@@ -225,6 +236,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
$source->logout($state);
}
+
/**
* Set the previous authentication source.
*
@@ -232,6 +244,7 @@ class MultiAuth extends \SimpleSAML\Auth\Source
* by storing its name in a cookie.
*
* @param string $source Name of the authentication source the user selected.
+ * @return void
*/
public function setPreviousSource($source)
{
@@ -251,11 +264,13 @@ class MultiAuth extends \SimpleSAML\Auth\Source
\SimpleSAML\Utils\HTTP::setCookie($cookieName, $source, $params, false);
}
+
/**
* Get the previous authentication source.
*
* This method retrieves the authentication source that the user selected
* last time or NULL if this is the first time or remembering is disabled.
+ * @return string|null
*/
public function getPreviousSource()
{
diff --git a/modules/multiauth/www/selectsource.php b/modules/multiauth/www/selectsource.php
index 287f7808eab880abd9749df3e665f90f4b836fac..f18d60fbebacd67392106f0e92251246bb060ecd 100644
--- a/modules/multiauth/www/selectsource.php
+++ b/modules/multiauth/www/selectsource.php
@@ -19,6 +19,7 @@ $state = \SimpleSAML\Auth\State::loadState($authStateId, \SimpleSAML\Module\mult
if (array_key_exists("\SimpleSAML\Auth\Source.id", $state)) {
$authId = $state["\SimpleSAML\Auth\Source.id"];
+ /** @var \SimpleSAML\Module\multiauth\Auth\Source\MultiAuth $as */
$as = \SimpleSAML\Auth\Source::getById($authId);
} else {
$as = null;
diff --git a/modules/negotiate/lib/Auth/Source/Negotiate.php b/modules/negotiate/lib/Auth/Source/Negotiate.php
index bba08d6bbd2aff1b6fee9cbb47dfbd08e29c5b63..d70e21cbbf47984341e20d91b14535b7c1aa9fd9 100644
--- a/modules/negotiate/lib/Auth/Source/Negotiate.php
+++ b/modules/negotiate/lib/Auth/Source/Negotiate.php
@@ -16,20 +16,49 @@ class Negotiate extends \SimpleSAML\Auth\Source
// Constants used in the module
const STAGEID = '\SimpleSAML\Module\negotiate\Auth\Source\Negotiate.StageId';
+ /** @var \SimpleSAML\Auth\LDAP|null */
protected $ldap = null;
+
+ /** @var string */
protected $backend = '';
+
+ /** @var string*/
protected $hostname = '';
+
+ /** @var int */
protected $port = 389;
+
+ /** @var bool */
protected $referrals = true;
+
+ /** @var bool */
protected $enableTLS = false;
+
+ /** @var bool */
protected $debugLDAP = false;
+
+ /** @var int */
protected $timeout = 30;
+
+ /** @var string */
protected $keytab = '';
+
+ /** @var array */
protected $base = [];
+
+ /** @var array */
protected $attr = ['uid'];
+
+ /** @var array|null */
protected $subnet = null;
+
+ /** @var string|null */
protected $admin_user = null;
+
+ /** @var string|null */
protected $admin_pw = null;
+
+ /** @var array|null */
protected $attributes = null;
@@ -81,6 +110,7 @@ class Negotiate extends \SimpleSAML\Auth\Source
* LDAP is used as a user metadata source.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -187,6 +217,10 @@ class Negotiate extends \SimpleSAML\Auth\Source
}
+ /**
+ * @param array $spMetadata
+ * @return bool
+ */
public function spDisabledInMetadata($spMetadata)
{
if (array_key_exists('negotiate:disable', $spMetadata)) {
@@ -209,7 +243,7 @@ class Negotiate extends \SimpleSAML\Auth\Source
*
* Will return TRUE if no subnet option is configured.
*
- * @return boolean
+ * @return bool
*/
public function checkMask()
{
@@ -235,6 +269,7 @@ class Negotiate extends \SimpleSAML\Auth\Source
* wants to show the 401 message.
*
* @param array $params additional parameters to the URL in the URL in the body.
+ * @return void
*/
protected function sendNegotiate($params)
{
@@ -256,6 +291,7 @@ class Negotiate extends \SimpleSAML\Auth\Source
* Passes control of the login process to a different module.
*
* @param array $state Information about the current authentication.
+ * @return void
*
* @throws \SimpleSAML\Error\Error If couldn't determine the auth source.
* @throws \SimpleSAML\Error\Exception
@@ -290,7 +326,7 @@ class Negotiate extends \SimpleSAML\Auth\Source
*
* @param string $user The Kerberos user identifier.
*
- * @return string The DN to the user or NULL if not found.
+ * @return array|null The attributes for the user or NULL if not found.
*/
protected function lookupUserData($user)
{
@@ -315,6 +351,9 @@ class Negotiate extends \SimpleSAML\Auth\Source
/**
* Elevates the LDAP connection to allow restricted lookups if
* so configured. Does nothing if not.
+ *
+ * @return void
+ * @throws \SimpleSAML\Error\AuthSource
*/
protected function adminBind()
{
@@ -339,6 +378,7 @@ class Negotiate extends \SimpleSAML\Auth\Source
* logout call to the fallback module.
*
* @param array &$state Information about the current logout operation.
+ * @return void
*/
public function logout(&$state)
{
diff --git a/modules/negotiate/templates/redirect.twig b/modules/negotiate/templates/redirect.twig
index 3a69556eec3127cc60c5dec5ab09fac27d970857..f8162a40101b35bf4ec7c62e7d61f8c05a43f429 100644
--- a/modules/negotiate/templates/redirect.twig
+++ b/modules/negotiate/templates/redirect.twig
@@ -1,7 +1,7 @@
<!DOCTYPE HTML>
<html lang="en-US">
<head>
- <script src="{{ baseurlpath }}/assets/js/redirect.js"></script>
+ <script src="/{{ baseurlpath }}modules.php/negotiate/assets/js/redirect.js"></script>
<title>Redirect to login</title>
</head>
<body>
diff --git a/modules/oauth/config-template/module_oauth.php b/modules/oauth/config-template/module_oauth.php
deleted file mode 100644
index 63327d6be9a83f009b69908ec944ac9f025feb31..0000000000000000000000000000000000000000
--- a/modules/oauth/config-template/module_oauth.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-/*
- * Configuration for the OAuth module.
- *
- */
-
-$config = [
- /* Enable the getUserInfo endpoint. Do not enable unless you know what you do.
- * It may give external parties access to userInfo unless properly secured.
- */
- 'getUserInfo.enable' => true,
-
- 'requestTokenDuration' => 60 * 30, // 30 minutes
- 'accessTokenDuration' => 60 * 60 * 24, // 24 hours
- 'nonceCache' => 60 * 60 * 24 * 14, // 14 days
-
- // Tag to run storage cleanup script using the cron module...
- 'cron_tag' => 'hourly',
-
- // auth is the idp to use for admin authentication,
- // useridattr is the attribute-name that contains the userid as returned from idp
- 'auth' => 'default-sp',
- 'useridattr', 'user',
-];
diff --git a/modules/oauth/default-disable b/modules/oauth/default-disable
deleted file mode 100644
index fa0bd82e2df7bd79d57593d35bc53c1f9d3ef71f..0000000000000000000000000000000000000000
--- a/modules/oauth/default-disable
+++ /dev/null
@@ -1,3 +0,0 @@
-This file indicates that the default state of this module
-is disabled. To enable, create a file named enable in the
-same directory as this file.
diff --git a/modules/oauth/hooks/hook_cron.php b/modules/oauth/hooks/hook_cron.php
deleted file mode 100644
index 1a37cb41d6e4777583b75d23cad64f509ed2fc87..0000000000000000000000000000000000000000
--- a/modules/oauth/hooks/hook_cron.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-
-/**
- * Hook to run a cron job.
- *
- * @param array &$croninfo Output
- */
-
-function oauth_hook_cron(&$croninfo)
-{
- assert(is_array($croninfo));
- assert(array_key_exists('summary', $croninfo));
- assert(array_key_exists('tag', $croninfo));
-
- $oauthconfig = \SimpleSAML\Configuration::getOptionalConfig('module_statistics.php');
-
- if (is_null($oauthconfig->getValue('cron_tag', 'hourly'))) {
- return;
- }
- if ($oauthconfig->getValue('cron_tag', null) !== $croninfo['tag']) {
- return;
- }
-
- try {
- $store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
- $cleaned = $store->removeExpired();
- $croninfo['summary'][] = 'OAuth clean up. Removed '.$cleaned.' expired entries from OAuth storage.';
- } catch (\Exception $e) {
- $message = 'OAuth clean up cron script failed: '.$e->getMessage();
- \SimpleSAML\Logger::warning($message);
- $croninfo['summary'][] = $message;
- }
-}
diff --git a/modules/oauth/hooks/hook_frontpage.php b/modules/oauth/hooks/hook_frontpage.php
deleted file mode 100644
index 028e11c85d0750157741bb07f5b5cffe20ca6cbf..0000000000000000000000000000000000000000
--- a/modules/oauth/hooks/hook_frontpage.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-/**
- * Hook to add link to the frontpage.
- *
- * @param array &$links The links on the frontpage, split into sections.
- */
-function oauth_hook_frontpage(&$links)
-{
- assert(is_array($links));
- assert(array_key_exists('links', $links));
-
- $links['federation']['oauthregistry'] = [
- 'href' => SimpleSAML\Module::getModuleURL('oauth/registry.php'),
- 'text' => '{core:frontpage:link_oauth}',
- ];
-}
diff --git a/modules/oauth/lib/Consumer.php b/modules/oauth/lib/Consumer.php
deleted file mode 100644
index b3a4080ae6c384a48b3971fcc51c9354d1ac5f4d..0000000000000000000000000000000000000000
--- a/modules/oauth/lib/Consumer.php
+++ /dev/null
@@ -1,179 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\oauth;
-
-require_once(dirname(dirname(__FILE__)).'/libextinc/OAuth.php');
-
-/**
- * OAuth Consumer
- *
- * @author Andreas Ã…kre Solberg, <andreas.solberg@uninett.no>, UNINETT AS.
- * @package SimpleSAMLphp
- */
-
-class Consumer
-{
- private $consumer;
- private $signer;
-
- public function __construct($key, $secret)
- {
- $this->consumer = new \OAuthConsumer($key, $secret, null);
- $this->signer = new \OAuthSignatureMethod_HMAC_SHA1();
- }
-
- // Used only to load the libextinc library early
- public static function dummy()
- {
- }
-
- public static function getOAuthError($hrh)
- {
- foreach ($hrh as $h) {
- if (preg_match('|OAuth-Error:\s([^;]*)|i', $h, $matches)) {
- return $matches[1];
- }
- }
- return null;
- }
-
- public static function getContentType($hrh)
- {
- foreach ($hrh as $h) {
- if (preg_match('|Content-Type:\s([^;]*)|i', $h, $matches)) {
- return $matches[1];
- }
- }
- return null;
- }
-
- /*
- * This static helper function wraps \SimpleSAML\Utils\HTTP::fetch
- * and throws an exception with diagnostics messages if it appear
- * to be failing on an OAuth endpoint.
- *
- * If the status code is not 200, an exception is thrown. If the content-type
- * of the response if text/plain, the content of the response is included in
- * the text of the Exception thrown.
- */
- public static function getHTTP($url, $context = '')
- {
- try {
- $response = \SimpleSAML\Utils\HTTP::fetch($url);
- } catch (\SimpleSAML\Error\Exception $e) {
- $statuscode = 'unknown';
- if (preg_match('/^HTTP.*\s([0-9]{3})/', $http_response_header[0], $matches)) {
- $statuscode = $matches[1];
- }
-
- $error = $context.' [statuscode: '.$statuscode.']: ';
- $oautherror = self::getOAuthError($http_response_header);
-
- if (!empty($oautherror)) {
- $error .= $oautherror;
- }
-
- throw new \Exception($error.':'.$url);
- }
- // Fall back to return response, if could not reckognize HTTP header. Should not happen.
- return $response;
- }
-
- public function getRequestToken($url, $parameters = null)
- {
- $req_req = \OAuthRequest::from_consumer_and_token($this->consumer, null, "GET", $url, $parameters);
- $req_req->sign_request($this->signer, $this->consumer, null);
-
- $response_req = self::getHTTP(
- $req_req->to_url(),
- 'Contacting request_token endpoint on the OAuth Provider'
- );
-
- parse_str($response_req, $responseParsed);
-
- if (array_key_exists('error', $responseParsed)) {
- throw new \Exception('Error getting request token: '.$responseParsed['error']);
- }
-
- $requestToken = $responseParsed['oauth_token'];
- $requestTokenSecret = $responseParsed['oauth_token_secret'];
-
- return new \OAuthToken($requestToken, $requestTokenSecret);
- }
-
- public function getAuthorizeRequest($url, $requestToken, $redirect = true, $callback = null)
- {
- $params = ['oauth_token' => $requestToken->key];
- if ($callback) {
- $params['oauth_callback'] = $callback;
- }
- $authorizeURL = \SimpleSAML\Utils\HTTP::addURLParameters($url, $params);
- if ($redirect) {
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($authorizeURL);
- exit;
- }
- return $authorizeURL;
- }
-
- public function getAccessToken($url, $requestToken, $parameters = null)
- {
- $acc_req = \OAuthRequest::from_consumer_and_token($this->consumer, $requestToken, "GET", $url, $parameters);
- $acc_req->sign_request($this->signer, $this->consumer, $requestToken);
-
- try {
- $response_acc = \SimpleSAML\Utils\HTTP::fetch($acc_req->to_url());
- } catch (\SimpleSAML\Error\Exception $e) {
- throw new \Exception('Error contacting request_token endpoint on the OAuth Provider');
- }
-
- \SimpleSAML\Logger::debug('oauth: Reponse to get access token: '.$response_acc);
-
- parse_str($response_acc, $accessResponseParsed);
-
- if (array_key_exists('error', $accessResponseParsed)) {
- throw new \Exception('Error getting request token: '.$accessResponseParsed['error']);
- }
-
- $accessToken = $accessResponseParsed['oauth_token'];
- $accessTokenSecret = $accessResponseParsed['oauth_token_secret'];
-
- return new \OAuthToken($accessToken, $accessTokenSecret);
- }
-
- public function postRequest($url, $accessToken, $parameters)
- {
- $data_req = \OAuthRequest::from_consumer_and_token($this->consumer, $accessToken, "POST", $url, $parameters);
- $data_req->sign_request($this->signer, $this->consumer, $accessToken);
- $postdata = $data_req->to_postdata();
-
- $opts = [
- 'ssl' => [
- 'verify_peer' => false,
- 'capture_peer_cert' => true,
- 'capture_peer_chain' => true
- ],
- 'http' => [
- 'method' => 'POST',
- 'content' => $postdata,
- 'header' => 'Content-Type: application/x-www-form-urlencoded',
- ],
- ];
-
- try {
- $response = \SimpleSAML\Utils\HTTP::fetch($url, $opts);
- } catch (\SimpleSAML\Error\Exception $e) {
- throw new \SimpleSAML\Error\Exception('Failed to push definition file to '.$url);
- }
- return $response;
- }
-
- public function getUserInfo($url, $accessToken, $opts = null)
- {
- $data_req = \OAuthRequest::from_consumer_and_token($this->consumer, $accessToken, "GET", $url, null);
- $data_req->sign_request($this->signer, $this->consumer, $accessToken);
-
- $data = \SimpleSAML\Utils\HTTP::fetch($data_req->to_url(), $opts);
-
- return json_decode($data, true);
- }
-}
diff --git a/modules/oauth/lib/OAuthServer.php b/modules/oauth/lib/OAuthServer.php
deleted file mode 100644
index 41e60383ad92a01ebecc95fb7695f5d6c14c59eb..0000000000000000000000000000000000000000
--- a/modules/oauth/lib/OAuthServer.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\oauth;
-
-require_once(dirname(dirname(__FILE__)).'/libextinc/OAuth.php');
-
-/**
- * OAuth Provider implementation..
- *
- * @author Andreas Ã…kre Solberg, <andreas.solberg@uninett.no>, UNINETT AS.
- * @package SimpleSAMLphp
- */
-
-class OAuthServer extends \OAuthServer
-{
- public function __construct($store)
- {
- parent::__construct($store);
- }
-
- public function get_signature_methods()
- {
- return $this->signature_methods;
- }
-}
diff --git a/modules/oauth/lib/OAuthStore.php b/modules/oauth/lib/OAuthStore.php
deleted file mode 100644
index b0c9d222dd5176dd343878a774309676bf03eb2c..0000000000000000000000000000000000000000
--- a/modules/oauth/lib/OAuthStore.php
+++ /dev/null
@@ -1,213 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\oauth;
-
-require_once(dirname(dirname(__FILE__)).'/libextinc/OAuth.php');
-
-/**
- * OAuth Store
- *
- * Updated version, works with consumer-callbacks, certificates and 1.0-RevA protocol
- * behaviour (requestToken-callbacks and verifiers)
- *
- * @author Andreas Ã…kre Solberg, <andreas.solberg@uninett.no>, UNINETT AS.
- * @author Mark Dobrinic, <mdobrinic@cozmanova.com>, Cozmanova bv
- * @package SimpleSAMLphp
- */
-
-class OAuthStore extends \OAuthDataStore
-{
- private $store;
- private $config;
- private $defaultversion = '1.0';
-
- protected $_store_tables = [
- 'consumers' => 'consumer = array with consumer attributes',
- 'nonce' => 'nonce+consumer_key = -boolean-',
- 'requesttorequest' => 'requestToken.key = array(version,callback,consumerKey,)',
- 'authorized' => 'requestToken.key, verifier = array(authenticated-user-attributes)',
- 'access' => 'accessToken.key+consumerKey = accesstoken',
- 'request' => 'requestToken.key+consumerKey = requesttoken',
- ];
-
-
- public function __construct()
- {
- $this->store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
- $this->config = \SimpleSAML\Configuration::getOptionalConfig('module_oauth.php');
- }
-
-
- /**
- * Attach the data to the token, and establish the Callback URL and verifier
- * @param string $requestTokenKey RequestToken that was authorized
- * @param string $data Data that is authorized and to be attached to the requestToken
- * @return array(string:url, string:verifier) ; empty verifier for 1.0-response
- */
- public function authorize($requestTokenKey, $data)
- {
- $url = null;
-
- // See whether to remember values from the original requestToken request:
- $request_attributes = $this->store->get('requesttorequest', $requestTokenKey, '');
- // must be there
- if ($request_attributes['value']) {
- // establish callback to use
- if ($request_attributes['value']['callback']) {
- $url = $request_attributes['value']['callback'];
- }
- }
-
- // Is there a callback registered? This is leading, even over a supplied oauth_callback-parameter
- $oConsumer = $this->lookup_consumer($request_attributes['value']['consumerKey']);
-
- if ($oConsumer && ($oConsumer->callback_url)) {
- $url = $oConsumer->callback_url;
- }
-
- $verifier = \SimpleSAML\Utils\Random::generateID();
- $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, ["oauth_verifier"=>$verifier]);
-
- $this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 1800)); //60*30=1800
-
- return [$url, $verifier];
- }
-
- /**
- * Perform lookup whether a given token exists in the list of authorized tokens; if a verifier is
- * passed as well, the verifier *must* match the verifier that was registered with the token<br/>
- * Note that an accessToken should never be stored with a verifier
- * @param string $requestToken
- * @param string $verifier
- * @return bool
- */
- public function isAuthorized($requestToken, $verifier = '')
- {
- \SimpleSAML\Logger::info('OAuth isAuthorized('.$requestToken.')');
- return $this->store->exists('authorized', $requestToken, $verifier);
- }
-
- public function getAuthorizedData($token, $verifier = '')
- {
- \SimpleSAML\Logger::info('OAuth getAuthorizedData('.$token.')');
- $data = $this->store->get('authorized', $token, $verifier);
- return $data['value'];
- }
-
- public function moveAuthorizedData($requestToken, $verifier, $accessTokenKey)
- {
- \SimpleSAML\Logger::info('OAuth moveAuthorizedData('.$requestToken.', '.$accessTokenKey.')');
-
- // Retrieve authorizedData from authorized.requestToken (with provider verifier)
- $authorizedData = $this->getAuthorizedData($requestToken, $verifier);
-
- // Remove the requesttoken+verifier from authorized store
- $this->store->remove('authorized', $requestToken, $verifier);
-
- // Add accesstoken with authorizedData to authorized store (with empty verifier)
- // accessTokenKey+consumer => accessToken is already registered in 'access'-table
- $this->store->set('authorized', $accessTokenKey, '', $authorizedData, $this->config->getValue('accessTokenDuration', 86400)); //60*60*24=86400
- }
-
- public function lookup_consumer($consumer_key)
- {
- \SimpleSAML\Logger::info('OAuth lookup_consumer('.$consumer_key.')');
- if (!$this->store->exists('consumers', $consumer_key, '')) {
- return null;
- }
- $consumer = $this->store->get('consumers', $consumer_key, '');
-
- $callback = null;
- if ($consumer['value']['callback_url']) {
- $callback = $consumer['value']['callback_url'];
- }
-
- if ($consumer['value']['RSAcertificate']) {
- return new \OAuthConsumer($consumer['value']['key'], $consumer['value']['RSAcertificate'], $callback);
- } else {
- return new \OAuthConsumer($consumer['value']['key'], $consumer['value']['secret'], $callback);
- }
- }
-
- public function lookup_token($consumer, $tokenType = 'default', $token)
- {
- \SimpleSAML\Logger::info('OAuth lookup_token('.$consumer->key.', '.$tokenType.','.$token.')');
- $data = $this->store->get($tokenType, $token, $consumer->key);
- if ($data == null) {
- throw new \Exception('Could not find token');
- }
- return $data['value'];
- }
-
- public function lookup_nonce($consumer, $token, $nonce, $timestamp)
- {
- \SimpleSAML\Logger::info('OAuth lookup_nonce('.$consumer.', '.$token.','.$nonce.')');
- if ($this->store->exists('nonce', $nonce, $consumer->key)) {
- return true;
- }
- $this->store->set('nonce', $nonce, $consumer->key, true, $this->config->getValue('nonceCache', 1209600)); //60*60*24*14=1209600
- return false;
- }
-
- public function new_request_token($consumer, $callback = null, $version = null)
- {
- \SimpleSAML\Logger::info('OAuth new_request_token('.$consumer.')');
-
- $lifetime = $this->config->getValue('requestTokenDuration', 1800); //60*30
-
- $token = new \OAuthToken(\SimpleSAML\Utils\Random::generateID(), \SimpleSAML\Utils\Random::generateID());
- $token->callback = $callback; // OAuth1.0-RevA
- $this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
-
- // also store in requestToken->key => array('callback'=>CallbackURL, 'version'=>oauth_version
- $request_attributes = [
- 'callback' => $callback,
- 'version' => ($version ? $version : $this->defaultversion),
- 'consumerKey' => $consumer->key,
- ];
- $this->store->set('requesttorequest', $token->key, '', $request_attributes, $lifetime);
-
- /* also store in requestToken->key =>
- * Consumer->key (enables consumer-lookup during reqToken-authorization stage)
- */
- $this->store->set('requesttoconsumer', $token->key, '', $consumer->key, $lifetime);
-
- return $token;
- }
-
- public function new_access_token($requestToken, $consumer, $verifier = null)
- {
- \SimpleSAML\Logger::info('OAuth new_access_token('.$requestToken.','.$consumer.')');
- $accesstoken = new \OAuthToken(\SimpleSAML\Utils\Random::generateID(), \SimpleSAML\Utils\Random::generateID());
- $this->store->set(
- 'access',
- $accesstoken->key,
- $consumer->key,
- $accesstoken,
- $this->config->getValue('accessTokenDuration', 86400) //60*60*24=86400
- );
- return $accesstoken;
- }
-
- /**
- * Return OAuthConsumer-instance that a given requestToken was issued to
- * @param string $requestTokenKey
- * @return mixed
- */
- public function lookup_consumer_by_requestToken($requestTokenKey)
- {
- \SimpleSAML\Logger::info('OAuth lookup_consumer_by_requestToken('.$requestTokenKey.')');
- if (!$this->store->exists('requesttorequest', $requestTokenKey, '')) {
- return null;
- }
-
- $request = $this->store->get('requesttorequest', $requestTokenKey, '');
- $consumerKey = $request['value']['consumerKey'];
- if (!$consumerKey) {
- return null;
- }
-
- $consumer = $this->store->get('consumers', $consumerKey['value'], '');
- return $consumer['value'];
- }
-}
diff --git a/modules/oauth/lib/Registry.php b/modules/oauth/lib/Registry.php
deleted file mode 100644
index 0939be6f410ce90c587c388c7ffa15e7cbc89c12..0000000000000000000000000000000000000000
--- a/modules/oauth/lib/Registry.php
+++ /dev/null
@@ -1,151 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\oauth;
-
-/**
- * Editor for OAuth Client Registry
- *
- * @author Andreas Ã…kre Solberg <andreas@uninett.no>, UNINETT AS.
- * @package SimpleSAMLphp
- */
-
-class Registry
-{
- public static function requireOwnership($entry, $userid)
- {
- if (!isset($entry['owner'])) {
- throw new \Exception('OAuth Consumer has no owner. Which means no one is granted access, not even you.');
- } elseif ($entry['owner'] !== $userid) {
- throw new \Exception(
- 'OAuth Consumer has an owner that is not equal to your userid, hence you are not granted access.'
- );
- }
- }
-
- protected function getStandardField($request, &$entry, $key)
- {
- if (array_key_exists('field_'.$key, $request)) {
- $entry[$key] = $request['field_'.$key];
- } elseif (isset($entry[$key])) {
- unset($entry[$key]);
- }
- }
-
- public function formToMeta($request, $entry = [], $override = null)
- {
- $this->getStandardField($request, $entry, 'name');
- $this->getStandardField($request, $entry, 'description');
- $this->getStandardField($request, $entry, 'key');
- $this->getStandardField($request, $entry, 'secret');
- $this->getStandardField($request, $entry, 'RSAcertificate');
- $this->getStandardField($request, $entry, 'callback_url');
-
- if ($override) {
- foreach ($override as $key => $value) {
- $entry[$key] = $value;
- }
- }
- return $entry;
- }
-
- protected function requireStandardField($request, $key)
- {
- if (!array_key_exists('field_'.$key, $request)) {
- throw new \Exception('Required field ['.$key.'] was missing.');
- }
- if (empty($request['field_'.$key])) {
- throw new \Exception('Required field ['.$key.'] was empty.');
- }
- }
-
- public function checkForm($request)
- {
- $this->requireStandardField($request, 'name');
- $this->requireStandardField($request, 'description');
- $this->requireStandardField($request, 'key');
- }
-
- protected function header($name)
- {
- return '<tr><td> </td><td class="header">'.$name.'</td></tr>';
- }
-
- protected function readonlyDateField($metadata, $key, $name)
- {
- $value = '<span style="color: #aaa">Not set</a>';
- if (array_key_exists($key, $metadata)) {
- $value = date('j. F Y, G:i', $metadata[$key]);
- }
- return '<tr><td class="name">'.$name.'</td><td class="data">'.$value.'</td></tr>';
- }
-
- protected function readonlyField($metadata, $key, $name)
- {
- $value = '';
- if (array_key_exists($key, $metadata)) {
- $value = $metadata[$key];
- }
- return '<tr><td class="name">'.$name.'</td><td class="data">'.htmlspecialchars($value).'</td></tr>';
- }
-
- protected function hiddenField($key, $value)
- {
- return '<input type="hidden" name="'.$key.'" value="'.htmlspecialchars($value).'" />';
- }
-
- protected function flattenLanguageField(&$metadata, $key)
- {
- if (array_key_exists($key, $metadata)) {
- if (is_array($metadata[$key])) {
- if (isset($metadata[$key]['en'])) {
- $metadata[$key] = $metadata[$key]['en'];
- } else {
- unset($metadata[$key]);
- }
- }
- }
- }
-
- protected function standardField($metadata, $key, $name, $textarea = false)
- {
- $value = '';
- if (array_key_exists($key, $metadata)) {
- $value = htmlspecialchars($metadata[$key]);
- }
-
- if ($textarea) {
- return '<tr><td class="name">'.$name.'</td><td class="data">
- <textarea name="field_'.$key.'" rows="5" cols="50">'.$value.'</textarea></td></tr>';
- } else {
- return '<tr><td class="name">'.$name.'</td><td class="data">
- <input type="text" size="60" name="field_'.$key.'" value="'.$value.'" /></td></tr>';
- }
- }
-
- public function metaToForm($metadata)
- {
- return '<form action="registry.edit.php" method="post">'.
- '<div id="tabdiv">'.
- '<ul class="tabset_tabs">'.
- '<li class="tab-link current" data-tab="basic"><a href="#basic">Name and description</a></li>'.
- '</ul>'.
- '<div id="basic" class="tabset_content current"><table class="formtable">'.
- $this->standardField($metadata, 'name', 'Name of client').
- $this->standardField($metadata, 'description', 'Description of client', true).
- $this->readonlyField($metadata, 'owner', 'Owner').
- $this->standardField($metadata, 'key', 'Consumer Key').
- $this->readonlyField($metadata, 'secret', 'Consumer Secret<br />(Used for HMAC_SHA1 signatures)').
- $this->standardField(
- $metadata,
- 'RSAcertificate',
- 'RSA certificate (PEM)<br />(Used for RSA_SHA1 signatures)',
- true
- ).
- $this->standardField($metadata, 'callback_url', 'Static/enforcing callback-url').
- '</table></div>'.
- '</div>'.
- $this->hiddenField('field_secret', $metadata['secret']).
- '<input type="submit" name="submit" value="Save" style="margin-top: 5px" />'.
- '</form>';
- }
-}
diff --git a/modules/oauth/libextinc/LICENSE.txt b/modules/oauth/libextinc/LICENSE.txt
deleted file mode 100644
index 89f0591697f2a550b2003c9e05c778f367aac189..0000000000000000000000000000000000000000
--- a/modules/oauth/libextinc/LICENSE.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-The MIT License
-
-Copyright (c) 2007 Andy Smith
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
diff --git a/modules/oauth/libextinc/OAuth.php b/modules/oauth/libextinc/OAuth.php
deleted file mode 100644
index c8811d6ce1263032e6fe32c9227546a5014ad945..0000000000000000000000000000000000000000
--- a/modules/oauth/libextinc/OAuth.php
+++ /dev/null
@@ -1,991 +0,0 @@
-<?php
-/**
- * @file
- * OAuth 1.0 server and client library.
- */
-
-/**
- * OAuth PECL extension includes an OAuth Exception class, so we need to wrap
- * the definition of this class in order to avoid a PHP error.
- */
-if (!class_exists('OAuthException')) {
- /*
- * Generic exception class
- */
- class OAuthException extends Exception
- {
- // pass
- }
-}
-
-if (!class_exists('OAuthConsumer')) {
- class OAuthConsumer
- {
- public $key;
- public $secret;
- public $callback_url;
-
- public function __construct($key, $secret, $callback_url = null)
- {
- $this->key = $key;
- $this->secret = $secret;
- $this->callback_url = $callback_url;
- }
-
- public function __toString()
- {
- return "OAuthConsumer[key=$this->key,secret=$this->secret]";
- }
- }
-}
-
-class OAuthToken
-{
- // access tokens and request tokens
- public $key;
- public $secret;
-
- /**
- * key = the token
- * secret = the token secret
- */
- public function __construct($key, $secret)
- {
- $this->key = $key;
- $this->secret = $secret;
- }
-
- /**
- * generates the basic string serialization of a token that a server
- * would respond to request_token and access_token calls with
- */
- public function to_string()
- {
- return "oauth_token=".
- OAuthUtil::urlencode_rfc3986($this->key).
- "&oauth_token_secret=".
- OAuthUtil::urlencode_rfc3986($this->secret).
- "&oauth_callback_confirmed=true";
- }
-
- public function __toString()
- {
- return $this->to_string();
- }
-}
-
-/**
- * A class for implementing a Signature Method
- * See section 9 ("Signing Requests") in the spec
- */
-abstract class OAuthSignatureMethod
-{
- /**
- * Needs to return the name of the Signature Method (ie HMAC-SHA1)
- * @return string
- */
- abstract public function get_name();
-
- /**
- * Build up the signature
- * NOTE: The output of this function MUST NOT be urlencoded.
- * the encoding is handled in OAuthRequest when the final
- * request is serialized
- * @param OAuthRequest $request
- * @param OAuthConsumer $consumer
- * @param OAuthToken $token
- * @return string
- */
- abstract public function build_signature($request, $consumer, $token);
-
- /**
- * Verifies that a given signature is correct
- * @param OAuthRequest $request
- * @param OAuthConsumer $consumer
- * @param OAuthToken $token
- * @param string $signature
- * @return bool
- */
- public function check_signature($request, $consumer, $token, $signature)
- {
- $built = $this->build_signature($request, $consumer, $token);
-
- // Check for zero length, although unlikely here
- if (strlen($built) == 0 || strlen($signature) == 0) {
- return false;
- }
-
- if (strlen($built) != strlen($signature)) {
- return false;
- }
-
- // Avoid a timing leak with a (hopefully) time insensitive compare
- $result = 0;
- for ($i = 0; $i < strlen($signature); $i++) {
- $result |= ord($built{$i}) ^ ord($signature{$i});
- }
-
- return $result == 0;
- }
-}
-
-/**
- * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104]
- * where the Signature Base String is the text and the key is the concatenated values (each first
- * encoded per Parameter Encoding) of the Consumer Secret and Token Secret, separated by an '&'
- * character (ASCII code 38) even if empty.
- * - Chapter 9.2 ("HMAC-SHA1")
- */
-class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
-{
- public function get_name()
- {
- return "HMAC-SHA1";
- }
-
- public function build_signature($request, $consumer, $token)
- {
- $base_string = $request->get_signature_base_string();
- $request->base_string = $base_string;
-
- $key_parts = [
- $consumer->secret,
- ($token) ? $token->secret : ""
- ];
-
- $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
- $key = implode('&', $key_parts);
-
- return base64_encode(hash_hmac('sha1', $base_string, $key, true));
- }
-}
-
-/**
- * The PLAINTEXT method does not provide any security protection and SHOULD only be used
- * over a secure channel such as HTTPS. It does not use the Signature Base String.
- * - Chapter 9.4 ("PLAINTEXT")
- */
-class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod
-{
- public function get_name()
- {
- return "PLAINTEXT";
- }
-
- /**
- * oauth_signature is set to the concatenated encoded values of the Consumer Secret and
- * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
- * empty. The result MUST be encoded again.
- * - Chapter 9.4.1 ("Generating Signatures")
- *
- * Please note that the second encoding MUST NOT happen in the SignatureMethod, as
- * OAuthRequest handles this!
- */
- public function build_signature($request, $consumer, $token)
- {
- $key_parts = [
- $consumer->secret,
- ($token) ? $token->secret : ""
- ];
-
- $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
- $key = implode('&', $key_parts);
- $request->base_string = $key;
-
- return $key;
- }
-}
-
-/**
- * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in
- * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for
- * EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a
- * verified way to the Service Provider, in a manner which is beyond the scope of this
- * specification.
- * - Chapter 9.3 ("RSA-SHA1")
- */
-abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod
-{
- public function get_name()
- {
- return "RSA-SHA1";
- }
-
- // Up to the SP to implement this lookup of keys. Possible ideas are:
- // (1) do a lookup in a table of trusted certs keyed off of consumer
- // (2) fetch via http using a url provided by the requester
- // (3) some sort of specific discovery code based on request
- //
- // Either way should return a string representation of the certificate
- abstract protected function fetch_public_cert(&$request);
-
- // Up to the SP to implement this lookup of keys. Possible ideas are:
- // (1) do a lookup in a table of trusted certs keyed off of consumer
- //
- // Either way should return a string representation of the certificate
- abstract protected function fetch_private_cert(&$request);
-
- public function build_signature($request, $consumer, $token)
- {
- $base_string = $request->get_signature_base_string();
- $request->base_string = $base_string;
-
- // Fetch the private key cert based on the request
- $cert = $this->fetch_private_cert($request);
-
- // Pull the private key ID from the certificate
- $privatekeyid = openssl_get_privatekey($cert);
-
- // Sign using the key
- openssl_sign($base_string, $signature, $privatekeyid);
-
- // Release the key resource
- openssl_free_key($privatekeyid);
-
- return base64_encode($signature);
- }
-
- public function check_signature($request, $consumer, $token, $signature)
- {
- $decoded_sig = base64_decode($signature);
-
- $base_string = $request->get_signature_base_string();
-
- // Fetch the public key cert based on the request
- $cert = $this->fetch_public_cert($request);
-
- // Pull the public key ID from the certificate
- $publickeyid = openssl_get_publickey($cert);
-
- // Check the computed signature against the one passed in the query
- $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
-
- // Release the key resource
- openssl_free_key($publickeyid);
-
- return $ok == 1;
- }
-}
-
-class OAuthRequest
-{
- protected $parameters;
- protected $http_method;
- protected $http_url;
- // for debug purposes
- public $base_string;
- public static $version = '1.0';
- public static $POST_INPUT = 'php://input';
-
- public function __construct($http_method, $http_url, $parameters = null)
- {
- $parameters = ($parameters) ? $parameters : [];
- $parameters = array_merge(OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
- $this->parameters = $parameters;
- $this->http_method = $http_method;
- $this->http_url = $http_url;
- }
-
-
- /**
- * attempt to build up a request from what was passed to the server
- */
- public static function from_request($http_method = null, $http_url = null, $parameters = null)
- {
- $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
- ? 'http'
- : 'https';
- $http_url = ($http_url) ? $http_url : $scheme.
- '://'.$_SERVER['SERVER_NAME'].
- ':'.
- $_SERVER['SERVER_PORT'].
- $_SERVER['REQUEST_URI'];
- $http_method = ($http_method) ? $http_method : $_SERVER['REQUEST_METHOD'];
-
- // We weren't handed any parameters, so let's find the ones relevant to
- // this request.
- // If you run XML-RPC or similar you should use this to provide your own
- // parsed parameter-list
- if (!$parameters) {
- // Find request headers
- $request_headers = OAuthUtil::get_headers();
-
- // Parse the query-string to find GET parameters
- $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
-
- // It's a POST request of the proper content-type, so parse POST
- // parameters and add those overriding any duplicates from GET
- if ($http_method == "POST"
- && isset($request_headers['Content-Type'])
- && strstr($request_headers['Content-Type'], 'application/x-www-form-urlencoded')
- ) {
- $post_data = OAuthUtil::parse_parameters(
- file_get_contents(self::$POST_INPUT)
- );
- $parameters = array_merge($parameters, $post_data);
- }
-
- // We have a Authorization-header with OAuth data. Parse the header
- // and add those overriding any duplicates from GET or POST
- if (isset($request_headers['Authorization'])
- && substr($request_headers['Authorization'], 0, 6) == 'OAuth '
- ) {
- $header_parameters = OAuthUtil::split_header(
- $request_headers['Authorization']
- );
- $parameters = array_merge($parameters, $header_parameters);
- }
- }
-
- return new OAuthRequest($http_method, $http_url, $parameters);
- }
-
- /**
- * pretty much a helper function to set up the request
- */
- public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = null)
- {
- $parameters = ($parameters) ? $parameters : [];
- $defaults = ["oauth_version" => OAuthRequest::$version,
- "oauth_nonce" => OAuthRequest::generate_nonce(),
- "oauth_timestamp" => OAuthRequest::generate_timestamp(),
- "oauth_consumer_key" => $consumer->key];
- if ($token) {
- $defaults['oauth_token'] = $token->key;
- }
-
- $parameters = array_merge($defaults, $parameters);
-
- return new OAuthRequest($http_method, $http_url, $parameters);
- }
-
- public function set_parameter($name, $value, $allow_duplicates = true)
- {
- if ($allow_duplicates && isset($this->parameters[$name])) {
- // We have already added parameter(s) with this name, so add to the list
- if (is_scalar($this->parameters[$name])) {
- // This is the first duplicate, so transform scalar (string)
- // into an array so we can add the duplicates
- $this->parameters[$name] = [$this->parameters[$name]];
- }
-
- $this->parameters[$name][] = $value;
- } else {
- $this->parameters[$name] = $value;
- }
- }
-
- public function get_parameter($name)
- {
- return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
- }
-
- public function get_parameters()
- {
- return $this->parameters;
- }
-
- public function unset_parameter($name)
- {
- unset($this->parameters[$name]);
- }
-
- /**
- * The request parameters, sorted and concatenated into a normalized string.
- * @return string
- */
- public function get_signable_parameters()
- {
- // Grab all parameters
- $params = $this->parameters;
-
- // Remove oauth_signature if present
- // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
- if (isset($params['oauth_signature'])) {
- unset($params['oauth_signature']);
- }
-
- return OAuthUtil::build_http_query($params);
- }
-
- /**
- * Returns the base string of this request
- *
- * The base string defined as the method, the url
- * and the parameters (normalized), each urlencoded
- * and the concated with &.
- */
- public function get_signature_base_string()
- {
- $parts = [
- $this->get_normalized_http_method(),
- $this->get_normalized_http_url(),
- $this->get_signable_parameters()
- ];
-
- $parts = OAuthUtil::urlencode_rfc3986($parts);
-
- return implode('&', $parts);
- }
-
- /**
- * just uppercases the http method
- */
- public function get_normalized_http_method()
- {
- return strtoupper($this->http_method);
- }
-
- /**
- * parses the url and rebuilds it to be
- * scheme://host/path
- */
- public function get_normalized_http_url()
- {
- $parts = parse_url($this->http_url);
-
- $scheme = (isset($parts['scheme'])) ? $parts['scheme'] : 'http';
- $port = (isset($parts['port'])) ? $parts['port'] : (($scheme == 'https') ? '443' : '80');
- $host = (isset($parts['host'])) ? strtolower($parts['host']) : '';
- $path = (isset($parts['path'])) ? $parts['path'] : '';
-
- if (($scheme == 'https' && $port != '443')
- || ($scheme == 'http' && $port != '80')) {
- $host = "$host:$port";
- }
- return "$scheme://$host$path";
- }
-
- /**
- * builds a url usable for a GET request
- */
- public function to_url()
- {
- $post_data = $this->to_postdata();
- $out = $this->get_normalized_http_url();
- if ($post_data) {
- $out .= '?'.$post_data;
- }
- return $out;
- }
-
- /**
- * builds the data one would send in a POST request
- */
- public function to_postdata()
- {
- return OAuthUtil::build_http_query($this->parameters);
- }
-
- /**
- * builds the Authorization: header
- */
- public function to_header($realm = null)
- {
- $first = true;
- if ($realm) {
- $out = 'Authorization: OAuth realm="'.OAuthUtil::urlencode_rfc3986($realm).'"';
- $first = false;
- } else {
- $out = 'Authorization: OAuth';
- }
-
- foreach ($this->parameters as $k => $v) {
- if (substr($k, 0, 5) != "oauth") {
- continue;
- }
- if (is_array($v)) {
- throw new OAuthException('Arrays not supported in headers');
- }
- $out .= ($first) ? ' ' : ',';
- $out .= OAuthUtil::urlencode_rfc3986($k).
- '="'.
- OAuthUtil::urlencode_rfc3986($v).
- '"';
- $first = false;
- }
- return $out;
- }
-
- public function __toString()
- {
- return $this->to_url();
- }
-
-
- public function sign_request($signature_method, $consumer, $token)
- {
- $this->set_parameter(
- "oauth_signature_method",
- $signature_method->get_name(),
- false
- );
- $signature = $this->build_signature($signature_method, $consumer, $token);
- $this->set_parameter("oauth_signature", $signature, false);
- }
-
- public function build_signature($signature_method, $consumer, $token)
- {
- $signature = $signature_method->build_signature($this, $consumer, $token);
- return $signature;
- }
-
- /**
- * util function: current timestamp
- */
- private static function generate_timestamp()
- {
- return time();
- }
-
- /**
- * util function: current nonce
- */
- private static function generate_nonce()
- {
- $mt = microtime();
- $rand = mt_rand();
-
- return md5($mt.$rand); // md5s look nicer than numbers
- }
-}
-
-class OAuthServer
-{
- protected $timestamp_threshold = 300; // in seconds, five minutes
- protected $version = '1.0'; // hi blaine
- protected $signature_methods = [];
-
- protected $data_store;
-
- public function __construct($data_store)
- {
- $this->data_store = $data_store;
- }
-
- public function add_signature_method($signature_method)
- {
- $this->signature_methods[$signature_method->get_name()] =
- $signature_method;
- }
-
- // high level functions
-
- /**
- * process a request_token request
- * returns the request token on success
- */
- public function fetch_request_token(&$request)
- {
- $this->getVersion($request);
-
- $consumer = $this->getConsumer($request);
-
- // no token required for the initial token request
- $token = null;
-
- $this->checkSignature($request, $consumer, $token);
-
- // Rev A change
- $callback = $request->get_parameter('oauth_callback');
- $new_token = $this->data_store->new_request_token($consumer, $callback);
-
- return $new_token;
- }
-
- /**
- * process an access_token request
- * returns the access token on success
- */
- public function fetch_access_token(&$request)
- {
- $this->getVersion($request);
-
- $consumer = $this->getConsumer($request);
-
- // requires authorized request token
- $token = $this->getToken($request, $consumer, "request");
-
- $this->checkSignature($request, $consumer, $token);
-
- // Rev A change
- $verifier = $request->get_parameter('oauth_verifier');
- $new_token = $this->data_store->new_access_token($token, $consumer, $verifier);
-
- return $new_token;
- }
-
- /**
- * verify an api call, checks all the parameters
- */
- public function verify_request(&$request)
- {
- $this->getVersion($request);
- $consumer = $this->getConsumer($request);
- $token = $this->getToken($request, $consumer, "access");
- $this->checkSignature($request, $consumer, $token);
- return [$consumer, $token];
- }
-
- // Internals from here
- /**
- * version 1
- */
- private function getVersion(&$request)
- {
- $version = $request->get_parameter("oauth_version");
- if (!$version) {
- // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
- // Chapter 7.0 ("Accessing Protected Ressources")
- $version = '1.0';
- }
- if ($version !== $this->version) {
- throw new OAuthException("OAuth version '$version' not supported");
- }
- return $version;
- }
-
- /**
- * figure out the signature with some defaults
- */
- private function getSignatureMethod($request)
- {
- $signature_method = $request instanceof OAuthRequest
- ? $request->get_parameter("oauth_signature_method")
- : null;
-
- if (!$signature_method) {
- // According to chapter 7 ("Accessing Protected Ressources") the signature-method
- // parameter is required, and we can't just fallback to PLAINTEXT
- throw new OAuthException('No signature method parameter. This parameter is required');
- }
-
- if (!in_array($signature_method, array_keys($this->signature_methods))) {
- throw new OAuthException(
- "Signature method '$signature_method' not supported ".
- "try one of the following: ".
- implode(", ", array_keys($this->signature_methods))
- );
- }
- return $this->signature_methods[$signature_method];
- }
-
- /**
- * try to find the consumer for the provided request's consumer key
- */
- private function getConsumer($request)
- {
- $consumer_key = $request instanceof OAuthRequest
- ? $request->get_parameter("oauth_consumer_key")
- : null;
-
- if (!$consumer_key) {
- throw new OAuthException("Invalid consumer key");
- }
-
- $consumer = $this->data_store->lookup_consumer($consumer_key);
- if (!$consumer) {
- throw new OAuthException("Invalid consumer");
- }
-
- return $consumer;
- }
-
- /**
- * try to find the token for the provided request's token key
- */
- private function getToken($request, $consumer, $token_type = "access")
- {
- $token_field = $request instanceof OAuthRequest
- ? $request->get_parameter('oauth_token')
- : null;
-
- if (!empty($token_field)) {
- $token = $this->data_store->lookup_token($consumer, $token_type, $token_field);
- if (!$token) {
- throw new OAuthException('Invalid '.$token_type.' token: '.$token_field);
- }
- } else {
- $token = new OAuthToken('', '');
- }
- return $token;
- }
-
- /**
- * all-in-one function to check the signature on a request
- * should guess the signature method appropriately
- */
- private function checkSignature($request, $consumer, $token)
- {
- // this should probably be in a different method
- $timestamp = $request instanceof OAuthRequest
- ? $request->get_parameter('oauth_timestamp')
- : null;
- $nonce = $request instanceof OAuthRequest
- ? $request->get_parameter('oauth_nonce')
- : null;
-
- $this->checkTimestamp($timestamp);
- $this->checkNonce($consumer, $token, $nonce, $timestamp);
-
- $signature_method = $this->getSignatureMethod($request);
-
- $signature = $request->get_parameter('oauth_signature');
- $valid_sig = $signature_method->checkSignature(
- $request,
- $consumer,
- $token,
- $signature
- );
-
- if (!$valid_sig) {
- throw new OAuthException("Invalid signature");
- }
- }
-
- /**
- * check that the timestamp is new enough
- */
- private function checkTimestamp($timestamp)
- {
- if (!$timestamp) {
- throw new OAuthException(
- 'Missing timestamp parameter. The parameter is required'
- );
- }
-
- // verify that timestamp is recentish
- $now = time();
- if (abs($now - $timestamp) > $this->timestamp_threshold) {
- throw new OAuthException(
- "Expired timestamp, yours $timestamp, ours $now"
- );
- }
- }
-
- /**
- * check that the nonce is not repeated
- */
- private function checkNonce($consumer, $token, $nonce, $timestamp)
- {
- if (!$nonce) {
- throw new OAuthException(
- 'Missing nonce parameter. The parameter is required'
- );
- }
-
- // verify that the nonce is uniqueish
- $found = $this->data_store->lookup_nonce(
- $consumer,
- $token,
- $nonce,
- $timestamp
- );
- if ($found) {
- throw new OAuthException("Nonce already used: $nonce");
- }
- }
-}
-
-class OAuthDataStore
-{
- public function lookup_consumer($consumer_key)
- {
- // implement me
- }
-
- public function lookup_token($consumer, $token_type, $token)
- {
- // implement me
- }
-
- public function lookup_nonce($consumer, $token, $nonce, $timestamp)
- {
- // implement me
- }
-
- public function new_request_token($consumer, $callback = null)
- {
- // return a new token attached to this consumer
- }
-
- public function new_access_token($token, $consumer, $verifier = null)
- {
- // return a new access token attached to this consumer
- // for the user associated with this token if the request token
- // is authorized
- // should also invalidate the request token
- }
-}
-
-class OAuthUtil
-{
- public static function urlencode_rfc3986($input)
- {
- if (is_array($input)) {
- return array_map(['OAuthUtil', 'urlencode_rfc3986'], $input);
- } elseif (is_scalar($input)) {
- return str_replace(
- '+',
- ' ',
- str_replace('%7E', '~', rawurlencode($input))
- );
- } else {
- return '';
- }
- }
-
-
- // This decode function isn't taking into consideration the above
- // modifications to the encoding process. However, this method doesn't
- // seem to be used anywhere so leaving it as is.
- public static function urldecode_rfc3986($string)
- {
- return urldecode($string);
- }
-
- // Utility function for turning the Authorization: header into
- // parameters, has to do some unescaping
- // Can filter out any non-oauth parameters if needed (default behaviour)
- // May 28th, 2010 - method updated to tjerk.meesters for a speed improvement.
- // see http://code.google.com/p/oauth/issues/detail?id=163
- public static function split_header($header, $only_allow_oauth_parameters = true)
- {
- $params = [];
- if (preg_match_all(
- '/('.($only_allow_oauth_parameters ? 'oauth_' : '').'[a-z_-]*)=(:?"([^"]*)"|([^,]*))/',
- $header,
- $matches
- )) {
- foreach ($matches[1] as $i => $h) {
- $params[$h] = OAuthUtil::urldecode_rfc3986(empty($matches[3][$i]) ? $matches[4][$i] : $matches[3][$i]);
- }
- if (isset($params['realm'])) {
- unset($params['realm']);
- }
- }
- return $params;
- }
-
- // helper to try to sort out headers for people who aren't running apache
- public static function get_headers()
- {
- if (function_exists('apache_request_headers')) {
- // we need this to get the actual Authorization: header
- // because apache tends to tell us it doesn't exist
- $headers = apache_request_headers();
-
- // sanitize the output of apache_request_headers because
- // we always want the keys to be Cased-Like-This and arh()
- // returns the headers in the same case as they are in the
- // request
- $out = [];
- foreach ($headers as $key => $value) {
- $key = str_replace(
- " ",
- "-",
- ucwords(strtolower(str_replace("-", " ", $key)))
- );
- $out[$key] = $value;
- }
- } else {
- // otherwise we don't have apache and are just going to have to hope
- // that $_SERVER actually contains what we need
- $out = [];
- if (isset($_SERVER['CONTENT_TYPE'])) {
- $out['Content-Type'] = $_SERVER['CONTENT_TYPE'];
- }
- if (isset($_ENV['CONTENT_TYPE'])) {
- $out['Content-Type'] = $_ENV['CONTENT_TYPE'];
- }
-
- foreach ($_SERVER as $key => $value) {
- if (substr($key, 0, 5) == "HTTP_") {
- // this is chaos, basically it is just there to capitalize the first
- // letter of every word that is not an initial HTTP and strip HTTP
- // code from przemek
- $key = str_replace(
- " ",
- "-",
- ucwords(strtolower(str_replace("_", " ", substr($key, 5))))
- );
- $out[$key] = $value;
- }
- }
- // The "Authorization" header may get turned into "Auth".
- if (isset($out['Auth'])) {
- $out['Authorization'] = $out['Auth'];
- }
- }
- return $out;
- }
-
- // This function takes a input like a=b&a=c&d=e and returns the parsed
- // parameters like this
- // array('a' => array('b','c'), 'd' => 'e')
- public static function parse_parameters($input)
- {
- if (!isset($input) || !$input) {
- return [];
- }
-
- $pairs = explode('&', $input);
-
- $parsed_parameters = [];
- foreach ($pairs as $pair) {
- $split = explode('=', $pair, 2);
- $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
- $value = isset($split[1]) ? OAuthUtil::urldecode_rfc3986($split[1]) : '';
-
- if (isset($parsed_parameters[$parameter])) {
- // We have already recieved parameter(s) with this name, so add to the list
- // of parameters with this name
-
- if (is_scalar($parsed_parameters[$parameter])) {
- // This is the first duplicate, so transform scalar (string) into an array
- // so we can add the duplicates
- $parsed_parameters[$parameter] = [$parsed_parameters[$parameter]];
- }
-
- $parsed_parameters[$parameter][] = $value;
- } else {
- $parsed_parameters[$parameter] = $value;
- }
- }
- return $parsed_parameters;
- }
-
- public static function build_http_query($params)
- {
- if (!$params) {
- return '';
- }
-
- // Urlencode both keys and values
- $keys = OAuthUtil::urlencode_rfc3986(array_keys($params));
- $values = OAuthUtil::urlencode_rfc3986(array_values($params));
- $params = array_combine($keys, $values);
-
- // Parameters are sorted by name, using lexicographical byte value ordering.
- // Ref: Spec: 9.1.1 (1)
- uksort($params, 'strcmp');
-
- $pairs = [];
- foreach ($params as $parameter => $value) {
- if (is_array($value)) {
- // If two or more parameters share the same name, they are sorted by their value
- // Ref: Spec: 9.1.1 (1)
- // June 12th, 2010 - changed to sort because of issue 164 by hidetaka
- sort($value, SORT_STRING);
- foreach ($value as $duplicate_value) {
- $pairs[] = $parameter.'='.$duplicate_value;
- }
- } else {
- $pairs[] = $parameter.'='.$value;
- }
- }
- // For each parameter, the name is separated from the corresponding value by an '=' character (ASCII code 61)
- // Each name-value pair is separated by an '&' character (ASCII code 38)
- return implode('&', $pairs);
- }
-}
diff --git a/modules/oauth/templates/registry.edit.tpl.php b/modules/oauth/templates/registry.edit.tpl.php
deleted file mode 100644
index b43c40d39c3239424a148bff6084f0aa056b2406..0000000000000000000000000000000000000000
--- a/modules/oauth/templates/registry.edit.tpl.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php
-
-$this->data['jquery'] = ['core' => true, 'ui' => true, 'css' => true];
-$this->data['head'] = '<link rel="stylesheet" type="text/css" href="/'.
- $this->data['baseurlpath'].'module.php/oauth/assets/css/oauth.css" />'."\n";
-$this->data['head'] .= '<script type="text/javascript" src="/'.
- $this->data['baseurlpath'].'module.php/oauth/assets/js/oauth.js"></script>';
-
-$this->includeAtTemplateBase('includes/header.php');
-
-echo '<h1>OAuth Client</h1>';
-
-echo $this->data['form'];
-
-echo '<p style="float: right"><a href="registry.php">'.
- 'Return to entity listing <strong>without saving...</strong></a></p>';
-
-$this->includeAtTemplateBase('includes/footer.php');
diff --git a/modules/oauth/templates/registry.edit.twig b/modules/oauth/templates/registry.edit.twig
deleted file mode 100644
index ad9345d731a93a397528e1c6e2c0a05d7dd940f6..0000000000000000000000000000000000000000
--- a/modules/oauth/templates/registry.edit.twig
+++ /dev/null
@@ -1,18 +0,0 @@
-{% set pagetitle = 'SimpleSAMLphp'|trans %}
-{% extends "base.twig" %}
-
-{% block preload %}
- <link href="{{ baseurlpath }}assets/css/oauth.css" rel="stylesheet">
-{% endblock %}
-
-{% block postload %}
- <script src="{{ baseurlpath}}assets/js/oauth.js"></script>
-{% endblock %}
-
-{% block content %}
- <h1>OAuth Client</h1>
- {{ form|raw }}
- <p style="float: right">
- <a href="registry.php">Return to entity listing <strong>without saving...</strong></a>
- </p>
-{% endblock %}
diff --git a/modules/oauth/templates/registry.list.php b/modules/oauth/templates/registry.list.php
deleted file mode 100644
index 1c3b287fb696b8ced33285dbe34599ebd85426ef..0000000000000000000000000000000000000000
--- a/modules/oauth/templates/registry.list.php
+++ /dev/null
@@ -1,47 +0,0 @@
-<?php
-$this->data['jquery'] = ['core' => true, 'ui' => true, 'css' => true];
-$this->data['head'] = '<link rel="stylesheet" type="text/css" href="/'.
- $this->data['baseurlpath'].'module.php/oauth/assets/oauth.css" />'."\n";
-$this->includeAtTemplateBase('includes/header.php');
-
-echo '<h1>OAuth Client Registry</h1>';
-echo '<p>Here you can register new OAuth Clients. You are successfully logged in as '.
- htmlspecialchars($this->data['userid']).'</p>';
-
-echo '<h2>Your clients</h2>';
-echo '<table class="metalist" style="width: 100%">';
-$i = 0;
-$rows = ['odd', 'even'];
-foreach ($this->data['entries']['mine'] as $entryc) {
- $entry = $entryc['value'];
- $i++;
- echo '<tr class="'.$rows[$i % 2].'"><td>'.
- htmlspecialchars($entry['name']).'</td> <td><code>'.htmlspecialchars($entry['key']).
- '</code></td><td><a href="registry.edit.php?editkey='.urlencode($entry['key']).
- '">edit</a><a href="registry.php?delete='.urlencode($entry['key']).'">delete</a></td></tr>';
-}
-if ($i == 0) {
- echo'<tr><td colspan="3">No entries registered</td></tr>';
-}
-echo '</table>';
-
-echo '<p><a href="registry.edit.php">Add new client</a></p>';
-
-echo '<h2>Other clients</h2>';
-echo '<table class="metalist" style="width: 100%">';
-$i = 0;
-$rows = ['odd', 'even'];
-foreach ($this->data['entries']['others'] as $entryc) {
- $entry = $entryc['value'];
- $i++;
- echo '<tr class="'.$rows[$i % 2].'"><td>'.
- htmlspecialchars($entry['name']).'</td><td><code>'.htmlspecialchars($entry['key']).
- '</code></td><td>'.(isset($entry['owner']) ? htmlspecialchars($entry['owner']) : 'No owner').
- '</td></tr>';
-}
-if ($i == 0) {
- echo '<tr><td colspan="3">No entries registered</td></tr>';
-}
-echo '</table>';
-
-$this->includeAtTemplateBase('includes/footer.php');
diff --git a/modules/oauth/templates/registry.list.twig b/modules/oauth/templates/registry.list.twig
deleted file mode 100644
index 86bc5a6792a26489a6d52ec13b65538ab764ca82..0000000000000000000000000000000000000000
--- a/modules/oauth/templates/registry.list.twig
+++ /dev/null
@@ -1,58 +0,0 @@
-{% set pagetitle = 'SimpleSAMLphp'|trans %}
-{% extends "base.twig" %}
-
-{% block preload %}
- <link href="{{ baseurlpath }}assets/css/oauth.css" rel="stylesheet" />
-{% endblock %}
-
-{% block content %}
- <h1>OAuth Client Registry</h1>
- <p>Here you can register new OAuth Clients. You are successfully logged in as {{ userid|escape('html') }}</p>
- <h2>Your clients</h2>
-
- <table class="metalist" style="width: 100%;">
- {% for key, entryc in entries.mine %}
- {% if loop.index0 is even %}
- {% set class = 'even' %}
- {% else %}
- {% set class = 'odd' %}
- {% endif %}
- {% set entry = entryc.value %}
- <tr class="{{ class }}">
- <td>{{ entry.name|escape('html') }}</td>
- <td><kbd>{{ entry.key|escape('html') }}</kbd></td>
- <td>
- <a href="registry.edit.php?editkey={{ entry.key|escape('url') }}">edit</a>
- <a href="registry.php?delete={{ entry.key|escape('url') }}">delete</a>
- </td>
- </tr>
- {% else %}
- <tr><td colspan="3">No entries registered</td></tr>
- {% endfor %}
- </table>
-
- <p><a href="registry.edit.php">Add new client</a></p>
- <h2>Other clients</h2>
-
- <table class="metalist" style="width: 100%">
- {% for key, entryc in entries.others %}
- {% if loop.index0 is even %}
- {% set class = 'even' %}
- {% else %}
- {% set class = 'odd' %}
- {% endif %}
- {% set entry = entryc.value %}
- <tr class="{{ class }}">
- <td>{{ entry.name|escape('html') }}</td>
- <td><kbd>{{ entry.key|escape('html') }}</kbd></td>
- {% if eentry.owner is defined %}}
- <td>{{ entry.owner|escape('html') }}</td>
- {% else %}
- <td>No owner</td>
- {% endif %}
- </tr>
- {% else %}
- <tr><td colspan="3">No entries registered</td></tr>
- {% endfor %}
- </table>
-{% endblock%}
diff --git a/modules/oauth/templates/registry.saved.php b/modules/oauth/templates/registry.saved.php
deleted file mode 100644
index 2e4bd27a92a916384f614e8b55fd058803e9c199..0000000000000000000000000000000000000000
--- a/modules/oauth/templates/registry.saved.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-
-$this->includeAtTemplateBase('includes/header.php');
-
-echo '<h1>OAuth Client saved</h1>';
-echo '<p><a href="registry.php">Go back to OAuth client listing</a></p>';
-
-$this->includeAtTemplateBase('includes/footer.php');
diff --git a/modules/oauth/templates/registry.saved.twig b/modules/oauth/templates/registry.saved.twig
deleted file mode 100644
index 6c36465f7162b6b759ba0f41fdb4497b0364a8da..0000000000000000000000000000000000000000
--- a/modules/oauth/templates/registry.saved.twig
+++ /dev/null
@@ -1,9 +0,0 @@
-{% set pagetitle = 'SimpleSAMLphp'|trans %}
-{% extends "base.twig" %}
-
-{% block content %}
- <h1>OAith Client saved</h1>
- <p>
- <a href="registry.php">Go back to OAuth client listing</a>
- </p>
-{% endblock %}
diff --git a/modules/oauth/www/assets/css/oauth.css b/modules/oauth/www/assets/css/oauth.css
deleted file mode 100644
index 7b8ad7e92cb2d9fcf4f6f57ecaf714898bd15fa3..0000000000000000000000000000000000000000
--- a/modules/oauth/www/assets/css/oauth.css
+++ /dev/null
@@ -1,84 +0,0 @@
-table.formtable {
- width: 100%;
-}
-table.formtable tr td.name {
- text-align: right;
- vertical-align: top;
- padding-right: .6em;
-}
-table.formtable tr td.value {
- text-align: left;
- padding: 0px;
-}
-table.formtable tr td.header {
- padding-left: 5px;
- padding-top: 8px;
- font-weight: bold;
- font-size: 110%;
-}
-
-table.formtable tr td input,table.formtable tr td textarea {
- width: 90%;
- border: 1px solid #bbb;
- margin: 2px 5px;
- padding: 2px 4px;
-}
-
-table.metalist {
- border: 1px solid #aaa;
- border-collapse: collapse;
-}
-table.metalist tr td {
- padding: 2px 5px;
-}
-table.metalist tr.even td {
- background: #e5e5e5;
-}
-
-@media all {
- div#content {
- margin: .4em ! important;
- }
-
- form {
- display: inline;
- }
-
- ul.tabset_tabs {
- margin: 0px;
- padding: 0px;
- list-style: none;
- }
-
- ul.tabset_tabs li {
- background: none;
- color: #222;
- display: inline-block;
- padding: 10px 15px;
- cursor: pointer;
- }
-
- ul.tabset_tabs li.current {
- background: #ededed;
- color: #222;
- }
-
- .tabset_content {
- display: none;
- background: #ededed;
- padding: 15px;
- }
-
- .tabset_content.current {
- display: inherit;
- }
-
- #graph img {
- max-width: 77%;
- height: auto;
- }
- #table img {
- max-width: 77%;
- height: auto;
- }
-}
diff --git a/modules/oauth/www/assets/js/oauth.js b/modules/oauth/www/assets/js/oauth.js
deleted file mode 100644
index 442c63effcc4101a5f3ca02b50fb522cb83fd229..0000000000000000000000000000000000000000
--- a/modules/oauth/www/assets/js/oauth.js
+++ /dev/null
@@ -1,3 +0,0 @@
-document.addEventListener('DOMContentLoaded', function () {
- $("#tabdiv").tabs();
-});
diff --git a/modules/oauth/www/getUserInfo.php b/modules/oauth/www/getUserInfo.php
deleted file mode 100644
index ad9f878c8b511be1eaa9c87a1ff7ac15120f7b22..0000000000000000000000000000000000000000
--- a/modules/oauth/www/getUserInfo.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-require_once(dirname(dirname(__FILE__)).'/libextinc/OAuth.php');
-
-$oauthconfig = \SimpleSAML\Configuration::getConfig('module_oauth.php');
-
-if (!$oauthconfig->getBoolean('getUserInfo.enable', false)) {
- throw new \Exception(
- 'Get user info endpoint is disabled. This endpoint can be enabled in the module_oauth.php configuration file.'
- );
-}
-
-$store = new \SimpleSAML\Module\oauth\OAuthStore();
-$server = new \SimpleSAML\Module\oauth\OAuthServer($store);
-
-$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
-$plaintext_method = new OAuthSignatureMethod_PLAINTEXT();
-
-$server->add_signature_method($hmac_method);
-$server->add_signature_method($plaintext_method);
-
-$req = OAuthRequest::from_request();
-list($consumer, $token) = $server->verify_request($req);
-
-$data = $store->getAuthorizedData($token->key);
-
-echo json_encode($data);
diff --git a/modules/oauth/www/registry.edit.php b/modules/oauth/www/registry.edit.php
deleted file mode 100644
index a367c482050addb0af428e566bcdc40a6b1564bc..0000000000000000000000000000000000000000
--- a/modules/oauth/www/registry.edit.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<?php
-
-// Load SimpleSAMLphp, configuration and metadata
-$config = \SimpleSAML\Configuration::getInstance();
-$session = \SimpleSAML\Session::getSessionFromRequest();
-$oauthconfig = \SimpleSAML\Configuration::getOptionalConfig('module_oauth.php');
-
-$store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
-
-$authsource = "admin"; // force admin to authenticate as registry maintainer
-$useridattr = $oauthconfig->getValue('useridattr', 'user');
-
-if ($session->isValid($authsource)) {
- $attributes = $session->getAuthData($authsource, 'Attributes');
- // Check if userid exists
- if (!isset($attributes[$useridattr])) {
- throw new \Exception('User ID is missing');
- }
- $userid = $attributes[$useridattr][0];
-} else {
- $as = \SimpleSAML\Auth\Source::getById($authsource);
- $as->initLogin(\SimpleSAML\Utils\HTTP::getSelfURL());
-}
-
-if (array_key_exists('editkey', $_REQUEST)) {
- $entryc = $store->get('consumers', $_REQUEST['editkey'], '');
- $entry = $entryc['value'];
- \SimpleSAML\Module\oauth\Registry::requireOwnership($entry, $userid);
-} else {
- $entry = [
- 'owner' => $userid,
- 'key' => \SimpleSAML\Utils\Random::generateID(),
- 'secret' => \SimpleSAML\Utils\Random::generateID(),
- ];
-}
-
-$editor = new \SimpleSAML\Module\oauth\Registry();
-
-if (isset($_POST['submit'])) {
- $editor->checkForm($_POST);
-
- $entry = $editor->formToMeta($_POST, [], ['owner' => $userid]);
-
- \SimpleSAML\Module\oauth\Registry::requireOwnership($entry, $userid);
-
- $store->set('consumers', $entry['key'], '', $entry);
-
- $template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.saved.php');
- $template->data['entry'] = $entry;
- $template->show();
- exit;
-}
-
-$form = $editor->metaToForm($entry);
-
-$template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.edit.tpl.php');
-$template->data['form'] = $form;
-$template->data['jquery'] = ['core' => false, 'ui' => true, 'css' => true];
-$template->show();
diff --git a/modules/oauth/www/registry.php b/modules/oauth/www/registry.php
deleted file mode 100644
index 4431835a63786095977605465fdb10254b097940..0000000000000000000000000000000000000000
--- a/modules/oauth/www/registry.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-// Load SimpleSAMLphp, configuration and metadata
-$config = \SimpleSAML\Configuration::getInstance();
-$session = \SimpleSAML\Session::getSessionFromRequest();
-$oauthconfig = \SimpleSAML\Configuration::getOptionalConfig('module_oauth.php');
-
-$store = new \SimpleSAML\Module\core\Storage\SQLPermanentStorage('oauth');
-
-$authsource = "admin"; // force admin to authenticate as registry maintainer
-$useridattr = $oauthconfig->getValue('useridattr', 'user');
-
-if ($session->isValid($authsource)) {
- $attributes = $session->getAuthData($authsource, 'Attributes');
- // Check if userid exists
- if (!isset($attributes[$useridattr])) {
- throw new \Exception('User ID is missing');
- }
- $userid = $attributes[$useridattr][0];
-} else {
- $as = \SimpleSAML\Auth\Source::getById($authsource);
- $as->initLogin(\SimpleSAML\Utils\HTTP::getSelfURL());
-}
-
-if (isset($_REQUEST['delete'])) {
- $entryc = $store->get('consumers', $_REQUEST['delete'], '');
- $entry = $entryc['value'];
-
- \SimpleSAML\Module\oauth\Registry::requireOwnership($entry, $userid);
- $store->remove('consumers', $entry['key'], '');
-}
-
-$list = $store->getList('consumers');
-
-$slist = ['mine' => [], 'others' => []];
-if (is_array($list)) {
- foreach ($list as $listitem) {
- if (array_key_exists('owner', $listitem['value'])) {
- if ($listitem['value']['owner'] === $userid) {
- $slist['mine'][] = $listitem;
- continue;
- }
- }
- }
- $slist['others'][] = $listitem;
-}
-
-$template = new \SimpleSAML\XHTML\Template($config, 'oauth:registry.list.php');
-$template->data['entries'] = $slist;
-$template->data['userid'] = $userid;
-$template->show();
diff --git a/modules/portal/hooks/hook_htmlinject.php b/modules/portal/hooks/hook_htmlinject.php
index efa1984a32aa37402255535297c245325658deef..72235d7335907ae61bf0aee342e10729f768cb70 100644
--- a/modules/portal/hooks/hook_htmlinject.php
+++ b/modules/portal/hooks/hook_htmlinject.php
@@ -4,6 +4,7 @@
* Hook to inject HTML content into all pages...
*
* @param array &$hookinfo hookinfo
+ * @return void
*/
function portal_hook_htmlinject(&$hookinfo)
{
diff --git a/modules/portal/lib/Portal.php b/modules/portal/lib/Portal.php
index 517ce2edfa4a75bf7afa0798f0d3b9c8fa0f5fbc..3df6495b583b9db2d96925bc28e4355b485716d1 100644
--- a/modules/portal/lib/Portal.php
+++ b/modules/portal/lib/Portal.php
@@ -4,15 +4,28 @@ namespace SimpleSAML\Module\portal;
class Portal
{
+ /** @var array */
private $pages;
+
+ /** @var array|null */
private $config;
+
+ /**
+ * @param array $pages
+ * @param array|null $config
+ */
public function __construct($pages, $config = null)
{
$this->pages = $pages;
$this->config = $config;
}
+
+ /**
+ * @param string $thispage
+ * @return array|null
+ */
public function getTabset($thispage)
{
if (!isset($this->config)) {
@@ -26,6 +39,11 @@ class Portal
return null;
}
+
+ /**
+ * @param string $thispage
+ * @return bool
+ */
public function isPortalized($thispage)
{
foreach ($this->config as $set) {
@@ -36,6 +54,12 @@ class Portal
return false;
}
+
+ /**
+ * @param \SimpleSAML\Locale\Translate $translator
+ * @param string $thispage
+ * @return string
+ */
public function getLoginInfo($translator, $thispage)
{
$info = ['info' => '', 'translator' => $translator, 'thispage' => $thispage];
@@ -43,6 +67,11 @@ class Portal
return $info['info'];
}
+
+ /**
+ * @param string
+ * @return string
+ */
public function getMenu($thispage)
{
$config = \SimpleSAML\Configuration::getInstance();
diff --git a/modules/preprodwarning/dictionaries/warning.translation.json b/modules/preprodwarning/dictionaries/warning.translation.json
index d74684857e2d25395b6d5c2741ee3d62fc4128a3..206f63fd8c6b40d9d33f9d7532c0c98ed01f6981 100644
--- a/modules/preprodwarning/dictionaries/warning.translation.json
+++ b/modules/preprodwarning/dictionaries/warning.translation.json
@@ -4,7 +4,7 @@
"nn": "Du er no inne p\u00e5 eit testsystem. Denne autentiseringsl\u00f8ysinga er for testing og beta-drift, ikkje for vanleg drift. Dersom du har f\u00e5tt peikar hit og du ikkje er <i>utviklar<\/i>, s\u00e5 er du truleg p\u00e5 feil plass og <i>skulle ikkje vore her<\/i>.",
"sv": "Du har kommit till en tj\u00e4nst som \u00e4nnu inte \u00e4r i drift. Denna autentisieringskonfiguration \u00e4r f\u00f6r testning och tidig produktionskontroll. Om n\u00e5gon har skickat dig en l\u00e4nk hit och du inte \u00e4r en <i>en testare<\/i> har du troligtvis f\u00e5tt fel l\u00e4nk.",
"es": "Est\u00e1 accediendo a un sistema en pre-producci\u00f3n. Esta configuraci\u00f3n es \u00fanicamente para pruebas y para verificaci\u00f3n del sistema de preproducci\u00f3n. Si sigui\u00f3 un enlace que alguien le envi\u00f3 para llegar hasta aqu\u00ed y no es un <i>probador<\/i> probablemente se trata de un error, y usted <b>no deber\u00eda estar aqu\u00ed<\/b>",
- "nl": "Je gaat nu een pre-productiesysteem gebruiken. Deze authenticatie is uitsluitend opgezet voor testen en pre-productie-verfificatie. Als iemand je een link hierheen stuurde, en je bent geen <i>tester<\/i>, dan is dit waarschijlijk een vergissing en zou je <b>niet hier moeten zijn<\/b>.",
+ "nl": "Je gaat nu een pre-productiesysteem gebruiken. Deze authenticatie is uitsluitend opgezet voor testen en pre-productie-verfificatie. Als iemand je een link hierheen stuurde, en je bent geen <i>tester<\/i>, dan is dit waarschijnlijk een vergissing en zou je <b>niet hier moeten zijn<\/b>.",
"sl": "Dostopate do predprodukcijskega sistema, ki je namenjen izklju\u010dno preizku\u0161anju. V primeru da ste pristali na tej strani med postopkom prijave v produkcijsko storitev, je storitev verjetno napa\u010dno nastavljena.",
"da": "Du tilg\u00e5r nu et pre-produktions-system. Dette autentificeringssetup er kun til test og pre-produktion verifikation. Hvis nogen har sendt et link, som peger her og du ikke er en <i>tester<\/i>, s\u00e5 har du sikekrt f\u00e5et et forkert lin og burde <b>ikke v\u00e6re her.<\/b> ",
"hr": "Pristupate sustavu koji se nalazi u pretprodukcijskoj fazi. Ove autentifikacijske postavke slu\u017ee za testiranje i provjeru ispravnosti rada pretprodukcijskog sustava. Ako vam je netko poslao adresu koja pokazuje na ovu stranicu, a vi niste <i>osoba zadu\u017eena za testiranje<\/i>, vjerojatno ste <b>na ovu stranicu do\u0161li gre\u0161kom<\/b>.",
diff --git a/modules/preprodwarning/lib/Auth/Process/Warning.php b/modules/preprodwarning/lib/Auth/Process/Warning.php
index bbc6fdadb2d20f684c75db19e17f5e7419dce5bf..6a7c7925d100c0b3393981993b8318e1fd0f5dd5 100644
--- a/modules/preprodwarning/lib/Auth/Process/Warning.php
+++ b/modules/preprodwarning/lib/Auth/Process/Warning.php
@@ -17,6 +17,7 @@ class Warning extends \SimpleSAML\Auth\ProcessingFilter
* can authorize the release of the attributes.
*
* @param array $state The state of the response.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/preprodwarning/locales/nl/LC_MESSAGES/preprodwarning.po b/modules/preprodwarning/locales/nl/LC_MESSAGES/preprodwarning.po
index 1d8811edf2955ecfac2c71da37619b9014e46c78..e282707afd6f332ed43cb1c91097d324b2b6630d 100644
--- a/modules/preprodwarning/locales/nl/LC_MESSAGES/preprodwarning.po
+++ b/modules/preprodwarning/locales/nl/LC_MESSAGES/preprodwarning.po
@@ -23,7 +23,7 @@ msgstr ""
"Je gaat nu een pre-productiesysteem gebruiken. Deze authenticatie is "
"uitsluitend opgezet voor testen en pre-productie-verfificatie. Als iemand"
" je een link hierheen stuurde, en je bent geen <i>tester</i>, dan is dit "
-"waarschijlijk een vergissing en zou je <b>niet hier moeten zijn</b>."
+"waarschijnlijk een vergissing en zou je <b>niet hier moeten zijn</b>."
msgid "{preprodwarning:warning:yes}"
msgstr "Ja, ik begrijp dat ik een pre-productiesysteem ga gebruiken"
@@ -37,7 +37,7 @@ msgstr ""
"Je gaat nu een pre-productiesysteem gebruiken. Deze authenticatie is "
"uitsluitend opgezet voor testen en pre-productie-verfificatie. Als iemand"
" je een link hierheen stuurde, en je bent geen <i>tester</i>, dan is dit "
-"waarschijlijk een vergissing en zou je <b>niet hier moeten zijn</b>."
+"waarschijnlijk een vergissing en zou je <b>niet hier moeten zijn</b>."
msgid "Warning about accessing a pre-production system"
msgstr "Waarschuwing: dit is een pre-productiesysteem"
diff --git a/modules/radius/lib/Auth/Source/Radius.php b/modules/radius/lib/Auth/Source/Radius.php
index 70a192b4136b913ff5bbfbfc4479a4cf3602fe79..62590680aa911e9cfb5c58b564e56bda1113736b 100644
--- a/modules/radius/lib/Auth/Source/Radius.php
+++ b/modules/radius/lib/Auth/Source/Radius.php
@@ -9,65 +9,65 @@ namespace SimpleSAML\Module\radius\Auth\Source;
*
* @package SimpleSAMLphp
*/
-
class Radius extends \SimpleSAML\Module\core\Auth\UserPassBase
{
/**
- * The list of radius servers to use.
+ * @var array The list of radius servers to use.
*/
private $servers;
/**
- * The hostname of the radius server.
+ * @var string The hostname of the radius server.
*/
private $hostname;
/**
- * The port of the radius server.
+ * @var int The port of the radius server.
*/
private $port;
/**
- * The secret used when communicating with the radius server.
+ * @var string The secret used when communicating with the radius server.
*/
private $secret;
/**
- * The timeout for contacting the radius server.
+ * @var int The timeout for contacting the radius server.
*/
private $timeout;
/**
- * The number of retries which should be attempted.
+ * @var int The number of retries which should be attempted.
*/
private $retries;
/**
- * The realm to be added to the entered username.
+ * Var string The realm to be added to the entered username.
*/
private $realm;
/**
- * The attribute name where the username should be stored.
+ * @var string The attribute name where the username should be stored.
*/
private $usernameAttribute;
/**
- * The vendor for the RADIUS attributes we are interrested in.
+ * @var string The vendor for the RADIUS attributes we are interrested in.
*/
private $vendor;
/**
- * The vendor-specific attribute for the RADIUS attributes we are
- * interrested in.
+ * @var string The vendor-specific attribute for the RADIUS attributes we are
+ * interrested in.
*/
private $vendorType;
/**
- * The NAS-Identifier that should be set in Access-Request packets.
+ * @var string The NAS-Identifier that should be set in Access-Request packets.
*/
private $nasIdentifier;
+
/**
* Constructor for this authentication source.
*
diff --git a/modules/riak/config-templates/module_riak.php b/modules/riak/config-templates/module_riak.php
deleted file mode 100644
index 99f535fee579d461b295c9bfcc90234f3d4cf099..0000000000000000000000000000000000000000
--- a/modules/riak/config-templates/module_riak.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-/*
- * The configuration of the riak Store module
- *
- */
-
-$config = [
- /*
- * This module has the following config options and defaults.
- *
- * 'path' => 'riak-php-client/riak.php',
- * 'host' => 'localhost',
- * 'port' => 8098,
- * 'bucket' => 'SimpleSAMLphp',
- */
-];
diff --git a/modules/riak/default-disable b/modules/riak/default-disable
deleted file mode 100644
index fa0bd82e2df7bd79d57593d35bc53c1f9d3ef71f..0000000000000000000000000000000000000000
--- a/modules/riak/default-disable
+++ /dev/null
@@ -1,3 +0,0 @@
-This file indicates that the default state of this module
-is disabled. To enable, create a file named enable in the
-same directory as this file.
diff --git a/modules/riak/docs/simplesamlphp-riak.md b/modules/riak/docs/simplesamlphp-riak.md
deleted file mode 100644
index c5e13a721098f14ba275690acd0ffbe6c4722129..0000000000000000000000000000000000000000
--- a/modules/riak/docs/simplesamlphp-riak.md
+++ /dev/null
@@ -1,117 +0,0 @@
-Riak Store module
-=================
-
-<!--
- This file is written in Markdown syntax.
- For more information about how to use the Markdown syntax, read here:
- http://daringfireball.net/projects/markdown/syntax
--->
-
-
-<!-- {{TOC}} -->
-
-Introduction
-------------
-
-The riak module implements a Store that can be used as a backend
-for SimpleSAMLphp session data like the phpsession, sql, or memcache
-backends.
-
-Preparations
-------------
-
-The obvious first step for using Riak as a backend is to install
-and configure a Riak cluster for SimpleSAMLphp to use. Please refer
-to the Riak documentation for this.
-
-This module requires the use of a Riak backend that supports secondary
-indexes. Refer to the Riak documentation on how to enable an
-appropriate backend for use by this module. Currently the only
-storage backend that supports secondary indexes is leveldb.
-
-Next, you will need to install the Riak PHP Client library, available
-from https://github.com/basho/riak-php-client.
-
-Finally, you need to config SimpleSAMLphp to for the riak Store by
-enabling the following modules:
-
- 1. cron
- 2. riak
-
-The cron module allows you to do tasks regularly by setting up a
-cronjob that calls hooks in SimpleSAMLphp. This is required by the
-riak module to remove expired entries in the store.
-
-Enabling the riak module allows it to be loaded and used as a storage
-backend.
-
-You also need to copy the `config-templates` files from the cron
-module above into the global `config/` directory.
-
- $ cd /var/simplesamlphp
- $ touch modules/cron/enable
- $ cp modules/cron/config-templates/*.php config/
- $ touch modules/riak/enable
- $ cp modules/riak/config-templates/*.php config/
-
-
-Configuring the cron module
----------------------------
-
-At `/var/simplesamlphp/config`
-
- $ vi module_cron.php
-
-edit:
-
- $config = array (
- 'key' => 'secret',
- 'allowed_tags' => array('daily', 'hourly', 'frequent'),
- 'debug_message' => TRUE,
- 'sendemail' => TRUE,
- );
-
-Then: With your browser go to => https://simplesamlphp_machine/simplesaml/module.php/cron/croninfo.php
-
-And copy the cron's sugestion:
-
- -------------------------------------------------------------------------------------------------------------------
- Cron is a way to run things regularly on unix systems.
-
- Here is a suggestion for a crontab file:
-
- # Run cron [daily]
- 02 0 * * * curl --silent "https://simplesamlphp_machine/simplesaml/module.php/cron/cron.php?key=secret&tag=daily" > /dev/null 2>&1
- # Run cron [hourly]
- 01 * * * * curl --silent "https://simplesamlphp_machine/simplesaml/module.php/cron/cron.php?key=secret&tag=hourly" > /dev/null 2>&1
- # Run cron [frequent]
- XXXXXXXXXX curl --silent "https://simplesamlphp_machine/simplesaml/module.php/cron/cron.php?key=secret&tag=frequent" > /dev/null 2>&1
- Click here to run the cron jobs:
-
- Run cron [daily]
- Run cron [hourly]
- Run cron [frequent]
- -------------------------------------------------------------------------------------------------------------------
-
-Add to CRON with
-
- # crontab -e
-
-Configuring the riak module
----------------------------
-
-The riak module uses the following configuration options specified
-in `config/module_riak.php`. The defaults are listed:
-
- $config = array(
- 'path' => 'riak-php-client/riak.php',
- 'host' => 'localhost',
- 'port' => 8098,
- 'bucket' => 'SimpleSAMLphp',
- );
-
-Finally, the module can be specified as the Store in `config/config.php`
-with the following setting:
-
- 'store.type' => 'riak:Store',
-
diff --git a/modules/riak/hooks/hook_cron.php b/modules/riak/hooks/hook_cron.php
deleted file mode 100644
index c42d2c313e75b66cb6855a2b353e7033e1ebdff9..0000000000000000000000000000000000000000
--- a/modules/riak/hooks/hook_cron.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\riak;
-
-/*
- * Copyright (c) 2012 The University of Queensland
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Written by David Gwynne <dlg@uq.edu.au> as part of the IT
- * Infrastructure Group in the Faculty of Engineering, Architecture
- * and Information Technology.
- */
-
-/**
- * Hook to run a cron job.
- *
- * @param array &$croninfo Output
- */
-function riak_hook_cron(&$croninfo)
-{
- assert(is_array($croninfo));
- assert(array_key_exists('summary', $croninfo));
- assert(array_key_exists('tag', $croninfo));
-
- if ($croninfo['tag'] !== 'hourly') {
- return;
- }
-
- try {
- $store = new \SimpleSAML\Module\riak\Store\Store();
- $result = $store->bucket->indexSearch('expires', 'int', 1, time() - 30);
- foreach ($result as $link) {
- $link->getBinary()->delete();
- }
-
- \SimpleSAML\Logger::info(
- sprintf("deleted %s riak key%s", sizeof($result), sizeof($result) == 1 ? '' : 's')
- );
- } catch (\Exception $e) {
- $message = 'riak threw exception: '.$e->getMessage();
- \SimpleSAML\Logger::warning($message);
- $croninfo['summary'][] = $message;
- }
-}
diff --git a/modules/riak/lib/Store/Store.php b/modules/riak/lib/Store/Store.php
deleted file mode 100644
index c44f599502e9bea7073e5ce84d164ebd4f782ee8..0000000000000000000000000000000000000000
--- a/modules/riak/lib/Store/Store.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\riak\Store;
-
-/*
- * Copyright (c) 2012 The University of Queensland
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Written by David Gwynne <dlg@uq.edu.au> as part of the IT
- * Infrastructure Group in the Faculty of Engineering, Architecture
- * and Information Technology.
- */
-
-class Store extends \SimpleSAML\Store
-{
- public $client;
- public $bucket;
-
- protected function __construct()
- {
- $config = \SimpleSAML\Configuration::getConfig('module_riak.php');
-
- $path = $config->getString('path', 'riak-php-client/riak.php');
- $host = $config->getString('host', 'localhost');
- $port = $config->getString('port', 8098);
- $bucket = $config->getString('bucket', 'simpleSAMLphp');
-
- require_once($path);
- $this->client = new \RiakClient($host, $port);
- $this->bucket = $this->client->bucket($bucket);
- }
-
- /**
- * Retrieve a value from the datastore.
- *
- * @param string $type The datatype.
- * @param string $key The key.
- * @return mixed|NULL The value.
- */
- public function get($type, $key)
- {
- assert(is_string($type));
- assert(is_string($key));
-
- $v = $this->bucket->getBinary("$type.$key");
- if (!$v->exists()) {
- return null;
- }
-
- $expires = $v->getIndex('Expires', 'int');
- if (sizeof($expires) && (int) array_shift($expires) <= time()) {
- $v->delete();
- return null;
- }
-
- return (unserialize($v->getData()));
- }
-
- /**
- * Save a value to the datastore.
- *
- * @param string $type The datatype.
- * @param string $key The key.
- * @param mixed $value The value.
- * @param int|NULL $expire The expiration time (unix timestamp), or NULL if it never expires.
- */
- public function set($type, $key, $value, $expire = null)
- {
- assert(is_string($type));
- assert(is_string($key));
- assert($expire === null || (is_int($expire) && $expire > 2592000));
-
- $v = $this->bucket->newBinary("$type.$key", serialize($value), 'application/php');
- if (!is_null($expire)) {
- $v->addIndex("Expires", "int", $expire);
- }
-
- $v->store();
- }
-
- /**
- * Delete a value from the datastore.
- *
- * @param string $type The datatype.
- * @param string $key The key.
- */
- public function delete($type, $key)
- {
- assert(is_string($type));
- assert(is_string($key));
-
- $v = $this->bucket->getBinary("$type.$key");
- if (!$v->exists()) {
- return;
- }
- $v->delete();
- }
-}
diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php
index e1dc65c36f81892947e651fc296020ad3bfb7090..9a13aa878befa7da01edfa760b48b7bc2fe19caa 100644
--- a/modules/saml/hooks/hook_metadata_hosted.php
+++ b/modules/saml/hooks/hook_metadata_hosted.php
@@ -4,8 +4,8 @@
* Hook to add the metadata for hosted entities to the frontpage.
*
* @param array &$metadataHosted The metadata links for hosted metadata on the frontpage.
+ * @return void
*/
-
function saml_hook_metadata_hosted(&$metadataHosted)
{
assert(is_array($metadataHosted));
@@ -13,6 +13,7 @@ function saml_hook_metadata_hosted(&$metadataHosted)
$sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP');
foreach ($sources as $source) {
+ /** @var \SimpleSAML\Auth\Source $source */
$metadata = $source->getMetadata();
$name = $metadata->getValue('name', null);
diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
index 106d7b51f06f7472ece5bc013f6f38e3fa938958..f579d2c5528802ed4e65c7e3afe8b0609f8e8693 100644
--- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
@@ -7,15 +7,14 @@ namespace SimpleSAML\Module\saml\Auth\Process;
*
* @package SimpleSAMLphp
*/
-
class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
{
/**
* The URI we should set as the AuthnContextClassRef in the login response.
*
- * @var string
+ * @var string|null
*/
- private $authnContextClassRef;
+ private $authnContextClassRef = null;
/**
@@ -43,6 +42,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
* Set the AuthnContextClassRef in the SAML 2 response.
*
* @param array &$state The state array for this request.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
index fd6277732326b7bfad1cc82bce053b7f3d217b85..b7aa14698a55f5443b104c520737dd6862850d20 100644
--- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
@@ -29,9 +29,9 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
/**
* AuthnContextClassRef of the assertion
- * @var string
+ * @var string|null
*/
- private $AuthnContextClassRef;
+ private $AuthnContextClassRef = null;
/**
@@ -62,6 +62,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
/**
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
@@ -87,6 +88,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
* permission logic.
*
* @param array $request
+ * @return void
*/
protected function unauthorized(&$request)
{
diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php
index 67ef886df09e4dec683df2fbced1bf02d6c1ca44..1478112be462d1a4956a16d818dbca8f61609faa 100644
--- a/modules/saml/lib/Auth/Process/FilterScopes.php
+++ b/modules/saml/lib/Auth/Process/FilterScopes.php
@@ -15,7 +15,7 @@ use SimpleSAML\Logger;
class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
{
/**
- * Stores any pre-configured scoped attributes which come from the filter configuration.
+ * @var array Stores any pre-configured scoped attributes which come from the filter configuration.
*/
private $scopedAttributes = [
'eduPersonScopedAffiliation',
@@ -44,6 +44,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
* This method applies the filter, removing any values
*
* @param array &$request the current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index e8c27dba78416342ff436bb0b6e73b64b6cb33a5..1ee6e5f421cd4faaed1fe65f346e64269b117f0c 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -103,6 +103,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
* Convert NameID to attribute.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index f627f164e777314b908164d3081e6510cba26a75..7bf2e2f1bbc1043da516f141ae333f38dab0dbf7 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -21,7 +21,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
/**
* Whether we should insert it as an saml:NameID element.
*
- * @var boolean
+ * @var bool
*/
private $nameId;
@@ -55,6 +55,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
* Store a NameID to attribute.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 9187ed846df8b77813ac994018aa381b0bff957f..62cf5331e1b3cad865a1400317a54a0fd7b49f92 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -86,6 +86,7 @@ class SP extends Source
}
}
+
/**
* Retrieve the URL to the metadata of this SP.
*
@@ -96,6 +97,7 @@ class SP extends Source
return \SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/'.urlencode($this->authId));
}
+
/**
* Retrieve the entity id of this SP.
*
@@ -440,6 +442,7 @@ class SP extends Source
*
* @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
{
@@ -471,11 +474,13 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
+
/**
* Send a SAML2 SSO request to an IdP
*
* @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state)
{
@@ -647,6 +652,7 @@ class SP extends Source
assert(false);
}
+
/**
* Function to actually send the authentication request.
*
@@ -655,6 +661,7 @@ class SP extends Source
* @param array &$state The state array.
* @param \SAML2\Binding $binding The binding.
* @param \SAML2\AuthnRequest $ar The authentication request.
+ * @return void
*/
public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
{
@@ -662,11 +669,13 @@ class SP extends Source
assert(false);
}
+
/**
* Send a SSO request to an IdP.
*
* @param string $idp The entity ID of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
public function startSSO($idp, array $state)
{
@@ -688,10 +697,12 @@ class SP extends Source
}
}
+
/**
* Start an IdP discovery service operation.
*
* @param array $state The state array.
+ * @return void
*/
private function startDisco(array $state)
{
@@ -722,12 +733,14 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params);
}
+
/**
* Start login.
*
* This function saves the information about the login, and redirects to the IdP.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -779,6 +792,7 @@ class SP extends Source
assert(false);
}
+
/**
* Re-authenticate an user.
*
@@ -786,6 +800,7 @@ class SP extends Source
* interact with the user even in the case when the user is already authenticated.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function reauthenticate(array &$state)
{
@@ -867,6 +882,7 @@ class SP extends Source
* - 'core:IdP': the identifier of the local IdP.
* - 'SPMetadata': an array with the metadata of this local SP.
*
+ * @return void
* @throws \SimpleSAML\Error\NoPassive In case the authentication request was passive.
*/
public static function askForIdPChange(array &$state)
@@ -891,12 +907,14 @@ class SP extends Source
assert(false);
}
+
/**
* Log the user out before logging in again.
*
* This method will never return.
*
* @param array $state The state array.
+ * @return void
*/
public static function reauthLogout(array $state)
{
@@ -912,10 +930,12 @@ class SP extends Source
assert(false);
}
+
/**
* Complete login operation after re-authenticating the user on another IdP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function reauthPostLogin(array $state)
{
@@ -931,6 +951,7 @@ class SP extends Source
assert(false);
}
+
/**
* Post-logout handler for re-authentication.
*
@@ -938,6 +959,7 @@ class SP extends Source
*
* @param \SimpleSAML\IdP $idp The IdP we are logging out from.
* @param array &$state The state array with the state during logout.
+ * @return void
*/
public static function reauthPostLogout(\SimpleSAML\IdP $idp, array $state)
{
@@ -956,10 +978,12 @@ class SP extends Source
assert(false);
}
+
/**
* Start a SAML 2 logout operation.
*
* @param array $state The logout state.
+ * @return void
*/
public function startSLO2(&$state)
{
@@ -1004,10 +1028,12 @@ class SP extends Source
assert(false);
}
+
/**
* Start logout operation.
*
* @param array $state The logout state.
+ * @return void
*/
public function logout(&$state)
{
@@ -1028,12 +1054,14 @@ class SP extends Source
}
}
+
/**
* Handle a response from a SSO operation.
*
* @param array $state The authentication state.
* @param string $idp The entity id of the IdP.
* @param array $attributes The attributes.
+ * @return void
*/
public function handleResponse(array $state, $idp, array $attributes)
{
@@ -1073,10 +1101,12 @@ class SP extends Source
self::onProcessingCompleted($authProcState);
}
+
/**
* Handle a logout request from an IdP.
*
* @param string $idpEntityId The entity ID of the IdP.
+ * @return void
*/
public function handleLogout($idpEntityId)
{
@@ -1086,6 +1116,7 @@ class SP extends Source
$this->callLogoutCallback($idpEntityId);
}
+
/**
* Handle an unsolicited login operations.
*
@@ -1099,6 +1130,7 @@ class SP extends Source
* the session. The function will check if the URL is allowed, so there is no need to
* manually check the URL on beforehand. Please refer to the 'trusted.url.domains'
* configuration directive for more information about allowing (or disallowing) URLs.
+ * @return void
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
@@ -1111,10 +1143,12 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
+
/**
* Called when we have completed the procssing chain.
*
* @param array $authProcState The processing chain state.
+ * @return void
*/
public static function onProcessingCompleted(array $authProcState)
{
diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php
index 39a4a3f00e61969ad8a7a264806554829ca1c98b..7c7bcf2c2064927e723e1ab1efe61c865b0b73ef 100644
--- a/modules/saml/lib/BaseNameIDGenerator.php
+++ b/modules/saml/lib/BaseNameIDGenerator.php
@@ -7,7 +7,6 @@ namespace SimpleSAML\Module\saml;
*
* @package SimpleSAMLphp
*/
-
abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -37,11 +36,11 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
/**
* The format of this NameID.
*
- * This property must be initialized the subclass.
+ * This property must be set by the subclass.
*
- * @var string
+ * @var string|null
*/
- protected $format;
+ protected $format = null;
/**
@@ -81,6 +80,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
* Generate transient NameID.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php
index e158a666b590f08c8b7add6e289ce48a4cd2b324..5e78d48278a6bc7e63728120b41b60e2f88ab643 100644
--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -12,10 +12,8 @@ use SimpleSAML\Utils\HTTP;
*
* @package SimpleSAMLphp
*/
-
class SAML1
{
-
/**
* Retrieve the metadata of a hosted SAML 1.1 IdP.
*
@@ -73,7 +71,7 @@ class SAML1
);
if (!$config->hasValue('OrganizationURL')) {
- throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+ throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
}
@@ -125,6 +123,7 @@ class SAML1
* Send a response to the SP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function sendResponse(array $state)
{
@@ -176,6 +175,7 @@ class SAML1
* Receive an authentication request.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
{
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index bce1bf077dbb38802f86e6cd13bea26e087b54c0..aeece087423d2e99f2892b7c598f1d95ed8d3a91 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -17,13 +17,13 @@ use SimpleSAML\Utils\HTTP;
*
* @package SimpleSAMLphp
*/
-
class SAML2
{
/**
* Send a response to the SP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function sendResponse(array $state)
{
@@ -101,6 +101,7 @@ class SAML2
* \SimpleSAML\Error\Exception $exception The exception.
*
* @param array $state The error state.
+ * @return void
*/
public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state)
{
@@ -162,11 +163,11 @@ class SAML2
*
* @param array $supportedBindings The bindings we allow for the response.
* @param \SimpleSAML\Configuration $spMetadata The metadata for the SP.
- * @param string|NULL $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
- * @param string|NULL $ProtocolBinding ProtocolBinding from request.
- * @param int|NULL $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
+ * @param string|null $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
+ * @param string|null $ProtocolBinding ProtocolBinding from request.
+ * @param int|null $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
*
- * @return array Array with the Location and Binding we should use for the response.
+ * @return array|null Array with the Location and Binding we should use for the response.
*/
private static function getAssertionConsumerService(
array $supportedBindings,
@@ -252,6 +253,7 @@ class SAML2
* Receive an authentication request.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs when trying to receive the request.
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
@@ -463,12 +465,14 @@ class SAML2
$idp->handleAuthenticationRequest($state);
}
+
/**
* Send a logout request to a given association.
*
* @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
* @param array $association The association that should be terminated.
- * @param string|NULL $relayState An id that should be carried across the logout.
+ * @param string|null $relayState An id that should be carried across the logout.
+ * @return void
*/
public static function sendLogoutRequest(\SimpleSAML\IdP $idp, array $association, $relayState)
{
@@ -505,6 +509,7 @@ class SAML2
*
* @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
* @param array &$state The logout state array.
+ * @return void
*/
public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
{
@@ -562,6 +567,7 @@ class SAML2
* Receive a logout message.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message.
*/
public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
@@ -1194,17 +1200,17 @@ class SAML2
$a->setAttributes($attributes);
}
+ $nameIdFormat = null;
+
// generate the NameID for the assertion
if (isset($state['saml:NameIDFormat'])) {
$nameIdFormat = $state['saml:NameIDFormat'];
- } else {
- $nameIdFormat = null;
}
if ($nameIdFormat === null || !isset($state['saml:NameID'][$nameIdFormat])) {
// either not set in request, or not set to a format we supply. Fall back to old generation method
$nameIdFormat = current($spMetadata->getArrayizeString('NameIDFormat', []));
- if ($nameIdFormat === null) {
+ if ($nameIdFormat === false) {
$nameIdFormat = current($idpMetadata->getArrayizeString('NameIDFormat', [\SAML2\Constants::NAMEID_TRANSIENT]));
}
}
diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php
index 95d5712df26a64a808b072144af9e397b905acee..e62f77f0f76787b89500621397dbc74cec1b2aef 100644
--- a/modules/saml/lib/IdP/SQLNameID.php
+++ b/modules/saml/lib/IdP/SQLNameID.php
@@ -7,13 +7,13 @@ namespace SimpleSAML\Module\saml\IdP;
*
* @package SimpleSAMLphp
*/
-
class SQLNameID
{
/**
* Create NameID table in SQL, if it is missing.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function createTable(\SimpleSAML\Store\SQL $store)
{
@@ -68,6 +68,7 @@ class SQLNameID
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
* @param string $value The NameID value.
+ * @return void
*/
public static function add($idpEntityId, $spEntityId, $user, $value)
{
@@ -98,7 +99,7 @@ class SQLNameID
* @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
- * @return string|NULL $value The NameID value, or NULL of no NameID value was found.
+ * @return string|null $value The NameID value, or NULL of no NameID value was found.
*/
public static function get($idpEntityId, $spEntityId, $user)
{
@@ -135,6 +136,7 @@ class SQLNameID
* @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
+ * @return void
*/
public static function delete($idpEntityId, $spEntityId, $user)
{
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index a0f71931047530360fb41d4168301d57d6b14393..c68a2647cb7f597db4ec2f8fa3b2ee8ac77bba7a 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -19,6 +19,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\SignedElement $element The element we should add the data to.
+ * @return void
*/
public static function addSign(
\SimpleSAML\Configuration $srcMetadata,
@@ -68,6 +69,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\Message $message The message we should add the data to.
+ * @return void
*/
private static function addRedirectSign(
\SimpleSAML\Configuration $srcMetadata,
@@ -144,7 +146,7 @@ class Message
*
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion.
- * @return boolean True if the signature is correct, false otherwise.
+ * @return bool True if the signature is correct, false otherwise.
*
* @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity.
* @throws \Exception if the signature validation fails with an exception.
@@ -233,6 +235,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\Message $message The message we should check the signature on.
+ * @return void
*
* @throws \SimpleSAML\Error\Exception if message validation is enabled, but there is no signature in the message.
*/
@@ -396,6 +399,8 @@ class Message
$lastException = $e;
}
}
+
+ /** @var \Exception $lastException */
throw $lastException;
}
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 8ea35423a5c3e81bd937f1d7bcd9cff1857f547d..7d995b369a01f0a43a947e91a2b83d96d1e33806 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -14,6 +14,7 @@ class LogoutStore
* Create logout table in SQL, if it is missing.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function createLogoutTable(\SimpleSAML\Store\SQL $store)
{
@@ -70,6 +71,7 @@ class LogoutStore
* Clean the logout table of expired entries.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store)
{
@@ -90,6 +92,9 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param string $nameId The hash of the users NameID.
* @param string $sessionIndex The SessionIndex of the user.
+ * @param int $expire
+ * @param string $sessionId
+ * @return void
*/
private static function addSessionSQL(
\SimpleSAML\Store\SQL $store,
@@ -102,8 +107,8 @@ class LogoutStore
assert(is_string($authId));
assert(is_string($nameId));
assert(is_string($sessionIndex));
- assert(is_string($sessionId));
assert(is_int($expire));
+ assert(is_string($sessionId));
self::createLogoutTable($store);
@@ -202,6 +207,8 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
* @param string|null $sessionIndex The SessionIndex of the user.
+ * @param int $expire
+ * @return void
*/
public static function addSession($authId, $nameId, $sessionIndex, $expire)
{
@@ -254,7 +261,7 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
* @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty.
- * @returns int|false Number of sessions logged out, or FALSE if not supported.
+ * @return int|false Number of sessions logged out, or FALSE if not supported.
*/
public static function logoutSessions($authId, $nameId, array $sessionIndexes)
{
diff --git a/modules/sanitycheck/hooks/hook_configpage.php b/modules/sanitycheck/hooks/hook_configpage.php
index a4db0492e7139c7cdaed3741af3bbf45b0643e55..68856b9305f72040d8c14a372ee18d1fb908a074 100644
--- a/modules/sanitycheck/hooks/hook_configpage.php
+++ b/modules/sanitycheck/hooks/hook_configpage.php
@@ -1,8 +1,10 @@
<?php
+
/**
* Hook to add the sanitycheck link to the config page.
*
* @param \SimpleSAML\XHTML\Template $template The template that we should alter in this hook.
+ * @return void
*/
function sanitycheck_hook_configpage(\SimpleSAML\XHTML\Template &$template)
{
diff --git a/modules/sanitycheck/hooks/hook_cron.php b/modules/sanitycheck/hooks/hook_cron.php
index 15e0736ddbdd7c6457dd586b210f7af6ae4295db..0ab1a6604666aaa381e6334644c1fbd40954377d 100644
--- a/modules/sanitycheck/hooks/hook_cron.php
+++ b/modules/sanitycheck/hooks/hook_cron.php
@@ -1,10 +1,11 @@
<?php
+
/**
* Hook to run a cron job.
*
* @param array &$croninfo Output
+ * @return void
*/
-
function sanitycheck_hook_cron(&$croninfo)
{
assert(is_array($croninfo));
@@ -35,7 +36,7 @@ function sanitycheck_hook_cron(&$croninfo)
$croninfo['summary'][] = 'Sanitycheck error: '.$err;
}
}
- } catch (Exception $e) {
+ } catch (\Exception $e) {
$croninfo['summary'][] = 'Error executing sanity check: '.$e->getMessage();
}
}
diff --git a/modules/sanitycheck/hooks/hook_frontpage.php b/modules/sanitycheck/hooks/hook_frontpage.php
index 1e860e6e68234e8fbca4688fda72ee8e15b216d5..e1b1a126d9c94b0df8816ac3f87d11fe6b03e268 100644
--- a/modules/sanitycheck/hooks/hook_frontpage.php
+++ b/modules/sanitycheck/hooks/hook_frontpage.php
@@ -1,8 +1,10 @@
<?php
+
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
function sanitycheck_hook_frontpage(&$links)
{
diff --git a/modules/sanitycheck/hooks/hook_moduleinfo.php b/modules/sanitycheck/hooks/hook_moduleinfo.php
index 87d014e2ec5a2e0c2098e1fe9aab5a60062d9d26..d0eb684e1f3ab7ba9455a77dbae25a0a4a1a76ab 100644
--- a/modules/sanitycheck/hooks/hook_moduleinfo.php
+++ b/modules/sanitycheck/hooks/hook_moduleinfo.php
@@ -1,8 +1,10 @@
<?php
+
/**
* This hook lets the module describe itself.
*
* @param array &$moduleinfo The links on the frontpage, split into sections.
+ * @return void
*/
function sanitycheck_hook_moduleinfo(&$moduleinfo)
{
diff --git a/modules/sanitycheck/hooks/hook_sanitycheck.php b/modules/sanitycheck/hooks/hook_sanitycheck.php
index 8aec6582bff9d6e24d147d8012b4b9cb3264dda3..6288c1be69767b617bec3e5ee13dd9cbf6bade7f 100644
--- a/modules/sanitycheck/hooks/hook_sanitycheck.php
+++ b/modules/sanitycheck/hooks/hook_sanitycheck.php
@@ -1,8 +1,10 @@
<?php
+
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$hookinfo hookinfo
+ * @return void
*/
function sanitycheck_hook_sanitycheck(&$hookinfo)
{
diff --git a/modules/smartattributes/lib/Auth/Process/SmartID.php b/modules/smartattributes/lib/Auth/Process/SmartID.php
index 00ca468eae4ff9ce4f4afe09e1de9949577f1ce7..7529b84fe0d33aba3582aa38644fce2f83b48d6a 100644
--- a/modules/smartattributes/lib/Auth/Process/SmartID.php
+++ b/modules/smartattributes/lib/Auth/Process/SmartID.php
@@ -10,6 +10,8 @@ class SmartID extends \SimpleSAML\Auth\ProcessingFilter
* IMPORTANT: If you use the (default) attributemaps (twitter2name, facebook2name,
* etc., be sure to comment out the entries that map xxx_targetedID to
* eduPersonTargetedID, or there will be no way to see its origin any more.
+ *
+ * @var array
*/
private $candidates = [
'eduPersonTargetedID',
@@ -24,29 +26,36 @@ class SmartID extends \SimpleSAML\Auth\ProcessingFilter
];
/**
- * The name of the generated ID attribute.
+ * @var string The name of the generated ID attribute.
*/
private $id_attribute = 'smart_id';
/**
* Whether to append the AuthenticatingAuthority, separated by '!'
* This only works when SSP is used as a gateway.
+ * @var bool
*/
private $add_authority = true;
/**
* Whether to prepend the CandidateID, separated by ':'
+ * @var bool
*/
private $add_candidate = true;
/**
* Attributes which should be added/appended.
*
- * Associative array of arrays.
+ * @var array Associative array of arrays.
*/
private $attributes = [];
+ /**
+ * @param array $config
+ * @param mixed $reserved
+ * @throws \Exception
+ */
public function __construct($config, $reserved)
{
parent::__construct($config, $reserved);
@@ -82,6 +91,13 @@ class SmartID extends \SimpleSAML\Auth\ProcessingFilter
}
}
+
+ /**
+ * @param array $attributes
+ * @param array $request
+ * @return string
+ * @throws \SimpleSAML\Error\Exception
+ */
private function addID($attributes, $request)
{
$state = $request['saml:sp:State'];
@@ -104,12 +120,14 @@ class SmartID extends \SimpleSAML\Auth\ProcessingFilter
them, or try using another identity provider.');
}
+
/**
* Apply filter to add or replace attributes.
*
* Add or replace existing attributes with the configured values.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/smartattributes/lib/Auth/Process/SmartName.php b/modules/smartattributes/lib/Auth/Process/SmartName.php
index 19a69baa6f31d66fc8a15e3bdc1c7d72d3c67bb5..420605f0884ae723326483b636e52fad95f5fbb7 100644
--- a/modules/smartattributes/lib/Auth/Process/SmartName.php
+++ b/modules/smartattributes/lib/Auth/Process/SmartName.php
@@ -8,17 +8,20 @@ namespace SimpleSAML\Module\smartattributes\Auth\Process;
* @author Andreas Ã…kre Solberg, UNINETT AS.
* @package SimpleSAMLphp
*/
-
class SmartName extends \SimpleSAML\Auth\ProcessingFilter
{
/**
* Attributes which should be added/appended.
*
- * Assiciative array of arrays.
+ * @var array Associative array of arrays.
*/
private $attributes = [];
+ /**
+ * @param array $attributes
+ * @return string|null
+ */
private function getFullName($attributes)
{
if (isset($attributes['displayName'])) {
@@ -57,6 +60,11 @@ class SmartName extends \SimpleSAML\Auth\ProcessingFilter
return null;
}
+
+ /**
+ * @param string $userid
+ * @return string|null
+ */
private function getLocalUser($userid)
{
if (strpos($userid, '@') === false) {
@@ -69,12 +77,14 @@ class SmartName extends \SimpleSAML\Auth\ProcessingFilter
return null;
}
+
/**
* Apply filter to add or replace attributes.
*
* Add or replace existing attributes with the configured values.
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/statistics/bin/loganalyzer.php b/modules/statistics/bin/loganalyzer.php
index 85ae093f3e31ab1dfdde61a1ce1ca304c4f17154..81e3d698a13114d12706d41086b83df988cc8d12 100755
--- a/modules/statistics/bin/loganalyzer.php
+++ b/modules/statistics/bin/loganalyzer.php
@@ -70,8 +70,8 @@ foreach ($results as $slot => $val) {
/**
* This function prints the help output.
+ * @return void
*/
-
function printHelp()
{
global $progName;
diff --git a/modules/statistics/bin/logcleaner.php b/modules/statistics/bin/logcleaner.php
index b160cdab2780d2806831aa044a0e2655e1812bed..18432cf3852050d251fa8ba061bb6b611f2cd997 100755
--- a/modules/statistics/bin/logcleaner.php
+++ b/modules/statistics/bin/logcleaner.php
@@ -70,8 +70,8 @@ if (!$dryrun) {
/**
* This function prints the help output.
+ * @return void
*/
-
function printHelp()
{
global $progName;
diff --git a/modules/statistics/hooks/hook_configpage.php b/modules/statistics/hooks/hook_configpage.php
index d9c1f1df7898b6b90d8c3f9cf6a869a47c63ff72..36853ed2d1f986e979fced5601c7f01c9c2eada3 100644
--- a/modules/statistics/hooks/hook_configpage.php
+++ b/modules/statistics/hooks/hook_configpage.php
@@ -1,8 +1,10 @@
<?php
+
/**
* Hook to add the statistics module to the config page.
*
* @param \SimpleSAML\XHTML\Template &$template The template that we should alter in this hook.
+ * @return void
*/
function statistics_hook_configpage(\SimpleSAML\XHTML\Template &$template)
{
diff --git a/modules/statistics/hooks/hook_cron.php b/modules/statistics/hooks/hook_cron.php
index a3ee4952cc347d567d4d044f4bbd83b05b7a7b5d..f0de516faf163b78c5e35004807c743ebc5705aa 100644
--- a/modules/statistics/hooks/hook_cron.php
+++ b/modules/statistics/hooks/hook_cron.php
@@ -4,8 +4,8 @@
* Hook to run a cron job.
*
* @param array &$croninfo Output
+ * @return void
*/
-
function statistics_hook_cron(&$croninfo)
{
assert(is_array($croninfo));
diff --git a/modules/statistics/hooks/hook_frontpage.php b/modules/statistics/hooks/hook_frontpage.php
index 2dade3b2af4c7e9cbf5422819fa44ac18a9d580a..bb4e934179a781a213bd886286916190f09b0d6d 100644
--- a/modules/statistics/hooks/hook_frontpage.php
+++ b/modules/statistics/hooks/hook_frontpage.php
@@ -1,8 +1,10 @@
<?php
+
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
+ * @return void
*/
function statistics_hook_frontpage(&$links)
{
diff --git a/modules/statistics/hooks/hook_sanitycheck.php b/modules/statistics/hooks/hook_sanitycheck.php
index 879ee3ee784c292f68cd979d66420799b6251085..398266ca83659c455404a9856f6264a651971e11 100644
--- a/modules/statistics/hooks/hook_sanitycheck.php
+++ b/modules/statistics/hooks/hook_sanitycheck.php
@@ -1,8 +1,10 @@
<?php
+
/**
* Hook to do sanity checks
*
* @param array &$hookinfo hookinfo
+ * @return void
*/
function statistics_hook_sanitycheck(&$hookinfo)
{
@@ -28,12 +30,12 @@ function statistics_hook_sanitycheck(&$hookinfo)
$hookinfo['errors'][] = '[statistics] Statistics dir ['.$statdir.'] is not writable';
}
} else {
- $hookinfo['errors'][] = '[statistics] Statistics dir ['.$statdir.'] does not exists';
+ $hookinfo['errors'][] = '[statistics] Statistics dir ['.$statdir.'] does not exist';
}
if (file_exists($inputfile)) {
$hookinfo['info'][] = '[statistics] Input file ['.$inputfile.'] exists';
} else {
- $hookinfo['errors'][] = '[statistics] Input file ['.$inputfile.'] does not exists';
+ $hookinfo['errors'][] = '[statistics] Input file ['.$inputfile.'] does not exist';
}
}
diff --git a/modules/statistics/lib/AccessCheck.php b/modules/statistics/lib/AccessCheck.php
index 750a5d0526e0aa3aa494e6f0ffdba9dc70dbef6c..8750714415e647f8e7550c21e3e6ae1c477c06e8 100644
--- a/modules/statistics/lib/AccessCheck.php
+++ b/modules/statistics/lib/AccessCheck.php
@@ -7,13 +7,16 @@ namespace SimpleSAML\Module\statistics;
*
* @package SimpleSAMLphp
*/
-
class AccessCheck
{
/**
* Check that the user has access to the statistics.
- *
* If the user doesn't have access, send the user to the login page.
+ *
+ * @param \SimpleSAML\Configuration $statconfig
+ * @return void
+ * @throws \Exception
+ * @throws \SimpleSAML\Error\Exception
*/
public static function checkAccess(\SimpleSAML\Configuration $statconfig)
{
diff --git a/modules/statistics/lib/Aggregator.php b/modules/statistics/lib/Aggregator.php
index 966012d6399329c6b5f250a3d68e53b9f22197e8..dc311d4d4d4c8eb66365261f9a62d5577f298050 100644
--- a/modules/statistics/lib/Aggregator.php
+++ b/modules/statistics/lib/Aggregator.php
@@ -6,21 +6,40 @@ namespace SimpleSAML\Module\statistics;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class Aggregator
{
+ /** @var \SimpleSAML\Configuration */
private $statconfig;
+
+ /** @var string */
private $statdir;
+
+ /** @var string */
private $inputfile;
+
+ /** @var array */
private $statrules;
+
+ /** @var int */
private $offset;
- private $metadata;
+
+ /** @var array|null */
+ private $metadata = null;
+
+ /** @var bool */
private $fromcmdline;
+
+ /** @var int */
private $starttime;
+
+ /** @var array */
private $timeres;
+
/**
* Constructor
+ *
+ * @param bool $fromcmdline
*/
public function __construct($fromcmdline = false)
{
@@ -32,11 +51,14 @@ class Aggregator
$this->statrules = $this->statconfig->getValue('statrules');
$this->timeres = $this->statconfig->getValue('timeres');
$this->offset = $this->statconfig->getValue('offset', 0);
- $this->metadata = null;
$this->starttime = time();
}
+
+ /**
+ * @return void
+ */
public function dumpConfig()
{
echo 'Statistics directory : '.$this->statdir."\n";
@@ -44,11 +66,19 @@ class Aggregator
echo 'Offset : '.$this->offset."\n";
}
+
+ /**
+ * @return void
+ */
public function debugInfo()
{
echo 'Memory usage : '.number_format(memory_get_usage() / 1048576, 2)." MB\n"; // 1024*1024=1048576
}
+
+ /**
+ * @return void
+ */
public function loadMetadata()
{
$filename = $this->statdir.'/.stat.metadata';
@@ -59,11 +89,19 @@ class Aggregator
$this->metadata = $metadata;
}
+
+ /**
+ * @return array|null
+ */
public function getMetadata()
{
return $this->metadata;
}
+
+ /**
+ * @return void
+ */
public function saveMetadata()
{
$this->metadata['time'] = time() - $this->starttime;
@@ -74,6 +112,12 @@ class Aggregator
file_put_contents($filename, serialize($this->metadata), LOCK_EX);
}
+
+ /**
+ * @param bool $debug
+ * @return array
+ * @throws \Exception
+ */
public function aggregate($debug = false)
{
$this->loadMetadata();
@@ -210,6 +254,12 @@ class Aggregator
return $results;
}
+
+ /**
+ * @param array $content
+ * @param mixed $colrule
+ * @return string
+ */
private static function getDifCol($content, $colrule)
{
if (is_int($colrule)) {
@@ -225,6 +275,12 @@ class Aggregator
}
}
+
+ /**
+ * @param mixed $previous
+ * @param array $newdata
+ * @return array
+ */
private function cummulateData($previous, $newdata)
{
$dataset = [];
@@ -244,6 +300,11 @@ class Aggregator
return $dataset;
}
+
+ /**
+ * @param array $results
+ * @return void
+ */
public function store($results)
{
$datehandler = [
diff --git a/modules/statistics/lib/DateHandler.php b/modules/statistics/lib/DateHandler.php
index ae9807df9ea6907992b4e25c7aad2921df49fcd2..17534e2d688b476d9b3592e969334523f38b46c0 100644
--- a/modules/statistics/lib/DateHandler.php
+++ b/modules/statistics/lib/DateHandler.php
@@ -2,25 +2,30 @@
namespace SimpleSAML\Module\statistics;
-/*
+/**
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class DateHandler
{
+ /** @var int */
protected $offset;
/**
* Constructor
*
- * @param array $offset Date offset
+ * @param int $offset Date offset
*/
public function __construct($offset)
{
$this->offset = $offset;
}
+
+ /**
+ * @param int $timestamp
+ * @return int
+ */
protected function getDST($timestamp)
{
if (idate('I', $timestamp)) {
@@ -29,12 +34,24 @@ class DateHandler
return 0;
}
+
+ /**
+ * @param int $epoch
+ * @param int $slotsize
+ * @return float
+ */
public function toSlot($epoch, $slotsize)
{
$dst = $this->getDST($epoch);
return floor(($epoch + $this->offset + $dst) / $slotsize);
}
+
+ /**
+ * @param int $slot
+ * @param int $slotsize
+ * @return int
+ */
public function fromSlot($slot, $slotsize)
{
$temp = $slot * $slotsize - $this->offset;
@@ -42,16 +59,37 @@ class DateHandler
return $slot * $slotsize - $this->offset - $dst;
}
+
+ /**
+ * @param int $epoch
+ * @param string $dateformat
+ * @return string
+ */
public function prettyDateEpoch($epoch, $dateformat)
{
return date($dateformat, $epoch);
}
+
+ /**
+ * @param int $slot
+ * @param int $slotsize
+ * @param string $dateformat
+ * @return string
+ */
public function prettyDateSlot($slot, $slotsize, $dateformat)
{
return $this->prettyDateEpoch($this->fromSlot($slot, $slotsize), $dateformat);
}
+
+ /**
+ * @param int $from
+ * @param int $to
+ * @param int $slotsize
+ * @param string $dateformat
+ * @return string
+ */
public function prettyHeader($from, $to, $slotsize, $dateformat)
{
$text = $this->prettyDateSlot($from, $slotsize, $dateformat);
diff --git a/modules/statistics/lib/DateHandlerMonth.php b/modules/statistics/lib/DateHandlerMonth.php
index 058795f57b05beb2964ef43fcda96edbac1c81c7..4404c44e14396e2d14429f7b27a516efda4b64c4 100644
--- a/modules/statistics/lib/DateHandlerMonth.php
+++ b/modules/statistics/lib/DateHandlerMonth.php
@@ -6,7 +6,6 @@ namespace SimpleSAML\Module\statistics;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class DateHandlerMonth extends DateHandler
{
/**
@@ -19,6 +18,12 @@ class DateHandlerMonth extends DateHandler
$this->offset = $offset;
}
+
+ /**
+ * @param int $epoch
+ * @param int $slotsize
+ * @return int
+ */
public function toSlot($epoch, $slotsize)
{
$dsttime = $this->getDST($epoch) + $epoch;
@@ -27,6 +32,12 @@ class DateHandlerMonth extends DateHandler
return $slot;
}
+
+ /**
+ * @param int $slot
+ * @param int $slotsize
+ * @return int
+ */
public function fromSlot($slot, $slotsize)
{
$month = ($slot % 12);
@@ -34,6 +45,14 @@ class DateHandlerMonth extends DateHandler
return mktime(0, 0, 0, $month + 1, 1, $year);
}
+
+ /**
+ * @param int $from
+ * @param int $to
+ * @param int $slotsize
+ * @param string $dateformat
+ * @return string
+ */
public function prettyHeader($from, $to, $slotsize, $dateformat)
{
$month = ($from % 12) + 1;
diff --git a/modules/statistics/lib/Graph/GoogleCharts.php b/modules/statistics/lib/Graph/GoogleCharts.php
index 129639de50d103e4002b0504e7e3c3a117242141..22f4e9993039cbc0de09b2dbd4632a82564d1f3b 100644
--- a/modules/statistics/lib/Graph/GoogleCharts.php
+++ b/modules/statistics/lib/Graph/GoogleCharts.php
@@ -9,7 +9,6 @@ namespace SimpleSAML\Module\statistics\Graph;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class GoogleCharts
{
/**
@@ -36,12 +35,21 @@ class GoogleCharts
$this->y = $y;
}
+
+ /**
+ * @param array $axis
+ * @return string
+ */
private function encodeaxis($axis)
{
return join('|', $axis);
}
- // t:10.0,58.0,95.0
+ /**
+ * t:10.0,58.0,95.0
+ * @param array $datasets
+ * @return string
+ */
private function encodedata($datasets)
{
$setstr = [];
@@ -51,6 +59,11 @@ class GoogleCharts
return 'e:'.join(',', $setstr);
}
+
+ /**
+ * @param array $values
+ * @return string
+ */
public static function extEncode($values) // $max = 4095, $min = 0
{
$extended_table = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-.';
@@ -70,15 +83,17 @@ class GoogleCharts
return $chardata;
}
+
/**
* Generate a Google Charts URL which points to a generated image.
* More documentation on Google Charts here:
* http://code.google.com/apis/chart/
*
- * @param string $axis Axis
- * @param string $axpis Axis positions
+ * @param array $axis Axis
+ * @param array $axispos Axis positions
* @param array $datasets Datasets values
- * @param integer $max Max value. Will be the topmost value on the Y-axis.
+ * @param array $maxes Max value. Will be the topmost value on the Y-axis.
+ * @return string
*/
public function show($axis, $axispos, $datasets, $maxes)
{
@@ -111,6 +126,12 @@ class GoogleCharts
return $url;
}
+
+ /**
+ * @param array $axis
+ * @param array $datasets
+ * @return string
+ */
public function showPie($axis, $datasets)
{
$url = 'https://chart.apis.google.com/chart?'.
@@ -129,6 +150,7 @@ class GoogleCharts
return $url;
}
+
/**
* Takes a input value, and generates a value that suits better as a max
* value on the Y-axis. In example 37.6 will not make a good max value, instead
@@ -145,7 +167,8 @@ class GoogleCharts
* }
* </code>
*
- * @param integer $max Input value.
+ * @param int $max Input value.
+ * @return int
*/
public static function roof($max)
{
diff --git a/modules/statistics/lib/LogCleaner.php b/modules/statistics/lib/LogCleaner.php
index eafb501904e36d7cac8883a3edb1b70da4bca12f..ee20e18bf457c8d5a37b2caa110cb8192d5b5cb5 100644
--- a/modules/statistics/lib/LogCleaner.php
+++ b/modules/statistics/lib/LogCleaner.php
@@ -2,21 +2,32 @@
namespace SimpleSAML\Module\statistics;
-/*
+/**
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class LogCleaner
{
+ /** @var \SimpleSAML\Configuration */
private $statconfig;
+
+ /** @var string */
private $statdir;
+
+ /** @var string */
private $inputfile;
+
+ /** @var array */
private $statrules;
+
+ /** @var int */
private $offset;
+
/**
* Constructor
+ *
+ * @param string|null $inputfile
*/
public function __construct($inputfile = null)
{
@@ -32,7 +43,8 @@ class LogCleaner
}
}
- /*
+
+ /**
* @return void
*/
public function dumpConfig()
@@ -43,9 +55,10 @@ class LogCleaner
}
- /*
+ /**
* @param bool $debug
* @return array
+ * @throws \Exception
*/
public function clean($debug = false)
{
@@ -125,10 +138,11 @@ class LogCleaner
}
- /*
+ /**
* @param array $todelete
* @param string $outputfile
* @return void
+ * @throws \Exceeption
*/
public function store($todelete, $outputfile)
{
diff --git a/modules/statistics/lib/RatioDataset.php b/modules/statistics/lib/RatioDataset.php
index 5449a3fd1797c03c08b9d04d8e530f58d8202be4..eaed4652402b2cdd884943847cbc37527d09c1a1 100644
--- a/modules/statistics/lib/RatioDataset.php
+++ b/modules/statistics/lib/RatioDataset.php
@@ -2,13 +2,15 @@
namespace SimpleSAML\Module\statistics;
-/*
+/**
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class RatioDataset extends StatDataset
{
+ /**
+ * @return void
+ */
public function aggregateSummary()
{
/**
@@ -42,6 +44,12 @@ class RatioDataset extends StatDataset
$this->summary = array_reverse($this->summary, true);
}
+
+ /**
+ * @param string $k
+ * @param array $a
+ * @return int
+ */
private function ag($k, $a)
{
if (array_key_exists($k, $a)) {
@@ -50,6 +58,12 @@ class RatioDataset extends StatDataset
return 0;
}
+
+ /**
+ * @param int $v1
+ * @param int $v2
+ * @return int|float
+ */
private function divide($v1, $v2)
{
if ($v2 == 0) {
@@ -58,6 +72,12 @@ class RatioDataset extends StatDataset
return ($v1 / $v2);
}
+
+ /**
+ * @param array $result1
+ * @param array $result2
+ * @return array
+ */
public function combine($result1, $result2)
{
$combined = [];
@@ -74,6 +94,10 @@ class RatioDataset extends StatDataset
return $combined;
}
+
+ /**
+ * @return null
+ */
public function getPieData()
{
return null;
diff --git a/modules/statistics/lib/Ruleset.php b/modules/statistics/lib/Ruleset.php
index 935bad407daf2c4d75b1b7b5350c28557b74afda..361ba994062bdbe4eb744609cd127b85aba73728 100644
--- a/modules/statistics/lib/Ruleset.php
+++ b/modules/statistics/lib/Ruleset.php
@@ -6,16 +6,25 @@ namespace SimpleSAML\Module\statistics;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class Ruleset
{
+ /** \SimpleSAML\Configuration */
private $statconfig;
+
+ /** @var array */
private $availrulenames;
+
+ /** @var array */
private $availrules;
+
+ /** @var array */
private $available;
+
/**
* Constructor
+ *
+ * @param \SimpleSAML\Configuration $statconfig
*/
public function __construct($statconfig)
{
@@ -23,6 +32,10 @@ class Ruleset
$this->init();
}
+
+ /**
+ * @return void
+ */
private function init()
{
$statdir = $this->statconfig->getValue('statdir');
@@ -33,7 +46,7 @@ class Ruleset
* Walk through file lists, and get available [rule][fileslot]...
*/
if (!is_dir($statdir)) {
- throw new \Exception('Statisics output directory ['.$statdir.'] does not exists.');
+ throw new \Exception('Statisics output directory ['.$statdir.'] does not exist.');
}
$filelist = scandir($statdir);
$this->available = [];
@@ -61,18 +74,30 @@ class Ruleset
$this->availrulenames = $available_rules;
}
+
+ /**
+ * @return array
+ */
public function availableRules()
{
return $this->availrules;
}
+
+ /**
+ * @return array
+ */
public function availableRulesNames()
{
return $this->availrulenames;
}
+
/**
* Resolve which rule is selected. Taking user preference and checks if it exists.
+ *
+ * @param array|null $preferRule
+ * @return array|null
*/
private function resolveSelectedRule($preferRule = null)
{
@@ -85,6 +110,11 @@ class Ruleset
return $rule;
}
+
+ /**
+ * @param array|null $preferRule
+ * @return \SimpleSAML\Module\statistics\Statistics\Rulesets\BaseRule
+ */
public function getRule($preferRule)
{
$rule = $this->resolveSelectedRule($preferRule);
diff --git a/modules/statistics/lib/StatDataset.php b/modules/statistics/lib/StatDataset.php
index 6868d023775dd2126b2532a83434403d9a6bf4c1..5183f12db4b19d3c1a192a992b6edaba835cd326 100644
--- a/modules/statistics/lib/StatDataset.php
+++ b/modules/statistics/lib/StatDataset.php
@@ -6,28 +6,53 @@ namespace SimpleSAML\Module\statistics;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class StatDataset
{
+ /** @var \SimpleSAML\Configuration */
protected $statconfig;
+
+ /** @var \SimpleSAML\Configuration */
protected $ruleconfig;
+
+ /** @var \SimpleSAML\Configuration */
protected $timeresconfig;
+
+ /** @var string */
protected $ruleid;
+ /** @var int */
protected $fileslot;
+
+ /** @var string */
protected $timeres;
+ /** @var string */
protected $delimiter;
+
+ /** @var array */
protected $results;
+
+ /** @var array */
protected $summary;
+
+ /** @var int */
protected $max;
+ /** @var \SimpleSAML\Module\statistics\DateHandler */
protected $datehandlerFile;
+
+ /** @var \SimpleSAML\Module\statistics\DateHandler */
protected $datehandlerTick;
/**
* Constructor
+ *
+ * @param \SimpleSAML\Configuration $statconfig
+ * @param \SimpleSAML\Configuration $ruleconfig
+ * @param string $ruleid
+ * @param string $timeres
+ * @param int $fileslot
*/
public function __construct($statconfig, $ruleconfig, $ruleid, $timeres, $fileslot)
{
@@ -56,16 +81,29 @@ class StatDataset
$this->loadData();
}
+
+ /**
+ * @return int
+ */
public function getFileSlot()
{
return $this->fileslot;
}
+
+ /**
+ * @return string
+ */
public function getTimeRes()
{
return $this->timeres;
}
+
+ /**
+ * @param string $delimiter
+ * @return void
+ */
public function setDelimiter($delimiter = '_')
{
if (empty($delimiter)) {
@@ -74,6 +112,10 @@ class StatDataset
$this->delimiter = $delimiter;
}
+
+ /**
+ * @return string|null
+ */
public function getDelimiter()
{
if ($this->delimiter === '_') {
@@ -82,6 +124,10 @@ class StatDataset
return $this->delimiter;
}
+
+ /**
+ * @return void
+ */
public function calculateMax()
{
$maxvalue = 0;
@@ -94,6 +140,10 @@ class StatDataset
$this->max = Graph\GoogleCharts::roof($maxvalue);
}
+
+ /**
+ * @return array
+ */
public function getDebugData()
{
$debugdata = [];
@@ -110,6 +160,10 @@ class StatDataset
return $debugdata;
}
+
+ /**
+ * @return void
+ */
public function aggregateSummary()
{
// aggregate summary table from dataset. To be used in the table view
@@ -127,6 +181,10 @@ class StatDataset
$this->summary = array_reverse($this->summary, true);
}
+
+ /**
+ * @return array
+ */
public function getTopDelimiters()
{
// create a list of delimiter keys that has the highest total summary in this period
@@ -144,6 +202,10 @@ class StatDataset
return $topdelimiters;
}
+
+ /**
+ * @return array
+ */
public function availDelimiters()
{
$availDelimiters = [];
@@ -153,6 +215,10 @@ class StatDataset
return array_keys($availDelimiters);
}
+
+ /**
+ * @return array
+ */
public function getPieData()
{
$piedata = [];
@@ -167,21 +233,37 @@ class StatDataset
return $piedata;
}
+
+ /**
+ * @return int
+ */
public function getMax()
{
return $this->max;
}
+
+ /**
+ * @return array
+ */
public function getSummary()
{
return $this->summary;
}
+
+ /**
+ * @return array
+ */
public function getResults()
{
return $this->results;
}
+
+ /**
+ * @return array
+ */
public function getAxis()
{
$slotsize = $this->timeresconfig->getValue('slot');
@@ -209,8 +291,10 @@ class StatDataset
return ['axis' => $axis, 'axispos' => $axispos];
}
- /*
+
+ /**
* Walk through dataset to get percent values from max into dataset[].
+ * @return array
*/
public function getPercentValues()
{
@@ -232,6 +316,11 @@ class StatDataset
return $dataset;
}
+
+ /**
+ * @return array
+ * @throws \Exception
+ */
public function getDelimiterPresentation()
{
$config = \SimpleSAML\Configuration::getInstance();
@@ -257,6 +346,10 @@ class StatDataset
return [];
}
+
+ /**
+ * @return array
+ */
public function getDelimiterPresentationPie()
{
$topdelimiters = $this->getTopDelimiters();
@@ -274,6 +367,10 @@ class StatDataset
return $pieaxis;
}
+
+ /**
+ * @return void
+ */
public function loadData()
{
$statdir = $this->statconfig->getValue('statdir');
diff --git a/modules/statistics/lib/Statistics/FieldPresentation/Base.php b/modules/statistics/lib/Statistics/FieldPresentation/Base.php
index bb2568f1d6c8814acf4da00021d22ab7fb0ed8cb..8f0bd99c0086446922df494cace9df608e0151ca 100644
--- a/modules/statistics/lib/Statistics/FieldPresentation/Base.php
+++ b/modules/statistics/lib/Statistics/FieldPresentation/Base.php
@@ -4,10 +4,21 @@ namespace SimpleSAML\Module\statistics\Statistics\FieldPresentation;
class Base
{
+ /** @var array */
protected $fields;
+
+ /** @var \SimpleSAML\XHTML\Template */
protected $template;
+
+ /** @var string */
protected $config;
+
+ /**
+ * @param array $fields
+ * @param string $config
+ * @param \SimpleSAML\XHTML\Template $template
+ */
public function __construct($fields, $config, $template)
{
$this->fields = $fields;
@@ -15,6 +26,10 @@ class Base
$this->config = $config;
}
+
+ /**
+ * @return array
+ */
public function getPresentation()
{
return ['_' => 'Total'];
diff --git a/modules/statistics/lib/Statistics/FieldPresentation/Entity.php b/modules/statistics/lib/Statistics/FieldPresentation/Entity.php
index 624d215b7936cf16c4ce7fa5327742e08c71557a..df88c8e4f710e6d97958cd2c41a2f5e71d99bdab 100644
--- a/modules/statistics/lib/Statistics/FieldPresentation/Entity.php
+++ b/modules/statistics/lib/Statistics/FieldPresentation/Entity.php
@@ -4,6 +4,9 @@ namespace SimpleSAML\Module\statistics\Statistics\FieldPresentation;
class Entity extends Base
{
+ /**
+ * @return array
+ */
public function getPresentation()
{
$mh = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
diff --git a/modules/statistics/lib/Statistics/Rulesets/BaseRule.php b/modules/statistics/lib/Statistics/Rulesets/BaseRule.php
index 875557bc8dab7c8a0896fe196208d9d57abf1e5b..77c3a20513b1bdff5eeb3c70732b2a165e25b4a8 100644
--- a/modules/statistics/lib/Statistics/Rulesets/BaseRule.php
+++ b/modules/statistics/lib/Statistics/Rulesets/BaseRule.php
@@ -6,16 +6,27 @@ namespace SimpleSAML\Module\statistics\Statistics\Rulesets;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class BaseRule
{
+ /** @var \SimpleSAML\Configuration */
protected $statconfig;
+
+ /** @var \SimpleSAML\Configuration */
protected $ruleconfig;
+
+ /** @var string */
protected $ruleid;
- protected $available;
+
+ /** @var array|null */
+ protected $available = null;
/**
* Constructor
+ *
+ * @param \SimpleSAML\Configuration $statconfig
+ * @param \SimpleSAML\Configuration $ruleconfig
+ * @param string $ruleid
+ * @param array $available
*/
public function __construct($statconfig, $ruleconfig, $ruleid, $available)
{
@@ -25,17 +36,24 @@ class BaseRule
$this->ruleconfig = $ruleconfig;
$this->ruleid = $ruleid;
- $this->available = null;
if (array_key_exists($ruleid, $available)) {
$this->available = $available[$ruleid];
}
}
+
+ /**
+ * @return string
+ */
public function getRuleID()
{
return $this->ruleid;
}
+
+ /**
+ * @return array
+ */
public function availableTimeRes()
{
$timeresConfigs = $this->statconfig->getValue('timeres');
@@ -48,6 +66,11 @@ class BaseRule
return $available_times;
}
+
+ /**
+ * @param string $timeres
+ * @return array
+ */
public function availableFileSlots($timeres)
{
$timeresConfigs = $this->statconfig->getValue('timeres');
@@ -74,6 +97,11 @@ class BaseRule
return $available_times;
}
+
+ /**
+ * @param string $preferTimeRes
+ * @return string
+ */
protected function resolveTimeRes($preferTimeRes)
{
$timeresavailable = array_keys($this->available);
@@ -86,6 +114,12 @@ class BaseRule
return $timeres;
}
+
+ /**
+ * @param string $timeres
+ * @param string $preferTime
+ * @return int
+ */
protected function resolveFileSlot($timeres, $preferTime)
{
// Get which time (fileslot) to use.. First get a default, which is the most recent one.
@@ -97,6 +131,12 @@ class BaseRule
return $fileslot;
}
+
+ /**
+ * @param string $timeres
+ * @param string $preferTime
+ * @return array
+ */
public function getTimeNavigation($timeres, $preferTime)
{
$fileslot = $this->resolveFileSlot($timeres, $preferTime);
@@ -118,6 +158,12 @@ class BaseRule
return ['prev' => $available_times_prev, 'next' => $available_times_next];
}
+
+ /**
+ * @param string $preferTimeRes
+ * @param string $preferTime
+ * @return \SimpleSAML\Module\statistics\StatDataset
+ */
public function getDataSet($preferTimeRes, $preferTime)
{
$timeres = $this->resolveTimeRes($preferTimeRes);
diff --git a/modules/statistics/lib/Statistics/Rulesets/Ratio.php b/modules/statistics/lib/Statistics/Rulesets/Ratio.php
index 1f76f6b4709791447db69970aafcf7d666e02175..ed3a6eb9936ae85fa5e72fbc1a92ef7f8474fda2 100644
--- a/modules/statistics/lib/Statistics/Rulesets/Ratio.php
+++ b/modules/statistics/lib/Statistics/Rulesets/Ratio.php
@@ -6,14 +6,22 @@ namespace SimpleSAML\Module\statistics\Statistics\Rulesets;
* @author Andreas Ã…kre Solberg <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*/
-
class Ratio extends BaseRule
{
+ /** @var \SimpleSAML\Module\statistics\Statistics\Rulesets\BaseRule $refrule1 */
protected $refrule1;
+
+ /** @var \SimpleSAML\Module\statistics\Statistics\Rulesets\BaseRule $refrule2 */
protected $refrule2;
+
/**
* Constructor
+ *
+ * @param \SimpleSAML\Configuration $statconfig
+ * @param \SimpleSAML\Configuration $ruleconfig
+ * @param string $ruleid
+ * @param array $available
*/
public function __construct($statconfig, $ruleconfig, $ruleid, $available)
{
@@ -33,31 +41,63 @@ class Ratio extends BaseRule
$this->refrule2 = new BaseRule($this->statconfig, $statruleConfig2, $refNames[1], $available);
}
+
+ /**
+ * @return array
+ */
public function availableTimeRes()
{
return $this->refrule1->availableTimeRes();
}
+
+ /**
+ * @param string $timeres
+ * @return array
+ */
public function availableFileSlots($timeres)
{
return $this->refrule1->availableFileSlots($timeres);
}
+
+ /**
+ * @param string $preferTimeRes
+ * @return string
+ */
protected function resolveTimeRes($preferTimeRes)
{
return $this->refrule1->resolveTimeRes($preferTimeRes);
}
+
+ /**
+ * @param string $timeres
+ * @param string $preferTime
+ * @return int
+ */
protected function resolveFileSlot($timeres, $preferTime)
{
return $this->refrule1->resolveFileSlot($timeres, $preferTime);
}
+
+ /**
+ * @param string $timeres
+ * @param string $preferTime
+ * @return array
+ */
public function getTimeNavigation($timeres, $preferTime)
{
return $this->refrule1->getTimeNavigation($timeres, $preferTime);
}
+
+ /**
+ * @param string $preferTimeRes
+ * @param string $preferTime
+ * @return \SimpleSAML\Module\statistics\RatioDataset
+ */
public function getDataSet($preferTimeRes, $preferTime)
{
$timeres = $this->resolveTimeRes($preferTimeRes);
diff --git a/modules/statistics/lib/StatisticsController.php b/modules/statistics/lib/StatisticsController.php
index 2da8806a74faeb4c47325ac7e31ebbe473960489..5110307931100cd267eaef95f91fb1163459a42f 100644
--- a/modules/statistics/lib/StatisticsController.php
+++ b/modules/statistics/lib/StatisticsController.php
@@ -203,6 +203,14 @@ class StatisticsController
return $t;
}
+
+ /**
+ * @param \SimpleSAML\XHTML\Template $t
+ * @param string $type
+ * @param string|null $key
+ * @param string|null $value
+ * @return string|array
+ */
private function getBaseURL($t, $type = 'get', $key = null, $value = null)
{
$vars = [
diff --git a/modules/statistics/templates/statistics.twig b/modules/statistics/templates/statistics.twig
index bcd02a049d0af5e508ac703ffb4413631700a13c..fa6559e3afe8e4c4931230c0d84404ab07a88dc0 100644
--- a/modules/statistics/templates/statistics.twig
+++ b/modules/statistics/templates/statistics.twig
@@ -2,14 +2,14 @@
{% extends "base.twig" %}
{% block preload %}
- <link href="{{ baseurlpath }}assets/css/statistics.css" rel="stylesheet" />
- <link rel="stylesheet" media="screen" type="text/css" href="/resources/uitheme1.8/jquery-ui.css" />
+ <link href="/{{ baseurlpath }}module.php/statistics/assets/css/statistics.css" rel="stylesheet">
+ <link rel="stylesheet" media="screen" href="/{{ baseurlpath }}resources/uitheme1.8/jquery-ui.css">
{% endblock %}
{% block postload %}
-<script type="text/javascript" src="/resources/jquery-1.8.js"></script>
-<script type="text/javascript" src="/resources/jquery-ui-1.8.js"></script>
-<script type="text/javascript" src="{{ baseurlpath }}assets/js/statistics.js"></script>
+<script src="/{{ baseurlpath }}resources/jquery-1.8.js"></script>
+<script src="/{{ baseurlpath }}resources/jquery-ui-1.8.js"></script>
+<script src="/{{ baseurlpath }}module.php/statistics/assets/js/statistics.js"></script>
{% endblock %}
{% block content %}
diff --git a/modules/statistics/templates/statmeta.twig b/modules/statistics/templates/statmeta.twig
index 09808e837a0d97818e143582d9915199cfe24d43..314a21b510774bd517e3760d2bf4d1ab07b2bdb8 100644
--- a/modules/statistics/templates/statmeta.twig
+++ b/modules/statistics/templates/statmeta.twig
@@ -2,7 +2,7 @@
{% extends "base.twig" %}
{% block preload %}
- <link href="{{ baseurlpath }}assets/css/statistics.css" rel="stylesheet" />
+ <link href="/{{ baseurlpath }}modules.php/statistics/assets/css/statistics.css" rel="stylesheet">
{% endblock %}
{% block content %}
@@ -35,5 +35,5 @@
<tr><td>No metadata found</td></tr>
{% endif %}
</table>
- <p>[ <a href="{{ baseurlpath }}showstats.php">Show statistics</a> ]</p>
+ <p>[ <a href="/{{ baseurlpath }}module.php/statistics/showstats.php">Show statistics</a> ]</p>
{% endblock %}
diff --git a/modules/statistics/www/showstats.php b/modules/statistics/www/showstats.php
index 7011126ea54ccd23085772ace12510fb5f47a6c1..544a9c4f7a851a15b223db6fa099bc5446e0418d 100644
--- a/modules/statistics/www/showstats.php
+++ b/modules/statistics/www/showstats.php
@@ -151,6 +151,14 @@ $t->data['jquery'] = ['core' => false, 'ui' => true, 'css' => true];
$t->show();
+
+/**
+ * @param \SimpleSAML\XHTML\Template $t
+ * @param string $type
+ * @param string|null $key
+ * @param string|null $value
+ * @return string|array
+ */
function getBaseURL($t, $type = 'get', $key = null, $value = null)
{
$vars = [
diff --git a/phpunit.xml b/phpunit.xml
index 6915e5c0b1ba3648aa2142556c471024390568ec..12a0823fbb56ce0e4e0e176fa785acba632b6bb0 100644
--- a/phpunit.xml
+++ b/phpunit.xml
@@ -7,7 +7,6 @@
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
- syntaxCheck="false"
bootstrap="./tests/bootstrap.php">
<testsuites>
<testsuite name="Unit tests">
diff --git a/psalm.xml b/psalm.xml
index ad50896fc440325a87b8967503a3fd150bbf41cb..a9ed2d69e3e9d1fa1a3f355e4357b41657fd94ae 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -29,6 +29,7 @@
</issueHandlers>
<stubs>
+ <file name="tests/Utils/Stubs/krb5.php" />
<file name="tests/Utils/Stubs/memcache.php" />
<file name="tests/Utils/Stubs/memcached.php" />
<file name="tests/Utils/Stubs/predis.php" />
diff --git a/templates/base.twig b/templates/base.twig
index 29228797c37b932ecba2ae862f9a17ad32818f41..e33257b76a6cd95e3490213288b142d2d90f415d 100644
--- a/templates/base.twig
+++ b/templates/base.twig
@@ -4,11 +4,11 @@
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="initial-scale=1.0">
<title>{{ pagetitle }}</title>
- <link rel="stylesheet" type="text/css" href="{{ asset("css/stylesheet.css") }}">
- <link rel="icon" type="image/icon" href="/{{ baseurlpath }}resources/icons/favicon.ico">
+ <link rel="stylesheet" href="{{ asset("css/stylesheet.css") }}">
+ <link rel="icon" href="/{{ baseurlpath }}resources/icons/favicon.ico">
{% if isRTL %}
- <link rel="stylesheet" type="text/css" href="/{{ baseurlpath }}assets/css/src/default-rtl.css" />
+ <link rel="stylesheet" href="{{ asset("assets/css/src/default-rtl.css") }}">
{% endif %}
<meta name="robots" content="noindex, nofollow">
diff --git a/tests/SigningTestCase.php b/tests/SigningTestCase.php
new file mode 100644
index 0000000000000000000000000000000000000000..1c48310d17335db8a0c709cd5b07c4383695d923
--- /dev/null
+++ b/tests/SigningTestCase.php
@@ -0,0 +1,193 @@
+<?php
+/**
+ * A test case that provides a certificate directory with public and private
+ * keys.
+ *
+ * @package SimpleSAMLphp
+ */
+
+namespace SimpleSAML\Test;
+
+use PHPUnit\Framework\TestCase;
+use \org\bovigo\vfs\vfsStream;
+
+class SigningTestCase extends TestCase
+{
+ // openssl genrsa -out ca.key.pem 2048
+ protected $ca_private_key = <<<'NOWDOC'
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtj5GuvnC5aCg8bhq2Yy4isp/uXtRRWKhbB5aYP7/1DwwwQ1Z
+LtBosBAA5SMD4s4L9w/bbJVVVAzhc9cpe2vDYLe1faUZlvOzJv/JuH/ux5NRkgmx
+2qBic1zEEu2KuCQRvNgu4kAbWRS6bxxQWJuhJy5ZJpXRDZOeb8t8JAn6LL6rfMfS
+rwGP2ITaK2lrqvzOaoktHkstGVOg3yn5K15lCKSSBI3qmlYtcU5VnL/kSPY2Gda6
+eF3gDSAflymNhHmaEx6LZM6HWNtJdUjGrcivjynpIdo7DMfL3OTXV8vM0Ad4A55e
+x0020Cn/gXCShwIs9lUrmjUzX/DJ0Rc4vVzGVwIDAQABAoIBAQCOViGEE2KHWmeZ
+o0HA3EmeDP6o7YnSOXB+M06/hypkpwYlIbnP+HJrYHRygmCcmfV6Z2YnbpMQbGcB
+xMDfZpFYTuNvWK2d2oTIJut0MGdcdNE20F+as71xALkbV3AK1hEMf4ROrWcusiPS
+eDjAm/zHz0lN+6Eli3ApPLKeqzQ8EPQhCVkcj2+3WoiL/lE5ImSVN2fiW0tZff/D
+4T42teZWVihnrooovpZ+1/RiOc+rSMdStvIadr9TfUe0s74+3p2XmeKDd/0VgJI/
+G2Lr6AFy5YUahNKfh3XlHwnn9eizl3oUU0wzC4OrvSuXrzAQalF6T8ULHgC5+JuC
+IV+oE1fhAoGBAPCA8aS0lXOiwDUUpZB7fU/h1ZWVksvHs1TtoWooGcNxTqb3FbTE
+seVURBIsrA+qYoz2YGCqoTsbz8743wmoN10b85uoWIjh2ZKPMPMumeMHTMbo7MJ+
+m1bE+m1kQqioYvF86Dp39DjkvuAYDZEUA7SWOqLQ5XFuOgLC8e5jeDDJAoGBAMH8
+VuJRZ0HqmKnRTT9n2vh/0bRkpPx/Umi40qiPWxeVDXHUjJ3d1xlxint7cxjc1OKv
+0cBvRtz3fg0rgy+TA7BQ4oauQSgjiRzbuNmcrR3g4iAC9pZzp+8dJwZ6p1DwiWZU
+Eh1GvJh0obshRetBTvuWj/Mca0ahb3NeYhke1O4fAoGBAOBw9REoFXDcqVLf+cJj
+/AXYU2JNO7lAnHLdcI2I7sIds7DNVUxlYz8I7J2pYskb0OyL4FVV5zEqOzyDtGFm
+woP52dWhvT3AxzKmvp+zFZlw7o2SQaEgVgcbvDjqH+sVeYCzeGVYHGobzqWCzOZf
+LzYQHJhlKjo5C5oYI369BSVBAoGAb1II5h2C3Q/shd9nrhBCV8K6LARprcC/IPuX
+YEXMJ49QxNcNzvZknuRKbSxd05G+1UvCWeVBzEJ24sXqpZ1/S2pPZKyRFaC26Ymp
+3a+MpQ3NlkM9EP/UCmM3Zv9yDv/KSZ/LOWPDjNW5jjK89hFnavdvKjtP0JuJ4rHy
+J6pK1U8CgYEAjDKRReVFJLaWfj8dLskOg4eCMcUj1H1+ADeeXa0B9e75//24Dyrq
+kQRHYowCvEG+j71Fzw8AcC80VzEYMKU50lXOnCb3mHaCJhm2TOK0QYsm36jTVW2w
+mHreqJFXp12lURaL+esz01oaH49ZUzVeZVGmVyOzoSDYEOq9K7L/j14=
+-----END RSA PRIVATE KEY-----
+NOWDOC;
+
+ // openssl req -key ca.key.pem -new -x509 -days 3650 -out ca.cert.pem
+ private $ca_certificate = <<<'NOWDOC'
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIJAII4rW68Q+IsMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxKTAnBgNVBAMMIEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZCBSb290IENBMB4XDTE3MTAxMTIxMjIzOFoXDTI3MTAwOTIxMjIzOFowcDELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDEpMCcGA1UEAwwgSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
+THRkIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Pka6
++cLloKDxuGrZjLiKyn+5e1FFYqFsHlpg/v/UPDDBDVku0GiwEADlIwPizgv3D9ts
+lVVUDOFz1yl7a8Ngt7V9pRmW87Mm/8m4f+7Hk1GSCbHaoGJzXMQS7Yq4JBG82C7i
+QBtZFLpvHFBYm6EnLlkmldENk55vy3wkCfosvqt8x9KvAY/YhNoraWuq/M5qiS0e
+Sy0ZU6DfKfkrXmUIpJIEjeqaVi1xTlWcv+RI9jYZ1rp4XeANIB+XKY2EeZoTHotk
+zodY20l1SMatyK+PKekh2jsMx8vc5NdXy8zQB3gDnl7HTTbQKf+BcJKHAiz2VSua
+NTNf8MnRFzi9XMZXAgMBAAGjUzBRMB0GA1UdDgQWBBQjqR1+FXBhfbKUUMfdjHp/
+9fMvPTAfBgNVHSMEGDAWgBQjqR1+FXBhfbKUUMfdjHp/9fMvPTAPBgNVHRMBAf8E
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAuUyMn7wz8RUAjW5cbOTvLejYmaPKf
+EzWMYhcRmCQcmqZJ3Sxy+VEBCZsHG+a5R0rXsQ1Iwrgpo7H4d5+CRS6rJcrKAKC+
+1Izaolodnfbz1sQlmHxwkSwDqdb4pWujw7L0YBfvsUc5FGoKfdPUoa6qL/eP1pVH
+0d9JC1ucX+0EmTX9a+3LH0t3evPP2yx53SjQiMoRf/ty7NwfIVxlqWyKFJnUYSF5
+c2jGmls/F+PBVeW51bfK00DpdXLgbgWmNDdePf2fPvpkADGfo/DxLZOTtiY6ngtO
+BdyrA5DmvSuL/Yfq03J9btXX4NnANQFVvfSbun7ts5F1qTkSe/vHCoke
+-----END CERTIFICATE-----
+NOWDOC;
+
+ // openssl genrsa -out good.key.pem 2048
+ protected $good_private_key = <<<'NOWDOC'
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqmNn4bt/jrMHgoWtwXLc2ok17BHh1O5ETbn9rK3KFjk3BXp5
+3aGveill+KbW7SgriGZSa1KBE2uaQy2mZpiBQqFrLcgKhtzaCNLyBvKOozQhn/XN
+6m2kN8EDZaGIGxtM/6ypUAnytscGo2bKzyHtOjYOPwEeALiq7+YrR1Bc2X05OyVu
+dV8Wju8QUCm7No85/TOjxD6SrWUXuEPJm0RiyVMeZhuKmtxm0kB2ZtQ0lKViOxaL
+iBRiW9TldY94NaHfgaZSpCmrikoiS4QJ4hTo4nEVpjx+1BDJIar3bfxH+vwuLlOo
+Zg3KI9BYcWm5n+XKwTxnhaBWM8MH3PtmLNbrRwIDAQABAoIBAQCWNpbRogwdkOXR
+AushPZNJMmgQW999aiVbZNooTvp3Ry+jq8seQjnCeBbG9MdMQvrGAHcu2Iikx1sz
+WF532oEybb5gmRf2t2OdHeNzjomDhiUSsZA82TZKVOYaxiKIyzPBv8Vwo6SP0Lyg
+d7HalC1hAWDj2KdLuYIxhvimoUmKDnPS80on0/vKxlevK/2er7nHCIIvHyCS0Q8G
+5AB9LN1bSJIBKm71yHNAUxrv6MUNaLvyCKGv6dea/6ED+gusmcsb4TG7y2nbLOq0
+CSx+YcNozrkAb21nJFKYWKmbMvHdtcBuU2dlgiUN3+rXSD45GlvDSPciqr8iCiUU
+DjHUp8khAoGBAN6aNWAqUhpxMJ0ozJBDPZKnkFml4IjsqXFk5Z2nHwThHonKpIV2
+KaXr4CYfsOQvddAPd9G+ziAaX5QcRBL/91tRGmJR8/kizPpTgxc3SwosJfIQnAkS
+0GNnpM65DyDkvEXGsA7bhD8FXBDFFgB2Jd0tbTh30wyjgXlyrrWTDYx3AoGBAMPz
+vZRQ/MdOY7DtFQ6Uz/GJ5xNojAE+9KYJskNBMAnQTkqUAqTQ8MNHvx1L9J9EhK1A
+rVyrgXvANuIFhCEVMMIrZYweNFe0/nPjBRRcc0rhHw66VZWI4j5Q3tgvl2gwy+LN
+zkvlTOexMu90V9idso+R76++mfK/LWVAf3e36duxAoGAKztX0m1ltKz2/A7Ia9wj
+QTA54K9OhEkyP0uRLKUgaRovjCNHAISKYicFSWIuQKLXBql6Y8nizmlQ1rsGnYoI
+yDtgHGg+McyIcrV1aDTc5gTc+b4wD7MPtb6TS3K1dXX2+rYzyy7m6DZqQveD5mML
+x4DjDWx4GKRIqQWU2L7OitECgYAdEXlcGS+GeXB8fI8VHKpEUIrA7E9ol+g/AU06
+gN8ZdZdHpPFHdd9heLE3LV9aiRWNhfyxtJd+viLmIJ9bMQOMqldkE877+9OLaXAF
+dzl7MC4lRysPBcFaMTD9rQGu6R41xQYHaDqiXD0MHJwzfCFS/vkpfwLjaczYKls+
+bT/54QKBgHsmjU3TqqFn5hTNTFcbwaRtuiSGSgX6Udgfmg2Vl+d0JsANgPd9X9s4
+KXyBC+biIPnDkQEQ6GW+r1VkTl9KBvxqdaertwpErUF2/JkGMmuYQ1Lvsw/gXpvr
+GcEpWSFVRCYKwN+P0FW0fgUaRAyFmoCIvQ3nGtJWH6I0KSS+76r0
+-----END RSA PRIVATE KEY-----
+NOWDOC;
+
+ // openssl req -key good.key.pem -new -out good.csr.pem
+ // openssl x509 \
+ // -req \
+ // -CA ca.cert.pem \
+ // -CAkey ca.key.pem \
+ // -CAcreateserial \
+ // -days 3650 \
+ // -in good.csr.pem \
+ // -out good.cert.pem
+ protected $good_certificate = <<<'NOWDOC'
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAk0CCQC+sxqJmyko6TANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMSkwJwYDVQQDDCBJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQgUm9v
+dCBDQTAeFw0xNzEwMTEyMTIzMTRaFw0yNzEwMDkyMTIzMTRaMHkxCzAJBgNVBAYT
+AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
+aXRzIFB0eSBMdGQxMjAwBgNVBAMMKUludGVybmV0IFdpZGdpdHMgUHR5IEx0ZCBU
+ZXN0IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+qmNn4bt/jrMHgoWtwXLc2ok17BHh1O5ETbn9rK3KFjk3BXp53aGveill+KbW7Sgr
+iGZSa1KBE2uaQy2mZpiBQqFrLcgKhtzaCNLyBvKOozQhn/XN6m2kN8EDZaGIGxtM
+/6ypUAnytscGo2bKzyHtOjYOPwEeALiq7+YrR1Bc2X05OyVudV8Wju8QUCm7No85
+/TOjxD6SrWUXuEPJm0RiyVMeZhuKmtxm0kB2ZtQ0lKViOxaLiBRiW9TldY94NaHf
+gaZSpCmrikoiS4QJ4hTo4nEVpjx+1BDJIar3bfxH+vwuLlOoZg3KI9BYcWm5n+XK
+wTxnhaBWM8MH3PtmLNbrRwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAyWgO1+gyu
+3ao9Om0/TaAgJzsb2dnrb91P4eLo285bPToOGekaJyP5up6xP6DsOnvPCkXIglld
+PR8LyCWjHhIFL7bZod7cmXvBhedX7yxP9nwDwOvz9e9M117cVXfUQqZVktLiDxmg
+FxNHi6lMlYtvvnHnjnjYtA2w7c0u0SBeqhXfctZxrzqP97BzUAQkk75ElDJM6lNw
+FTVvRw8z7um+jeruCa6FcUVBxkKcUNvo3p6C2m+bntkqmMZji1YZ7j0kC/tnjr95
+hQc0xnrLQ255SjMn+nQtMkVSuKwAUqaAP1ByyiVbN1cBlHnMiJCjvBI58bSTdlVK
+0ZppWlc39T6m
+-----END CERTIFICATE-----
+NOWDOC;
+
+ const ROOTDIRNAME = 'testdir';
+ const DEFAULTCERTDIR = 'certdir';
+ const CA_PRIVATE_KEY = 'ca.key.pem';
+ const CA_CERTIFICATE = 'ca.cert.pem';
+ const GOOD_PRIVATE_KEY = 'good.key.pem';
+ const GOOD_CERTIFICATE = 'good.cert.pem';
+
+
+ public function getCertDirContent()
+ {
+ return [
+ self::CA_PRIVATE_KEY => $this->ca_private_key,
+ self::CA_CERTIFICATE => $this->ca_certificate,
+ self::GOOD_PRIVATE_KEY => $this->good_private_key,
+ self::GOOD_CERTIFICATE => $this->good_certificate,
+ ];
+ }
+
+
+ public function setUp()
+ {
+ $this->root = vfsStream::setup(
+ self::ROOTDIRNAME,
+ null,
+ [
+ self::DEFAULTCERTDIR => $this->getCertDirContent(),
+ ]
+ );
+ $this->root_directory = vfsStream::url(self::ROOTDIRNAME);
+
+ $this->certdir = $this->root_directory.DIRECTORY_SEPARATOR.self::DEFAULTCERTDIR;
+ $this->ca_private_key_file = $this->certdir.DIRECTORY_SEPARATOR.self::CA_PRIVATE_KEY;
+ $this->ca_certificate_file = $this->certdir.DIRECTORY_SEPARATOR.self::CA_CERTIFICATE;
+ $this->good_private_key_file = $this->certdir.DIRECTORY_SEPARATOR.self::GOOD_PRIVATE_KEY;
+ $this->good_certificate_file = $this->certdir.DIRECTORY_SEPARATOR.self::GOOD_CERTIFICATE;
+
+ $this->config = \SimpleSAML\Configuration::loadFromArray([
+ 'certdir' => $this->certdir,
+ ], '[ARRAY]', 'simplesaml');
+ }
+
+
+ public function tearDown()
+ {
+ $this->clearInstance($this->config, '\SimpleSAML\Configuration', []);
+ }
+
+
+ protected function clearInstance($service, $className, $value = null)
+ {
+ $reflectedClass = new \ReflectionClass($className);
+ $reflectedInstance = $reflectedClass->getProperty('instance');
+ $reflectedInstance->setAccessible(true);
+ $reflectedInstance->setValue($service, $value);
+ $reflectedInstance->setAccessible(false);
+ }
+}
diff --git a/tests/Utils/Stubs/krb5.php b/tests/Utils/Stubs/krb5.php
new file mode 100644
index 0000000000000000000000000000000000000000..14e86b309e0e0ce6b3bb282b8700bba10968a9fb
--- /dev/null
+++ b/tests/Utils/Stubs/krb5.php
@@ -0,0 +1,173 @@
+<?php
+
+class KRB5NegotiateAuth
+{
+ /**
+ * @param string $keytab
+ * @param string $spn
+ */
+ public function __construct($keytab, $spn)
+ {
+ }
+
+
+ /**
+ * @return bool
+ */
+ public function doAuthentication()
+ {
+ }
+
+
+ /**
+ * @return string
+ */
+ public function getAuthenticatedUser()
+ {
+ }
+
+
+ /**
+ * @param KRB5CCache $ccache
+ * @return void
+ */
+ public function getDelegatedCredentials(KRB5CCache $ccache)
+ {
+ }
+}
+
+
+class KRB5CCache
+{
+ /**
+ *
+ */
+ public function __construct()
+ {
+ }
+
+
+ /**
+ * @return string
+ */
+ public function getName()
+ {
+ }
+
+
+ /**
+ * @param string $src
+ * @return bool
+ */
+ public function open($src)
+ {
+ }
+
+
+ /**
+ * @param string $dest
+ * @return bool
+ */
+ public function save($dest)
+ {
+ }
+
+
+ /**
+ * @param string $principal
+ * @param string $pass
+ * @param array|null $options
+ * @return bool
+ */
+ public function initPassword($principal, $pass, $options = null)
+ {
+ }
+
+
+ /**
+ * @param string $principal
+ * @param string $keytab_file
+ * @param array|null $options
+ * @return bool
+ */
+ public function initKeytab($principal, $keytab_file, $options = null)
+ {
+ }
+
+
+ /**
+ * @return string
+ */
+ public function getPrincipal()
+ {
+ }
+
+
+ /**
+ * @return string
+ */
+ public function getRealm()
+ {
+ }
+
+
+ /**
+ * @return array
+ */
+ public function getLifetime()
+ {
+ }
+
+
+ /**
+ * @return array
+ */
+ public function getEntries()
+ {
+ }
+
+
+ /**
+ * @param int $timeRemain
+ * @return bool
+ */
+ public function isValid($timeRemain = 0)
+ {
+ }
+
+
+ /**
+ * @param string|null $prefix
+ * @return array
+ */
+ public function getTktAttrs($prefix = null)
+ {
+ }
+
+
+ /**
+ * @return bool
+ */
+ public function renew()
+ {
+ }
+
+
+ /**
+ * @param string $principal
+ * @param string $oldpass
+ * @param string $newpass
+ * @return bool
+ */
+ public function changePassword($principal, $oldpass, $newpass)
+ {
+ }
+
+
+ /**
+ * @return array
+ */
+ public function getExpirationTime()
+ {
+ }
+}
diff --git a/tests/Utils/Stubs/radius.php b/tests/Utils/Stubs/radius.php
index 102c562e1d542422d0d7b3ee1e7fb961b2c847a0..6b886beac28f1c2cc2c5a01f3bb530f65e1b7a24 100644
--- a/tests/Utils/Stubs/radius.php
+++ b/tests/Utils/Stubs/radius.php
@@ -324,7 +324,9 @@ define('RADIUS_OPTION_SALT', RADIUS_OPTION_SALT);
* @return resource|bool Returns a handle on success, <b>FALSE</b> on error. This function only fails if insufficient memory is available.
* @since 1.1.0
*/
-function radius_acct_open() { }
+function radius_acct_open()
+{
+}
/**
* <b>radius_add_server()</b> may be called multiple times, and it may be used together with {@see radius_config()}. At most 10 servers may be specified. When multiple servers are given, they are tried in round-robin fashion until a valid response is received, or until each server's max_tries limit has been reached.
@@ -341,7 +343,9 @@ function radius_acct_open() { }
* @see radius_config()
* @since 1.1.0
*/
-function radius_add_server($radius_handle , $hostname, $port , $secret, $timeout, $max_tries) { }
+function radius_add_server($radius_handle, $hostname, $port, $secret, $timeout, $max_tries)
+{
+}
/**
* Creates a Radius handle for authentication
@@ -349,7 +353,9 @@ function radius_add_server($radius_handle , $hostname, $port , $secret, $timeout
* @return resource|bool Returns a handle on success, <b>FALSE</b> on error. This function only fails if insufficient memory is available.
* @since 1.1.0
*/
-function radius_auth_open() { }
+function radius_auth_open()
+{
+}
/**
* Free all ressources. It is not needed to call this function because php frees all resources at the end of each request.
@@ -358,7 +364,9 @@ function radius_auth_open() { }
* @return bool Returns <b>TRUE</b> on success or <b>FALSE</b> on failure.
* @since 1.1.0
*/
-function radius_close($radius_handle) { }
+function radius_close($radius_handle)
+{
+}
/**
* Before issuing any Radius requests, the library must be made aware of the servers it can contact. The easiest way to configure the library is to call <b>radius_config()</b>. <b>radius_config()</b> causes the library to read a configuration file whose format is described in radius.conf.
@@ -370,7 +378,9 @@ function radius_close($radius_handle) { }
* @see radius_add_server()
* @since 1.1.0
*/
-function radius_config($radius_handle, $file) { }
+function radius_config($radius_handle, $file)
+{
+}
/**
* A Radius request consists of a code specifying the kind of request, and zero or more attributes which provide additional information. To begin constructing a new request, call <b>radius_create_request()</b>.<br />
@@ -382,4 +392,6 @@ function radius_config($radius_handle, $file) { }
* @see radius_send_request()
* @since 1.1.0
*/
-function radius_create_request($radius_handle, $type) { }
\ No newline at end of file
+function radius_create_request($radius_handle, $type)
+{
+}
diff --git a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
index a443d0e313f0acca03e12101d47189deeb9f44c5..94c25ba9d982df936ec1fd9f3f6e5ef4a143dbfd 100644
--- a/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
+++ b/tests/lib/SimpleSAML/Metadata/SAMLParserTest.php
@@ -2,12 +2,17 @@
namespace SimpleSAML\Test\Metadata;
+require_once(__DIR__.'/../../../SigningTestCase.php');
+
use PHPUnit\Framework\TestCase;
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
+use \SimpleSAML\XML\Signer;
+use \SimpleSAML\Metadata\SAMLParser;
/**
* Test SAML parsing
*/
-class SAMLParserTest extends TestCase
+class SAMLParserTest extends \SimpleSAML\Test\SigningTestCase
{
/**
* Test Registration Info is parsed
@@ -133,4 +138,101 @@ XML
$this->assertEquals($expected_a, $metadata['attributes']);
$this->assertEquals($expected_r, $metadata['attributes.required']);
}
+
+
+ public function makeTestDocument()
+ {
+ $doc = new \DOMDocument();
+ $doc->loadXML(
+ <<<XML
+<?xml version="1.0"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+ <EntityDescriptor entityID="theEntityID">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"/>
+ </EntityDescriptor>
+</EntitiesDescriptor>
+XML
+ );
+
+ $entities_root = $doc->getElementsByTagName('EntitiesDescriptor')->item(0);
+ $signer = new Signer([]);
+ $signer->loadPrivateKey($this->good_private_key_file, null, true);
+ $signer->loadCertificate($this->good_certificate_file, true);
+ $signer->sign($entities_root, $entities_root);
+
+ return $doc;
+ }
+
+ public function _testValidateFingerprint($algo, $expected_fingerprint)
+ {
+ $doc = $this->makeTestDocument();
+ $entities = \SimpleSAML\Metadata\SAMLParser::parseDescriptorsElement($doc->documentElement);
+ foreach ($entities as $entity) {
+ $this->assertTrue(
+ $entity->validateFingerprint($expected_fingerprint, $algo)
+ );
+ }
+ }
+
+
+ public function testValidateFingerprintSHA1()
+ {
+ $this->_testValidateFingerprint(
+ XMLSecurityDSig::SHA1,
+ 'A7:FB:75:22:57:88:A1:B0:D0:29:0A:4B:D1:EA:0C:01:F8:98:44:A0'
+ );
+ }
+
+
+ public function testValidateFingerprintSHA256()
+ {
+ $this->_testValidateFingerprint(
+ XMLSecurityDSig::SHA256,
+ '3E:04:6B:2C:13:B5:02:FB:FC:93:66:EE:6C:A3:D1:BB:B8:9E:D8:38:03' .
+ ':96:C5:C0:EC:95:D5:C9:F6:C1:D5:FC'
+ );
+ }
+
+
+ public function testValidateFingerprintSHA384()
+ {
+ $this->_testValidateFingerprint(
+ XMLSecurityDSig::SHA384,
+ '38:87:CC:59:54:CF:ED:FC:71:B6:21:F3:8A:52:76:EF:30:C8:8C:A0:38' .
+ ':48:77:87:58:14:A0:B3:55:EF:48:9C:B4:B3:44:1F:B7:BB:FC:28:65' .
+ ':6E:93:83:52:C2:8E:A6'
+ );
+ }
+
+
+ public function testValidateFingerprintSHA512()
+ {
+ $this->_testValidateFingerprint(
+ XMLSecurityDSig::SHA512,
+ '72:6C:51:01:A1:E9:76:D8:61:C4:B2:4F:AC:0B:64:7D:0D:4E:B7:DC:B3' .
+ ':4A:92:23:51:A6:DC:A5:A1:9A:A5:DD:43:F5:05:6A:B7:7D:83:1F:B6:' .
+ 'CC:68:54:54:54:37:1B:EC:E1:22:5A:48:C6:BC:67:4B:A6:78:EE:E0:C6:8C:59'
+ );
+ }
+
+
+ public function testValidateFingerprintUnknownAlgorithmThrows()
+ {
+ $doc = $this->makeTestDocument();
+ $entities = \SimpleSAML\Metadata\SAMLParser::parseDescriptorsElement($doc->documentElement);
+ foreach ($entities as $entity) {
+ try {
+ $entity->validateFingerprint('unused', 'invalid_algorithm');
+ } catch (\UnexpectedValueException $e) {
+ $this->assertEquals(
+ 'Unsupported hashing function invalid_algorithm. Known options: [' .
+ 'http://www.w3.org/2000/09/xmldsig#sha1, ' .
+ 'http://www.w3.org/2001/04/xmlenc#sha256, ' .
+ 'http://www.w3.org/2001/04/xmldsig-more#sha384, ' .
+ 'http://www.w3.org/2001/04/xmlenc#sha512]',
+ $e->getMessage()
+ );
+ }
+ }
+ }
}
diff --git a/tests/lib/SimpleSAML/XML/SignerTest.php b/tests/lib/SimpleSAML/XML/SignerTest.php
index f14ef5111b3fff4d1239583676a2b432c5900ad9..0d39df0e327dfac16463f23f2bce0862262aae66 100644
--- a/tests/lib/SimpleSAML/XML/SignerTest.php
+++ b/tests/lib/SimpleSAML/XML/SignerTest.php
@@ -2,8 +2,11 @@
namespace SimpleSAML\Test\XML;
+require_once(__DIR__.'/../../../SigningTestCase.php');
+
use PHPUnit\Framework\TestCase;
use \SimpleSAML\Configuration;
+use \SimpleSAML\Test\SigningTestCase;
use \SimpleSAML\XML\Signer;
use \org\bovigo\vfs\vfsStream;
@@ -11,123 +14,44 @@ use \org\bovigo\vfs\vfsStream;
/**
* Tests for SimpleSAML\XML\Signer.
*/
-class SignerTest extends TestCase
+class SignerTest extends SigningTestCase
{
- // openssl genrsa -out private.pem 2048
- private $private_key = <<<'NOWDOC'
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA5LoQYYPfKdHnSnuXI+SiHfUd648Ub0sn2YO81rmnwJ168Ol/
-FZODrGpm8tsRUTz5R9uXXSnwhnWwVJW4ckiZORcp1bEUGI0zXYR387yF3Ih87UFV
-KdqodrDXNN6Id7Xrw65AVa4gjwLN2DNBF3JnjbH7zKtnqhb7u2Qer7Lidhvw4WxY
-lC9t8c+Kv3xoJOgDvlG1gRaYTZv7pxTpBA7W1YnJpOj3xiXetVmAxRcGyB0Jc8aB
-nc1WoUBGudSvjvuc01kJ+rurjgklGEFjVP9AjPfcVkdcFTXc+ECets++AmZc/kk4
-Y6RKCn3fOJlL5L0RxVSJ8obnBcS7H4rZYordfwIDAQABAoIBAH364cTkPompPIyw
-0AmMB6MafFVfZHD8Y0GSJvPaJESaOLny0fWPX4oavQNsl/g37lGe6Jr+26Ujs3CT
-WplP1V01new+cYQoWa9bpDoSj2RtpOmE/6Ri9EETnCVZoK7W+7m3A2Zt1y8N61T2
-vhZtBA5uhvMvQZTUvehz99bsX4GPTUilYHCPEq4IPkfhCMGigv/c0lWtFQhOoNUF
-BjZHezH4Z/qQolIaHpzFZT0K0e7VD4gomBegGsIqPuEJ0gProCjULqA0O5QT4gQX
-IT52pUJuU0061d4JOfDcgDI3NT2SmBBMfig71n/R88eMn0azWKN4rn4/3QjxRW3q
-tdjL0UECgYEA/ynTXtuL7G5zOezKirakuSlSbHu/3TJ+tdG5p7WOLqWADUzgqss+
-k7rxxFUxw40dBpC0LfYP5YMhXi4cBiNoT5EWhT53x/UxCilXHuz5uYcrt/Wyaqa0
-mZuyIPYuw/yTASEBUE/sE1DU82PD3IlkPmqfgEyW6j8CVyLqo/LxMWECgYEA5XoM
-aVB5jhYk8jxy0APWn4jSTm2zpTBZpzHmqTPL19B4Es18XoU+ehWA8rWGQFFwbl1f
-TTUBE1hlS9MgMMI8MK6S1Qrhi7mVrHuMaMbp0ilwDBjv+4DSqlDGDoCSLCLrDkkl
-c0uDLLFGHkfDjNmk3uiSxPZvrUiVVuwJYLGNGt8CgYEAyvjWbsptz7E8b4Nwyk7n
-UXMRYcI+qRIVwUQHTuUZKPn1lp7kyHfMW2+GCgtK/qctw58v9K+bjZJ15JkBKdDY
-lRJwu6UpWyIr1E12Q9919qMTn84OEtBxMQ+s7pNmN/ieZ3N9vAkXXXYbL1DY6IFS
-AGSIZGKIWeWtUusvgyMpwYECgYEArGDIHfxTs0YzLrv1ywh3GpQe1sdVYUs2rX+w
-s32zLETvTcCKIj6ZNgAdQzTUyk/i0yTUyBx+2FdYkGLiFX5y1Gbu6ZYo41rfchfE
-25hAYJy8DHpXG2gj18ihXpd6NilsxOhxd3BL8zCfaXOjE5USYlf2mHo+Xb7eX9Mj
-ID1/r6UCgYBos8plM27v5BzI8gghUlkFAFLmmccJXQHCUlUhT1+d8FTMEhTZGjZk
-94a7cc/ps+6UCp6hOqJ2d6w+cfteWZWP0zMcoxr2JAO9lYekIlUafoZ+mhJCCqoC
-ENg4/K7BqpAlRzCf28gUiL53wOut2CadGIoSvj0UR/Mh2eM64jTgSQ==
------END RSA PRIVATE KEY-----
-NOWDOC;
-
- // openssl req -new -x509 -key private.pem -out public1.pem -days 3650
- private $certificate1 = <<<'NOWDOC'
------BEGIN CERTIFICATE-----
-MIIDXTCCAkWgAwIBAgIJAIonjtIRUcfJMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMTcwNjE1MTcyMTI4WhcNMjcwNjEzMTcyMTI4WjBF
-MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA5LoQYYPfKdHnSnuXI+SiHfUd648Ub0sn2YO81rmnwJ168Ol/FZODrGpm
-8tsRUTz5R9uXXSnwhnWwVJW4ckiZORcp1bEUGI0zXYR387yF3Ih87UFVKdqodrDX
-NN6Id7Xrw65AVa4gjwLN2DNBF3JnjbH7zKtnqhb7u2Qer7Lidhvw4WxYlC9t8c+K
-v3xoJOgDvlG1gRaYTZv7pxTpBA7W1YnJpOj3xiXetVmAxRcGyB0Jc8aBnc1WoUBG
-udSvjvuc01kJ+rurjgklGEFjVP9AjPfcVkdcFTXc+ECets++AmZc/kk4Y6RKCn3f
-OJlL5L0RxVSJ8obnBcS7H4rZYordfwIDAQABo1AwTjAdBgNVHQ4EFgQUZHjC+k2X
-pMchyKojQngj5zOsZacwHwYDVR0jBBgwFoAUZHjC+k2XpMchyKojQngj5zOsZacw
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAETjO0RltSYxFdxmIqVIg
-7N6yKptUr46YkWY877HWmCLExHwFLTvewUvbgx7ASYA0YMErnAaVrT9IqCDbOUF+
-RCBovVuiAwwKcvag0C8nKg7rfx7KDr2E8vVV+2WzSpDECtLrpTmrPaje8TlFv8NW
-hMk80osVxnGmI7UewiMzfpRuA4tEKFxHhoQG5LVinWRTMKw6EYmrSKGLdQt/27zj
-xDe0oOS2DDIYbU/oWCqLtlTlzVqrNM7ig9HKcT0Xxgf5rwTDDzNf/dpM/Nt8DWFY
-YmLDnUolf8d/M/kglX1x5IRSN+GxTCgV8i6dIF9EPtBW/AfMz99ojmW+WOgfOLnm
-vg==
------END CERTIFICATE-----
-NOWDOC;
-
- // openssl req -new -x509 -key private.pem -out public2.pem -days 3650
- private $certificate2 = <<<'NOWDOC'
+ // openssl req -new -x509 -key good.key.pem -out public2.pem -days 3650
+ private $other_certificate = <<<'NOWDOC'
-----BEGIN CERTIFICATE-----
-MIIDXTCCAkWgAwIBAgIJAJ6gIIeYjdQSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMTcwNjE1MTcyMTM0WhcNMjcwNjEzMTcyMTM0WjBF
-MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA5LoQYYPfKdHnSnuXI+SiHfUd648Ub0sn2YO81rmnwJ168Ol/FZODrGpm
-8tsRUTz5R9uXXSnwhnWwVJW4ckiZORcp1bEUGI0zXYR387yF3Ih87UFVKdqodrDX
-NN6Id7Xrw65AVa4gjwLN2DNBF3JnjbH7zKtnqhb7u2Qer7Lidhvw4WxYlC9t8c+K
-v3xoJOgDvlG1gRaYTZv7pxTpBA7W1YnJpOj3xiXetVmAxRcGyB0Jc8aBnc1WoUBG
-udSvjvuc01kJ+rurjgklGEFjVP9AjPfcVkdcFTXc+ECets++AmZc/kk4Y6RKCn3f
-OJlL5L0RxVSJ8obnBcS7H4rZYordfwIDAQABo1AwTjAdBgNVHQ4EFgQUZHjC+k2X
-pMchyKojQngj5zOsZacwHwYDVR0jBBgwFoAUZHjC+k2XpMchyKojQngj5zOsZacw
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA1CqpKLeYLkgRym2qeMhU
-5lKlXAYX5b0eM2SOCCjfpEnRqp2PTU/E83H0MOY6i47OfHp3LKNUj4Kze2DD+S6A
-llpmLfuLXZ/CB19sByzMrcEyUQo4mfqvKyzLhUTgygGczyocwRRZgnw1e+VwMtpf
-mgXnldomDT8CUsM2v3Xb52+JPGSCs16lRYZkgDCQEpHU4+VQxwGAGpj13NM+sidR
-ymj443jgpF6XUviaGiaS292rXMO/tW7veA1UZ2/eTKu5PF9RqDmYLiGatY1qp4tr
-QjBeEjMtDCs9Rqaety/UIaL4ZfOKffLKsKb2mjM/ew+QTwTLDg9RVv5vv2jbZrw7
-Nw==
+MIIDazCCAlOgAwIBAgIUGPKUWW1GN07xxAsGENQ+rZPyABAwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTAyMTgxNTU5MDRaFw0yOTAy
+MTUxNTU5MDRaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCqY2fhu3+OsweCha3BctzaiTXsEeHU7kRNuf2srcoW
+OTcFenndoa96KWX4ptbtKCuIZlJrUoETa5pDLaZmmIFCoWstyAqG3NoI0vIG8o6j
+NCGf9c3qbaQ3wQNloYgbG0z/rKlQCfK2xwajZsrPIe06Ng4/AR4AuKrv5itHUFzZ
+fTk7JW51XxaO7xBQKbs2jzn9M6PEPpKtZRe4Q8mbRGLJUx5mG4qa3GbSQHZm1DSU
+pWI7FouIFGJb1OV1j3g1od+BplKkKauKSiJLhAniFOjicRWmPH7UEMkhqvdt/Ef6
+/C4uU6hmDcoj0Fhxabmf5crBPGeFoFYzwwfc+2Ys1utHAgMBAAGjUzBRMB0GA1Ud
+DgQWBBSJC3ioF0fu+hgZTQCy0dg1LwNE0TAfBgNVHSMEGDAWgBSJC3ioF0fu+hgZ
+TQCy0dg1LwNE0TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB/
+otEPUNWLWIEJXOnF7pPv1orXdeCGpCgNK+k8pJDYkl7jTNs3sq8U/aCy9qIrrFOA
+MH0D5dh9xVf+DeDeUKT6/Td8EvPrXnzfkfU2xDgbCKk+WIk1luMvCwOzxYFlPCOo
+pBCt2aQAHuqKeR6uXOjyRv5Kw0jdr94df/FquqHFkSQxVSPBSLW8jzwxXKSh291j
+d2udRIYG0WcjQTk86+EraXNGtuwUaknQ7WPKlJwLzypuZM8lk3F1FXxXWomHN3SH
+29N8MpL1tceQuMX8F6cdQuhjLThs4b+Dy6ITF05Pgm7xr1tByO+C5e7dNpEDwA3I
+31r+Yt4vwxjeCqQDSZik
-----END CERTIFICATE-----
NOWDOC;
const ROOTDIRNAME = 'testdir';
const DEFAULTCERTDIR = 'certdir';
- const PRIVATEKEY = 'privatekey.pem';
- const CERTIFICATE1 = 'certificate1.pem';
- const CERTIFICATE2 = 'certificate2.pem';
-
- public function setUp()
- {
- $this->root = vfsStream::setup(
- self::ROOTDIRNAME,
- null,
- [
- self::DEFAULTCERTDIR => [
- self::PRIVATEKEY => $this->private_key,
- self::CERTIFICATE1 => $this->certificate1,
- self::CERTIFICATE2 => $this->certificate2,
- ],
- ]
- );
- $this->root_directory = vfsStream::url(self::ROOTDIRNAME);
-
- $this->certdir = $this->root_directory.DIRECTORY_SEPARATOR.self::DEFAULTCERTDIR;
- $this->privatekey_file = $this->certdir.DIRECTORY_SEPARATOR.self::PRIVATEKEY;
- $this->certificate_file1 = $this->certdir.DIRECTORY_SEPARATOR.self::CERTIFICATE1;
- $this->certificate_file2 = $this->certdir.DIRECTORY_SEPARATOR.self::CERTIFICATE2;
-
- $this->config = Configuration::loadFromArray([
- 'certdir' => $this->certdir,
- ], '[ARRAY]', 'simplesaml');
- }
+ const OTHER_CERTIFICATE = 'other_certificate.pem';
- public function tearDown()
+ public function getCertDirContent()
{
- $this->clearInstance($this->config, '\SimpleSAML\Configuration', []);
+ return [
+ self::GOOD_PRIVATE_KEY => $this->good_private_key,
+ self::GOOD_CERTIFICATE => $this->good_certificate,
+ self::OTHER_CERTIFICATE => $this->other_certificate,
+ ];
}
public function testSignerBasic()
@@ -147,7 +71,7 @@ NOWDOC;
$insertInto = $doc->appendChild(new \DOMElement('insert'));
$signer = new Signer([]);
- $signer->loadPrivateKey($this->privatekey_file, null, true);
+ $signer->loadPrivateKey($this->good_private_key_file, null, true);
$signer->sign($element, $insertInto);
$res = $doc->saveXML();
@@ -177,13 +101,13 @@ NOWDOC;
$insertInto = $doc->appendChild(new \DOMElement('insert'));
$signer = new Signer([]);
- $signer->loadPrivateKey($this->privatekey_file, null, true);
- $signer->loadCertificate($this->certificate_file1, true);
+ $signer->loadPrivateKey($this->good_private_key_file, null, true);
+ $signer->loadCertificate($this->good_certificate_file, true);
$signer->sign($element, $insertInto);
$res = $doc->saveXML();
- $expected = self::getCertificateValue($this->certificate1);
+ $expected = self::getCertificateValue($this->good_certificate);
$this->assertContains('X509Certificate', $res);
$this->assertContains($expected, $res);
@@ -191,6 +115,8 @@ NOWDOC;
public function testSignWithMultiCertificate()
{
+ $this->other_certificate_file = $this->certdir.DIRECTORY_SEPARATOR.self::OTHER_CERTIFICATE;
+
$node = new \DOMDocument();
$node->loadXML('<?xml version="1.0"?><node>value</node>');
$element = $node->getElementsByTagName("node")->item(0);
@@ -199,15 +125,15 @@ NOWDOC;
$insertInto = $doc->appendChild(new \DOMElement('insert'));
$signer = new Signer([]);
- $signer->loadPrivateKey($this->privatekey_file, null, true);
- $signer->loadCertificate($this->certificate_file1, true);
- $signer->addCertificate($this->certificate_file2, true);
+ $signer->loadPrivateKey($this->good_private_key_file, null, true);
+ $signer->loadCertificate($this->good_certificate_file, true);
+ $signer->addCertificate($this->other_certificate_file, true);
$signer->sign($element, $insertInto);
$res = $doc->saveXML();
- $expected1 = self::getCertificateValue($this->certificate1);
- $expected2 = self::getCertificateValue($this->certificate2);
+ $expected1 = self::getCertificateValue($this->good_certificate);
+ $expected2 = self::getCertificateValue($this->other_certificate);
$this->assertContains('X509Certificate', $res);
$this->assertContains($expected1, $res);
diff --git a/tests/lib/SimpleSAML/XML/ValidatorTest.php b/tests/lib/SimpleSAML/XML/ValidatorTest.php
index b274ad9a89a7d3b9612228188ae397236052afbf..61d89bd258e7a59bc971f91b9c97cf9b341c063a 100644
--- a/tests/lib/SimpleSAML/XML/ValidatorTest.php
+++ b/tests/lib/SimpleSAML/XML/ValidatorTest.php
@@ -2,8 +2,10 @@
namespace SimpleSAML\Test\XML;
+require_once(__DIR__.'/../../../SigningTestCase.php');
+
use PHPUnit\Framework\TestCase;
-use \SimpleSAML\Configuration;
+use \SimpleSAML\Test\SigningTestCase;
use \SimpleSAML\XML\Signer;
use \SimpleSAML\XML\Validator;
@@ -12,168 +14,8 @@ use \org\bovigo\vfs\vfsStream;
/**
* Tests for SimpleSAML\XML\Validator.
*/
-class ValidatorTest extends TestCase
+class ValidatorTest extends SigningTestCase
{
- // openssl genrsa -out ca.key.pem 2048
- private $ca_private_key = <<<'NOWDOC'
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtj5GuvnC5aCg8bhq2Yy4isp/uXtRRWKhbB5aYP7/1DwwwQ1Z
-LtBosBAA5SMD4s4L9w/bbJVVVAzhc9cpe2vDYLe1faUZlvOzJv/JuH/ux5NRkgmx
-2qBic1zEEu2KuCQRvNgu4kAbWRS6bxxQWJuhJy5ZJpXRDZOeb8t8JAn6LL6rfMfS
-rwGP2ITaK2lrqvzOaoktHkstGVOg3yn5K15lCKSSBI3qmlYtcU5VnL/kSPY2Gda6
-eF3gDSAflymNhHmaEx6LZM6HWNtJdUjGrcivjynpIdo7DMfL3OTXV8vM0Ad4A55e
-x0020Cn/gXCShwIs9lUrmjUzX/DJ0Rc4vVzGVwIDAQABAoIBAQCOViGEE2KHWmeZ
-o0HA3EmeDP6o7YnSOXB+M06/hypkpwYlIbnP+HJrYHRygmCcmfV6Z2YnbpMQbGcB
-xMDfZpFYTuNvWK2d2oTIJut0MGdcdNE20F+as71xALkbV3AK1hEMf4ROrWcusiPS
-eDjAm/zHz0lN+6Eli3ApPLKeqzQ8EPQhCVkcj2+3WoiL/lE5ImSVN2fiW0tZff/D
-4T42teZWVihnrooovpZ+1/RiOc+rSMdStvIadr9TfUe0s74+3p2XmeKDd/0VgJI/
-G2Lr6AFy5YUahNKfh3XlHwnn9eizl3oUU0wzC4OrvSuXrzAQalF6T8ULHgC5+JuC
-IV+oE1fhAoGBAPCA8aS0lXOiwDUUpZB7fU/h1ZWVksvHs1TtoWooGcNxTqb3FbTE
-seVURBIsrA+qYoz2YGCqoTsbz8743wmoN10b85uoWIjh2ZKPMPMumeMHTMbo7MJ+
-m1bE+m1kQqioYvF86Dp39DjkvuAYDZEUA7SWOqLQ5XFuOgLC8e5jeDDJAoGBAMH8
-VuJRZ0HqmKnRTT9n2vh/0bRkpPx/Umi40qiPWxeVDXHUjJ3d1xlxint7cxjc1OKv
-0cBvRtz3fg0rgy+TA7BQ4oauQSgjiRzbuNmcrR3g4iAC9pZzp+8dJwZ6p1DwiWZU
-Eh1GvJh0obshRetBTvuWj/Mca0ahb3NeYhke1O4fAoGBAOBw9REoFXDcqVLf+cJj
-/AXYU2JNO7lAnHLdcI2I7sIds7DNVUxlYz8I7J2pYskb0OyL4FVV5zEqOzyDtGFm
-woP52dWhvT3AxzKmvp+zFZlw7o2SQaEgVgcbvDjqH+sVeYCzeGVYHGobzqWCzOZf
-LzYQHJhlKjo5C5oYI369BSVBAoGAb1II5h2C3Q/shd9nrhBCV8K6LARprcC/IPuX
-YEXMJ49QxNcNzvZknuRKbSxd05G+1UvCWeVBzEJ24sXqpZ1/S2pPZKyRFaC26Ymp
-3a+MpQ3NlkM9EP/UCmM3Zv9yDv/KSZ/LOWPDjNW5jjK89hFnavdvKjtP0JuJ4rHy
-J6pK1U8CgYEAjDKRReVFJLaWfj8dLskOg4eCMcUj1H1+ADeeXa0B9e75//24Dyrq
-kQRHYowCvEG+j71Fzw8AcC80VzEYMKU50lXOnCb3mHaCJhm2TOK0QYsm36jTVW2w
-mHreqJFXp12lURaL+esz01oaH49ZUzVeZVGmVyOzoSDYEOq9K7L/j14=
------END RSA PRIVATE KEY-----
-NOWDOC;
-
- // openssl req -key ca.key.pem -new -x509 -days 3650 -out ca.cert.pem
- private $ca_certificate = <<<'NOWDOC'
------BEGIN CERTIFICATE-----
-MIIDtjCCAp6gAwIBAgIJAII4rW68Q+IsMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxKTAnBgNVBAMMIEludGVybmV0IFdpZGdpdHMgUHR5IEx0
-ZCBSb290IENBMB4XDTE3MTAxMTIxMjIzOFoXDTI3MTAwOTIxMjIzOFowcDELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDEpMCcGA1UEAwwgSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
-THRkIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Pka6
-+cLloKDxuGrZjLiKyn+5e1FFYqFsHlpg/v/UPDDBDVku0GiwEADlIwPizgv3D9ts
-lVVUDOFz1yl7a8Ngt7V9pRmW87Mm/8m4f+7Hk1GSCbHaoGJzXMQS7Yq4JBG82C7i
-QBtZFLpvHFBYm6EnLlkmldENk55vy3wkCfosvqt8x9KvAY/YhNoraWuq/M5qiS0e
-Sy0ZU6DfKfkrXmUIpJIEjeqaVi1xTlWcv+RI9jYZ1rp4XeANIB+XKY2EeZoTHotk
-zodY20l1SMatyK+PKekh2jsMx8vc5NdXy8zQB3gDnl7HTTbQKf+BcJKHAiz2VSua
-NTNf8MnRFzi9XMZXAgMBAAGjUzBRMB0GA1UdDgQWBBQjqR1+FXBhfbKUUMfdjHp/
-9fMvPTAfBgNVHSMEGDAWgBQjqR1+FXBhfbKUUMfdjHp/9fMvPTAPBgNVHRMBAf8E
-BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAuUyMn7wz8RUAjW5cbOTvLejYmaPKf
-EzWMYhcRmCQcmqZJ3Sxy+VEBCZsHG+a5R0rXsQ1Iwrgpo7H4d5+CRS6rJcrKAKC+
-1Izaolodnfbz1sQlmHxwkSwDqdb4pWujw7L0YBfvsUc5FGoKfdPUoa6qL/eP1pVH
-0d9JC1ucX+0EmTX9a+3LH0t3evPP2yx53SjQiMoRf/ty7NwfIVxlqWyKFJnUYSF5
-c2jGmls/F+PBVeW51bfK00DpdXLgbgWmNDdePf2fPvpkADGfo/DxLZOTtiY6ngtO
-BdyrA5DmvSuL/Yfq03J9btXX4NnANQFVvfSbun7ts5F1qTkSe/vHCoke
------END CERTIFICATE-----
-NOWDOC;
-
- // openssl genrsa -out good.key.pem 2048
- private $good_private_key = <<<'NOWDOC'
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAqmNn4bt/jrMHgoWtwXLc2ok17BHh1O5ETbn9rK3KFjk3BXp5
-3aGveill+KbW7SgriGZSa1KBE2uaQy2mZpiBQqFrLcgKhtzaCNLyBvKOozQhn/XN
-6m2kN8EDZaGIGxtM/6ypUAnytscGo2bKzyHtOjYOPwEeALiq7+YrR1Bc2X05OyVu
-dV8Wju8QUCm7No85/TOjxD6SrWUXuEPJm0RiyVMeZhuKmtxm0kB2ZtQ0lKViOxaL
-iBRiW9TldY94NaHfgaZSpCmrikoiS4QJ4hTo4nEVpjx+1BDJIar3bfxH+vwuLlOo
-Zg3KI9BYcWm5n+XKwTxnhaBWM8MH3PtmLNbrRwIDAQABAoIBAQCWNpbRogwdkOXR
-AushPZNJMmgQW999aiVbZNooTvp3Ry+jq8seQjnCeBbG9MdMQvrGAHcu2Iikx1sz
-WF532oEybb5gmRf2t2OdHeNzjomDhiUSsZA82TZKVOYaxiKIyzPBv8Vwo6SP0Lyg
-d7HalC1hAWDj2KdLuYIxhvimoUmKDnPS80on0/vKxlevK/2er7nHCIIvHyCS0Q8G
-5AB9LN1bSJIBKm71yHNAUxrv6MUNaLvyCKGv6dea/6ED+gusmcsb4TG7y2nbLOq0
-CSx+YcNozrkAb21nJFKYWKmbMvHdtcBuU2dlgiUN3+rXSD45GlvDSPciqr8iCiUU
-DjHUp8khAoGBAN6aNWAqUhpxMJ0ozJBDPZKnkFml4IjsqXFk5Z2nHwThHonKpIV2
-KaXr4CYfsOQvddAPd9G+ziAaX5QcRBL/91tRGmJR8/kizPpTgxc3SwosJfIQnAkS
-0GNnpM65DyDkvEXGsA7bhD8FXBDFFgB2Jd0tbTh30wyjgXlyrrWTDYx3AoGBAMPz
-vZRQ/MdOY7DtFQ6Uz/GJ5xNojAE+9KYJskNBMAnQTkqUAqTQ8MNHvx1L9J9EhK1A
-rVyrgXvANuIFhCEVMMIrZYweNFe0/nPjBRRcc0rhHw66VZWI4j5Q3tgvl2gwy+LN
-zkvlTOexMu90V9idso+R76++mfK/LWVAf3e36duxAoGAKztX0m1ltKz2/A7Ia9wj
-QTA54K9OhEkyP0uRLKUgaRovjCNHAISKYicFSWIuQKLXBql6Y8nizmlQ1rsGnYoI
-yDtgHGg+McyIcrV1aDTc5gTc+b4wD7MPtb6TS3K1dXX2+rYzyy7m6DZqQveD5mML
-x4DjDWx4GKRIqQWU2L7OitECgYAdEXlcGS+GeXB8fI8VHKpEUIrA7E9ol+g/AU06
-gN8ZdZdHpPFHdd9heLE3LV9aiRWNhfyxtJd+viLmIJ9bMQOMqldkE877+9OLaXAF
-dzl7MC4lRysPBcFaMTD9rQGu6R41xQYHaDqiXD0MHJwzfCFS/vkpfwLjaczYKls+
-bT/54QKBgHsmjU3TqqFn5hTNTFcbwaRtuiSGSgX6Udgfmg2Vl+d0JsANgPd9X9s4
-KXyBC+biIPnDkQEQ6GW+r1VkTl9KBvxqdaertwpErUF2/JkGMmuYQ1Lvsw/gXpvr
-GcEpWSFVRCYKwN+P0FW0fgUaRAyFmoCIvQ3nGtJWH6I0KSS+76r0
------END RSA PRIVATE KEY-----
-NOWDOC;
-
- // openssl req -key good.key.pem -new -out good.csr.pem
- // openssl x509 \
- // -req \
- // -CA ca.cert.pem \
- // -CAkey ca.key.pem \
- // -CAcreateserial \
- // -days 3650 \
- // -in good.csr.pem \
- // -out good.cert.pem
- private $good_certificate = <<<'NOWDOC'
------BEGIN CERTIFICATE-----
-MIIDZTCCAk0CCQC+sxqJmyko6TANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMSkwJwYDVQQDDCBJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQgUm9v
-dCBDQTAeFw0xNzEwMTEyMTIzMTRaFw0yNzEwMDkyMTIzMTRaMHkxCzAJBgNVBAYT
-AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
-aXRzIFB0eSBMdGQxMjAwBgNVBAMMKUludGVybmV0IFdpZGdpdHMgUHR5IEx0ZCBU
-ZXN0IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qmNn4bt/jrMHgoWtwXLc2ok17BHh1O5ETbn9rK3KFjk3BXp53aGveill+KbW7Sgr
-iGZSa1KBE2uaQy2mZpiBQqFrLcgKhtzaCNLyBvKOozQhn/XN6m2kN8EDZaGIGxtM
-/6ypUAnytscGo2bKzyHtOjYOPwEeALiq7+YrR1Bc2X05OyVudV8Wju8QUCm7No85
-/TOjxD6SrWUXuEPJm0RiyVMeZhuKmtxm0kB2ZtQ0lKViOxaLiBRiW9TldY94NaHf
-gaZSpCmrikoiS4QJ4hTo4nEVpjx+1BDJIar3bfxH+vwuLlOoZg3KI9BYcWm5n+XK
-wTxnhaBWM8MH3PtmLNbrRwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAyWgO1+gyu
-3ao9Om0/TaAgJzsb2dnrb91P4eLo285bPToOGekaJyP5up6xP6DsOnvPCkXIglld
-PR8LyCWjHhIFL7bZod7cmXvBhedX7yxP9nwDwOvz9e9M117cVXfUQqZVktLiDxmg
-FxNHi6lMlYtvvnHnjnjYtA2w7c0u0SBeqhXfctZxrzqP97BzUAQkk75ElDJM6lNw
-FTVvRw8z7um+jeruCa6FcUVBxkKcUNvo3p6C2m+bntkqmMZji1YZ7j0kC/tnjr95
-hQc0xnrLQ255SjMn+nQtMkVSuKwAUqaAP1ByyiVbN1cBlHnMiJCjvBI58bSTdlVK
-0ZppWlc39T6m
------END CERTIFICATE-----
-NOWDOC;
-
- const ROOTDIRNAME = 'testdir';
- const DEFAULTCERTDIR = 'certdir';
- const CA_PRIVATE_KEY = 'ca.key.pem';
- const CA_CERTIFICATE = 'ca.cert.pem';
- const GOOD_PRIVATE_KEY = 'good.key.pem';
- const GOOD_CERTIFICATE = 'good.cert.pem';
-
- public function setUp()
- {
- $this->root = vfsStream::setup(
- self::ROOTDIRNAME,
- null,
- [
- self::DEFAULTCERTDIR => [
- self::CA_PRIVATE_KEY => $this->ca_private_key,
- self::CA_CERTIFICATE => $this->ca_certificate,
- self::GOOD_PRIVATE_KEY => $this->good_private_key,
- self::GOOD_CERTIFICATE => $this->good_certificate,
- ],
- ]
- );
- $this->root_directory = vfsStream::url(self::ROOTDIRNAME);
-
- $this->certdir = $this->root_directory.DIRECTORY_SEPARATOR.self::DEFAULTCERTDIR;
- $this->ca_private_key_file = $this->certdir.DIRECTORY_SEPARATOR.self::CA_PRIVATE_KEY;
- $this->ca_certificate_file = $this->certdir.DIRECTORY_SEPARATOR.self::CA_CERTIFICATE;
- $this->good_private_key_file = $this->certdir.DIRECTORY_SEPARATOR.self::GOOD_PRIVATE_KEY;
- $this->good_certificate_file = $this->certdir.DIRECTORY_SEPARATOR.self::GOOD_CERTIFICATE;
-
- $this->config = Configuration::loadFromArray([
- 'certdir' => $this->certdir,
- ], '[ARRAY]', 'simplesaml');
- }
-
- public function tearDown()
- {
- $this->clearInstance($this->config, '\SimpleSAML\Configuration', []);
- }
-
public function testValidatorMissingSignature()
{
$doc = new \DOMDocument();
@@ -356,13 +198,4 @@ NOWDOC;
$this->setExpectedException('\Exception');
Validator::validateCertificate($this->good_certificate, $ca_file);
}
-
- protected function clearInstance($service, $className, $value = null)
- {
- $reflectedClass = new \ReflectionClass($className);
- $reflectedInstance = $reflectedClass->getProperty('instance');
- $reflectedInstance->setAccessible(true);
- $reflectedInstance->setValue($service, $value);
- $reflectedInstance->setAccessible(false);
- }
}
diff --git a/tests/modules/metarefresh/lib/MetaLoaderTest.php b/tests/modules/metarefresh/lib/MetaLoaderTest.php
index c0cfe5b682d7e44a0c47352b4f2f3a54127f4a1f..d70d415f27cca0a49bc06dded5ae463f3488698e 100644
--- a/tests/modules/metarefresh/lib/MetaLoaderTest.php
+++ b/tests/modules/metarefresh/lib/MetaLoaderTest.php
@@ -3,6 +3,7 @@
namespace SimpleSAML\Test\Module\metarefresh;
use PHPUnit\Framework\TestCase;
+use RobRichards\XMLSecLibs\XMLSecurityDSig;
use \SimpleSAML\Configuration;
class MetaLoaderTest extends TestCase
@@ -83,9 +84,31 @@ class MetaLoaderTest extends TestCase
);
}
- public function testSignatureVerificationFingerprintPass()
+ public function testSignatureVerificationFingerprintDefaultsToSHA1()
{
- $this->metaloader->loadSource(array_merge($this->source, [ 'validateFingerprint' => '85:11:00:FF:34:55:BC:20:C0:20:5D:46:9B:2F:23:8F:41:09:68:F2' ]));
+ $this->metaloader->loadSource(
+ array_merge(
+ $this->source,
+ [
+ 'validateFingerprint' => '85:11:00:FF:34:55:BC:20:C0:20:5D:46:9B:2F:23:8F:41:09:68:F2',
+ ]
+ )
+ );
+ $this->metaloader->dumpMetadataStdOut();
+ $this->expectOutputRegex('/UTEbMBkGA1UECgwSRXhhbXBsZSBVbml2ZXJzaXR5MRgwFgYDVQQDDA9pZHAuZXhh/');
+ }
+
+ public function testSignatureVerificationFingerprintSHA256()
+ {
+ $this->metaloader->loadSource(
+ array_merge(
+ $this->source,
+ [
+ 'validateFingerprint' => '36:64:49:4E:F4:4C:59:9F:5B:8F:FE:75:7E:B2:0C:1A:3A:27:AD:AF:11:B0:6D:EC:DF:38:B6:66:C8:C4:C6:84',
+ 'validateFingerprintAlgorithm' => XMLSecurityDSig::SHA256,
+ ]
+ )
+ );
$this->metaloader->dumpMetadataStdOut();
$this->expectOutputRegex('/UTEbMBkGA1UECgwSRXhhbXBsZSBVbml2ZXJzaXR5MRgwFgYDVQQDDA9pZHAuZXhh/');
}
diff --git a/www/authmemcookie.php b/www/authmemcookie.php
deleted file mode 100644
index 9825c62f54bc6ed9032b981eb43ae0882f989af9..0000000000000000000000000000000000000000
--- a/www/authmemcookie.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php
-
-/**
- * This file implements an script which can be used to authenticate users with Auth MemCookie.
- * See: http://authmemcookie.sourceforge.net/
- *
- * The configuration for this script is stored in config/authmemcookie.php.
- *
- * The file extra/auth_memcookie.conf contains an example of how Auth Memcookie can be configured
- * to use SimpleSAMLphp.
- *
- * @deprecated This file has been deprecated and will be removed in SSP 2.0. Use the memcookie module instead.
- */
-
-require_once('_include.php');
-
-try {
- // load SimpleSAMLphp configuration
- $globalConfig = \SimpleSAML\Configuration::getInstance();
-
- // check if this module is enabled
- if (!$globalConfig->getBoolean('enable.authmemcookie', false)) {
- throw new \SimpleSAML\Error\Error('NOACCESS');
- }
-
- // load Auth MemCookie configuration
- $amc = \SimpleSAML\AuthMemCookie::getInstance();
-
- $sourceId = $amc->getAuthSource();
- $s = new \SimpleSAML\Auth\Simple($sourceId);
-
- // check if the user is authorized. We attempt to authenticate the user if not
- $s->requireAuth();
-
- // generate session id and save it in a cookie
- $sessionID = \SimpleSAML\Utils\Random::generateID();
- $cookieName = $amc->getCookieName();
- \SimpleSAML\Utils\HTTP::setCookie($cookieName, $sessionID);
-
- // generate the authentication information
- $attributes = $s->getAttributes();
-
- $authData = [];
-
- // username
- $usernameAttr = $amc->getUsernameAttr();
- if (!array_key_exists($usernameAttr, $attributes)) {
- throw new \Exception(
- "The user doesn't have an attribute named '".$usernameAttr.
- "'. This attribute is expected to contain the username."
- );
- }
- $authData['UserName'] = $attributes[$usernameAttr];
-
- // groups
- $groupsAttr = $amc->getGroupsAttr();
- if ($groupsAttr !== null) {
- if (!array_key_exists($groupsAttr, $attributes)) {
- throw new \Exception(
- "The user doesn't have an attribute named '".$groupsAttr.
- "'. This attribute is expected to contain the groups the user is a member of."
- );
- }
- $authData['Groups'] = $attributes[$groupsAttr];
- } else {
- $authData['Groups'] = [];
- }
-
- $authData['RemoteIP'] = $_SERVER['REMOTE_ADDR'];
-
- foreach ($attributes as $n => $v) {
- $authData['ATTR_'.$n] = $v;
- }
-
- // store the authentication data in the memcache server
- $data = '';
- foreach ($authData as $name => $values) {
- if (is_array($values)) {
- foreach ($values as $i => $value) {
- if (!is_a($value, 'DOMNodeList')) {
- continue;
- }
- /* @var \DOMNodeList $value */
- if ($value->length === 0) {
- continue;
- }
- $values[$i] = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
- }
- $values = implode(':', $values);
- }
- $data .= $name.'='.$values."\r\n";
- }
-
- $memcache = $amc->getMemcache();
- $expirationTime = $s->getAuthData('Expire');
- $memcache->set($sessionID, $data, 0, $expirationTime);
-
- // register logout handler
- $session = \SimpleSAML\Session::getSessionFromRequest();
- $session->registerLogoutHandler($sourceId, '\SimpleSAML\AuthMemCookie', 'logoutHandler');
-
- // redirect the user back to this page to signal that the login is completed
- \SimpleSAML\Utils\HTTP::redirectTrustedURL(\SimpleSAML\Utils\HTTP::getSelfURL());
-} catch (\Exception $e) {
- throw new \SimpleSAML\Error\Error('CONFIG', $e);
-}