Do not use internal methods directly

654ae954 · Tim van Dijen · e0b7c462 · 654ae954 · 654ae954 · 654ae954
Commit 654ae954 authored 3 years ago by Tim van Dijen
--- a/modules/admin/lib/Controller/Federation.php
+++ b/modules/admin/lib/Controller/Federation.php
@@ -466,11 +466,11 @@ class Federation
    {
        $this->authUtils->requireAdmin();

-        $set = $request->get('set');
-        $prefix = $request->get('prefix', '');
+        $set = $request->query->get('set');
+        $prefix = $request->query->get('prefix', '');

        if ($set === 'saml20-sp-hosted') {
-            $sourceID = $request->get('source');
+            $sourceID = $request->query->get('source');
            /**
             * The second argument ensures non-nullable return-value
             * @var \SimpleSAML\Module\saml\Auth\Source\SP $source
@@ -478,7 +478,7 @@ class Federation
            $source = $this->authSource::getById($sourceID, Module\saml\Auth\Source\SP::class);
            $mdconfig = $source->getMetadata();
        } else {
-            $entityID = $request->get('entity');
+            $entityID = $request->query->get('entity');
            $mdconfig = $this->mdHandler->getMetaDataConfig($entityID, $set);
        }

@@ -509,8 +509,8 @@ class Federation
    {
        $this->authUtils->requireAdmin();

-        $entityId = $request->get('entityid');
-        $set = $request->get('set');
+        $entityId = $request->query->get('entityid');
+        $set = $request->query->get('set');

        $metadata = $this->mdHandler->getMetaData($entityId, $set);


--- a/modules/core/lib/Controller/Exception.php
+++ b/modules/core/lib/Controller/Exception.php
@@ -60,7 +60,7 @@ class Exception
     */
    public function cardinality(Request $request): Response
    {
-        $stateId = $request->get('StateId', false);
+        $stateId = $request->query->get('StateId', false);
        if ($stateId === false) {
            throw new Error\BadRequest('Missing required StateId query parameter.');
        }
@@ -95,7 +95,7 @@ class Exception
     */
    public function nocookie(Request $request): Response
    {
-        $retryURL = $request->get('retryURL', null);
+        $retryURL = $request->query->get('retryURL', null);
        if ($retryURL !== null) {
            $httpUtils = new Utils\HTTP();
            $retryURL = $httpUtils->checkURLAllowed(strval($retryURL));
@@ -121,7 +121,7 @@ class Exception
     */
    public function shortSsoInterval(Request $request): Response
    {
-        $stateId = $request->get('StateId', false);
+        $stateId = $request->query->get('StateId', false);
        if ($stateId === false) {
            throw new Error\BadRequest('Missing required StateId query parameter.');
        }
@@ -129,7 +129,7 @@ class Exception
        /** @var array $state */
        $state = Auth\State::loadState($stateId, 'core:short_sso_interval');

-        $continue = $request->get('continue', false);
+        $continue = $request->query->get('continue', false);
        if ($continue !== false) {
            // The user has pressed the continue/retry-button
            Auth\ProcessingChain::resumeProcessing($state);

--- a/modules/core/lib/Controller/Login.php
+++ b/modules/core/lib/Controller/Login.php
@@ -168,7 +168,7 @@ class Login
        $auth = $this->factory->create($as);
        $as = urlencode($as);

-        if ($request->get(Auth\State::EXCEPTION_PARAM, false) !== false) {
+        if ($request->request->get(Auth\State::EXCEPTION_PARAM, false) !== false) {
            // This is just a simple example of an error

            /** @var array $state */
@@ -236,7 +236,7 @@ class Login
        }

        // Find where we should go now.
-        $returnTo = $request->get('ReturnTo', false);
+        $returnTo = $request->request->get('ReturnTo', false);
        if ($returnTo !== false) {
            $returnTo = $httpUtils->checkURLAllowed($returnTo);
        } else {

--- a/modules/core/lib/Controller/Redirection.php
+++ b/modules/core/lib/Controller/Redirection.php
@@ -65,8 +65,8 @@ class Redirection
     */
    public function postredirect(Request $request): Response
    {
-        $redirId = $request->get('RedirId', false);
-        $redirInfo = $request->get('RedirInfo', false);
+        $redirId = $request->request->get('RedirId', false);
+        $redirInfo = $request->request->get('RedirInfo', false);
        if ($redirId !== false) {
            $postId = $redirId;
        } elseif ($redirInfo !== false) {

--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -204,7 +204,7 @@ class External extends Auth\Source
         * match the string we used in the saveState-call above.
         */
        /** @var array $state */
-        $state = Auth\State::loadState($request->get('State'), 'exampleauth:External');
+        $state = Auth\State::loadState($request->query->get('State'), 'exampleauth:External');

        /*
         * Now we have the $state-array, and can use it to locate the authentication

--- a/modules/exampleauth/lib/Controller/ExampleAuth.php
+++ b/modules/exampleauth/lib/Controller/ExampleAuth.php
@@ -88,7 +88,7 @@ class ExampleAuth
         * Note that we don't actually validate the user in this example. This page
         * just serves to make the example work out of the box.
         */
-        $returnTo = $request->get('ReturnTo');
+        $returnTo = $request->request->get('ReturnTo');
        if ($returnTo === null) {
            throw new Error\Exception('Missing ReturnTo parameter.');
        }
@@ -137,8 +137,8 @@ class ExampleAuth
        // time to handle login responses; since this is a dummy example, we accept any data
        $badUserPass = false;
        if ($request->getMethod() === 'POST') {
-            $username = $request->get('username');
-            $password = $request->get('password');
+            $username = $request->request->get('username');
+            $password = $request->request->get('password');

            if (!isset($users[$username]) || $users[$username]['password'] !== $password) {
                $badUserPass = true;
@@ -180,7 +180,7 @@ class ExampleAuth
        /**
         * Request handler for redirect filter test.
         */
-        $stateId = $request->get('StateId');
+        $stateId = $request->query->get('StateId');
        if ($stateId === null) {
            throw new Error\BadRequest('Missing required StateId query parameter.');
        }

--- a/modules/multiauth/lib/Controller/DiscoController.php
+++ b/modules/multiauth/lib/Controller/DiscoController.php
@@ -98,7 +98,7 @@ class DiscoController
    public function discovery(Request $request)
    {
        // Retrieve the authentication state
-        $authStateId = $request->get('AuthState', null);
+        $authStateId = $request->query->get('AuthState', null);
        if (is_null($authStateId)) {
            throw new Error\BadRequest('Missing AuthState parameter.');
        }
@@ -114,7 +114,7 @@ class DiscoController
            $as = Auth\Source::getById($authId);
        }

-        $source = $request->get('source', null);
+        $source = $request->query->get('source', null);

        if ($source !== null) {
            if ($as !== null) {

--- a/tests/modules/exampleauth/lib/Controller/ExampleAuthTest.php
+++ b/tests/modules/exampleauth/lib/Controller/ExampleAuthTest.php
@@ -58,7 +58,7 @@ class ExampleAuthTest extends TestCase
    {
        $request = Request::create(
            '/authpage',
-            'GET',
+            'POST',
            ['NoReturnTo' => 'Limbo'],
        );

@@ -80,7 +80,7 @@ class ExampleAuthTest extends TestCase
    {
        $request = Request::create(
            '/authpage',
-            'GET',
+            'POST',
            ['ReturnTo' => 'SomeBogusValue'],
        );

@@ -102,7 +102,7 @@ class ExampleAuthTest extends TestCase
    {
        $request = Request::create(
            '/authpage',
-            'GET',
+            'POST',
            ['ReturnTo' => 'State=/'],
        );