From 654ae95421322c36d0c491f8f1bd80c353c60553 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sat, 8 Jan 2022 22:19:15 +0100
Subject: [PATCH] Do not use internal methods directly
---
modules/admin/lib/Controller/Federation.php | 12 ++++++------
modules/core/lib/Controller/Exception.php | 8 ++++----
modules/core/lib/Controller/Login.php | 4 ++--
modules/core/lib/Controller/Redirection.php | 4 ++--
modules/exampleauth/lib/Auth/Source/External.php | 2 +-
modules/exampleauth/lib/Controller/ExampleAuth.php | 8 ++++----
modules/multiauth/lib/Controller/DiscoController.php | 4 ++--
.../exampleauth/lib/Controller/ExampleAuthTest.php | 6 +++---
8 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/modules/admin/lib/Controller/Federation.php b/modules/admin/lib/Controller/Federation.php
index d278b71a7..9d913d9ba 100644
--- a/modules/admin/lib/Controller/Federation.php
+++ b/modules/admin/lib/Controller/Federation.php
@@ -466,11 +466,11 @@ class Federation
{
$this->authUtils->requireAdmin();
- $set = $request->get('set');
- $prefix = $request->get('prefix', '');
+ $set = $request->query->get('set');
+ $prefix = $request->query->get('prefix', '');
if ($set === 'saml20-sp-hosted') {
- $sourceID = $request->get('source');
+ $sourceID = $request->query->get('source');
/**
* The second argument ensures non-nullable return-value
* @var \SimpleSAML\Module\saml\Auth\Source\SP $source
@@ -478,7 +478,7 @@ class Federation
$source = $this->authSource::getById($sourceID, Module\saml\Auth\Source\SP::class);
$mdconfig = $source->getMetadata();
} else {
- $entityID = $request->get('entity');
+ $entityID = $request->query->get('entity');
$mdconfig = $this->mdHandler->getMetaDataConfig($entityID, $set);
}
@@ -509,8 +509,8 @@ class Federation
{
$this->authUtils->requireAdmin();
- $entityId = $request->get('entityid');
- $set = $request->get('set');
+ $entityId = $request->query->get('entityid');
+ $set = $request->query->get('set');
$metadata = $this->mdHandler->getMetaData($entityId, $set);
diff --git a/modules/core/lib/Controller/Exception.php b/modules/core/lib/Controller/Exception.php
index 2b0e5e95b..b5a758c39 100644
--- a/modules/core/lib/Controller/Exception.php
+++ b/modules/core/lib/Controller/Exception.php
@@ -60,7 +60,7 @@ class Exception
*/
public function cardinality(Request $request): Response
{
- $stateId = $request->get('StateId', false);
+ $stateId = $request->query->get('StateId', false);
if ($stateId === false) {
throw new Error\BadRequest('Missing required StateId query parameter.');
}
@@ -95,7 +95,7 @@ class Exception
*/
public function nocookie(Request $request): Response
{
- $retryURL = $request->get('retryURL', null);
+ $retryURL = $request->query->get('retryURL', null);
if ($retryURL !== null) {
$httpUtils = new Utils\HTTP();
$retryURL = $httpUtils->checkURLAllowed(strval($retryURL));
@@ -121,7 +121,7 @@ class Exception
*/
public function shortSsoInterval(Request $request): Response
{
- $stateId = $request->get('StateId', false);
+ $stateId = $request->query->get('StateId', false);
if ($stateId === false) {
throw new Error\BadRequest('Missing required StateId query parameter.');
}
@@ -129,7 +129,7 @@ class Exception
/** @var array $state */
$state = Auth\State::loadState($stateId, 'core:short_sso_interval');
- $continue = $request->get('continue', false);
+ $continue = $request->query->get('continue', false);
if ($continue !== false) {
// The user has pressed the continue/retry-button
Auth\ProcessingChain::resumeProcessing($state);
diff --git a/modules/core/lib/Controller/Login.php b/modules/core/lib/Controller/Login.php
index db4f724b7..84adca0d2 100644
--- a/modules/core/lib/Controller/Login.php
+++ b/modules/core/lib/Controller/Login.php
@@ -168,7 +168,7 @@ class Login
$auth = $this->factory->create($as);
$as = urlencode($as);
- if ($request->get(Auth\State::EXCEPTION_PARAM, false) !== false) {
+ if ($request->request->get(Auth\State::EXCEPTION_PARAM, false) !== false) {
// This is just a simple example of an error
/** @var array $state */
@@ -236,7 +236,7 @@ class Login
}
// Find where we should go now.
- $returnTo = $request->get('ReturnTo', false);
+ $returnTo = $request->request->get('ReturnTo', false);
if ($returnTo !== false) {
$returnTo = $httpUtils->checkURLAllowed($returnTo);
} else {
diff --git a/modules/core/lib/Controller/Redirection.php b/modules/core/lib/Controller/Redirection.php
index d0947029b..70d9b0c32 100644
--- a/modules/core/lib/Controller/Redirection.php
+++ b/modules/core/lib/Controller/Redirection.php
@@ -65,8 +65,8 @@ class Redirection
*/
public function postredirect(Request $request): Response
{
- $redirId = $request->get('RedirId', false);
- $redirInfo = $request->get('RedirInfo', false);
+ $redirId = $request->request->get('RedirId', false);
+ $redirInfo = $request->request->get('RedirInfo', false);
if ($redirId !== false) {
$postId = $redirId;
} elseif ($redirInfo !== false) {
diff --git a/modules/exampleauth/lib/Auth/Source/External.php b/modules/exampleauth/lib/Auth/Source/External.php
index d369fc713..6e7d5166f 100644
--- a/modules/exampleauth/lib/Auth/Source/External.php
+++ b/modules/exampleauth/lib/Auth/Source/External.php
@@ -204,7 +204,7 @@ class External extends Auth\Source
* match the string we used in the saveState-call above.
*/
/** @var array $state */
- $state = Auth\State::loadState($request->get('State'), 'exampleauth:External');
+ $state = Auth\State::loadState($request->query->get('State'), 'exampleauth:External');
/*
* Now we have the $state-array, and can use it to locate the authentication
diff --git a/modules/exampleauth/lib/Controller/ExampleAuth.php b/modules/exampleauth/lib/Controller/ExampleAuth.php
index 0072a1a66..aed747526 100644
--- a/modules/exampleauth/lib/Controller/ExampleAuth.php
+++ b/modules/exampleauth/lib/Controller/ExampleAuth.php
@@ -88,7 +88,7 @@ class ExampleAuth
* Note that we don't actually validate the user in this example. This page
* just serves to make the example work out of the box.
*/
- $returnTo = $request->get('ReturnTo');
+ $returnTo = $request->request->get('ReturnTo');
if ($returnTo === null) {
throw new Error\Exception('Missing ReturnTo parameter.');
}
@@ -137,8 +137,8 @@ class ExampleAuth
// time to handle login responses; since this is a dummy example, we accept any data
$badUserPass = false;
if ($request->getMethod() === 'POST') {
- $username = $request->get('username');
- $password = $request->get('password');
+ $username = $request->request->get('username');
+ $password = $request->request->get('password');
if (!isset($users[$username]) || $users[$username]['password'] !== $password) {
$badUserPass = true;
@@ -180,7 +180,7 @@ class ExampleAuth
/**
* Request handler for redirect filter test.
*/
- $stateId = $request->get('StateId');
+ $stateId = $request->query->get('StateId');
if ($stateId === null) {
throw new Error\BadRequest('Missing required StateId query parameter.');
}
diff --git a/modules/multiauth/lib/Controller/DiscoController.php b/modules/multiauth/lib/Controller/DiscoController.php
index a79ce2ff9..6f0694ae0 100644
--- a/modules/multiauth/lib/Controller/DiscoController.php
+++ b/modules/multiauth/lib/Controller/DiscoController.php
@@ -98,7 +98,7 @@ class DiscoController
public function discovery(Request $request)
{
// Retrieve the authentication state
- $authStateId = $request->get('AuthState', null);
+ $authStateId = $request->query->get('AuthState', null);
if (is_null($authStateId)) {
throw new Error\BadRequest('Missing AuthState parameter.');
}
@@ -114,7 +114,7 @@ class DiscoController
$as = Auth\Source::getById($authId);
}
- $source = $request->get('source', null);
+ $source = $request->query->get('source', null);
if ($source !== null) {
if ($as !== null) {
diff --git a/tests/modules/exampleauth/lib/Controller/ExampleAuthTest.php b/tests/modules/exampleauth/lib/Controller/ExampleAuthTest.php
index 53fd690fe..ad1ba0b89 100644
--- a/tests/modules/exampleauth/lib/Controller/ExampleAuthTest.php
+++ b/tests/modules/exampleauth/lib/Controller/ExampleAuthTest.php
@@ -58,7 +58,7 @@ class ExampleAuthTest extends TestCase
{
$request = Request::create(
'/authpage',
- 'GET',
+ 'POST',
['NoReturnTo' => 'Limbo'],
);
@@ -80,7 +80,7 @@ class ExampleAuthTest extends TestCase
{
$request = Request::create(
'/authpage',
- 'GET',
+ 'POST',
['ReturnTo' => 'SomeBogusValue'],
);
@@ -102,7 +102,7 @@ class ExampleAuthTest extends TestCase
{
$request = Request::create(
'/authpage',
- 'GET',
+ 'POST',
['ReturnTo' => 'State=/'],
);
--
GitLab