From 6be9c66872bc0b89964fa7292eb6b6ab36c1a81f Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Wed, 21 Jan 2015 11:24:36 +0100
Subject: [PATCH] Extract the papi module out to its own repository. This
closes #156.
---
docs/simplesamlphp-idp.txt | 2 +-
modules/papi/default-disable | 0
modules/papi/docs/papi.txt | 43 ------
modules/papi/lib/Auth/Source/PAPI.php | 185 --------------------------
4 files changed, 1 insertion(+), 229 deletions(-)
delete mode 100644 modules/papi/default-disable
delete mode 100644 modules/papi/docs/papi.txt
delete mode 100644 modules/papi/lib/Auth/Source/PAPI.php
diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index 47f5e5188..5157ab49d 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -76,7 +76,7 @@ The next step is to configure the way users authenticate on your IdP. Various mo
[`authtwitter:Twitter`](./authtwitter:oauthtwitter)
: Authenticate with your Twitter account using the Twitter OAuth API.
-[`papi:PAPI`](./papi:papi)
+[`papi:PAPI`](https://github.com/rediris-es/simplesamlphp-module-papi/blog/master/README.md)
: Authenticate by means of the PAPI protocol.
In this guide, we will use the `exampleauth:UserPass` authentication module. This module does not have any dependencies, and is therefore simple to set up.
diff --git a/modules/papi/default-disable b/modules/papi/default-disable
deleted file mode 100644
index e69de29bb..000000000
diff --git a/modules/papi/docs/papi.txt b/modules/papi/docs/papi.txt
deleted file mode 100644
index 2180206bc..000000000
--- a/modules/papi/docs/papi.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-PAPI module
-===========
-
-The PAPI module provides a single authentication module:
-
-`papi:PAPI`
-: Authenticate using the PAPI protocol.
-
-This authentication module makes use of an external library, phpPoA, in order to
-authenticate users by means of the PAPI protocol. It can therefore
-be used to bridge between protocols, behaving like a PAPI `Point of Access` or
-Service Provider.
-
-To use this module, enable it by creating a file named `enable` in the
-`modules/papi/` directory. Then you need to add an authentication source which
-makes use of the `papi:PAPI` module to the `config/authsources.php` file:
-
- 'example-papi' => array(
- 'papi:PAPI',
-
- /*
- * The site identifier that allows the module to determine which
- * configuration of the phpPoA to use.
- */
- 'site' => 'example',
-
- /*
- * The Home Locator Identifier. Use this if your phpPoA configuration
- * points to a GPoA instead of an Authentication Server (AS), and you
- * want to skip the identity provider selection page, by directly
- * selecting one here.
- */
- 'hli' => 'exampleAS',
- ),
-
-User attributes
----------------
-
-If user attributes were received upon succesful authentication, then their exact
-names and values will be transferred into the $state['Attributes'] array. Please
-note that attribute name mapping could be needed. There's no support for asking
-specific attributes during PAPI authentication. Attributes released to a Service
-Provider must be agreed and configured on beforehand.
\ No newline at end of file
diff --git a/modules/papi/lib/Auth/Source/PAPI.php b/modules/papi/lib/Auth/Source/PAPI.php
deleted file mode 100644
index 37ea144b6..000000000
--- a/modules/papi/lib/Auth/Source/PAPI.php
+++ /dev/null
@@ -1,185 +0,0 @@
-<?php
-
-/**
- * Authenticate using PAPI protocol.
- *
- * @author Jaime Perez, RedIRIS
- * @package simpleSAMLphp
- */
-include("poa2/PoA.php");
-
-class sspmod_papi_Auth_Source_PAPI extends SimpleSAML_Auth_Source {
-
- /**
- * The string used to identify our states.
- */
- const STAGE_INIT = 'sspmod_papi_Auth_Source_PAPI.state';
-
- /**
- * The key of the AuthId field in the state.
- */
- const AUTHID = 'sspmod_papi_Auth_Source_PAPI.AuthId';
-
- /**
- * @var the PoA to use.
- */
- private $_poa;
-
- /**
- * @var the home locator interface to use.
- */
- private $_hli;
-
- /**
- * @var the PAPIOPOA to use.
- */
- private $_papiopoa;
-
- /**
- * @var the attributes of the user.
- */
- private $_attrs;
-
- /**
- * @var the state ID to retrieve the original request later.
- */
- private $_stateId;
-
- /**
- * Constructor for this authentication source.
- *
- * @param array $info Information about this authentication source.
- * @param array $config Configuration.
- */
- public function __construct($info, $config) {
- assert('is_array($info)');
- assert('is_array($config)');
-
- /* Call the parent constructor first, as required by the interface. */
- parent::__construct($info, $config);
-
- if (!array_key_exists('site', $config)) {
- throw new Exception('PAPI authentication source is not properly configured: missing [site]');
- }
- $this->_poa = new PoA($config['site']);
-
- if (array_key_exists('hli', $config)) {
- $this->_hli = $config['hli'];
- }
-
- }
-
- /**
- * Hook that will set Home Locator Identifier, PAPIOPOA and/or State ID.
- *
- * @param The PAPI request parameters that will be modified/extended.
- */
- public function modifyParams(&$params) {
- if (!empty($this->_hli)) {
- $params['PAPIHLI'] = $this->_hli;
- }
- if (!empty($this->_papiopoa)) {
- $params['PAPIOPOA'] = $this->_papiopoa;
- }
- $params['URL'] = $params['URL'].urlencode("&SSPStateID=".$this->_stateId);
- return false;
- }
-
- /**
- * Parse the attribute array in a format suitable for SSP.
- *
- * @param the original attribute array.
- */
- protected function parseAttributes($attrs) {
- assert('is_array($attrs)');
-
- foreach ($attrs as $name => $value) {
- if (!is_array($value)) {
- $attrs[$name] = array($value);
- }
- }
- return $attrs;
- }
-
- /**
- * Log-in using PAPI
- *
- * @param array &$state Information about the current authentication.
- */
- public function authenticate(&$state) {
- assert('is_array($state)');
- $this->_papiopoa = $state['SPMetadata']['entityid'];
-
- // check if we are returning back from PAPI authentication
- if (isset($_REQUEST['SSPStateID'])) {
- // yes! restore original request
- $this->_stateId = (string)$_REQUEST['SSPStateID'];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- $state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
- } else if (!$this->_poa->isAuthenticated()) {
- // no! we have to save the request
-
- /* We are will need the authId in order to retrieve this authentication source later. */
- $state[self::AUTHID] = $this->authId;
- $this->_stateId = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
-
- $this->_poa->addHook("PAPI_REDIRECT_URL_FINISH", new Hook(array($this, "modifyParams")));
- }
-
- $this->_poa->authenticate();
- $this->_attrs = $this->_poa->getAttributes();
- $state['Attributes'] = $this->parseAttributes($this->_attrs);
- self::completeAuth($state);
- }
-
- /**
- * Log out from this authentication source.
- *
- * This function should be overridden if the authentication source requires special
- * steps to complete a logout operation.
- *
- * If the logout process requires a redirect, the state should be saved. Once the
- * logout operation is completed, the state should be restored, and completeLogout
- * should be called with the state. If this operation can be completed without
- * showing the user a page, or redirecting, this function should return.
- *
- * @param array &$state Information about the current logout operation.
- */
- public function logout(&$state) {
- assert('is_array($state)');
-
- // check first if we have a valid session
- if ($this->_poa->isAuthenticated()) {
- /* We are will need the authId in order to retrieve this authentication source later. */
- $state[self::AUTHID] = $this->authId;
- $this->_stateId = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
-
- // TODO: pending on phpPoA adding PAPI_SLO_REDIRECT_URL_FINISH hook
- $this->_poa->addHook("PAPI_SLO_REDIRECT_URL_FINISH", new Hook(array($this, "modifyParams")));
-
- // perform single logout, this won't return
- $this->_poa->logout(true);
- } else if (isset($_REQUEST['SSPStateID'])) {
- $this->_stateId = (string)$_REQUEST['SSPStateID'];
-
- // sanitize the input
- $sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
- if (!is_null($sid['url'])) {
- SimpleSAML_Utilities::checkURLAllowed($sid['url']);
- }
-
- $state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
- } else {
- return;
- }
-
- self::completeLogout($state);
- }
-
-}
--
GitLab