diff --git a/docs/simplesamlphp-changelog.txt b/docs/simplesamlphp-changelog.txt
index cfd4219b13889cdfeeb96d44e1a9109b1ed5e7dc..6bed871d8d6f9d57cb51a99113092c38385c240c 100644
--- a/docs/simplesamlphp-changelog.txt
+++ b/docs/simplesamlphp-changelog.txt
@@ -68,10 +68,6 @@ Released TBD
* Added an authentication processing filter to warn about certificate expiration.
-### `core`
-
- * The PHP authentication processing filter now accepts a new option called `function` to define an anonymous function.
-
### `ldap`
* Added a new `port` configuration option.
diff --git a/modules/core/docs/authproc_php.txt b/modules/core/docs/authproc_php.txt
index 9e0b7bc7153a5dddd29e1b3835a48855b9205f4b..66968eda1a7b9853c2a3b9eafacb784cd7e0d79b 100644
--- a/modules/core/docs/authproc_php.txt
+++ b/modules/core/docs/authproc_php.txt
@@ -10,13 +10,9 @@ Parameters
: This is the name of the filter.
It must be `'core:PHP'`.
-`function`
-: The PHP function that should be run, defined as an anonymous function with one parameter called `$attributes`.
- This is an associative array with the user's attributes, and can be modified to add or remove them.
-
`code`
-: **Deprecated**
- If you are using this option, please migrate your code to an anonymous function defined in the `function` option.
+: The PHP code that should be run. This code will have only one variable available: `$attributes`.
+ This is an associative array of attributes, and can be modified to add or remove attributes.
Examples
--------
@@ -25,15 +21,15 @@ Add the `mail` attribute based on the user's `uid` attribute:
10 => array(
'class' => 'core:PHP',
- 'function' => function (&$attributes) {
- if (empty($attributes['uid'])) {
- throw new Exception('Missing uid attribute.');
+ 'code' => '
+ if (empty($attributes["uid"])) {
+ throw new Exception("Missing uid attribute.");
}
- $uid = $attributes['uid'][0];
- $mail = $uid.'@example.net';
- $attributes['mail'] = array($mail);
- },
+ $uid = $attributes["uid"][0];
+ $mail = $uid . "@example.net";
+ $attributes["mail"] = array($mail);
+ ',
),
@@ -41,9 +37,9 @@ Create a random number variable:
10 => array(
'class' => 'core:PHP',
- 'code' => function (&$attributes) {
- $attributes['random'] = array(
+ 'code' => '
+ $attributes["random"] = array(
(string)rand(),
);
- },
+ ',
),
diff --git a/modules/core/lib/Auth/Process/PHP.php b/modules/core/lib/Auth/Process/PHP.php
index e54af285ee4218d5364a962c4ba710c09569adef..d189d289ea6d3900b1f42bb0df0e9b7518883d49 100644
--- a/modules/core/lib/Auth/Process/PHP.php
+++ b/modules/core/lib/Auth/Process/PHP.php
@@ -4,7 +4,7 @@
/**
* Attribute filter for running arbitrary PHP code.
*
- * @package simpleSAMLphp
+ * @package SimpleSAMLphp
*/
class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
{
@@ -16,17 +16,14 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
*/
private $code;
- /**
- * @var callable
- */
- private $function = null;
-
/**
* Initialize this filter, parse configuration
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use.
+ *
+ * @throws SimpleSAML_Error_Exception if the 'code' option is not defined.
*/
public function __construct($config, $reserved)
{
@@ -34,17 +31,10 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
assert('is_array($config)');
- if (isset($config['function'])) {
- $this->function = $config['function'];
- } else { // TODO: remove this branch after removing the 'code' option.
- if (!isset($config['code'])) {
- throw new SimpleSAML_Error_Exception("core:PHP: Neither 'function' nor 'code' options defined.");
- }
- SimpleSAML_Logger::warning(
- "Deprecated 'code' configuration option in PHP authentication processing filter."
- );
- $this->code = (string) $config['code'];
+ if (!isset($config['code'])) {
+ throw new SimpleSAML_Error_Exception("core:PHP: missing mandatory configuration option 'code'.");
}
+ $this->code = (string) $config['code'];
}
@@ -58,13 +48,7 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
assert('is_array($request)');
assert('array_key_exists("Attributes", $request)');
- if ($this->function) {
- $function = $this->function;
- $function($request['Attributes']);
- } else { // TODO: remove this branch after removing the 'code' option.
- $function = create_function('&$attributes', $this->code);
- $function($request['Attributes']);
- }
+ $function = create_function('&$attributes', $this->code);
+ $function($request['Attributes']);
}
-
}
diff --git a/tests/modules/core/lib/Auth/Process/PHPTest.php b/tests/modules/core/lib/Auth/Process/PHPTest.php
index 66c552377162d2d6bb18a2ecaa29a516134dc7ec..46c7d37d8418294012ffaf2bc30275a4d667918e 100644
--- a/tests/modules/core/lib/Auth/Process/PHPTest.php
+++ b/tests/modules/core/lib/Auth/Process/PHPTest.php
@@ -35,28 +35,6 @@ class Test_Core_Auth_Process_PHP extends PHPUnit_Framework_TestCase
}
-
- /**
- * Check that defining a function works as expected.
- */
- public function testFunctionDefined()
- {
- $config = array(
- 'function' => function (&$attributes) {
- $attributes['key'] = 'value';
- },
- );
- $request = array('Attributes' => array());
- $expected = array(
- 'Attributes' => array(
- 'key' => 'value',
- ),
- );
-
- $this->assertEquals($expected, $this->processFilter($config, $request));
- }
-
-
/**
* Check that defining the code works as expected.
*/
@@ -76,28 +54,4 @@ class Test_Core_Auth_Process_PHP extends PHPUnit_Framework_TestCase
$this->assertEquals($expected, $this->processFilter($config, $request));
}
-
-
- /**
- * Check that when both the function and code are defined, only the function is executed.
- */
- public function testOptionsPrecedence()
- {
- $config = array(
- 'function' => function (&$attributes) {
- $attributes['who'] = 'function';
- },
- 'code' => '
- $attributes["who"] = "code";
- ',
- );
- $request = array('Attributes' => array());
- $expected = array(
- 'Attributes' => array(
- 'who' => 'function',
- ),
- );
-
- $this->assertEquals($expected, $this->processFilter($config, $request));
- }
}