Revert the new configuration option for the core:PHP authproc. Since we need...

Revert the new configuration option for the core:PHP authproc. Since we need to serialize authprocs and SP metadata in the state array, and closures are not serializable, it doesn't work. We could create a new module with this, adding a dependency on opis/closure 2.0.* or equivalent, to be able to serialize closures.

Revert the new configuration option for the core:PHP authproc. Since we need...
74904960 · Jaime Perez Crespo · d1f9b393 · 74904960 · 74904960 · 74904960
Commit 74904960 authored 9 years ago by Jaime Perez Crespo
--- a/docs/simplesamlphp-changelog.txt
+++ b/docs/simplesamlphp-changelog.txt
@@ -68,10 +68,6 @@ Released TBD
  * Added an authentication processing filter to warn about certificate expiration.
-### `core`
-  * The PHP authentication processing filter now accepts a new option called `function` to define an anonymous function.
 ### `ldap`
  * Added a new `port` configuration option.

--- a/modules/core/docs/authproc_php.txt
+++ b/modules/core/docs/authproc_php.txt
@@ -10,13 +10,9 @@ Parameters
 :   This is the name of the filter.
    It must be `'core:PHP'`.
-`function`
-:   The PHP function that should be run, defined as an anonymous function with one parameter called `$attributes`.
-    This is an associative array with the user's attributes, and can be modified to add or remove them.
 `code`
-:   **Deprecated**
+:   The PHP code that should be run. This code will have only one variable available: `$attributes`.
-    If you are using this option, please migrate your code to an anonymous function defined in the `function` option.
+    This is an associative array of attributes, and can be modified to add or remove attributes.
 Examples
 --------
@@ -25,15 +21,15 @@ Add the `mail` attribute based on the user's `uid` attribute:
    10 => array(
        'class' => 'core:PHP',
-        'function' => function (&$attributes) {
+        'code' => '
-            if (empty($attributes['uid'])) {
+            if (empty($attributes["uid"])) {
-                throw new Exception('Missing uid attribute.');
+                throw new Exception("Missing uid attribute.");
            }
-            $uid = $attributes['uid'][0];
+            $uid = $attributes["uid"][0];
-            $mail = $uid.'@example.net';
+            $mail = $uid . "@example.net";
-            $attributes['mail'] = array($mail);
+            $attributes["mail"] = array($mail);
-        },
+        ',
    ),
@@ -41,9 +37,9 @@ Create a random number variable:
    10 => array(
        'class' => 'core:PHP',
-        'code' => function (&$attributes) {
+        'code' => '
-            $attributes['random'] = array(
+            $attributes["random"] = array(
                (string)rand(),
            );
-        },
+        ',
    ),
--- a/modules/core/lib/Auth/Process/PHP.php
+++ b/modules/core/lib/Auth/Process/PHP.php
@@ -4,7 +4,7 @@
 /**
 * Attribute filter for running arbitrary PHP code.
 *
- * @package simpleSAMLphp
+ * @package SimpleSAMLphp
 */
 class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
 {
@@ -16,17 +16,14 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
     */
    private $code;
-    /**
-     * @var callable
-     */
-    private $function = null;
    /**
     * Initialize this filter, parse configuration
     *
     * @param array $config Configuration information about this filter.
     * @param mixed $reserved For future use.
+     *
+     * @throws SimpleSAML_Error_Exception if the 'code' option is not defined.
     */
    public function __construct($config, $reserved)
    {
@@ -34,17 +31,10 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
        assert('is_array($config)');
-        if (isset($config['function'])) {
+        if (!isset($config['code'])) {
-            $this->function = $config['function'];
+            throw new SimpleSAML_Error_Exception("core:PHP: missing mandatory configuration option 'code'.");
-        } else { // TODO: remove this branch after removing the 'code' option.
-            if (!isset($config['code'])) {
-                throw new SimpleSAML_Error_Exception("core:PHP: Neither 'function' nor 'code' options defined.");
-            }
-            SimpleSAML_Logger::warning(
-                "Deprecated 'code' configuration option in PHP authentication processing filter."
-            );
-            $this->code = (string) $config['code'];
        }
+        $this->code = (string) $config['code'];
    }
@@ -58,13 +48,7 @@ class sspmod_core_Auth_Process_PHP extends SimpleSAML_Auth_ProcessingFilter
        assert('is_array($request)');
        assert('array_key_exists("Attributes", $request)');
-        if ($this->function) {
+        $function = create_function('&$attributes', $this->code);
-            $function = $this->function;
+        $function($request['Attributes']);
-            $function($request['Attributes']);
-        } else { // TODO: remove this branch after removing the 'code' option.
-            $function = create_function('&$attributes', $this->code);
-            $function($request['Attributes']);
-        }
    }
 }
--- a/tests/modules/core/lib/Auth/Process/PHPTest.php
+++ b/tests/modules/core/lib/Auth/Process/PHPTest.php
@@ -35,28 +35,6 @@ class Test_Core_Auth_Process_PHP extends PHPUnit_Framework_TestCase
    }
-    /**
-     * Check that defining a function works as expected.
-     */
-    public function testFunctionDefined()
-    {
-        $config = array(
-            'function' => function (&$attributes) {
-                $attributes['key'] = 'value';
-            },
-        );
-        $request = array('Attributes' => array());
-        $expected = array(
-            'Attributes' => array(
-                'key' => 'value',
-            ),
-        );
-        $this->assertEquals($expected, $this->processFilter($config, $request));
-    }
    /**
     * Check that defining the code works as expected.
     */
@@ -76,28 +54,4 @@ class Test_Core_Auth_Process_PHP extends PHPUnit_Framework_TestCase
        $this->assertEquals($expected, $this->processFilter($config, $request));
    }
-    /**
-     * Check that when both the function and code are defined, only the function is executed.
-     */
-    public function testOptionsPrecedence()
-    {
-        $config = array(
-            'function' => function (&$attributes) {
-                $attributes['who'] = 'function';
-            },
-            'code'     => '
-                $attributes["who"] = "code";
-            ',
-        );
-        $request = array('Attributes' => array());
-        $expected = array(
-            'Attributes' => array(
-                'who' => 'function',
-            ),
-        );
-        $this->assertEquals($expected, $this->processFilter($config, $request));
-    }
 }