From 7565df19612ce770313824ad7b8a0494c8b93769 Mon Sep 17 00:00:00 2001
From: Thijs Kinkhorst <thijs@kinkhorst.com>
Date: Wed, 5 Jan 2022 11:37:49 +0000
Subject: [PATCH] Remove 'output=xhtml' variants of IdP/SP metadata URLs

They were broken in master. The admin module now performs this
function. So to reduce duplication and to keep the metadata endpoints
simple, we remove the broken code here instead of fixing it.
---
 modules/saml/www/sp/metadata.php | 30 ++-----------------------
 www/saml2/idp/metadata.php       | 38 +++-----------------------------
 2 files changed, 5 insertions(+), 63 deletions(-)

diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 4a9fabcb5..61fefa104 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -1,16 +1,12 @@
 <?php
 
-use SAML2\Constants;
 use SimpleSAML\Auth;
 use SimpleSAML\Configuration;
 use SimpleSAML\Error;
-use SimpleSAML\Locale\Translate;
 use SimpleSAML\Metadata;
 use SimpleSAML\Module;
 use SimpleSAML\Store\StoreFactory;
 use SimpleSAML\Utils;
-use SimpleSAML\XHTML\Template;
-use Symfony\Component\VarExporter\VarExporter;
 
 if (!array_key_exists('PATH_INFO', $_SERVER)) {
     throw new Error\BadRequest('Missing authentication source id in metadata URL');
@@ -47,30 +43,8 @@ $metaBuilder->addOrganizationInfo($metaArray20);
 
 $xml = $metaBuilder->getEntityDescriptorText();
 
-unset($metaArray20['UIInfo']);
-unset($metaArray20['metadata-set']);
-unset($metaArray20['entityid']);
-
-// sanitize the attributes array to remove friendly names
-if (isset($metaArray20['attributes']) && is_array($metaArray20['attributes'])) {
-    $metaArray20['attributes'] = array_values($metaArray20['attributes']);
-}
-
 // sign the metadata if enabled
 $xml = Metadata\Signer::sign($xml, $spconfig->toArray(), 'SAML 2 SP');
 
-if (array_key_exists('output', $_REQUEST) && $_REQUEST['output'] == 'xhtml') {
-    $t = new Template($config, 'metadata.twig', 'admin');
-
-    $t->data['clipboard.js'] = true;
-    $t->data['header'] = 'saml20-sp'; // TODO: Replace with headerString in 2.0
-    $t->data['headerString'] = Translate::noop('metadata_saml20-sp');
-    $t->data['metadata'] = htmlspecialchars($xml);
-    $t->data['metadataflat'] = '$metadata[' . var_export($entityId, true)
-        . '] = ' . VarExporter::export($metaArray20) . ';';
-    $t->data['metaurl'] = $source->getMetadataURL();
-    $t->send();
-} else {
-    header('Content-Type: application/samlmetadata+xml');
-    echo($xml);
-}
+header('Content-Type: application/samlmetadata+xml');
+echo($xml);
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 7cf7883b6..6d06c28db 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -2,16 +2,11 @@
 
 require_once('../../_include.php');
 
-use Symfony\Component\VarExporter\VarExporter;
-
-use SAML2\Constants;
-use SimpleSAML\Assert\Assert;
 use SimpleSAML\Configuration;
 use SimpleSAML\Error;
 use SimpleSAML\Module;
 use SimpleSAML\Module\saml\IdP\SAML2 as SAML2_IdP;
 use SimpleSAML\Utils;
-use SimpleSAML\Utils\Config\Metadata as Metadata;
 
 $config = Configuration::getInstance();
 if (!$config->getBoolean('enable.saml20-idp', false) || !Module::isModuleEnabled('saml')) {
@@ -24,7 +19,6 @@ if ($config->getBoolean('admin.protectmetadata', false)) {
     $authUtils->requireAdmin();
 }
 
-$httpUtils = new Utils\HTTP();
 $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
 
 try {
@@ -38,39 +32,13 @@ try {
 
     $metaxml = $metaBuilder->getEntityDescriptorText();
 
-    $metaflat = '$metadata[' . var_export($idpentityid, true) . '] = ' . VarExporter::export($metaArray) . ';';
-
     // sign the metadata if enabled
     $metaxml = \SimpleSAML\Metadata\Signer::sign($metaxml, $metaArray, 'SAML 2 IdP');
 
-    if (array_key_exists('output', $_GET) && $_GET['output'] == 'xhtml') {
-        $t = new \SimpleSAML\XHTML\Template($config, 'metadata.tpl.php', 'admin');
-
-        $t->data['clipboard.js'] = true;
-        $t->data['available_certs'] = $availableCerts;
-        $certdata = [];
-        foreach (array_keys($availableCerts) as $availableCert) {
-            $certdata[$availableCert]['name'] = $availableCert;
-            $certdata[$availableCert]['url'] = Module::getModuleURL('saml/idp/certs.php') . '/' . $availableCert;
-            $certdata[$availableCert]['comment'] = (
-                $availableCerts[$availableCert]['certFingerprint'][0] === 'afe71c28ef740bc87425be13a2263d37971da1f9' ?
-                'This is the default certificate. Generate a new certificate if this is a production system.' :
-                ''
-            );
-        }
-        $t->data['certdata'] = $certdata;
-        $t->data['header'] = 'saml20-idp'; // TODO: Replace with headerString in 2.0
-        $t->data['headerString'] = \SimpleSAML\Locale\Translate::noop('metadata_saml20-idp');
-        $t->data['metaurl'] = $httpUtils->getSelfURLNoQuery();
-        $t->data['metadata'] = htmlspecialchars($metaxml);
-        $t->data['metadataflat'] = htmlspecialchars($metaflat);
-        $t->send();
-    } else {
-        header('Content-Type: application/samlmetadata+xml');
+    header('Content-Type: application/samlmetadata+xml');
 
-        echo $metaxml;
-        exit(0);
-    }
+    echo $metaxml;
+    exit(0);
 } catch (\Exception $exception) {
     throw new Error\Error('METADATA', $exception);
 }
-- 
GitLab