diff --git a/modules/negotiate/lib/Auth/Source/Negotiate.php b/modules/negotiate/lib/Auth/Source/Negotiate.php index bba08d6bbd2aff1b6fee9cbb47dfbd08e29c5b63..d70e21cbbf47984341e20d91b14535b7c1aa9fd9 100644 --- a/modules/negotiate/lib/Auth/Source/Negotiate.php +++ b/modules/negotiate/lib/Auth/Source/Negotiate.php @@ -16,20 +16,49 @@ class Negotiate extends \SimpleSAML\Auth\Source // Constants used in the module const STAGEID = '\SimpleSAML\Module\negotiate\Auth\Source\Negotiate.StageId'; + /** @var \SimpleSAML\Auth\LDAP|null */ protected $ldap = null; + + /** @var string */ protected $backend = ''; + + /** @var string*/ protected $hostname = ''; + + /** @var int */ protected $port = 389; + + /** @var bool */ protected $referrals = true; + + /** @var bool */ protected $enableTLS = false; + + /** @var bool */ protected $debugLDAP = false; + + /** @var int */ protected $timeout = 30; + + /** @var string */ protected $keytab = ''; + + /** @var array */ protected $base = []; + + /** @var array */ protected $attr = ['uid']; + + /** @var array|null */ protected $subnet = null; + + /** @var string|null */ protected $admin_user = null; + + /** @var string|null */ protected $admin_pw = null; + + /** @var array|null */ protected $attributes = null; @@ -81,6 +110,7 @@ class Negotiate extends \SimpleSAML\Auth\Source * LDAP is used as a user metadata source. * * @param array &$state Information about the current authentication. + * @return void */ public function authenticate(&$state) { @@ -187,6 +217,10 @@ class Negotiate extends \SimpleSAML\Auth\Source } + /** + * @param array $spMetadata + * @return bool + */ public function spDisabledInMetadata($spMetadata) { if (array_key_exists('negotiate:disable', $spMetadata)) { @@ -209,7 +243,7 @@ class Negotiate extends \SimpleSAML\Auth\Source * * Will return TRUE if no subnet option is configured. * - * @return boolean + * @return bool */ public function checkMask() { @@ -235,6 +269,7 @@ class Negotiate extends \SimpleSAML\Auth\Source * wants to show the 401 message. * * @param array $params additional parameters to the URL in the URL in the body. + * @return void */ protected function sendNegotiate($params) { @@ -256,6 +291,7 @@ class Negotiate extends \SimpleSAML\Auth\Source * Passes control of the login process to a different module. * * @param array $state Information about the current authentication. + * @return void * * @throws \SimpleSAML\Error\Error If couldn't determine the auth source. * @throws \SimpleSAML\Error\Exception @@ -290,7 +326,7 @@ class Negotiate extends \SimpleSAML\Auth\Source * * @param string $user The Kerberos user identifier. * - * @return string The DN to the user or NULL if not found. + * @return array|null The attributes for the user or NULL if not found. */ protected function lookupUserData($user) { @@ -315,6 +351,9 @@ class Negotiate extends \SimpleSAML\Auth\Source /** * Elevates the LDAP connection to allow restricted lookups if * so configured. Does nothing if not. + * + * @return void + * @throws \SimpleSAML\Error\AuthSource */ protected function adminBind() { @@ -339,6 +378,7 @@ class Negotiate extends \SimpleSAML\Auth\Source * logout call to the fallback module. * * @param array &$state Information about the current logout operation. + * @return void */ public function logout(&$state) { diff --git a/psalm.xml b/psalm.xml index d7cb185f722a581a51df87e941ce87aaf4ff385d..32b07d6f0f2272c48c480c5de68593d846a216c0 100644 --- a/psalm.xml +++ b/psalm.xml @@ -27,4 +27,8 @@ <UnusedClass errorLevel="info" /> <PossiblyUnusedMethod errorLevel="info" /> </issueHandlers> + + <stubs> + <file name="tests/Utils/Stubs/krb5.php" /> + </stubs> </psalm> diff --git a/tests/Utils/Stubs/krb5.php b/tests/Utils/Stubs/krb5.php new file mode 100644 index 0000000000000000000000000000000000000000..14e86b309e0e0ce6b3bb282b8700bba10968a9fb --- /dev/null +++ b/tests/Utils/Stubs/krb5.php @@ -0,0 +1,173 @@ +<?php + +class KRB5NegotiateAuth +{ + /** + * @param string $keytab + * @param string $spn + */ + public function __construct($keytab, $spn) + { + } + + + /** + * @return bool + */ + public function doAuthentication() + { + } + + + /** + * @return string + */ + public function getAuthenticatedUser() + { + } + + + /** + * @param KRB5CCache $ccache + * @return void + */ + public function getDelegatedCredentials(KRB5CCache $ccache) + { + } +} + + +class KRB5CCache +{ + /** + * + */ + public function __construct() + { + } + + + /** + * @return string + */ + public function getName() + { + } + + + /** + * @param string $src + * @return bool + */ + public function open($src) + { + } + + + /** + * @param string $dest + * @return bool + */ + public function save($dest) + { + } + + + /** + * @param string $principal + * @param string $pass + * @param array|null $options + * @return bool + */ + public function initPassword($principal, $pass, $options = null) + { + } + + + /** + * @param string $principal + * @param string $keytab_file + * @param array|null $options + * @return bool + */ + public function initKeytab($principal, $keytab_file, $options = null) + { + } + + + /** + * @return string + */ + public function getPrincipal() + { + } + + + /** + * @return string + */ + public function getRealm() + { + } + + + /** + * @return array + */ + public function getLifetime() + { + } + + + /** + * @return array + */ + public function getEntries() + { + } + + + /** + * @param int $timeRemain + * @return bool + */ + public function isValid($timeRemain = 0) + { + } + + + /** + * @param string|null $prefix + * @return array + */ + public function getTktAttrs($prefix = null) + { + } + + + /** + * @return bool + */ + public function renew() + { + } + + + /** + * @param string $principal + * @param string $oldpass + * @param string $newpass + * @return bool + */ + public function changePassword($principal, $oldpass, $newpass) + { + } + + + /** + * @return array + */ + public function getExpirationTime() + { + } +}