Remove backwards-compatible auth source (BWC). Closes #148.

c0ef58c1 · Jaime Perez · Jaime Perez Crespo · 7147e67d · 7147e67d · c0ef58c1
Commit c0ef58c1 authored 11 years ago by Jaime Perez Committed by Jaime Perez Crespo 10 years ago
--- a/lib/SimpleSAML/Auth/BWC.php
+++ b/lib/SimpleSAML/Auth/BWC.php
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * Helper class for backwards compatibility with old-style authentication sources.
- *
- * Provides the same interface as Auth_Simple.
- *
- * @package simpleSAMLphp
- */
-class SimpleSAML_Auth_BWC extends SimpleSAML_Auth_Simple {
-
-	/**
-	 * Our authentication handler.
-	 *
-	 * @var string
-	 */
-	private $auth;
-
-
-	/**
-	 * Our authority.
-	 *
-	 * @var string
-	 */
-	private $authority;
-
-
-	/**
-	 * Initialize a backwards-compatibility authsource for the given authentication page and authority.
-	 *
-	 * @param string $auth  The authentication page.
-	 * @param string|NULL $authority  The authority we should validate the login against.
-     * @deprecated
-	 */
-	public function __construct($auth, $authority) {
-		assert('is_string($auth)');
-		assert('is_string($authority) || is_null($authority)');
-
-		if ($authority === NULL) {
-			$candidates = array(
-				'auth/login-admin.php' => 'login-admin',
-				'auth/login-cas-ldap.php' => 'login-cas-ldap',
-				'auth/login-ldapmulti.php' => 'login-ldapmulti',
-				'auth/login-radius.php' => 'login-radius',
-				'auth/login-tlsclient.php' => 'tlsclient',
-				'auth/login-wayf-ldap.php' => 'login-wayf-ldap',
-				'auth/login.php' => 'login',
-			);
-			if (!isset($candidates[$auth])) {
-				throw new SimpleSAML_Error_Exception('You must provide an authority when using ' . $auth);
-			}
-			$authority = $candidates[$auth];
-		}
-
-		$this->auth = $auth;
-		$this->authority = $authority;
-
-		parent::__construct($authority);
-	}
-
-
-	/**
-	 * Retrieve the implementing authentication source.
-	 *
-	 * @return NULL  There is never an authentication source behind this class.
-     * @deprecated
-	 */
-	public function getAuthSource() {
-		return NULL;
-	}
-
-
-	/**
-	 * Start a login operation.
-	 *
-	 * @param array $params  Various options to the authentication request.
-     * @deprecated
-	 */
-	public function login(array $params = array()) {
-
-		if (array_key_exists('KeepPost', $params)) {
-			$keepPost = (bool)$params['KeepPost'];
-		} else {
-			$keepPost = TRUE;
-		}
-
-		if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
-			$params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
-		}
-
-		if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
-			$params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
-		}
-
-		$session = SimpleSAML_Session::getSessionFromRequest();
-
-		$authnRequest = array(
-			'IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE,
-			'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE,
-			'core:State' => $params,
-			'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'),
-			'core:authority' => $this->authority,
-		);
-
-		if (isset($params['saml:RequestId'])) {
-			$authnRequest['RequestID'] = $params['saml:RequestId'];
-		}
-		if (isset($params['SPMetadata']['entityid'])) {
-			$authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
-		}
-		if (isset($params['saml:RelayState'])) {
-			$authnRequest['RelayState'] = $params['saml:RelayState'];
-		}
-		if (isset($params['saml:IDPList'])) {
-			$authnRequest['IDPList'] = $params['saml:IDPList'];
-		}
-
-		$authId = SimpleSAML_Utilities::generateID();
-		$session->setAuthnRequest('saml2', $authId, $authnRequest);
-
-		$relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
-
-		$config = SimpleSAML_Configuration::getInstance();
-		$authurl = '/' . $config->getBaseURL() . $this->auth;
-		SimpleSAML_Utilities::redirectTrustedURL($authurl, array(
-			'RelayState' => $relayState,
-			'AuthId' => $authId,
-			'protocol' => 'saml2',
-		));
-	}
-
-
-	/**
-	 * Start a logout operation.
-	 *
-	 * @param string|NULL $url  The URL the user should be redirected to after logging out.
-	 *                          Defaults to the current page.
-     * @deprecated
-	 */
-	public function logout($url = NULL) {
-
-		if ($url === NULL) {
-			$url = SimpleSAML_Utilities::selfURL();
-		}
-
-		$session = SimpleSAML_Session::getSessionFromRequest();
-		if (!$session->isValid($this->authority)) {
-			/* Not authenticated to this authentication source. */
-			SimpleSAML_Utilities::redirectTrustedURL($url);
-			assert('FALSE');
-		}
-
-		if ($this->authority === 'saml2') {
-			$config = SimpleSAML_Configuration::getInstance();
-			SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
-				array('RelayState' => $url)
-			);
-		}
-
-		$session->doLogout($this->authority);
-		SimpleSAML_Utilities::redirectTrustedURL($url);
-	}
-
-}
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -102,7 +102,7 @@ class SimpleSAML_IdP {
 		if (SimpleSAML_Auth_Source::getById($auth) !== NULL) {
 			$this->authSource = new SimpleSAML_Auth_Simple($auth);
 		} else {
-			$this->authSource = new SimpleSAML_Auth_BWC($auth, $this->config->getString('authority', NULL));
+			throw new SimpleSAML_Error_Exception('No such "'.$auth.'" auth source found.');
 		}
 	}