From c0ef58c11bd4c887bb7b49737d9805cb050fb94e Mon Sep 17 00:00:00 2001
From: Jaime Perez <jaime.perez@uninett.no>
Date: Wed, 5 Mar 2014 11:57:51 +0100
Subject: [PATCH] Remove backwards-compatible auth source (BWC). Closes #148.
---
lib/SimpleSAML/Auth/BWC.php | 172 ------------------------------------
lib/SimpleSAML/IdP.php | 2 +-
2 files changed, 1 insertion(+), 173 deletions(-)
delete mode 100644 lib/SimpleSAML/Auth/BWC.php
diff --git a/lib/SimpleSAML/Auth/BWC.php b/lib/SimpleSAML/Auth/BWC.php
deleted file mode 100644
index 8cf8d7c01..000000000
--- a/lib/SimpleSAML/Auth/BWC.php
+++ /dev/null
@@ -1,172 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * Helper class for backwards compatibility with old-style authentication sources.
- *
- * Provides the same interface as Auth_Simple.
- *
- * @package simpleSAMLphp
- */
-class SimpleSAML_Auth_BWC extends SimpleSAML_Auth_Simple {
-
- /**
- * Our authentication handler.
- *
- * @var string
- */
- private $auth;
-
-
- /**
- * Our authority.
- *
- * @var string
- */
- private $authority;
-
-
- /**
- * Initialize a backwards-compatibility authsource for the given authentication page and authority.
- *
- * @param string $auth The authentication page.
- * @param string|NULL $authority The authority we should validate the login against.
- * @deprecated
- */
- public function __construct($auth, $authority) {
- assert('is_string($auth)');
- assert('is_string($authority) || is_null($authority)');
-
- if ($authority === NULL) {
- $candidates = array(
- 'auth/login-admin.php' => 'login-admin',
- 'auth/login-cas-ldap.php' => 'login-cas-ldap',
- 'auth/login-ldapmulti.php' => 'login-ldapmulti',
- 'auth/login-radius.php' => 'login-radius',
- 'auth/login-tlsclient.php' => 'tlsclient',
- 'auth/login-wayf-ldap.php' => 'login-wayf-ldap',
- 'auth/login.php' => 'login',
- );
- if (!isset($candidates[$auth])) {
- throw new SimpleSAML_Error_Exception('You must provide an authority when using ' . $auth);
- }
- $authority = $candidates[$auth];
- }
-
- $this->auth = $auth;
- $this->authority = $authority;
-
- parent::__construct($authority);
- }
-
-
- /**
- * Retrieve the implementing authentication source.
- *
- * @return NULL There is never an authentication source behind this class.
- * @deprecated
- */
- public function getAuthSource() {
- return NULL;
- }
-
-
- /**
- * Start a login operation.
- *
- * @param array $params Various options to the authentication request.
- * @deprecated
- */
- public function login(array $params = array()) {
-
- if (array_key_exists('KeepPost', $params)) {
- $keepPost = (bool)$params['KeepPost'];
- } else {
- $keepPost = TRUE;
- }
-
- if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
- $params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
- }
-
- if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
- $params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
- }
-
- $session = SimpleSAML_Session::getSessionFromRequest();
-
- $authnRequest = array(
- 'IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE,
- 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE,
- 'core:State' => $params,
- 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'),
- 'core:authority' => $this->authority,
- );
-
- if (isset($params['saml:RequestId'])) {
- $authnRequest['RequestID'] = $params['saml:RequestId'];
- }
- if (isset($params['SPMetadata']['entityid'])) {
- $authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
- }
- if (isset($params['saml:RelayState'])) {
- $authnRequest['RelayState'] = $params['saml:RelayState'];
- }
- if (isset($params['saml:IDPList'])) {
- $authnRequest['IDPList'] = $params['saml:IDPList'];
- }
-
- $authId = SimpleSAML_Utilities::generateID();
- $session->setAuthnRequest('saml2', $authId, $authnRequest);
-
- $relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
-
- $config = SimpleSAML_Configuration::getInstance();
- $authurl = '/' . $config->getBaseURL() . $this->auth;
- SimpleSAML_Utilities::redirectTrustedURL($authurl, array(
- 'RelayState' => $relayState,
- 'AuthId' => $authId,
- 'protocol' => 'saml2',
- ));
- }
-
-
- /**
- * Start a logout operation.
- *
- * @param string|NULL $url The URL the user should be redirected to after logging out.
- * Defaults to the current page.
- * @deprecated
- */
- public function logout($url = NULL) {
-
- if ($url === NULL) {
- $url = SimpleSAML_Utilities::selfURL();
- }
-
- $session = SimpleSAML_Session::getSessionFromRequest();
- if (!$session->isValid($this->authority)) {
- /* Not authenticated to this authentication source. */
- SimpleSAML_Utilities::redirectTrustedURL($url);
- assert('FALSE');
- }
-
- if ($this->authority === 'saml2') {
- $config = SimpleSAML_Configuration::getInstance();
- SimpleSAML_Utilities::redirectTrustedURL('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
- array('RelayState' => $url)
- );
- }
-
- $session->doLogout($this->authority);
- SimpleSAML_Utilities::redirectTrustedURL($url);
- }
-
-}
diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index 5a201594d..a2bcbf1b6 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -102,7 +102,7 @@ class SimpleSAML_IdP {
if (SimpleSAML_Auth_Source::getById($auth) !== NULL) {
$this->authSource = new SimpleSAML_Auth_Simple($auth);
} else {
- $this->authSource = new SimpleSAML_Auth_BWC($auth, $this->config->getString('authority', NULL));
+ throw new SimpleSAML_Error_Exception('No such "'.$auth.'" auth source found.');
}
}
--
GitLab