Remove deprecated AttributeRealm authproc (#1186)

docs/simplesamlphp-authproc.md

@@ -129,7 +129,6 @@ The following filters are included in the SimpleSAMLphp distribution:
 - [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues.
 - [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response.
 - [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes.
-- [`core:AttributeRealm`](./core:authproc_attributerealm): (deprecated) Create an attribute with the realm of the user.
 - [`core:AttributeValueMap`](./core:authproc_attributevaluemap): Map attribute values to new values and attribute name.
 - [`core:Cardinality`](./core:authproc_cardinality): Ensure the number of attribute values is within the specified multiplicity.
 - [`core:CardinalitySingle`](./core:authproc_cardinalitysingle): Ensure the correct cardinality of single-valued attributes.

modules/core/docs/authproc_attributerealm.md

-`core:AttributeRealm`
-=====================
-
-*NOTE:* This filter has been deprecated and will be removed in a future release. Please use
-`core:ScopeFromAttribute` instead.
-
-This filter creates a new attribute with the realm of the user.
-
-The new attribute is names `realm` by default, but can be controlled by the `attributename` option.
-The realm is extracted from the attribute set as the user ID (eduPersonPrincipalName by default).
-The user ID attribute can be changed with the `userid.attribute` option in the IdP metadata.
-
-Examples
---------
-
-Create the `realm` attribute.
-
-    'authproc' => array(
-        50 => array(
-            'class' => 'core:AttributeRealm',
-        ),
-    ),
-
-Set the `schacHomeOrganization` attribute.
-
-    'authproc' => array(
-        50 => array(
-            'class' => 'core:AttributeRealm',
-            'attributename' => 'schacHomeOrganization',
-        ),
-    ),
-

modules/core/lib/Auth/Process/AttributeRealm.php

-<?php
-
-declare(strict_types=1);
-
-namespace SimpleSAML\Module\core\Auth\Process;
-
-/**
- * Filter that will take the user ID on the format 'andreas@uninett.no'
- * and create a new attribute 'realm' that includes the value after the '@' sign.
- *
- * @author Andreas Åkre Solberg, UNINETT AS.
- * @package SimpleSAMLphp
- * @deprecated Use ScopeFromAttribute instead.
- */
-
-class AttributeRealm extends \SimpleSAML\Auth\ProcessingFilter
-{
-    /** @var string */
-    private $attributename = 'realm';
-
-
-    /**
-     * Initialize this filter.
-     *
-     * @param array &$config  Configuration information about this filter.
-     * @param mixed $reserved  For future use.
-     */
-    public function __construct(&$config, $reserved)
-    {
-        parent::__construct($config, $reserved);
-        assert(is_array($config));
-
-        if (array_key_exists('attributename', $config)) {
-            $this->attributename = $config['attributename'];
-        }
-    }
-
-
-    /**
-     * Apply filter to add or replace attributes.
-     *
-     * Add or replace existing attributes with the configured values.
-     *
-     * @param array &$request  The current request
-     * @return void
-     */
-    public function process(&$request)
-    {
-        assert(is_array($request));
-        assert(array_key_exists('Attributes', $request));
-
-        if (!array_key_exists('UserID', $request)) {
-            throw new \Exception('core:AttributeRealm: Missing UserID for this user. Please' .
-                ' check the \'userid.attribute\' option in the metadata against the' .
-                ' attributes provided by the authentication source.');
-        }
-        $userID = $request['UserID'];
-        $decomposed = explode('@', $userID);
-        if (count($decomposed) !== 2) {
-            return;
-        }
-        $request['Attributes'][$this->attributename] = [$decomposed[1]];
-    }
-}

tests/modules/core/lib/Auth/Process/AttributeRealmTest.php

-<?php
-
-declare(strict_types=1);
-
-namespace SimpleSAML\Test\Module\core\Auth\Process;
-
-use PHPUnit\Framework\TestCase;
-
-/**
- * Test for the core:AttributeRealm filter.
- * @deprecated Remove in 2.0
- */
-class AttributeRealmTest extends TestCase
-{
-    /**
-     * Helper function to run the filter with a given configuration.
-     *
-     * @param array $config  The filter configuration.
-     * @param array $request  The request state.
-     * @return array  The state array after processing.
-     */
-    private static function processFilter(array $config, array $request)
-    {
-        $filter = new \SimpleSAML\Module\core\Auth\Process\AttributeRealm($config, null);
-        $filter->process($request);
-        return $request;
-    }
-
-
-    /**
-     * Test the most basic functionality.
-     * @return void
-     */
-    public function testBasic()
-    {
-        $config = [
-        ];
-        $request = [
-            'Attributes' => [],
-            'UserID' => 'user2@example.org',
-        ];
-        $result = self::processFilter($config, $request);
-        $attributes = $result['Attributes'];
-        $this->assertArrayHasKey('realm', $attributes);
-        $this->assertEquals($attributes['realm'], ['example.org']);
-    }
-
-
-    /**
-     * Test no userid set
-     * @return void
-     */
-    public function testNoUserID()
-    {
-        $this->expectException(\Exception::class);
-        $config = [
-        ];
-        $request = [
-            'Attributes' => [],
-        ];
-        self::processFilter($config, $request);
-    }
-
-
-    /**
-     * Test with configuration.
-     * @return void
-     */
-    public function testAttributeNameConfig()
-    {
-        $config = [
-            'attributename' => 'schacHomeOrganization',
-        ];
-        $request = [
-            'Attributes' => [
-                'displayName' => 'Joe User',
-                'schacGender' => 9,
-            ],
-            'UserID' => 'user2@example.org',
-        ];
-        $result = self::processFilter($config, $request);
-        $attributes = $result['Attributes'];
-        $this->assertArrayHasKey('schacHomeOrganization', $attributes);
-        $this->assertArrayHasKey('displayName', $attributes);
-        $this->assertEquals($attributes['schacHomeOrganization'], ['example.org']);
-    }
-
-
-    /**
-     * When target attribute exists it will be overwritten
-     * @return void
-     */
-    public function testTargetAttributeOverwritten()
-    {
-        $config = [
-            'attributename' => 'schacHomeOrganization',
-        ];
-        $request = [
-            'Attributes' => [
-                'displayName' => 'Joe User',
-                'schacGender' => 9,
-                'schacHomeOrganization' => 'example.com',
-            ],
-            'UserID' => 'user2@example.org',
-        ];
-        $result = self::processFilter($config, $request);
-        $attributes = $result['Attributes'];
-        $this->assertArrayHasKey('schacHomeOrganization', $attributes);
-        $this->assertEquals($attributes['schacHomeOrganization'], ['example.org']);
-    }
-
-
-    /**
-     * When source attribute has no "@" no realm is added
-     * @return void
-     */
-    public function testNoAtisNoOp()
-    {
-        $config = [];
-        $request = [
-            'Attributes' => [
-                'displayName' => 'Joe User',
-            ],
-            'UserID' => 'user2',
-        ];
-        $result = self::processFilter($config, $request);
-        $attributes = $result['Attributes'];
-        $this->assertArrayNotHasKey('realm', $attributes);
-    }
-
-
-    /**
-     * When source attribute has more than one "@" no realm is added
-     * @return void
-     */
-    public function testMultiAtisNoOp()
-    {
-        $config = [];
-        $request = [
-            'Attributes' => [
-                'displayName' => 'Joe User',
-            ],
-            'UserID' => 'user2@home@example.org',
-        ];
-        $result = self::processFilter($config, $request);
-        $attributes = $result['Attributes'];
-        $this->assertArrayNotHasKey('realm', $attributes);
-    }
-}