From e7ff7c68da134468976301e03871d1c6ee236ab7 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tim.dijen@minbzk.nl>
Date: Fri, 14 Feb 2020 21:28:06 +0100
Subject: [PATCH] Remove deprecated AttributeRealm authproc (#1186)
---
docs/simplesamlphp-authproc.md | 1 -
modules/core/docs/authproc_attributerealm.md | 32 ----
.../core/lib/Auth/Process/AttributeRealm.php | 64 --------
.../lib/Auth/Process/AttributeRealmTest.php | 149 ------------------
4 files changed, 246 deletions(-)
delete mode 100644 modules/core/docs/authproc_attributerealm.md
delete mode 100644 modules/core/lib/Auth/Process/AttributeRealm.php
delete mode 100644 tests/modules/core/lib/Auth/Process/AttributeRealmTest.php
diff --git a/docs/simplesamlphp-authproc.md b/docs/simplesamlphp-authproc.md
index 2dc34990f..4e42b7fe7 100644
--- a/docs/simplesamlphp-authproc.md
+++ b/docs/simplesamlphp-authproc.md
@@ -129,7 +129,6 @@ The following filters are included in the SimpleSAMLphp distribution:
- [`core:AttributeAlter`](./core:authproc_attributealter): Do search-and-replace on attributevalues.
- [`core:AttributeLimit`](./core:authproc_attributelimit): Limit the attributes in the response.
- [`core:AttributeMap`](./core:authproc_attributemap): Change the name of the attributes.
-- [`core:AttributeRealm`](./core:authproc_attributerealm): (deprecated) Create an attribute with the realm of the user.
- [`core:AttributeValueMap`](./core:authproc_attributevaluemap): Map attribute values to new values and attribute name.
- [`core:Cardinality`](./core:authproc_cardinality): Ensure the number of attribute values is within the specified multiplicity.
- [`core:CardinalitySingle`](./core:authproc_cardinalitysingle): Ensure the correct cardinality of single-valued attributes.
diff --git a/modules/core/docs/authproc_attributerealm.md b/modules/core/docs/authproc_attributerealm.md
deleted file mode 100644
index cf511772a..000000000
--- a/modules/core/docs/authproc_attributerealm.md
+++ /dev/null
@@ -1,32 +0,0 @@
-`core:AttributeRealm`
-=====================
-
-*NOTE:* This filter has been deprecated and will be removed in a future release. Please use
-`core:ScopeFromAttribute` instead.
-
-This filter creates a new attribute with the realm of the user.
-
-The new attribute is names `realm` by default, but can be controlled by the `attributename` option.
-The realm is extracted from the attribute set as the user ID (eduPersonPrincipalName by default).
-The user ID attribute can be changed with the `userid.attribute` option in the IdP metadata.
-
-Examples
---------
-
-Create the `realm` attribute.
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeRealm',
- ),
- ),
-
-Set the `schacHomeOrganization` attribute.
-
- 'authproc' => array(
- 50 => array(
- 'class' => 'core:AttributeRealm',
- 'attributename' => 'schacHomeOrganization',
- ),
- ),
-
diff --git a/modules/core/lib/Auth/Process/AttributeRealm.php b/modules/core/lib/Auth/Process/AttributeRealm.php
deleted file mode 100644
index 9ca00ffd6..000000000
--- a/modules/core/lib/Auth/Process/AttributeRealm.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace SimpleSAML\Module\core\Auth\Process;
-
-/**
- * Filter that will take the user ID on the format 'andreas@uninett.no'
- * and create a new attribute 'realm' that includes the value after the '@' sign.
- *
- * @author Andreas Ă…kre Solberg, UNINETT AS.
- * @package SimpleSAMLphp
- * @deprecated Use ScopeFromAttribute instead.
- */
-
-class AttributeRealm extends \SimpleSAML\Auth\ProcessingFilter
-{
- /** @var string */
- private $attributename = 'realm';
-
-
- /**
- * Initialize this filter.
- *
- * @param array &$config Configuration information about this filter.
- * @param mixed $reserved For future use.
- */
- public function __construct(&$config, $reserved)
- {
- parent::__construct($config, $reserved);
- assert(is_array($config));
-
- if (array_key_exists('attributename', $config)) {
- $this->attributename = $config['attributename'];
- }
- }
-
-
- /**
- * Apply filter to add or replace attributes.
- *
- * Add or replace existing attributes with the configured values.
- *
- * @param array &$request The current request
- * @return void
- */
- public function process(&$request)
- {
- assert(is_array($request));
- assert(array_key_exists('Attributes', $request));
-
- if (!array_key_exists('UserID', $request)) {
- throw new \Exception('core:AttributeRealm: Missing UserID for this user. Please' .
- ' check the \'userid.attribute\' option in the metadata against the' .
- ' attributes provided by the authentication source.');
- }
- $userID = $request['UserID'];
- $decomposed = explode('@', $userID);
- if (count($decomposed) !== 2) {
- return;
- }
- $request['Attributes'][$this->attributename] = [$decomposed[1]];
- }
-}
diff --git a/tests/modules/core/lib/Auth/Process/AttributeRealmTest.php b/tests/modules/core/lib/Auth/Process/AttributeRealmTest.php
deleted file mode 100644
index dc2c7e870..000000000
--- a/tests/modules/core/lib/Auth/Process/AttributeRealmTest.php
+++ /dev/null
@@ -1,149 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace SimpleSAML\Test\Module\core\Auth\Process;
-
-use PHPUnit\Framework\TestCase;
-
-/**
- * Test for the core:AttributeRealm filter.
- * @deprecated Remove in 2.0
- */
-class AttributeRealmTest extends TestCase
-{
- /**
- * Helper function to run the filter with a given configuration.
- *
- * @param array $config The filter configuration.
- * @param array $request The request state.
- * @return array The state array after processing.
- */
- private static function processFilter(array $config, array $request)
- {
- $filter = new \SimpleSAML\Module\core\Auth\Process\AttributeRealm($config, null);
- $filter->process($request);
- return $request;
- }
-
-
- /**
- * Test the most basic functionality.
- * @return void
- */
- public function testBasic()
- {
- $config = [
- ];
- $request = [
- 'Attributes' => [],
- 'UserID' => 'user2@example.org',
- ];
- $result = self::processFilter($config, $request);
- $attributes = $result['Attributes'];
- $this->assertArrayHasKey('realm', $attributes);
- $this->assertEquals($attributes['realm'], ['example.org']);
- }
-
-
- /**
- * Test no userid set
- * @return void
- */
- public function testNoUserID()
- {
- $this->expectException(\Exception::class);
- $config = [
- ];
- $request = [
- 'Attributes' => [],
- ];
- self::processFilter($config, $request);
- }
-
-
- /**
- * Test with configuration.
- * @return void
- */
- public function testAttributeNameConfig()
- {
- $config = [
- 'attributename' => 'schacHomeOrganization',
- ];
- $request = [
- 'Attributes' => [
- 'displayName' => 'Joe User',
- 'schacGender' => 9,
- ],
- 'UserID' => 'user2@example.org',
- ];
- $result = self::processFilter($config, $request);
- $attributes = $result['Attributes'];
- $this->assertArrayHasKey('schacHomeOrganization', $attributes);
- $this->assertArrayHasKey('displayName', $attributes);
- $this->assertEquals($attributes['schacHomeOrganization'], ['example.org']);
- }
-
-
- /**
- * When target attribute exists it will be overwritten
- * @return void
- */
- public function testTargetAttributeOverwritten()
- {
- $config = [
- 'attributename' => 'schacHomeOrganization',
- ];
- $request = [
- 'Attributes' => [
- 'displayName' => 'Joe User',
- 'schacGender' => 9,
- 'schacHomeOrganization' => 'example.com',
- ],
- 'UserID' => 'user2@example.org',
- ];
- $result = self::processFilter($config, $request);
- $attributes = $result['Attributes'];
- $this->assertArrayHasKey('schacHomeOrganization', $attributes);
- $this->assertEquals($attributes['schacHomeOrganization'], ['example.org']);
- }
-
-
- /**
- * When source attribute has no "@" no realm is added
- * @return void
- */
- public function testNoAtisNoOp()
- {
- $config = [];
- $request = [
- 'Attributes' => [
- 'displayName' => 'Joe User',
- ],
- 'UserID' => 'user2',
- ];
- $result = self::processFilter($config, $request);
- $attributes = $result['Attributes'];
- $this->assertArrayNotHasKey('realm', $attributes);
- }
-
-
- /**
- * When source attribute has more than one "@" no realm is added
- * @return void
- */
- public function testMultiAtisNoOp()
- {
- $config = [];
- $request = [
- 'Attributes' => [
- 'displayName' => 'Joe User',
- ],
- 'UserID' => 'user2@home@example.org',
- ];
- $result = self::processFilter($config, $request);
- $attributes = $result['Attributes'];
- $this->assertArrayNotHasKey('realm', $attributes);
- }
-}
--
GitLab