From fab5d312bcff43c7f7bbe42237d5419ca6e7f7da Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 4 Feb 2019 18:08:53 +0100
Subject: [PATCH] Fixes for modules/saml
---
modules/saml/hooks/hook_metadata_hosted.php | 3 +-
.../lib/Auth/Process/AuthnContextClassRef.php | 6 ++--
.../Process/ExpectedAuthnContextClassRef.php | 6 ++--
.../saml/lib/Auth/Process/FilterScopes.php | 3 +-
.../saml/lib/Auth/Process/NameIDAttribute.php | 1 +
.../Process/PersistentNameID2TargetedID.php | 3 +-
modules/saml/lib/Auth/Source/SP.php | 34 +++++++++++++++++++
modules/saml/lib/BaseNameIDGenerator.php | 8 ++---
modules/saml/lib/IdP/SAML1.php | 6 ++--
modules/saml/lib/IdP/SAML2.php | 18 ++++++----
modules/saml/lib/IdP/SQLNameID.php | 6 ++--
modules/saml/lib/Message.php | 7 +++-
modules/saml/lib/SP/LogoutStore.php | 11 ++++--
13 files changed, 86 insertions(+), 26 deletions(-)
diff --git a/modules/saml/hooks/hook_metadata_hosted.php b/modules/saml/hooks/hook_metadata_hosted.php
index e1dc65c36..9a13aa878 100644
--- a/modules/saml/hooks/hook_metadata_hosted.php
+++ b/modules/saml/hooks/hook_metadata_hosted.php
@@ -4,8 +4,8 @@
* Hook to add the metadata for hosted entities to the frontpage.
*
* @param array &$metadataHosted The metadata links for hosted metadata on the frontpage.
+ * @return void
*/
-
function saml_hook_metadata_hosted(&$metadataHosted)
{
assert(is_array($metadataHosted));
@@ -13,6 +13,7 @@ function saml_hook_metadata_hosted(&$metadataHosted)
$sources = \SimpleSAML\Auth\Source::getSourcesOfType('saml:SP');
foreach ($sources as $source) {
+ /** @var \SimpleSAML\Auth\Source $source */
$metadata = $source->getMetadata();
$name = $metadata->getValue('name', null);
diff --git a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
index 106d7b51f..f579d2c55 100644
--- a/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/AuthnContextClassRef.php
@@ -7,15 +7,14 @@ namespace SimpleSAML\Module\saml\Auth\Process;
*
* @package SimpleSAMLphp
*/
-
class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
{
/**
* The URI we should set as the AuthnContextClassRef in the login response.
*
- * @var string
+ * @var string|null
*/
- private $authnContextClassRef;
+ private $authnContextClassRef = null;
/**
@@ -43,6 +42,7 @@ class AuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
* Set the AuthnContextClassRef in the SAML 2 response.
*
* @param array &$state The state array for this request.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
index fd6277732..b7aa14698 100644
--- a/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
+++ b/modules/saml/lib/Auth/Process/ExpectedAuthnContextClassRef.php
@@ -29,9 +29,9 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
/**
* AuthnContextClassRef of the assertion
- * @var string
+ * @var string|null
*/
- private $AuthnContextClassRef;
+ private $AuthnContextClassRef = null;
/**
@@ -62,6 +62,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
/**
*
* @param array &$request The current request
+ * @return void
*/
public function process(&$request)
{
@@ -87,6 +88,7 @@ class ExpectedAuthnContextClassRef extends \SimpleSAML\Auth\ProcessingFilter
* permission logic.
*
* @param array $request
+ * @return void
*/
protected function unauthorized(&$request)
{
diff --git a/modules/saml/lib/Auth/Process/FilterScopes.php b/modules/saml/lib/Auth/Process/FilterScopes.php
index 67ef886df..1478112be 100644
--- a/modules/saml/lib/Auth/Process/FilterScopes.php
+++ b/modules/saml/lib/Auth/Process/FilterScopes.php
@@ -15,7 +15,7 @@ use SimpleSAML\Logger;
class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
{
/**
- * Stores any pre-configured scoped attributes which come from the filter configuration.
+ * @var array Stores any pre-configured scoped attributes which come from the filter configuration.
*/
private $scopedAttributes = [
'eduPersonScopedAffiliation',
@@ -44,6 +44,7 @@ class FilterScopes extends \SimpleSAML\Auth\ProcessingFilter
* This method applies the filter, removing any values
*
* @param array &$request the current request
+ * @return void
*/
public function process(&$request)
{
diff --git a/modules/saml/lib/Auth/Process/NameIDAttribute.php b/modules/saml/lib/Auth/Process/NameIDAttribute.php
index e8c27dba7..1ee6e5f42 100644
--- a/modules/saml/lib/Auth/Process/NameIDAttribute.php
+++ b/modules/saml/lib/Auth/Process/NameIDAttribute.php
@@ -103,6 +103,7 @@ class NameIDAttribute extends \SimpleSAML\Auth\ProcessingFilter
* Convert NameID to attribute.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
index f627f164e..7bf2e2f1b 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID2TargetedID.php
@@ -21,7 +21,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
/**
* Whether we should insert it as an saml:NameID element.
*
- * @var boolean
+ * @var bool
*/
private $nameId;
@@ -55,6 +55,7 @@ class PersistentNameID2TargetedID extends \SimpleSAML\Auth\ProcessingFilter
* Store a NameID to attribute.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 9187ed846..62cf5331e 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -86,6 +86,7 @@ class SP extends Source
}
}
+
/**
* Retrieve the URL to the metadata of this SP.
*
@@ -96,6 +97,7 @@ class SP extends Source
return \SimpleSAML\Module::getModuleURL('saml/sp/metadata.php/'.urlencode($this->authId));
}
+
/**
* Retrieve the entity id of this SP.
*
@@ -440,6 +442,7 @@ class SP extends Source
*
* @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
{
@@ -471,11 +474,13 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
}
+
/**
* Send a SAML2 SSO request to an IdP
*
* @param \SimpleSAML\Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state)
{
@@ -647,6 +652,7 @@ class SP extends Source
assert(false);
}
+
/**
* Function to actually send the authentication request.
*
@@ -655,6 +661,7 @@ class SP extends Source
* @param array &$state The state array.
* @param \SAML2\Binding $binding The binding.
* @param \SAML2\AuthnRequest $ar The authentication request.
+ * @return void
*/
public function sendSAML2AuthnRequest(array &$state, \SAML2\Binding $binding, \SAML2\AuthnRequest $ar)
{
@@ -662,11 +669,13 @@ class SP extends Source
assert(false);
}
+
/**
* Send a SSO request to an IdP.
*
* @param string $idp The entity ID of the IdP.
* @param array $state The state array for the current authentication.
+ * @return void
*/
public function startSSO($idp, array $state)
{
@@ -688,10 +697,12 @@ class SP extends Source
}
}
+
/**
* Start an IdP discovery service operation.
*
* @param array $state The state array.
+ * @return void
*/
private function startDisco(array $state)
{
@@ -722,12 +733,14 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectTrustedURL($discoURL, $params);
}
+
/**
* Start login.
*
* This function saves the information about the login, and redirects to the IdP.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function authenticate(&$state)
{
@@ -779,6 +792,7 @@ class SP extends Source
assert(false);
}
+
/**
* Re-authenticate an user.
*
@@ -786,6 +800,7 @@ class SP extends Source
* interact with the user even in the case when the user is already authenticated.
*
* @param array &$state Information about the current authentication.
+ * @return void
*/
public function reauthenticate(array &$state)
{
@@ -867,6 +882,7 @@ class SP extends Source
* - 'core:IdP': the identifier of the local IdP.
* - 'SPMetadata': an array with the metadata of this local SP.
*
+ * @return void
* @throws \SimpleSAML\Error\NoPassive In case the authentication request was passive.
*/
public static function askForIdPChange(array &$state)
@@ -891,12 +907,14 @@ class SP extends Source
assert(false);
}
+
/**
* Log the user out before logging in again.
*
* This method will never return.
*
* @param array $state The state array.
+ * @return void
*/
public static function reauthLogout(array $state)
{
@@ -912,10 +930,12 @@ class SP extends Source
assert(false);
}
+
/**
* Complete login operation after re-authenticating the user on another IdP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function reauthPostLogin(array $state)
{
@@ -931,6 +951,7 @@ class SP extends Source
assert(false);
}
+
/**
* Post-logout handler for re-authentication.
*
@@ -938,6 +959,7 @@ class SP extends Source
*
* @param \SimpleSAML\IdP $idp The IdP we are logging out from.
* @param array &$state The state array with the state during logout.
+ * @return void
*/
public static function reauthPostLogout(\SimpleSAML\IdP $idp, array $state)
{
@@ -956,10 +978,12 @@ class SP extends Source
assert(false);
}
+
/**
* Start a SAML 2 logout operation.
*
* @param array $state The logout state.
+ * @return void
*/
public function startSLO2(&$state)
{
@@ -1004,10 +1028,12 @@ class SP extends Source
assert(false);
}
+
/**
* Start logout operation.
*
* @param array $state The logout state.
+ * @return void
*/
public function logout(&$state)
{
@@ -1028,12 +1054,14 @@ class SP extends Source
}
}
+
/**
* Handle a response from a SSO operation.
*
* @param array $state The authentication state.
* @param string $idp The entity id of the IdP.
* @param array $attributes The attributes.
+ * @return void
*/
public function handleResponse(array $state, $idp, array $attributes)
{
@@ -1073,10 +1101,12 @@ class SP extends Source
self::onProcessingCompleted($authProcState);
}
+
/**
* Handle a logout request from an IdP.
*
* @param string $idpEntityId The entity ID of the IdP.
+ * @return void
*/
public function handleLogout($idpEntityId)
{
@@ -1086,6 +1116,7 @@ class SP extends Source
$this->callLogoutCallback($idpEntityId);
}
+
/**
* Handle an unsolicited login operations.
*
@@ -1099,6 +1130,7 @@ class SP extends Source
* the session. The function will check if the URL is allowed, so there is no need to
* manually check the URL on beforehand. Please refer to the 'trusted.url.domains'
* configuration directive for more information about allowing (or disallowing) URLs.
+ * @return void
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
@@ -1111,10 +1143,12 @@ class SP extends Source
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
+
/**
* Called when we have completed the procssing chain.
*
* @param array $authProcState The processing chain state.
+ * @return void
*/
public static function onProcessingCompleted(array $authProcState)
{
diff --git a/modules/saml/lib/BaseNameIDGenerator.php b/modules/saml/lib/BaseNameIDGenerator.php
index 39a4a3f00..7c7bcf2c2 100644
--- a/modules/saml/lib/BaseNameIDGenerator.php
+++ b/modules/saml/lib/BaseNameIDGenerator.php
@@ -7,7 +7,6 @@ namespace SimpleSAML\Module\saml;
*
* @package SimpleSAMLphp
*/
-
abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
{
/**
@@ -37,11 +36,11 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
/**
* The format of this NameID.
*
- * This property must be initialized the subclass.
+ * This property must be set by the subclass.
*
- * @var string
+ * @var string|null
*/
- protected $format;
+ protected $format = null;
/**
@@ -81,6 +80,7 @@ abstract class BaseNameIDGenerator extends \SimpleSAML\Auth\ProcessingFilter
* Generate transient NameID.
*
* @param array &$state The request state.
+ * @return void
*/
public function process(&$state)
{
diff --git a/modules/saml/lib/IdP/SAML1.php b/modules/saml/lib/IdP/SAML1.php
index e158a666b..5e78d4827 100644
--- a/modules/saml/lib/IdP/SAML1.php
+++ b/modules/saml/lib/IdP/SAML1.php
@@ -12,10 +12,8 @@ use SimpleSAML\Utils\HTTP;
*
* @package SimpleSAMLphp
*/
-
class SAML1
{
-
/**
* Retrieve the metadata of a hosted SAML 1.1 IdP.
*
@@ -73,7 +71,7 @@ class SAML1
);
if (!$config->hasValue('OrganizationURL')) {
- throw new \SimpleSAMl\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
+ throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.');
}
$metadata['OrganizationURL'] = $config->getLocalizedString('OrganizationURL');
}
@@ -125,6 +123,7 @@ class SAML1
* Send a response to the SP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function sendResponse(array $state)
{
@@ -176,6 +175,7 @@ class SAML1
* Receive an authentication request.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
{
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index bce1bf077..59e031775 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -17,13 +17,13 @@ use SimpleSAML\Utils\HTTP;
*
* @package SimpleSAMLphp
*/
-
class SAML2
{
/**
* Send a response to the SP.
*
* @param array $state The authentication state.
+ * @return void
*/
public static function sendResponse(array $state)
{
@@ -101,6 +101,7 @@ class SAML2
* \SimpleSAML\Error\Exception $exception The exception.
*
* @param array $state The error state.
+ * @return void
*/
public static function handleAuthError(\SimpleSAML\Error\Exception $exception, array $state)
{
@@ -162,11 +163,11 @@ class SAML2
*
* @param array $supportedBindings The bindings we allow for the response.
* @param \SimpleSAML\Configuration $spMetadata The metadata for the SP.
- * @param string|NULL $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
- * @param string|NULL $ProtocolBinding ProtocolBinding from request.
- * @param int|NULL $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
+ * @param string|null $AssertionConsumerServiceURL AssertionConsumerServiceURL from request.
+ * @param string|null $ProtocolBinding ProtocolBinding from request.
+ * @param int|null $AssertionConsumerServiceIndex AssertionConsumerServiceIndex from request.
*
- * @return array Array with the Location and Binding we should use for the response.
+ * @return array|null Array with the Location and Binding we should use for the response.
*/
private static function getAssertionConsumerService(
array $supportedBindings,
@@ -252,6 +253,7 @@ class SAML2
* Receive an authentication request.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs when trying to receive the request.
*/
public static function receiveAuthnRequest(\SimpleSAML\IdP $idp)
@@ -463,12 +465,14 @@ class SAML2
$idp->handleAuthenticationRequest($state);
}
+
/**
* Send a logout request to a given association.
*
* @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
* @param array $association The association that should be terminated.
- * @param string|NULL $relayState An id that should be carried across the logout.
+ * @param string|null $relayState An id that should be carried across the logout.
+ * @return void
*/
public static function sendLogoutRequest(\SimpleSAML\IdP $idp, array $association, $relayState)
{
@@ -505,6 +509,7 @@ class SAML2
*
* @param \SimpleSAML\IdP $idp The IdP we are sending a logout request from.
* @param array &$state The logout state array.
+ * @return void
*/
public static function sendLogoutResponse(\SimpleSAML\IdP $idp, array $state)
{
@@ -562,6 +567,7 @@ class SAML2
* Receive a logout message.
*
* @param \SimpleSAML\IdP $idp The IdP we are receiving it for.
+ * @return void
* @throws \SimpleSAML\Error\BadRequest In case an error occurs while trying to receive the logout message.
*/
public static function receiveLogoutMessage(\SimpleSAML\IdP $idp)
diff --git a/modules/saml/lib/IdP/SQLNameID.php b/modules/saml/lib/IdP/SQLNameID.php
index 95d5712df..e62f77f0f 100644
--- a/modules/saml/lib/IdP/SQLNameID.php
+++ b/modules/saml/lib/IdP/SQLNameID.php
@@ -7,13 +7,13 @@ namespace SimpleSAML\Module\saml\IdP;
*
* @package SimpleSAMLphp
*/
-
class SQLNameID
{
/**
* Create NameID table in SQL, if it is missing.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function createTable(\SimpleSAML\Store\SQL $store)
{
@@ -68,6 +68,7 @@ class SQLNameID
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
* @param string $value The NameID value.
+ * @return void
*/
public static function add($idpEntityId, $spEntityId, $user, $value)
{
@@ -98,7 +99,7 @@ class SQLNameID
* @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
- * @return string|NULL $value The NameID value, or NULL of no NameID value was found.
+ * @return string|null $value The NameID value, or NULL of no NameID value was found.
*/
public static function get($idpEntityId, $spEntityId, $user)
{
@@ -135,6 +136,7 @@ class SQLNameID
* @param string $idpEntityId The IdP entityID.
* @param string $spEntityId The SP entityID.
* @param string $user The user's unique identificator (e.g. username).
+ * @return void
*/
public static function delete($idpEntityId, $spEntityId, $user)
{
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index a0f719310..c68a2647c 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -19,6 +19,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\SignedElement $element The element we should add the data to.
+ * @return void
*/
public static function addSign(
\SimpleSAML\Configuration $srcMetadata,
@@ -68,6 +69,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\Message $message The message we should add the data to.
+ * @return void
*/
private static function addRedirectSign(
\SimpleSAML\Configuration $srcMetadata,
@@ -144,7 +146,7 @@ class Message
*
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SAML2\SignedElement $element Either a \SAML2\Response or a \SAML2\Assertion.
- * @return boolean True if the signature is correct, false otherwise.
+ * @return bool True if the signature is correct, false otherwise.
*
* @throws \SimpleSAML\Error\Exception if there is not certificate in the metadata for the entity.
* @throws \Exception if the signature validation fails with an exception.
@@ -233,6 +235,7 @@ class Message
* @param \SimpleSAML\Configuration $srcMetadata The metadata of the sender.
* @param \SimpleSAML\Configuration $dstMetadata The metadata of the recipient.
* @param \SAML2\Message $message The message we should check the signature on.
+ * @return void
*
* @throws \SimpleSAML\Error\Exception if message validation is enabled, but there is no signature in the message.
*/
@@ -396,6 +399,8 @@ class Message
$lastException = $e;
}
}
+
+ /** @var \Exception $lastException */
throw $lastException;
}
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 8ea35423a..7d995b369 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -14,6 +14,7 @@ class LogoutStore
* Create logout table in SQL, if it is missing.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function createLogoutTable(\SimpleSAML\Store\SQL $store)
{
@@ -70,6 +71,7 @@ class LogoutStore
* Clean the logout table of expired entries.
*
* @param \SimpleSAML\Store\SQL $store The datastore.
+ * @return void
*/
private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store)
{
@@ -90,6 +92,9 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param string $nameId The hash of the users NameID.
* @param string $sessionIndex The SessionIndex of the user.
+ * @param int $expire
+ * @param string $sessionId
+ * @return void
*/
private static function addSessionSQL(
\SimpleSAML\Store\SQL $store,
@@ -102,8 +107,8 @@ class LogoutStore
assert(is_string($authId));
assert(is_string($nameId));
assert(is_string($sessionIndex));
- assert(is_string($sessionId));
assert(is_int($expire));
+ assert(is_string($sessionId));
self::createLogoutTable($store);
@@ -202,6 +207,8 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
* @param string|null $sessionIndex The SessionIndex of the user.
+ * @param int $expire
+ * @return void
*/
public static function addSession($authId, $nameId, $sessionIndex, $expire)
{
@@ -254,7 +261,7 @@ class LogoutStore
* @param string $authId The authsource ID.
* @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
* @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty.
- * @returns int|false Number of sessions logged out, or FALSE if not supported.
+ * @return int|false Number of sessions logged out, or FALSE if not supported.
*/
public static function logoutSessions($authId, $nameId, array $sessionIndexes)
{
--
GitLab