From fd1660165a9993e21873d8f89a314bb6660410d1 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 12 Aug 2019 18:54:02 +0200
Subject: [PATCH] Add deprecation notices

---
 docs/simplesamlphp-changelog.md            | 10 ++++++++++
 docs/simplesamlphp-reference-idp-hosted.md |  2 ++
 docs/simplesamlphp-reference-sp-remote.md  |  2 ++
 lib/SimpleSAML/Auth/TimeLimitedToken.php   |  2 ++
 psalm.xml                                  |  1 +
 5 files changed, 17 insertions(+)

diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index c60528e1f..675cb9a8d 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -14,6 +14,8 @@ Released TBD
   * Allow to log to STDERR in the logging.handler option.
   * Allow use of stream wrappers (e.g. s3://) in paths.
   * Improve 'update or insert' handling for different SQL drivers
+  * The default algorithm within the TimeLimitedToken-class has been bumped from SHA-1 to SHA-256
+    as announced by deprecation notice in 1.15-RC1
 
 ### metarefresh
   * The algorithm to compute the fingerprint of the certificate that signed
@@ -30,6 +32,14 @@ Released TBD
 ### Interoperability
   * The minimum PHP version required is now 5.6.
 
+### Deprecation
+  * The class SimpleSAML\Auth\TimeLimitedToken is now deprecated and will be removed in a future release
+    If your custom module relies on this class, be sure to make a copy into your repository and
+    make sure to also copy the unit tests that come along.
+  * Setting 'privacypolicy' in metadata-files will be removed in a future release. It was only used
+    by the consent-module, which supports UIInfo's PrivacyStatementURL.
+    See https://simplesamlphp.org/docs/stable/simplesamlphp-metadata-extensions-ui on how to configure this.
+
 ## Version 1.17.5
 
 Released 2019-08-02
diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md
index d59661868..3a6b47934 100644
--- a/docs/simplesamlphp-reference-idp-hosted.md
+++ b/docs/simplesamlphp-reference-idp-hosted.md
@@ -123,6 +123,8 @@ Common options
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
 
+:   *Note*: **deprecated** Will be removed in a future release; use the MDUI-extension instead
+
 `privatekey`
 :   Name of private key file for this IdP, in PEM format. The filename
     is relative to the `cert/`-directory.
diff --git a/docs/simplesamlphp-reference-sp-remote.md b/docs/simplesamlphp-reference-sp-remote.md
index 8fb932485..423df7b37 100644
--- a/docs/simplesamlphp-reference-sp-remote.md
+++ b/docs/simplesamlphp-reference-sp-remote.md
@@ -98,6 +98,8 @@ and Shibboleth 1.3 protocol:
     entry in the SP-remote metadata overrides the option in the
     IdP-hosted metadata.
 
+:   *Note*: **deprecated** Will be removed in a future release; use the MDUI-extension instead
+
 `userid.attribute`
 :   The attribute name of an attribute which uniquely identifies
     the user. This attribute is used if SimpleSAMLphp needs to generate
diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index fcca0b0ac..2f3598405 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -6,6 +6,8 @@ use SimpleSAML\Utils;
 
 /**
  * A class that generates and verifies time-limited tokens.
+ *
+ * @deprecated  This class was deprecated in 1.18 and will be removed in a future release
  */
 
 class TimeLimitedToken
diff --git a/psalm.xml b/psalm.xml
index 64c381171..1add8cc42 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -37,6 +37,7 @@
         <!-- Ignore deprecated classes -->
         <ignoreFiles>
             <file name="lib/SimpleSAML/Auth/DefaultAuth.php" />
+            <file name="lib/SimpleSAML/Auth/TimeLimitedToken.php" />
             <file name="lib/SimpleSAML/Utilities.php" />
 
             <!-- Ignore deprecated PHP-templates - Remove for 2.0 -->
-- 
GitLab