Add REMOTE_ADDR to successful auth and user name to unsuccessful log …

Added tests for SimpleSAML\XML\Signer

Fixed typos.

docs: Fix minor typo.

When unserializing the session fails, the handler should return null instead of false. Additionally, SimpleSAML_Session::load() should make sure that it got an instance of SimpleSAML_Session, to avoid any misbehaving handlers to generate an issue.

This resolves #616.

Remove duplicate config

Update composer.lock with vfsStream dev-dependency

I believe #592 broke unit tests by adding a dev-dependency to
`composer.json` but forgot to update `composer.lock`. Therefore,
`composer install` does not install all the necessary dependencies for
tests.

Added tests for SimpleSAML\Utils\XML

SimpleSAML_SessionHandler* classes refactorized to PSR-4

Extend theming documentation about resource referencing

docs: Improve raw simplesamlphp-modules.md

Added tests for SimpleSAML\Utils\Crypto

Fix link

Accessing a key in an array is not allowed when the array is not a variable but a value returned by a function.

This also required adding an additional argument to
SimpleSAML\Utils\Crypto::loadPrivateKey to ease in testing. Without
this additional argument, SimpleSAML_Configuration::getBaseDir eventually
gets called to determine the private key location.  This doesn't work
well with vfsstream. This argument shouldn't cause too much trouble, and
seems cohesive enough with the function's purpose.

The configuration of the MultiAuth authentication source specifies the auth sources that the user is presented with when asked for authentication. However, there was no proper check for the auth source selected by the user to ensure it is one of those allowed for MultiAuth.

The reason was the lack of conversion to integer for each character of the strings before applying the XOR operator to them. The operator returns always an empty string when applied to two characters, and applying a binary-wise OR between 0 and an empty string, yields 0. Therefore, $diff is always 0, and the function returns true for every two strings with same length, regardless of their contents.

Added tests for SimpleSAMLUtilsSystem

This reverts commit b1b0d0ef.

This reverts commit c441f9c9.

It looks like mb_substr() doesn’t cope well with NULL as the third parameter in PHP 5.3.