Skip to content

Commit

Permalink
Merge pull request #194 from silinternational/feature/profilereview
Browse files Browse the repository at this point in the history
directly include the profilereview module
  • Loading branch information
briskt authored May 8, 2024
2 parents 17a9828 + 04c34b1 commit 220f3f0
Show file tree
Hide file tree
Showing 25 changed files with 2,142 additions and 401 deletions.
37 changes: 37 additions & 0 deletions actions-services.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,11 @@ services:
depends_on:
- ssp-hub.local
- ssp-idp1.local
- ssp-idp2.local
- ssp-sp1.local
- test-browser
environment:
- PROFILE_URL_FOR_TESTS=http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub
volumes:
- ./dockerbuild/run-integration-tests.sh:/data/run-integration-tests.sh
- ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
Expand Down Expand Up @@ -67,6 +70,9 @@ services:
# Misc. files needed
- ./development/enable-exampleauth-module.sh:/data/enable-exampleauth-module.sh

# Customized SSP code -- TODO: make a better solution that doesn't require hacking SSP code
- ./development/idp-local/UserPass.php:/data/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/lib/Auth/Source/UserPass.php

# Enable checking our test metadata
- ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
command: 'bash -c "/data/enable-exampleauth-module.sh && /data/run.sh"'
Expand All @@ -75,6 +81,37 @@ services:
ADMIN_PASS: "a"
SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJ"
IDP_NAME: "IDP 1"
PROFILE_URL: "http://ssp-hub-sp1:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port"
PROFILE_URL_FOR_TESTS: "http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub"
SECURE_COOKIE: "false"
SHOW_SAML_ERRORS: "true"
THEME_USE: "default"

ssp-idp2.local:
build: .
volumes:
# Utilize custom certs
- ./development/idp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert

# Utilize custom configs
- ./development/idp2-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
- ./development/idp2-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php

# Utilize custom metadata
- ./development/idp2-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
- ./development/idp2-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php

# Local modules
- ./modules/expirychecker:/data/vendor/simplesamlphp/simplesamlphp/modules/expirychecker
- ./modules/profilereview:/data/vendor/simplesamlphp/simplesamlphp/modules/profilereview
command: /data/run.sh
ports:
- "8086:80"
environment:
ADMIN_EMAIL: "[email protected]"
ADMIN_PASS: "b"
SECRET_SALT: "h57fjemb&dn^nsJFGNjweJ"
IDP_NAME: "IDP 2"
SECURE_COOKIE: "false"
SHOW_SAML_ERRORS: "true"
THEME_USE: "material:material"
Expand Down
2 changes: 1 addition & 1 deletion behat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ default:
contexts: [ 'FeatureContext' ]
profilereview_features:
paths: [ '%paths.base%//features//profilereview.feature' ]
contexts: [ 'FeatureContext' ]
contexts: [ 'ProfileReviewContext' ]
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@
"simplesamlphp/composer-module-installer": "1.1.8",
"silinternational/simplesamlphp-module-silauth": "^7.1.1",
"silinternational/simplesamlphp-module-mfa": "^5.2.1",
"silinternational/simplesamlphp-module-profilereview": "^2.1.0",
"silinternational/ssp-utilities": "^1.1.0",
"silinternational/simplesamlphp-module-material": "^8.1.1",
"silinternational/simplesamlphp-module-sildisco": "^4.0.0",
"silinternational/php-env": "^3.1.0",
"silinternational/psr3-adapters": "^3.1",
"gettext/gettext": "^4.8@dev"
},
"require-dev": {
Expand Down
55 changes: 1 addition & 54 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions development/hub/metadata/idp-remote.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
],
'IDPNamespace' => 'IDP-2-custom-port',
'logoCaption' => 'IDP-2:8086 staff',
'enabled' => false,
'enabled' => true,
'betaEnabled' => true,
'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+2+8086',

Expand All @@ -75,7 +75,7 @@
],
'IDPNamespace' => 'IDP-2',
'logoCaption' => 'IDP-2 staff',
'enabled' => false,
'enabled' => true,
'betaEnabled' => true,
'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+2',

Expand Down
91 changes: 91 additions & 0 deletions development/idp-local/UserPass.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
<?php

namespace SimpleSAML\Module\exampleauth\Auth\Source;

/**
* Example authentication source - username & password.
*
* This class is an example authentication source which stores all username/passwords in an array,
* and authenticates users against this array.
*
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/

class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase
{
/**
* Our users, stored in an associative array. The key of the array is "<username>:<password>",
* while the value of each element is a new array with the attributes for each user.
*/
private $users;

/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert(is_array($info));
assert(is_array($config));

// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);

$this->users = [];

// Validate and parse our configuration
foreach ($config as $userpass => $attributes) {
if (!is_string($userpass)) {
throw new \Exception(
'Invalid <username>:<password> for authentication source '.$this->authId.': '.$userpass
);
}

$userpass = explode(':', $userpass, 2);
if (count($userpass) !== 2) {
throw new \Exception(
'Invalid <username>:<password> for authentication source '.$this->authId.': '.$userpass[0]
);
}
$username = $userpass[0];
$password = $userpass[1];

// try {
// $attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($attributes);
// } catch (\Exception $e) {
// throw new \Exception('Invalid attributes for user '.$username.
// ' in authentication source '.$this->authId.': '.$e->getMessage());
// }
$this->users[$username.':'.$password] = $attributes;
}
}

/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception. If the error was caused by the user entering the wrong
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
*
* Note that both the username and the password are UTF-8 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert(is_string($username));
assert(is_string($password));

$userpass = $username.':'.$password;
if (!array_key_exists($userpass, $this->users)) {
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
}

return $this->users[$userpass];
}
}
134 changes: 134 additions & 0 deletions development/idp-local/config/authsources.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,5 +65,139 @@
'invalid'
],
],
'no_review:e' => [
'eduPersonPrincipalName' => ['NO_REVIEW@idp'],
'eduPersonTargetID' => ['11111111-1111-1111-1111-111111111111'],
'sn' => ['Review'],
'givenName' => ['No'],
'mail' => ['[email protected]'],
'employeeNumber' => ['11111'],
'cn' => ['NO_REVIEW'],
'schacExpiryDate' => [
gmdate('YmdHis\Z', strtotime('+6 months')),
],
'mfa' => [
'prompt' => 'yes',
'add' => 'no',
'options' => [
[
'id' => 111,
'type' => 'backupcode',
'label' => '2SV #1',
'created_utc' => '2017-10-24T20:40:47Z',
'last_used_utc' => null,
'data' => [
'count' => 10
],
],
],
],
'method' => [
'add' => 'no',
],
'profile_review' => 'no'
],
'mfa_add:f' => [
'eduPersonPrincipalName' => ['MFA_ADD@idp'],
'eduPersonTargetID' => ['22222222-2222-2222-2222-222222222222'],
'sn' => ['Add'],
'givenName' => ['Mfa'],
'mail' => ['[email protected]'],
'employeeNumber' => ['22222'],
'cn' => ['MFA_ADD'],
'schacExpiryDate' => [
gmdate('YmdHis\Z', strtotime('+6 months')),
],
'mfa' => [
'prompt' => 'no',
'add' => 'yes',
'options' => [],
],
'method' => [
'add' => 'no',
],
'profile_review' => 'no'
],
'method_add:g' => [
'eduPersonPrincipalName' => ['METHOD_ADD@methodidp'],
'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'],
'sn' => ['Add'],
'givenName' => ['Method'],
'mail' => ['[email protected]'],
'employeeNumber' => ['44444'],
'cn' => ['METHOD_ADD'],
'schacExpiryDate' => [
gmdate('YmdHis\Z', strtotime('+6 months')),
],
'mfa' => [
'prompt' => 'yes',
'add' => 'no',
'options' => [
[
'id' => 444,
'type' => 'backupcode',
'label' => '2SV #1',
'created_utc' => '2017-10-24T20:40:47Z',
'last_used_utc' => null,
'data' => [
'count' => 10
],
],
],
],
'method' => [
'add' => 'yes',
],
'profile_review' => 'no'
],
'profile_review:h' => [
'eduPersonPrincipalName' => ['METHOD_REVIEW@methodidp'],
'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'],
'sn' => ['Review'],
'givenName' => ['Method'],
'mail' => ['[email protected]'],
'employeeNumber' => ['55555'],
'cn' => ['METHOD_REVIEW'],
'schacExpiryDate' => [
gmdate('YmdHis\Z', strtotime('+6 months')),
],
'mfa' => [
'prompt' => 'yes',
'add' => 'no',
'options' => [
[
'id' => 555,
'type' => 'backupcode',
'label' => '2SV #1',
'created_utc' => '2017-10-24T20:40:47Z',
'last_used_utc' => null,
'data' => [
'count' => 10
],
],
[
'id' => 556,
'type' => 'manager',
'label' => '2SV #2',
'created_utc' => '2017-10-24T20:40:47Z',
'last_used_utc' => '2017-10-24T20:41:57Z',
'data' => [
],
],
],
],
'method' => [
'add' => 'no',
'options' => [
[
'id' => '55555555555555555555555555555555',
'value' => '[email protected]',
'verified' => true,
'created' => '2017-10-24T20:40:47Z',
],
],
],
'profile_review' => 'yes'
],
],
];
Loading

0 comments on commit 220f3f0

Please sign in to comment.