-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #194 from silinternational/feature/profilereview
directly include the profilereview module
- Loading branch information
Showing
25 changed files
with
2,142 additions
and
401 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,8 +5,11 @@ services: | |
depends_on: | ||
- ssp-hub.local | ||
- ssp-idp1.local | ||
- ssp-idp2.local | ||
- ssp-sp1.local | ||
- test-browser | ||
environment: | ||
- PROFILE_URL_FOR_TESTS=http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub | ||
volumes: | ||
- ./dockerbuild/run-integration-tests.sh:/data/run-integration-tests.sh | ||
- ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh | ||
|
@@ -67,6 +70,9 @@ services: | |
# Misc. files needed | ||
- ./development/enable-exampleauth-module.sh:/data/enable-exampleauth-module.sh | ||
|
||
# Customized SSP code -- TODO: make a better solution that doesn't require hacking SSP code | ||
- ./development/idp-local/UserPass.php:/data/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/lib/Auth/Source/UserPass.php | ||
|
||
# Enable checking our test metadata | ||
- ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh | ||
command: 'bash -c "/data/enable-exampleauth-module.sh && /data/run.sh"' | ||
|
@@ -75,6 +81,37 @@ services: | |
ADMIN_PASS: "a" | ||
SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJ" | ||
IDP_NAME: "IDP 1" | ||
PROFILE_URL: "http://ssp-hub-sp1:8083/module.php/core/authenticate.php?as=ssp-hub-custom-port" | ||
PROFILE_URL_FOR_TESTS: "http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub" | ||
SECURE_COOKIE: "false" | ||
SHOW_SAML_ERRORS: "true" | ||
THEME_USE: "default" | ||
|
||
ssp-idp2.local: | ||
build: . | ||
volumes: | ||
# Utilize custom certs | ||
- ./development/idp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert | ||
|
||
# Utilize custom configs | ||
- ./development/idp2-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php | ||
- ./development/idp2-local/config/config.php:/data/vendor/simplesamlphp/simplesamlphp/config/config.php | ||
|
||
# Utilize custom metadata | ||
- ./development/idp2-local/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php | ||
- ./development/idp2-local/metadata/saml20-sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-remote.php | ||
|
||
# Local modules | ||
- ./modules/expirychecker:/data/vendor/simplesamlphp/simplesamlphp/modules/expirychecker | ||
- ./modules/profilereview:/data/vendor/simplesamlphp/simplesamlphp/modules/profilereview | ||
command: /data/run.sh | ||
ports: | ||
- "8086:80" | ||
environment: | ||
ADMIN_EMAIL: "[email protected]" | ||
ADMIN_PASS: "b" | ||
SECRET_SALT: "h57fjemb&dn^nsJFGNjweJ" | ||
IDP_NAME: "IDP 2" | ||
SECURE_COOKIE: "false" | ||
SHOW_SAML_ERRORS: "true" | ||
THEME_USE: "material:material" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
<?php | ||
|
||
namespace SimpleSAML\Module\exampleauth\Auth\Source; | ||
|
||
/** | ||
* Example authentication source - username & password. | ||
* | ||
* This class is an example authentication source which stores all username/passwords in an array, | ||
* and authenticates users against this array. | ||
* | ||
* @author Olav Morken, UNINETT AS. | ||
* @package SimpleSAMLphp | ||
*/ | ||
|
||
class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase | ||
{ | ||
/** | ||
* Our users, stored in an associative array. The key of the array is "<username>:<password>", | ||
* while the value of each element is a new array with the attributes for each user. | ||
*/ | ||
private $users; | ||
|
||
/** | ||
* Constructor for this authentication source. | ||
* | ||
* @param array $info Information about this authentication source. | ||
* @param array $config Configuration. | ||
*/ | ||
public function __construct($info, $config) | ||
{ | ||
assert(is_array($info)); | ||
assert(is_array($config)); | ||
|
||
// Call the parent constructor first, as required by the interface | ||
parent::__construct($info, $config); | ||
|
||
$this->users = []; | ||
|
||
// Validate and parse our configuration | ||
foreach ($config as $userpass => $attributes) { | ||
if (!is_string($userpass)) { | ||
throw new \Exception( | ||
'Invalid <username>:<password> for authentication source '.$this->authId.': '.$userpass | ||
); | ||
} | ||
|
||
$userpass = explode(':', $userpass, 2); | ||
if (count($userpass) !== 2) { | ||
throw new \Exception( | ||
'Invalid <username>:<password> for authentication source '.$this->authId.': '.$userpass[0] | ||
); | ||
} | ||
$username = $userpass[0]; | ||
$password = $userpass[1]; | ||
|
||
// try { | ||
// $attributes = \SimpleSAML\Utils\Attributes::normalizeAttributesArray($attributes); | ||
// } catch (\Exception $e) { | ||
// throw new \Exception('Invalid attributes for user '.$username. | ||
// ' in authentication source '.$this->authId.': '.$e->getMessage()); | ||
// } | ||
$this->users[$username.':'.$password] = $attributes; | ||
} | ||
} | ||
|
||
/** | ||
* Attempt to log in using the given username and password. | ||
* | ||
* On a successful login, this function should return the users attributes. On failure, | ||
* it should throw an exception. If the error was caused by the user entering the wrong | ||
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown. | ||
* | ||
* Note that both the username and the password are UTF-8 encoded. | ||
* | ||
* @param string $username The username the user wrote. | ||
* @param string $password The password the user wrote. | ||
* @return array Associative array with the users attributes. | ||
*/ | ||
protected function login($username, $password) | ||
{ | ||
assert(is_string($username)); | ||
assert(is_string($password)); | ||
|
||
$userpass = $username.':'.$password; | ||
if (!array_key_exists($userpass, $this->users)) { | ||
throw new \SimpleSAML\Error\Error('WRONGUSERPASS'); | ||
} | ||
|
||
return $this->users[$userpass]; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -65,5 +65,139 @@ | |
'invalid' | ||
], | ||
], | ||
'no_review:e' => [ | ||
'eduPersonPrincipalName' => ['NO_REVIEW@idp'], | ||
'eduPersonTargetID' => ['11111111-1111-1111-1111-111111111111'], | ||
'sn' => ['Review'], | ||
'givenName' => ['No'], | ||
'mail' => ['[email protected]'], | ||
'employeeNumber' => ['11111'], | ||
'cn' => ['NO_REVIEW'], | ||
'schacExpiryDate' => [ | ||
gmdate('YmdHis\Z', strtotime('+6 months')), | ||
], | ||
'mfa' => [ | ||
'prompt' => 'yes', | ||
'add' => 'no', | ||
'options' => [ | ||
[ | ||
'id' => 111, | ||
'type' => 'backupcode', | ||
'label' => '2SV #1', | ||
'created_utc' => '2017-10-24T20:40:47Z', | ||
'last_used_utc' => null, | ||
'data' => [ | ||
'count' => 10 | ||
], | ||
], | ||
], | ||
], | ||
'method' => [ | ||
'add' => 'no', | ||
], | ||
'profile_review' => 'no' | ||
], | ||
'mfa_add:f' => [ | ||
'eduPersonPrincipalName' => ['MFA_ADD@idp'], | ||
'eduPersonTargetID' => ['22222222-2222-2222-2222-222222222222'], | ||
'sn' => ['Add'], | ||
'givenName' => ['Mfa'], | ||
'mail' => ['[email protected]'], | ||
'employeeNumber' => ['22222'], | ||
'cn' => ['MFA_ADD'], | ||
'schacExpiryDate' => [ | ||
gmdate('YmdHis\Z', strtotime('+6 months')), | ||
], | ||
'mfa' => [ | ||
'prompt' => 'no', | ||
'add' => 'yes', | ||
'options' => [], | ||
], | ||
'method' => [ | ||
'add' => 'no', | ||
], | ||
'profile_review' => 'no' | ||
], | ||
'method_add:g' => [ | ||
'eduPersonPrincipalName' => ['METHOD_ADD@methodidp'], | ||
'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], | ||
'sn' => ['Add'], | ||
'givenName' => ['Method'], | ||
'mail' => ['[email protected]'], | ||
'employeeNumber' => ['44444'], | ||
'cn' => ['METHOD_ADD'], | ||
'schacExpiryDate' => [ | ||
gmdate('YmdHis\Z', strtotime('+6 months')), | ||
], | ||
'mfa' => [ | ||
'prompt' => 'yes', | ||
'add' => 'no', | ||
'options' => [ | ||
[ | ||
'id' => 444, | ||
'type' => 'backupcode', | ||
'label' => '2SV #1', | ||
'created_utc' => '2017-10-24T20:40:47Z', | ||
'last_used_utc' => null, | ||
'data' => [ | ||
'count' => 10 | ||
], | ||
], | ||
], | ||
], | ||
'method' => [ | ||
'add' => 'yes', | ||
], | ||
'profile_review' => 'no' | ||
], | ||
'profile_review:h' => [ | ||
'eduPersonPrincipalName' => ['METHOD_REVIEW@methodidp'], | ||
'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], | ||
'sn' => ['Review'], | ||
'givenName' => ['Method'], | ||
'mail' => ['[email protected]'], | ||
'employeeNumber' => ['55555'], | ||
'cn' => ['METHOD_REVIEW'], | ||
'schacExpiryDate' => [ | ||
gmdate('YmdHis\Z', strtotime('+6 months')), | ||
], | ||
'mfa' => [ | ||
'prompt' => 'yes', | ||
'add' => 'no', | ||
'options' => [ | ||
[ | ||
'id' => 555, | ||
'type' => 'backupcode', | ||
'label' => '2SV #1', | ||
'created_utc' => '2017-10-24T20:40:47Z', | ||
'last_used_utc' => null, | ||
'data' => [ | ||
'count' => 10 | ||
], | ||
], | ||
[ | ||
'id' => 556, | ||
'type' => 'manager', | ||
'label' => '2SV #2', | ||
'created_utc' => '2017-10-24T20:40:47Z', | ||
'last_used_utc' => '2017-10-24T20:41:57Z', | ||
'data' => [ | ||
], | ||
], | ||
], | ||
], | ||
'method' => [ | ||
'add' => 'no', | ||
'options' => [ | ||
[ | ||
'id' => '55555555555555555555555555555555', | ||
'value' => '[email protected]', | ||
'verified' => true, | ||
'created' => '2017-10-24T20:40:47Z', | ||
], | ||
], | ||
], | ||
'profile_review' => 'yes' | ||
], | ||
], | ||
]; |
Oops, something went wrong.