Merge pull request #232 from silinternational/feature/ssp2-selectidp-…

…twig convert selectidp-links to Twig
silinternational · Jun 25, 2024 · cf4de70 · cf4de70
2 parents 5385ab7 + f6dcafa
commit cf4de70
Show file tree

Hide file tree

Showing 28 changed files with 780 additions and 497 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+trim_trailing_whitespace = true
+
+[*.php]
+charset = utf-8
+indent_size = 4
+
+[*.twig]
+charset = utf-8
+indent_size = 2
diff --git a/Dockerfile b/Dockerfile
@@ -52,16 +52,13 @@ COPY modules/material/themes/material/profilereview/* $SSP_PATH/modules/profiler
 # Copy in SSP override files
 RUN mv $SSP_PATH/public/index.php $SSP_PATH/public/ssp-index.php
 COPY dockerbuild/ssp-overrides/index.php $SSP_PATH/public/index.php
-RUN mv $SSP_PATH/public/saml2/idp/SingleLogoutService.php $SSP_PATH/public/saml2/idp/ssp-SingleLogoutService.php
-COPY dockerbuild/ssp-overrides/SingleLogoutService.php $SSP_PATH/public/saml2/idp/SingleLogoutService.php
 COPY dockerbuild/ssp-overrides/saml20-idp-remote.php $SSP_PATH/metadata/saml20-idp-remote.php
 COPY dockerbuild/ssp-overrides/saml20-sp-remote.php $SSP_PATH/metadata/saml20-sp-remote.php
 COPY dockerbuild/config/* $SSP_PATH/config/
 COPY dockerbuild/ssp-overrides/id.php $SSP_PATH/public/id.php
 COPY dockerbuild/ssp-overrides/announcement.php $SSP_PATH/announcement/announcement.php
 COPY tests /data/tests
 
-RUN cp $SSP_PATH/modules/sildisco/src/SSOService.php $SSP_PATH/public/saml2/idp/
 RUN chmod a+x /data/run.sh /data/run-tests.sh
 
 ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz

diff --git a/actions-services.yml b/actions-services.yml
@@ -57,10 +57,7 @@ services:
       - ./development/announcement.php:/data/vendor/simplesamlphp/simplesamlphp/announcement/announcement.php
 
       # Utilize custom metadata
-      - ./development/hub/metadata/idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/idp-remote.php
-      - ./development/hub/metadata/saml20-idp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-hosted.php
-      - ./development/hub/metadata/saml20-sp-hosted.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-sp-hosted.php
-      - ./development/hub/metadata/sp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/sp-remote.php
+      - ./development/hub/metadata/:/data/vendor/simplesamlphp/simplesamlphp/metadata/
 
       # Enable checking our test metadata
       - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
@@ -127,7 +124,7 @@ services:
     build: .
     volumes:
       # Utilize custom certs
-      - ./development/idp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert  
+      - ./development/idp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
 
       # Utilize custom configs
       - ./development/idp2-local/config/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php

diff --git a/development/UserPass.php b/development/UserPass.php
@@ -1,91 +1,114 @@
 <?php
 
+/**
+ * Modified from origin: exampleauth/src/Auth/Source/UserPass.php
+ * 2024-06-19 -- Merged with simplesamlphp 2.2.2, lines/sections marked with GTIS are modified
+ */
+
+declare(strict_types=1);
+
 namespace SimpleSAML\Module\exampleauth\Auth\Source;
 
+use Exception;
+use SimpleSAML\Error;
+use SimpleSAML\Logger;
+use SimpleSAML\Module\core\Auth\UserPassBase;
+use SimpleSAML\Utils;
+
 /**
  * Example authentication source - username & password.
  *
  * This class is an example authentication source which stores all username/passwords in an array,
  * and authenticates users against this array.
  *
- * @author Olav Morken, UNINETT AS.
  * @package SimpleSAMLphp
  */
 
-class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase
+class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase // GTIS
 {
     /**
      * Our users, stored in an associative array. The key of the array is "<username>:<password>",
      * while the value of each element is a new array with the attributes for each user.
+     *
+     * @var array
      */
-    private $users;
+    private array $users;
+
 
     /**
      * Constructor for this authentication source.
      *
      * @param array $info  Information about this authentication source.
      * @param array $config  Configuration.
      */
-    public function __construct($info, $config)
+    public function __construct(array $info, array $config)
     {
-        assert(is_array($info));
-        assert(is_array($config));
-
         // Call the parent constructor first, as required by the interface
         parent::__construct($info, $config);
 
         $this->users = [];
 
+        // Old version of SimpleSAMLphp had the username:password just be a list in the top level
+        // configuration. We now have them under the "users" key, so that exampleauth can be used
+        // for testing things like core:loginpage_links, etc. that require top level configuration.
+        if (array_key_exists('users', $config)) {
+            $config_users = $config['users'];
+        } else {
+            Logger::warning("Module exampleauth:UserPass configured in legacy mode. Please put your " .
+                "username:password entries under the \"users\" key in your authsource.");
+            $config_users = $config;
+        }
+
         // Validate and parse our configuration
-        foreach ($config as $userpass => $attributes) {
+        foreach ($config_users as $userpass => $attributes) {
             if (!is_string($userpass)) {
-                throw new \Exception(
-                    'Invalid <username>:<password> for authentication source '.$this->authId.': '.$userpass
+                throw new Exception(
+                    'Invalid <username>:<password> for authentication source ' . $this->authId . ': ' . $userpass
                 );
             }
 
             $userpass = explode(':', $userpass, 2);
             if (count($userpass) !== 2) {
-                throw new \Exception(
-                    'Invalid <username>:<password> for authentication source '.$this->authId.': '.$userpass[0]
+                throw new Exception(
+                    'Invalid <username>:<password> for authentication source ' . $this->authId . ': ' . $userpass[0]
                 );
             }
             $username = $userpass[0];
             $password = $userpass[1];
 
-//            $attrUtils = new \SimpleSAML\Utils\Attributes();
+            // GTIS begin
+//            $attrUtils = new Utils\Attributes();
 //
 //            try {
 //                $attributes = $attrUtils->normalizeAttributesArray($attributes);
-//            } catch (\Exception $e) {
-//                throw new \Exception('Invalid attributes for user '.$username.
+//            } catch (Exception $e) {
+//                throw new Exception('Invalid attributes for user '.$username.
 //                    ' in authentication source '.$this->authId.': '.$e->getMessage());
 //            }
-            $this->users[$username.':'.$password] = $attributes;
+            // GTIS end
+            $this->users[$username . ':' . $password] = $attributes;
         }
     }
 
+
     /**
      * Attempt to log in using the given username and password.
      *
      * On a successful login, this function should return the users attributes. On failure,
      * it should throw an exception. If the error was caused by the user entering the wrong
-     * username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
+     * username or password, a \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS) should be thrown.
      *
      * Note that both the username and the password are UTF-8 encoded.
      *
      * @param string $username  The username the user wrote.
      * @param string $password  The password the user wrote.
      * @return array  Associative array with the users attributes.
      */
-    protected function login($username, $password)
+    protected function login(string $username, string $password): array
     {
-        assert(is_string($username));
-        assert(is_string($password));
-
-        $userpass = $username.':'.$password;
+        $userpass = $username . ':' . $password;
         if (!array_key_exists($userpass, $this->users)) {
-            throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
+            throw new Error\Error(Error\ErrorCodes::WRONGUSERPASS);
         }
 
         return $this->users[$userpass];

diff --git a/development/enable-exampleauth.sh b/development/enable-exampleauth.sh
@@ -1,3 +1,3 @@
 #!/usr/bin/env sh
 
-sed -i 's@^\( *'\''module\.enable'\'' => \[\)@\1'\''\n        exampleauth'\'' => true,@' vendor/simplesamlphp/simplesamlphp/config/config.php
+sed -i 's@^\( *'\''module\.enable'\'' => \[\)@\1\n        '\''exampleauth'\'' => true,@' /data/vendor/simplesamlphp/simplesamlphp/config/config.php
diff --git a/development/hub/config/authsources.php b/development/hub/config/authsources.php
@@ -3,7 +3,7 @@
 $config = [
 
     'hub-discovery' => [
-        'sildisco:SP',
+        'saml:SP',
 
         // The entity ID of this SP.
         // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
@@ -12,7 +12,7 @@
 
         // The URL to the discovery service.
         // Can be NULL/unset, in which case a builtin discovery service will be used.
-        'discoURL'  => 'http://ssp-hub.local/module.php/sildisco/disco.php',
+//        'discoURL'  => 'http://ssp-hub.local/module.php/sildisco/disco.php',
 
     ],