Merge pull request #276 from silinternational/develop

Release 10.0.1 -- remove dead code
silinternational · Sep 12, 2024 · d990160 · d990160
2 parents 79de3da + ffcac36
commit d990160
Show file tree

Hide file tree

Showing 7 changed files with 5 additions and 157 deletions.
diff --git a/.github/workflows/CODEOWNERS b/.github/workflows/CODEOWNERS
@@ -0,0 +1 @@
+* @silinternational/php-devs
diff --git a/modules/expirychecker/src/Auth/Process/ExpiryDate.php b/modules/expirychecker/src/Auth/Process/ExpiryDate.php
@@ -5,11 +5,9 @@
 use Exception;
 use Psr\Log\LoggerInterface;
 use Sil\Psr3Adapters\Psr3SamlLogger;
-use SimpleSAML\Auth\ProcessingChain;
 use SimpleSAML\Auth\ProcessingFilter;
 use SimpleSAML\Auth\State;
 use SimpleSAML\Module;
-use SimpleSAML\Module\expirychecker\Utilities;
 use SimpleSAML\Module\expirychecker\Validator;
 use SimpleSAML\Session;
 use SimpleSAML\Utils\HTTP;
@@ -215,77 +213,6 @@ public function isTimeToWarn(int $expiryTimestamp, int $warnDaysBefore): bool
         return ($daysLeft <= $warnDaysBefore);
     }
 
-    /**
-     * Redirect the user to the change password url if they haven't gone
-     *   there in the last 10 minutes
-     * @param array $state
-     * @param string $accountName
-     * @param string $passwordChangeUrl
-     * @param string $change_pwd_session
-     * @param int $expiryTimestamp The timestamp when the password will expire.
-     */
-    public function redirect2PasswordChange(
-        array  &$state,
-        string $accountName,
-        string $passwordChangeUrl,
-        string $change_pwd_session,
-        int    $expiryTimestamp
-    ): void {
-        $sessionType = 'expirychecker';
-        /* Save state and redirect. */
-        $id = State::saveState(
-            $state,
-            'expirychecker:redirected_to_password_change_url'
-        );
-        $ignoreMinutes = 60;
-
-        $session = Session::getSessionFromRequest();
-        $idpExpirySession = $session->getData($sessionType, $change_pwd_session);
-
-        // If the session shows that the User already passed this way,
-        //  don't redirect to change password page
-        if ($idpExpirySession !== null) {
-            ProcessingChain::resumeProcessing($state);
-        } else {
-            // Otherwise, set a value to tell us they've probably changed
-            // their password, in order to allow password to get propagated
-            $session->setData(
-                $sessionType,
-                $change_pwd_session,
-                1,
-                (60 * $ignoreMinutes)
-            );
-            $session->save();
-        }
-
-
-        /* If state already has the change password url, go straight there to
-         * avoid eternal loop between that and the idp. Otherwise add the
-         * original destination url as a parameter.  */
-        if (array_key_exists('saml:RelayState', $state)) {
-            $relayState = $state['saml:RelayState'];
-            if (strpos($relayState, $passwordChangeUrl) !== false) {
-                ProcessingChain::resumeProcessing($state);
-            } else {
-                $returnTo = Utilities::getUrlFromRelayState(
-                    $relayState
-                );
-                if (!empty($returnTo)) {
-                    $passwordChangeUrl .= '?returnTo=' . $returnTo;
-                }
-            }
-        }
-
-        $this->logger->warning(json_encode([
-            'event' => 'expirychecker: redirecting to change password',
-            'accountName' => $accountName,
-            'passwordChangeUrl' => $passwordChangeUrl,
-        ]));
-
-        $httpUtils = new HTTP();
-        $httpUtils->redirectTrustedURL($passwordChangeUrl, array());
-    }
-
     /**
      * @inheritDoc
      */

diff --git a/modules/expirychecker/src/Utilities.php b/modules/expirychecker/src/Utilities.php
@@ -4,48 +4,6 @@
 
 class Utilities
 {
-
-    /**
-     * Expects three strings for a url and what marks out the beginning
-     * and end of the domain.
-     *
-     * Returns a string with the domain portion of the url (e.g. www.insitehome.org)
-     */
-    public static function getUrlDomain(string $in_url, string $start_marker = '//', string $end_marker = '/'): string
-    {
-        $sm_len = strlen($start_marker);
-        $em_len = strlen($end_marker);
-        $start_pos = strpos($in_url, $start_marker);
-        $domain = substr($in_url, $start_pos + $sm_len);
-
-        $end_pos = strpos($domain, $end_marker);
-        $domain = substr($domain, 0, $end_pos);
-        return $domain;
-    }
-
-    /**
-     * Expects six strings for a url and what marks out the beginning
-     * and end of its domain and then the same again for a second url.
-     *
-     * Returns 1 if the domains of the two urls are the same and 0 otherwise.
-     */
-    public static function haveSameDomain(
-        string $url1,
-        string $start_marker1,
-        string $end_marker1,
-        string $url2,
-        string $start_marker2 = '//',
-        string $end_marker2 = '/'
-    ): int {
-        $domain1 = self::getUrlDomain($url1, $start_marker1, $end_marker1);
-        $domain2 = self::getUrlDomain($url2, $start_marker2, $end_marker2);
-
-        if ($domain1 === $domain2) {
-            return 1;
-        }
-        return 0;
-    }
-
     /**
      * If the $relayState begins with "http", returns it.
      *   Otherwise, returns empty string.
@@ -54,7 +12,7 @@ public static function haveSameDomain(
      **/
     public static function getUrlFromRelayState(string $relayState): string
     {
-        if (strpos($relayState, "http") === 0) {
+        if (str_starts_with($relayState, "http")) {
             return $relayState;
         }
 

diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php
@@ -860,24 +860,6 @@ public static function getManagerEmail(array $state): ?string
         return self::maskEmail($managerEmail[0]);
     }
 
-    /**
-     * Get the manager MFA, if it exists. Otherwise, return null.
-     *
-     * @param array[] $mfaOptions The available MFA options.
-     * @return array The manager MFA.
-     * @throws InvalidArgumentException
-     */
-    public static function getManagerMfa(array $mfaOptions): ?array
-    {
-        foreach ($mfaOptions as $mfaOption) {
-            if ($mfaOption['type'] === 'manager') {
-                return $mfaOption;
-            }
-        }
-
-        return null;
-    }
-
     /**
      * @param string $email an email address
      * @return string with most letters changed to asterisks

diff --git a/modules/silauth/src/Auth/Source/auth/AuthError.php b/modules/silauth/src/Auth/Source/auth/AuthError.php
@@ -12,7 +12,6 @@ class AuthError
     const CODE_USERNAME_REQUIRED = 'username_required';
     const CODE_PASSWORD_REQUIRED = 'password_required';
     const CODE_INVALID_LOGIN = 'invalid_login';
-    const CODE_NEED_TO_SET_ACCT_PASSWORD = 'need_to_set_acct_password';
     const CODE_RATE_LIMIT_SECONDS = 'rate_limit_seconds';
     const CODE_RATE_LIMIT_1_MINUTE = 'rate_limit_1_minute';
     const CODE_RATE_LIMIT_MINUTES = 'rate_limit_minutes';

diff --git a/modules/silauth/src/Auth/Source/auth/Authenticator.php b/modules/silauth/src/Auth/Source/auth/Authenticator.php
@@ -4,14 +4,12 @@
 
 use Exception;
 use Psr\Log\LoggerInterface;
-use SimpleSAML\Module\silauth\Auth\Source\auth\AuthError;
-use SimpleSAML\Module\silauth\Auth\Source\auth\IdBroker;
 use SimpleSAML\Module\silauth\Auth\Source\captcha\Captcha;
-use SimpleSAML\Module\silauth\Auth\Source\time\UtcTime;
-use SimpleSAML\Module\silauth\Auth\Source\time\WaitTime;
+use SimpleSAML\Module\silauth\Auth\Source\http\Request;
 use SimpleSAML\Module\silauth\Auth\Source\models\FailedLoginIpAddress;
 use SimpleSAML\Module\silauth\Auth\Source\models\FailedLoginUsername;
-use SimpleSAML\Module\silauth\Auth\Source\http\Request;
+use SimpleSAML\Module\silauth\Auth\Source\time\UtcTime;
+use SimpleSAML\Module\silauth\Auth\Source\time\WaitTime;
 
 /**
  * An immutable class for making a single attempt to authenticate using a given
@@ -339,11 +337,6 @@ protected function setErrorInvalidLogin(): void
         $this->setError(AuthError::CODE_INVALID_LOGIN);
     }
 
-    protected function setErrorNeedToSetAcctPassword(): void
-    {
-        $this->setError(AuthError::CODE_NEED_TO_SET_ACCT_PASSWORD);
-    }
-
     protected function setErrorPasswordRequired(): void
     {
         $this->setError(AuthError::CODE_PASSWORD_REQUIRED);

diff --git a/modules/silauth/src/Auth/Source/auth/IdBroker.php b/modules/silauth/src/Auth/Source/auth/IdBroker.php
@@ -95,16 +95,4 @@ public function getAuthenticatedUser(string $username, string $password): ?array
             $userInfo['member'] ?? []
         );
     }
-
-    /**
-     * Ping the /site/status URL. If the ID Broker's status is fine, the
-     * response string is returned. If not, an exception is thrown.
-     *
-     * @return string "OK"
-     * @throws Exception
-     */
-    public function getSiteStatus(): string
-    {
-        return $this->client->getSiteStatus();
-    }
 }